Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotku.html" target=_blank>AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list
[!1_pgaccount]
Confirmed=Y
Filename=pgaccount.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Source=Paul Collins Startup list
[!1_ProcessGuard_Startup]
Confirmed=Y
Filename=procguard.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
Source=Paul Collins Startup list
[!NoLoad]
Confirmed=N
Filename=winrecon.exe
Description=<a href="http://www.winrecon.com/" target="_blank">WinRecon</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[$EnterNet]
Confirmed=?
Filename=Enternet.exe
Description=Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a>
Source=Paul Collins Startup list
[$WindowsRegKey%update]
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotez.html" target="_blank">RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[%cmpmixtitle%]
Confirmed=N
Filename=%cmpmixstr%
Description=<font color="#FF0000">Possibly related to C-Media Mixer Control panel?</font>
Source=Paul Collins Startup list
[%FP%012-L2TP fts.exe]
Confirmed=?
Filename=fts.exe
Description=012.Net ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%012-L2TP FWPortal.exe]
Confirmed=?
Filename=FWPortal.exe
Description=012.Net ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%1776 Internet fts.exe]
Confirmed=?
Filename=fts.exe
Description=1776 Internet ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%1776 Internet FWPortal.exe]
Confirmed=?
Filename=FWPortal.exe
Description=1776 Internet ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%Barak013 fts.exe]
Confirmed=?
Filename=fts.exe
Description=Barak013 ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[%FP%Barak013 FWPortal.exe]
Confirmed=?
Filename=FWPortal.exe
Description=Barak013 ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[(*)API Machine]
Confirmed=X
Filename=winSOCKS.exe
Description=Homepage hijacker, see <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e991177279cffff;act=ST;f=6;t=2598;hl=new" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list
[(*)Run]
Confirmed=X
Filename=win32API.exe
Description=Homepage hijacker, see <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e991177279cffff;act=ST;f=6;t=2598;hl=new" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list
[(Default)]
Confirmed=X
Filename=media_driver.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.tupeg.html" target="_blank">TUPEG</a> VIRUS!
Source=Paul Collins Startup list
[(Default)]
Confirmed=X
Filename=Shania.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html" target="_blank">SHANIA</a> TROJAN!
Source=Paul Collins Startup list
[(Default)]
Confirmed=X
Filename=NOTEPAD.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html" target="_blank">RUSTY</a> WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor
Source=Paul Collins Startup list
[(default)]
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html" target="_blank">BLACKMAL</a> WORM!
Source=Paul Collins Startup list
[(default)]
Confirmed=X
Filename=twunk_32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.c@mm.html" target="_blank">BLACKMAL.C</a> WORM!
Source=Paul Collins Startup list
[(default)]
Confirmed=X
Filename=winhelp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.c@mm.html" target="_blank">BLACKMAL.C</a> WORM!
Source=Paul Collins Startup list
[*JanisRuckenbrodII]
Confirmed=X
Filename=janis.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.pops.html" target="_blank">POPS</a> WORM!
Source=Paul Collins Startup list
[*StateMgr]
Confirmed=Y
Filename=statemgr.exe
Description=Windows ME default for System Restore. Do NOT disable!
Source=Paul Collins Startup list
[*windows update]
Confirmed=X
Filename=wrauclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqu.html" target=_blank>RBOT-QU</a> WORM!
Source=Paul Collins Startup list
[*windows update]
Confirmed=X
Filename=wuanclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpg.html" target=_blank>RBOT-PG</a> WORM!
Source=Paul Collins Startup list
[*windows update]
Confirmed=X
Filename=wuaucrlt.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.hur.html" target=_blank>SPYBOT.HUR</a> WORM!
Source=Paul Collins Startup list
[*windows update]
Confirmed=X
Filename=wuraclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!
Source=Paul Collins Startup list
[*WinLogon]
Confirmed=X
Filename=[trojan path] ren time:[random number]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html" target=_blank>VUNDO</a> TROJAN!
Source=Paul Collins Startup list
[,main drive Loader]
Confirmed=X
Filename=wininfo.exe
Description=Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[.mscdr]
Confirmed=X
Filename=lassa.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.c.html" target=_blank>WEBUS.C</a> TROJAN!
Source=Paul Collins Startup list
[.mscdr]
Confirmed=X
Filename=lsvchost.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.d.html" target=_blank>WEBUS.D</a> TROJAN!
Source=Paul Collins Startup list
[.NET config]
Confirmed=?
Filename=sysmon32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[.norton]
Confirmed=X
Filename=rchost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojboxeda.html" target=_blank>BOXED-A</a> TROJAN!
Source=Paul Collins Startup list
[.Prog]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[.Prog]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[.TEXTCONV]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[.TEXTCONV]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[.WMAudio]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[.WMAudio]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[/l:eng]
Confirmed=N
Filename=N/A
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
Source=Paul Collins Startup list
[00THotkey]
Confirmed=U
Filename=00THotKey.exe
Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.c.worm.html" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A&VSect=T" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number
Description=HP utility for monitoring when and how many recoveries have been done
Source=Paul Collins Startup list
[1A:MacVisionTrayMonitor]
Confirmed=N
Filename=TrayMonitor.exe
Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Source=Paul Collins Startup list
[1A:Stardock MCP]
Confirmed=Y
Filename=mcpserver.exe
Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Source=Paul Collins Startup list
[1A:Stardock TrayMonitor]
Confirmed=Y
Filename=TrayServer.exe
Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
Source=Paul Collins Startup list
[1CmailS]
Confirmed=?
Filename=NETMAIL.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[1on1]
Confirmed=X
Filename=1on1.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[1Srv32]
Confirmed=U
Filename=SpyAgent4.exe
Description=SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
Description=2020Search Toolbar related. Reported to be auto-installed
Source=Paul Collins Startup list
[2thousandbuck]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html" target=_blank>RANKY.L</a> TROJAN!
Source=Paul Collins Startup list
[2wSysTray]
Confirmed=U
Filename=2portalmon.exe
Description=<a target="_blank" href="http://www.2wire.com/home/index.html">2Wire Homeportal</a> user interface
Source=Paul Collins Startup list
[39ELTFH25Z8SKF]
Confirmed=?
Filename=Ezg1q5.exe
Description=<font color="#FF0000">Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ?</font>
Source=Paul Collins Startup list
[3c1807pd]
Confirmed=Y
Filename=3cmlink.exe 3cpipe-3c1807pd
Description=3Com WinModem driver. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html" target="_blank"> JERMY.A</a> WORM!
Source=Paul Collins Startup list
[3Deep Control Panel]
Confirmed=U
Filename=3DeepCTL.EXE
Description=From <a href="http://www.colorific.com/index.htm" target="_blank">LightSurf Technologies</a> (nee E-Color) - <a href="http://www.colorific.com/d1.htm" target="_blank">3Deep</a> corrects lighting, shading and color for all your 2D and 3D games
Source=Paul Collins Startup list
[3Dfx Acc]
Confirmed=X
Filename=GFXACC.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html" target="_blank">GIBE</a> WORM!
Source=Paul Collins Startup list
[3dfx Task Manager]
Confirmed=N
Filename=3dfxMan.exe
Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
Source=Paul Collins Startup list
[3dfx Tools]
Confirmed=Y
Filename=3dfxCmn.dll
Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Source=Paul Collins Startup list
[3dfxv2ps.dll]
Confirmed=Y
Filename=3dfxv2ps.dll
Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
Source=Paul Collins Startup list
[3Dlabs Taskbar Display Manager]
Confirmed=?
Filename=3DLman.exe
Description=3DLabs graphics driver related. <font color="#FF0000"> System Tray access to display settings?</font>
Source=Paul Collins Startup list
[3DLabsHelperDemon]
Confirmed=U
Filename=3dldemon.exe
Description=Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
Source=Paul Collins Startup list
[3qdctl.exe]
Confirmed=U
Filename=3qdctl.exe
Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Source=Paul Collins Startup list
[3ware 3DM]
Confirmed=Y
Filename=3dm.exe
Description=Monitors status of the disk array on 3ware IDE RAID controllers
Source=Paul Collins Startup list
[4wd!!!]
Confirmed=X
Filename=Natal!.pif
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpipes.html" target=_blank>PIPES</a> TROJAN!
Source=Paul Collins Startup list
[9xHtProtect]
Confirmed=X
Filename=AVprotect9x.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html" target="_blank">NETSKY.M</a> WORM!
Source=Paul Collins Startup list
[;Rundll]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN!
Source=Paul Collins Startup list
[@]
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html" target="_blank">SEEKER.K</a> TROJAN!
Source=Paul Collins Startup list
[@Hoc Toolbar]
Confirmed=N
Filename=AtHoc.exe
Description=One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info
Source=Paul Collins Startup list
[@loha]
Confirmed=N
Filename=reminder.exe
Description=Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility
Source=Paul Collins Startup list
[@tour_ww]
Confirmed=X
Filename=@tour_ww[1].exe
Description=Adult content dialler
Source=Paul Collins Startup list
[a]
Confirmed=X
Filename=a.exe
Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
Source=Paul Collins Startup list
[a-squared]
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature
Source=Paul Collins Startup list
[a-winpoet-service]
Confirmed=Y
Filename=winpppoverethernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/products/winpoet/index.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list
[A1000 Settings Utility]
Confirmed=U
Filename=cpqa1000.exe
Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
Source=Paul Collins Startup list
[A4Proxy]
Confirmed=U
Filename=A4Proxy.exe
Description=<a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites
Source=Paul Collins Startup list
[AAACLEAN]
Confirmed=?
Filename=AAACLEAN.INF
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[AAAKeyboard]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[AAATraySaver]
Confirmed=N
Filename=TraySaver.exe
Description=System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
Source=Paul Collins Startup list
[AAK]
Confirmed=U
Filename=aak.exe
Description=<a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
Source=Paul Collins Startup list
[ABC]
Confirmed=X
Filename=keylogger.exe
Description=Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by <a href="http://www.spycop.com/index.html" target="_blank">SpyCop</a> in their <a href="http://www.spycop.com/faq.htm" target="_top">FAQ</a>
Source=Paul Collins Startup list
[ABIT uGuru]
Confirmed=U
Filename=uGuru.exe
Description=Provides quick access to several Abit motherboard utilities - such as monitoring cpu temperature, fan speeds, overclocking, flashing of BIOS
Source=Paul Collins Startup list
[Absolute Shield]
Confirmed=U
Filename=dseraser.exe
Description=<a href="http://www.absoluteshielderaserinternet.com/" target="_blank">Absolute Shield/Evidence Eliminator</a> - iternet history eraser
Source=Paul Collins Startup list
[Absolute StartUp monitor]
Confirmed=U
Filename=ASMon.exe
Description=<a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software
Source=Paul Collins Startup list
[ABsr]
Confirmed=X
Filename=absr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list
[absr]
Confirmed=X
Filename=mwsvm.exe
Description=SeekSeek search hijacker related - as seen <a href="http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry34543" target="_blank"> here</a>
Source=Paul Collins Startup list
[abtu]
Confirmed=X
Filename=mp3serch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. mp3serch.exe is the final version
Source=Paul Collins Startup list
[abtu]
Confirmed=X
Filename=lopsearch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. lopsearch.exe is the beta version
Source=Paul Collins Startup list
[AbyssWebServer]
Confirmed=U
Filename=abyssws.exe
Description=<a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server
Source=Paul Collins Startup list
[AcBtnMgr_Xxx]
Confirmed=Y
Filename=AcBtnMgr_Xxx.exe
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list
[acc]
Confirmed=U
Filename=acc.exe
Description=<a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem"
Source=Paul Collins Startup list
[ACCDEFRAGINFO]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32darbyo.html" target=_blank>DARBY-O</a> WORM!
Source=Paul Collins Startup list
[Accelerate]
Confirmed=U
Filename=accelerate.exe
Description=Webroot <a href="http://www.webroot.com/wb/products/accelerate/index.php" target="_blank">Accelerate</a> - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
Source=Paul Collins Startup list
[Access Ramp Monitor]
Confirmed=N
Filename=armon32.exe
Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
Source=Paul Collins Startup list
[AccessRamp Monitor01]
Confirmed=N
Filename=ARMon32a.exe
Description=From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
Source=Paul Collins Startup list
[AccessRampLAN01]
Confirmed=N
Filename=ARUpld32.exe
Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
Source=Paul Collins Startup list
[AcctMgr]
Confirmed=U
Filename=AcctMgr.exe
Description=NortonÖ Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activitiesùall from the safety of your own PC
Source=Paul Collins Startup list
[AccuWeather.com« Desktop]
Confirmed=N
Filename=??
Description=Desktop weather from <a href="http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather" target="_blank">AccuWeather.com</a>
Source=Paul Collins Startup list
[Ace bows]
Confirmed=?
Filename=Ace bows.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[AceGain LiveUpdate]
Confirmed=N
Filename=LiveUpdate.exe
Description=<a href="http://gameone.acegain.com/" target="_blank">AceGain_LiveUpdate</a>. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."
Source=Paul Collins Startup list
[AcerNotebookManager]
Confirmed=U
Filename=almxptray.exe
Description=System Tray access on some Acer Notebooks to give faster access to system settings
Source=Paul Collins Startup list
[AcerPowerkey]
Confirmed=U
Filename=Powerkey.exe
Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
Source=Paul Collins Startup list
[Acme.PCHButton]
Confirmed=N
Filename=pchbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list
[ACMonitor_Xxx]
Confirmed=Y
Filename=ACMonitor_Xxx.exe
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list
[acocash]
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[acocash]
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Acombo3dmouse]
Confirmed=U
Filename=Acombo3d.exe
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Aconti]
Confirmed=X
Filename=aconti.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[acoustic]
Confirmed=U
Filename=acoustic.exe
Description=Control panel program for Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_05" target="_blank"> Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained
Source=Paul Collins Startup list
[acpart]
Confirmed=N
Filename=agpart11.exe
Description=Program for finding trucks on-line
Source=Paul Collins Startup list
[Acrobat Assistant]
Confirmed=U
Filename=ACROTRAY.EXE
Description=Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation
Source=Paul Collins Startup list
[Acronis Scheduler2 Service]
Confirmed=U
Filename=schedhlp.exe
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images
Source=Paul Collins Startup list
[Acronis TrueImage Monitor]
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list
[Action Manager 32]
Confirmed=N
Filename=am32.exe
Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
Source=Paul Collins Startup list
[ActionAgent]
Confirmed=?
Filename=actionagent.exe
Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Activation]
Confirmed=N
Filename=Activation.exe
Description=Part of Microsoft Money
Source=Paul Collins Startup list
[Activboard]
Confirmed=U
Filename=MMKeybd.exe
Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
Source=Paul Collins Startup list
[Active shield]
Confirmed=U
Filename=Activeshield.exe
Description=<a href="http://www.securitystronghold.com/" target=_blank>Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
Source=Paul Collins Startup list
[ActiveDesktop]
Confirmed=X
Filename=systray32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.daboom@mm.html" target="_blank">DABOOM</a> WORM!
Source=Paul Collins Startup list
[ACTIVEDS]
Confirmed=X
Filename=ACTIVEDS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[ActiveEyes]
Confirmed=N
Filename=ActiveEyes.exe
Description=<a href="http://www.tfi-technology.com/products.htm#ActiveEyes" target="_blank">ActiveEyes</a> from TFI Technology
Source=Paul Collins Startup list
[ActiveMenu]
Confirmed=U
Filename=ActiveMenu.exe
Description=<a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list
[ActivSurf]
Confirmed=N
Filename=backweb*****.exe
Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list
[ActMaker]
Confirmed=U
Filename=ActMak25.exe
Description="<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
Source=Paul Collins Startup list
[ACU]
Confirmed=U
Filename=ACU.exe
Description=<a href="http://www.nus.edu.sg/winzone/atheros/" target=_blank>Atheros</a> wireless Client Utility For HP Compaq
Source=Paul Collins Startup list
[Ad Blocker]
Confirmed=U
Filename=blocker.exe
Description=<a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads
Source=Paul Collins Startup list
[Ad Blocker Pro]
Confirmed=U
Filename=Ad Blocker Pro.exe
Description=Ad Away popup and banner remover
Source=Paul Collins Startup list
[Ad Online Guide]
Confirmed=?
Filename=adonlineguide.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Ad-aware]
Confirmed=N
Filename=Ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Source=Paul Collins Startup list
[Ad-Muncher]
Confirmed=U
Filename=ADMUNCH.EXE
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Source=Paul Collins Startup list
[Ad-watch]
Confirmed=U
Filename=Ad-watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list
[AD2KClient]
Confirmed=U
Filename=AD2KClient.exe
Description=Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list
[Adaptec DirectCD]
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list
[AdaptecDirectCD]
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list
[Adaware Bootup]
Confirmed=N
Filename=ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Source=Paul Collins Startup list
[Adaware lptt01]
Confirmed=X
Filename=adaware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not the valid Lavasoft Adaware
Source=Paul Collins Startup list
[Adaware ml097e]
Confirmed=X
Filename=adaware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html" target="_blank">STARTPAGE.F</a> TROJAN!
Source=Paul Collins Startup list
[AdDelete]
Confirmed=U
Filename=AdDelete.exe
Description=Banner advertisment blocker
Source=Paul Collins Startup list
[AdDestroyer]
Confirmed=X
Filename=AdDestroyer.exe
Description=Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Source=Paul Collins Startup list
[Adiras]
Confirmed=Y
Filename=Adiras.exe
Description=ADSL USB modem related
Source=Paul Collins Startup list
[ADM Library Loader]
Confirmed=X
Filename=admlib32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Adobe]
Confirmed=X
Filename=sysconfig.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[adobe]
Confirmed=X
Filename=gam.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Adobe]
Confirmed=X
Filename=sysbat32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.T" target=_blank>LOWZONES.T</a> TROJAN!
Source=Paul Collins Startup list
[Adobe Filter Platform]
Confirmed=X
Filename=afilterplatform.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotop.html" target=_blank>RBOT-OP</a> WORM!
Source=Paul Collins Startup list
[Adobe Gamma Loader]
Confirmed=U
Filename=Adobe Gamma Loader.exe
Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
Source=Paul Collins Startup list
[Adobe Reader Speed Launch]
Confirmed=N
Filename=reader_sl.exe
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target=_blank>Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list
[AdobeA]
Confirmed=X
Filename=adobes.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100373.htm" target="_blank">FLOOD.BA</a> TROJAN!
Source=Paul Collins Startup list
[AdobeFonts]
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list
[AdobeVersionCue]
Confirmed=N
Filename=VersionCueTray.exe
Description="An exclusive feature of the Adobe« Creative Suite, <a href="http://www.adobe.com/products/creativesuite/versioncue.html" target=_blank>Version CueÖ</a> helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Source=Paul Collins Startup list
[Adope File Manager]
Confirmed=X
Filename=lsasv.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[adp]
Confirmed=X
Filename=adp.exe
Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
Source=Paul Collins Startup list
[ADQuickAccess]
Confirmed=N
Filename=Adtray.exe
Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
Description=<a href="http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx" target=_blank>AdRotator</a> adware. Note - this is not the valid Client Server Runtime Subsystem <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process, which provides text window support, shutdown, and hard-error handling
Source=Paul Collins Startup list
[ADService]
Confirmed=U
Filename=ADService.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
Description=System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
Source=Paul Collins Startup list
[AdslTaskBar]
Confirmed=Y
Filename=rundll32.exe stmctrl.dll, TaskBar
Description=ISP software, initializes DSL modem
Source=Paul Collins Startup list
[ADSL_A2]
Confirmed=?
Filename=A2Installed
Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[ADSS]
Confirmed=Y
Filename=ADSS.exe
Description=ADSS is part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Description=<a href="http://www.adsubtract.com/" target="_blank">AdSubtract</a> blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs
Source=Paul Collins Startup list
[AdultX]
Confirmed=X
Filename=AdultX.exe
Description=Adult content dialler and hijacker
Source=Paul Collins Startup list
[Adult_Chat]
Confirmed=X
Filename=Adult_Chat.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Adult_Chat1]
Confirmed=X
Filename=Adult_Chat1.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[ADUserMon]
Confirmed=U
Filename=ADUserMon.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list
[Advanced Internet Protocol]
Confirmed=X
Filename=cerf.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Advanced Tools Check]
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Source=Paul Collins Startup list
[Advapi]
Confirmed=X
Filename=Advapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.12" target="_blank">NETDEVIL.12</a> WORM!
Source=Paul Collins Startup list
[ADVCHK]
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Description=Bogus adware remover, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[Aeiwlsta.exe]
Confirmed=?
Filename=Aeiwlsta.exe
Description=IBM High Rate Wireless LAN Adapter driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[AELaunch]
Confirmed=N
Filename=AELaunch.exe
Description=Audio Applications Launcher for the Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=5ZTUCSVZIGCWUCRQNFJRX1YKGBUEWHAW?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC706_05" target="_blank"> Acoustic Edge</a> soundcard
Source=Paul Collins Startup list
[AeXSWDUsr]
Confirmed=?
Filename=AeXSWDUsr.exe
Description=<a href="http://www.altiris.com/" target="_blank">Altiris</a> Express NS Client Manager software. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[AEZBProc]
Confirmed=U
Filename=aptezbp.exe
Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
Source=Paul Collins Startup list
[AFAFilter]
Confirmed=U
Filename=windefault.exe
Description=<a href="http://www.afafilter.com/" target="_blank">AFAFilter</a> - internet filter software
Source=Paul Collins Startup list
[Agent]
Confirmed=N
Filename=Agent.exe
Description=<a href="http://www.cyberlink.com" target="_blank">Cyberlink Power VCR II 3.0</a> is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
Source=Paul Collins Startup list
[Agente]
Confirmed=?
Filename=Remupd.exe
Description=Part of <a href="http://www.pandasoftware.com/products/titanium/" target="_blank">Panda Antivirus Titanium</a>. <font color="#FF0000">Is this an update reminder (guess because of the name), virus definition update reminder or something similar?</font>
Source=Paul Collins Startup list
[AgfaCLnk]
Confirmed=U
Filename=AgfaCLnk.exe
Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
Source=Paul Collins Startup list
[agp]
Confirmed=X
Filename=agp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list
[AGRSMMSG]
Confirmed=Y
Filename=AGRSMMSG.exe
Description=IBM AMR modem driver
Source=Paul Collins Startup list
[AGSatellite]
Confirmed=N
Filename=AGSatellite.exe
Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
Source=Paul Collins Startup list
[ahfp]
Confirmed=U
Filename=ahfp.exe
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
Source=Paul Collins Startup list
[ahfprog]
Confirmed=U
Filename=ahfp.exe
Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
Source=Paul Collins Startup list
[AHNSD]
Confirmed=U
Filename=AhnSD.exe
Description=<a href="http://home.ahnlab.com/english/product/01_1.html" target="_blank">AhnLab</a> V3 antivirus updater - leave enabled unless you manually update on a regular basis
Source=Paul Collins Startup list
[AHNUE]
Confirmed=?
Filename=AHNUE.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[AHQInit]
Confirmed=N
Filename=ahqinit.exe
Description=Part of <a href="#AudioHQ">AudioHQ</a> for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
Description=AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
Source=Paul Collins Startup list
[AIM reminder]
Confirmed=X
Filename=AIM reminder.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
Source=Paul Collins Startup list
[aimaol lptt01]
Confirmed=X
Filename=aimaol.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[aimaol ml097e]
Confirmed=X
Filename=aimaol.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[AimingClick]
Confirmed=N
Filename=AimingClick.exe
Description=<a href="http://www.aimingtech.com/aimingclick/home.htm" target="_blank">AimingClick</a> from AimingTech. Web searching tool. Available via Start -> Programs
Source=Paul Collins Startup list
[AIMster]
Confirmed=N
Filename=??
Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
Source=Paul Collins Startup list
[AIMWDInstall]
Confirmed=N
Filename=AIMWDInstall.exe
Description=Version of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[Aiptek Graphics Tablet (USB)]
Confirmed=Y
Filename=atwtusb.exe
Description=USB interface for Aiptek Graphics Tablet (USB)
Source=Paul Collins Startup list
[AKEYNAME]
Confirmed=X
Filename=WinServ.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.c.html" target="_blank">EVILBOT.C</a> TROJAN!
Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
Source=Paul Collins Startup list
[AlarmWatcher]
Confirmed=?
Filename=AlarmWatcher.exe
Description=<font color="#FF0000">Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?</font>
Source=Paul Collins Startup list
[Album Fast Start]
Confirmed=N
Filename=ABMTSR.EXE
Description=Scanner software, not required for scanner to work
Description=Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
Source=Paul Collins Startup list
[AlcxMonitor]
Confirmed=X
Filename=Alcxmntr.exe
Description=Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers
Source=Paul Collins Startup list
[Alevir]
Confirmed=X
Filename=Alevir.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaserva.html" target="_blank">OPASERV.A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.F" target="_blank">OPASERV.F</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORMS!
Source=Paul Collins Startup list
[AlevirOld]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
Source=Paul Collins Startup list
[Alexa]
Confirmed=N
Filename=Alexa.exe?
Description=<a href="http://download.alexa.com/alexa65/startpage.html?p=Dest_W_g_40_L1" target="_blank">Alexa Toolbar</a> "is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing". Available via Start -> Programs
Source=Paul Collins Startup list
[ALFY Accellerator]
Confirmed=?
Filename=AlfyAC~1.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Alias SketchBook Snapshot]
Confirmed=N
Filename=ALIASS~2.EXE
Description=Screen-capture utility for Alias Sketchbook
Source=Paul Collins Startup list
[AlienAutopsy]
Confirmed=N
Filename=Test_BS.exe
Description=<a href="http://www.alienware.com/" target="_blank">Alienware</a> computer technical support software
Source=Paul Collins Startup list
[ALiSndMgr]
Confirmed=Y
Filename=ALiSndMg.exe
Description=ALi AC97 Sound driver
Source=Paul Collins Startup list
[AliUSBfix]
Confirmed=?
Filename=GREENMK.exe
Description=<font color="#FF0000">May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?</font>
Source=Paul Collins Startup list
[alkasr]
Confirmed=X
Filename=╬Σ╥φ╤.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html" target="_blank">BALKART</a> TROJAN!
Source=Paul Collins Startup list
[All Aboard Status]
Confirmed=U
Filename=stswin.exe
Description=<a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm">All Aboard! Internet Connection Sharing</a> status icon
Source=Paul Collins Startup list
[All Sea screen saver]
Confirmed=X
Filename=TaskTray.exe
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
Source=Paul Collins Startup list
[All Sea web link]
Confirmed=X
Filename=FWLink.exe
Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
Source=Paul Collins Startup list
[allSnap]
Confirmed=U
Filename=allSnap.exe
Description="<a href="http://members.rogers.com/ivanheckman/index.html" target="_blank">allSnap</a> is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
Source=Paul Collins Startup list
[Alogserv]
Confirmed=U
Filename=Alogserv.exe
Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
Source=Paul Collins Startup list
[Alps Electric USB Server]
Confirmed=Y
Filename=Monserv.exe
Description=Alps Electric USB Server - required according to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;200692" target="_blank">this</a> article
Source=Paul Collins Startup list
[AlpsPoint]
Confirmed=U
Filename=Apoint.exe
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
Source=Paul Collins Startup list
[ALServ]
Confirmed=?
Filename=ALServ.exe
Description=Altec Lansing AMS speaker related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[Altnet]
Confirmed=N
Filename=points manager.exe
Description=<a href="http://www.altnet.com/faq/" target="_blank">Altnet Points Manager</a> - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required
Source=Paul Collins Startup list
[AltnetPointsManager]
Confirmed=N
Filename=points manager.exe
Description=<a href="http://www.altnet.com/faq/" target="_blank">Altnet Points Manager</a> - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required
Source=Paul Collins Startup list
[AltoMB_service]
Confirmed=U
Filename=AltoMBsrv.exe
Description=Alto Memory Booster from <a href="http://www.altosoftware.com/" target="_blank">Alto Software</a> - boost the computers performance via more intelligent and efficient memory management
Source=Paul Collins Startup list
[ALUAlert]
Confirmed=U
Filename=ALUNotify.exe
Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
Source=Paul Collins Startup list
[AlwaysOnTopMaker]
Confirmed=U
Filename=AlwaysOnTopMaker.exe
Description=<a href="http://www.fadsoft.com/AlwaysOnTopMaker.htm" target="_blank">Always On Top Maker</a> - utilty to enable an application to always be displayed "on top" of others on the desktop
Source=Paul Collins Startup list
[AmazingTens]
Confirmed=X
Filename=AmazingTens.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[America Online *.* Tray Icon]
Confirmed=N
Filename=aoltray.exe
Description=Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
Source=Paul Collins Startup list
[AME_CSA]
Confirmed=N
Filename=rundll32 amecsa.cpl, RUN_DLL
Description=Loads ADSL modem Control Panel applet
Source=Paul Collins Startup list
[Amon]
Confirmed=Y
Filename=AMON.EXE
Description=Monitoring part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner
Source=Paul Collins Startup list
[Amonitor]
Confirmed=Y
Filename=amon.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
Source=Paul Collins Startup list
[anbv32]
Confirmed=X
Filename=nabv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.c.worm.html" target="_blank">TITOG.C</a> WORM!
Source=Paul Collins Startup list
[ANIWZCSService]
Confirmed=?
Filename=WZCSLDR.exe
Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
Source=Paul Collins Startup list
[AnnotateCheck]
Confirmed=?
Filename=AnnCheck.exe
Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Announcements]
Confirmed=N
Filename=Annclist.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[Anntext]
Confirmed=N
Filename=Anntext.exe
Description=Caere Pagekeeper text annotation server
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html" target="_blank">SINKIN</a> TROJAN! Resets IE start page to realphx.com
Source=Paul Collins Startup list
[Antivirus]
Confirmed=X
Filename=maja.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.h@mm.html" target="_blank">NETSKY.H</a> WORM!
Source=Paul Collins Startup list
[Antivirus]
Confirmed=X
Filename=iexpl0res.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[AntiVirusProtection]
Confirmed=?
Filename=qumk.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[AntiWindowsMessenger]
Confirmed=U
Filename=AntiMsMsg.exe
Description=<a href="http://fileforum.betanews.com/detail/1069500643/1" target="_blank">Anti-Windows_Messenger</a> is a small application that prevents Windows Messenger from remaining resident in memory
Source=Paul Collins Startup list
[AnVir]
Confirmed=Y
Filename=AnVir.exe
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
Source=Paul Collins Startup list
[AnVir Task Manager]
Confirmed=Y
Filename=AnVir.exe
Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
Source=Paul Collins Startup list
[anvshell]
Confirmed=U
Filename=anvshell.exe
Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
Source=Paul Collins Startup list
[anycom bluetooth]
Confirmed=?
Filename=ftflauncher.exe
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[AnyDVD]
Confirmed=N
Filename=AnyDVD.exe
Description="<a href="http://www.slysoft.com/en/anydvd.html" target="_blank">AnyDVD</a> is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well"
Source=Paul Collins Startup list
[AO Tray]
Confirmed=N
Filename=AOTray.Exe
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[AOL Broadband Check-Up]
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[AOL Companion]
Confirmed=N
Filename=companion.exe
Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
Source=Paul Collins Startup list
[AOL Instant Messenger]
Confirmed=?
Filename=AlM.EXE
Description=That is an L between the A and M, the start up location is wrong for AIM. <font color="#FF0000">What does this relate to?</font>
Source=Paul Collins Startup list
[AOL Messenger]
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[AOL Messenger]
Confirmed=X
Filename=aolmsngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html" target=_blank>SDBOT-JF</a> WORM!
Source=Paul Collins Startup list
[AOL Spyware Protection]
Confirmed=U
Filename=AOLSP Scheduler.exe
Description=AOL's spyware protection program
Source=Paul Collins Startup list
[AolAcsDaemon1]
Confirmed=Y
Filename=Acsd.exe
Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Source=Paul Collins Startup list
[AolAcsDaemon1]
Confirmed=Y
Filename=AOLACSD.EXE
Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Source=Paul Collins Startup list
[AolCon]
Confirmed=X
Filename=config.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html" target="_blank">TAPLAK</a> WORM!
Source=Paul Collins Startup list
[AOLDialer]
Confirmed=N
Filename=AOLDial.exe
Description=AOL ISP software dialer - can be activated through a desktop shortcut
Source=Paul Collins Startup list
[AolFix]
Confirmed=N
Filename=AolFix.exe
Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
Source=Paul Collins Startup list
[Aornum]
Confirmed=X
Filename=aornum.exe
Description=Installed along with <a href="http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf">iWon Prize Machine</a>. Based upon their <a href="http://www.iwon.com/home/companyinfo/privacy/privacy_overview/0,11882,,00.html#1">privacy</a> statement this can be regarded as spyware
Source=Paul Collins Startup list
[AOTray]
Confirmed=N
Filename=AOTray.Exe
Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[APC UPS Status]
Confirmed=Y
Filename=Display.exe
Description=<a href="http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=" target="_blank">APC PowerChute Personal Edition</a> status icon
Source=Paul Collins Startup list
[APC_SERVICE]
Confirmed=U
Filename=mainserv.exe
Description=<a href="http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW75" target="_blank">PowerChute« Personal Edition</a> - "safe system shutdown software with sophisticated power management functions"
Source=Paul Collins Startup list
[apc_tray]
Confirmed=Y
Filename=apc_tray.exe
Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
Source=Paul Collins Startup list
[API32]
Confirmed=X
Filename=api32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotb.html" target=_blank>IRCBOT-B</a> TROJAN!
Source=Paul Collins Startup list
[APIMon]
Confirmed=X
Filename=apimonx.exe
Description=Added by the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[APIMon]
Confirmed=X
Filename=winapix.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[Apmsrv9x]
Confirmed=?
Filename=APMSRV9X.EXE
Description=Intel AnyPoint Wireless II Home Network related. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[Apoint]
Confirmed=U
Filename=Apoint.exe
Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
Source=Paul Collins Startup list
[App.EXEName]
Confirmed=X
Filename=[path to worm]\.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html" target="_blank">BODIRU</a> WORM!
Source=Paul Collins Startup list
[Appcon]
Confirmed=U
Filename=vAppCon.exe
Description=Vital Application Console - part of <a href="http://www.pos-partner.com/Product.htm" target="_blank">POS-partner 2000</a> point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
Source=Paul Collins Startup list
[appconn]
Confirmed=X
Filename=appconn.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html" target="_blank">CARGAO</a> WORM!
Source=Paul Collins Startup list
[AppExtender]
Confirmed=U
Filename=AppExtCB.exe
Description=Loads the <a href="http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f" target="_blank">Confimax</a> add-in for popular E-mail programs to confirm E-mails have been sent and received
Source=Paul Collins Startup list
[appis.exe]
Confirmed=X
Filename=appis.exe
Description=Added by the <a href="http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp" target=_blank>AGENT-BC</a> TROJAN!
Source=Paul Collins Startup list
[Application]
Confirmed=Y
Filename=mdmsetsp.exe
Description=Aztech Labs modem driver
Source=Paul Collins Startup list
[Application Explorer]
Confirmed=U
Filename=Naldesk.exe
Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
Source=Paul Collins Startup list
[AppPlus]
Confirmed=U
Filename=AppPlus.exe
Description=<a href="http://www.appplusonline.com/" target="_blank">AppPlus</a> - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
Source=Paul Collins Startup list
[Apvxd]
Confirmed=Y
Filename=APVXDWIN.EXE
Description=Part of <a href="http://www.pandasoftware.com/" target="_blank">Panda Anti-Virus</a>. Required to enable permanent virus protection
Source=Paul Collins Startup list
[Apvxdwin]
Confirmed=Y
Filename=APVXDWIN.EXE
Description=Part of <a href="http://www.pandasoftware.com/" target="_blank">Panda Anti-Virus</a>. Required to enable permanent virus protection
Source=Paul Collins Startup list
[Apwheel]
Confirmed=Y
Filename=Apwheel.exe
Description=Wheel support for an Alps mouse
Source=Paul Collins Startup list
[aqadcup.exe]
Confirmed=X
Filename=aqadcup.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
Source=Paul Collins Startup list
[ara-key]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html" target="_blank">ANTINNY</a> WORM!
Source=Paul Collins Startup list
[ARCSolo Recovery]
Confirmed=N
Filename=N/A
Description=Backup software by Computer Associates - no longer supported
Source=Paul Collins Startup list
[ares]
Confirmed=N
Filename=ares.exe
Description=<a href="http://www.aresgalaxy.org/download.html" target="_blank">Ares</a> is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
Source=Paul Collins Startup list
[areslite]
Confirmed=N
Filename=AresLite.exe
Description=<a href="http://www.aresgalaxy.org/download.html" target="_blank">Ares</a> Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
Source=Paul Collins Startup list
[Aritima]
Confirmed=X
Filename=aritima.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html" target="_blank">ARITIM</a> WORM!
Source=Paul Collins Startup list
[Artera]
Confirmed=U
Filename=arteraui.exe
Description=<a href="http://www.arteraturbo.com/" target="_blank">Artera Turbo Internet Accelerator</a> - "surf faster, boost download speed". Only required if you find it helps improve your performance
Source=Paul Collins Startup list
[asdx]
Confirmed=X
Filename=xwinrpc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VO" target="_blank">AGOBOT.VO</a> WORM!
Source=Paul Collins Startup list
[ASE Scheduler]
Confirmed=N
Filename=ASE Scheduler.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
Source=Paul Collins Startup list
[Ashampoo PopUpBlocker]
Confirmed=U
Filename=PopUpKiller.exe
Description=Ashampoo popup blocker, part of Privacy Protector Plus - see <a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0204&session_langid=2ñcy_id=-1" target=_blank>here</a>
Source=Paul Collins Startup list
[ASHLT]
Confirmed=X
Filename=Ashlt.exe
Description=Adware - leads back to an ad server
Source=Paul Collins Startup list
[ashMaiSv]
Confirmed=Y
Filename=ashmaisv.exe
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software - E-mail scanner
Source=Paul Collins Startup list
[AsioReg]
Confirmed=U
Filename=regsvr32.exe ctasio.dll
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=60&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list
[asp4tray]
Confirmed=N
Filename=asp4tray.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[AspireTimeMachine]
Confirmed=Y
Filename=acertmb.exe
Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
Source=Paul Collins Startup list
[assistse]
Confirmed=X
Filename=ASSISTSE.EXE
Description=CnsMin (<a href="http://www.pestpatrol.com/PestInfo/C/CnsMin.asp" target="_blank">Chinese_Keywords</a>) related
Source=Paul Collins Startup list
[AST]
Confirmed=X
Filename=AST
Description=Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS!
Source=Paul Collins Startup list
[AST]
Confirmed=X
Filename=AST
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
Source=Paul Collins Startup list
[ASTART]
Confirmed=U
Filename=astart.exe
Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
Source=Paul Collins Startup list
[AStart]
Confirmed=X
Filename=AStart
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
Source=Paul Collins Startup list
[asTray]
Confirmed=N
Filename=Astray.exe
Description=Voyetra Audio Station - part of Voyetra's <a href="http://www.voyetra.com/site/products/ump3/" target="_blank"> Ultimate MP3 & CD Manager</a>. MP3 and digital music jukebox/organizer
Source=Paul Collins Startup list
[Astro]
Confirmed=N
Filename=Astro.exe
Description=Checks for updates to Quicken on a system reboot
Source=Paul Collins Startup list
[ASUS Probe]
Confirmed=N
Filename=AsusProb.exe
Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
Source=Paul Collins Startup list
[ASUS SmartDoctor]
Confirmed=U
Filename=VGAProbe.exe
Description=ASUS video card fan/thermal monitor
Source=Paul Collins Startup list
[ASUS TweakEnable]
Confirmed=U
Filename=astart.exe
Description=Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
Source=Paul Collins Startup list
[ASUSKey]
Confirmed=N
Filename=V38SHELL.EXE
Description=System tray Icon for quickly changing video modes
Source=Paul Collins Startup list
[ASWDP]
Confirmed=N
Filename=ASWDP.exe
Description=<a href="http://www.stevejacksonre.com/mls_pulse_sign_up.htm" target="_blank">MLS Pulse</a> - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
Source=Paul Collins Startup list
[ASWnk]
Confirmed=X
Filename=aswnk.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[AT-Watch]
Confirmed=U
Filename=ATWatch.exe
Description=Anti-Trojan Watch - trojan detector
Source=Paul Collins Startup list
[Athan]
Confirmed=U
Filename=Athan.exe
Description=<a href="http://www.islamasoft.co.uk/products/athan/athansoftware.html" target=_blank>Athan</a> - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
Source=Paul Collins Startup list
[ATI CATALYST System Tray]
Confirmed=N
Filename=CLI.exe SystemTray
Description=System Tray access to ATI's CATALYSTÖ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
Source=Paul Collins Startup list
[ATI DeviceDetect]
Confirmed=N
Filename=ATIDtct.EXE
Description=Utility meant for future use of the ATI TV WONDERÖ USB 2.0 video driver and can be disabled
Source=Paul Collins Startup list
[ATI GART Set-up Utility]
Confirmed=N
Filename=Atigart.exe
Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
Source=Paul Collins Startup list
[ATI Launchpad]
Confirmed=U
Filename=launchpd.exe
Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
Source=Paul Collins Startup list
[ATI Remote Control]
Confirmed=Y
Filename=ATIRW.exe
Description=Driver for the <a href="http://www.ati.com/products/home-office.html" target=_blank>ATI REMOTE WONDERÖ</a> RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
Source=Paul Collins Startup list
[ATI Scheduler]
Confirmed=N
Filename=Atisched.exe
Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
Source=Paul Collins Startup list
[ATI Task Application]
Confirmed=N
Filename=Atitkad.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list
[ATI Task Application (Atikey)]
Confirmed=N
Filename=Atitask.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list
[ATI VIDEO REGKEY]
Confirmed=X
Filename=ati2vid.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR" target="_blank">SDBOT.UR</a> WORM!
Source=Paul Collins Startup list
[Ati2cwxx]
Confirmed=?
Filename=Ati2cwxx.exe
Description=<font color="#FF0000">For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it </font>
Source=Paul Collins Startup list
[Ati2mdxx]
Confirmed=N
Filename=Ati2mdxx.exe
Description=For ATI video cards. System Tray access to display mode changing
Source=Paul Collins Startup list
[ATICCC]
Confirmed=U
Filename=cli.exe runtime
Description=ATI's CATALYSTÖ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime
Source=Paul Collins Startup list
[AtiCwd]
Confirmed=U
Filename=AtiCwd.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiCwd]
Confirmed=U
Filename=AtiCwd32.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiCwd]
Confirmed=U
Filename=Ati2cwad.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiCwd32]
Confirmed=U
Filename=AtiCwd.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiCwd32]
Confirmed=U
Filename=AtiCwd32.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiCwd32]
Confirmed=U
Filename=Ati2cwad.exe
Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
Source=Paul Collins Startup list
[AtiKey]
Confirmed=N
Filename=AtiKey32.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list
[AtiKey]
Confirmed=?
Filename=atiptkad.exe
Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Source=Paul Collins Startup list
[ATIModeChange]
Confirmed=U
Filename=Ati2mdxx.exe
Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
Source=Paul Collins Startup list
[ATIPOLAB]
Confirmed=U
Filename=ati2evxx.exe
Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
Source=Paul Collins Startup list
[ATIPOLL]
Confirmed=U
Filename=ati2evxx.exe
Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
Source=Paul Collins Startup list
[AtiPTA]
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[AtiPTA]
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[AtiPTAAA]
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[AtiPTAAA]
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[atiptaxx]
Confirmed=U
Filename=Ati2ptxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[atiptaxx]
Confirmed=U
Filename=Atiptaxx.exe
Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
Source=Paul Collins Startup list
[AtiQiPcl]
Confirmed=U
Filename=AtiQiPcl.exe
Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
Source=Paul Collins Startup list
[ATISmart]
Confirmed=U
Filename=ati2s9ag.exe
Description=ATI's "SMARTGART", which is included with the "<a href="http://mirror.ati.com/products/pc/catalyst/index.html" target="_blank">Catalyst</a>" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
Source=Paul Collins Startup list
[atisrc2]
Confirmed=X
Filename=windfind.exe
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=" target="_blank">here</a>. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), mmxrun (msosa.exe) and RegCompres (REGCPM32.EXE), otherwise they return
Source=Paul Collins Startup list
[atitray]
Confirmed=U
Filename=atitray.exe
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
Source=Paul Collins Startup list
[AtiTrayTools]
Confirmed=U
Filename=atitray.exe
Description=ATI Tray Tools - allows quick access to ATI graphics card settings
Source=Paul Collins Startup list
[atiupdate]
Confirmed=X
Filename=ATIUPDATE5.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A" target="_blank">DEBESKI.A</a> TROJAN!
Source=Paul Collins Startup list
[atiupdate]
Confirmed=X
Filename=msshed32.exe
Description=Added by the DELF.EP downloader TROJAN!
Source=Paul Collins Startup list
[ativopen]
Confirmed=X
Filename=ativopen.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[ATIX10]
Confirmed=U
Filename=atix10.exe
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder</a> - PC wireless remote control
Source=Paul Collins Startup list
[ATM Control]
Confirmed=X
Filename=adpn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&VSect=T" target="_blank">MMS.A</a> WORM!
Source=Paul Collins Startup list
[ATnotes]
Confirmed=N
Filename=atnotes.exe
Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
Source=Paul Collins Startup list
[Atomic.exe]
Confirmed=U
Filename=Atomic.exe
Description=<a href="http://www.worldtimeserver.com/atomic-clock/" target=_blank>Atomic Clock Sync</a> - synchronizes your computer's time with the NIST time server
Source=Paul Collins Startup list
[Atomica]
Confirmed=N
Filename=atomica.exe
Description=<a href="http://www.atomica.com/" target="_blank">Atomica</a> runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
Source=Paul Collins Startup list
[AtomicTime]
Confirmed=U
Filename=ATOMICTIME.EXE
Description=<a href="http://schmail.com/atomictime/" target="_blank">AtomicTime</a> - utility that synchronizes your PC clock to an atomic clock
Source=Paul Collins Startup list
[Atrack]
Confirmed=U
Filename=atrack.exe
Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
Source=Paul Collins Startup list
[Atray]
Confirmed=U
Filename=Atray.exe
Description=<a href="http://www.divcomsoft.com/atray/" target="_blank">Active Tray</a> is a utility which lets you configure the system tray. You can also create your own tray icons
Source=Paul Collins Startup list
[ATTBroadbandUpdate]
Confirmed=U
Filename=SAUpdate.exe
Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
Source=Paul Collins Startup list
[ATTRedUpdate]
Confirmed=U
Filename=AutoUpdate.exe
Description=Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
Source=Paul Collins Startup list
[AttuneClientEngine]
Confirmed=X
Filename=attune_ce.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list
[AttuneContentUpdater]
Confirmed=X
Filename=attune_cu.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list
[AttuneDiscovery]
Confirmed=X
Filename=attune_di.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list
[Attunel]
Confirmed=X
Filename=Attunel.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list
[AttuneSystray]
Confirmed=X
Filename=attune_st.exe
Description=Spyware - part of an automated helpdesk software called Aveo Attune
Source=Paul Collins Startup list
[aTuner]
Confirmed=N
Filename=atuner.exe
Description=<a href="http://www.3dcenter.de/atuner/index_e.php" target="_blank">aTuner</a> - tweak tool for GeForce based graphics cards
Source=Paul Collins Startup list
[atwtusb]
Confirmed=Y
Filename=atwtusb.exe
Description=USB interface for Aiptek Graphics Tablet (USB)
Source=Paul Collins Startup list
[AU Agent]
Confirmed=U
Filename=AUagent.exe
Description=<a href="http://www.zilab.com/Products/Au/index_2.shtml" target="_blank">Au Agent</a> from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
Source=Paul Collins Startup list
[au.exe]
Confirmed=X
Filename=au.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html" target="_blank">BEAGLE.B</a> WORM!
Source=Paul Collins Startup list
[AUCBPNP]
Confirmed=Y
Filename=aucbnpn.exe
Description=Adaptec USB CardBus Safe-Eject - driver for the <a href="http://www.adaptec.com/worldwide/product/proddetail.html?sess=no&language=English+US&prodkey=AUA-1420&cat=%2fTechnology%2fUSB%2fUSB+Adapters" target="_blank">Adaptec USB 2.0 CardBus</a> which provides USB 2.0 ports for laptop users via a PCMCIA card slot
Source=Paul Collins Startup list
[Aucompat]
Confirmed=X
Filename=Aucompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[AudCtrl]
Confirmed=?
Filename=RunDll32 AudCtrl.dll, RCMonitor
Description=<font color="#FF0000">Audio control panel?</font>
Source=Paul Collins Startup list
[Audiocntl]
Confirmed=X
Filename=audiocntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[AudioHQ]
Confirmed=N
Filename=Ahqtb.exe
Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
Source=Paul Collins Startup list
[audioinf]
Confirmed=X
Filename=audioinf.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[Aureal A3D Interactive Audio]
Confirmed=Y
Filename=sa3dsrv.exe
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Source=Paul Collins Startup list
[Aureal A3D Interactive Audio Init]
Confirmed=Y
Filename=A3dInit.exe
Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Source=Paul Collins Startup list
[ausvc]
Confirmed=X
Filename=ausvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list
[authz]
Confirmed=X
Filename=authz.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[auto repair system]
Confirmed=X
Filename=qualityx.exe
Description=Added by an unidentified WORM or TROJAN - probably a <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> variant
Source=Paul Collins Startup list
[Auto T Bar]
Confirmed=N
Filename=autotbar.exe
Description=If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
Source=Paul Collins Startup list
[Auto updat]
Confirmed=X
Filename=crsrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotak.html" target="_blank">FORBOT-AK</a> WORM!
Source=Paul Collins Startup list
[Auto Updat]
Confirmed=X
Filename=WindowsSys32.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list
[Auto Update]
Confirmed=X
Filename=AUP.exe
Description=Added by an unididentified WORM or TROJAN!
Source=Paul Collins Startup list
[Autobar]
Confirmed=U
Filename=autobar.exe
Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers
Source=Paul Collins Startup list
[AutoEA]
Confirmed=N
Filename=Ahqrun.exe
Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
Description=Task scheduler for <a href="http://www.unisyn.com/" target="_blank">Unisyn Automate 4</a> task automation/macro running software. Available via a desktop shortcut or Start -> Programs
Source=Paul Collins Startup list
[Automatic Microsoft Windows Updater]
Confirmed=X
Filename=suchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteq.html" target=_blank>RBOT-EQ</a> WORM!
Source=Paul Collins Startup list
[Automatic Windows Updater]
Confirmed=X
Filename=Update.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Automatically launches the United Devices Agent when you start your computer]
Confirmed=N
Filename=UD.EXE
Description=The <a href="http://members.ud.com/download/gold/" target="_blank">United Devices Agent</a> can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs
Source=Paul Collins Startup list
[AUTOPROP]
Confirmed=N
Filename=REGPROP.EXE WMPADDIN.DLL
Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
Source=Paul Collins Startup list
[AutoShutdown]
Confirmed=?
Filename=pssvc.exe
Description=<font color="#FF0000">Utility to fix vCard Export in MS Outlook 2000 - although why are these together?</font>
Source=Paul Collins Startup list
[AutoSizer]
Confirmed=U
Filename=AUTOSIZER.EXE
Description=<a href="http://www.southbaypc.com/AutoSizer/" target="_blank">AutoSizer</a> - utility that automatically maximizes windows when they're opened
Description=If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
Source=Paul Collins Startup list
[AutoTKit]
Confirmed=N
Filename=AUTOTKIT.EXE
Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
Source=Paul Collins Startup list
[autoupd]
Confirmed=N
Filename=autoupd.exe
Description=<a href="http://www.raxco.com/support/windows/kb_details.cfm?kbid=46" target="_blank">Raxco Software Auto Update</a> utility."Used to keep your software up-to-date"
Source=Paul Collins Startup list
[autoupd]
Confirmed=X
Filename=autoupd.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software
Source=Paul Collins Startup list
[Avast32]
Confirmed=Y
Filename=Astart32.exe
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software
Source=Paul Collins Startup list
[avc]
Confirmed=X
Filename=avmon.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[AvconsoleEXE]
Confirmed=U
Filename=Avconsol.exe
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
Source=Paul Collins Startup list
[AveoAttune]
Confirmed=X
Filename=atmdlusr.exe
Description=Spyware - part of an automated helpdesk software
Source=Paul Collins Startup list
[AVG Grisoft Updater]
Confirmed=X
Filename=updater.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotot.html" target=_blank>AGOBOT-OT</a> WORM!
Source=Paul Collins Startup list
[AVG7_AMSVR]
Confirmed=Y
Filename=Avgamsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
Source=Paul Collins Startup list
[AVG7_CC]
Confirmed=Y
Filename=AVGCC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Source=Paul Collins Startup list
[AVG7_EMC]
Confirmed=Y
Filename=AVGEMC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Source=Paul Collins Startup list
[AVG7_Run]
Confirmed=Y
Filename=avgw.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
Source=Paul Collins Startup list
[avgamsvr.exe]
Confirmed=Y
Filename=Avgamsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
Source=Paul Collins Startup list
[avgcc32]
Confirmed=Y
Filename=avgcc32.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Source=Paul Collins Startup list
[AVGCtrl]
Confirmed=Y
Filename=AVGCTRL.EXE
Description=Background task of the <a target="_blank" href="http://www.hbedv.com/">AntiVir</a> antivirus program which scans files transparently in the background
Source=Paul Collins Startup list
[avgmsvr.exe]
Confirmed=Y
Filename=avgmsvr.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Source=Paul Collins Startup list
[AVG_EMC]
Confirmed=Y
Filename=AVGEMC.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Source=Paul Collins Startup list
[AVG_RegCleaner]
Confirmed=Y
Filename=AVGREGCL.exe
Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
Source=Paul Collins Startup list
[Avimgt]
Confirmed=X
Filename=Avimgt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Avimgt32]
Confirmed=X
Filename=Avimgt32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[AvMaiSrv]
Confirmed=Y
Filename=Avmaisrv.exe
Description=Part of <a href="http://www.alwil.com/en/default.asp" target=_blank>Avast!</a> anti-virus software - E-mail scanner
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html" target=_blank>MYDOOM.AF</a> WORM!
Source=Paul Collins Startup list
[Avril Lavigne - Muse]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avrila.html" target="_blank">AVRIL-A</a> WORM!
Source=Paul Collins Startup list
[AVSCHED32]
Confirmed=Y
Filename=AVSched32.exe
Description=<a href="http://www.hbedv.com/" target="_blank">AntiVir</a> anti-virus from H+BDEV
Source=Paul Collins Startup list
[avserve.exe]
Confirmed=X
Filename=avserve.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html" target="_blank">SASSER</a> WORM!
Source=Paul Collins Startup list
[avserve2.exe]
Confirmed=X
Filename=avserve2.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html" target="_blank">SASSER.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.c.worm.html" target="_blank">SASSER.C</a> WORMS!
Source=Paul Collins Startup list
[avserve3.exe]
Confirmed=X
Filename=avserve3.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html" target="_blank">SASSER.G</a> WORM!
Description=PRISM Status Tray Applet - <font color="#FF0000">but what is it for and is it required?</font>
Source=Paul Collins Startup list
[AVWUpd32]
Confirmed=U
Filename=AVWUPD32.EXE
Description=<a href="http://www.hbedv.com/" target="_blank">AntiVir</a> updater. Useful, but can be run manually
Source=Paul Collins Startup list
[avx communicator]
Confirmed=Y
Filename=xcommsur.exe
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list
[Avxlive]
Confirmed=Y
Filename=avxlive.exe
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> or <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
Source=Paul Collins Startup list
[avxlni]
Confirmed=Y
Filename=avxinit.exe
Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list
[Avxnews]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Awatch]
Confirmed=X
Filename=Awatch.exe
Description=<a href="http://www.avm.de/de/Service/AVM_Service_Portale/FRITZCard_DSL/index.php3" target=_blank>Fritz!_DSL</a> ISP software related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[awhost32]
Confirmed=N
Filename=awhost32.exe
Description=Part of Symantec's <a href="http://enterprisesecurity.symantec.com/products/products.cfm?productID=2">pcAnywhere</a> remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
Source=Paul Collins Startup list
[AWMON]
Confirmed=U
Filename=Ad-Watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list
[AxFilter]
Confirmed=?
Filename=Rundll32 AXFILTER.DLL, Rundll32
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[a_vpd]
Confirmed=?
Filename=vpd.exe
Description=Located in the IBMTOOLS\VPD sub-directory. <font color="#FF0000">What does it do and is it required?"
Source=Paul Collins Startup list
[a▓]
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature
Source=Paul Collins Startup list
[B'sCLiP]
Confirmed=N
Filename=BSCLIP.exe
Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
Source=Paul Collins Startup list
[B.Reader]
Confirmed=N
Filename=remin.exe
Description=<a href="http://www.harshal.da.ru/" target="_blank">Birthday Reminder 5.0</a> - as the name implies
Source=Paul Collins Startup list
[b3d]
Confirmed=X
Filename=BDEsecureinstall.exe
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Source=Paul Collins Startup list
[b3dUpdate]
Confirmed=X
Filename=Zupdate.exe
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Source=Paul Collins Startup list
[b9]
Confirmed=U
Filename=B9.exe
Description=<a href="http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b788" target="_blank">FireTrust Benign</a> - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list
[Babylon Translator]
Confirmed=N
Filename=Babylon.exe
Description="<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
Source=Paul Collins Startup list
[BackgroundSwitcher]
Confirmed=U
Filename=bgswitch.exe
Description=Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available <a href="http://shellcity.net/content4.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[Backpack UDF]
Confirmed=N
Filename=bpudfmon.exe
Description=<a href="http://www.nero.com/" target="_blank">Backpack UDF</a> packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
Source=Paul Collins Startup list
[BackupExecScheduler]
Confirmed=U
Filename=besch.exe
Description=Veritas "Back Up My PC" software
Source=Paul Collins Startup list
[BackupNotify]
Confirmed=?
Filename=backupnotify.exe
Description=HP Digital Imaging related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[BackWeb]
Confirmed=N
Filename=backweb.exe
Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
Description=Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
Source=Paul Collins Startup list
[BacsTray]
Confirmed=N
Filename=BacsTray.exe
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
Source=Paul Collins Startup list
[BADDATE]
Confirmed=X
Filename=BADDATE.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[BagleAV]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html" target="_blank">NETSKY.AB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Bakra]
Confirmed=X
Filename=IEHost.EXE
Description=IEDriver adware variant
Source=Paul Collins Startup list
[Band-Aid]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html" target=_blank>RANKY.O</a> TROJAN!
Description=<font color="#FF0000">Related to <a href="http://www.peoplepc.com/" target="_blank"> PeoplePC ISP</a>. May be a dialler for dial-up accounts?</font>
Source=Paul Collins Startup list
[bascstray]
Confirmed=N
Filename=BascsTray.exe
Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
Source=Paul Collins Startup list
[Bat]
Confirmed=X
Filename=secure2.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.c.html" target="_blank">ZCREW.C</a> TROJAN!
Source=Paul Collins Startup list
[Batchreg1]
Confirmed=N
Filename=N/A
Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See <a href="http://www.vanwijk.com/-=%20Bookz%20=-/Special%20Edition%20Using%20Windows%2098/ch10/ch10.htm#Heading24" target="_blank">here</a>
Source=Paul Collins Startup list
[BatInfEx]
Confirmed=U
Filename=rundll32.exe
Description=Displays battery status information on an IBM Thinkpad
Source=Paul Collins Startup list
[Battery Scope]
Confirmed=U
Filename=batmgr.exe
Description=Monitors battery levels on a notebook/laptop PC
Source=Paul Collins Startup list
[BatteryBar]
Confirmed=U
Filename=batterybar.exe
Description=<a href="http://www.nistech.com/BatteryBar/Default.htm" target="_blank">BatteryBar</a> - displays battery usage, and the current percentage of battery power left
Source=Paul Collins Startup list
[BatzBack]
Confirmed=X
Filename=BatzBack.scr
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html" target="_blank">BACKZAT</a> WORM!
Source=Paul Collins Startup list
[BAUSB]
Confirmed=U
Filename=BAUSB.exe
Description=Boston Acoustics Audio, USB driver
Source=Paul Collins Startup list
[bawindo]
Confirmed=X
Filename=bawindo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html" target="_blank">BEAGLE.AR</a> or <a href="http://www.symantec.com/avcenter/venc/data/w32.beagle.au@mm.html" target=_blank>BEAGLE.AU</a> WORMS!
Source=Paul Collins Startup list
[BayMgr]
Confirmed=U
Filename=DockApp.exe
Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices
Source=Paul Collins Startup list
[Bayswap]
Confirmed=U
Filename=bayswap.exe
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
Source=Paul Collins Startup list
[Bayswap2]
Confirmed=U
Filename=TbUpdate.exe
Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
Source=Paul Collins Startup list
[BBDial]
Confirmed=?
Filename=BT Broadband.exe
Description=<font color="#FF0000">Part of BT Broandband - is it required?</font>
Source=Paul Collins Startup list
[bbSysTray]
Confirmed=N
Filename=bbSysTray.exe
Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
Source=Paul Collins Startup list
[bbui]
Confirmed=U
Filename=bbui.exe
Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection
Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
Source=Paul Collins Startup list
[BCMDMMSG]
Confirmed=Y
Filename=bcmdmmsg.exe
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
Source=Paul Collins Startup list
[BCMHal]
Confirmed=U
Filename=rundll32.exe bcmhal9x.dll, bcinit
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Source=Paul Collins Startup list
[BCMSMMSG]
Confirmed=Y
Filename=BCMSMMSG.exe
Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
Description=<a href="http://www.weatherbug.com/aws/index.asp" target="_blank">AWS Weatherbug</a> related. <font color="#FF0000">What does it do?</font>
Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Source=Paul Collins Startup list
[Bcvsrv32]
Confirmed=N
Filename=bcvsrv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html" target=_blank>GAOBOT.BQJ</a> WORM!
Source=Paul Collins Startup list
[BCWipeTM]
Confirmed=N
Filename=bcwipetm.exe
Description=<a href="http://www.jetico.com/" target="_blank">BCWipe</a> Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=25" target="_blank">Bitdefender</a> 8 antivirus and firewall
Source=Paul Collins Startup list
[BDSwitchAgent]
Confirmed=Y
Filename=bdswitch.exe
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=25" target="_blank">Bitdefender</a> 8 antivirus and firewall
Source=Paul Collins Startup list
[BearShare]
Confirmed=N
Filename=bearshare.exe
Description=<a href="http://www.bearshare.com/" target="_blank">BearShare</a> file sharing client. Versions known to include spyware - see <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[BEEI]
Confirmed=?
Filename=beei.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[BEHL]
Confirmed=?
Filename=BEHL.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[BEHLO]
Confirmed=?
Filename=BEHLO.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Belkin PCMCIA WLAN Monitor]
Confirmed=N
Filename=monitorbk.exe
Description=Belkin USB Network Adapter Management utility - can be started manually
Source=Paul Collins Startup list
[BelNotify]
Confirmed=U
Filename=[path] NPBelv32.dll, RunDll32_BelNotify
Description="<a href="http://www.belarc.com/BelTech.html" target=_blank>BelTech</a> enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
Source=Paul Collins Startup list
[BELORVBI]
Confirmed=?
Filename=BELORVBI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Belsta.exe]
Confirmed=?
Filename=Belsta.exe
Description=Configuration tool for Belkin wireless network cards. Required to change the cardÆs configuration.<font color="#FF0000"> Is it required for correct operation once the confuiguration is changed?</font>
Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
Source=Paul Collins Startup list
[BestPopUpKiller]
Confirmed=N
Filename=BestPopupKiller.exe
Description=Popup killer of dubious repute by SwankSoft.com. For more info about the company, do a search for 'SwankSoft' on <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">this</a> web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"
Source=Paul Collins Startup list
[bg]
Confirmed=Y
Filename=bullguard.exe
Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
Source=Paul Collins Startup list
[BGInfo]
Confirmed=U
Filename=Bginfo.exe
Description=<a href="http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml" target="_blank">BGinfo</a> automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
Description=Printer driver to generate PDF files from any program
Source=Paul Collins Startup list
[BHOCop]
Confirmed=N
Filename=BHOCop.exe
Description=ZDNet's <a href="http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html" target="_blank">BHO Cop</a> that lets you see what browser helper objects are installed. Useful for detecting spyware
Source=Paul Collins Startup list
[BHODemon 2.0]
Confirmed=U
Filename=BHODemon.exe
Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
Description=<a href="http://www.bigfix.com/website/index.html" target="_blank">BigFix</a> can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet« Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
Source=Paul Collins Startup list
[BigPond Toolbar]
Confirmed=U
Filename=bpumTray.exe
Description=<a href="http://www.bigpond.com/helpcentre/toolbar/" target="_blank">Telstra BigPond Toolbar</a> - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
Source=Paul Collins Startup list
[BigPondCable]
Confirmed=N
Filename=bpcable.exe
Description=Telstra Bigpond Cable login software - can be started manually
Source=Paul Collins Startup list
[Billminder]
Confirmed=N
Filename=Billmind.exe
Description=Can be setup in Quicken to remind user of due payments. Available via Start -> Programs
Description=<a href="http://www.bitdefender.com/html/bd_msn_messenger.php" target="_blank">Bitdefender</a> anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually
Source=Paul Collins Startup list
[BitDefender for Yahoo! Messenger]
Confirmed=U
Filename=yahmon.exe
Description=<a href="http://www.bitdefender.com/bd/site/products.php?p_id=18" target="_blank">BitDefender Antivirus for Yahoo! Messenger</a> - free AV add-on for Yahoo! Messenger
Description=Main program of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list
[BitDefender_P2P_Startup]
Confirmed=U
Filename=BitDefender_P2P_Startup.exe
Description=<a href="http://www.bitdefender.com/html/bd_msn_messenger.php" target="_blank">Bitdefender</a> anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually
Description=Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
Source=Paul Collins Startup list
[bjcfd]
Confirmed=N
Filename=cdf.exe
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
Source=Paul Collins Startup list
[BlackICE PC Protection]
Confirmed=N
Filename=blackice.exe
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
Source=Paul Collins Startup list
[BlackIce Utility]
Confirmed=N
Filename=blackice.exe
Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
Source=Paul Collins Startup list
[blads]
Confirmed=U
Filename=blads.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bia.html" target="_blank">GAOBOT.BIA</a> WORM!
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=winsysengine.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotki.html" target="_blank">RBOT-KI</a> WORM!
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=internet.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=smnp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IZ" target=_blank>RBOT.IZ</a> WORM!
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=msnmsgrr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PZ&VSect=T" target=_blank>RBOT.PZ</a> WORM!
Source=Paul Collins Startup list
[blah service]
Confirmed=X
Filename=tazkmgr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UA" target=_blank>RBOT.UA</a> WORM!
Source=Paul Collins Startup list
[BlazeChanger]
Confirmed=N
Filename=FBZPaper.exe
Description=<a href="http://www.firehand.com/Ember/" target="_blank">Ember</a> graphic file viewer, manager, and touch-up system
Source=Paul Collins Startup list
[bldbubg]
Confirmed=?
Filename=bldbubg.exe
Description=<font color="#FF0000">Found on a Dell machine??</font>
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
Source=Paul Collins Startup list
[BlockTracker]
Confirmed=N
Filename=BlockTracker.exe
Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
Source=Paul Collins Startup list
[blss]
Confirmed=X
Filename=blss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html" target=_blank>BLARUL</a> TROJAN!
Source=Paul Collins Startup list
[BLSTAPP]
Confirmed=N
Filename=blstapp.exe
Description=Puts access to Creative's BlasterControl in the System Tray
Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig
Source=Paul Collins Startup list
[Blueyonder Instant Support Tool]
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[BMail Installation]
Confirmed=N
Filename=FTP_back.exe
Description=Part of <a href="http://www.imesh.com" target="_blank">iMesh</a> - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
Source=Paul Collins Startup list
[BMMGAG]
Confirmed=U
Filename=Rundll32 PWRMONIT.DLL, StartPwrMonitor
Description=Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
Source=Paul Collins Startup list
[BMMLREF]
Confirmed=U
Filename=BMMLREF.EXE
Description=Battery Manager for IBM ThinkPad laptops
Description=IBM Thinkpad related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[BMO MasterCard Wallet]
Confirmed=U
Filename=EWALLET.EXE
Description=The wallet conveniently stores billing, shipping and payment information on your PC
Source=Paul Collins Startup list
[BMupdate]
Confirmed=N
Filename=BMupdate.exe
Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
Description=Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
Source=Paul Collins Startup list
[Bonzi Buddy]
Confirmed=X
Filename=??
Description=Spyware - read <a href="http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp" target="_blank">here</a> for information and <a href="http://www.pchell.com/support/bonzibuddy.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[BookedSpace]
Confirmed=X
Filename=bs2.dll,DllRun
Description=Adware, related to the <a href="http://www.doxdesk.com/parasite/Remanent.html" target="_blank"> Remanent</a> parasite
Source=Paul Collins Startup list
[BookmarkCentral]
Confirmed=N
Filename=BMLauncher.exe
Description=<a href="http://www.bookmarkexpress.com/" target="_blank">Bookmark Express</a> - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
Source=Paul Collins Startup list
[BookMarkSink]
Confirmed=N
Filename=syncit.exe
Description=Bookmark synchronization utility
Source=Paul Collins Startup list
[BookMarkSync]
Confirmed=N
Filename=syncit.exe
Description=Bookmark synchronization utility
Source=Paul Collins Startup list
[BookMarkSync2It]
Confirmed=N
Filename=sync2it.exe
Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser"
Source=Paul Collins Startup list
[Boost XP Service]
Confirmed=U
Filename=bxservice.exe
Description=<a href="http://www.systweak.com/boostxp/boostxp.htm" target="_blank">Boost XP</a> from Systweak - WinXP tweaking utility
Source=Paul Collins Startup list
[boot]
Confirmed=X
Filename=boot.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html" target="_blank">ELEM</a> TROJAN!
Source=Paul Collins Startup list
[Boot Manager]
Confirmed=X
Filename=Njgal.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.kilo.html" target="_blank">KILO</a> TROJAN!
Source=Paul Collins Startup list
[BootLoader]
Confirmed=X
Filename=BootLoader.exe.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html" target="_blank">WATERWORKS</a> WORM!
Source=Paul Collins Startup list
[BootStatus]
Confirmed=U
Filename=BOOTST~1.EXE
Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources
Source=Paul Collins Startup list
[BootWarn]
Confirmed=U
Filename=BootWarn.exe
Description=From <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm" target=_blank>here</a>: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from ôStart \ Programs \ Norton AntiVirusö. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab û it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
Source=Paul Collins Startup list
[Bose Wave/PC Monitor]
Confirmed=N
Filename=wavepcmonitor.exe
Description=System Tray access for this system (more info on the system <a href="http://www.bose.com/home_audio/interactive_systems/wave_pc/index.shtml" target="_blank">here</a>). Available via Start -> Programs
Source=Paul Collins Startup list
[Boston]
Confirmed=?
Filename=Boston.exe
Description=Part of the Boston Acoustics USB speaker systems. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Bouncer RunStartup]
Confirmed=X
Filename=bouncer.exe
Description=<a href="http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp" target=_blank>VIrtualBouncer</a> malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
Source=Paul Collins Startup list
[Bouncer RunStartup]
Confirmed=X
Filename=LiveUpdate.exe
Description=<a href="http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp" target=_blank>VIrtualBouncer</a> malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
Source=Paul Collins Startup list
[bpcpost.exe]
Confirmed=U
Filename=bpcpost.exe
Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[BPK]
Confirmed=U
Filename=bpk.exe
Description=Blazing Tools <a href="http://www.blazingtools.com/bpk.html" target="_blank"> Perfect Keylogger</a> (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank"> BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Source=Paul Collins Startup list
[Brasil]
Confirmed=X
Filename=Brasil.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
Source=Paul Collins Startup list
[Brasil]
Confirmed=X
Filename=BRASIL.PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
Source=Paul Collins Startup list
[BrasilOld]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P" target="_blank">OPASERV.P</a> WORM!
Source=Paul Collins Startup list
[Break_Reminder]
Confirmed=U
Filename=BREAK REMINDER.exe
Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See <a href="http://www.cheqsoft.com/break.html" target="_blank">here</a>
Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from <a href="http://www.brindys.com/" target="_blank">Brindys Software</a>). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
Source=Paul Collins Startup list
[Broadband Wizard]
Confirmed=N
Filename=bbwiz.exe
Description=Starts <a href="http://www.broadbandwizard.net/" target="_blank">Broadband Wizard</a> so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
Source=Paul Collins Startup list
[BrowseProxy]
Confirmed=N
Filename=FindService.exe
Description=<a href="http://actualnames.com/index.php?cont=products" target="_blank">Actual Names</a> - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"
Description=<a href="http://www.wilderssecurity.com/bhblaster.html" target="_blank">Browser Hijack Blaster</a> - protects your system from browser hijackers and spyware that alters your IE settings
Source=Paul Collins Startup list
[Browser Launcher]
Confirmed=U
Filename=Commandr.exe
Description=Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
Description=Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See <a href="http://www.unhsolutions.net/Browser-Sentinel/index.shtml" target="_blank">here</a>
Source=Paul Collins Startup list
[BrowserWebCheck]
Confirmed=N
Filename=loadwc.exe
Description=Checks to make sure that IE is still your default browser
Source=Paul Collins Startup list
[Bsoft lppt01]
Confirmed=X
Filename=Bsoft.exe
Description=New variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "BelmontSoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[btinst]
Confirmed=?
Filename=btinst.exe
Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[BtStart]
Confirmed=U
Filename=btstart.exe
Description=<a href="http://www.widcomm.com/Partners/index.asp" target="_blank">Broadcorp</a> (formerly WIDCOMM) Bluetooth Connectivity Software
Source=Paul Collins Startup list
[bttray]
Confirmed=U
Filename=bttray.exe
Description=System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
Source=Paul Collins Startup list
[BTUSRBDGF]
Confirmed=Y
Filename=BtUsrBdg.exe
Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor
Description=Part of the <a href="#AIMster">AIMster</a> Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
Source=Paul Collins Startup list
[bugwatcher service]
Confirmed=U
Filename=bugwatcher.exe
Description=<a href="http://www.bugtoaster.com/" target="_blank">Bugtoaster</a> is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
Source=Paul Collins Startup list
[BuildBU]
Confirmed=?
Filename=bldbubg.exe
Description=<font color="#FF0000">Found on a Dell machine??</font>
Source=Paul Collins Startup list
[BuildLab]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[BuildLab]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[BuildLabs]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Bulldog Service]
Confirmed=U
Filename=upsd.exe
Description=Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
Source=Paul Collins Startup list
[BullGuard]
Confirmed=Y
Filename=mgui.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list
[BullGuard Update]
Confirmed=U
Filename=avxlive.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus. Leave enabled unless you manually update virus definitions
Source=Paul Collins Startup list
[BullGuard XComm]
Confirmed=Y
Filename=XCOMMSVR.EXE
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list
[BullGuardInit]
Confirmed=Y
Filename=AVXINIT.EXE
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Source=Paul Collins Startup list
[BullguardoptIn]
Confirmed=Y
Filename=bulldownload.exe
Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
Description=<a href="http://www.intelliseek.com/prod/bullseye/bullseye.htm" target="_blank">Bullseye</a> - intelligent research assistant
Source=Paul Collins Startup list
[BurnQuick Queue]
Confirmed=N
Filename=BQTray.exe
Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank">BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Source=Paul Collins Startup list
[Button Server]
Confirmed=U
Filename=bttnserv.exe
Description=Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
Source=Paul Collins Startup list
[ButtonKey]
Confirmed=N
Filename=ButtonKey.exe
Description=CyberView TWAIN driver for the <a href="http://www.scanace.com/en/product/product.php" target="_blank">Pacific Image</a> range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
Source=Paul Collins Startup list
[Buzme]
Confirmed=N
Filename=Bmui.exe
Description=<a href="http://www.buzme.com/buzme/default.asp" target="_blank">Buzme</a> by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
Source=Paul Collins Startup list
[Buzof.exe]
Confirmed=U
Filename=buzof.exe
Description=<a href="http://www.basta.com/ProdBuzof.htm" target="_blank">Buzof</a> from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html" target="_blank">BYMER</a> WORM!
Source=Paul Collins Startup list
[Bymer.Scanner]
Confirmed=X
Filename=Msinit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html" target="_blank">BYMER</a> WORM!
Source=Paul Collins Startup list
[c]
Confirmed=X
Filename=c:\archiv~1\win.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.cuydoc.html" target="_blank">CUYDOC</a> TROJAN!
Source=Paul Collins Startup list
[C-Media Echo Control]
Confirmed=U
Filename=EchoCtrl.exe
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
Source=Paul Collins Startup list
[C-Media Mixer]
Confirmed=N
Filename=Mixer.exe
Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
Source=Paul Collins Startup list
[C2K]
Confirmed=U
Filename=CYB2K.EXE
Description=CYBERsitter 2000 or 2001 - anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
Source=Paul Collins Startup list
[CA-AMAgent]
Confirmed=U
Filename=amagent.exe
Description=<a href="http://www3.ca.com/Solutions/Product.asp?ID=194" target=_blank>Unicenter Asset Management</a> is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
Source=Paul Collins Startup list
[Cabchk]
Confirmed=X
Filename=Cabchk.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Cabchk32]
Confirmed=X
Filename=Cabchk32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Description=<a href="http://www.systweak.com/cacheboost/" target="_blank">CacheBoost</a> "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
Source=Paul Collins Startup list
[Cacheman]
Confirmed=N
Filename=Cacheman.exe
Description=Freeware disk cache tweaker from <a href="http://www.outertech.com/">Outer Technologies</a>. Should only be run once and not loaded at start-up
Description=<a href="http://www.caddais.com/BackupOnDemand.shtml" target="_blank">Caddais BackupOnDemand</a> - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
Source=Paul Collins Startup list
[CADS]
Confirmed=U
Filename=cads.exe
Description=<a href="http://www.securitysoft.com/new601/cs_home.htm" target="_blank">Cyber Sentinel</a> internet filtering software
Source=Paul Collins Startup list
[CAgent]
Confirmed=N
Filename=CAgent.exe
Description=<a href="http://www.fine-reader.com/" target="_blank">Abbyy Fine Reader</a> OCR (Optical Character Recognition) software for scanning and converting documents
Source=Paul Collins Startup list
[cAgOu]
Confirmed=X
Filename=[filename].hta
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html" target="_blank">KAKWORM</a> WORM!
Source=Paul Collins Startup list
[CahootWebcard]
Confirmed=N
Filename=CahootWebcard.exe
Description="The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
Source=Paul Collins Startup list
[CAISafe]
Confirmed=Y
Filename=isafe.exe
Description=Part of Computer Associates <a href="http://www1.my-etrust.com/products/Antivirus.cfm?" target="_blank">eTrus EZ Antivirus</a>
Source=Paul Collins Startup list
[Cal Reminder Shortcut]
Confirmed=N
Filename=calrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Office Calendar
Source=Paul Collins Startup list
[Calendar 200X Reminder]
Confirmed=N
Filename=calendar.exe
Description=<a href="http://www.jgraff.addr.com/cal.htm" target="_blank">Calendar 200X</a> - shows holidays, reminders of various anniversaries,tasks etc
Source=Paul Collins Startup list
[CallBumping]
Confirmed=?
Filename=cbpopw.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[CallControl]
Confirmed=N
Filename=ftctrl32.exe
Description=FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
Source=Paul Collins Startup list
[CamCheck]
Confirmed=N
Filename=CamCheck.exe
Description=<a href="http://www.nucam.com.tw/index1.htm" target="_blank">NuCam</a> camera software related
Source=Paul Collins Startup list
[Camera Detector]
Confirmed=N
Filename=CAMDET~*.EXE
Description=<a href="http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX70" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list
[Camera Detector]
Confirmed=N
Filename=Camdetect.exe
Description=<a href="http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX70" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
Source=Paul Collins Startup list
[Camio Viewer x]
Confirmed=N
Filename=IXApplet.exe
Description=Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
Source=Paul Collins Startup list
[CamMonitor]
Confirmed=?
Filename=hpqcmon.exe
Description=<font color="#FF0000">From HP and related to digital imaging</font>
Source=Paul Collins Startup list
[Canada]
Confirmed=N
Filename=Canada.exe
Description=<font color="#FF0000">Known to be a dialler - but is it maliscous or clean?</font>
Source=Paul Collins Startup list
[Canary]
Confirmed=N
Filename=canary-std.exe
Description=Canary monitoring program. Keylogger, monitors all computer activity
Source=Paul Collins Startup list
[candy]
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlv.html" target="_blank">RBOT-LV</a> WORM!
Source=Paul Collins Startup list
[candynet]
Confirmed=X
Filename=Taskmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotna.html" target=_blank>RBOT-NA</a> WORM!
Source=Paul Collins Startup list
[Canon PC1200 iC D600 iR1200G Status Window]
Confirmed=N
Filename=CAPM1LAK.EXE
Description=Canon P1200 printer status
Source=Paul Collins Startup list
[Canon Printer Monitor BJCxxx]
Confirmed=N
Filename=Cjstlst.exe
Description=Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
Source=Paul Collins Startup list
[CARPservice]
Confirmed=U
Filename=carpserv.exe
Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
Source=Paul Collins Startup list
[CasAgnt]
Confirmed=U
Filename=CasAgnt.exe
Description=Program by Extended Systems which allows you to sync your Casio PDA with your PC
Source=Paul Collins Startup list
[Casdvqwa]
Confirmed=X
Filename=bmqnzkg.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.be.html" target="_blank">RANDEX.BE</a> WORM!
Source=Paul Collins Startup list
[caseyvideo]
Confirmed=X
Filename=CaseyVideo.exe
Description=Malware causing p0rn popups
Source=Paul Collins Startup list
[caseyvideo]
Confirmed=X
Filename=caseyvideo[*].exe [* = digit]
Description=Malware causing p0rn popups
Source=Paul Collins Startup list
[CashBack]
Confirmed=X
Filename=cashback.exe
Description=Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch
Source=Paul Collins Startup list
[Cashsurfers Cashbar Navigator]
Confirmed=N
Filename=Cashbar.Exe
Description=Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
Description=CashToolbar <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html" target="_blank">CAZNO</a> TROJAN!
Source=Paul Collins Startup list
[CBWAttn]
Confirmed=U
Filename=CBWAttn.exe
Description=Required for <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> to answer incoming faxes, can cause sleep mode problems
Source=Paul Collins Startup list
[CBWHost]
Confirmed=U
Filename=CBWHost.exe
Description=Required for <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> to answer incoming faxes, can cause sleep mode problems
Source=Paul Collins Startup list
[CBWUser]
Confirmed=?
Filename=CBWDial.exe
Description=Associated with <a href="http://www.accpac.com/products/communication/bitware/" target="_blank"> Bitware</a> that integrates fax, voice, pager, and data communications on your desktop
Source=Paul Collins Startup list
[CC2KUI]
Confirmed=X
Filename=comet.exe
Description=Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See <a href="http://www.accs-net.com/smallfish/comet.htm" target="_blank">here</a> for more information and for the uninstall procedure
Source=Paul Collins Startup list
[ccApp]
Confirmed=Y
Filename=ccApp.exe
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>. Auto-protect and E-mail check will not function without this
Source=Paul Collins Startup list
[ccApp]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html" target="_blank">OBSORB</a> TROJAN! Note the random filename compared to the valid Norton AntiVirus
Source=Paul Collins Startup list
[ccApp]
Confirmed=X
Filename=WMADZ.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlj.html" target="_blank">RBOT-LJ</a> WORM!
Source=Paul Collins Startup list
[ccAppr]
Confirmed=X
Filename=svcrhost.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[ccApps]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[ccApps]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[CCD Manager]
Confirmed=U
Filename=DDS.EXE
Description=Project Labs <a href="http://www.centurycdna.com/" target="_blank">Century CD</a> manager for their CD/DVD storage device
Description=Part of the closed caption decdoder/MS VBI codec. Should only run once
Source=Paul Collins Startup list
[CCDoctorLogonTesting]
Confirmed=Y
Filename=ccdoctor.exe
Description=Checks your system to make sure it's configured properly for running <a href="http://www.rational.com/products/clearcase/index.jsp" target="_blank">Rational ClearCase</a>, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>.<font color="#FF0000"> </font>Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
Source=Paul Collins Startup list
[ccpApps]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[ccpApps]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[ccProxy]
Confirmed=U
Filename=CCPROXY.EXE
Description=Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
Source=Paul Collins Startup list
[CcPxySvc]
Confirmed=Y
Filename=CCPXYSVC.exe
Description=Part of Norton's <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> AntiVirus 2003</a>, <a href="http://www.symantec.com/sabu/nis/nis_pe/" target="_blank"> Internet Security</a> and <a href="http://www.symantec.com/sabu/nis/npf/" target="_blank"> Firewall</a> products. E-mail proxy service - required for E-mail scanning and the firewall
Source=Paul Collins Startup list
[ccreg]
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html" target="_blank">ZCREW</a> TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\System or C:\Winnt\System subdirectory
Source=Paul Collins Startup list
[CcRegVfy]
Confirmed=Y
Filename=ccRegVfy.exe
Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
Source=Paul Collins Startup list
[ccSetMgr]
Confirmed=Y
Filename=ccSetMgr.exe
Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
Source=Paul Collins Startup list
[ccUpdate]
Confirmed=X
Filename=ccUpdate.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T" target=_blank>AGOBOT.YS</a> WORM!
Source=Paul Collins Startup list
[ccWasher]
Confirmed=U
Filename=aolwasher.exe
Description=Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
Source=Paul Collins Startup list
[CCWC7a]
Confirmed=U
Filename=ac.exe
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7 - auto clean
Source=Paul Collins Startup list
[CCWC7I]
Confirmed=U
Filename=idxl.exe
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7 - auto clean
Source=Paul Collins Startup list
[CCWC7s]
Confirmed=U
Filename=stealth.exe
Description=<a href="http://www.moleculesoft.se/index2b.html" target=_blank>Moleculesoft</a> Cache, Cookie & Windows Cleaner Ver. 7
Source=Paul Collins Startup list
[cd1]
Confirmed=X
Filename=cd1.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[CDANTSRV]
Confirmed=N
Filename=CDANTSRV.exe
Description=C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
Source=Paul Collins Startup list
[Cdcompat]
Confirmed=X
Filename=Cdcompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[cddrv32]
Confirmed=X
Filename=cddrv32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[CDInterceptor]
Confirmed=N
Filename=cdi.exe
Description=CD indexer for measuring the speed of CD players
Source=Paul Collins Startup list
[CDTray]
Confirmed=N
Filename=CDTray.exe
Description=On HP PCs, this is the small CD icon next to the time
Source=Paul Collins Startup list
[CeEKEY]
Confirmed=?
Filename=CeEKey.exe
Description=<font color="#FF0000">Toshiba Satellite E-Key related. Is it required?</font>
Source=Paul Collins Startup list
[CeEPOWER]
Confirmed=U
Filename=cepmtray.exe
Description=Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
Source=Paul Collins Startup list
[Ceic]
Confirmed=?
Filename=Ceic.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Cekirge]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html" target="_blank">KERGEZ.A</a> WORM!
Source=Paul Collins Startup list
[center]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html" target=_blank>BOFRA.A</a> WORM!
Source=Paul Collins Startup list
[CentralProcessor]
Confirmed=X
Filename=taskimgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.j.html" target="_blank">BANCOS.J</a> TROJAN!
Source=Paul Collins Startup list
[CEPA]
Confirmed=?
Filename=wsot.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[cesmain.dll]
Confirmed=X
Filename=cmail.dll, Rundll32
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
Source=Paul Collins Startup list
[CFD]
Confirmed=N
Filename=CFD.exe
Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
Description=Configuration Interpreter - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
Source=Paul Collins Startup list
[cfgwiz]
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list
[cFosDNT]
Confirmed=?
Filename=cFosDNT.exe
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[cFosInst_Check]
Confirmed=?
Filename=cfosinst.exe
Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[cftmon32]
Confirmed=X
Filename=taskmgr*.exe [* = number]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.c@mm.html" target="_blank">SOWSAT.C</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.j@mm.html" target="_blank">SOWSAT.J</a> WORMS!
Source=Paul Collins Startup list
[CGServer]
Confirmed=U
Filename=cgserver.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
Source=Paul Collins Startup list
[Cgtask Services]
Confirmed=X
Filename=cgtask.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html" target="_blank">LALA.B</a> TROJAN!
Source=Paul Collins Startup list
[ChamClock]
Confirmed=U
Filename=ChamClock.exe
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
Source=Paul Collins Startup list
[change-me-now]
Confirmed=X
Filename=msgfix1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list
[ChangeLines]
Confirmed=?
Filename=chngline.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Chatango]
Confirmed=N
Filename=Chatango.exe
Description=<a href="http://www.chatango.com/" target=_blank>Chatango</a> - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
Source=Paul Collins Startup list
[Chcenter]
Confirmed=N
Filename=chcenter.exe
Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
Source=Paul Collins Startup list
[Cheatle]
Confirmed=X
Filename=GigaByte.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html" target="_blank">SHODI.B</a> VIRUS!
Source=Paul Collins Startup list
[Check for One Touch Update]
Confirmed=N
Filename=wiseupdt.exe
Description=Checks for updates for Visioneer OneTouch scanners
Source=Paul Collins Startup list
[Check Messenger]
Confirmed=U
Filename=cmesseng.exe
Description=<a href="http://www.qchex.com/messenger.asp" target="_blank">Check Messenger</a> from Qchex.com - program that helps you manage the activity of your Qchex account
Source=Paul Collins Startup list
[CheckIt]
Confirmed=U
Filename=ToolBox.exe
Description=CheckIt Toolbox from <a href="http://cssvc.pcworld.compuserve.com/computing/cis/article/0,aid,15497,00.asp" target="_blank">WinCheckIt Diagnostic Software</a>. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
Source=Paul Collins Startup list
[CheckMsgPlus]
Confirmed=Y
Filename=MsgPlusH.dll, VerifyInstallation
Description=Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see <a href="http://www.patchou.com/msgplus/faq.htm#stopconnect" target="_blank">here</a> for more info.
Source=Paul Collins Startup list
[checktime]
Confirmed=?
Filename=ct.exe
Description=<font color="#FF0000">Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?</font>
Source=Paul Collins Startup list
[CherryKeyMan]
Confirmed=U
Filename=KeyMan.exe
Description=Multimedia keyboard manager for the <a href="http://www.cherrycorp.com/english/" target="_blank">Cherry</a> keyboard series. Only required if you use any of the special keys
Source=Paul Collins Startup list
[ChineseStar]
Confirmed=U
Filename=cstar.exe
Description=Chinese language support software
Source=Paul Collins Startup list
[CHKADMIN]
Confirmed=N
Filename=CHKADMIN.EXE
Description=Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
Source=Paul Collins Startup list
[chkdsk]
Confirmed=X
Filename=c:\autoexec.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list
[Choke]
Confirmed=X
Filename=Choke.exe-blahh
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html" target="_blank">CHOKE</a> WORM!
Source=Paul Collins Startup list
[chostsv]
Confirmed=X
Filename=chostsv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html" target="_blank">BANPAES.C</a> TROJAN!
Source=Paul Collins Startup list
[CHotKey]
Confirmed=U
Filename=mhotkey.exe
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list
[CHotKey]
Confirmed=U
Filename=MK9805.EXE
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list
[CHotKey]
Confirmed=U
Filename=zHotkey.exe
Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
Source=Paul Collins Startup list
[Christmas Music Player]
Confirmed=N
Filename=TTEST6.EXE
Description=<I>"</I>Christmas Music Player<I> </I>brings the music of the Christmas Holiday to your desktop"
Source=Paul Collins Startup list
[ChromeMark]
Confirmed=?
Filename=keysh.exe
Description=<font color="#FF0000">Related to <a href="http://chromium.com/chromemark.html" target="_blank">this</a>. Don't know what keysh.exe does though and if it's required</font>
Source=Paul Collins Startup list
[ChronitelInitTV]
Confirmed=?
Filename=CHTVINIT.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[CiaBackdoor]
Confirmed=X
Filename=msldr.com
Description=Added by a VIRUS!
Source=Paul Collins Startup list
[cihost.exe]
Confirmed=X
Filename=cihost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html" target="_blank">LINST</a> TROJAN!
Source=Paul Collins Startup list
[CIJxP2PSERVER]
Confirmed=N
Filename=CIJxP2PS.EXE
Description=Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
Source=Paul Collins Startup list
[Cisco Systems VPN Client]
Confirmed=U
Filename=ipsecdialer.exe
Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
Source=Paul Collins Startup list
[Cisco Systems VPN Client]
Confirmed=N
Filename=vpngui.exe
Description=Sets up IPSec communications for Cisco's <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a>
Source=Paul Collins Startup list
[CISrvr Program]
Confirmed=N
Filename=CISRVR.EXE
Description=Related to internet setup on Compaq PC's
Source=Paul Collins Startup list
[Cissi]
Confirmed=X
Filename=Cissi.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html" target="_blank">CISSI.A</a> WORM!
Source=Paul Collins Startup list
[CitiVAN]
Confirmed=N
Filename=CitiVAN.exe
Description=Option from <a href="http://www.citibank.com/" target="_blank">Citibank</a> to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
Source=Paul Collins Startup list
[Cjstcom]
Confirmed=Y
Filename=Cjstcom.exe
Description=Canon printer BJ status language monitor
Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
Source=Paul Collins Startup list
[CleanSweep Useage Watch]
Confirmed=N
Filename=CSUSEM32.EXE
Description=Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
Source=Paul Collins Startup list
[CleanTemp]
Confirmed=U
Filename=CLEANT~1.EXEB
Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
Source=Paul Collins Startup list
[CleanTemp]
Confirmed=U
Filename=CleanTemp.exe
Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
Source=Paul Collins Startup list
[Cleanup]
Confirmed=N
Filename=ONICTASK.EXE
Description=<a href="http://www.aladdinsys.com/internetcleanup/" target="_blank">Internet Cleanup</a> from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
Source=Paul Collins Startup list
[CleanupProgram]
Confirmed=?
Filename=cleanup.exe
Description=<font color="#FF0000">In a C:\Sony\sys folder - Sony Vaio related?</font>
Source=Paul Collins Startup list
[Click Radio Tuner]
Confirmed=N
Filename=clickr~1.exe
Description=<a href="http://www.clickradio.com/home.html" target="_blank">ClickRadio</a> - subscription service playing radio music via the internet
Source=Paul Collins Startup list
[Click Tray Calendar]
Confirmed=N
Filename=ClickT~1.EXE
Description=<a href="http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html" target="_blank">ClickTray Calendar</a> - shows holidays, reminders of various anniversaries,tasks etc
Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[Client Access Check Version]
Confirmed=N
Filename=cwbckver.exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
Source=Paul Collins Startup list
[Client Access Express Welcome]
Confirmed=?
Filename=cwbwlwiz.exe
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Client Access Help Update]
Confirmed=N
Filename=cwbinhlp.exe
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
Source=Paul Collins Startup list
[Client Access Service]
Confirmed=N
Filename=CwbSvStr.Exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
Source=Paul Collins Startup list
[Client agent for ARCserve]
Confirmed=?
Filename=W95AGENT.EXE
Description=Part of <a href="http://www3.ca.com/Solutions/ProductFamily.asp?ID=115" target="_blank">Brightstor ARCserve Backup</a> from Computer Associates. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Client Server Runtime Process]
Confirmed=X
Filename=csrsss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotld.html" target=_blank>SDBOT-LD</a> WORM!
Source=Paul Collins Startup list
[ClientMan1]
Confirmed=X
Filename=mscman.exe
Description=Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
Source=Paul Collins Startup list
[Clik Status Monitor]
Confirmed=N
Filename=toolsclickstat.exe
Description=Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
Source=Paul Collins Startup list
[Clipbook Service]
Confirmed=N
Filename=Clipsrv.exe
Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
Source=Paul Collins Startup list
[ClipMate5x]
Confirmed=N
Filename=ClipMt5x.exe
Description=<a href="http://www.thornsoft.com/ProductOverview.asp" target="_blank">Clip Mate 5.x</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Source=Paul Collins Startup list
[Clipmate6]
Confirmed=N
Filename=CLIPMT60.EXE
Description=<a href="http://www.thornsoft.com/new_60.htm" target="_blank">Clip Mate 6</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Source=Paul Collins Startup list
[Clipomatic]
Confirmed=N
Filename=Clipomatic.exe
Description=Mike Lin's <a href="http://www.mlin.net/Clipomatic.shtml" target="_blank">Clipomatic</a> is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
Source=Paul Collins Startup list
[Clipsrv]
Confirmed=N
Filename=Clipsrv.exe
Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
Description=System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
Description=<a href="http://www.clock-sync.com/" target="_blank">ClockSynck</a> - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
Source=Paul Collins Startup list
[ClockWise]
Confirmed=U
Filename=CLOCKWISE.EXE
Description=<a href="http://www.rjsoftware.com/ClockWise/" target="_blank">ClockWise</a> - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
Source=Paul Collins Startup list
[CloneCD]
Confirmed=U
Filename=CloneCDTray.exe
Description=System tray for <a href="http://www.elby.org/CloneCD/english/" target="_blank">CloneCD</a> - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
Source=Paul Collins Startup list
[CloneCDElbyCDFL]
Confirmed=U
Filename=ElbyCheck.exe
Description=From <a href="http://www.elby.org/english/corp/index.htm" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Source=Paul Collins Startup list
[CloneCDTray]
Confirmed=U
Filename=CloneCDTray.exe
Description=System tray for <a href="http://www.elby.org/CloneCD/english/" target="_blank">CloneCD</a> - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
Source=Paul Collins Startup list
[Clotusorgreg0]
Confirmed=?
Filename=prtStart.exe Orgprt.exe
Description=Lotus <a href="http://www.lotus.com/products/smrtsuite.nsf/wPages/smartsuite?OpenDocument" target="_blank"> SmartSuite</a> related. In a LotusOrgReg folder. <font color="#FF0000"> Unclear what exactly it does?</font>
Source=Paul Collins Startup list
[ClrSchLoader]
Confirmed=X
Filename=Loader.exe
Description=Clearsearch variant of <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank"> IGetNet</a>
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=com.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=dll.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=msgplus.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=plugin.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=sed.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[CLSID]
Confirmed=X
Filename=msgplus.exe
Description=Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
Source=Paul Collins Startup list
[CM-SmWizard]
Confirmed=?
Filename=SmWizard.exe
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[cma]
Confirmed=U
Filename=cma.exe
Description=<a href="http://www.desksitemusic.com/" target="_blank">DeskSite CMA siftware</a> - "retrieves new content from the DeskSite Data Center"
Source=Paul Collins Startup list
[Cmaudio]
Confirmed=N
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Cmd]
Confirmed=X
Filename=cmd32.exe
Description=Added by the <a href="http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm" target="_blank">TANKED</a> WORM!
Source=Paul Collins Startup list
[cmdcon]
Confirmed=X
Filename=cmdcon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[CME]
Confirmed=X
Filename=cme.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[CmeSYS]
Confirmed=X
Filename=CMEsys.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[CmeUPD]
Confirmed=X
Filename=CMEupd.exe
Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank"> Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[CMGrdian]
Confirmed=?
Filename=CMGrdian.exe
Description=One of the McAfee shared components. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[Cmmon32Sys]
Confirmed=X
Filename=cmmon32.exe
Description=Added by the SMALL.CL TROJAN!
Source=Paul Collins Startup list
[CMPDPSRV]
Confirmed=U
Filename=CMPDPSRV.EXE
Description=<a href="http://www.viewahead.com/PDP.htm" target="_blank">Printer Driver Plus</a> from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more." Installed with some Compaq and Lexmark printers
Source=Paul Collins Startup list
[cmsound]
Confirmed=X
Filename=vcpdll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
Source=Paul Collins Startup list
[cmsound]
Confirmed=X
Filename=vcsystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
Source=Paul Collins Startup list
[cmssSystemProcess]
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentco.html" target=_blank>AGENT-CO</a> TROJAN!
Source=Paul Collins Startup list
[cmssSystemProcess]
Confirmed=X
Filename=mcsmss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.EI&VSect=T" target=_blank>AGENT.EI</a> TROJAN!
Source=Paul Collins Startup list
[cmt101]
Confirmed=X
Filename=cmt101.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[cmx32]
Confirmed=X
Filename=cmx32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list
[Cn323]
Confirmed=X
Filename=cnfrm33.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html" target=_blank>MIMAIL.G</a> WORM!
Source=Paul Collins Startup list
[CNBABE]
Confirmed=X
Filename=CNBABE.EXE
Description=Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
Source=Paul Collins Startup list
[cnet]
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list
[Cnfrm32]
Confirmed=X
Filename=cnfrm.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html" target=_blank>MIMAIL.D</a> WORM!
Source=Paul Collins Startup list
[CnsMax]
Confirmed=X
Filename=Internat.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.pointex.html" target="_blank">POINTEX</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
Source=Paul Collins Startup list
[CnsMin]
Confirmed=X
Filename=Rundll32.exe CNSMIN.DLL, Rundll32
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
Source=Paul Collins Startup list
[CnxDslTaskBar]
Confirmed=N
Filename=CnxDslTb.exe
Description=Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
Source=Paul Collins Startup list
[Codename Dashboard]
Confirmed=U
Filename=dashboard.exe
Description=<a href="http://www.downlinx.com/proghtml/415/41557.htm" target="_blank">Codename: Dashboard</a> - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"
Source=Paul Collins Startup list
[Coldlife -icmp]
Confirmed=X
Filename=Systray.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/Print100363.htm" target="_blank">FLOOD.AV</a> TROJAN! Note - this is not the legitimate SysTray.exe
Source=Paul Collins Startup list
[coloreal]
Confirmed=U
Filename=coloreal.exe
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
Source=Paul Collins Startup list
[Colorific Control Panel]
Confirmed=N
Filename=Hgcctl95.exe
Description=From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
Source=Paul Collins Startup list
[COM Service]
Confirmed=X
Filename=mscom32.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.h.html" target="_blank">BEASTY.H</a> TROJAN!
Source=Paul Collins Startup list
[COM Service]
Confirmed=X
Filename=msynvr.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.g.html" target="_blank">BEASTY.G</a> TROJAN!
Source=Paul Collins Startup list
[COM Service]
Confirmed=X
Filename=msjclh.com
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.plux.html" target="_blank">PLUX</a> TROJAN!
Source=Paul Collins Startup list
[COM Service]
Confirmed=X
Filename=msdrce.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.i.html" target="_blank">BEASTY.I</a> TROJAN!
Source=Paul Collins Startup list
[COM+ Event System]
Confirmed=X
Filename=DRWTSN16.EXE
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Com+ Sys]
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbt.html" target=_blank>FORBOT-BT</a> WORM!
Source=Paul Collins Startup list
[COM+ System Applications]
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE" target=_blank>AGOBOT.SE</a> WORM!
Source=Paul Collins Startup list
[COM++ System]
Confirmed=X
Filename=exploier.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[COM++ System]
Confirmed=X
Filename=suchost.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[COM++ System]
Confirmed=X
Filename=svchost.exe...
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[COM-IP]
Confirmed=N
Filename=COMIP.EXE
Description=COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
Source=Paul Collins Startup list
[COMCFG]
Confirmed=X
Filename=comcfg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A" target="_blank">TOADCOM.A</a> TROJAN!
Source=Paul Collins Startup list
[comctl32]
Confirmed=X
Filename=comctl32.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus and others as TrojanDownloader.Win32.Agent.am
Source=Paul Collins Startup list
[COMDRV32]
Confirmed=U
Filename=svdhost.exe
Description=<a href="http://www.protectcom.com/" target="_blank">Orvell Monitoring 2003</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/
Source=Paul Collins Startup list
[Comm Driver]
Confirmed=U
Filename=commh32.exe
Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://www.chip.de/artikel/c_artikel_8806643.html" target=_blank>here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list
[Command]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.A" target="_blank">GATECRASH.A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.B" target="_blank">GATECRASH.B</a> TROJANS!
Source=Paul Collins Startup list
[Command]
Confirmed=X
Filename=Gotit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.worm.html" target="_blank">TITOG</a> WORM!
Source=Paul Collins Startup list
[COMMAND]
Confirmed=X
Filename=command.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list
[CommCtr]
Confirmed=N
Filename=commctr.exe
Description="<a href="http://commcenter.net2phone.com/GLPPublish.asp?idpage=features" target="_blank">Net2Phone CommCenter</a> is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
Source=Paul Collins Startup list
[Compaq Alerter]
Confirmed=U
Filename=CPQAlert.exe
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://www.compaq.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[Compaq Computer Corp SCCenter Module]
Confirmed=N
Filename=SCCENTER.EXE
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list
[Compaq Computer Security]
Confirmed=?
Filename=Rundll32.exe SECURE32.CPL, Service
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Compaq DMI]
Confirmed=N
Filename=cpqdmi.exe
Description=Compaq version of the Desktop Management Interface
Source=Paul Collins Startup list
[Compaq Internet Setup]
Confirmed=N
Filename=inetwizard.exe
Description=For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
Source=Paul Collins Startup list
[Compaq Knowledge Center]
Confirmed=U
Filename=silent.exe & matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide
Source=Paul Collins Startup list
[Compaq Message Server]
Confirmed=N
Filename=COMPAQ-RBA.EXE
Description=Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
Source=Paul Collins Startup list
[Compaq PK Daemon]
Confirmed=U
Filename=cpqkl.exe
Description=For Compaq laptops for programming user configurable keys. Not required unless you use them
Source=Paul Collins Startup list
[Compaq Video CD Watcher]
Confirmed=N
Filename=??
Description=For Compaq PC's. MPEG viewer
Source=Paul Collins Startup list
[CompaqHW Comp Manager]
Confirmed=?
Filename=cpqhcm.exe
Description=<font color="#FF0000">Running on a Compaq laptop - any ideas?</font>
Source=Paul Collins Startup list
[CompaqPrinTray]
Confirmed=N
Filename=printray.exe
Description=Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
Source=Paul Collins Startup list
[CompaqSystray]
Confirmed=N
Filename=cpqpscp.exe
Description=Compaq System Tray icon
Source=Paul Collins Startup list
[Compatibility Service Process]
Confirmed=X
Filename=regsvs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yn.html" target="_blank">GAOBOT.YN</a> WORM!
Source=Paul Collins Startup list
[COMSMDEXE]
Confirmed=N
Filename=comsmd.exe
Description=3Com tray icon
Source=Paul Collins Startup list
[ComTry Web Searcher]
Confirmed=X
Filename=wstray.exe
Description=Comtry MP3 Downloader related - spyware
Source=Paul Collins Startup list
[comxt]
Confirmed=X
Filename=comxt.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.comxt.html" target="_blank">COMXT</a> TROJAN!
Source=Paul Collins Startup list
[Config]
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.israz.b@mm.html" target="_blank">ISRAZ.B</a> WORM!
Source=Paul Collins Startup list
[Config Loadation]
Confirmed=X
Filename=iEEexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html" target="_blank">SDBOT.H</a> TROJAN!
Source=Paul Collins Startup list
[Config Loadatiorin]
Confirmed=X
Filename=I3Explorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html" target="_blank">SDBOT.H</a> TROJAN!
Source=Paul Collins Startup list
[Config Loader]
Confirmed=X
Filename=svchosl.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.p.html" target="_blank">GAOBOT.P</a> WORM!
Source=Paul Collins Startup list
[Config Loader]
Confirmed=X
Filename=sysldr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.html" target="_blank">GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Config Loader]
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ae.html" target="_blank">GAOBOT.AE</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORMS!
Source=Paul Collins Startup list
[Config Loader for Microsoft Windows]
Confirmed=X
Filename=mwincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD" target="_blank">AGOBOT.BD</a> WORM!
Source=Paul Collins Startup list
[Config Loader2]
Confirmed=X
Filename=explores.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bt.html" target="_blank">GAOBOT.BT</a> WORM!
Source=Paul Collins Startup list
[Config Loadr]
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothn.html" target=_blank>AGOBOT-HN</a> WORM!
Source=Paul Collins Startup list
[Config33.exe]
Confirmed=X
Filename=Config33.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T" target=_blank>SDBOT.T</a> TROJAN!
Source=Paul Collins Startup list
[ConfiggLoader]
Confirmed=X
Filename=cart322.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html" target="_blank">GAOBOT.DJ</a> WORM!
Source=Paul Collins Startup list
[ConfigSafe]
Confirmed=U
Filename=CFGSAFE.EXE
Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
Source=Paul Collins Startup list
[ConfigSafe]
Confirmed=U
Filename=AUTOCHK.EXE
Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
Source=Paul Collins Startup list
[ConfigServices]
Confirmed=N
Filename=Config.exe
Description=Part of initial setup on a Compaq PC
Source=Paul Collins Startup list
[Configuration]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotml.html" target=_blank>SDBOT-ML</a> WORM!
Source=Paul Collins Startup list
[Configuration Default]
Confirmed=X
Filename=Wuxat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotca.html" target=_blank>SPYBOT-CA</a> WORM!
Source=Paul Collins Startup list
[Configuration File]
Confirmed=X
Filename=Winset32.exe
Description=Added by the FLUX.101 TROJAN!
Source=Paul Collins Startup list
[Configuration Loaded]
Confirmed=X
Filename=wupdated.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html" target="_blank">MOEGA</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ag.html" target="_blank">MOEGA.AG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ap.html" target="_blank">MOEGA.AP</a> WORMS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=aim95.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=cmd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=service5.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.af.html" target="_blank">GAOBOT.AF</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=?
Filename=lfass.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=sycfg34.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.an.html" target="_blank">GAOBOT.AN</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=wincrt32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bh.html" target="_blank">GAOBOT.BF</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=windex.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bz.html" target="_blank">GAOBOT.BZ</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=dosrun32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=Service.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=Servicess.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=sw32.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.BQ" target="_blank">AGOBOT.BQ</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=Winreg.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fq.html" target="_blank">GAOBOT.FQ</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=microsoft.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html" target="_blank">GAOBOT.JB</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=confgldr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html" target="_blank">POLYBOT</a> WORM!
Source=Paul Collins Startup list
[configuration loader]
Confirmed=X
Filename=winicfg32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=svhst.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yc.html" target="_blank">GAOBOT.YC</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=msgfix.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html" target="_blank">GAOBOT.AUS</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqg.html" target=_blank>SDBOT-QG</a> WORMS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=msnss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html" target="_blank">GAOBOT.AUS</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=IEXPL0RE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=loadcfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=MSTasks.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJANS!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=systemry.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=ccSort.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR" target=_blank>AGOBOT.SR</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=smss32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MB" target=_blank>AGOBOT.MB</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader]
Confirmed=X
Filename=wincffg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.A3&VSect=T" target=_blank>AGOBOT.A3</a> WORM!
Source=Paul Collins Startup list
[Configuration Loader ]
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.b.html" target="_blank">SDBOT.B</a> TROJAN!
Source=Paul Collins Startup list
[Configuration Loading]
Confirmed=X
Filename=svchos1.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html" target="_blank">GAOBOT.DK</a> WORM!
Source=Paul Collins Startup list
[Configuration Loading]
Confirmed=X
Filename=configldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotec.html" target="_blank">AGOBOT-EC</a> WORM!
Source=Paul Collins Startup list
[Configuration Manager]
Confirmed=X
Filename=CNFGLD32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank"> SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Configuration Manager]
Confirmed=X
Filename=Cnfgldr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank"> SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Configuration Service]
Confirmed=X
Filename=suchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.treb.html" target="_blank">TREB</a> TROJAN!
Source=Paul Collins Startup list
[Configuration Utility]
Confirmed=N
Filename=CONFIG.EXE
Description=Controls linksys wireless connection. Available from the Desktop
Source=Paul Collins Startup list
[Configuration Utility]
Confirmed=U
Filename=wlanutil.exe
Description=<a href="http://www.netgear.com/index.php" target="_blank">NetGear</a> Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)
Source=Paul Collins Startup list
[Configuration Wizard]
Confirmed=X
Filename=Cfgwiz32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C" target="_blank">HACKTACK</a> TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)
Source=Paul Collins Startup list
[ConfLoader]
Confirmed=X
Filename=sysconf16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotfb.html" target=_blank>SDBOT-FB</a> TROJAN!
Source=Paul Collins Startup list
[Conmgr]
Confirmed=N
Filename=conmgr.exe
Description=Starts Winfax pro at startup
Source=Paul Collins Startup list
[ConMgr.exe]
Confirmed=U
Filename=conmgr.exe
Description=Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut
Source=Paul Collins Startup list
[Connect2Party]
Confirmed=X
Filename=connect2party.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Connection Manager]
Confirmed=N
Filename=CManager.exe
Description=SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
Source=Paul Collins Startup list
[Cons]
Confirmed=X
Filename=consol32.exe
Description=Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
Description=System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card
Source=Paul Collins Startup list
[Control Panel]
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.dani.html" target="_blank">DANI</a> TROJAN!
Source=Paul Collins Startup list
[ControlCenter2.0]
Confirmed=N
Filename=brctrcen.exe
Description=Brother scanner 'Control Center' application - can be started manually
Source=Paul Collins Startup list
[ControlCentreTray]
Confirmed=N
Filename=XWCTray.exe
Description=System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
Source=Paul Collins Startup list
[Controlled Resource System Service]
Confirmed=X
Filename=crss.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/crss/" target=_blank>AGOBOT.GH</a> WORM!
Source=Paul Collins Startup list
[Controller]
Confirmed=N
Filename=WFXCTL32.EXE
Description=From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Description=Added by a vairant of the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65504&VName=TROJ_DELF.DW&VSect=T" target=_blank>DELF.DW</a> TROJAN!
Description=<a href="http://www.pcmag.com/article/0,2997,a=20844,00.asp" target="_blank">Cookie Cop 2</a> from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list
[Cookie Pal]
Confirmed=U
Filename=CPBRWTCH.EXE
Description=Kookaburra Softwares <a href="http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list
[CookieJar]
Confirmed=U
Filename=Cookiejar.exe
Description=<a href="http://www.jasons-toolbox.com/cookiejar.asp" target="_blank">Cookie Jar</a> cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Description=<a href="http://www.analogx.com/contents/download/network/cookie.htm" target="_blank">CookieWall</a> from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list
[Cool Desk]
Confirmed=U
Filename=cdesk.exe
Description=<a href="http://www.shelltoys.com/" target="_blank">Cool Desk</a> is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you
Source=Paul Collins Startup list
[CoolDownloads]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[CoolMP3]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[CoolSwitch]
Confirmed=U
Filename=taskswitch.exe
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Source=Paul Collins Startup list
[Coolwallpaper]
Confirmed=N
Filename=cwm_tray.exe
Description=<a href="http://coolwallpaper.com/download/index2.html" target=_blank>Cool Wallpaper</a> software allows you to manage high quality photos as desktop wallpaper and screen savers
Description=Copernic <a href="http://www.copernic.com/en/products/desktop-search/index.html" target=_blank>Desktop Search</a> - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"
Source=Paul Collins Startup list
[CopernicPerUserTaskMgr]
Confirmed=U
Filename=CopernicPerUserTaskMgr.exe
Description=Automatic tasking feature of Copernic Pro multi-search engine tool
Source=Paul Collins Startup list
[Copyright]
Confirmed=N
Filename=mwcpyrt.exe
Description=Displays copyright information on IBM ThinkPads
Source=Paul Collins Startup list
[CoreCenter]
Confirmed=U
Filename=CoreCenter.exe
Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
Source=Paul Collins Startup list
[CoreCenter]
Confirmed=U
Filename=CORECE~1.EXE
Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
Source=Paul Collins Startup list
[Corel Colleagues & Contacts Reminders]
Confirmed=N
Filename=cffrem.exe
Description=<a href="http://www.corel.com/printoffice_v1/ccc.htm" target="_blank">Corel Colleagues & Contracts</a> - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office
Source=Paul Collins Startup list
[Corel Desktop Application Director]
Confirmed=N
Filename=dadx.exe
Description=The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
Source=Paul Collins Startup list
[Corel Family & Friends reminders]
Confirmed=N
Filename=CFFREM.EXE
Description=<a href="http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm" target="_blank">Corel Family & Friends</a> - all-in-one calender, address book and list manager. Part of Corel Print House Magic
Source=Paul Collins Startup list
[Corel Registration]
Confirmed=N
Filename=Remind32.exe
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list
[Corel Registration Reminder]
Confirmed=N
Filename=Remind32.exe
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list
[Corel Reminder]
Confirmed=N
Filename=NAVBROWSER.EXE
Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
Source=Paul Collins Startup list
[CorelCENTRAL 10]
Confirmed=N
Filename=I_26dadCC.exe
Description=<a href="http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel/Product/Feature&fid=CC1ZX1WPOP4" target="_blank">CorelCENTRAL 10</a> - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
Source=Paul Collins Startup list
[CorelMedia FoldersIndexer8]
Confirmed=N
Filename=MFindexer.exe
Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
Source=Paul Collins Startup list
[CorelMedia FoldersIndexer8]
Confirmed=N
Filename=MFINDE~1.EXE
Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
Source=Paul Collins Startup list
[CoreSrv]
Confirmed=X
Filename=coresrv.exe
Description=Some IRC trojans/worms use this - see <a href="http://lockdowncorp.com/bots/" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[CORESYS]
Confirmed=?
Filename=coresys.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[CorrectConnect]
Confirmed=N
Filename=CConnect.exe
Description=Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
Source=Paul Collins Startup list
[cosine]
Confirmed=X
Filename=cosine.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsw.html" target=_blank>RBOT-SW</a> WORM!
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
Source=Paul Collins Startup list
[CountrySelection]
Confirmed=N
Filename=pctptt.exe
Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
Source=Paul Collins Startup list
[Coupon Offers]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[couponica]
Confirmed=X
Filename=couponica.exe
Description=Adware - see <a href="http://vil.nai.com/vil/content/v_100077.htm#top" target="_blank">here</a>
Source=Paul Collins Startup list
[CP32NOT]
Confirmed=U
Filename=CP32BTN.EXE
Description=For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
Source=Paul Collins Startup list
[CPA9P2PSERVER]
Confirmed=?
Filename=CPA9P2PS.exe
Description=<font color="#FF0000">Found on a Compaq Presario but what is it?</font>
Source=Paul Collins Startup list
[CPATR10]
Confirmed=U
Filename=CPATR10.EXE
Description=Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
Source=Paul Collins Startup list
[CPBrWtch]
Confirmed=U
Filename=CPBrWtch.exe
Description=Kookaburra Softwares <a href="http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Source=Paul Collins Startup list
[CPD_EXE]
Confirmed=Y
Filename=CPD.EXE
Description=Firewall bundled with McAfee VirusScan 6.*
Description=<font color="#FF0000">CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?</font>
Source=Paul Collins Startup list
[CPQAcDc]
Confirmed=Y
Filename=CPQAcDc.exe
Description=Compaq PowerCon power management software for laptops
Source=Paul Collins Startup list
[CPQAlert]
Confirmed=U
Filename=CPQAlert.exe
Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://www.compaq.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[CPQBootPerfDB]
Confirmed=N
Filename=CPQBootPerfDB.EXE
Description=See the entry for Compaq Message Server
Source=Paul Collins Startup list
[CPQCalib]
Confirmed=Y
Filename=CPQCalib.exe
Description=Compaq PowerCon power management software for laptops
Source=Paul Collins Startup list
[CPQDFWAG]
Confirmed=N
Filename=CpqDfwAg.exe
Description=For Compaq PC's. Runs Compaq diagnostics on every boot
Source=Paul Collins Startup list
[CPQEASYACC]
Confirmed=U
Filename=cpqeadm.exe
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[cpqeaui]
Confirmed=U
Filename=cpqeaui.exe
Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[cpqek]
Confirmed=U
Filename=kcpqek.exe
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
Source=Paul Collins Startup list
[CPQInet Runtime Service]
Confirmed=U
Filename=CpqInet.exe
Description=For Compaq PC's. Allows AOL and Compuserve to use the <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> buttons for the internet. Is not required if you don't use the ISP providers
Source=Paul Collins Startup list
[CPQINKAGENT]
Confirmed=N
Filename=cpqinkag.exe
Description=That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
Source=Paul Collins Startup list
[cpqns]
Confirmed=U
Filename=cpqnpcss.exe
Description=Related to Compaq.Net - not required if you don't use that
Source=Paul Collins Startup list
[Cpqset]
Confirmed=N
Filename=Cpqset.exe
Description=Default settings software in Hewlett Packard notebook
Source=Paul Collins Startup list
[CPQSTUTFIX]
Confirmed=Y
Filename=stutfix.exe
Description=For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it <a href="files/StutFix.exe">here</a>. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
Source=Paul Collins Startup list
[cpr]
Confirmed=X
Filename=cpr
Description=Adroar.com adware downloader
Source=Paul Collins Startup list
[CPU Manager]
Confirmed=X
Filename=cpumgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html" target="_blank">PANDEM.B</a> WORM!
Source=Paul Collins Startup list
[CPUcool]
Confirmed=U
Filename=Cpucool.exe
Description=Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Cpusave]
Confirmed=X
Filename=Cpusave.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Cpusave32]
Confirmed=X
Filename=Cpusave32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[cqlyg]
Confirmed=X
Filename=world_cup_.bat
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
Source=Paul Collins Startup list
[CQSCP2P SERVER]
Confirmed=?
Filename=??
Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
Source=Paul Collins Startup list
[CQSCP2PS]
Confirmed=?
Filename=??
Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
Description=<a href="http://www.reallusion.com/crazytalk/default.asp" target="_blank">CrazyTalk</a> from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
Source=Paul Collins Startup list
[CRC Value Verifier]
Confirmed=X
Filename=crsss32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[CRC Value Verifier]
Confirmed=X
Filename=Crsss64.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html" target=_blank>RBOT-NY</a> WORM!
Source=Paul Collins Startup list
[CRC Value Verifier]
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoa.html" target=_blank>RBOT-OA</a> WORM!
Source=Paul Collins Startup list
[Creata Mail]
Confirmed=U
Filename=JMSrvr.exe
Description=<a href="http://www.bluemountain.com/mail/index.pd" target=_blank>Creata_Mail</a>. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express
Source=Paul Collins Startup list
[Create A Monster]
Confirmed=X
Filename=createAMonster.exe
Description=Kudd.com CreateAMonster. Reportedly stealth installed and <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>Look2Me</a> adware related
Source=Paul Collins Startup list
[CreateCD]
Confirmed=N
Filename=Createcd.exe
Description=Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
Source=Paul Collins Startup list
[CreateCD50]
Confirmed=N
Filename=Createcd50.exe
Description=Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
Source=Paul Collins Startup list
[Creative AGP Wizard]
Confirmed=N
Filename=agpwiz.exe
Description=Part of Creative's BlasterControl
Source=Paul Collins Startup list
[Creative Launcher]
Confirmed=N
Filename=CTLauncher.exe
Description=For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
Source=Paul Collins Startup list
[Creative MediaSource Go]
Confirmed=N
Filename=CTCMSGo.exe
Description="Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank"> MediaSource</a> playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
Source=Paul Collins Startup list
[Creative PCI Audio Configuration Utility]
Confirmed=N
Filename=starter.exe
Description=System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target="_blank">this</a> special page. Similar to EnsoniqMixer
Source=Paul Collins Startup list
[Creative Service for CDROM Access]
Confirmed=N
Filename=Ctsvccda.exe
Description=Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
Source=Paul Collins Startup list
[Creative WebCam Tray]
Confirmed=N
Filename=Camtray.exe
Description=Creative WebCam tray control - can be started manually
Source=Paul Collins Startup list
[Creative.exe]
Confirmed=X
Filename=Creative.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html" target="_blank">PROLIN</a> WORM!
Source=Paul Collins Startup list
[CreativeDiscNotifier]
Confirmed=N
Filename=CTNOTIFY.EXE
Description=For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[CreativeMixer]
Confirmed=U
Filename=CTMIX32.EXE
Description=Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon
Source=Paul Collins Startup list
[CriticalUpdate]
Confirmed=N
Filename=Wucrtupd.exe
Description=MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site
Source=Paul Collins Startup list
[cronos]
Confirmed=X
Filename=MARCO!.SCR
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
Source=Paul Collins Startup list
[Crusty]
Confirmed=X
Filename=dmcpl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html" target="_blank">RUSTY</a> WORM!
Source=Paul Collins Startup list
[Cryptographic Service]
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html" target="_blank">KORGO.W</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.x.html" target="_blank">KORGO.X</a> or <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39581" target="_blank">KORGO.AB</a> WORMS!
Source=Paul Collins Startup list
[Crystal 3D Audio Control]
Confirmed=?
Filename=CWD3DSND.EXE
Description=Crystal 3D Audio sound driver. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[csaRem]
Confirmed=N
Filename=spqmdmui.exe
Description=Compaq modem country selection
Source=Paul Collins Startup list
[CSAV_CheckViruses]
Confirmed=Y
Filename=vchk.exe.exe
Description=Part of <a href="http://www.authentium.com/solutions/products/commandantivirus.cfm" target="_blank">Command AntiVirus</a>
Source=Paul Collins Startup list
[csc]
Confirmed=?
Filename=csc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[CSINJECT.EXE]
Confirmed=U
Filename=CSINJECT.EXE
Description=Part of Quarterdeck/Norton CleanSweep. For a full description see <a href="http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/1999022413295728" target="_blank">here</a>. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."
Source=Paul Collins Startup list
[csrsc]
Confirmed=X
Filename=csrsc.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[CSRSS]
Confirmed=X
Filename=CSRSS.EXE
Description=Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a>) process, which provides text window support, shutdown, and hard-error handling
Source=Paul Collins Startup list
[CSRSS Loader]
Confirmed=X
Filename=csrsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX" target=_blank>AGOBOT.TX</a> WORM!
Source=Paul Collins Startup list
[CSRSWIN]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html" target="_blank">WINSHELL.50</a> TROJAN!
Source=Paul Collins Startup list
[CSRSX]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html" target="_blank">WINSHELL.50.B</a> TROJAN!
Source=Paul Collins Startup list
[CSScheduleCheck]
Confirmed=Y
Filename=SCHWIZEX.EXE
Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
Source=Paul Collins Startup list
[csss]
Confirmed=X
Filename=Csss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html" target="_blank">BALICK</a> TROJAN!
Source=Paul Collins Startup list
[CSS_Central]
Confirmed=U
Filename=CSS_1631.EXE
Description=CSS Communication Agent (95 Host) from <a href="http://www.commandcom.com/enterprise/csscntrl.html" target="_blank">Command Software Systems</a> "CSS CentralÖ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console."
Source=Paul Collins Startup list
[CSV10P70]
Confirmed=X
Filename=CSv10P070.exe
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
Source=Paul Collins Startup list
[CSV7P26]
Confirmed=X
Filename=CSV7P26.exe
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
Source=Paul Collins Startup list
[CSV7P70]
Confirmed=X
Filename=CSV7P070.exe
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
Source=Paul Collins Startup list
[CSV7P91]
Confirmed=X
Filename=CSV7P91.exe
Description=<a href="http://doxdesk.com/parasite/ClearSearch.html" target=_blank>ClearSearch</a> adware related
Source=Paul Collins Startup list
[ct]
Confirmed=Y
Filename=ct.exe
Description=ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it
Source=Paul Collins Startup list
[CTAVTray]
Confirmed=N
Filename=CTAvTray.exe
Description=For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
Source=Paul Collins Startup list
[CTDVDDet]
Confirmed=N
Filename=CTDVDDet.exe
Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
Source=Paul Collins Startup list
[CTDVDDet]
Confirmed=N
Filename=CTDetect.exe
Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
Source=Paul Collins Startup list
[ctfmon]
Confirmed=U
Filename=ctfmon.exe
Description=CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599">here</a
Source=Paul Collins Startup list
[ctfmon]
Confirmed=X
Filename=taskmgr32*.exe [* = number]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sowsat.b@mm.html" target="_blank">SOWSAT.B</a> WORM!
Source=Paul Collins Startup list
[Ctfmon.exe]
Confirmed=X
Filename=ctfmon32.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related - hijacking to Slawsearch.com
Source=Paul Collins Startup list
[CTHELPER]
Confirmed=U
Filename=CTHELPER.EXE
Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with CreativeÆs sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
Source=Paul Collins Startup list
[CTime]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html" target="_blank">HTTPDOS</a> TROJAN!
Source=Paul Collins Startup list
[CTin10]
Confirmed=X
Filename=CTin10.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html" target="_blank">BANCOS.E</a> TROJAN!
Source=Paul Collins Startup list
[CTPDPSRV]
Confirmed=?
Filename=CTPDPSRV.EXE
Description=Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder).<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[CTRegRun]
Confirmed=N
Filename=CTRegRun.exe
Description=For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
Source=Paul Collins Startup list
[CtrlVol]
Confirmed=U
Filename=CtrlVol.exe
Description=Acer's on screen volume control using the Fn key
Source=Paul Collins Startup list
[CTStartup]
Confirmed=N
Filename=CTEaxSpl.exe
Description=Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
Source=Paul Collins Startup list
[CTsysVol]
Confirmed=U
Filename=CTSYSVOL.exe
Description=Creative sound card volume controls
Source=Paul Collins Startup list
[cttdpsrv]
Confirmed=?
Filename=cttdpsrv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[cuagentExe]
Confirmed=Y
Filename=Cuagent.exe
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> related
Source=Paul Collins Startup list
[cuo]
Confirmed=X
Filename=cuo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A" target="_blank">BUGBEAR.A</a> WORM!
Source=Paul Collins Startup list
[cursor]
Confirmed=N
Filename=Screendragon_VS_Taskbar.exe
Description=<a href="http://www.screendragon.com/" target="_blank">ScreenDragon</a> video player
Source=Paul Collins Startup list
[CursorXP]
Confirmed=N
Filename=CursorXP.exe
Description=<a href="http://www.stardock.com/products/cursorxp/" target="_blank">CursorXP</a> from Stardock - tool for creating mouse cursors
Source=Paul Collins Startup list
[Customizer2000]
Confirmed=U
Filename=logon.exe
Description=Automatic logon feature of <a href="http://www.hot-shareware.com/utilities/customizer-2000/" target="_blank">Customizer 2000</a> - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
Source=Paul Collins Startup list
[CuteMX]
Confirmed=N
Filename=CuteMX.EXE
Description=File sharing utility
Source=Paul Collins Startup list
[cvmonitor.exe]
Confirmed=X
Filename=cvmonitor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV" target="_blank">SDBOT.BV</a> WORM!
Source=Paul Collins Startup list
[CVPND]
Confirmed=Y
Filename=cvpnd.exe
Description=Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
Source=Paul Collins Startup list
[cwbinhlp]
Confirmed=N
Filename=cwbinhlp.exe
Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
Source=Paul Collins Startup list
[cwbsvstr]
Confirmed=N
Filename=cwbsvstr.exe
Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
Source=Paul Collins Startup list
[cwbwlwiz]
Confirmed=?
Filename=cwbwlwiz.exe
Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
Description=Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs
Source=Paul Collins Startup list
[Cyber]
Confirmed=N
Filename=cyberchk.exe
Description=Part of Belkins "Multimedia Cleaning Kit" and is
automatically installed when you run their optical disk drive cleaning utility - to remind
you to clean your drive after "x" amount of time has passed
Source=Paul Collins Startup list
[Cyber Trio]
Confirmed=U
Filename=showmode.exe
Description=From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
Description=<a href="http://www.cyberlat.com/ramcleaner/" target="_blank">CyberLat RAM Cleaner</a> is a program that Frees, Optimizes and Defrags your system's wasted memory (RAM). Some users swear by programs such as this but I suggest you read <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[CyberMedia Agent]
Confirmed=N
Filename=CMAGENT.EXE
Description=Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
Source=Paul Collins Startup list
[CyberWolf]
Confirmed=X
Filename=CyberWolf.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
Source=Paul Collins Startup list
[CyDoor]
Confirmed=X
Filename=CD_Load.exe
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Source=Paul Collins Startup list
[CydoorUpdate]
Confirmed=X
Filename=CD_Load.exe
Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Description=D-Link Air Plus Wireless PC modem connection monitor
Source=Paul Collins Startup list
[D066UUtility]
Confirmed=N
Filename=D066UUTY.EXE
Description=TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
Source=Paul Collins Startup list
[d3dupdate.exe]
Confirmed=X
Filename=bbeagle.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html" target="_blank">BEAGLE.A</a> WORM!
Source=Paul Collins Startup list
[D4]
Confirmed=U
Filename=D4.exe
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
Source=Paul Collins Startup list
[DACONFIGEXE]
Confirmed=N
Filename=daconfig.exe
Description=3Com NIC Diagnostics. Available via Start -> Programs
Source=Paul Collins Startup list
[DadApp]
Confirmed=Y
Filename=dadapp.exe
Description="DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell
Source=Paul Collins Startup list
[Daemon]
Confirmed=N
Filename=DAEMON32.EXE
Description=Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs
Source=Paul Collins Startup list
[Daemon]
Confirmed=U
Filename=Daemon.exe
Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
Source=Paul Collins Startup list
[DAEMON Tools-1033]
Confirmed=U
Filename=Daemon.exe
Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
Source=Paul Collins Startup list
[Daily Planner]
Confirmed=N
Filename=dayplan.exe
Description=Daily Planner - discontinued, and now part of <a href="http://www.kmcsonline.com/index.html" target="_blank">KMCS Deluxe System Suite</a>. Tool to plan your days, and check activities off as you complete them
Source=Paul Collins Startup list
[Danton*]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html" target="_blank">DANTON</a> TROJAN! where * = random number
Source=Paul Collins Startup list
[Dap]
Confirmed=N
Filename=DAP.exe
Description=<a href="http://www.speedbit.com/DAPDL.asp?" target="_blank">Download Accelerator Plus</a> from SpeedBit - download manager/accelerator
Source=Paul Collins Startup list
[DarkDevil.Grasiele.BR]
Confirmed=X
Filename=Grasiele.VBS
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.lembra@mm.html" target="_blank">LEMBRA</a> WORM!
Source=Paul Collins Startup list
[DashIE]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Could be related to "Dash Power Shopping" tool bar in IE?</font>
Source=Paul Collins Startup list
[dasxdads]
Confirmed=X
Filename=fsdqd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.biq.html" target="_blank">GAOBOT.BIQ</a> WORM!
Source=Paul Collins Startup list
[Data]
Confirmed=X
Filename=System.dat.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list
[Data LifeGuard]
Confirmed=N
Filename=BACKWE~1.EXE
Description=Data LifeGuard diagnostic tools for Western Digital's series of hard drives
Source=Paul Collins Startup list
[Data LifeGuard LifeLine Lite installer]
Confirmed=N
Filename=DLGLI.EXE
Description=Backweb installer - see <a href="http://www.cexx.org/dlgli.htm" target="_blank"> here</a>
Source=Paul Collins Startup list
[Data789]
Confirmed=X
Filename=Regedit.exe ....data789.tmp
Description=Homepage hijacker
Source=Paul Collins Startup list
[DATABASE MySql]
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
Source=Paul Collins Startup list
[DataCaching]
Confirmed=N
Filename=FlashKsk.exe
Description=<a href="http://www.smartdisk.com" target="_blank">SmartMedia Card</a> management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon
Source=Paul Collins Startup list
[DataLayer]
Confirmed=U
Filename=DataLayer.exe
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Source=Paul Collins Startup list
[DataViz Messenger]
Confirmed=N
Filename=DvzMsgr.exe
Description=<a href="http://www.dataviz.com/products/documentstogo/" target="_blank">DataViz Documents to Go</a> - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"
Source=Paul Collins Startup list
[Datcheck]
Confirmed=X
Filename=datcheck.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html" target="_blank">KEYPANIC</a> TROJAN!
Source=Paul Collins Startup list
[Date Manager]
Confirmed=X
Filename=datemanager.exe
Description=<a href="http://www.date-manager.com/" target="_blank">Date Manager</a> - calender program. Spyware/adware based provided by The Gator Corporation
Source=Paul Collins Startup list
[Datechecker]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Could be related to <a href="http://www.simtel.net/pub/pd/9379.html" target="_blank">this</a>?</font>
Source=Paul Collins Startup list
[DateMakerIntl]
Confirmed=X
Filename=DateMakerIntl.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[DAupdate]
Confirmed=X
Filename=DAupdate.exe
Description=NavEnhance adware
Source=Paul Collins Startup list
[DAW9532.exe]
Confirmed=?
Filename=DAW9532.EXE
Description=Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[DayToday]
Confirmed=U
Filename=DAYTODAY.EXE
Description=<a href="http://www.locutuscodeware.com/daytoday.htm" target="_blank">DayToday</a> from RoboMagic Software Corp. Displays the date on the taskbar
Source=Paul Collins Startup list
[DAZEL Delivery Agent]
Confirmed=U
Filename=DcDaemon.exe
Description=Control and send documents, etc, to any destination - see <a href="http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=888" target="_blank">here</a>
Source=Paul Collins Startup list
[dbserv]
Confirmed=N
Filename=dbserv.exe
Description=Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
Source=Paul Collins Startup list
[DCE Manager]
Confirmed=X
Filename=dcemgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html" target="_blank">TUMAG</a> TROJAN!
Source=Paul Collins Startup list
[DCfssvc]
Confirmed=U
Filename=dcfssvc.exe
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
Source=Paul Collins Startup list
[dcfssve]
Confirmed=U
Filename=dcfssvc.exe
Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
Source=Paul Collins Startup list
[DDCActiveMenu]
Confirmed=N
Filename=DDCActiveMenu.exe
Description=Digital Distribution Channel - formally part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games delivery service. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[DDCM]
Confirmed=N
Filename=DDCMan.exe
Description=Digital Distribution Channel - formally part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games delivery service. Note that WildTanget's <a href="Digital Distribution Channel - formally part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games delivery service. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[DDCMan]
Confirmed=N
Filename=DDCMan.exe
Description=Digital Distribution Channel - formally part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games delivery service. Note that WildTanget's <a href="Digital Distribution Channel - formally part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games delivery service. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html" target="_blank">GUBED</a> TROJAN Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[deejay]
Confirmed=X
Filename=forboo.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotay.html" target="_blank">FORBOT-AY</a> WORM!
Source=Paul Collins Startup list
[Default System Research]
Confirmed=X
Filename=vhchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.i.html" target="_blank">TARNO.I</a> TROJAN!
Source=Paul Collins Startup list
[Default web browser]
Confirmed=X
Filename=IexpIore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoblivionb.html" target="_blank">OBLIVION.B</a> TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"
Description=Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
Source=Paul Collins Startup list
[Delay]
Confirmed=U
Filename=delayrun.exe
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
Source=Paul Collins Startup list
[Delayrun]
Confirmed=U
Filename=delayrun.exe
Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
Source=Paul Collins Startup list
[delcab]
Confirmed=?
Filename=deltreew.exe C:\cabs
Description=<font color="#FF0000">??<font>
Source=Paul Collins Startup list
[Delete Me]
Confirmed=X
Filename=worm.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.doomhunter.html" target="_blank">DOOMHUNTER</a> WORM!
Source=Paul Collins Startup list
[Dell AIO Printer A***]
Confirmed=N
Filename=dlbabmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list
[Dell AIO Printer A***]
Confirmed=N
Filename=dlbfbmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list
[Dell AIO Printer A***]
Confirmed=N
Filename=dlbkbmgr.exe
Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
Source=Paul Collins Startup list
[Dell Alert]
Confirmed=N
Filename=DAMon.exe
Description="Dell Alert" utility, that's supposed to make interaction with Support easier
Source=Paul Collins Startup list
[DellDMI]
Confirmed=?
Filename=delldmi.exe
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?</font>
Source=Paul Collins Startup list
[DELLMMKB]
Confirmed=U
Filename=DELLMMKB.EXE
Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Source=Paul Collins Startup list
[DellSC]
Confirmed=N
Filename=dellsc.exe
Description=Dell Solution Center - web-based troubleshooting tools and educational offerings
Source=Paul Collins Startup list
[DellTouch]
Confirmed=U
Filename=MMKeybd.exe
Description=Dell multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list
[DellTouch]
Confirmed=U
Filename=DELLMMKB.EXE
Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
Description=Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. <font color="#FF0000">Deletes temporary files once an installation is complete?</font>
Source=Paul Collins Startup list
[DeltTray]
Confirmed=N
Filename=deltray.exe
Description=System Tray access to the control panel for the M-Audio <a href="http://www.midiman.net/products/m-audio/delta44.php" target="_blank">Delta 44</a> PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[demon]
Confirmed=?
Filename=demon.exe
Description=Part of the French Wanadoo ADSL extense pack. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[DepFrez]
Confirmed=U
Filename=frzstate.exe
Description=<a href="http://www.winselect.com/pages/deepfreeze/dpfrz_info.htm?B13=More+Info" target="_blank">Deep Freeze</a> from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
Source=Paul Collins Startup list
[Description of Shortcuts]
Confirmed=?
Filename=*.exe
Description=<font color="#FF0000">* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.html" target="_blank">BOOKMARKER</a> TROJAN!
Source=Paul Collins Startup list
[desktop]
Confirmed=X
Filename=desktop.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_md.shtml" target=_blank>SDBOT.MD</a> WORM!
Source=Paul Collins Startup list
[Desktop Architect]
Confirmed=N
Filename=DATRAY.EXE
Description=Desktop theme manager available <a href="http://download.com.com/3000-2326-5630015.html?tag=list" target="_blank">here</a> - for managing the desktop appearance, fonts, sounds, etc
Source=Paul Collins Startup list
[Desktop Plant]
Confirmed=N
Filename=AZARE10S.PLT
Description=Vritual plant from <a href="http://www.desksoft.com/DesktopPlant.htm" target="_blank">here</a> - this version is an Azalea, there are others so the filename may be different
Source=Paul Collins Startup list
[Desktop Search]
Confirmed=X
Filename=desktop.exe
Description=iSearch "Desktop Search" hijacker
Source=Paul Collins Startup list
[Desktop Service Centre]
Confirmed=?
Filename=DSC.exe
Description=OptusNet DSL or Dial-Up connection software - <font color="#FF0000">is it required?</font>
Source=Paul Collins Startup list
[Desktop Weather]
Confirmed=N
Filename=THE WEATHER CHANNEL.exe
Description=<a href="http://www.weather.com/services/desktop.html?from=tutorial" target="_blank">Desktop Weather</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list
[Desktop Weather 3]
Confirmed=N
Filename=THE WEATHER CHANNEL.exe
Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list
[Desktop Weather 3]
Confirmed=N
Filename=THEWEA~1.EXE
Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
Source=Paul Collins Startup list
[desktopmgr]
Confirmed=N
Filename=desktopmgr.exe
Description=Synchronisation manager for the cradles for the <a href="http://www.rim.net/products/index.shtml" target="_blank">Research In Motion</a> range of wireless handhelds, including the "Blackberry"
Source=Paul Collins Startup list
[DesktopX]
Confirmed=U
Filename=DESKTOPX.EXE
Description=A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
Source=Paul Collins Startup list
[deskup]
Confirmed=N
Filename=deskup.exe
Description=Adds Iomega Zip drive icons to the desktop
Source=Paul Collins Startup list
[detect]
Confirmed=U
Filename=idetect.exe
Description=<a href="http://www.clasys.com/internet_turbo.html" target="_blank">iNTERNET Turbo</a> from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled
Source=Paul Collins Startup list
[detect]
Confirmed=?
Filename=turbodetect.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Detector]
Confirmed=N
Filename=detector.exe
Description=USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
Source=Paul Collins Startup list
[DEventAgent]
Confirmed=U
Filename=eventagt.exe
Description=DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
Source=Paul Collins Startup list
[Device Configuration Loader]
Confirmed=X
Filename=msdvc32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Device Detector]
Confirmed=U
Filename=DevDetect.exe
Description=Watches for external digital imaging products being connected from <a href="http://www.acdsystems.com/English/index.htm" target="_blank">ACD Systems</a>
Source=Paul Collins Startup list
[DeviceDiscovery]
Confirmed=U
Filename=hpotdd01.exe
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
Source=Paul Collins Startup list
[DevicePath]
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list
[DevicePath]
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list
[Devices]
Confirmed=U
Filename=olesvr.exe
Description=Salfeld <a href="http://www.salfeld.com/parental_control_overwiew.htm" target="_blank">Child Control 2003</a> - parental control software
Source=Paul Collins Startup list
[devldr16]
Confirmed=U
Filename=devldr16.exe
Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
Source=Paul Collins Startup list
[Devlog]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Devlog]
Confirmed=?
Filename=devlog.exe
Description=Apparently mainboard/chipset related, by a French company called AS Media - <font color="#FF0000"> what exactly is it, and is it required</font>
Source=Paul Collins Startup list
[DGJM]
Confirmed=?
Filename=DGJM.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[dguard]
Confirmed=N
Filename=dguard.exe
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Source=Paul Collins Startup list
[DHCP Server]
Confirmed=X
Filename=regsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpr.html" target=_blank>RBOT-PR</a> WORM!
Source=Paul Collins Startup list
[dhcpagnt]
Confirmed=Y
Filename=dhcpagnt.exe
Description=Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
Source=Paul Collins Startup list
[DHNUXB]
Confirmed=?
Filename=DHNUXB.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[diagent]
Confirmed=N
Filename=diagent.exe
Description=System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs
Source=Paul Collins Startup list
[Dial22]
Confirmed=X
Filename=dlm.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Dial33]
Confirmed=X
Filename=dlm.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Dialer]
Confirmed=X
Filename=rundll32.exe msa32chk.dll
Description=Unidentfied malware
Source=Paul Collins Startup list
[Dialer Control]
Confirmed=U
Filename=dc.exe
Description=<a href="http://www.dialer-control.de/" target="_blank">Dialer-Control</a>. Detects and protects from premium rate p0rn diallers
Source=Paul Collins Startup list
[Dialer Detect]
Confirmed=U
Filename=dd.exe
Description=<a href="http://www.dialerdetect.nl/english/main.htm" target=_blank>DialerDetect</a> detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it
Source=Paul Collins Startup list
[Dialgo SDK]
Confirmed=U
Filename=PhoneAnswer.exe
Description=Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
Source=Paul Collins Startup list
[DialNet]
Confirmed=X
Filename=mxt32.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Dialog Box Assistant]
Confirmed=N
Filename=OSDEx.exe
Description=<a href="http://www.dualitysoft.com/osdex/" target="_blank">Dialog Box Assistant</a> from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
Source=Paul Collins Startup list
[Dialog Helper]
Confirmed=N
Filename=PDDLGHLP.EXE
Description=Dialog Helper from <a href="http://www.ontrack.com/powerdesk/">PowerDesk Pro</a> by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
Source=Paul Collins Startup list
[DIECOX]
Confirmed=X
Filename=csrss.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100826.htm" target="_blank">ATM.GEN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[DietK]
Confirmed=U
Filename=DietK.exe
Description=<a href="http://www.dietk.com/" target="_blank">DietK</a> - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"
Source=Paul Collins Startup list
[DigiCell]
Confirmed=U
Filename=DigiCell.exe
Description=MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"
Source=Paul Collins Startup list
[DigiD]
Confirmed=X
Filename=DigitalSound.exe
Description=Adware downloader
Source=Paul Collins Startup list
[DigiGuide]
Confirmed=N
Filename=CLIENT.EXE
Description=TV guide and reminder
Source=Paul Collins Startup list
[DigiGuide]
Confirmed=N
Filename=client01.exe
Description=TV guide and reminder
Source=Paul Collins Startup list
[Digital Dashboard]
Confirmed=N
Filename=devgulp.exe
Description=For Compaq PC's. Loads Digital Dashboard options
Source=Paul Collins Startup list
[Digital Line Detect]
Confirmed=N
Filename=DLG.exe
Description=Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
Source=Paul Collins Startup list
[Digital River eBot]
Confirmed=N
Filename=downlo~1.exe
Description=Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more <a href="http://groups.google.com/groups?hl=en&threadm=39727D1B.3754C1D1%40concentric.net&rnum=3&prev=/groups%3Fq%3DDigital%2BRiver%2BeBot%26btnG%3DGoogle%2BSearch%26hl%3Den" target="_blank">here</a>
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
Source=Paul Collins Startup list
[DigitalWizard Monitor]
Confirmed=N
Filename=dwMon.exe
Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
Source=Paul Collins Startup list
[DIGStream]
Confirmed=N
Filename=digstream.exe
Description=DIGStream Cache Manager - part of <a href="http://espn.go.com/motion/download.html" target="_blank">ESPN Motion</a> and <a href="http://disney.go.com/guestservices/disneymotion/about.html" target="_blank"> Disney Motion</a> that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
Source=Paul Collins Startup list
[Dimension]
Confirmed=U
Filename=Dimension.exe
Description=Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol
Source=Paul Collins Startup list
[Dimension4]
Confirmed=U
Filename=d4.exe
Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
Source=Paul Collins Startup list
[Dino3]
Confirmed=X
Filename=dino3.exe
Description=Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
Source=Paul Collins Startup list
[Dir1]
Confirmed=X
Filename=caKe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list
[Direct settings]
Confirmed=X
Filename=sdchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonii.html" target=_blank>DAEMONI-I</a> TROJAN!
Source=Paul Collins Startup list
[Direct Update]
Confirmed=U
Filename=DUControl.exe
Description=<a href="http://www.directupdate.net/" target="_blank">DirectUpdate</a> dynamic DNS updater
Source=Paul Collins Startup list
[Direct X Direct3D]
Confirmed=X
Filename=dxd3d.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Direct X Opengl]
Confirmed=X
Filename=dxopengl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcj.html" target=_blank>RBOT-CJ</a> WORM!
Source=Paul Collins Startup list
[DirectCD]
Confirmed=N
Filename=DirectCD.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list
[directs.exe]
Confirmed=X
Filename=directs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html" target="_blank">BEAGLE.O</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.r@mm.html" target="_blank">BEAGLE.R</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.s@mm.html" target="_blank">BEAGLE.S</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.t@mm.html" target="_blank">BEAGLE.T</a> WORMS!
Source=Paul Collins Startup list
[DIRECTVDSL]
Confirmed=U
Filename=Directvdsl.exe
Description=Starts DirectTV DSL modem at boot up. Can also be started manually
Source=Paul Collins Startup list
[DirectX]
Confirmed=X
Filename=ddhelp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN! Note - not the DirectX helper which is ddhelp.exe
Source=Paul Collins Startup list
[directx]
Confirmed=X
Filename=Directx.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list
[directx]
Confirmed=X
Filename=Sqlexploit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list
[DirectX]
Confirmed=X
Filename=DirectX.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.blaxe.html" target="_blank">BLAXE</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.logpole.html" target="_blank"> LOGPOLE</a> WORMS!
Source=Paul Collins Startup list
[directx]
Confirmed=X
Filename=NTCmd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list
[directx]
Confirmed=X
Filename=PipeCmd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html" target="_blank">SDBOT.D</a> TROJAN!
Source=Paul Collins Startup list
[DirectX For Microsoft Windows]
Confirmed=X
Filename=dtxservice.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html" target="_blank">PROGENT</a> TROJAN!
Source=Paul Collins Startup list
[DirectX for Microsoft Windows]
Confirmed=X
Filename=Fservice.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list
[DirectX for Microsoft Windows]
Confirmed=X
Filename=Sservice.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list
[DirectX Video Driver]
Confirmed=X
Filename=dxterm5.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wilaba.html" target=_blank>WILAB-A</a> TROJAN!
Source=Paul Collins Startup list
[DirectX64]
Confirmed=X
Filename=DirectXset.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100098.htm" target="_blank">BROWNEY.A</a> WORM!
Source=Paul Collins Startup list
[Dirkey]
Confirmed=U
Filename=Dirkey.exe
Description=<a href="http://www.protonfx.com/dirkey/" target="_blank">Dirkey</a> - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders
Source=Paul Collins Startup list
[Disable EHCI]
Confirmed=?
Filename=nousb20.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Disc Detector]
Confirmed=N
Filename=CtNotify.exe
Description=For Creative sound cards. Detects when you insert a CD, DVD, etc
Source=Paul Collins Startup list
[disc detector]
Confirmed=?
Filename=qnetquestnotifty.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[discoveg]
Confirmed=?
Filename=discoveg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DiscoverDeskshop]
Confirmed=N
Filename=Deskshop.exe
Description=<a href="http://www.dealchecker.com/doc.cfm?OID=1091" target="_blank">Discover Deskshop</a> - single use "virtual" credit card
Source=Paul Collins Startup list
[Disk Master]
Confirmed=X
Filename=[trojan name]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html" target="_blank">DISTER</a> TROJAN! - a spam relayer
Source=Paul Collins Startup list
[DiskeeperSystray]
Confirmed=N
Filename=DkIcon.exe
Description=<a href="http://www.executive.com/defrag/defrag.asp" target=_blank>DisKeeper</a> defragmentation software - can be started manually
Source=Paul Collins Startup list
[diskinf]
Confirmed=X
Filename=diskinf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[DISKMON.EXE]
Confirmed=?
Filename=DISKMON.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Disknag]
Confirmed=N
Filename=disknag.exe
Description=Dell program that reminds you to make your backup diskettes
Source=Paul Collins Startup list
[Diskstart]
Confirmed=X
Filename=Code.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Diskstart]
Confirmed=X
Filename=cat.exe
Description=MS-Connect dialler
Source=Paul Collins Startup list
[Diskstart]
Confirmed=X
Filename=hit.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Diskstart]
Confirmed=X
Filename=Snt.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Disk_Monitor]
Confirmed=U
Filename=Disk_Monitor.exe
Description=Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
Source=Paul Collins Startup list
[Display Drivers]
Confirmed=X
Filename=cssrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
Source=Paul Collins Startup list
[Display Settings]
Confirmed=N
Filename=hptasks.exe
Description=Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers
Source=Paul Collins Startup list
[DisplayTrayIcon]
Confirmed=N
Filename=TrayIcon.exe
Description=System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display
Source=Paul Collins Startup list
[Distiller Assistant 3.01]
Confirmed=N
Filename=DISTASST.EXE
Description=From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs
Source=Paul Collins Startup list
[Distributed File System]
Confirmed=X
Filename=Dfsvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.a.html" target=_blank>MYFIP.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.k.html" target=_blank>MYFIP.K</a> WORMS!
Source=Paul Collins Startup list
[Distributed File System]
Confirmed=X
Filename=kernel32dll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32myfipc.html" target=_blank>MYFIP-C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.k.html" target=_blank>MYFIP.K</a> WORMS!
Source=Paul Collins Startup list
[distributed.net client]
Confirmed=U
Filename=DNETC.EXE
Description=Dsitributed computing projects client from <a href="http://distributed.net/" target="_blank">Distributed.net</a> where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by <a href="http://distributed.net/trojans.html.en" target="_blank">viruses</a>
Source=Paul Collins Startup list
[Dit]
Confirmed=Y
Filename=dit.exe
Description="Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found
Source=Paul Collins Startup list
[DiTask.exe]
Confirmed=N
Filename=DiTask.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs
Source=Paul Collins Startup list
[Divamon.exe]
Confirmed=?
Filename=Divamon.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target=_blank>Eicon Networks</a> Diva ISDN or ADSL modem - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[DivX MediaPlayer 7.0]
Confirmed=X
Filename=Dr.DivX.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.g.html" target="_blank">ALADINZ.G</a> TROJAN!
Source=Paul Collins Startup list
[DivX Player]
Confirmed=X
Filename=DivXPlayer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[DivX Updater]
Confirmed=X
Filename=DivX.Exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html" target="_blank">NALDEM</a> TROJAN or MASTAK VIRUS!
Source=Paul Collins Startup list
[Divx4 codec]
Confirmed=X
Filename=devldr32.exe
Description=Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F412" target=_blank>devldr32.exe</a> file
Source=Paul Collins Startup list
[DJREGFIX]
Confirmed=N
Filename=regedit /s c:\hpdjregfix.reg
Description=DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
Source=Paul Collins Startup list
[DkService]
Confirmed=Y
Filename=DkService.exe
Description=From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.
Source=Paul Collins Startup list
[DKTime]
Confirmed=X
Filename=dktime.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html" target="_blank">LUNII</a> TROJAN!
Source=Paul Collins Startup list
[Dkware lptt01]
Confirmed=X
Filename=dkware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Dkware ml097e]
Confirmed=X
Filename=dkware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[dkzzixm]
Confirmed=?
Filename=dkzzixm.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[dla]
Confirmed=Y
Filename=tfswctrl.exe
Description=Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list
[DlaTray]
Confirmed=N
Filename=Dlatray.exe
Description=System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list
[dlder]
Confirmed=X
Filename=dlder.exe
Description=Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dlder.html" target="_blank">here</a>). Reported in the past as a virus
Source=Paul Collins Startup list
[DlDir1]
Confirmed=X
Filename=caKe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list
[DLForcerExe]
Confirmed=?
Filename=DLForcerEXE.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DLF_00000B00]
Confirmed=N
Filename=Vcdlf.exe
Description=Known to cause problems with "Out of memory" errors (see <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q303045" target="_blank">here</a>).<font color="#FF0000"> Otherwise, it's purpose is unknown</font>
Source=Paul Collins Startup list
[DLG]
Confirmed=N
Filename=DLGCHBW.exe
Description=Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list
[DLHelperEXE]
Confirmed=N
Filename=WATCH.exe
Description=Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
Source=Paul Collins Startup list
[DLHelperEXE.exe]
Confirmed=X
Filename=N/A
Description=Downloader for Microgaming/Casino software - stealth installed
Source=Paul Collins Startup list
[Dlite]
Confirmed=X
Filename=dllmanager.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.DN" target=_blank>WOOTBOT.DN</a> WORM!
Source=Paul Collins Startup list
[DLL Service Manager]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html" target="_blank">RPCBOT.F</a> TROJAN!
Source=Paul Collins Startup list
[DLL32]
Confirmed=X
Filename=dllmem32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.kwbot.e.worm.html" target="_blank">KWBOT.E</a> WORM!
Source=Paul Collins Startup list
[DllCacherv2]
Confirmed=X
Filename=dllcachev2.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lateda.html" target=_blank>LATEDA</a> TROJAN!
Source=Paul Collins Startup list
[dlldmt]
Confirmed=X
Filename=dlldmt.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[dllhelp]
Confirmed=X
Filename=dllhelp.exe
Description=Added by the <a href="http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm" target="_blank">STARTPAGE.DQ</a> hijacker
Source=Paul Collins Startup list
[dllhelp]
Confirmed=X
Filename=dllhlp.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=123155" target=_blank>Downloader-HI</a> TROJAN!
Source=Paul Collins Startup list
[dllhostxp.exe]
Confirmed=X
Filename=dllhostxp.exe
Description=Browser hijacker and adware downloader
Source=Paul Collins Startup list
[dllreg]
Confirmed=X
Filename=dllreg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[DLLService32]
Confirmed=X
Filename=dllsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX" target=_blank>AGOBOT.VX</a> WORM!
Source=Paul Collins Startup list
[DLT]
Confirmed=?
Filename=dlt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[dluca]
Confirmed=X
Filename=dluca.exe
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=6465&st=15&" target="_blank"> here</a>
Source=Paul Collins Startup list
[dluca]
Confirmed=X
Filename=dluca.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.c.html" target="_blank">DLUCA.C</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html" target="_blank">DLUCA.D</a> TROJAN!
Source=Paul Collins Startup list
[DM mgr]
Confirmed=X
Filename=dm_mgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jittar.html" target="_blank">JITTAR</a> TROJAN!
Source=Paul Collins Startup list
[DMILDR]
Confirmed=N
Filename=dmildr.exe
Description=Part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
Source=Paul Collins Startup list
[DMISL]
Confirmed=N
Filename=DMISL.EXE
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://support.intel.com/support/tokenexpress/pro/11601.htm" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[DMISLAPP]
Confirmed=N
Filename=DMISLAPP.exe
Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://support.intel.com/support/tokenexpress/pro/11601.htm" target=_blank>here</a> for more information
Source=Paul Collins Startup list
[Dmsvc32]
Confirmed=X
Filename=Dmsvc32.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.ABU&VSect=T" target=_blank>AGOBOT.ABU</a> WORM!
Source=Paul Collins Startup list
[dmtdll]
Confirmed=X
Filename=dmtdll.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Description=Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see <a href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=0" target="_blank">here</a>
Source=Paul Collins Startup list
[DNE Binding Watchdog]
Confirmed=Y
Filename=rundll dnes.dll, DnDneCheckBindings
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
Source=Paul Collins Startup list
[DNE DUN Watchdog]
Confirmed=Y
Filename=rundll dnes.dll, DnDneCheckDUN13
Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
Source=Paul Collins Startup list
[DNS Service]
Confirmed=X
Filename=dnsresolver.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpq.html" target=_blank>RBOT-PQ</a> WORM!
Source=Paul Collins Startup list
[DNS2GoClient]
Confirmed=?
Filename=dns2goclient.exe
Description=<a href="http://dns2go.deerfield.com/" target="_blank">DNS2Go</a> is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[DNXVC]
Confirmed=?
Filename=dnxvc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DocTor]
Confirmed=X
Filename=Doctor.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A" target="_blank">DOTOR.A</a> WORM!
Source=Paul Collins Startup list
[DocuMagix Init]
Confirmed=N
Filename=PWATCH.EXE
Description=<a href="http://www.documagix.com/" target="_blank">PaperMaster</a> is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
Source=Paul Collins Startup list
[DOGStart]
Confirmed=X
Filename=GSDOGST.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
Source=Paul Collins Startup list
[Doing]
Confirmed=?
Filename=doing.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Don't Panic]
Confirmed=U
Filename=dontpanicdemodp.exe
Description=30-day trial version of <a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic</a> privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."
Source=Paul Collins Startup list
[Don't Panic Pop-Up Stopper]
Confirmed=U
Filename=dpps2.exe
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list
[dos]
Confirmed=X
Filename=dos64.exe
Description=Adware downloader trojan
Source=Paul Collins Startup list
[Dosbat]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DoUWantIt]
Confirmed=N
Filename=duwi.exe
Description=DoUWantIt - online shopping assistant. Start it manually
Source=Paul Collins Startup list
[Download Accelerator Plus 5.0]
Confirmed=N
Filename=DAP.exe
Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is "adware" based
Description=<a href="http://www.forty.com/" target="_blank">Download Wonder</a> from Forty Software. Download manager for resuming downloads, amongst other features
Source=Paul Collins Startup list
[DownloadLegalMusic]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[DownloadWare]
Confirmed=X
Filename=dw.exe
Description=<a href="http://downloadware.net/" target="_blank">DownloadWare</a> - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a>). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as <a href="#MovieNetworks">MovieNetworks</a>, <a href="#MediaLoads">Medialoads</a> and <a href="#PAgent">PAgent</a>
Source=Paul Collins Startup list
[DownloadWare Engine]
Confirmed=X
Filename=Dwe.exe
Description=<a href="http://downloadware.net/" target="_blank">DownloadWare</a> - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a>). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as <a href="#MovieNetworks">MovieNetworks</a>, <a href="#MediaLoads">Medialoads</a> and <a href="#PAgent">PAgent</a>
Source=Paul Collins Startup list
[Downxz]
Confirmed=X
Filename=Downxz.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM
Description=<a href="http://www.professionalsatellite.com/html/direcway_dw4000_features.html" target="_blank">DirecWay</a> from DirectTV satellite based high-speed internet access
Source=Paul Collins Startup list
[dpcproxy]
Confirmed=X
Filename=dpcproxy.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html" target="_blank">GOLDENP-A</a> TROJAN!
Source=Paul Collins Startup list
[DPCProxyLoadOnStartup]
Confirmed=Y
Filename=dpcstart.exe
Description=<a href="http://www.professionalsatellite.com/html/direcway_dw4000_features.html" target="_blank">DirecWay</a> from DirectTV satellite based high-speed internet access
Source=Paul Collins Startup list
[Dpcstart]
Confirmed=Y
Filename=dpcstart.exe
Description=<a href="http://www.professionalsatellite.com/html/direcway_dw4000_features.html" target="_blank">DirecWay</a> from DirectTV satellite based high-speed internet access. Proxy software
Source=Paul Collins Startup list
[Dpcstart]
Confirmed=U
Filename=dpcstart.exe
Description=Startup program for Direcway 2-way satellite internet service. Loads DirecWay's Navigator, tray icon, etc
Source=Paul Collins Startup list
[dpi]
Confirmed=X
Filename=dpi.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
Source=Paul Collins Startup list
[dpps2]
Confirmed=U
Filename=dpps2.exe
Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list
[dps]
Confirmed=X
Filename=dps.exe
Description=scumware-remover.org foistware, bogus adware/spyware remover, is in fact itself a browser hijacker, redirecting to smartestsearch.com
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
Source=Paul Collins Startup list
[dried.exe]
Confirmed=?
Filename=dried.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DriveLED]
Confirmed=N
Filename=OODLed.exe
Description=<a href="http://www.oosoft.de/english/products/oodl/" target="_blank">O&O DriveLED</a> - displays your HDD LED on your monitor. Start manually
Source=Paul Collins Startup list
[Driver]
Confirmed=X
Filename=gbot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
Source=Paul Collins Startup list
[Driver32]
Confirmed=X
Filename=Scam32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" target="_blank"> SIRCAM</a> WORM!
Source=Paul Collins Startup list
[DriveSelect]
Confirmed=N
Filename=driveselect.exe
Description=DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs
Source=Paul Collins Startup list
[dRMON SmartAgent]
Confirmed=U
Filename=SmartAgt.exe
Description=Part of the network monitoring program group for 3Com NIC cards. See <a href="http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm" target="_blank">here</a> for more info
Source=Paul Collins Startup list
[drmu]
Confirmed=X
Filename=W95Mm.exe
Description=Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise. See this <a href="http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=0" target="_blank">thread</a>
Source=Paul Collins Startup list
[drocher]
Confirmed=X
Filename=d.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[drvddll.exe]
Confirmed=X
Filename=drvddll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html" target="_blank">BEAGLE.AP</a> WORM!
Source=Paul Collins Startup list
[Drvddll_exe]
Confirmed=X
Filename=drvddll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html" target="_blank">BEAGLE.X</a> WORM!
Source=Paul Collins Startup list
[DrvListnr]
Confirmed=?
Filename=DrvListnr.exe
Description=Analog Devices SoundMAX soundcard related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[drvlsnr]
Confirmed=U
Filename=drvlsnr.exe
Description=Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
Source=Paul Collins Startup list
[drvr32h]
Confirmed=X
Filename=drvr32h.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[drvrmanager]
Confirmed=X
Filename=drvrquery32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html" target="_blank">BOOHOO</a> WORM!
Source=Paul Collins Startup list
[drvsys.exe]
Confirmed=X
Filename=drvsys.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html" target="_blank">BEAGLE.W</a> WORM!
Source=Paul Collins Startup list
[drvupd]
Confirmed=X
Filename=rundll32 ..drvupd.inf
Description=Hijacker - drvupd.inf file installs a "searchforge.com" hijack
Source=Paul Collins Startup list
[Drwebscheduler]
Confirmed=Y
Filename=Drwebscd.exe
Description=<a href="http://www.sald.com/" target="_blank">Dr. Web</a> antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
Description=Digital desktop clock including synchronization with atomic servers - see <a href="http://www.dualitysoft.com/dsclock/" target="_blank">here</a>
Source=Paul Collins Startup list
[dsa]
Confirmed=X
Filename=dsa.exe
Description=Homepage hijacker - redirecting to downseek.com
Source=Paul Collins Startup list
[DSAcass]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html" target=_blank>RANKY.M</a> TROJAN!
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
Source=Paul Collins Startup list
[Dsi]
Confirmed=X
Filename=dp-******.exe
Description=Added by an unidentified adware where ****** are random characters
Source=Paul Collins Startup list
[Dskcompat]
Confirmed=X
Filename=Dskcompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[DSL Monitor]
Confirmed=N
Filename=spdstrm.exe
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
Source=Paul Collins Startup list
[DSLagentexe]
Confirmed=Y
Filename=DSLagent.exe
Description=Used in conjunction with USB connected ADSL modems from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection
Source=Paul Collins Startup list
[dslmon]
Confirmed=Y
Filename=dslmon.exe
Description=Sagem DSL modem related. Apparently needed to detect the modem
Source=Paul Collins Startup list
[DSLSTATEXE]
Confirmed=U
Filename=dslstat.exe
Description=System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
Source=Paul Collins Startup list
[DSS]
Confirmed=X
Filename=dssagent.exe
Description=DSSAgent by Br°derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See <a href="http://cexx.org/dssagent.htm" target="_blank">here</a> for more info
Source=Paul Collins Startup list
[DSSSGENS]
Confirmed=?
Filename=dssagens.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[DU Meter]
Confirmed=N
Filename=DUMETER.EXE
Description=<a href="http://www.dumeter.com/main.php" target="_blank">Hagel Technologies</a> internet bandwidth monitor
Source=Paul Collins Startup list
[dumprep 0 -k]
Confirmed=N
Filename=dumprep 0 -k
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[dumprep 0 -u]
Confirmed=U
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[dvd43]
Confirmed=N
Filename=DVD43_Tray.exe
Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a> is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"
Source=Paul Collins Startup list
[dvd98]
Confirmed=X
Filename=windvd98.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.p@mm.html" target="_blank">CULT.P</a> WORM!
Source=Paul Collins Startup list
[DVDBitSet]
Confirmed=U
Filename=DVDBitSet.exe
Description=DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
Source=Paul Collins Startup list
[Dvdcompat]
Confirmed=X
Filename=Dvdcompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[DVDLauncher]
Confirmed=N
Filename=DVDLauncher.exe
Description=A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use
Source=Paul Collins Startup list
[DVDSentry]
Confirmed=N
Filename=DSentry.exe
Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
Source=Paul Collins Startup list
[DVDTray]
Confirmed=?
Filename=DVDTray.exe
Description=HP CD/DVD Tray icon. <font color="#FF0000">What does it do, and is it required</font>
Source=Paul Collins Startup list
[DVDUpgrade]
Confirmed=?
Filename=DVDUpgrd.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Dvp95]
Confirmed=Y
Filename=Dvp95.exe
Description=Scan engine for <a href="http://www.f-secure.com/index.shtml" target="_blank">F-Secure</a> and Command antivirus software based on the <a href="http://www.f-prot.com" target="_blank">F-Prot AntiVirus</a> engine
Source=Paul Collins Startup list
[dvpapi9x]
Confirmed=Y
Filename=DVPAPI9X.exe
Description=Command AntiVirus for Windows 95/98/Me
Source=Paul Collins Startup list
[DvpInitExe]
Confirmed=Y
Filename=Dvpinit.exe
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> related
Source=Paul Collins Startup list
[dvprpt]
Confirmed=Y
Filename=Dvprpt.exe
Description=<a href="http://www.command.co.uk/html/products/csav/index.cfm">Command Antivirus</a> real time protection
Source=Paul Collins Startup list
[dvraudio]
Confirmed=X
Filename=dvraudio.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[dvsfss]
Confirmed=X
Filename=fbsfsdrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html" target="_blank">SDBOT-QA</a> WORM!
Source=Paul Collins Startup list
[DVSync]
Confirmed=U
Filename=dvsync.exe
Description=DVSync is the program that allows you to synchronize your daVinciÆs PDA's data with your Personal Information Manager on the PC
Source=Paul Collins Startup list
[Dvx]
Confirmed=X
Filename=wsxsvc.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
Source=Paul Collins Startup list
[dw]
Confirmed=X
Filename=dw.exe
Description=<a href="http://downloadware.net/" target="_blank">DownloadWare</a> - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a>). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as <a href="#MovieNetworks">MovieNetworks</a>, <a href="#MediaLoads">Medialoads</a> and <a href="#PAgent">PAgent</a>
Source=Paul Collins Startup list
[DWHeartbeatMonitor]
Confirmed=U
Filename=DWHeartbeatMonitor.exe
Description=DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
Source=Paul Collins Startup list
[DwlClient]
Confirmed=N
Filename=support.exe
Description=Download manager for Dell support alerts
Source=Paul Collins Startup list
[Dx]
Confirmed=X
Filename=sys*.exe [* = random number]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEXTER.A" target="_blank">DEXTER.A</a> WORM!
Source=Paul Collins Startup list
[Dx8compat]
Confirmed=X
Filename=Dx8compat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[DXDllRegExe]
Confirmed=N
Filename=dxdllreg.exe
Description=Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
Source=Paul Collins Startup list
[DxLoad]
Confirmed=X
Filename=DX3DRndr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html" target="_blank">GIBE.B</a> WORM!
Source=Paul Collins Startup list
[DXM6Patch_981116]
Confirmed=N
Filename=p_981116.exe
Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/groups?hl=en&threadm=OpHhSjpd%24GA.249%40cppssbbsa04&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN" target="_blank">here</a>
Source=Paul Collins Startup list
[Dxsty]
Confirmed=X
Filename=Dxsty.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Dxupdate.exe]
Confirmed=X
Filename=Dxupdate.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mafeg.html" target="_blank">MAFEG</a> WORM!
Source=Paul Collins Startup list
[DyFuCA]
Confirmed=X
Filename=optimize.exe
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
Source=Paul Collins Startup list
[DyFuCA Active Alert]
Confirmed=X
Filename=actalert.exe
Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
Source=Paul Collins Startup list
[DynDNS-Updater Traytool]
Confirmed=N
Filename=ddutray.exe
Description=<a href="http://www.dyndns.org/services/dyndns/" target="_blank">DynDNS</a> updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually
Source=Paul Collins Startup list
[Dynu Basic Client]
Confirmed=U
Filename=dynubas.exe
Description=<a href="http://www.dynu.com/" target=_blank>Dynu</a> online dynamic IP update client. Useful when using a dial up modem
Source=Paul Collins Startup list
[DZKillMe]
Confirmed=?
Filename=DZSAVEME.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[E-Card]
Confirmed=X
Filename=ecard.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodi.html" target="_blank">YODI</a> WORM!
Source=Paul Collins Startup list
[E-color]
Confirmed=U
Filename=IconMgr.Exe
Description=Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
Source=Paul Collins Startup list
[E6TaskPanel]
Confirmed=N
Filename=TaskPanl.exe
Description=Earthlink Task Panel - part of <a href="http://www.earthlink.net/home/software/" target="_blank">Earthlink TotalAccess 2003</a> internet access software. Quick access to internet, E-mail and web-space
Source=Paul Collins Startup list
[eabconfg.cpl]
Confirmed=U
Filename=EabServr.exe
Description=Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
Source=Paul Collins Startup list
[Eac_Cnry]
Confirmed=X
Filename=canary.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcanary.html" target="_blank"> CANARY</a> TROJAN!
Source=Paul Collins Startup list
[Eac_rnvdl]
Confirmed=?
Filename=ANTIVIRUS_INSTALL.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[EanthologyApp]
Confirmed=X
Filename=EANTHO~1.EXE
Description=<a href="http://www.stop-sign.com/" target="_blank">Stop-Sign</a> from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware itself - read their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Source=Paul Collins Startup list
[eanth_critical_update_alert]
Confirmed=X
Filename=sys_alert.exe
Description=Stop-Sign from eAcceleration. Purports to detect spyware, malware, viruses and keyloggers, but is in fact spyware itself - read their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Source=Paul Collins Startup list
[eanth_system_patcher]
Confirmed=N
Filename=sys_alert.exe
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Source=Paul Collins Startup list
[Eapcisetup]
Confirmed=N
Filename=sbsetup.exe
Description=Rockwell RipTide soundcard application software. Sound works without it
Source=Paul Collins Startup list
[EAPCISETUP]
Confirmed=N
Filename=wizard.exe
Description=Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
Source=Paul Collins Startup list
[EarthLink ToolBar 5.0]
Confirmed=N
Filename=etoolbar.exe
Description=EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
Source=Paul Collins Startup list
[Easy Key]
Confirmed=U
Filename=easykey.exe
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
Source=Paul Collins Startup list
[Easy Start Button]
Confirmed=N
Filename=esb.exe
Description=Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Source=Paul Collins Startup list
[EasyAV]
Confirmed=X
Filename=EasyAV.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.s@mm.html" target="_blank">NETSKY.S</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.t@mm.html" target="_blank">NETSKY.T</a> WORMS!
Source=Paul Collins Startup list
[EasyDates]
Confirmed=X
Filename=EasyDates.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[EasyDates_nl]
Confirmed=X
Filename=EasyDates_nl.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[EasyKey]
Confirmed=U
Filename=easykey.exe
Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
Source=Paul Collins Startup list
[EasyMessage]
Confirmed=U
Filename=em2.exe
Description=Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See <a href="http://www.easymessage.net/" target="_blank">here</a>
Source=Paul Collins Startup list
[EasySearchBar]
Confirmed=X
Filename=ESBUpdate.exe
Description=EasySearchBar adware downloader
Source=Paul Collins Startup list
[easyServ]
Confirmed=X
Filename=Server.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.easyserv.html" target="_blank">EASYSERV</a> TROJAN!
Source=Paul Collins Startup list
[EasySync Pro]
Confirmed=U
Filename=XCPCMenu.exe
Description=<a href="http://www.lotus.com/products/easysyncpro.nsf" target="_blank">EasySync Pro</a> is a Lotus program for synchronizing a PDA with Lotus Notes
Source=Paul Collins Startup list
[EasyTuneIII]
Confirmed=U
Filename=EasyTune.exe
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
Source=Paul Collins Startup list
[EasyTuneIV]
Confirmed=U
Filename=ET4Tray.exe
Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
Source=Paul Collins Startup list
[easywww]
Confirmed=X
Filename=easywww2.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Description=<a href="http://pages.ebay.com/ebay_toolbar/" target="_blank">eBay Toolbar</a> - reportes as spyware as it "phones home"
Source=Paul Collins Startup list
[eBoard]
Confirmed=U
Filename=Eboard.exe
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
Source=Paul Collins Startup list
[eBot]
Confirmed=N
Filename=DownloadWizard.exe
Description=<a href="http://www.ebot.com/index.html" target="_blank">eBot</a> from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
Source=Paul Collins Startup list
[ecpe]
Confirmed=?
Filename=ECPE.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[edexter]
Confirmed=?
Filename=edexter.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[editpad]
Confirmed=X
Filename=editpad.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojconsperb.html" target="_blank">CONSPER-B</a> TROJAN!
Source=Paul Collins Startup list
[EDLoader]
Confirmed=N
Filename=DTLoader.exe
Description=Effective Desktop from MiniStars Software - desktop management software no longer being supported
Source=Paul Collins Startup list
[EDRestore]
Confirmed=U
Filename=??
Description=<a href="http://www.easydesksoftware.com/spoint.htm" target="_blank">Set Point</a> from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
Source=Paul Collins Startup list
[educational writer]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlz.html" target="_blank">RBOT-LZ</a> WORM!
Source=Paul Collins Startup list
[Edwizard]
Confirmed=U
Filename=Edwizard.exe
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list
[eFax.com Tray Menu]
Confirmed=N
Filename=HotTray.exe
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[efaxs lptt01]
Confirmed=X
Filename=efaxs.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "efaxs" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[efaxs ml097e]
Confirmed=X
Filename=efaxs.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "efaxs" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Efpap.exe]
Confirmed=U
Filename=Efpap.exe
Description=<a href="http://www.softstack.com/fileprotpro.html" target="_blank">Easy File & Folder Protector</a>. Deny access to certain files and folders, or to hide them securely from viewing and searching
Source=Paul Collins Startup list
[ehTray]
Confirmed=?
Filename=ehtray.exe
Description=<font color="#FF0000">eHome <a href="http://www.microsoft.com/windowsxp/mediacenter/evaluation/hardware.asp" target="_blank">Media Center</a> PC related - what does it do and is it required?</font>
Source=Paul Collins Startup list
[ei10.exe]
Confirmed=X
Filename=ei10.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnk.html" target=_blank>AGOBOT-NK</a> WORM!
Source=Paul Collins Startup list
[Eicon NetworksLAN_DAEMON]
Confirmed=U
Filename=watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
Source=Paul Collins Startup list
[Eicon TechnologyLAN_DAEMON]
Confirmed=U
Filename=watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
Source=Paul Collins Startup list
[eixfi]
Confirmed=X
Filename=china.bat
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
Source=Paul Collins Startup list
[Elbycheck]
Confirmed=U
Filename=ElbyCheck.exe
Description=From <a href="http://www.elby.org/english/corp/index.htm" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Source=Paul Collins Startup list
[Electron Microscope]
Confirmed=U
Filename=EMIII.exe
Description=Electron Microscope or <a href="http://www.em-dc.com/" target=_blank>EM</a> - is a program used to track Stanford's distributed computing program client called Folding at Home, <a href="http://folding.stanford.edu/" target=_blank>FAH</a>. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues
Source=Paul Collins Startup list
[Element]
Confirmed=X
Filename=Element.txt
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html" target="_blank">ELEM</a> TROJAN!
Source=Paul Collins Startup list
[elm]
Confirmed=N
Filename=Elmenv.exe
Description=ViaTech eLicense for securing, distributing and selling music online
Source=Paul Collins Startup list
[ELSA WINman Suite]
Confirmed=U
Filename=Winmsuit.exe
Description=Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
Source=Paul Collins Startup list
[ElsaCapiCtl]
Confirmed=Y
Filename=Rcapi.exe
Description=Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
Source=Paul Collins Startup list
[ELSAChipGuard]
Confirmed=U
Filename=elsavect.exe
Description=ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
Source=Paul Collins Startup list
[EMA.exe]
Confirmed=N
Filename=EMA.EXE
Description=Time management system which helps you to manage your time and appointments
Source=Paul Collins Startup list
[eMachines eBoard]
Confirmed=U
Filename=Eboard.exe
Description=eMachines multimedia keyboard manager. Required if you use the extra keys
Source=Paul Collins Startup list
[emsw.exe]
Confirmed=X
Filename=emsw.exe
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list
[EN4060C Taskbar]
Confirmed=N
Filename=en4060ct.exe
Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
Source=Paul Collins Startup list
[encapsulated command tool]
Confirmed=?
Filename=wintr.com
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Encarta Dictionary Quickshelf]
Confirmed=N
Filename=QSHLFED.EXE
Description=<font color="#FF0000">Provides quick access to Encarta's Dictionary features?</font>
Source=Paul Collins Startup list
[ENCMONITOR]
Confirmed=N
Filename=monitor.exe
Description=The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it
Source=Paul Collins Startup list
[Encoder Agent]
Confirmed=N
Filename=WMENCAGT.EXE
Description=MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed
Source=Paul Collins Startup list
[Encompass_ENCMONTR]
Confirmed=U
Filename=ENCMONTR.EXE
Description=Optional simple browser from Yahoo (Encompass)
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Source=Paul Collins Startup list
[Enh Win Updt]
Confirmed=X
Filename=enhupdt.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h
Source=Paul Collins Startup list
[enhance32]
Confirmed=X
Filename=enhance32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[EnigmaPopupStop]
Confirmed=N
Filename=EnigmaPopupStop.exe
Description=SpyHunter - spyware remover of somewhat dubious repute, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list
[ENSApServer2_0]
Confirmed=?
Filename=APSERVER.EXE
Description=Intel AnyPoint Wireless II Home Network related. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[ENSMIX32.EXE]
Confirmed=?
Filename=ENSMIX32.EXE
Description=Sound card driver. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[EnsoniqMixer]
Confirmed=U
Filename=starter.exe
Description=Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on <a href="all/starter_exe.htm" target="_blank">this</a> special page. Similar to Creative PCI Audio Configuration Utility
Source=Paul Collins Startup list
[Enumerate Service]
Confirmed=X
Filename=wsys.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list
[eonemng]
Confirmed=U
Filename=eOneMng.exe
Description=eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[EPS]
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[EPSON Background Monitor]
Confirmed=N
Filename=STMS.EXE
Description=Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
Source=Paul Collins Startup list
[EPSON CardMonitor]
Confirmed=U
Filename=EPSON CardMonitor1.0.exe
Description=Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
Source=Paul Collins Startup list
[EPSON Status Monitor 3 Environment Check]
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[EPSON Status Monitor 3 Environment Check]
Confirmed=N
Filename=e_srcv02.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[EPSON Status Monitor 3 Environment Check 2]
Confirmed=N
Filename=e_srcv03.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[EPSON Status Monitor 3 Environment Check 2]
Confirmed=N
Filename=e_srcv02.exe
Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
Source=Paul Collins Startup list
[Epson Stylus C62 Series]
Confirmed=U
Filename=E-S0BIC1.EXE
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
Source=Paul Collins Startup list
[Epson Stylus C82 Series]
Confirmed=U
Filename=e_s0hic1.EXE
Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
Source=Paul Collins Startup list
[EpsonPhotoStarter]
Confirmed=U
Filename=EPSON_PhotoStarter.exe
Description=Only needed if you want to make full use of the capabilities of an Epson printer that included this
Source=Paul Collins Startup list
[Equipmen]
Confirmed=?
Filename=Equipmen.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[EReg]
Confirmed=N
Filename=reg32.exe
Description=EReg is a software registration tool incorporated on products such as those by Br°derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
Source=Paul Collins Startup list
[erm]
Confirmed=?
Filename=erm.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[eros.exe]
Confirmed=X
Filename=eros.exe
Description=Adult content dailler
Source=Paul Collins Startup list
[ErrorGuard]
Confirmed=X
Filename=ErrorGuard.exe
Description=Spyware remover of dubious repute
Source=Paul Collins Startup list
[erthgdr]
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html" target="_blank">BEAGLE.AO</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.aq@mm.html" target="_blank">BEAGLE.AQ</a> WORMS!
Source=Paul Collins Startup list
[ERTS0749]
Confirmed=?
Filename=ERTS0749.exe
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
Source=Paul Collins Startup list
[eSafe Protect]
Confirmed=Y
Filename=ESPWatch.exe
Description=<a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> from Aladdin - internet security for gateway and E-mail servers
Source=Paul Collins Startup list
[ESB]
Confirmed=U
Filename=esb.exe
Description=Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Description=<a href="http://www.mspl.net/antivirus/escan/escan.asp" target="_blank">eScan</a> antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
Source=Paul Collins Startup list
[EScorcher]
Confirmed=X
Filename=escorcher.exe
Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
Source=Paul Collins Startup list
[ESFTP]
Confirmed=N
Filename=esftp.exe
Description=<a href="http://esftp.com/features.html" target="_blank">ESftp</a> - FTP client for transfering files between a local PC and another remote computer
Source=Paul Collins Startup list
[Esoh]
Confirmed=X
Filename=Esoh123.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF" target=_blank>AGOBOT.FF</a> WORM!
Source=Paul Collins Startup list
[ESPN BottomLine]
Confirmed=N
Filename=bline.exe
Description=ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
Source=Paul Collins Startup list
[ESS Daemon]
Confirmed=?
Filename=Essd.exe
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[essapm]
Confirmed=?
Filename=essapm.exe
Description=ESS Solo soundcard driver. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Essdc]
Confirmed=Y
Filename=essdc.exe
Description=Related to an ESS Solo soundcard. Seems as though it's required
Source=Paul Collins Startup list
[ESSNDSYS]
Confirmed=?
Filename=ESSNDSYS.EXE
Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[ESSOLO]
Confirmed=Y
Filename=ESSOLO.exe
Description=Sound card driver that re-instates itself every time it's removed
Source=Paul Collins Startup list
[esspk]
Confirmed=Y
Filename=esspk.exe
Description=ESS Technology modem speaker driver file. Required to get on-line with this modem
Source=Paul Collins Startup list
[EssSpkPhone]
Confirmed=U
Filename=essspk.exe
Description=ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
Source=Paul Collins Startup list
[Ethernet]
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list
[Etraffic]
Confirmed=X
Filename=JavaRun.exe
Description=Marketing software from <a href="http://www.etraffic.com/" target="_blank">TopMoxie</a>
Source=Paul Collins Startup list
[eTrust EZ Firewall]
Confirmed=Y
Filename=efpeadm.exe
Description=<a href="http://www1.my-etrust.com/products/Firewall.cfm" target="_blank">eTrust EZ Firewall</a>
Source=Paul Collins Startup list
[eTrust PestPatrol Active Protection]
Confirmed=U
Filename=PPActiveDetection.exe
Description=<a href="http://www.pestpatrol.com/" target=_blank>PestPatrol</a> real-time protection feature. "Stops spyware before it infects your system"
Source=Paul Collins Startup list
[eTrustCIPE]
Confirmed=Y
Filename=ezdsmain.exe
Description=<a href="http://www1.my-etrust.com/products/info/Deskshield/4?CFID=6909348&CFTOKEN=43ce20d%2D0001f1aa%2Df6e5%2D1d77%2Dbe1e%2D2f0eac14303f" target="_blank">eTrust EZ Deskshield</a> from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
Source=Paul Collins Startup list
[EuroGlot]
Confirmed=U
Filename=EuroGlot.exe
Description=<a href="http://www.euroglotonline.nl/en/default.html" target="_blank">Euroglot</a> - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
Source=Paul Collins Startup list
[Event Log]
Confirmed=?
Filename=eventlog.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Event Planner Reminders]
Confirmed=N
Filename=PLNRnote.exe
Description=Sierra Event Planner tray icon
Source=Paul Collins Startup list
[Event Reminder]
Confirmed=N
Filename=pmremind.exe
Description=A calendar/alarm program that installs with Br°derbund Printmaster
Source=Paul Collins Startup list
[EVENTLISTENER]
Confirmed=U
Filename=EvLstnr.exe
Description=Used with a Nikon digital camera to recognize when the camera is plugged in
Source=Paul Collins Startup list
[eventmgr]
Confirmed=N
Filename=eventmgr.exe
Description=Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
Source=Paul Collins Startup list
[Evidence Eliminator]
Confirmed=N
Filename=ee.exe
Description=<a href="http://www.evidence-eliminator.com/product.shtml" target="_blank">Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
Source=Paul Collins Startup list
[evntsvc]
Confirmed=N
Filename=evntsc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. Not required - see <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version
Source=Paul Collins Startup list
[EVOLOSTA]
Confirmed=U
Filename=EVOLOSTA.EXE
Description=Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
Source=Paul Collins Startup list
[EvtHtm]
Confirmed=X
Filename=evthtm.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[EW Message Server]
Confirmed=U
Filename=msg32.exe
Description=Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
Source=Paul Collins Startup list
[eWare Startup]
Confirmed=N
Filename=iWareStart.exe
Description=<a href="http://www.eware.com/about/index.asp" target="_blank">eWare</a> iWare task bar. Not required
Description=Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
Source=Paul Collins Startup list
[Excite Private Messenger Pipe]
Confirmed=?
Filename=x8impipe.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ExciteAssistantEXE]
Confirmed=N
Filename=ASSISTANT.EXE
Description=With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "Exe" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[exe ml097e]
Confirmed=X
Filename=exe.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "Exe" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[execfg4]
Confirmed=X
Filename=execfg4.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html" target="_blank">ELECTRON</a> WORM!
Source=Paul Collins Startup list
[Execute]
Confirmed=?
Filename=delfolders.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ExeName32]
Confirmed=X
Filename=Warm.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.scold@mm.html" target="_blank">SCOLD</a> WORM!
Source=Paul Collins Startup list
[exgiwsl]
Confirmed=?
Filename=exgiwsl.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Exif Launcher]
Confirmed=U
Filename=Exiflaquickdcr.exe
Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
Source=Paul Collins Startup list
[Exif Launcher]
Confirmed=U
Filename=QuickDCF.exe
Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
Source=Paul Collins Startup list
[ExitKiller]
Confirmed=U
Filename=Ekiller.exe
Description=<a href="http://www.exitkiller.net/" target="_blank">Exit Killer</a> - automatically closes pop-up windows in your browser
Source=Paul Collins Startup list
[exmon]
Confirmed=?
Filename=hpimoniter.exe
Description=<font color="#FF0000">Some kind of hp digital camera maybe or a photo smart connection probe?</font>
Source=Paul Collins Startup list
[Explkw]
Confirmed=X
Filename=expup.exe
Description=Keywords hijacker
Source=Paul Collins Startup list
[explore]
Confirmed=X
Filename=explore.exe
Description=Added by any number of VIRUSES, WORMS or TROJANS!
Source=Paul Collins Startup list
[Explore]
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.g.html" target="_blank">IRC.FLOOD.G</a> TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[Explore]
Confirmed=X
Filename=explore.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[explore.exe]
Confirmed=X
Filename=Explore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html" target="_blank">GRAYBIRD.G</a> TROJAN!
Source=Paul Collins Startup list
[explorer]
Confirmed=U
Filename=explorer.exe
Description=Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO&VSect=T" target="_blank">PE_BISTRO</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html" target="_blank">DVLDR</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.b@mm.html" target="_blank">MYDOOM.C</a>. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL
Source=Paul Collins Startup list
[explorer]
Confirmed=X
Filename=wscript.exe [filename]
Description=Sneaky way to start any VBS script. Many viruses use VBS files
Source=Paul Collins Startup list
[Explorer]
Confirmed=X
Filename=shellexpl.exe
Description=Added by the <a href="http://www.z-virus.com/Eng-virus-HTM/gpix.htm" target="_blank"> GPIX</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sheldor.html" target="_blank">SHELDOR</a> VIRUSES!
Source=Paul Collins Startup list
[explorer]
Confirmed=X
Filename=expl32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.html" target="_blank">RATSOU</a> TROJAN!
Source=Paul Collins Startup list
[Explorer]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list
[Explorer]
Confirmed=X
Filename=shellexp.exe
Description=Added by a variant of the <a href="http://www.symantec.nl/avcenter/venc/data/backdoor.sheldor.html" target=_blank>SHELDOR</a> TROJAN!
Source=Paul Collins Startup list
[Explorer lptt01]
Confirmed=X
Filename=explorer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!
Source=Paul Collins Startup list
[Explorer ml097e]
Confirmed=X
Filename=explorer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!
Source=Paul Collins Startup list
[Explorer Updater]
Confirmed=X
Filename=IEXPLORE.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html" target="_blank">SDBOT-WO</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Explorer32]
Confirmed=X
Filename=Expl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B" target="_blank">HACKTACK.B</a> TROJAN!
Source=Paul Collins Startup list
[Exshow95]
Confirmed=U
Filename=EXSHOW95.exe
Description=Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
Source=Paul Collins Startup list
[ExtraDNS]
Confirmed=U
Filename=ExtraDNS.exe
Description=<a href="http://www.extratools.com/" target="_blank">ExtraDNS</a> - DNS configuration tool
Description=<a href="http://www.asus.com/products/vga/tvfm/overview.htm" target="_blank">EzVCR</a> recording software for the ASUS TV FM card. Available via Start -> Programs
Source=Paul Collins Startup list
[EZDesk]
Confirmed=N
Filename=EZDESK.EXE
Description=Utility that remembers icon locations for each user and resolution. Available <a href="http://members.aol.com/EzDesk95/" target="_blank">here</a>
Source=Paul Collins Startup list
[EzEjMnAp]
Confirmed=N
Filename=EzEjMnAp.exe
Description=For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
Source=Paul Collins Startup list
[eZmmod]
Confirmed=X
Filename=mmod.exe
Description=Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read <a href="http://www.ahfb2000.com/ezula/ezula.php" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[EZNORUN]
Confirmed=?
Filename=EZNORUN.EXE
Description=<font color="#FF0000">Easy Internet related?</font>
Source=Paul Collins Startup list
[ezPS_Px]
Confirmed=Y
Filename=ezSP_PxEngine.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list
[ezPS_Px]
Confirmed=Y
Filename=ezSP_Px.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list
[ezShieldProtector for Px]
Confirmed=Y
Filename=ezSP_Px.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list
[ezShieldProtector for Px]
Confirmed=Y
Filename=ezSP_PxEngine.exe
Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Source=Paul Collins Startup list
[EZSMART App]
Confirmed=U
Filename=ezsmart.exe
Description=EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported
Source=Paul Collins Startup list
[ezula]
Confirmed=X
Filename=eZmmod.exe
Description=Regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read <a href="http://www.ahfb2000.com/ezula/ezula.php" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[eZulaMain]
Confirmed=X
Filename=eZulaMain.exe
Description=Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read <a href="http://www.ahfb2000.com/ezula/ezula.php" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[eZuluMain]
Confirmed=X
Filename=eZuluMain.exe
Description=Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
Description=Epson Stylus printer monitor - for checking ink levels, etc.
Source=Paul Collins Startup list
[E_S23]
Confirmed=U
Filename=E_SICN03.exe
Description=Epson printer status monitor - for checking ink levels, etc.
Source=Paul Collins Startup list
[E_S4I2F1]
Confirmed=N
Filename=E_S4I2F1.exe
Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of a print job spooled to that printer
Source=Paul Collins Startup list
[E_S4I2G1]
Confirmed=?
Filename=E_S4I2G1.EXE
Description=Related to the Epson Stylus CX5400 printer/scanner/copier. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[E_SOEIC1]
Confirmed=U
Filename=E_SOEIC1.exe
Description=Epson Stylus printer monitor - for checking ink levels, etc.
Description=<a href="http://www.f-prot.com">F-Prot</a> anti-virus background scanner by F-Risk Software
Source=Paul Collins Startup list
[f1Tray.exe]
Confirmed=U
Filename=F1TRAY.EXE
Description=System Tray icon for FusionOneÆs <a href="http://www.mightyphone.com/" target=_blank>MightyPhone</a> software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"
Source=Paul Collins Startup list
[f607]
Confirmed=X
Filename=f607.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urat.b.html" target="_blank">URAT.B</a> TROJAN!
Source=Paul Collins Startup list
[FamilyKeyLogger]
Confirmed=U
Filename=cisvc.exe
Description="<a href="http://www.spyarsenal.com/familykeylogger/" target="_blank">Family Keylogger</a> - is your best choice, if you want to know what other users on your machine are typing". Note! - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/cisvc/" target="_blank">cisvc.exe</a> service.
Source=Paul Collins Startup list
[fapmon]
Confirmed=?
Filename=fapmon.exe
Description=<a href="http://www.copperhead.cc/fap.html" target="_blank">Fair Access Policy</a> monitor for DirecPC/DirecWay internet access
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
Description=Added by unidentified adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan.Win32.Favadd.i
Source=Paul Collins Startup list
[FastCache]
Confirmed=U
Filename=fc.exe
Description=<a href="http://www.analogx.com/contents/download/network/fc.htm" target="_blank">FastCache</a> from AnalogX - speeds up browsing by resolving DNS requests locally
Source=Paul Collins Startup list
[FastTrack Accelerator]
Confirmed=N
Filename=SPEED UP.EXE
Description=<a href="http://www.sharemonkey.com/fta/index.php" target="_blank">FastTrack Accelerator</a> - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
Source=Paul Collins Startup list
[FastUsr]
Confirmed=N
Filename=fast.exe
Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
Source=Paul Collins Startup list
[FatPipe]
Confirmed=U
Filename=DHCP
Description=Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Source=Paul Collins Startup list
[Fatpipe Dialer]
Confirmed=U
Filename=fpdialer.exe
Description=Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Source=Paul Collins Startup list
[FBDirect]
Confirmed=U
Filename=FBDirect.exe
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[FBI]
Confirmed=?
Filename=FBISM.exe
Description=<font color="#FF0000">Compaq related but what does it do?</font>
Source=Paul Collins Startup list
[fc]
Confirmed=X
Filename=runfc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.campurf@mm.html" target="_blank">CAMPURF</a> WORM!
Source=Paul Collins Startup list
[FD_SAP]
Confirmed=?
Filename=FD.exe
Description=Genicom SAP Printer driver. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[FEELitDeviceManager]
Confirmed=U
Filename=feelitdm.exe
Description=Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
Source=Paul Collins Startup list
[fegoze]
Confirmed=X
Filename=SVCH0ST.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.d.html" target="_blank">GRAYBIRD.D</a> TROJAN!
Source=Paul Collins Startup list
[Fellowes Proxy]
Confirmed=U
Filename=R3proxy.exe
Description=Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
Source=Paul Collins Startup list
[Fen Startups]
Confirmed=X
Filename=fensvc32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ccf.html" target=_blank>RANDEX.CCF</a> WORM!
Source=Paul Collins Startup list
[FerrariWallPaper]
Confirmed=U
Filename=FerrariWP.exe
Description=Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.j.html" target=_blank>RANKY.J</a> TROJAN!
Source=Paul Collins Startup list
[Fhtisxk]
Confirmed=U
Filename=fhtisxk.exe
Description=XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example)
Source=Paul Collins Startup list
[FieldForms Sync]
Confirmed=U
Filename=SyncService.exe
Description=Resco <a href="http://www.resco-net.com/enterprise/fieldforms/" target="_blank">FieldForms</a>. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well
Source=Paul Collins Startup list
[FiendlyType]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[file indexing service]
Confirmed=?
Filename=msfindfile.exe
Description=<font color="#FF0000">New version of MS FindFast and still a resource hog?</font>
Source=Paul Collins Startup list
[File System Service]
Confirmed=X
Filename=wmiprvsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobothz.html" target="_blank">AGOBOT-HZ</a> TROJAN!
Source=Paul Collins Startup list
[FileFreedom_Plugin]
Confirmed=N
Filename=wtm.exe
Description=<a href="http://www.filefreedom.com/" target="_blank">FileFreedom</a> peer-to-peer sharing program
Source=Paul Collins Startup list
[FileManager32]
Confirmed=X
Filename=Wscript.exe ..ChkMgr32.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.notup.a@mm.html" target="_blank">NOTUP.A</a> WORM!
Source=Paul Collins Startup list
[FileSoft]
Confirmed=X
Filename=Wscript.exe UpdataFiles.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.sst.b@mm.html" target="_blank">SST.B</a> WORM!
Source=Paul Collins Startup list
[FilterGate]
Confirmed=U
Filename=filtergate.exe
Description=<a href="http://www.filtergate.com/" target="_blank">Filtergate</a> internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
Source=Paul Collins Startup list
[Filterguard]
Confirmed=U
Filename=Filtrgrd.exe
Description=An icon located in the lower left of the screen and looks like a lifesaver. This icon is a ôshort-cutö to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by ôright-clickingö on the icon
Source=Paul Collins Startup list
[Find Fast]
Confirmed=X
Filename=Findfast.exe
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
Source=Paul Collins Startup list
[Find Virus Launch Program]
Confirmed=Y
Filename=fvlaunch.exe
Description=Part of <a target="_blank" href="http://www.drsolomon.com/">Dr. Solomon's Antivirus</a>
Source=Paul Collins Startup list
[FinePrint Dispatcher vx]
Confirmed=N
Filename=FPDISPxA.EXE
Description=<a href="http://www.softwarelabs.com/fp/fineprint.htm" target="_blank">FinePrint</a> - virtual printer for use with any printer. Search for "dispatcher" <a href="http://www.softwarelabs.com/fp/fp-faq.htm" target="_blank"> here</a> for more information. If removed, it will re-install when program is run - hence the Y recommendation
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.x@mm.html" target="_blank">NETSKY.X</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.y@mm.html" target="_blank">NETSKY.Y</a> WORMS!
Source=Paul Collins Startup list
[FireWire Driver]
Confirmed=X
Filename=samx.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html" target=_blank>SDBOT.AE</a> WORM!
Description=Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
Source=Paul Collins Startup list
[Fix-it AV]
Confirmed=Y
Filename=memcheck.exe
Description=Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
Source=Paul Collins Startup list
[fkSysMon]
Confirmed=N
Filename=fksysmon.exe
Description=<a href="http://www.fkware.com/sysmon/index.html" target="_blank">fkWrae SysMon</a> - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
Source=Paul Collins Startup list
[FLASH32]
Confirmed=?
Filename=-flash32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[FlashPath Monitor]
Confirmed=N
Filename=SDSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
Source=Paul Collins Startup list
[FlashPath Monitor]
Confirmed=N
Filename=FLSHSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
Source=Paul Collins Startup list
[FlashPath Status]
Confirmed=N
Filename=SDSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
Source=Paul Collins Startup list
[FlashPath Status]
Confirmed=N
Filename=FLSHSTAT.EXE
Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
Source=Paul Collins Startup list
[Flexicd]
Confirmed=U
Filename=Flexicd.exe
Description=CD player - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
Source=Paul Collins Startup list
[FLMTRUSTKB]
Confirmed=?
Filename=KbdAp32A.exe
Description=Keyboard utility for a Trust brand keyboard.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[FLMTRUSTMOUSE]
Confirmed=?
Filename=mouse32a.exe
Description=Mouse utility for a Trust brand mouse.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[FLooDNeT]
Confirmed=X
Filename=FLooDeR.exe
Description=Added by of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.endool.html" target="_blank">ENDOOL</a> TROJAN!
Source=Paul Collins Startup list
[Flow Go TV]
Confirmed=?
Filename=flogotv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[flps]
Confirmed=X
Filename=flps.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html" target="_blank">BYRON</a> WORM!
Source=Paul Collins Startup list
[flpycntl]
Confirmed=X
Filename=flpycntl.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[FLSVCI]
Confirmed=?
Filename=FLSVCI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[FltProcess]
Confirmed=Y
Filename=msinet.exe
Description=Part of <a href="http://www.cyberpatrol.com/">Cyber Patrol</a> internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
Source=Paul Collins Startup list
[FlyswatDesktop]
Confirmed=X
Filename=flydesk.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[FmctrlTray]
Confirmed=U
Filename=Fmctrl.EXE
Description=Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)
Source=Paul Collins Startup list
[fmnwebassist]
Confirmed=X
Filename=fmnwebassist.exe
Description=Adware popup generator
Source=Paul Collins Startup list
[FMStart]
Confirmed=U
Filename=Fmstart.exe
Description=<a href="http://www.gfi.com/faxmaker/" target="_blank">GFI FAXmaker</a> - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
Source=Paul Collins Startup list
[FMSZ]
Confirmed=X
Filename=fmsz.exe
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/f/fmsz.asp" target="_blank">FMSZ</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list
[Folding@home]
Confirmed=N
Filename=WINFAH.EXE
Description=Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
Source=Paul Collins Startup list
[FoneSyncSystemTray]
Confirmed=N
Filename=FoneSyncSystemTray.exe
Description=System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
Source=Paul Collins Startup list
[FontFix]
Confirmed=X
Filename=fontfix.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[FONTVIEW]
Confirmed=X
Filename=FONTVIEW.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[foobin lptt01]
Confirmed=X
Filename=adaware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[foobin ml097e]
Confirmed=X
Filename=adaware.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[FoolProof]
Confirmed=Y
Filename=fpwinldr.exe
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
Source=Paul Collins Startup list
[FoolProofSweep]
Confirmed=Y
Filename=??
Description=Part of <a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
Source=Paul Collins Startup list
[Forbes]
Confirmed=N
Filename=ForbesAlerts.exe
Description=Forbes Business News Alerts - displays business news headlines in a little window on the screen
Source=Paul Collins Startup list
[ForceShow]
Confirmed=X
Filename=rundll32.exe QaBar.dll, ForceShowBar
Description=<a href="http://www.doxdesk.com/parasite/AdultLinks.html" target="_blank">AdultLinks/QAbar</a> parasite related
Source=Paul Collins Startup list
[Forget Me Not]
Confirmed=N
Filename=AGRemind.exe
Description=Calendar reminder part of <font color="#FF0000"><a href="http://www.broderbund.com/SubCategory.asp?CID=107" target="_blank">American Greetings« CreataCard«</a></font>
Source=Paul Collins Startup list
[FotoStation Easy AutoLaunch]
Confirmed=N
Filename=FotoStation Easy AutoLaunch.exe
Description=Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
Source=Paul Collins Startup list
[Foul PX]
Confirmed=U
Filename=FoulPX.exe
Description=Foul PX, Optusnet usage stat checker
Source=Paul Collins Startup list
[FourthDay]
Confirmed=U
Filename=FourthDay.exe
Description=<a href="http://www.starstonesoftware.com/fourthday.htm" target="_blank">The Fourth Day</a> - "astronomical clock and almanac for your system tray"
Source=Paul Collins Startup list
[FP Loader]
Confirmed=Y
Filename=loadfp.exe
Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> - PC security software from SmartStuff
Source=Paul Collins Startup list
[FPWGMWZD]
Confirmed=?
Filename=FPWGMWZD.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Fpx]
Confirmed=N
Filename=mnmsrvc.exe
Description=Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
Source=Paul Collins Startup list
[France]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.l@mm.html" target="_blank">MIMAIL.L</a> WORM!. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Fraps]
Confirmed=U
Filename=fraps.exe
Description=Fraps Real-Time Video Capture software
Source=Paul Collins Startup list
[Free Download Manager]
Confirmed=N
Filename=fdm.exe
Description="Free Download Manager" - see <a href="http://www.freedownloadmanager.org/" target="_blank">here</a>
Source=Paul Collins Startup list
[Free Downloads Monitor]
Confirmed=?
Filename=fdcmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Freedom]
Confirmed=Y
Filename=Freedom.exe
Description=Zero Knowledge <a href="http://www.freedom.net/" target="_blank">Freedom</a> - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more
Source=Paul Collins Startup list
[FreeMem Pro]
Confirmed=U
Filename=FMEMPRO.EXE
Description=Some users swear by memory management utilities such as FreeMem Pro but others say you don't need them - especially if you have Win98 or WinME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[FreeMemVn2]
Confirmed=U
Filename=FreeMem.exe
Description=Some users swear by memory management utilities such as FreeMem but others say you don't need them - especially if you have Win98 or WinME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[FreeMP3download]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[FreeRAM XP]
Confirmed=U
Filename=FreeRAM XP Pro x.exe
Description=Some users swear by memory management utilities such as <a href="http://www.yourwaresolutions.com/" target="_blank">FreeRAM XP Pro</a> but others say you don't need them - especially if you have Win98 or WinME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind. "x" indicates the version number
Description=<a href="http://www.softcows.com/fresh_desktop.htm" target=_blank>Fresh Desktop</a> is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals
Source=Paul Collins Startup list
[freshclam]
Confirmed=N
Filename=freshclam.exe
Description=Auto update agent of the open source <a href="http://www.clamwin.com/" target=_blank>Clamwin</a> virus scanner
Source=Paul Collins Startup list
[frguk]
Confirmed=?
Filename=shdrkmck.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[FridaysInHellInstaller]
Confirmed=?
Filename=FridaysInHellInstaller.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[FriendlyType]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[FriendlyTypeName]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[FriendlyTypeName]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[FriendlyWebQuick-Launch]
Confirmed=N
Filename=SELFCERT.EXE
Description=selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
Source=Paul Collins Startup list
[FRISK FP-Scheduler]
Confirmed=U
Filename=F-Sched.exe
Description=Scheduler for <a href="http://www.f-prot.com/" target="_blank"> F-Prot</a> anitvirus software. Leave enabled unless you scan manually on a regular basis
Source=Paul Collins Startup list
[Fromine WinPopup]
Confirmed=N
Filename=winpopup.exe
Description=Instant Messenger program
Source=Paul Collins Startup list
[Frsk]
Confirmed=X
Filename=frsk.exe
Description=Unidentified adware downloader trojan
Source=Paul Collins Startup list
[FRW_EXE]
Confirmed=Y
Filename=FRW.EXE
Description=<a href="http://www.claymania.com/rate-conseal.html" target="_blank">ConSeal Signal9</a> firewall - now McAfee Personal firewall
Source=Paul Collins Startup list
[frxmxins]
Confirmed=Y
Filename=frxmxins.exe
Description=ATI 3D Studio MAX/VIZ driver
Source=Paul Collins Startup list
[FSCBoss]
Confirmed=N
Filename=FSCBoss.exe
Description=<a href="http://freestorenow.com/dollardriven/makingmoney.html" target=_blank>Free Store Club</a> shop online software
Source=Paul Collins Startup list
[FSDPSRV]
Confirmed=?
Filename=FSDPSRV.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[fsg_4104.exe]
Confirmed=?
Filename=fsg_4104.exe
Description=<font color="#FF0000">Installed with Kazaa and believed to be Gator adware</font><font color="#FF0000">?</font>
Source=Paul Collins Startup list
[fsp]
Confirmed=U
Filename=fsp.exe
Description=<a href="http://www.baxbex.com/foldershield.html" target="_blank">Folder Shield</a> - hide entire directories and thus prevent access by anyone else to your personal files and documents
Source=Paul Collins Startup list
[fspr]
Confirmed=Y
Filename=FolderShield.exe
Description=<a href="http://www.baxbex.de/foldershield.html" target="_blank">Folder Shield</a> - hide personal files and folders
Source=Paul Collins Startup list
[FSScrCtl]
Confirmed=N
Filename=FSScrCtl.exe
Description=Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"
Source=Paul Collins Startup list
[fsserv]
Confirmed=U
Filename=fserv.exe
Description=<a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html">Farsighter Server</a> - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html" target=_blank>DLOADER-DT</a> TROJAN!
Source=Paul Collins Startup list
[Ftpqueue]
Confirmed=U
Filename=Ftpsched.exe
Description=Part of <a href="http://www.ipswitch.com/Products/WS_FTP/" target="_blank">WS_FTP Pro</a> from Ipswitch. Queueing facility for scheduling FTP transfers
Source=Paul Collins Startup list
[fukerservice]
Confirmed=X
Filename=fukerz.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[fwenc.exe]
Confirmed=Y
Filename=fwenc.exe
Description=<a target="_blank" href="http://www.checkpoint.com/products/protect/vpn-1_srsc.html">Check Point SecuRemote VPN client</a> - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
Source=Paul Collins Startup list
[Fwr Command Module]
Confirmed=X
Filename=fwr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html" target="_blank">SDBOT-PP</a> WORM!
Source=Paul Collins Startup list
[fwrastrc]
Confirmed=N
Filename=fwrastrc.exe
Description=Dial-up software for Friendly Technologies/1NationOnLine free ISP
Source=Paul Collins Startup list
[fwservice]
Confirmed=X
Filename=fwservice
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Source=Paul Collins Startup list
[FX]
Confirmed=X
Filename=ieloader.exe
Description=Added by the SMALL.RR TROJAN!
Source=Paul Collins Startup list
[fxredir]
Confirmed=U
Filename=fxredir.exe
Description=Canon MultiPASS fax redirector
Source=Paul Collins Startup list
[f~a]
Confirmed=X
Filename=ra32.exe
Description=Password stealer trojan
Source=Paul Collins Startup list
[G00123]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html" target="_blank">BUGBROS</a> WORM!
Source=Paul Collins Startup list
[g3dctl]
Confirmed=?
Filename=g3dctl.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Gadu-Gadu]
Confirmed=N
Filename=gg.exe
Description=Polish language Instant Messaging client
Source=Paul Collins Startup list
[Gadwin PrintScreen]
Confirmed=N
Filename=PrintScreen.exe
Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list
[Gainward]
Confirmed=U
Filename=TBPanel.exe
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Game Device]
Confirmed=N
Filename=JOYUPDRV.EXE
Description=Genius game controller profile activator
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list
[gameutil.exe]
Confirmed=U
Filename=gameutil.exe
Description=Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
Source=Paul Collins Startup list
[GammaHotKeys]
Confirmed=U
Filename=setgamma.exe
Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
Source=Paul Collins Startup list
[Gator]
Confirmed=X
Filename=gator.exe
Description=Spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[Gator eWallet]
Confirmed=X
Filename=gator.exe
Description=<a href="http://www.gator.com/about/" target="_blank">Gator eWallet</a> from The Gator Corporation. Spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions
Source=Paul Collins Startup list
[Gay_Sexy_**]
Confirmed=X
Filename=Gay_Sexy_**.exe
Description=Premium rate adult content dialler (where * is a random char)
Source=Paul Collins Startup list
[GazelDisplay]
Confirmed=U
Filename=gsyno.exe
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a> - Gazel ISDN installation System Tray icon
Source=Paul Collins Startup list
[GBTray]
Confirmed=U
Filename=GBTray.exe
Description=System Tray icon access to Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Description=Associated with <a href="http://www.arcamax.com/products/oem/ogccreator.htm" target="_blank">AcraMax Greeting Card Creator</a>. <font color="#FF0000">Is it a registration reminder?</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html" target=_blank>RANKY.K</a> TROJAN!
Source=Paul Collins Startup list
[GDrive]
Confirmed=N
Filename=GDriver.exe
Description=Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
Source=Paul Collins Startup list
[Gearbox]
Confirmed=N
Filename=confsvr.exe
Description=NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available <a href="http://www.ntlworld.com/help/settings.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[GEARsec]
Confirmed=N
Filename=gearsec.exe
Description=Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
Source=Paul Collins Startup list
[GEDZAC]
Confirmed=X
Filename=GEDZAC.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html" target="_blank">GEMEL</a> WORM!
Source=Paul Collins Startup list
[GemStRmW]
Confirmed=N
Filename=GemStRmW.exe
Description=For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
Source=Paul Collins Startup list
[Gene USB Monitor]
Confirmed=U
Filename=USBMonit.exe
Description=Monitors USB ports for insertion of Sandisk USB flashdrives
Source=Paul Collins Startup list
[general lptt01]
Confirmed=X
Filename=general.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "General" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[general ml097e]
Confirmed=X
Filename=general.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "General" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Generic host proccess for windows]
Confirmed=X
Filename=SVCHOSTS.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Generic Host Process]
Confirmed=X
Filename=SCHOST.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnc.html" target=_blank>RBOT-NC</a> WORM!
Source=Paul Collins Startup list
[Generic Host Process for Win32 Services]
Confirmed=X
Filename=ntspcv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.s.html" target="_blank">SDBOT.S</a> TROJAN!
Source=Paul Collins Startup list
[Generic Host Process for Win32 Services]
Confirmed=X
Filename=intspvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.d.worm.html" target="_blank">DINFOR.D</a> WORM!
Source=Paul Collins Startup list
[Generic Host Process for Win32 Services]
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdboto.html" target="_blank">SDBOT-O</a> WORM!
Source=Paul Collins Startup list
[Generic Host Service]
Confirmed=X
Filename=lshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T" target="_blank">RBOT.LU</a> WORM!
Source=Paul Collins Startup list
[Generic Service Process]
Confirmed=X
Filename=regsvc32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.uj.html" target="_blank">GAOBOT.UJ</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.ul.html" target="_blank">GAOBOT.UL</a> WORMS!
Source=Paul Collins Startup list
[Generic Services Process]
Confirmed=X
Filename=regsvc32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list
[Genie USB Monitor]
Confirmed=Y
Filename=USBmonitor.exe
Description=Port monitor for an external USB hard drive. Required to enable access to the drive
Source=Paul Collins Startup list
[Get Smile]
Confirmed=N
Filename=getsmile.exe
Description=Puts smilie faces in your E-mail. Run manually when required
Source=Paul Collins Startup list
[GetRight Tray Icon]
Confirmed=N
Filename=GETRIGHT.EXE
Description=GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
Source=Paul Collins Startup list
[GetTheMusic]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[GhostStartService]
Confirmed=N
Filename=GhostStartService.exe
Description=Required to run the Windows based wizard in <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version. Will start automatically when you run the wizard
Source=Paul Collins Startup list
[GhostStartTrayApp]
Confirmed=N
Filename=GhostStartTrayApp.exe
Description=System Tray access to <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version
Source=Paul Collins Startup list
[GhostSurfDelSatellite]
Confirmed=?
Filename=DeleteSatellite.exe
Description=<a href="http://www.tenebril.com/products/ghostsurf/spycatcher.html" target=_blank>SpyCatcher</a> spyware remover related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[gigabit.exe]
Confirmed=X
Filename=gigabit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.u@mm.html" target="_blank">BEAGLE.U</a> WORM!
Source=Paul Collins Startup list
[GigaByte]
Confirmed=X
Filename=Cheatle.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html" target="_blank">SHODI.B</a> VIRUS!
Source=Paul Collins Startup list
[Gilat SOM Enumerator]
Confirmed=Y
Filename=dllhost.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[GilatFTC]
Confirmed=Y
Filename=ftc.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[GinaDll]
Confirmed=X
Filename=ntgina.dll
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_ANIG.A" target="_blank">ANIG.A</a> WORM!
Source=Paul Collins Startup list
[GisdnLog]
Confirmed=?
Filename=gisdnlog.exe
Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a>
Source=Paul Collins Startup list
[Glass2k]
Confirmed=U
Filename=Glass2k.exe
Description="<a href="http://www.chime.tv/products/glass2k.shtml" target="_blank">Glass2k</a> is a small little program that allows Win2K/XP users to make any window transparent"
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
Source=Paul Collins Startup list
[GLSetIT32]
Confirmed=X
Filename=isass.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
Source=Paul Collins Startup list
[GLSetT32]
Confirmed=X
Filename=smsiexec.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixd.html" target=_blank>OPTIX-D</a> TROJAN!
Source=Paul Collins Startup list
[gluon]
Confirmed=?
Filename=gluon.exe
Description=<font color="#FF0000">In a gluon/bin sub-directory</font>
Source=Paul Collins Startup list
[Gmouse]
Confirmed=Y
Filename=Gmouse.exe
Description=Amouse mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Gnetmous]
Confirmed=U
Filename=gnetmous.exe
Description=<a href="http://www.geniusnet.com.tw/product/mouse/netscroll+.htm" target="_blank">Genius NetScroll+</a> mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[gnub]
Confirmed=?
Filename=gnub.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Go!Zilla]
Confirmed=X
Filename=gozilla.exe
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
Source=Paul Collins Startup list
[Go!Zilla Monster Downloads]
Confirmed=X
Filename=Go.exe
Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
Source=Paul Collins Startup list
[GoBack]
Confirmed=U
Filename=GBMenu.exe
Description=Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list
[GoBack]
Confirmed=U
Filename=GBTray.exe
Description=System Tray icon access to Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list
[GoBack Polling Service]
Confirmed=U
Filename=GBPoll.exe
Description=Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list
[GoBack Tray Icon]
Confirmed=U
Filename=GBTray.exe
Description=System Tray icon access to Roxio's (nee Adaptec) <a href="http://www.roxio.com/en/products/goback/index.jhtml"> GoBack</a> software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
Source=Paul Collins Startup list
[GOG]
Confirmed=X
Filename=GOG.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.b.html" target="_blank">PHILIS.B</a> VIRUS!
Source=Paul Collins Startup list
[Goldensoft_MndlSvr]
Confirmed=U
Filename=MndlSvr.exe
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Source=Paul Collins Startup list
[golumm]
Confirmed=X
Filename=services.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Google Desktop Search]
Confirmed=N
Filename=GoogleDesktop.exe
Description=<a href="http://desktop.google.com/about.html" target=_blank>Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
Source=Paul Collins Startup list
[GoogleDCClient]
Confirmed=N
Filename=GoogleDCC.exe
Description=<a target="_blank" href="http://toolbar.google.com/dc/faq_dc.html#about1">Google Compute Client</a> - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing"
Source=Paul Collins Startup list
[GoToMyPC]
Confirmed=U
Filename=g2svc.exe
Description=<a href="https://www.gotomypc.com/ad/corp/home" target="_blank">ExpertCity GoToMyPc</a> logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
Source=Paul Collins Startup list
[gouday.exe]
Confirmed=X
Filename=readme.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html" target="_blank">BEAGLE.C</a> WORM!
Source=Paul Collins Startup list
[GRA]
Confirmed=N
Filename=gra.exe
Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
Source=Paul Collins Startup list
[gramdate]
Confirmed=?
Filename=2Stop.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Gravis Appawareloader]
Confirmed=U
Filename=dbserver.exe
Description=Looks like it's associated with <a href="http://www.gravis.com/" target="_blank"> Gravis</a> game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
Source=Paul Collins Startup list
[Gravis Xperience Driver Support]
Confirmed=U
Filename=Grxp4exe.exe
Description=Driver for <a href="http://www.gravis.com/" target="_blank">Gravis</a> game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
Source=Paul Collins Startup list
[GrdSys32]
Confirmed=?
Filename=GrdSys32.exe
Description=X-Stream ISP software. Offers free Net access funded by on-screen ads. <font color="#FF0000">Is it required or can you create your own dial-up networking connection to use on demand?</font>
Source=Paul Collins Startup list
[Greetings Workshop]
Confirmed=N
Filename=GWREMIND.EXE
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list
[gremier]
Confirmed=X
Filename=wscript.exe gpremier.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.gpremier@mm.html" target="_blank">GPREMIER</a> WORM!
Source=Paul Collins Startup list
[Gremlin]
Confirmed=X
Filename=intrenat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html" target="_blank">DOOMJUICE</a> WORM!
Source=Paul Collins Startup list
[Grokster]
Confirmed=N
Filename=Grokster.exe
Description=<a href="http://www.pestpatrol.com/PestInfo/G/Grokster.asp" target=_blank>Grokster</a> Peer-To-Peer File Sharing program
Source=Paul Collins Startup list
[GrpConv]
Confirmed=N
Filename=grpconv.exe
Description=To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98. This file provides the translation of groups and group items to folders and links unless you need to access Win 3.1 Group files
Source=Paul Collins Startup list
[Gscbc]
Confirmed=?
Filename=Gscbc.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[gshp]
Confirmed=X
Filename=zzgshp.vbs
Description=Homepage hi-jacker
Source=Paul Collins Startup list
[Gsiconexe]
Confirmed=N
Filename=Gsicon.exe
Description=ADSL modem monitor from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
Source=Paul Collins Startup list
[GSOrganizer]
Confirmed=N
Filename=GSOrganizer.exe
Description=<a href="http://www.tgslabs.com/index.php3" target="_blank">GoldenSection Organizer</a> - personal information manager
Description=Gator spyware variant. See <a href="#Gator"> Gator</a>
Source=Paul Collins Startup list
[Gtwatch]
Confirmed=N
Filename=gtwatch.exe
Description=Associated with a Mustec scanner and not required
Source=Paul Collins Startup list
[Guardian]
Confirmed=N
Filename=CMGrdian.exe
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
Source=Paul Collins Startup list
[GuruNet]
Confirmed=U
Filename=GuruNet.exe
Description=<a href="http://www.gurunet.com/what_tools.jsp" target=_blank>GuruNet</a> lets you click on any word on your screen to get the relevant information you want
Source=Paul Collins Startup list
[GustavVED]
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html" target="_blank">OPASERV.H</a> WORM!
Source=Paul Collins Startup list
[gvagfxj]
Confirmed=X
Filename=rundll32 ...gvagfxj.dll
Description=Unidentified adware, spyware or virus
Source=Paul Collins Startup list
[gw port controller]
Confirmed=Y
Filename=PORTCT95.EXE
Description=From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung
Source=Paul Collins Startup list
[GWInkMonitor]
Confirmed=N
Filename=GWInkMonitor.exe
Description=Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
Source=Paul Collins Startup list
[GWMDMMSG]
Confirmed=N
Filename=GWMDMMSG.exe
Description=Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
Source=Paul Collins Startup list
[GWMDMpi]
Confirmed=U
Filename=GWMDMpi.exe
Description=Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See <a href="http://support.gateway.com/support/drivers/moreinfo.asp?readmeURL=ftp%3A//ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/450sx4/7512994.txt" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[gwum]
Confirmed=U
Filename=gwum.exe
Description=Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"
Description=Active sync for use with Windows CE based palm PC
Source=Paul Collins Startup list
[HalifaxHowardCluster]
Confirmed=U
Filename=skinkers.exe
Description=<a href="http://www.skinkers.com/clients.html" target="_blank">Howard the Weatherman</a> desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages
Source=Paul Collins Startup list
[HaMFrontPanel]
Confirmed=U
Filename=hampanel.exe
Description=Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
Source=Paul Collins Startup list
[Handy Backup 3.9]
Confirmed=U
Filename=hbagent.exe
Description=<a href="http://www.handybackup.com/" target="_blank">Handy Backup</a> - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
Source=Paul Collins Startup list
[Hardware Doctor]
Confirmed=U
Filename=Hwdoctor.exe
Description=Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems
Source=Paul Collins Startup list
[Hardware Profile]
Confirmed=X
Filename=hxdef.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Hardware Profile]
Confirmed=X
Filename=hxdef.exe...
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Hardware Sensors Monitor]
Confirmed=U
Filename=hmonitor.exe
Description=Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
Source=Paul Collins Startup list
[Hare]
Confirmed=U
Filename=hare.exe
Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm" target="_blank">Hare</a> - improve and optimize performance of desktop/laptop PCs
Source=Paul Collins Startup list
[HawkEye]
Confirmed=U
Filename=HAWK_95.EXE
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[HawkEye IV Control Panel]
Confirmed=U
Filename=HAWK_32.EXE
Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[Hbinst]
Confirmed=X
Filename=Hbinst.exe
Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[HC Reminder]
Confirmed=N
Filename=hc.exe
Description=For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
Source=Paul Collins Startup list
[HCDetect]
Confirmed=N
Filename=HCDetect.exe
Description=MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
Source=Paul Collins Startup list
[Hcontrol]
Confirmed=U
Filename=hcontrol.exe
Description=Hotkeys on an ASUS Notebook. Only required if you use the additional keys
Source=Paul Collins Startup list
[HDDHealth]
Confirmed=U
Filename=hddhealth.exe
Description=<a href="http://www.panterasoft.com/" target=_blank>HDD Health</a> is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"
Source=Paul Collins Startup list
[HDhelp]
Confirmed=?
Filename=tbhdhelp.exe
Description=Associated with Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=0" target="_blank">Edge</a> series soundcards. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[HDtray]
Confirmed=N
Filename=HDtray.exe
Description=Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/subcategory.jhtml;jsessionid=4ORTA0KYTJOWWCRQNFJRX1YKGBUEWHAW?subCatId=SOUNDCARDS&groupId=PCSTUFF&divId=0" target="_blank">Edge</a> series soundcards. Available via Start -> Settings -> Control Panel
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yodo@mm.html" target="_blank">YODO</a> WORM!
Source=Paul Collins Startup list
[Help]
Confirmed=?
Filename=helpext.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[helpctl.exe]
Confirmed=X
Filename=helpctl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html" target="_blank">GASLIDE</a> TROJAN!
Source=Paul Collins Startup list
[Helper]
Confirmed=X
Filename=eschlp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html" target="_blank">BLASTER.T</a> WORM!
Source=Paul Collins Startup list
[helper.dll]
Confirmed=X
Filename=helper.dll, Rundll32
Description=CnsMin "<a href="http://217.115.153.73/parasite/CnsMin.html" target="_blank">Chinese Keywords</a>" hijacker related
Source=Paul Collins Startup list
[HelpExp.exe]
Confirmed=X
Filename=HelpExp.exe
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
Source=Paul Collins Startup list
[helpmanager]
Confirmed=X
Filename=spoler.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.j.html" target="_blank">RANDEX.J</a> WORM!
Source=Paul Collins Startup list
[helpw]
Confirmed=X
Filename=helpw.exe
Description=Adware downloader
Source=Paul Collins Startup list
[hen]
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html" target="_blank">TARNO.G</a> TROJAN!
Source=Paul Collins Startup list
[hErcUnes]
Confirmed=X
Filename=softhost.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.garroch@mm.html" target=_blank>GARROCH</a> WORM!
Source=Paul Collins Startup list
[Hermes Messenger]
Confirmed=U
Filename=DGDRHE~1.EXE
Description=A LAN messenger alternative to WinPopUp - <a href="http://www.dgdr.com/hermes/" target="_blank">Digital Dreams Software</a>
Source=Paul Collins Startup list
[Hewlett Packard Recorder]
Confirmed=N
Filename=Remind32.exe
Description=HP multifunction registration
Source=Paul Collins Startup list
[Hf]
Confirmed=U
Filename=Hf.exe
Description=<a href="http://www.fspro.net/hf/" target="_blank">Hide Folders</a> - hide your folders so only you can view them
Source=Paul Collins Startup list
[hfxp]
Confirmed=U
Filename=hfxp.exe
Description=<a href="http://www.fspro.net/hfxp/" target=_blank>Hide Folders XP</a> - hide your folders so only you can view them
Source=Paul Collins Startup list
[HGTXPEI]
Confirmed=N
Filename=FirstReboot.exe
Description=Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[HiberMonitor]
Confirmed=?
Filename=HCount.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Hibernation]
Confirmed=U
Filename=hib32.exe
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
Source=Paul Collins Startup list
[Hid.exe]
Confirmed=X
Filename=hid.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html" target="_blank">RATSOU.B</a> TROJAN!
Source=Paul Collins Startup list
[HideRun.exe]
Confirmed=X
Filename=Hiderun.exe and svhost.exe and pro.gif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html" target="_blank">BOOHOO</a> WORM!
Source=Paul Collins Startup list
[HideStyle]
Confirmed=X
Filename=Ante Browse Trust.exe
Description=IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files
Source=Paul Collins Startup list
[hidserv]
Confirmed=U
Filename=hidserv.exe
Description=This is the <a href="http://www.microsoft.com/hwdev/tech/input/audctrl.asp" target="_blank">Human Interface Device Server</a> for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/hwdev/hid/audctrl.htm" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
Source=Paul Collins Startup list
[High Definition Audio Property Page Shortcut]
Confirmed=N
Filename=HDAudPropShortcut.exe
Description=Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required
Source=Paul Collins Startup list
[HistoryKill]
Confirmed=N
Filename=histkill.exe
Description=HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.hiva.html" target="_blank">HIVA</a> TROJAN!
Source=Paul Collins Startup list
[hkcmd]
Confirmed=U
Filename=hkcmd.exe
Description=Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel
Source=Paul Collins Startup list
[HKLM\Run]
Confirmed=X
Filename=windowsupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbj.html" target=_blank>FORBOT-BJ</a> WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)
Source=Paul Collins Startup list
[hkserv]
Confirmed=U
Filename=HKserv.exe
Description=Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
Source=Paul Collins Startup list
[hkss]
Confirmed=U
Filename=hkss.exe
Description=Compaq HotKey Support - multimedia keyboard support
Source=Paul Collins Startup list
[HLL Data Parameter]
Confirmed=X
Filename=hllcxpa.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.AFG" target=_blank>RBOT.AFG</a> WORM!
Source=Paul Collins Startup list
[Hmonitor]
Confirmed=U
Filename=Hmonitor.exe
Description=Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
Source=Paul Collins Startup list
[Holiday Lights]
Confirmed=N
Filename=Holiday Lights.exe
Description=<a href="http://www.tigertech.com/hlights.html" target="_blank">Holiday Lights</a> from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs
Source=Paul Collins Startup list
[HomeAlarm]
Confirmed=U
Filename=HomeAlarm.exe
Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
Source=Paul Collins Startup list
[HomeCentre WakeUp]
Confirmed=?
Filename=LGWAKEUP.EXE
Description=<font color="#FF0000">Associated with the no longer supported Xerox HomeCentre printer/scanner</font>
Source=Paul Collins Startup list
[Honor]
Confirmed=?
Filename=honor.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Hook99startup]
Confirmed=U
Filename=hk2re.exe
Description="<a href="http://thunder.prohosting.com/~ladi/e_hook.html" target="_blank">Hook99</a> enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
Source=Paul Collins Startup list
[HookSys]
Confirmed=U
Filename=HookSys.exe
Description=<a href="http://www.rocketdownload.com/details/secu/6889.htm" target="_blank">SurfinGuard Pro</a> - protects against all malicious code delivered through executables, scripting files, ActiveX and Java
Source=Paul Collins Startup list
[HorngTech4D]
Confirmed=Y
Filename=bally4d.exe
Description=HorngTech 4D mouse driver
Source=Paul Collins Startup list
[Host]
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.popdis.html" target="_blank">POPDIS</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html" target="_blank">STARTPAGE.F</a> TROJANS!
Source=Paul Collins Startup list
[HostManager]
Confirmed=?
Filename=AOLHostManager.exe
Description=In a Program Files\Common Files\AOL folder. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[Hot Corners]
Confirmed=U
Filename=Hotc.exe
Description=<a href="http://www.southbaypc.com/HotCorners/" target="_blank">Hot Corners</a> - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
Source=Paul Collins Startup list
[Hot Key Kbd 2690 Daemon]
Confirmed=U
Filename=SK9910DM.exe
Description=Multimedia keyboard manager - required if you use any special keys
Source=Paul Collins Startup list
[Hot Key Keybd 9910 Daemon]
Confirmed=U
Filename=SK9910DM.exe
Description=Multimedia keyboard manager - required if you use any special keys
Source=Paul Collins Startup list
[Hot Party 22]
Confirmed=?
Filename=hotpart22.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Hotbar]
Confirmed=X
Filename=Hbinst.exe
Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[Hotfix Updat]
Confirmed=X
Filename=svdhost32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zw.html" target="_blank">GAOBOT.ZW</a> WORM!
Source=Paul Collins Startup list
[HotIDE]
Confirmed=U
Filename=hotide.exe
Description=HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
Source=Paul Collins Startup list
[HotkeyApp]
Confirmed=U
Filename=HotkeyApp.exe
Description=Part of <a href="http://global.acer.com/" target="_blank">Acer</a> Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list
[HotKeysCmds]
Confirmed=U
Filename=hkcmd.exe
Description=Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel -> Display Properties
Source=Paul Collins Startup list
[HotPix]
Confirmed=X
Filename=hotpix.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[hotplug]
Confirmed=X
Filename=hotplug.exe
Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39574" target="_blank">SILLYDL</a> TROJAN!
Source=Paul Collins Startup list
[HotSync Manager]
Confirmed=N
Filename=hotsync.exe
Description=Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
Source=Paul Collins Startup list
[hotwetlove]
Confirmed=X
Filename=hotwetlove.exe
Description=Adult content dialler. Will not uninstall - components have to be manually deleted
Source=Paul Collins Startup list
[Hot_Kiss]
Confirmed=X
Filename=Hot_Kiss.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Hot_Tarts]
Confirmed=X
Filename=Hot_Tarts.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Hot_Tarts_**]
Confirmed=X
Filename=Hot_Tarts_**.exe
Description=Premium rate adult content dialer (where * is a random char)
Description=HP LaserJet 1000 related. <font color="#FF0000">Is it a driver or automatic firmware update (based upon the filename)?</font>
Source=Paul Collins Startup list
[HP AutoIndexer]
Confirmed=U
Filename=hppautoindexer.exe
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
Source=Paul Collins Startup list
[HP CD Writer]
Confirmed=N
Filename=hpcdtray.exe
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
Source=Paul Collins Startup list
[HP CD-DVD]
Confirmed=N
Filename=hpcdtray.exe
Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
Source=Paul Collins Startup list
[hp center]
Confirmed=X
Filename=BACKWEB-137903.exe
Description=Based upon HP's own description from <a href="http://www.hp.com/hpinfo/newsroom/press/12oct01a.htm" target="_blank">here</a> - "With the My <abbr title=Hewlett-Packard>HP</abbr> Center, consumers have access directly from the desktop to Internet sites featuring special offers for <abbr title=Hewlett-Packard>HP</abbr> customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. <font color="#FF0000">The number may change - if yours is different let me know</font>
Source=Paul Collins Startup list
[hp center UI]
Confirmed=X
Filename=ShadowBar.exe
Description=User Interface for HP Center
Source=Paul Collins Startup list
[HP Component Manager]
Confirmed=N
Filename=hpcmpmgr.exe
Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
Source=Paul Collins Startup list
[HP Deskjet]
Confirmed=X
Filename=HP_DeskJet_500.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html" target=_blank>FORBOT-DA</a> WORM!
Source=Paul Collins Startup list
[HP Display Settings]
Confirmed=N
Filename=hpdisply.exe
Description=Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
Source=Paul Collins Startup list
[HP Instant Support]
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[HP Internet Center]
Confirmed=N
Filename=SURFBRD.EXE
Description=Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
Source=Paul Collins Startup list
[HP JetDiscovery]
Confirmed=N
Filename=HPJETDSC.EXE
Description=HP JetAdmin software which monitors printing jobs on a network environment
Source=Paul Collins Startup list
[HP JetSpeed Autostart]
Confirmed=N
Filename=AUTOSTART.EXE
Description=Autostart executable for the old multiplayer game HP Jetspeed
Source=Paul Collins Startup list
[HP Laser Jet Director]
Confirmed=U
Filename=hppdirector.exe
Description=System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
Source=Paul Collins Startup list
[HP Network Registry Agent]
Confirmed=?
Filename=hpnra.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[HP OfficeJet Series xxx Startup]
Confirmed=?
Filename=HPOSTR03.EXE
Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
Source=Paul Collins Startup list
[HP OfficeJet Series xxx Startup]
Confirmed=?
Filename=HPOstr05.exe
Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
Source=Paul Collins Startup list
[HP Parallel Port Test]
Confirmed=N
Filename=hppt.exe
Description=Associated with a HP ScanJet scanner
Source=Paul Collins Startup list
[HP Port Resolver]
Confirmed=?
Filename=hpbpro.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[HP Precision Scan]
Confirmed=N
Filename=hpmdlbwx.exe
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
Source=Paul Collins Startup list
[HP Presentation Ready]
Confirmed=N
Filename=PresRdy.exe
Description=HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
Source=Paul Collins Startup list
[hp psc 2000 Series]
Confirmed=U
Filename=hpobnz08.exe
Description=System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
Source=Paul Collins Startup list
[HP RecordNow]
Confirmed=U
Filename=??
Description=From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."
Source=Paul Collins Startup list
[HP ScanPatch]
Confirmed=U
Filename=HPScanFix.exe
Description=Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
Source=Paul Collins Startup list
[HP ScanPicture]
Confirmed=N
Filename=hpsplmwa.exe
Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
Source=Paul Collins Startup list
[HP SchedIndexer]
Confirmed=U
Filename=hppschedindexer.exe
Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
Description=Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon
Source=Paul Collins Startup list
[HP software update]
Confirmed=N
Filename=HPWuSchd2.exe
Description=HP software updates. If a shortcut doesn't exist create your own and run it manually
Source=Paul Collins Startup list
[HP software update]
Confirmed=N
Filename=HPWuSchd.exe
Description=HP software updates. If a shortcut doesn't exist, create your own and run it manually
Source=Paul Collins Startup list
[HP software update]
Confirmed=N
Filename=HPWuSchd2.exe
Description=HP software updates. If a shortcut doesn't exist, create your own and run it manually
Source=Paul Collins Startup list
[HP Status]
Confirmed=N
Filename=hpstatus.exe
Description=HP Printer Status and Alerts
Source=Paul Collins Startup list
[HP Status Server]
Confirmed=?
Filename=hpboid.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[HP Updates]
Confirmed=N
Filename=??
Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
Source=Paul Collins Startup list
[HP Visualize Init]
Confirmed=?
Filename=HpVisIni.exe
Description=HP Visualize software related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[HP-Aio Flight]
Confirmed=N
Filename=Remind32.exe
Description=HP multifunction registration
Source=Paul Collins Startup list
[hpaiodevice]
Confirmed=N
Filename=hpodev07.exe
Description=Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
Source=Paul Collins Startup list
[HPAiODevice(hp psc 900 series) -1]
Confirmed=N
Filename=hpobrt07.exe
Description=Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
Source=Paul Collins Startup list
[HPAIO_PrintFolderMgr]
Confirmed=N
Filename=hpoopm07.exe
Description=Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
Source=Paul Collins Startup list
[hpcmpmgr]
Confirmed=?
Filename=hpcmpmgr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[HPDJ Taskbar Utility]
Confirmed=U
Filename=hpztsbol.exe
Description=(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see <a href="http://home.t-online.de/home/Martin.Lottermoser/pcl3.html" target="_blank">here</a> for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer
Source=Paul Collins Startup list
[HPDJ Taskbar Utility]
Confirmed=U
Filename=hpztsd02.exe
Description=(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see <a href="http://home.t-online.de/home/Martin.Lottermoser/pcl3.html" target="_blank">here</a> for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer
Source=Paul Collins Startup list
[HPDJ Taskbar Utility]
Confirmed=U
Filename=hpztsb04.exe
Description=(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see <a href="http://home.t-online.de/home/Martin.Lottermoser/pcl3.html" target="_blank">here</a> for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer
Source=Paul Collins Startup list
[HPDJ Taskbar Utility]
Confirmed=U
Filename=hpztsb05.exe
Description=(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see <a href="http://home.t-online.de/home/Martin.Lottermoser/pcl3.html" target="_blank">here</a> for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer
Source=Paul Collins Startup list
[hpfsched]
Confirmed=N
Filename=hpfsched.exe
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
Source=Paul Collins Startup list
[HPGamesActiveMenu]
Confirmed=U
Filename=ActiveMenu.exe
Description=<a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[hpgs2wnd]
Confirmed=N
Filename=hpgs2wnd.exe
Description="HP's exclusive <a href="http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites."<font color="#FF0000"> </font>Available via Start -> Programs
Source=Paul Collins Startup list
[HPHAxMON]
Confirmed=U
Filename=HPHAxMON.EXE
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards
Source=Paul Collins Startup list
[HPHmon**]
Confirmed=U
Filename=HPHMON**.EXE
Description=Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader
Source=Paul Collins Startup list
[HPHmon04]
Confirmed=U
Filename=hphmon04.exe
Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
Source=Paul Collins Startup list
[HPHmon05]
Confirmed=?
Filename=hphmon05.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Hphome]
Confirmed=X
Filename=hphome.js
Description=Homepage hijacker
Source=Paul Collins Startup list
[HPHUPD**]
Confirmed=N
Filename=hphupd**.exe
Description=HP software update checker and wizard launcher. ** represents the version number. Available via Start -> Programs
Source=Paul Collins Startup list
[HPHUPD05]
Confirmed=?
Filename=hphupd05.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[hpjsiroute]
Confirmed=?
Filename=hpjsira.exe
Description=<font color="#FF0000">Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"</font>
Source=Paul Collins Startup list
[HpLamp]
Confirmed=Y
Filename=HPLAMP.EXE
Description=HP Scanner Utility that controls your scannerÆs light bulb. Needed if it's switched on. Also refer <a href="http://www.hp.com/cgi-bin/cposupport/get_doc.pl?SNI=hpscanjet320506&LC=scanners&Tfile=nps05042" target="_blank">here</a> for troubleshooting
Source=Paul Collins Startup list
[hplampc]
Confirmed=U
Filename=hplampc.exe
Description=HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off
Source=Paul Collins Startup list
[HPLJ Config]
Confirmed=Y
Filename=SetConfig.exe
Description=Connects system to networked HP printer.
Source=Paul Collins Startup list
[HPLogiFinder]
Confirmed=U
Filename=hp_finder.exe
Description=HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
Source=Paul Collins Startup list
[HpMmKbd]
Confirmed=U
Filename=HpMmKbd.exe
Description=HPÆs multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
Source=Paul Collins Startup list
[hpodblia]
Confirmed=N
Filename=hpodblia.exe
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
Source=Paul Collins Startup list
[hpoddt01.exe]
Confirmed=N
Filename=N/A
Description=Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started
Source=Paul Collins Startup list
[hpodlb08]
Confirmed=N
Filename=hpodlb08.exe
Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
Source=Paul Collins Startup list
[hpotdd01.exe]
Confirmed=Y
Filename=hpotdd01.exe
Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
Source=Paul Collins Startup list
[hpppta]
Confirmed=Y
Filename=HPPPTA.exe
Description=HP parallel port driver for certain hardware
Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try <a href="http://www.hp.com">www.hp.com</a>, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch
Source=Paul Collins Startup list
[hpqcmon]
Confirmed=?
Filename=hpqcmon.exe
Description=<font color="#FF0000">From HP and related to digital imaging</font>
Source=Paul Collins Startup list
[HPSCANMonitor]
Confirmed=U
Filename=hpsjvxd.exe
Description=HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
Description=HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
Source=Paul Collins Startup list
[HPStart]
Confirmed=N
Filename=hpstart.wsf
Description=This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
Source=Paul Collins Startup list
[hpsysconf1]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T" target="_blank">VIVIA.A</a> TROJAN!
Source=Paul Collins Startup list
[hpsysdrv]
Confirmed=U
Filename=hpsysdrv.exe
Description=This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
Source=Paul Collins Startup list
[HPU]
Confirmed=N
Filename=ProvenTactics.exe
Description=<a href="http://www.proventactics.com/" target="_blank">Proven Internet Marketing</a> software
Source=Paul Collins Startup list
[HPZTS04]
Confirmed=N
Filename=hpzts04.exe
Description=Hewlett Packard printer toolbox shortcut that resides in the system tray
Source=Paul Collins Startup list
[HP_dla]
Confirmed=N
Filename=dlatray.exe
Description=On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
Source=Paul Collins Startup list
[HREF.OCX]
Confirmed=U
Filename=regsvr32.exe ....HREF.OCX
Description=HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as <a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a>
Source=Paul Collins Startup list
[hsim]
Confirmed=X
Filename=isearch.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[hsim]
Confirmed=X
Filename=sexgame.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[hsim]
Confirmed=X
Filename=toolbar.exe
Description=Unidentified malware
Source=Paul Collins Startup list
[Hti]
Confirmed=U
Filename=npdor.exe
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
Source=Paul Collins Startup list
[HTpatch]
Confirmed=U
Filename=htpatch.exe
Description=HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
Source=Paul Collins Startup list
[HtProtect]
Confirmed=X
Filename=AVprotect.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html" target="_blank">NETSKY.L</a> WORM!
Source=Paul Collins Startup list
[httpd]
Confirmed=X
Filename=c_pan.exe
Description=Added by a variant of the DELF-A TROJAN!
Source=Paul Collins Startup list
[https-ssl]
Confirmed=X
Filename=https.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.d.html" target="_blank">MOEGA.D</a> WORM!
Source=Paul Collins Startup list
[huhdir]
Confirmed=?
Filename=huhdir.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[huigezi]
Confirmed=X
Filename=HgzServer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.c.html" target="_blank">GRAYBIRD.C</a> TROJAN!
Source=Paul Collins Startup list
[Hvid]
Confirmed=X
Filename=Hvid.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[HWINFO*]
Confirmed=X
Filename=HWINFO*
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.purol.html" target="_blank"> PUROL</a> WORM! where * is a random character
Source=Paul Collins Startup list
[HWinst]
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[HXDL.EXE]
Confirmed=X
Filename=HXDL.EXE
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
Source=Paul Collins Startup list
[HXIUL.EXE]
Confirmed=X
Filename=HXIUL.EXE
Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www.c-squad.org/hxdl.html" target="_blank">here</a>
Source=Paul Collins Startup list
[HydarVisionDesktopManager]
Confirmed=U
Filename=desk95.exe
Description=ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as <a href="http://support.microsoft.com/?id=810937" target=_blank>this one</a>. HydraVision can be uninstalled through Add/Remove Programs
Source=Paul Collins Startup list
[HydraVisionDesktopManager]
Confirmed=U
Filename=desk98.exe
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
Source=Paul Collins Startup list
[HydraVisionViewport]
Confirmed=U
Filename=viewport.exe
Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
Source=Paul Collins Startup list
[Hyper Start]
Confirmed=X
Filename=instantmsgrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnh.html" target=_blank>RBOT-NH</a> WORM!
Source=Paul Collins Startup list
[I-Worm.GiGu]
Confirmed=X
Filename=uGiG.eXe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gink.worm.html" target="_blank">GINK</a> WORM!
Source=Paul Collins Startup list
[I386]
Confirmed=X
Filename=I386.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mypower.b@mm.html" target="_blank"> MYPOWER</a> WORM!
Source=Paul Collins Startup list
[I81SHELL]
Confirmed=?
Filename=I81SHELL.exe
Description=<font color="#FF0000">Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard</font>
Source=Paul Collins Startup list
[i8kfangui]
Confirmed=U
Filename=i8kfangui.exe
Description=Graphical interface for fan speed control
Source=Paul Collins Startup list
[IAAnotif]
Confirmed=U
Filename=iaanotif.exe
Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank"> Intel« Application Accelerator</a> - "a performance software package for desktop PCs using select Intel« chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
Source=Paul Collins Startup list
[iamapp]
Confirmed=Y
Filename=iamapp.exe
Description=AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
Source=Paul Collins Startup list
[Iamnacho On Irc.MusIrc.com Is a Homosexual!]
Confirmed=X
Filename=XBox64.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.y.html" target="_blank">RANDEX.Y</a> WORM!
Source=Paul Collins Startup list
[Iap]
Confirmed=?
Filename=iap.exe
Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?</font>
Source=Paul Collins Startup list
[IASHLPR]
Confirmed=X
Filename=IASHLPR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[IBM Warranty Notification]
Confirmed=?
Filename=ERTS0749.exe
Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
Source=Paul Collins Startup list
[ibmmessages]
Confirmed=N
Filename=ibmmessages.exe
Description=Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
Source=Paul Collins Startup list
[Ibmmon.exe]
Confirmed=?
Filename=Ibmmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Ibmpmsvc]
Confirmed=U
Filename=ibmpmsvc.exe
Description=Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
Source=Paul Collins Startup list
[IBMUltraBayHotSwapCPLLoader]
Confirmed=U
Filename=IBMBAY2N.EXE
Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
Source=Paul Collins Startup list
[IBMUltraBayHotSwapSound]
Confirmed=?
Filename=IBMBAYSN.EXE
Description=<font color="#FF0000">Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?</font>
Description=Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. <font color="#FF0000">May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices</font>
Source=Paul Collins Startup list
[iClean]
Confirmed=U
Filename=iClean.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
Source=Paul Collins Startup list
[iCn]
Confirmed=N
Filename=NAG.EXE
Description=<a href="http://www.rocketdownload.com/Details/Inte/4948.htm" target="_blank">iChoose</a> - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist
Source=Paul Collins Startup list
[ICO]
Confirmed=N
Filename=ICO.EXE
Description=Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Source=Paul Collins Startup list
[Icon Animation]
Confirmed=N
Filename=HDE.EXE
Description=Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
Source=Paul Collins Startup list
[Icon Hearit 95]
Confirmed=N
Filename=hearit95.exe
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
Source=Paul Collins Startup list
[Icon Hearit 98]
Confirmed=N
Filename=hearit98.exe
Description=Audio desktop customization utility from Moon Valley Software. Resource hog
Source=Paul Collins Startup list
[Icon lptt01]
Confirmed=X
Filename=icon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Icon ml097e]
Confirmed=X
Filename=icon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[ICONCLNT]
Confirmed=Y
Filename=iconclnt.exe
Description=APC PowerChute Tray Icon. Associated with the <a href="#UPS"> UPS</a> listing
Source=Paul Collins Startup list
[ICONDESK]
Confirmed=U
Filename=ICONDESK.EXE
Description=Small utility which will allow you the option of hiding or showing your desktop icons
Source=Paul Collins Startup list
[Iconfig.exe]
Confirmed=N
Filename=Iconfig.exe
Description=Icon for LS-120 "Superdisk"
Source=Paul Collins Startup list
[iConfigLoader]
Confirmed=X
Filename=DIIhost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Iconoid]
Confirmed=N
Filename=Iconoid.exe
Description=<a href="http://www.sillysot.com/index.html" target="_blank">Iconoid</a> is a desktop icon manager
Source=Paul Collins Startup list
[Iconsaver]
Confirmed=N
Filename=Iconsaver.exe
Description=<a href="http://www.iconsaver.com/index.html" target="_blank">IconSaver</a> is a desktop icon manager
Source=Paul Collins Startup list
[ICQ Center]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html" target="_blank">RANDIN</a> WORM!
Source=Paul Collins Startup list
[ICQ Hacking Pro]
Confirmed=X
Filename=ICQpro.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
Source=Paul Collins Startup list
[ICQ Lite]
Confirmed=N
Filename=ICQLite.exe
Description=<a target="_blank" href="http://www.icq.com/download/">ICQ Lite</a> - compact version of the popular messaging program
Source=Paul Collins Startup list
[ICQ Lite Messenger]
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory
Source=Paul Collins Startup list
[ICQ Net]
Confirmed=X
Filename=winlogon.exe
Description=Added by variants of the NETSKY WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[ICQ Plus]
Confirmed=N
Filename=vplus.exe
Description=<a href="http://www.icqplus.org" target="_blank">ICQ Plus</a> is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
Source=Paul Collins Startup list
[ICSDCLT]
Confirmed=U
Filename=rundll32.exe Icsdclt.dll, ICSClient
Description=Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
Source=Paul Collins Startup list
[ICServer]
Confirmed=N
Filename=Icserver.exe
Description=Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
Source=Paul Collins Startup list
[ICSMGR]
Confirmed=Y
Filename=ICSMGR.EXE
Description=Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if youÆre sharing the internet on various computers
Source=Paul Collins Startup list
[IC_KEY_3]
Confirmed=N
Filename=spvic.exe
Description=<a href="http://www.instantchess.com/?SN=Z4dMzyutgpE9Pspv&ABT=3" target="_blank">Instant Chess</a> related
Source=Paul Collins Startup list
[ID Commander]
Confirmed=N
Filename=IDCom.exe
Description=Caller ID utility for identifying incoming telephone numbers
Source=Paul Collins Startup list
[ID8525]
Confirmed=X
Filename=ID8525.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
Source=Paul Collins Startup list
[ID8525]
Confirmed=X
Filename=id85255.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
Source=Paul Collins Startup list
[IDA]
Confirmed=?
Filename=IDA.EXE
Description=<font color="#FF0000">HP related - in a Program FilesHewlett-PackardPC COE folder</font>
Source=Paul Collins Startup list
[IDE]
Confirmed=X
Filename=ide.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.assasin.f.html" target="_blank">ASSASIN.F</a> TROJAN!
Source=Paul Collins Startup list
[IDE Loader]
Confirmed=X
Filename=IDElibr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.xilon.trojan.html" target="_blank">XILON</a> TROJAN! Related to the game "Diablo II"
Source=Paul Collins Startup list
[idecntl]
Confirmed=X
Filename=idecntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[iDesktop]
Confirmed=U
Filename=idesktop.exe
Description=<a href="http://www.immersion.com/products/ce/generaldownloads.shtml" target="_blank">Immersion TouchWare Desktop</a> software for devices such as the Logitech iFeel Mouse
Description=Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
Source=Paul Collins Startup list
[IE Doctor]
Confirmed=U
Filename=IEDoctor.exe
Description=IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
Description=Integrity checker for <a href="http://www.iconedit2.com/" target="_blank">IconEdit2</a> icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2
Source=Paul Collins Startup list
[IECleanAux]
Confirmed=U
Filename=Ieboot6.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
Source=Paul Collins Startup list
[iedll]
Confirmed=X
Filename=iedll.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com
Source=Paul Collins Startup list
[IEDriver]
Confirmed=X
Filename=IEDriver.exe
Description=Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list
[IEFeatures]
Confirmed=X
Filename=Internetfeatures.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.worm.html" target="_blank"> SPEX</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.b.worm.html" target="_blank"> SPEX.B</a> WORMS!
Source=Paul Collins Startup list
[Iesar]
Confirmed=X
Filename=Iesar.exe
Description=Browser hijacker - redirecting to an adult web page
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.c.html" target="_blank">NEMOG.C</a> TROJAN!
Source=Paul Collins Startup list
[ietsr]
Confirmed=N
Filename=ietsr.exe
Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
Source=Paul Collins Startup list
[ieupdate]
Confirmed=X
Filename=MCP****.exe [**** = random char]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.asoxy.html" target="_blank">ASOXY</a> TROJAN!
Source=Paul Collins Startup list
[ieupdate]
Confirmed=X
Filename=mcpdll32.exe
Description=Adware downloader trojan
Source=Paul Collins Startup list
[Iexplore]
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxer.html" target="_blank">BOXER</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[IEXPLORE]
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.aphexdoor.html" target="_blank">APHEXDOOR</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Iexplore Services]
Confirmed=X
Filename=iexplore.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[iexplorer lptt01]
Confirmed=X
Filename=iexplorer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "iexplorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[iexplorer ml097e]
Confirmed=X
Filename=iexplorer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in an "iexplorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[IFSplash.exe]
Confirmed=U
Filename=IFSplash.exe
Description=I-FORCE driver for force feedback steering wheel
Source=Paul Collins Startup list
[igfxtray]
Confirmed=N
Filename=igfxtray.exe
Description=Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
Description=<a href="http://nn101.virtualave.net/clean.html" target="_blank">System Wiper</a> from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
Source=Paul Collins Startup list
[IJ75P2PSERVER]
Confirmed=Y
Filename=IJ75P2PS.EXE
Description=Printer utility which is required in order to make the printer work correctly
Source=Paul Collins Startup list
[IKE Service 95]
Confirmed=Y
Filename=IKEService.exe
Description=Associated with <a href="http://www.pgpi.org/" target="_blank">PGP</a>. The PGP Tray can be
disabled, but without IKESERVICE you won't be able to de- or encrypt anything
Source=Paul Collins Startup list
[iKeyWorks]
Confirmed=U
Filename=IKEYMAIN.EXE
Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless keyboard driver and utility
Source=Paul Collins Startup list
[iLLeGaL]
Confirmed=X
Filename=Mplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.galil@mm.html" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
Source=Paul Collins Startup list
[iLLeGaL.exe]
Confirmed=X
Filename=Mplayer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.galil@mm.html" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
Source=Paul Collins Startup list
[ILO_Office_Manager]
Confirmed=?
Filename=IntEdReg.exe /OFFMAN
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[iLyric]
Confirmed=U
Filename=iLyric.exe
Description=<a href="http://www.ilyric.net/winamp.html" target=_blank>iLyric</a> plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button
Source=Paul Collins Startup list
[iM Start Center]
Confirmed=N
Filename=iM_Tray.exe
Description=Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner
Description=Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
Description=<a href="http://www.acdsystems.com/English/Products/ImageFox/index.htm?LAN=EnglishX20" target="_blank">ImageFox 2.0</a> is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
Source=Paul Collins Startup list
[Imagemgt32]
Confirmed=X
Filename=Imagemgt32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[imekrig]
Confirmed=N
Filename=imekrig.exe
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
Source=Paul Collins Startup list
[IMEKRMIG6.1]
Confirmed=N
Filename=IMEKRMIG.EXE
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
Source=Paul Collins Startup list
[Imesh]
Confirmed=N
Filename=??
Description=<a href="http://www.imesh.com" target="_blank">Imesh</a> is a file sharing system
Source=Paul Collins Startup list
[Imesh Auto Update]
Confirmed=N
Filename=??
Description=Update check for the <a href="http://www.imesh.com" target=_blank>Imesh</a> file sharing system. Turn the update off under "options"
Source=Paul Collins Startup list
[ImgIcon]
Confirmed=U
Filename=ImgIcon.exe
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list
[ImgStart]
Confirmed=N
Filename=ImgStart.exe
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list
[imjpmig]
Confirmed=N
Filename=IMJPMIG.EXE
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)
Source=Paul Collins Startup list
[Imjpmig8.1]
Confirmed=N
Filename=IMJPMIG.EXE
Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)
Source=Paul Collins Startup list
[immcheck.exe]
Confirmed=?
Filename=immcheck.exe
Description=<font color="#FF0000">Related to I-FORCE driver for force feedback steering wheel?</font>
Source=Paul Collins Startup list
[IMOL]
Confirmed=U
Filename=IMOLApp.exe
Description=IncrediMail for Office <a href="http://www.incredimail.com/english/help/sysadmin.html" target=_blank>Outlook Add-On</a>
Source=Paul Collins Startup list
[Imonitor]
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list
[IMStart]
Confirmed=U
Filename=IMStart.exe
Description=<a href="http://www.intermute.com/products/index.html" target=_blank>InterMute</a> security software related
Description=<a href="http://www.nero.com/" target="_blank">Ahead InCD</a> packet writing software. Similar to DirectCD. On my system there isn't an entry, on another visitor's there is. Run manually before insert an appropriately formatted CD-RW disk
Source=Paul Collins Startup list
[IncMail]
Confirmed=N
Filename=IncMail.exe
Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Source=Paul Collins Startup list
[InControl Desktop Manager]
Confirmed=N
Filename=DMHKEY.EXE
Description=For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs
Source=Paul Collins Startup list
[Incredimail]
Confirmed=N
Filename=incredimail.exe
Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Source=Paul Collins Startup list
[IndexSearch]
Confirmed=N
Filename=IndexSearch.exe
Description=Associated with PaperPort scanner software from ScanSoft
Source=Paul Collins Startup list
[Inet DataBase]
Confirmed=X
Filename=Inetdbs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.qeds@mm.html" target=_blank>QEDS</a> WORM!
Source=Paul Collins Startup list
[Inet Delivery]
Confirmed=X
Filename=Intdel.exe
Description=Spyware
Source=Paul Collins Startup list
[Inet Delivery]
Confirmed=X
Filename=intdel_2.exe
Description=Spyware
Source=Paul Collins Startup list
[Inetapi]
Confirmed=X
Filename=Netapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
Source=Paul Collins Startup list
[inetcntrl]
Confirmed=U
Filename=inetcntrl.exe
Description=Bsafe Online - internet filter
Source=Paul Collins Startup list
[InetConf]
Confirmed=?
Filename=inetconf.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Inetd]
Confirmed=U
Filename=INETD32.EXE
Description=<a href="http://www.hummingbird.com/products/nc/inetd/index.html" target="_blank">Windows Inet Daemon</a> from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
Source=Paul Collins Startup list
[inetinfo.exe]
Confirmed=U
Filename=inetinfo.exe
Description=Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)
Source=Paul Collins Startup list
[inetmgr]
Confirmed=X
Filename=inetmgr.exe
Description=Actual Names <a href="http://www.pestpatrol.com/pestinfo/a/actualnames.asp" target="_blank">(AdvSearch)</a> Internet Keywords parasite
Source=Paul Collins Startup list
[InetMSN]
Confirmed=X
Filename=msnet.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Info Select]
Confirmed=U
Filename=is.exe
Description=<a href="http://www.miclog.com/isover.htm" target="_blank">Info Select</a> from Micro Logic - personal information manager
Source=Paul Collins Startup list
[Info32x]
Confirmed=X
Filename=Info32x.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Infoplay.exe]
Confirmed=?
Filename=Infoplay.exe
Description=<font color="#FF0000">Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine <a href="http://www.allyoursearch.com/" target="_blank">websites</a> (which I chose not to). What does it do and is it needed?</font>
Source=Paul Collins Startup list
[Infra-red Monitor]
Confirmed=U
Filename=IRMON.EXE
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
Source=Paul Collins Startup list
[infus]
Confirmed=X
Filename=infus.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Infuzer]
Confirmed=U
Filename=Infuzer.exe
Description=<a href="http://www.infuzer.com/IDC/features/" target="_blank">Infuzer</a> - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
Description=Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
Source=Paul Collins Startup list
[Ink Monitor]
Confirmed=N
Filename=InkMonitor.exe
Description=Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
Source=Paul Collins Startup list
[InkWatch]
Confirmed=N
Filename=InkWatch.exe
Description=Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
Source=Paul Collins Startup list
[InoRPC]
Confirmed=Y
Filename=InoRpc.exe
Description=Associated with <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a>
Source=Paul Collins Startup list
[InoRT]
Confirmed=Y
Filename=InoRT9x.exe
Description=Associated with the Realtime Monitor of <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see <a href="http://support.ca.com/techbases/ilnt/31103.html" target="_blank">here</a>
Source=Paul Collins Startup list
[InoTask]
Confirmed=U
Filename=InoTask.exe
Description=Scheduled scans and signature updates for <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see <a href="http://support.ca.com/techbases/ilnt/31103.html" target="_blank">here</a>
Source=Paul Collins Startup list
[insCOA5]
Confirmed=?
Filename=insCOA5.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Install Pending Files]
Confirmed=?
Filename=sifxinst.exe
Description=Uninstall program for <a href="http://www.lanovation.com/" target="_blank">Lanovation's</a> Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see <font color="#FF0000"><a href="http://www.lanovation.com/support/docs/General/rollbackfiles_prism.htm" target="_blank">here</a>. Is it required?</font>
Source=Paul Collins Startup list
[InstallAurealDemos]
Confirmed=N
Filename=InstallAurealDemos.js
Description=Used to initialize the Aureal A3D demos InstallShield wizard
Source=Paul Collins Startup list
[InstallBuddy]
Confirmed=U
Filename=Ibtna.exe
Description=<a href="http://www.bluenomad.com/ib/prod_installbuddy_details.html" target="_blank">InstallBuddy</a> - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
Source=Paul Collins Startup list
[Installed shell32.dll]
Confirmed=X
Filename=Office.exe...
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[InstallNAIProduct]
Confirmed=?
Filename=SETUP.EXE
Description=<font color="#FF0000">Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?</font>
Description=From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
Source=Paul Collins Startup list
[Instant Wireless Configuration Utility]
Confirmed=U
Filename=WUSB11cfg.exe
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list
[InstantAccess]
Confirmed=N
Filename=INSTAN~1.EXE
Description=From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
Source=Paul Collins Startup list
[InstantDrive]
Confirmed=U
Filename=InstantDrive.exe
Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computerÆs hard drive. Part of InstantCD/DVD burning software
Source=Paul Collins Startup list
[InstantPleasure]
Confirmed=X
Filename=instantpleasure.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[InstantPleasureXXX]
Confirmed=X
Filename=instantpleasurexxx.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[InstantTray]
Confirmed=N
Filename=PCLETray.exe
Description=<a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=7" target=_blank>Pinnacle InstantCD/DVD</a> disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually
Source=Paul Collins Startup list
[instit]
Confirmed=X
Filename=instit.bat
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html" target="_blank">OPASERV.H</a> WORM!
Source=Paul Collins Startup list
[instit]
Confirmed=X
Filename=INSTIT.BAT
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.K" target="_blank">OPASERV.K</a> WORM!
Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
Source=Paul Collins Startup list
[Intel File Transfer]
Confirmed=U
Filename=xfr.exe
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Source=Paul Collins Startup list
[Intel PDS]
Confirmed=U
Filename=pds.exe
Description=Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
Source=Paul Collins Startup list
[Intel Product Number Utility]
Confirmed=U
Filename=IntelProcNumUtility.exe
Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/psu.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[Intel PROSet Tray Icon]
Confirmed=N
Filename=promon.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list
[Intel system works]
Confirmed=X
Filename=iis.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.QGA" target=_blank>RBOT.QGA</a> WORM!
Source=Paul Collins Startup list
[InteliSys]
Confirmed=X
Filename=smss.exe
Description=Advertisingvision adware - file is located in C:\Windows or C:\Winnt, and not in it's System32 subdirectory, as is the case with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank"> Smss.exe</a> system file which would normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Intellitype]
Confirmed=U
Filename=type32.exe
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
Source=Paul Collins Startup list
[IntelMEM]
Confirmed=U
Filename=IntelMEM.exe
Description=Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
Source=Paul Collins Startup list
[IntelProcNumUtility]
Confirmed=U
Filename=cpunumber.exe
Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/psu.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[Intel« Common User Interface]
Confirmed=N
Filename=igfxtray.exe
Description=Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Intense Registry Service]
Confirmed=?
Filename=IntEdReg.exe /CHECK
Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[InterceptedSystem]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
Source=Paul Collins Startup list
[InterCheck Monitor]
Confirmed=Y
Filename=Icmon.exe
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
Source=Paul Collins Startup list
[Interdll]
Confirmed=X
Filename=Interdll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list
[Internal]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html" target="_blank">SMOTHER</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.translat.html" target="_blank"> TRANSLAT</a> TROJANS!
Source=Paul Collins Startup list
[Internal]
Confirmed=X
Filename=regedit.exe /s %windir%c:\[month number]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html" target="_blank">FORTNIGHT.D</a> TROJAN!
Source=Paul Collins Startup list
[InternalSystray]
Confirmed=X
Filename=Kazza.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)
Source=Paul Collins Startup list
[internat]
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
Source=Paul Collins Startup list
[Internat]
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html" target="_blank">ALADINZ.P</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
Source=Paul Collins Startup list
[Internat Conf]
Confirmed=X
Filename=bootconf.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
Source=Paul Collins Startup list
[internat.exe]
Confirmed=N
Filename=internat.exe
Description=Language selection icon in system tray
Source=Paul Collins Startup list
[Internat.exe]
Confirmed=X
Filename=internat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html" target="_blank">NETSNAKE</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
Source=Paul Collins Startup list
[internct]
Confirmed=X
Filename=WinSocks5.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.f.html" target="_blank">GRAYBIRD.F</a> TROJAN!
Source=Paul Collins Startup list
[Internet Answering Machine]
Confirmed=U
Filename=IAMNET~1.EXE
Description=From <a href="http://www.callwave.com/" target="_blank">Callwave</a>. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Source=Paul Collins Startup list
[Internet Answering Machine]
Confirmed=U
Filename=IAM.exe
Description=From <a href="http://www.callwave.com/" target=_blank>Callwave</a> - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Source=Paul Collins Startup list
[Internet Config]
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.evianc.html" target="_blank">EVIAN.C</a> WORM!
Source=Paul Collins Startup list
[Internet Explorer]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.lorsis.worm.html" target="_blank">LORSIS</a> WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key
Source=Paul Collins Startup list
[Internet Explorer]
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotey.html" target="_blank">RBOT-EY</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Internet Explorer Updater]
Confirmed=X
Filename=lexbac.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.html" target="_blank">DOWNLOAD</a> TROJAN!
Source=Paul Collins Startup list
[Internet Explorer Updater]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reur.b.html" target="_blank">REUR.B</a> WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)
Source=Paul Collins Startup list
[Internet History Eraser]
Confirmed=U
Filename=HERASER.exe
Description=<a href="http://www.internet-history-eraser.com/index.html" target="_blank">Internet History Eraser</a> - deletes your browsing tracks
Source=Paul Collins Startup list
[Internet Loader1]
Confirmed=X
Filename=MSInstall61.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.b.worm.html" target="_blank">KWBOT.B</a> WORM!
Description=Internet connection optimizer. Leave this enabled if you find it improves your connection
Source=Paul Collins Startup list
[Internet Send]
Confirmed=X
Filename=More log.exe
Description=Unidentfied adware
Source=Paul Collins Startup list
[Internet Service]
Confirmed=X
Filename=intersvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotde.html" target=_blank>SPYBOT-DE</a> WORM!
Source=Paul Collins Startup list
[internet service]
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqs.html" target=_blank>RBOT-QS</a> WORM!
Source=Paul Collins Startup list
[Internet Services]
Confirmed=X
Filename=systemdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpw.html" target="_blank">SDBOT-PW</a> WORM!
Source=Paul Collins Startup list
[INTERNET SERVISES]
Confirmed=X
Filename=winz32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbotz.worm.html" target="_blank">KWBOT.Z</a> WORM!
Source=Paul Collins Startup list
[Internet Sharing Server]
Confirmed=Y
Filename=iss_srvr.exe
Description=<a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm">Intel AnyPoint</a> internet sharing software
Source=Paul Collins Startup list
[Internet Sweeper]
Confirmed=N
Filename=Sweeper.exe
Description=<a href="http://www.bmesite.com/" target="_blank">Internet Sweeper</a> - removes unnecessart left over files after browsing the internet
Source=Paul Collins Startup list
[Internet Timer]
Confirmed=U
Filename=ITIMER.exe
Description=Shareware dial-up connection call cost calculator from <a href="http://www.ratsoft.freeserve.co.uk/" target="_blank">Ratsoft</a>
Source=Paul Collins Startup list
[Internet Washer Pro]
Confirmed=X
Filename=iw.exe
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
Source=Paul Collins Startup list
[Internet.exe]
Confirmed=X
Filename=Internet.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.magiccall.html" target="_blank">MAGICCALL</a> VIRUS!
Source=Paul Collins Startup list
[InternetWasherPro]
Confirmed=X
Filename=iw.exe
Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
Source=Paul Collins Startup list
[INTERNET_SERVISES]
Confirmed=X
Filename=winz32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.q.html" target="_blank">SDBOT.Q</a> TROJAN!
Source=Paul Collins Startup list
[Internt]
Confirmed=X
Filename=Internt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html" target="_blank">PEEPER</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carufax.a.html" target="_blank">CARUFAX.A</a> TROJANS!
Source=Paul Collins Startup list
[InterTrust Quick Start]
Confirmed=N
Filename=it_cpq~1.exe
Description=<a href="http://www.intertrust.com/index.html" target="_blank">InterTrust</a> offers something known as Digital Rights Management to control legal software download and other E-commerce related business
Source=Paul Collins Startup list
[InterU]
Confirmed=X
Filename=WINDRV.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCINTER.A" target="_blank">IRCINTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Intervideo Win Cinema Manager]
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[Intervideo Win Cinema Manager]
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[Intervideo WinCinema Manager]
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[Intervideo WinCinema Manager]
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[Intervideo WinScheduler]
Confirmed=N
Filename=WinScheduler.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list
[Intervideo WinScheduler]
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list
[InterWARN]
Confirmed=U
Filename=interwarn.exe
Description=<a href="http://www.interwarn.com/interwarn.html" target="_blank">InterWARN</a> by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs
Source=Paul Collins Startup list
[Intmgr]
Confirmed=X
Filename=Intmgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Intrenat]
Confirmed=X
Filename=Intrenat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.e.html" target="_blank">LEMIR.E</a> TROJAN!
Source=Paul Collins Startup list
[Introducing Media Manager]
Confirmed=N
Filename=SPLASHA.EXE
Description=<a href="http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm" target="_blank">MS Media Manager</a> tour. Not required
Source=Paul Collins Startup list
[Introduction-Registration]
Confirmed=N
Filename=??
Description=For Compaq PC's. Should only run first time, PC Introduction & Compaq registration
Source=Paul Collins Startup list
[IntruderAlert]
Confirmed=X
Filename=ia99.exe
Description=<a href="http://www.safersite.com/PestInfo/db/i/internetalert.asp" target="_blank">Intruder Alert '99</a> from Bonzi - spyware
Source=Paul Collins Startup list
[Ioadqm]
Confirmed=X
Filename=Media Player.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hawawi.worm.html" target="_blank">HAWAWI</a> WORM!
Description=<a href="http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=1" target="_blank">Iomega Automatic Backup</a> - automatic backups for use with Iomega portable HDD
Source=Paul Collins Startup list
[Iomega Automatic Backup 1.0.1]
Confirmed=U
Filename=ibackup.exe
Description=<a href="http://www.iomega-europe.com/eu/category.asp?catalog%5Fname=Iomega&category%5Fname=Iomega+Automatic+Backup&Page=1" target="_blank">Iomega Automatic Backup</a> - automatic backups for use with Iomega portable HDD
Source=Paul Collins Startup list
[Iomega Backup Scheduler]
Confirmed=N
Filename=dtiom98.exe
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list
[Iomega Disk Icons]
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list
[Iomega Drive Icons]
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Source=Paul Collins Startup list
[Iomega ImIconXP]
Confirmed=U
Filename=imiconxp.exe
Description=Iomega <a href="http://www.iomega.com/software/revsystemsw.html" target=_blank>REV System</a> Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks
Source=Paul Collins Startup list
[Iomega QuickSync]
Confirmed=?
Filename=Quicksync.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Iomega Startup Options]
Confirmed=N
Filename=IMGSTART.EXE
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list
[Iomega Watch]
Confirmed=N
Filename=IOWATCH.EXE
Description=Used by Iomega drives. Available via Start -> Programs
Source=Paul Collins Startup list
[IomegaWare]
Confirmed=N
Filename=COMMANDER.EXE
Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list
[Iomon98.exe]
Confirmed=U
Filename=Iomon98.exe
Description=PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
Source=Paul Collins Startup list
[IP Stack]
Confirmed=X
Filename=ipstack.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW" target="_blank">AGOBOT.CW</a> WORM!
Source=Paul Collins Startup list
[iPalm]
Confirmed=N
Filename=mon.exe
Description=Installed with a Panasonic <a href="http://www.panasonic.com/consumer_electronics/digital_cameras/ipalm.asp" target="_blank">iPalm</a> digital camera. Used to uploaded photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
Source=Paul Collins Startup list
[ipcfg.exe]
Confirmed=X
Filename=ipcfg.exe
Description=Adware - recognized by McAfee antivirus as a variant of the <a href="http://vil.mcafeesecurity.com/vil/content/v_130215.htm" target=_blank>AdClicker-BM</a> trojan
Source=Paul Collins Startup list
[IPConfig]
Confirmed=X
Filename=svcxnv32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.hacarmy.e.html" target=_blank>HACARMY.E</a> TROJAN!
Source=Paul Collins Startup list
[IpCtrl]
Confirmed=X
Filename=ipcon32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[IPInSightLAN 01]
Confirmed=X
Filename=ipclient.exe
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target="_blank">here</a> for more information. This one constantly "phones home" and wastes resource - hence the "X" status
Source=Paul Collins Startup list
[IPInSightMonitor 01]
Confirmed=N
Filename=ipmon32.exe
Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[IPinst]
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[ipmon.exe]
Confirmed=X
Filename=ipmon.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.recerv.html" target="_blank">RECERV</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.r3c.b.html" target="_blank">R3C.B</a> TROJANS!
Source=Paul Collins Startup list
[iPodManager]
Confirmed=U
Filename=iPodManager.exe
Description=Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
Source=Paul Collins Startup list
[iPodWatcher]
Confirmed=?
Filename=iPodWatcher.exe
Description=Associated with Apple's iPod MP3 player. <font color="#FF0000">Detects when the iPod is connected?</font>
Source=Paul Collins Startup list
[iProtectYou]
Confirmed=U
Filename=ip.exe
Description=<a href="http://www.softforyou.com/ip-index.html" target="_blank">iProtectYou</a> - internet filtering/parental control and network monitoring software
Source=Paul Collins Startup list
[IPSecMon]
Confirmed=Y
Filename=IPSecMon.exe
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
Source=Paul Collins Startup list
[IPTable Configuration]
Confirmed=X
Filename=Winipcfgs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[IPv6 Helper Driver]
Confirmed=X
Filename=csass.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC" target=_blank>AGOBOT.TC</a> WORM!
Source=Paul Collins Startup list
[IPv6 STUN Service]
Confirmed=X
Filename=netstun.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[IPW]
Confirmed=?
Filename=IPW.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[IQES.exe]
Confirmed=?
Filename=iqes.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[irc session]
Confirmed=X
Filename=sessionmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotace.html" target=_blank>SDBOT-ACE</a> WORM!
Source=Paul Collins Startup list
[IREIKE]
Confirmed=Y
Filename=IreIKE.exe
Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
Source=Paul Collins Startup list
[iRis Active Monitor]
Confirmed=N
Filename=winmon32.exe
Description=Iris Antivirus - discontinued, replace with good alternative
Source=Paul Collins Startup list
[iRiS AntiVirus Active Monitor]
Confirmed=N
Filename=WIMMUN32.exe
Description=Iris Antivirus - discontinued, replace with good alternative
Source=Paul Collins Startup list
[iRiver Updater]
Confirmed=N
Filename=Updater.exe
Description=Updates for the <a href="http://www.iriver.com/" target="_blank">iRiver Music Manager</a> - used with their digital music players
Source=Paul Collins Startup list
[IrMon]
Confirmed=U
Filename=IRMON.EXE
Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
Source=Paul Collins Startup list
[IRPMonitor]
Confirmed=?
Filename=itcnmon.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Irwftp]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65604&VName=TROJ_BANCOS.CR&VSect=T" target="_blank">BANCOS.CR</a> TROJAN!
Source=Paul Collins Startup list
[irwftp]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
Source=Paul Collins Startup list
[IrXfer]
Confirmed=U
Filename=IrXfer.exe
Description=Microsoft Infrared Transfer application
Source=Paul Collins Startup list
[ir_ftp]
Confirmed=X
Filename=ir_ftp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.irftp.html" target="_blank">IRFTP</a> TROJAN!
Source=Paul Collins Startup list
[ir_ftp]
Confirmed=X
Filename=irwftp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.h.html" target="_blank">BANCOS.H</a> TROJAN!
Source=Paul Collins Startup list
[IS CfgWiz]
Confirmed=N
Filename=cfgwiz.exe
Description=Norton Internet Security configuration wizard
Source=Paul Collins Startup list
[Isass]
Confirmed=X
Filename=Isass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.futro.html" target=_blank>FUTRO</a> TROJAN!
Source=Paul Collins Startup list
[isdbdc]
Confirmed=N
Filename=isdbdc.exe
Description=For Compaq PC's. May install properties in dial-up networking when you register with an ISP
Source=Paul Collins Startup list
[ISDN Monitor]
Confirmed=N
Filename=Linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list
[ISDNwatch]
Confirmed=U
Filename=IWatch.exe
Description=<a href="http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php3" target="_blank">FRITZ!X ISDNWatch</a> - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
Source=Paul Collins Startup list
[ISLP2STA]
Confirmed=N
Filename=ISLP2STA.EXE
Description=<font color="#FF0000">Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though</font>
Source=Paul Collins Startup list
[iSpyNOW]
Confirmed=U
Filename=ispynow.exe
Description=<a href="http://www.ispynow.com/" target="_blank">iSpyNOW</a> - remote monitoring and surveillance software
Source=Paul Collins Startup list
[Israfel]
Confirmed=X
Filename=Israfel.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html" target="_blank">GAGGLE.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e.html" target="_blank">GAGGLE.E</a> WORMS!
Source=Paul Collins Startup list
[ISStart]
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Description=<a href="http://sarc.com/avcenter/venc/data/adware.istbar.html" target="_blank">ISTBar</a> parasite related
Source=Paul Collins Startup list
[ISUSPM Startup]
Confirmed=N
Filename=ISUSPM.exe
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version
Source=Paul Collins Startup list
[ISUSScheduler]
Confirmed=N
Filename=issch.exe
Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so youÆre always working with the most current version
Source=Paul Collins Startup list
[Itk]
Confirmed=U
Filename=Itk.exe
Description=<a href="http://www.itksoft.com/index.asp" target="_blank">In The Know</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[iTouch]
Confirmed=U
Filename=iTouch.exe
Description=iTouch loads the iTouch configuration program for Logitech keyboards. ItÆs needed if your keyboard has shortcut buttons and if you use them. ItÆs also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
Source=Paul Collins Startup list
[ItsDeductiblePopUp]
Confirmed=N
Filename=ItsDeductible.exe
Description=<a href="http://www.itsdeductible2.com/" target="_blank">ItsDeductible</a> from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
Source=Paul Collins Startup list
[iTunes Helper]
Confirmed=Y
Filename=iTunesHelper.exe
Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
Source=Paul Collins Startup list
[Iusage]
Confirmed=N
Filename=netdet.exe
Description=<a href="http://members.tripod.com/gauravdhup0/iumos.html" target="_blank">Internet Usage Monitor</a> - utility to calculate the cost and time on the internet via dial-up
Source=Paul Collins Startup list
[IW ControlCenter]
Confirmed=N
Filename=iwctrl.exe
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
Source=Paul Collins Startup list
[iwctrl]
Confirmed=U
Filename=iwctrl.exe
Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
Source=Paul Collins Startup list
[IZE]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[j2 Tray Menu]
Confirmed=N
Filename=HotTray.exe
Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[Jammer]
Confirmed=U
Filename=jammer.exe
Description=<a href="http://www.agnitum.com/products/jammer/" target="_blank">Jammer</a> by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
Source=Paul Collins Startup list
[Jammer2nd]
Confirmed=X
Filename=Jammer2nd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm.html" target="_blank">NETSKY.Z</a> WORM!
Source=Paul Collins Startup list
[Java Runtimes]
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html" target="_blank">KILLAV.B</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[JavaUpdate0.07]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html" target=_blank>JUPDATE</a> TROJAN!
Source=Paul Collins Startup list
[JavaVM]
Confirmed=X
Filename=java.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html" target="_blank">MYDOOM.M</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.n@mm.html" target="_blank">MYDOOM.N</a> WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list
[jawa32]
Confirmed=X
Filename=jawa32.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
Source=Paul Collins Startup list
[Jawa322]
Confirmed=X
Filename=jawa32.exe
Description=Added by a variant of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/" target=_blank>AGENT.BG</a> trojan
Source=Paul Collins Startup list
[JB]
Confirmed=N
Filename=Jiffybar.exe
Description="Get Paid As You surf" application
Source=Paul Collins Startup list
[Jet Detection]
Confirmed=N
Filename=ADGJDet.exe
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Source=Paul Collins Startup list
[JetAdmin Discovery Indicator]
Confirmed=Y
Filename=HPJETDSC.EXE
Description=HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
Source=Paul Collins Startup list
[jijbl]
Confirmed=X
Filename=ezlwy.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reddw@mm.html" target="_blank">REDDW</a> WORM!
Source=Paul Collins Startup list
[JobHisInit]
Confirmed=U
Filename=JobHisInit.exe
Description=Used by Ricoh network printers to enable network printing from the client
Source=Paul Collins Startup list
[Jog Serve]
Confirmed=U
Filename=JogServ2.exe
Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
Source=Paul Collins Startup list
[JogServ2]
Confirmed=U
Filename=JogServ2.exe
Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
Description=<a href="http://www.vtoy.fi/jv16/shtml/powertools.shtml" target="_blank">jv16 PowerTools</a>' network resident program. Only needed if you are using the program's network features
Source=Paul Collins Startup list
[jvdnlssn]
Confirmed=X
Filename=fljzsshc.exe
Description=Flingstone.com adware - and its Golden Palace Casino program
Source=Paul Collins Startup list
[Jzi16]
Confirmed=?
Filename=jzi16.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[K2ps_full.task]
Confirmed=X
Filename=K2ps_full.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
Source=Paul Collins Startup list
[K6CPU.EXE]
Confirmed=N
Filename=K6CPU.EXE
Description=Authenticates CPU as K6 in system properties
Source=Paul Collins Startup list
[kak]
Confirmed=X
Filename=kak.hta
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html" target="_blank">KAKWORM</a> WORM!
Source=Paul Collins Startup list
[Kalibump]
Confirmed=U
Filename=Kalibump.exe
Description=Used with the now unsupported <a href="http://www.kali.net/" target="_blank">Kali</a> software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
Description=<a href="http://www.istop.com/~phartana/reminder/" target="_blank">Kana Reminder</a> is a program which can be used to set a reminder to be triggered at a specified time
Source=Paul Collins Startup list
[Kaspersky Antivirus]
Confirmed=X
Filename=KasperskyAV.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[KasperskyAv]
Confirmed=X
Filename=kaspersky.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html" target="_blank">MIMAIL.T</a> WORM! Note - this has nothing to do with the real Kaspersky AntiVirus
Source=Paul Collins Startup list
[KasperskyAVEng]
Confirmed=X
Filename=Kasperskyaveng.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html" target="_blank">NETSKY.V</a> WORM!
Source=Paul Collins Startup list
[KAVPersonal50]
Confirmed=Y
Filename=Kav.exe
Description=<a href="http://www.kaspersky.com/personal" target="_blank">Kaspersky</a> Anti-Virus Personal 5.0
Source=Paul Collins Startup list
[KavRuns]
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trynoma.html" target="_blank">TRYNOMA</a> TROJAN!
Source=Paul Collins Startup list
[KAVutil]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html" target="_blank">WINTOO.B</a> WORM!
Source=Paul Collins Startup list
[KAZAA]
Confirmed=N
Filename=kazaa.exe
Description=KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about "Cy-door" and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
Source=Paul Collins Startup list
[Kazaa Download Accelerator Updater (required)]
Confirmed=X
Filename=regsvr32 [path] kdp****.dll [* = random char]
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
Source=Paul Collins Startup list
[Kazaa ml097e]
Confirmed=X
Filename=kazaa.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
Source=Paul Collins Startup list
[KAZAACuf]
Confirmed=X
Filename=9
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
Source=Paul Collins Startup list
[kazaalite]
Confirmed=N
Filename=kazaalite.exe
Description=<a href="http://www.webattack.com/get/kazaalite.shtml" target="_blank">Kazaalite</a> is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
Source=Paul Collins Startup list
[KaZooM]
Confirmed=N
Filename=KaZooM.Exe
Description=KaZoom from <a href="http://www.bluehavenmedia.com/" target="_blank"> Blue Haven Media</a> - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
Source=Paul Collins Startup list
[KBD]
Confirmed=U
Filename=KBD.EXE
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list
[KBD MediaCenter]
Confirmed=U
Filename=MEDIACTR.EXE
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list
[kbddrv32]
Confirmed=X
Filename=kbddrv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[kbddrvinf]
Confirmed=X
Filename=kbddrvinf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[KCeasy]
Confirmed=N
Filename=KCeasy.exe
Description=<a href="http://kceasy.com/about/" target=_blank>KCeasy</a> - a Windows peer-to-peer filesharing application which uses <a href="http://www.encyclopedia-online.info/GiFT_P2P" target=_blank>giFT</a> as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella
Source=Paul Collins Startup list
[KClient]
Confirmed=U
Filename=kstatus.exe
Description=KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
Source=Paul Collins Startup list
[kdx]
Confirmed=N
Filename=KHost.exe
Description=KonTiki <a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=445B8C402E10C9AFBC8E053A3BBC395C?node=1829" target="_blank">Secure Delivery Plug In</a> related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"
Source=Paul Collins Startup list
[KE9801]
Confirmed=U
Filename=DriBat32.exe
Description=<a href="http://www.reset.bg/ke9801.htm" target="_blank">KE-9801</a> multimedia keyboard - required if you use the multimedia keys
Source=Paul Collins Startup list
[Keenvalue]
Confirmed=X
Filename=Keenvalue.exe
Description=<a href="http://www.infobeat.com/infobar/terms.html" target="_blank">Keenvalue</a> spyware - see <a href="http://www.dslreports.com/forum/remark,6752007~root=security,1~mode=flat" target="_blank">here</a>
Source=Paul Collins Startup list
[KEMailKb]
Confirmed=U
Filename=KEMailKb.EXE
Description=Controls the buttons at the top of the <a href="http://www.mic-innovations.com/micro_inv/large_image_pages/kb650i.htm" target="_blank"> Micro Innovations 650i Internet Access Keyboard</a>. If you disable it you cannot use the buttons - like volume control or shut down
Source=Paul Collins Startup list
[Kemet]
Confirmed=?
Filename=kemet.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[kern64dll]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html" target="_blank">TARNO.J</a> TROJAN!
Source=Paul Collins Startup list
[kernctl32]
Confirmed=X
Filename=rundll32 kctl32.dll, initialize
Description=Added by the AGENT.AT TROJAN!
Source=Paul Collins Startup list
[Kernel]
Confirmed=X
Filename=bboy.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B" target="_blank">MUMU.B</a> WORM!
Source=Paul Collins Startup list
[Kernel Loader]
Confirmed=X
Filename=ntkrnl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cervivec.a@mm.html" target="_blank">CERVIVEC.A</a> WORM!
Source=Paul Collins Startup list
[kernel system daemon]
Confirmed=X
Filename=ACTIVAT0R.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html" target="_blank">RANDEX.AW</a> WORM!
Source=Paul Collins Startup list
[kernel32]
Confirmed=X
Filename=kern32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A" target="_blank">BADTRANS.A</a> WORM!
Source=Paul Collins Startup list
[Kernel32]
Confirmed=X
Filename=Kernel32.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS!
Source=Paul Collins Startup list
[kernel32]
Confirmed=X
Filename=kernel.dli
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.netdevil.b.html" target="_blank">NETDEVIL.B</a> TROJAN!
Source=Paul Collins Startup list
[Kernel32]
Confirmed=X
Filename=Kernel.dll
Description=Added by the <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99476" target="_blank">REDLOF.M</a> VIRUS!
Source=Paul Collins Startup list
[kernel32]
Confirmed=X
Filename=kernel32.dlI
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.15.html" target="_blank">NETDEVIL.15</a> TROJAN!
Source=Paul Collins Startup list
[Kernel32]
Confirmed=X
Filename=krnl32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.epon@mm.html" target="_blank">EPON</a> WORM!
Source=Paul Collins Startup list
[Kernel32]
Confirmed=X
Filename=Kernel32.win
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html" target="_blank">GAGGLE.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e.html" target="_blank">GAGGLE.E</a> WORMS!
Source=Paul Collins Startup list
[Kernel32]
Confirmed=X
Filename=kernel32s.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html" target=_blank>SDBOT-PU</a> TROJAN!
Source=Paul Collins Startup list
[kernel32dll]
Confirmed=X
Filename=guardpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcu.html" target=_blank>FORBOT-CU</a> WORM!
Source=Paul Collins Startup list
[kernelfaultcheck]
Confirmed=N
Filename=dumprep 0 -k
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[kernelfaultcheck]
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[KernelFaultChk]
Confirmed=X
Filename=sms.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html" target="_blank">DEADHAT</a> WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
Source=Paul Collins Startup list
[Kernell]
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.c.html" target="_blank">TARNO.C</a> TROJAN!
Source=Paul Collins Startup list
[Kernell32]
Confirmed=X
Filename=Kernell.dll
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A" target="_blank">DESTINY.A</a> TROJAN!
Source=Paul Collins Startup list
[KernellApps]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanac.html" target=_blank>BANCBAN-AC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Kernelw]
Confirmed=X
Filename=Kernelw32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.indor.e@mm.html" target="_blank">INDOR.E</a> WORM!
Source=Paul Collins Startup list
[Kernel_check]
Confirmed=X
Filename=wmiprvse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sonebotb.html" target=_blank>SONEBOT-B</a> WORM!
Source=Paul Collins Startup list
[key]
Confirmed=X
Filename=sysxp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ab@mm.html" target="_blank">BEAGLE.AB</a> WORM!
Source=Paul Collins Startup list
[key]
Confirmed=X
Filename=sys_xp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ac@mm.html" target="_blank">BEAGLE.AC</a> WORM!
Source=Paul Collins Startup list
[key]
Confirmed=X
Filename=winxp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html" target="_blank">BEAGLE.AG</a> WORM!
Source=Paul Collins Startup list
[Key Logger]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html" target=_blank>BUCHON.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Key Text]
Confirmed=N
Filename=KeyText.exe
Description=<a href="http://www.mjmsoft.com/keytext.htm" target="_blank">Key Text 2000</a> from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
Source=Paul Collins Startup list
[Key1]
Confirmed=X
Filename=Rlid.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lixy.html" target="_blank">LIXY</a> TROJAN!
Source=Paul Collins Startup list
[Key2]
Confirmed=?
Filename=serve.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[KeyAccess]
Confirmed=Y
Filename=keyacc32.exe
Description=KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
Source=Paul Collins Startup list
[Keybdcntl]
Confirmed=X
Filename=keybdcntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[Keyboard Manager]
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Description=Multimedia keyboard manager. Required if you use the multimedia keys
Source=Paul Collins Startup list
[keymap]
Confirmed=U
Filename=keymap.exe
Description=System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
Description=<a href="http://www.pestpatrol.com/KeyPatrol/" target="_blank">KeyPatrol</a> - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms
Source=Paul Collins Startup list
[KeyWallet]
Confirmed=U
Filename=KWallet.exe
Description="<a href="http://www.keywallet.com/index.php" target="_blank">KeyWallet</a> is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"
Source=Paul Collins Startup list
[kfienq]
Confirmed=X
Filename=masbl.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html" target="_blank">KIFER</a> TROJAN!
Source=Paul Collins Startup list
[khooker]
Confirmed=N
Filename=khooker.exe
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
Source=Paul Collins Startup list
[KICKMON.EXE]
Confirmed=U
Filename=KICKMON.EXE
Description=KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
Description=<a href="http://www.kinberlin.com/kinberlink/index.asp" target="_blank">Kinberlink</a> network messaging. Available via Start -> Programs
Source=Paul Collins Startup list
[KK Loader]
Confirmed=U
Filename=loadkk.exe
Description=<a href="http://www.keykey.com/index1.html" target="_blank">KeyKey XP Professional</a> from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."
Source=Paul Collins Startup list
[klp]
Confirmed=U
Filename=run32dll.exe
Description=<a href="http://www.newfreeware.com/internet/480/" target="_blank">PAL PC Spy</a> - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
Source=Paul Collins Startup list
[KM9801U]
Confirmed=U
Filename=MMHotKey.exe
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
Source=Paul Collins Startup list
[kmw_run.exe]
Confirmed=U
Filename=kmw_run.exe
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
Source=Paul Collins Startup list
[kmw_show.exe]
Confirmed=U
Filename=kmw_show.exe
Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
Source=Paul Collins Startup list
[Kodak Batch Transfer]
Confirmed=N
Filename=pezdow1.exe
Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
Source=Paul Collins Startup list
[Kodak EasyShare software]
Confirmed=U
Filename=EasyShare.exe
Description=Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually
Source=Paul Collins Startup list
[Kodak Picture Transfer Software]
Confirmed=N
Filename=pts.exe
Description=Looks for Kodak camera connection and media insertion. Available via Start -> Programs
Source=Paul Collins Startup list
[Kodak Software Updater]
Confirmed=N
Filename=backweb*****.exe
Description=Software updater for <a href="http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml" target="_blank">Kodak Easyshare</a> digital cameras
Source=Paul Collins Startup list
[KodakCCS]
Confirmed=Y
Filename=KodakCCS.exe
Description=Kodak DC File System Driver
Source=Paul Collins Startup list
[Konni Symbol Autostart]
Confirmed=N
Filename=KonniSymbol.exe
Description=Gives configuration access to <a href="http://www.besoftware.com/index.html" target="_blank">RagTime Solo</a> professional business publishing software. RagTime Solo is the private user version of RagTime 5
Source=Paul Collins Startup list
[kontiki]
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list
[KREC32]
Confirmed=U
Filename=krec32.exe
Description=StarrCommander Pro Keystroke logging software
Source=Paul Collins Startup list
[Krnlmod]
Confirmed=U
Filename=Krnlmod.exe
Description=Keylogger - see <a href="http://www.pestpatrol.com/PestInfo/W/Windows_Keylogger.asp" target="_blank"> here</a>. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove via Spybot S&D (for example)
Source=Paul Collins Startup list
[ktchnsnk]
Confirmed=U
Filename=ktchnsnk.exe
Description=HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
Source=Paul Collins Startup list
[kv3000]
Confirmed=X
Filename=lover.vbe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.zsyang.b@mm.html" target="_blank">ZSYANG.B</a> WORM!
Description=Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards
Source=Paul Collins Startup list
[LanGuard]
Confirmed=X
Filename=languard.exe
Description=Adware downloader
Source=Paul Collins Startup list
[LanSpeed2]
Confirmed=U
Filename=LanSpeed2.exe
Description=Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
Source=Paul Collins Startup list
[LapLink scheduler]
Confirmed=U
Filename=Llsched.exe
Description=Utility that automatically performs file transfers as unattended background operations
Source=Paul Collins Startup list
[Lar]
Confirmed=X
Filename=Llass.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojinora.html" target="_blank">INOR-A</a> TROJAN!
Source=Paul Collins Startup list
[lar]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html" target="_blank">ROXY.C</a> TROJAN!
Source=Paul Collins Startup list
[Lasb]
Confirmed=?
Filename=ewat.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[LAsIAf32]
Confirmed=X
Filename=RePEAtLD.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repeatld.html" target="_blank">REPEATLD</a> WORM!
Source=Paul Collins Startup list
[LASTinst]
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[Later]
Confirmed=?
Filename=later.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[LaunApp]
Confirmed=U
Filename=LaunApp.exe
Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list
[Launcg]
Confirmed=?
Filename=launcg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Launch Ai Booster]
Confirmed=U
Filename=OverClk.exe
Description=ASUS <a href="http://www.asuscom.de/pub/ASUS/mb/sock478/p4p800/AIBooster_u.pdf" target=_blank>Ai Booster</a> is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup
Source=Paul Collins Startup list
[Launch YahooPOPs! at Windows startup]
Confirmed=N
Filename=YAHOOPOPS.EXE
Description=<a href="http://yahoopops.sourceforge.net/" target="_blank">YahooPOPs</a> - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs
Source=Paul Collins Startup list
[LaunchAp]
Confirmed=U
Filename=LaunchAp.exe
Description=Part of <a href="http://global.acer.com/" target="_blank">Acer</a> Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list
[LaunchApp]
Confirmed=U
Filename=Alaunch.exe
Description=<a href="http://global.acer.com/" target="_blank">Acer</a> Launch tool utility on laptops
Source=Paul Collins Startup list
[Launchboard]
Confirmed=U
Filename=lnchbrd.exe
Description="LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
Source=Paul Collins Startup list
[Launcher]
Confirmed=X
Filename=launcher.exe
Description=Spyware component related to DownloadWare and found in Program FilesKFH
Source=Paul Collins Startup list
[Launcher]
Confirmed=N
Filename=relaunch.exe
Description=Audio Applications Launcher for the Philips <a href="http://www.consumer.philips.com/global/b2c/ce/catalog/product.jhtml;jsessionid=ONLYIDABKOHRQCRQNE2RYVIKGBUCWHD0?divId=0&groupId=PCSTUFF&catId=&subCatId=SOUNDCARDS&productId=PSC703_05" target="_blank">Rythmiic Edge</a> soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
Source=Paul Collins Startup list
[Lavasoft Ad-Aware]
Confirmed=X
Filename=Ad-Aware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotso.html" target=_blank>RBOT-SO</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool
Source=Paul Collins Startup list
[Lavasoft Adwatch]
Confirmed=U
Filename=Ad-watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list
[laxmsp32.exe]
Confirmed=Y
Filename=laxmsp32.exe
Description=Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
Source=Paul Collins Startup list
[LCDC]
Confirmed=U
Filename=LCDC.exe
Description=<a href="http://www.lcdc.cc/about.htm" target="_blank">LCDC</a> is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
Source=Paul Collins Startup list
[lcfep]
Confirmed=N
Filename=lcfep.exe
Description=Tivoli æTMEÆ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
Source=Paul Collins Startup list
[lcvga]
Confirmed=X
Filename=lcvga.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostola.html" target=_blank>HOSTOL-A</a> TROJAN!
Source=Paul Collins Startup list
[ld]
Confirmed=X
Filename=ld.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related - redirects to fastwebfinder.com
Source=Paul Collins Startup list
[LDM]
Confirmed=N
Filename=backweb-8876480.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list
[LDM]
Confirmed=N
Filename=ldmconf.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list
[LED TRAY]
Confirmed=U
Filename=LEDTRAY.EXE
Description=Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
Description=Lexmark printer button manager. Required for correct operation
Source=Paul Collins Startup list
[Lexmark X5100 Series]
Confirmed=U
Filename=lxbabmgr.exe
Description=System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list
[Lexmark X74-X75]
Confirmed=U
Filename=lxbabmgr.exe
Description=System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Source=Paul Collins Startup list
[Lexmark Xxx Button Manager]
Confirmed=Y
Filename=AcBtnMgr_Xxx.exe
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list
[Lexmark Xxx Button Monitor]
Confirmed=Y
Filename=ACMonitor_Xxx.exe
Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
Source=Paul Collins Startup list
[LexmarkPrinTray]
Confirmed=N
Filename=printray.exe
Description=Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
Source=Paul Collins Startup list
[lexpps]
Confirmed=N
Filename=lexpps.exe
Description=For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges
Source=Paul Collins Startup list
[LexStart]
Confirmed=U
Filename=lexstart.exe
Description=Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
Source=Paul Collins Startup list
[Lfsndmng]
Confirmed=U
Filename=lfsndmng.exe
Description=<a href="http://www.lightningfax.com/products/lightningfax/features.htm" target="_blank">LightningFAX Enterprise Fax Server</a> - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
Description=<a href="http://www.elicense.com/" target="_blank">eLicense</a>, licensing system incorporated with some software and games
Source=Paul Collins Startup list
[LicCtrl]
Confirmed=U
Filename=rundll32.exe [path] MMFS.DLL, Service
Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
Source=Paul Collins Startup list
[LicCtrl]
Confirmed=U
Filename=runservice.exe
Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
Source=Paul Collins Startup list
[LifeScape Media Detector]
Confirmed=N
Filename=PicasaMediaDetector.exe
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
Source=Paul Collins Startup list
[Lightning Download]
Confirmed=U
Filename=Lightning.exe
Description=<a href="http://www.lightningdownload.com/index.shtml" target=_blank>Lightning Download</a> download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer
Source=Paul Collins Startup list
[LimeWire x.x]
Confirmed=N
Filename=LimeWire.exe
Description=<a href="http://www.limewire.com/" target="_blank">LimeWire</a> - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
Source=Paul Collins Startup list
[Line Speed Meter V3.0]
Confirmed=N
Filename=LineSpeedMeter.exe
Description=<a href="http://www.tcpiq.com/tcpiq/linespeed/Default.asp" target="_blank">LineSpeedMeter</a> - detect the download and upload speed of your internet connection
Source=Paul Collins Startup list
[Linksts]
Confirmed=N
Filename=linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list
[Linksts]
Confirmed=X
Filename=linksts.exe
Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Source=Paul Collins Startup list
[Linux]
Confirmed=X
Filename=Linux.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
Source=Paul Collins Startup list
[LiquidView]
Confirmed=U
Filename=lviewj.exe
Description="Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"
Source=Paul Collins Startup list
[LIU]
Confirmed=N
Filename=LIU.exe
Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
Source=Paul Collins Startup list
[LIU]
Confirmed=N
Filename=Rubicon.exe
Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
Source=Paul Collins Startup list
[Live Menu]
Confirmed=N
Filename=Dllcmd32.exe
Description=eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available <a href="http://www.efax.com/help/index.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[LiveMonitor]
Confirmed=N
Filename=LMonitor.exe
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
Source=Paul Collins Startup list
[LiveNote]
Confirmed=N
Filename=Livenote.exe
Description=Asus graphics card driver live update feature
Source=Paul Collins Startup list
[LiveSexCams]
Confirmed=X
Filename=LiveSexCams.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[LiveUpdate]
Confirmed=U
Filename=LiveUpdate.exe
Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
Source=Paul Collins Startup list
[LiveUpdate]
Confirmed=X
Filename=[Windows username]05.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html" target=_blank>LINEAGE</a> TROJAN!
Source=Paul Collins Startup list
[Livre]
Confirmed=X
Filename=Dibane.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html" target=_blank>BANEDI</a> VIRUS!
Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
Source=Paul Collins Startup list
[LManager]
Confirmed=U
Filename=QtZpAcer.exe
Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
Source=Paul Collins Startup list
[LMonitor]
Confirmed=N
Filename=LMonitor.exe
Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
Source=Paul Collins Startup list
[lmpdpsrv]
Confirmed=?
Filename=lmpdpsrv.exe
Description=<font color="#FF0000">Related to a Lexmark printer/scanner. Printer sharing server? Is it required?</font>
Source=Paul Collins Startup list
[LMSTATUS]
Confirmed=N
Filename=LMSTATUS.EXE
Description=Lexmark Status Monitor. Checks the current status of Lexmark printers (and other devices?)
Source=Paul Collins Startup list
[lnternet Explorer]
Confirmed=X
Filename=AMSNDMGR.EXE
Description=Added by the <a href="http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html" target="_blank">KWBOT.R</a> WORM! Note that the "l" is a lower case "L" and not an upper case "I"
Source=Paul Collins Startup list
[LOAD WB]
Confirmed=U
Filename=LOADWB.EXE
Description=Part of Stardock's <a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it
Source=Paul Collins Startup list
[Load-Guard]
Confirmed=X
Filename=Wscript.exe LGuarg.exe.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.b@mm.html" target=_blank>YENO.B</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html" target=_blank>YENO.C</a> WORMS!
Source=Paul Collins Startup list
[LOAD32]
Confirmed=X
Filename=Lorena.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mapson.c.worm.html" target="_blank">MAPSON.C</a> WORM!
Source=Paul Collins Startup list
[load32]
Confirmed=X
Filename=load32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.html" target="_blank">NIBU</a>, <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bambo.html" target="_blank">BAMBO</a> TROJANS and <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html" target="_blank">DUMARU</a> WORM!
Source=Paul Collins Startup list
[load32]
Confirmed=X
Filename=l32x.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.z@mm.html" target="_blank">DUMARU.Z</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html" target="_blank">DUMARU.Y</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ad@mm.html" target="_blank">DUMARU.AD</a> WORM!
Source=Paul Collins Startup list
[load32]
Confirmed=X
Filename=1111a.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html" target="_blank">DUMARU.AH</a> WORM!
Source=Paul Collins Startup list
[load32]
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_TURTA.A&VSect=T" target="_blank">TURTA.A</a> WORM!
Source=Paul Collins Startup list
[load32]
Confirmed=X
Filename=netda.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.e.html" target=_blank>NIBU.E</a> TROJAN!
Source=Paul Collins Startup list
[load=]
Confirmed=N
Filename=adw30.exe
Description=After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
Source=Paul Collins Startup list
[load=]
Confirmed=U
Filename=asistat.exe
Description=Status monitor for an NEC SuperScript printer
Source=Paul Collins Startup list
[load=]
Confirmed=?
Filename=cfgsys32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[load=]
Confirmed=U
Filename=esspk.exe
Description=Speakerphone capability through a soundcard for an <a href="http://www.esstech.com/" target="_blank">ESS</a> modem
Source=Paul Collins Startup list
[load=]
Confirmed=Y
Filename=hotkey.exe
Description=Solo 5300 display driver for Win2K on some Gateway laptops
Source=Paul Collins Startup list
[load=]
Confirmed=N
Filename=HPWHRC.EXE
Description=Loads the Status Window software for the HP Laserjet printers
Source=Paul Collins Startup list
[load=]
Confirmed=?
Filename=WPSLOAD.EXE
Description=<font color="#FF0000">Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk</font>
Source=Paul Collins Startup list
[load=]
Confirmed=N
Filename=vi_grm.exe
Description=Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
Source=Paul Collins Startup list
[load=]
Confirmed=?
Filename=WINOSCFG.EXE
Description=<font color="#FF0000">Could it be something to do with configuring Windows on a new PC from an OEM supplier?</font>
Source=Paul Collins Startup list
[load=]
Confirmed=Y
Filename=wpshrc.exe
Description=Required to prevent configuration errors on a Compaq LBP-660 parallel port laser printer (and maybe others)
Source=Paul Collins Startup list
[load=]
Confirmed=Y
Filename=Bfrecv.exe
Description=Bitware modem driver
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=msater.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html" target="_blank">RETSAM</a> TROJAN!
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=shambl3r.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html" target="_blank">REMABL</a> WORM!
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[Load=]
Confirmed=?
Filename=wtfeat.exe
Description=<font color="#FF0000">Associated with the Wintab Digitizer</font>
Source=Paul Collins Startup list
[load=]
Confirmed=Y
Filename=AICLIENT.EXE
Description=Asset Insight from <a href="http://www.tangram.com/index.htm" target="_blank">Tangram</a> - asset managing software. Required if an organisation is running a centrally administered asset management system
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=hint.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html" target="_blank">ATAK</a> WORM!
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=win32exec.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bitter.html" target=_blank>BITTER</a> WORM!
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=a1g.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html" target=_blank>ATAK.B</a> WORM!
Source=Paul Collins Startup list
[load=]
Confirmed=X
Filename=dapdll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html" target=_blank>ATAK.E</a> WORM!
Source=Paul Collins Startup list
[LoadBlackD]
Confirmed=Y
Filename=blackd.exe
Description=This is the "intrusion detection system" of the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html" target="_blank">GIBE</a> WORM!
Source=Paul Collins Startup list
[LoadDvpApi9x]
Confirmed=?
Filename=DVPAPI9X.exe
Description=<font color="#FF0000">Part of Command AntiVirus for Windows 95/98/Me. Is it needed?</font>
Source=Paul Collins Startup list
[loader]
Confirmed=X
Filename=loader.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe
Source=Paul Collins Startup list
[loader]
Confirmed=X
Filename=WMPLAYER.EXE
Description=Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
Source=Paul Collins Startup list
[LoadFonts]
Confirmed=X
Filename=LoadFonts.vbs
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list
[LoadFonts]
Confirmed=X
Filename=Tahoma.vbs
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list
[LoadHTML]
Confirmed=X
Filename=rundll32.exe mshtmpre.dll, MShtmpre
Description=Browser hijacker
Source=Paul Collins Startup list
[LoadingAgent]
Confirmed=X
Filename=ZipLoader32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[LoadingAgent]
Confirmed=X
Filename=msload32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[LoadManager]
Confirmed=X
Filename=msload.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[LoadMSvcmm]
Confirmed=N
Filename=msvcmm32.exe
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list
[LoadOrderVerification]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A" target="_blank">TRON.A</a> TROJAN!
Source=Paul Collins Startup list
[Loadout Manager]
Confirmed=U
Filename=nost_LM.exe
Description=Manager for the Belkin Nostromo n50 SpeedPad game controller - see <a href="http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=1&Product_Id=107727" target="_blank"> here</a>
Source=Paul Collins Startup list
[LoadPowerProfile]
Confirmed=X
Filename=ASDAPI.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cabro.html" target="_blank">CABRO</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
Source=Paul Collins Startup list
[LoadPowerProfile]
Confirmed=U
Filename=Rundll32.exe powrprof.dll
Description=Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;187611" target="_blank">here</a>. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
Source=Paul Collins Startup list
[LoadPowerProfile]
Confirmed=X
Filename=Rundll.exe powerprof.dll
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html" target=_blank>LOXOSCAM</a> TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
Source=Paul Collins Startup list
[LoadPowerProfile]
Confirmed=X
Filename=rundl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.tofazzol.html" target="_blank">TOFAZZOL</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
Source=Paul Collins Startup list
[LoadPowerProfile]
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.miroot.worm.html" target="_blank">MIROOT</a> WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
Source=Paul Collins Startup list
[LoadQM]
Confirmed=U
Filename=loadqm.exe
Description=Installed with MSN Explorer and loads the <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;q309418" target="_blank"> MSN Queue Manager</a>. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
Description=<font color="#FF0000">Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?</font>
Source=Paul Collins Startup list
[LoadWindowsFile]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html" target="_blank">DELF.B</a> TROJAN! where [filename] is the infected file
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotky.html" target=_blank>AGOBOT-KY</a> TROJAN!
Source=Paul Collins Startup list
[Lock My PC]
Confirmed=U
Filename=lockpc.exe
Description=<a href="http://www.fspro.net/lmpc/" target=_blank>Lock_My_PC</a> - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse
Source=Paul Collins Startup list
[Login]
Confirmed=U
Filename=winlog.exe
Description=Salfeld <a href="http://www.salfeld.com/parental_control_overwiew.htm" target="_blank">Child Control 2003</a> - parental control software
Source=Paul Collins Startup list
[Login Service]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="https://www.europe.f-secure.com/v-descs/migmaf.shtml" target="_blank">MIGMAF</a> TROJAN!
Source=Paul Collins Startup list
[LoginPassport]
Confirmed=X
Filename=Lgnpsp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html" target="_blank">REDIST.C</a> WORM!
Source=Paul Collins Startup list
[Logitech Desktop Messenger]
Confirmed=N
Filename=backweb-8876480.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list
[Logitech Desktop Messenger]
Confirmed=N
Filename=ldmconf.exe
Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Source=Paul Collins Startup list
[Logitech Hardware Abstraction Layer]
Confirmed=?
Filename=Khalmnpr.exe
Description=Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[Logitech SetPoint]
Confirmed=U
Filename=KEM.exe
Description=Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
Source=Paul Collins Startup list
[Logitech Utility]
Confirmed=U
Filename=Logi_MwX.exe
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list
[Logitech Wakeup]
Confirmed=N
Filename=lgwakeup.exe
Description=Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
Source=Paul Collins Startup list
[LogitechGalleryRepair]
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Source=Paul Collins Startup list
[LogitechImageStudioTray]
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list
[LogitechSoftwareUpdate]
Confirmed=?
Filename=ManifestEngine.exe
Description=Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras. Probably not required
Source=Paul Collins Startup list
[LogitechVideoRepair]
Confirmed=U
Filename=ISStart.exe
Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Source=Paul Collins Startup list
[LogitechVideoTray]
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list
[LogiTray]
Confirmed=N
Filename=LogiTray.exe
Description=Logitech Image Studio - installed with Logitech QuickCams
Source=Paul Collins Startup list
[Logi_Mwx]
Confirmed=U
Filename=Logi_MwX.exe
Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Source=Paul Collins Startup list
[Logon.exe]
Confirmed=X
Filename=logon.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_ZINS.A" target=_blank>ZINS.A</a> TROJAN!
Source=Paul Collins Startup list
[LogonStudio]
Confirmed=U
Filename=logonstudio.exe
Description=WinCustomize <a href="http://www.stardock.com/products/logonstudio/" target="_blank">LogonStudio</a> - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"
Source=Paul Collins Startup list
[LogWatch]
Confirmed=U
Filename=logwat95.exe
Description=Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see <a href="http://support.ca.com/Download/patches/licenseit/LO51215.html" target="_blank">here</a>. Not required if you already have a newer version or the patch has been applied
Source=Paul Collins Startup list
[Look 'n' Stop]
Confirmed=Y
Filename=looknstop.exe
Description=<a href="http://www.looknstop.com/En/index2.htm">Look 'n' Stop</a> personal firewall
Source=Paul Collins Startup list
[LookNMeet]
Confirmed=N
Filename=Agent.exe
Description=<a href="http://217.22.55.178/rdl/lnm_v4.3/nl/index.html" target=_blank>LooknMeet</a> dating service
Source=Paul Collins Startup list
[Lookup_Sys]
Confirmed=X
Filename=lookupsys.exe
Description=P04n trojan
Source=Paul Collins Startup list
[Lotus Organizer EasyClip]
Confirmed=N
Filename=easyclip.exe
Description="The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs
Source=Paul Collins Startup list
[Lotus QuickStart]
Confirmed=N
Filename=smartctr.exe
Description=Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
Source=Paul Collins Startup list
[Lotus SuiteStart]
Confirmed=U
Filename=suitest.exe
Description=Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
Source=Paul Collins Startup list
[LowVersionSupport]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html" target="_blank">LASTRAS</a> TROJAN!
Source=Paul Collins Startup list
[Lpr]
Confirmed=X
Filename=Lpr123.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html" target=_blank>REMPSTEAL</a> password stealer TROJAN!
Source=Paul Collins Startup list
[Lpr123]
Confirmed=X
Filename=Lpr123.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html" target=_blank>REMPSTEAL</a> password stealer TROJAN!
Source=Paul Collins Startup list
[LPS]
Confirmed=U
Filename=Lps.exe
Description=Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
Source=Paul Collins Startup list
[LPtask]
Confirmed=U
Filename=lptask.exe
Description=<a href="http://www.sanegroup.com/sanegroup/lppro.html" target="_blank">Program Lock It And Protect Pro</a> - lock and protect your folders from being opened, moved or deleted
Source=Paul Collins Startup list
[LS120 Superdisk]
Confirmed=N
Filename=??
Description=Supposed to accelerate transfer rate on LS-120, contributes to system lockups
Source=Paul Collins Startup list
[lsass]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html" target="_blank">RATSOU.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank"> Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[lsass]
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list
[lsass]
Confirmed=X
Filename=[path to lsass.exe]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lasss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[lsass]
Confirmed=X
Filename=lsasrv.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.ag@mm.html" target=_blank>MYDOOM.AG</a> WORM!
Source=Paul Collins Startup list
[LSASS Daemon]
Confirmed=X
Filename=LSASSd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[lsass service]
Confirmed=X
Filename=lsass2.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[lsasss.exe]
Confirmed=X
Filename=lsasss.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SASSER.E" target="_blank">SASSER.E</a> WORM!
Source=Paul Collins Startup list
[LSPFix]
Confirmed=X
Filename=LSPmonitor.exe
Description=eAcceleration Stop-Sign related - foistware. Read their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Source=Paul Collins Startup list
[LSPmonitor]
Confirmed=X
Filename=LSPmonitor.exe
Description=eAcceleration Stop-Sign related - foistware. Read their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Source=Paul Collins Startup list
[lssass]
Confirmed=X
Filename=lssas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL" target=_blank>AGOBOT.RL</a> WORM!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.A&VSect=T" target="_blank">LITMUS.A</a> TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System
Source=Paul Collins Startup list
[LTM2]
Confirmed=X
Filename=MPGSRV32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.201" target="_blank">LITMUS.201</a> TROJAN!
Source=Paul Collins Startup list
[LTM2]
Confirmed=X
Filename=MSGSRV320.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C" target="_blank">LITMUS.C</a> TROJAN!
Source=Paul Collins Startup list
[LTM2]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!
Source=Paul Collins Startup list
[LTM2]
Confirmed=X
Filename=bible.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!
Source=Paul Collins Startup list
[LtMoh]
Confirmed=U
Filename=Ltmoh.exe
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Source=Paul Collins Startup list
[LTMSG]
Confirmed=Y
Filename=ltmsg.exe
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list
[LTSMMSG]
Confirmed=N
Filename=LTSMMSG.exe
Description=Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
Source=Paul Collins Startup list
[LTSMSG]
Confirmed=X
Filename=Shell32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.b.html" target="_blank">LEMIR.B</a> TROJAN!
Source=Paul Collins Startup list
[LTWinModem1]
Confirmed=Y
Filename=ltmsg.exe
Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list
[Lusetup]
Confirmed=Y
Filename=LUSetup.exe
Description=Symantec <a href="http://service1.symantec.com/support/sharedtech.nsf/docid/1999051911110813" target=_blank>LiveUpdate installer</a> - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot
Source=Paul Collins Startup list
[LVComs]
Confirmed=U
Filename=lvcoms.exe
Description=Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
Source=Paul Collins Startup list
[LVCOMSX]
Confirmed=?
Filename=LVCOMSX.EXE
Description=Logitech webcam related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[LWBMOUSE]
Confirmed=U
Filename=lwbwheel.exe
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[LWBMOUSE]
Confirmed=U
Filename=MOUSE32A.EXE
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Lwinst Run Profiler]
Confirmed=N
Filename=lwtest.exe
Description=Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
Source=Paul Collins Startup list
[lxamsp32]
Confirmed=?
Filename=lxamsp32.exe
Description=<font color="#FF0000">Associated with a Lexmark Printer - is it required?</font>
Source=Paul Collins Startup list
[LXbbmgr]
Confirmed=?
Filename=LXbbmgr.exe
Description=<font color="#FF0000">Lexmark printer button manager? Is it required?</font>
Source=Paul Collins Startup list
[LXBLKsk]
Confirmed=?
Filename=LXBLKsk.exe
Description=Lexmark related. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[lxbrbmgr]
Confirmed=Y
Filename=lxbrbmgr.exe
Description=Lexmark printer button manager. Required for correct operation
Source=Paul Collins Startup list
[LXBRKsk]
Confirmed=?
Filename=LXBRKsk.exe
Description=Lexmark printer related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[LXSUPMON]
Confirmed=N
Filename=LXSUPMON.EXE
Description=Lexmark Printer. The printer should work fine without it
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list
[M1cr0s0ft S3rcurity]
Confirmed=X
Filename=systemconfig.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.BKB" target=_blank>RBOT.BKB</a> WORM!
Source=Paul Collins Startup list
[M1cr0s0ft Upd4t4zS]
Confirmed=X
Filename=update32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmi.html" target=_blank>RBOT-MI</a> WORM!
Source=Paul Collins Startup list
[m32info]
Confirmed=X
Filename=m32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[M3Tray]
Confirmed=N
Filename=m3tray.exe
Description=<a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list
[Macfee Security Patch]
Confirmed=X
Filename=Mpfsheild.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnp.html" target=_blank>RBOT-NP</a> WORM!
Source=Paul Collins Startup list
[Machine Debug Manager]
Confirmed=U
Filename=mdm.exe
Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
Source=Paul Collins Startup list
[MacLic]
Confirmed=N
Filename=MacLic.exe
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
Source=Paul Collins Startup list
[MacName]
Confirmed=N
Filename=MacName.exe
Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
Source=Paul Collins Startup list
[MAD.EXE]
Confirmed=Y
Filename=MAD.EXE
Description=MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
Source=Paul Collins Startup list
[MadExe]
Confirmed=N
Filename=LaunchRA.exe
Description=Dell Resolution Assistant
Source=Paul Collins Startup list
[MagicDsk]
Confirmed=U
Filename=MAGICDSK.EXE
Description=Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
Source=Paul Collins Startup list
[Magitime]
Confirmed=N
Filename=Magitime.exe
Description=<a href="http://www.geocities.com/magistone/magitime.htm" target="_blank">Magitime</a> - connection tracking utility which monitors online time, expense, data transfer
Source=Paul Collins Startup list
[Mail.com]
Confirmed=?
Filename=mcalert.exe
Description=<a href="http://mail01.mail.com/" target="_blank">Mail.com</a> - free web-mail service. <font color="#FF0000">Does mcalert.exe notify you when new mail has arrived?</font>
Source=Paul Collins Startup list
[MailBell]
Confirmed=U
Filename=mailbell.exe
Description=<a href="http://www.emtec.com/mailbell/" target="_blank">MailBell</a> e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
Source=Paul Collins Startup list
[Mailbox Verifier]
Confirmed=U
Filename=mboxvrfy.exe
Description=<a href="http://" target="_blank">Mailbox Verifier (MV)</a> is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
Source=Paul Collins Startup list
[MailScan Dispatcher]
Confirmed=Y
Filename=Launch.exe
Description=<a href="http://www.mspl.net/antivirus/mailscan/ms4adv.asp" target="_blank">MailScan</a> Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
Source=Paul Collins Startup list
[Mail_Check]
Confirmed=X
Filename=Mail_Check.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C" target="_blank">PANOIL.C</a> WORM!
Source=Paul Collins Startup list
[MAIN]
Confirmed=U
Filename=main.exe
Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Source=Paul Collins Startup list
[Main Executable (HP)]
Confirmed=?
Filename=HP05T0R5.exe
Description=<font color="#FF0000">HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?</font>
Source=Paul Collins Startup list
[main16]
Confirmed=X
Filename=main16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[main32]
Confirmed=X
Filename=main32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[mainviewex]
Confirmed=X
Filename=mainviewex.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list
[Mania Win Restore]
Confirmed=N
Filename=RESWIN.EXE
Description=Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
Source=Paul Collins Startup list
[Mantis]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html" target="_blank">MANTIBE</a> VIRUS!
Source=Paul Collins Startup list
[MapiDrv]
Confirmed=X
Filename=mpisvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mipsiv.html" target="_blank">MIPSIV</a> TROJAN!
Source=Paul Collins Startup list
[mapisvc32]
Confirmed=X
Filename=mapisvc32.exe
Description=Added by the KX VIRUS and also recognised by Symantec as <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.fapi.html" target="_blank"> FPAI</a> adware
Source=Paul Collins Startup list
[masqform.exe]
Confirmed=N
Filename=masqform.exe
Description=PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
Source=Paul Collins Startup list
[Mass storage check registry]
Confirmed=N
Filename=rundll32.exe MSDServ.dll, check registry
Description=Used with a USB based smartmedia card reader
Source=Paul Collins Startup list
[Master Volume Spy]
Confirmed=U
Filename=MASTERVOLUMESPY.EXE
Description=Volume control for the Gateway Destination "DestiVu" media interface
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html" target=_blank>MATRIXSCREEN</a> TROJAN!
Source=Paul Collins Startup list
[MatrixScreenSaver]
Confirmed=X
Filename=mss.exe
Description=Malware, see <a href="http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=7278" target="_blank"> here</a>
Source=Paul Collins Startup list
[Matrox Color Control]
Confirmed=N
Filename=hgcctl95.exe
Description=For Matrox video cards. Quick access to changing colors
Source=Paul Collins Startup list
[Matrox Control Center]
Confirmed=N
Filename=mgactrl.exe
Description=For Matrox video cards. Quick access to settings
Source=Paul Collins Startup list
[Matrox Diagnostic]
Confirmed=N
Filename=mgadiag.exe
Description=For Matrox video cards. Quick access to diagnostics
Source=Paul Collins Startup list
[Matrox Powerdesk]
Confirmed=N
Filename=PDesk.exe
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list
[Matrox PowerDesk 8]
Confirmed=N
Filename=Matrox.PowerDesk.exe /silent
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list
[Matrox QuickDesk]
Confirmed=N
Filename=mgaqdesk.exe
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list
[MaxAlerts]
Confirmed=X
Filename=max.exe
Description=Bonzi MaxALERT - spyware
Source=Paul Collins Startup list
[MaxtorCombo]
Confirmed=Y
Filename=ComboButton.exe
Description=Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
Source=Paul Collins Startup list
[MaxtorReg]
Confirmed=U
Filename=AUTOREG.EXE
Description=Part of <a href="http://www.netsizzle.net/sysagent.asp" target="_blank">SYSagent</a> - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Source=Paul Collins Startup list
[MBM 4]
Confirmed=U
Filename=MBM4.exe
Description=Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Source=Paul Collins Startup list
[MBM 5]
Confirmed=U
Filename=MBM5.exe
Description=<a href="http://mbm.livewiredev.com/" target=_blank>Motherboard Monitor 5</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Source=Paul Collins Startup list
[MBProbe]
Confirmed=U
Filename=mbrpobe.exe
Description=<a href="http://mbprobe.livewiredev.com/about.html" target="_blank">MBProbe</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
Source=Paul Collins Startup list
[MC]
Confirmed=X
Filename=wintrims.exe
Description=Added by the <a href="http://www.europe.f-secure.com/v-descs/wintrim.shtml" target="_blank">WINTRIM</a> TROJAN!
Source=Paul Collins Startup list
[Mcafee Anti Scan]
Confirmed=X
Filename=NortonScn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Mcafee Antivirus Monitoring System32mn]
Confirmed=X
Filename=VSStatmn32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[McAfee Firewall]
Confirmed=Y
Filename=CPD.EXE
Description=Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
Source=Paul Collins Startup list
[McAfee Guardian]
Confirmed=N
Filename=CMGRDIAN.EXE
Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
Source=Paul Collins Startup list
[McAfee QuickClean Imonitor]
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target=_blank>McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list
[McAfee Winguage]
Confirmed=N
Filename=??
Description=Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list
[McAfee.InstantUpdate.Monitor]
Confirmed=U
Filename=RuLaunch.exe
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Source=Paul Collins Startup list
[McAfeeUpdaterUI]
Confirmed=?
Filename=UpdaterUI.exe
Description=Associated with McAfee Enterprise 7.0.0.<font color="#FF0000"> Updater for McAfee anti-virus and security programs?</font>
Source=Paul Collins Startup list
[McAfeeVirusScanService]
Confirmed=Y
Filename=Avsynmgr.exe
Description=From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
Source=Paul Collins Startup list
[McAfeeWebscanX]
Confirmed=Y
Filename=WebScanX.exe
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list
[Mcaffe Antivirus]
Confirmed=X
Filename=Mcafeescn.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[McAgentExe]
Confirmed=U
Filename=mcagent.exe
Description=From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
Source=Paul Collins Startup list
[Mcappins.exe]
Confirmed=?
Filename=mcappins.exe
Description=McAfee Application Installer.<font color="#FF0000"> </font><font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[MChanger]
Confirmed=N
Filename=MChanger.exe
Description=Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
Source=Paul Collins Startup list
[McRegWiz]
Confirmed=?
Filename=mcregwiz.exe
Description=McAfee antivirus related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[McUpdateExe]
Confirmed=U
Filename=mcupdate.exe
Description=From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
Source=Paul Collins Startup list
[McVsRte]
Confirmed=Y
Filename=mcusrt.exe
Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank">SecurityCenter</a>. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
Source=Paul Collins Startup list
[mcvsshld]
Confirmed=Y
Filename=mcvsshld.exe
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list
[MD IE Plugin]
Confirmed=X
Filename=md.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[MD IE Plugin]
Confirmed=X
Filename=winy.exe
Description=Adware
Source=Paul Collins Startup list
[mdac_runonce]
Confirmed=N
Filename=runonce.exe
Description=Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".
Source=Paul Collins Startup list
[mdetect]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html" target="_blank">SPABOT</a> TROJAN!
Source=Paul Collins Startup list
[Mdm]
Confirmed=X
Filename=Mdm.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.trappy@mm.html" target="_blank">TRAPPY</a> WORM!
Source=Paul Collins Startup list
[mdm]
Confirmed=X
Filename=mdm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename
Source=Paul Collins Startup list
[MDM7]
Confirmed=U
Filename=mdm.exe
Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
Source=Paul Collins Startup list
[Mdmdll]
Confirmed=X
Filename=mdmdll.exe
Description=Added by the <a href="http://www.pestpatrol.com/PestInfo/t/trojandownloader_win32_crypter.asp" target=_blank>CRYPTER</a> TROJAN!
Source=Paul Collins Startup list
[Mdmdll32]
Confirmed=X
Filename=mdmdll32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[mdwmdmsp]
Confirmed=X
Filename=mdwmdmsp.exe
Description=Adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus and others as TrojanDownloader.Win32.Agent.am
Description=Added by a unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Media Manager Indexer]
Confirmed=U
Filename=AIRSVCU.EXE
Description=Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see <a href="http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[Media Player]
Confirmed=X
Filename=media.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfldmediaa.html" target="_blank">FLDMEDIA-A</a> TROJAN!
Source=Paul Collins Startup list
[Media Player]
Confirmed=X
Filename=wmplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbm.html" target="_blank">AGOBOT-BM</a> WORM!
Source=Paul Collins Startup list
[Media Plug x.1.2]
Confirmed=X
Filename=msdm.exe
Description=Added by the MULDROP.352 VIRUS!
Source=Paul Collins Startup list
[Media Service]
Confirmed=X
Filename=msn64.exe
Description=Added by the <a href="http://hu.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.EV" target="_blank">SPYBOT.EV</a> WORM!
Source=Paul Collins Startup list
[Media service]
Confirmed=X
Filename=msnmsgxr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TF" target="_blank">SDBOT.TF</a> WORM!
Source=Paul Collins Startup list
[Media service]
Confirmed=X
Filename=SYSTEM64.EXE
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65730&VName=WORM_RBOT.QV&VSect=T" target="_blank">RBOT.QV</a> WORM!
Source=Paul Collins Startup list
[MediaFace Integration]
Confirmed=N
Filename=Sethook.exe
Description=Fellowes NeatoÖ cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Source=Paul Collins Startup list
[Mediafour Mac Volume Notifications]
Confirmed=U
Filename=Macvntfy.exe
Description=<a href="http://www.mediafour.com/products/xplay/" target="_blank">Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
Source=Paul Collins Startup list
[Mediafour XPlay Tray Notification Icon]
Confirmed=U
Filename=Xptryicn.exe
Description=<a href="http://www.mediafour.com/products/xplay/" target=_blank>Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
Source=Paul Collins Startup list
[MediaKey]
Confirmed=U
Filename=MediaKey.exe
Description=<a href="http://www.futurepowerusa.com/support/kb_911/help/overview.htm" target="_blank">Multimedia keyboard</a> manager. Required if you use the multimedia keys
Source=Paul Collins Startup list
[MediaLoads]
Confirmed=X
Filename=dw.exe
Description=<a href="http://www.medialoads.com/" target="_blank">Medialoads</a> is advertising software - running DownloadWare as its executable. Installed as a bundle with <a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">Kazaa Media Desktop</a>. See <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[MediaLoads Installer]
Confirmed=X
Filename=dw.exe
Description=<a href="http://www.medialoads.com/" target="_blank">Medialoads</a> is advertising software - running DownloadWare as its executable. Installed as a bundle with <a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">Kazaa Media Desktop</a>. See <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[MediaMonitor]
Confirmed=N
Filename=Mediam~1.exe
Description=Installed by Smartdisk MVP CD burning software. Software will work fine without it
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list
[MediaPath]
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list
[MediaRing Talk]
Confirmed=N
Filename=mrtalk.exe
Description=Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
Source=Paul Collins Startup list
[media_manager]
Confirmed=X
Filename=mediaman.exe
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>, IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
Source=Paul Collins Startup list
[media_stub]
Confirmed=X
Filename=stub.exe
Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>, IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
Source=Paul Collins Startup list
[MemConfig]
Confirmed=X
Filename=SetupIE.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html" target="_blank">TAPLAK</a> WORM!
Source=Paul Collins Startup list
[MemoKit]
Confirmed=U
Filename=MK.EXE
Description=Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS professionals recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[Memory Check]
Confirmed=X
Filename=memore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html" target="_blank">KILLAV.C</a> TROJAN!
Source=Paul Collins Startup list
[Memory Stick Monitor]
Confirmed=N
Filename=MSTAT.exe
Description=Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer
Source=Paul Collins Startup list
[Memory Stick Monitor]
Confirmed=U
Filename=MSstat.exe
Description=Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
Description=Memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[MemoryMeter]
Confirmed=X
Filename=MemoryMeter.exe
Description=Autoinstalling spyware by <a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a>
Source=Paul Collins Startup list
[MemScanner]
Confirmed=N
Filename=MemScanner.exe
Description=SpyHunter - spyware remover of somewhat dubious repute, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list
[MemTurbo]
Confirmed=U
Filename=memturbo.exe
Description=<a href="http://www.memturbo.com/" target="_blank">MemTurbo</a> memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[MenuSnap]
Confirmed=N
Filename=MenuSnap.exe
Description=<a href="http://www.rietta.com/menusnap/" target="_blank">MenuSnap</a> from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe
Source=Paul Collins Startup list
[Message Queuing]
Confirmed=X
Filename=msmqs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.freefors.html" target="_blank">FREEFORS</a> TROJAN!
Description=<a href="http://www.ograhl.com/en/messageblocker/" target="_blank">Message Blocker</a> - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"
Source=Paul Collins Startup list
[Messenger]
Confirmed=X
Filename=messenger.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kutex.html" target="_blank">KUTEX</a> TROJAN!
Source=Paul Collins Startup list
[Messenger Block]
Confirmed=X
Filename=msngrblock.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.patoo@mm.html" target="_blank">PATOO</a> WORM!
Source=Paul Collins Startup list
[Messenger start-up]
Confirmed=X
Filename=Msgran.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gramos.html" target="_blank">GRAMOS</a> WORM!
Source=Paul Collins Startup list
[Messenger6]
Confirmed=X
Filename=command.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html" target=_blank>INZAE.B</a> WORM!
Source=Paul Collins Startup list
[MessengerDiscovery]
Confirmed=U
Filename=MessengerDiscovery.exe
Description=<a href="http://www.messengerdiscovery.com/" target=_blank>MessengerDiscovery</a> is a MSN Messenger add-on - adding over 70 new features
Source=Paul Collins Startup list
[MessengerPlus]
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list
[MessengerPlus2]
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list
[MessengerPlus3]
Confirmed=N
Filename=MsgPlus.exe
Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
Source=Paul Collins Startup list
[messnger]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html" target="_blank">DELODER</a> WORM!
Source=Paul Collins Startup list
[messnger]
Confirmed=X
Filename=Dvldr32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A" target="_blank">DELODER.A</a> WORM!
Source=Paul Collins Startup list
[MeTaLRoCk (irc.musirc.com) has sex with printers]
Confirmed=X
Filename=metalrock-is-gay.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
Description=MATROX Graphics card related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[MGA Quickdesk]
Confirmed=N
Filename=MGAQDESK.EXE
Description=For Matrox video cards. Quick access to tweak your card to your liking
Source=Paul Collins Startup list
[Mgabg]
Confirmed=?
Filename=Mgabg.exe
Description=Matrox BIOS Guard. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[mgavctrl]
Confirmed=Y
Filename=mgavrtcl.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list
[mgavctrl]
Confirmed=Y
Filename=mgavrte.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list
[mgavrtclexe]
Confirmed=Y
Filename=mgavrtcl.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list
[mgavrtclexe]
Confirmed=Y
Filename=mgavrte.exe
Description=McAfee's Virus Scan Online
Source=Paul Collins Startup list
[MGA_CD_Install]
Confirmed=N
Filename=mgasetup.exe
Description=Matrox Millennium video driver. Not required once drivers installed
Source=Paul Collins Startup list
[MHDOGStart]
Confirmed=X
Filename=mhdogst.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
Source=Paul Collins Startup list
[MHINIT]
Confirmed=N
Filename=MHINIT.EXE
Description=Part of the Cybermedia Clean Sweep package
Source=Paul Collins Startup list
[Mickey Mouse Cereal]
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html" target=_blank>RANKY.Q</a> TROJAN!
Source=Paul Collins Startup list
[Micr Update]
Confirmed=X
Filename=soundblaster.exe
Description=Added by the <a href="http://no.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NP" target="_blank">SDBOT.NP</a> WORM!
Source=Paul Collins Startup list
[Microangelo Desktop]
Confirmed=U
Filename=Muamgr.exe
Description=Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
Source=Paul Collins Startup list
[microAttuneDownload]
Confirmed=N
Filename=atmdlusr.exe
Description=USR (US Robotics) modem auto updater. May be a sub-set of Attune
Source=Paul Collins Startup list
[MicroDialler]
Confirmed=U
Filename=atdialler1.exe
Description=Part of the <a href="https://www.freeserve.com/time/anytimereg/migration/?redirect=int" target="_blank">Freeserve Connection Kit</a> - changes the dial-up for Freeserve AnyTime if access problems are encountered
Source=Paul Collins Startup list
[Microfinder lptt01]
Confirmed=X
Filename=mcf.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "mcf" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Microfinder ml097e]
Confirmed=X
Filename=mcf.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "mcf" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[MicroLoad]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html" target="_blank">DARBY</a> WORM!
Source=Paul Collins Startup list
[Microsof Windows Host]
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY" target=_blank>RBOT.ADY</a> WORM!
Source=Paul Collins Startup list
[Microsof Winlog Host]
Confirmed=X
Filename=wilogon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XC" target=_blank>RBOT.XC</a> WORM!
Source=Paul Collins Startup list
[Microsofot x386 System Monitor]
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.M" target="_blank">WOOTBOT.M</a> WORM!
Source=Paul Collins Startup list
[microsoft]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[microsoft]
Confirmed=X
Filename=microsoft.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list
[Microsoft Associates, Inc.]
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Microsoft .NET Confingurator]
Confirmed=X
Filename=msnconf.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft 16Bit Update]
Confirmed=X
Filename=wuapdate16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CZ" target="_blank">RBOT.CZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft ALG32 Protocol]
Confirmed=X
Filename=alg32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Announcement Listener]
Confirmed=N
Filename=Annclist.exe
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[Microsoft Ansti Update]
Confirmed=X
Filename=msie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotle.html" target="_blank">RBOT-LE</a> WORM!
Source=Paul Collins Startup list
[Microsoft AOL32 Protocol]
Confirmed=X
Filename=aol32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Associates, Inc.]
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Microsoft AUT Update]
Confirmed=X
Filename=MSlti32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotx.html" target="_blank">RBOT-X</a> WORM!
Source=Paul Collins Startup list
[Microsoft AUT Update]
Confirmed=X
Filename=MSlti16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EB&VSect=T" target=_blank>RBOT.EB</a> WORM!
Source=Paul Collins Startup list
[Microsoft auto update]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.bmbot.html" target="_blank">BMBOT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft AutoUpdater]
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QG" target="_blank">RBOT.QG</a> WORM!
Source=Paul Collins Startup list
[Microsoft Conf Ldr]
Confirmed=X
Filename=sysconf.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Config]
Confirmed=X
Filename=msconf.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.PV" target="_blank">RBOT.PV</a> WORM!
Source=Paul Collins Startup list
[Microsoft Config]
Confirmed=X
Filename=MSCONF.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlg.html" target=_blank>RBOT-LG</a> WORM!
Source=Paul Collins Startup list
[Microsoft Config File]
Confirmed=X
Filename=config.exe
Description=Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!
Source=Paul Collins Startup list
[Microsoft Corporation]
Confirmed=X
Filename=[random filename]
Description=Added by various VIRUSES, WORMS & TROJANS!
Source=Paul Collins Startup list
[Microsoft CSRSS32 Protocol]
Confirmed=X
Filename=csrss32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft CSRSS386 Protocol]
Confirmed=X
Filename=csrss386.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Cvrt]
Confirmed=X
Filename=mscvrt32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft Data Helper]
Confirmed=X
Filename=cihost.exe
Description=Malware, possibly a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html" target="_blank">LINST</a> TROJAN
Source=Paul Collins Startup list
[Microsoft Data Machine]
Confirmed=X
Filename=csdata32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Database Handler]
Confirmed=X
Filename=mssql32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ax.html" target="_blank">RANDEX.AX</a> WORM!
Source=Paul Collins Startup list
[Microsoft Decryption Technology]
Confirmed=X
Filename=Msfenoe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdg.html" target=_blank>SPYBOT-DG</a> WORM!
Source=Paul Collins Startup list
[Microsoft Diagnostic]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www3.ca.com/virusinfo/Virus.asp?ID=11532" target="_blank">ACEBOT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Digital Clock]
Confirmed=X
Filename=msclock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbotd.html" target="_blank">NACKBOT-D</a> WORM!
Source=Paul Collins Startup list
[Microsoft DirectX]
Confirmed=X
Filename=Spoolserv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.worm.html" target="_blank">DINFOR</a> WORM!
Source=Paul Collins Startup list
[Microsoft DirectX]
Confirmed=X
Filename=rasmngr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft DirectX]
Confirmed=X
Filename=PDSched.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T" target=_blank>SDBOT.CN</a> WORM!
Source=Paul Collins Startup list
[Microsoft DirectX]
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MY&VSect=T" target=_blank>SDBOT.MY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Dll Management]
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmt.html" target=_blank>RBOT-MT</a> WORM!
Source=Paul Collins Startup list
[Microsoft DNS Query]
Confirmed=X
Filename=msdns.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Document]
Confirmed=X
Filename=krisp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html" target=_blank>SDBOT-RQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Drivers]
Confirmed=X
Filename=WSconf.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft ErgoPack]
Confirmed=X
Filename=wserb32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotri.html" target=_blank>RBOT-RI</a> WORM!
Source=Paul Collins Startup list
[Microsoft Excell]
Confirmed=X
Filename=wuamngr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqh.html" target=_blank>RBOT-QH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Executing]
Confirmed=X
Filename=microsoft.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV" target=_blank>AGOBOT.UV</a> WORM!
Source=Paul Collins Startup list
[Microsoft EXPLOREXP Protocol]
Confirmed=X
Filename=explorexp.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Features]
Confirmed=X
Filename=ms32cfg.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.HO&VSect=T" target="_blank">RBOT.HO</a> WORM!
Source=Paul Collins Startup list
[Microsoft Find Fast]
Confirmed=X
Filename=Findfast.exe
Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
Source=Paul Collins Startup list
[Microsoft Firewall]
Confirmed=X
Filename=firewallsp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmc.html" target="_blank">RBOT-MC</a> WORM!
Source=Paul Collins Startup list
[MICROSOFT FIREWALL CLIENT]
Confirmed=Y
Filename=ISATRAY.EXE
Description=MS Internet Security and Acceleration Server 2000
Source=Paul Collins Startup list
[Microsoft Gina V Encryption]
Confirmed=X
Filename=MSGINAV.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft Greetings Reminders]
Confirmed=N
Filename=MHPRMIND.EXE
Description=Microsoft Home Publishing greetings reminder
Source=Paul Collins Startup list
[Microsoft Greetings Workshop Reminder]
Confirmed=N
Filename=Gwremind.exe
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list
[Microsoft Greetings Reminder]
Confirmed=N
Filename=MHPRMINF.EXE
Description=You really want to be reminded about somebody's birthday at the expense of resources?
Source=Paul Collins Startup list
[Microsoft Help SVC]
Confirmed=X
Filename=msnmngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html" target="_blank">SDBOT-PQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Help System]
Confirmed=X
Filename=mshelp32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft IE]
Confirmed=X
Filename=Iexplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotag.html" target="_blank">FORBOT-AG</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Microsoft IE Execute shell]
Confirmed=X
Filename=IEExec.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html" target="_blank">ALADINZ.N</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft IIS]
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.francette.worm.html" target="_blank">FRANCETTE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Inc.]
Confirmed=X
Filename=iexplorer.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Inet Xp..]
Confirmed=X
Filename=teekids.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html" target="_blank">BLASTER.C</a> WORM!
Source=Paul Collins Startup list
[Microsoft Intellitype Pro]
Confirmed=U
Filename=speedkey.exe
Description=Additional keyboard shortcuts on MS programmable keyboard
Source=Paul Collins Startup list
[Microsoft Internet]
Confirmed=X
Filename=expl0rer.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Internet]
Confirmed=X
Filename=windows32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotf.html" target="_blank">SDBOT-F</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkx.html" target="_blank">RBOT-KX</a> WORM!
Source=Paul Collins Startup list
[Microsoft Internet Explorer]
Confirmed=X
Filename=iexplore.exe
Description=Downloader trojan. Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Microsoft Internet Firewall Manager]
Confirmed=X
Filename=GMT16.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.at.html" target="_blank">RANDEX.AT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Internet Services]
Confirmed=X
Filename=Smss32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.MS" target="_blank">RBOT.MS</a> WORM!
Source=Paul Collins Startup list
[Microsoft IPC]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.nullbot.html" target="_blank">NULLBOT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft IPC]
Confirmed=X
Filename=svshost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=win64.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GA" target="_blank">RBOT.GA</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=IEserv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=msupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=winn43.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=svchsst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdh.html" target=_blank>RBOT-DH</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=win43.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsa.html" target=_blank>RBOT-SA</a> WORM!
Source=Paul Collins Startup list
[Microsoft IT Update]
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjm.html" target=_blank>RBOT-GL</a> WORM!
Source=Paul Collins Startup list
[Microsoft Java Virtual Machine]
Confirmed=X
Filename=winscr32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Java Windows Update]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdz.html" target=_blank>RBOT-DZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft JavaVM]
Confirmed=X
Filename=msjarun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjw.html" target="_blank">RBOT-JW</a> WORM!
Source=Paul Collins Startup list
[Microsoft Kernel]
Confirmed=X
Filename=Windows_kernel32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ae@mm.html" target=_blank>NETSKY.AE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Lmhosting Service]
Confirmed=X
Filename=lmhosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrc.html" target=_blank>RBOT-RC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Locals 332]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotku.html" target="_blank">RBOT-KU</a> WORM!
Source=Paul Collins Startup list
[Microsoft LSASS386 Protocol]
Confirmed=X
Filename=scvhost32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Macro Protection SubSsy]
Confirmed=X
Filename=msacroprots386.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">RBOT-KE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Macro Protection Subsystems]
Confirmed=X
Filename=msmacroprotxz.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Macro Protection Subsystems]
Confirmed=X
Filename=Msmacroprot32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KN" target=_blank>RBOT.KN</a> WORM!
Source=Paul Collins Startup list
[Microsoft Management]
Confirmed=X
Filename=lmas.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcz.html" target=_blank>FORBOT-CZ</a> WORM!
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft media services]
Confirmed=X
Filename=Iassd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft media services]
Confirmed=X
Filename=winmplayer.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ZO" target="_blank">RBOT.ZO</a> WORM!
Source=Paul Collins Startup list
[Microsoft Movie Maker]
Confirmed=X
Filename=Mmaker.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.c.html" target="_blank">IRCBOT.C</a> TROJAN! Note that this is not a valid Microsoft program
Source=Paul Collins Startup list
[Microsoft MSGPLUS32 Protocol]
Confirmed=X
Filename=msgplus32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft MSNGR32 Protocol]
Confirmed=X
Filename=msngr32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft MsnST]
Confirmed=X
Filename=msnst32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft MSUPDATE]
Confirmed=X
Filename=SpoolSvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsxtba.html" target="_blank">SXTB-A</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft NetMeeting Associates, Inc.]
Confirmed=X
Filename=NetMeeting.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Netview]
Confirmed=X
Filename=gesfm32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.randex.c.html" target="_blank">RANDEX.C</a> WORM!
Source=Paul Collins Startup list
[Microsoft Netview]
Confirmed=X
Filename=mssvc32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft Netview Component v5.1]
Confirmed=X
Filename=msnv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list
[Microsoft Network]
Confirmed=X
Filename=msnet.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mockbot.a.worm.html" target="_blank">MOCKBOT.A</a> WORM!
Source=Paul Collins Startup list
[Microsoft Network Daemon for Win32]
Confirmed=X
Filename=Netd32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.r.html" target="_blank">SDBOT.R</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft NT Update]
Confirmed=X
Filename=winexec32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=N
Filename=Msoffice.exe
Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=X
Filename=MSMSGR.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bb.html" target="_blank">GAOBOT.BB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=X
Filename=lserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T" target=_blank>SDBOT.MH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Office]
Confirmed=X
Filename=Microsoft Office.hta
Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Source=Paul Collins Startup list
[Microsoft Office Fast Cache]
Confirmed=N
Filename=Fastboot.exe
Description=Part of MS Office 95 (v7.0). According to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q132755" target=_blank>this</a> it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
Source=Paul Collins Startup list
[Microsoft Office OneNote 2003 Quick Launch]
Confirmed=U
Filename=ONENOTEM.EXE
Description=ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work
Source=Paul Collins Startup list
[Microsoft Office Shortcut Bar]
Confirmed=N
Filename=Msoffice.exe
Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
Source=Paul Collins Startup list
[Microsoft Office Start]
Confirmed=X
Filename=winupdates.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bc.html" target="_blank">GAOBOT.BC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Office Startup]
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Microsoft Office Startup]
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Microsoft Personal Firewalls]
Confirmed=X
Filename=bakw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotks.html" target="_blank">RBOT-KS</a> WORM!
Source=Paul Collins Startup list
[Microsoft RDLL]
Confirmed=X
Filename=sysconf32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Registry]
Confirmed=X
Filename=csrse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpc.html" target=_blank>RBOT-PC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Restore]
Confirmed=X
Filename=scrgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR" target=_blank>SPYBOT.BR</a> WORM!
Source=Paul Collins Startup list
[Microsoft Runtime]
Confirmed=X
Filename=CfgDll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html" target="_blank">RANDEX.BD</a> WORM!
Source=Paul Collins Startup list
[Microsoft Scanreg]
Confirmed=X
Filename=microsoftscanreg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A" target="_blank">FRANRIV.A</a> WORM!
Source=Paul Collins Startup list
[Microsoft SCVHOST32 Protocol]
Confirmed=X
Filename=scvhost32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Secure Messenger.NET Service]
Confirmed=X
Filename=securitychk.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.VT" target="_blank">SDBOT.VT</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmq.html" target=_blank>RBOT-MQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Security Management]
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmj.html" target=_blank>RBOT-MJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Server Application]
Confirmed=X
Filename=Sound.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotne.html" target=_blank>RBOT-NE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Service]
Confirmed=X
Filename=microhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlc.html" target="_blank">RBOT-LC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Service]
Confirmed=X
Filename=winsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdb.html" target="_blank">SPYBOT-DB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Services]
Confirmed=X
Filename=lsserv.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft Services]
Confirmed=X
Filename=lssrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CW&VSect=T" target="_blank">RBOT.CW</a> WORM!
Source=Paul Collins Startup list
[Microsoft Services]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.alets.html" target="_blank">ALETS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Microsoft Services]
Confirmed=X
Filename=lsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbk.html" target="_blank">RBOT-BK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Services]
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.alets.b.html" target=_blank>ALETS.B</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Sidewinder Game Controller Software]
Confirmed=N
Filename=SWTRAY.EXE
Description=MS SideWinder game controller system tray icon. Available via Start -> Programs
Source=Paul Collins Startup list
[Microsoft Software]
Confirmed=X
Filename=sysinfo33.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.LS" target="_blank">RBOT.LS</a> WORM!
Source=Paul Collins Startup list
[microsoft software]
Confirmed=X
Filename=****.exe E255 [* = random char]
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft software]
Confirmed=X
Filename=cdaccess.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK" target=_blank>RBOT.ABK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Software Update]
Confirmed=X
Filename=nmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ" target="_blank">RBOT.HZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Sound Driver]
Confirmed=X
Filename=sound32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Sound Volume Tool]
Confirmed=N
Filename=mssvol.exe
Description=This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Microsoft SourceSafe]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Microsoft Spool Server for Win32]
Confirmed=X
Filename=spoolsrv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.h.html" target="_blank">RANDEX.H</a> WORM!
Source=Paul Collins Startup list
[Microsoft SSISVRI32 Protocol]
Confirmed=X
Filename=ssisvri.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=asgard.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PH" target="_blank">SDBOT.PH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=bot.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH" target="_blank">SDBOT.IH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=netscape.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RANDEX.AE" target="_blank">RANDEX.AE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=slhost.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.YH" target="_blank">SDBOT.YH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpy.html" target="_blank">SDBOT-PY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=WinLoginnn.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65624&VName=WORM_SPYBOT.FO&VSect=T" target="_blank">SPYBOT.FO</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ER" target="_blank">SDBOT.ER</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=xXx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkz.html" target="_blank">SDBOT-KZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=___synmgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html" target=_blank>MASLAN.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.c@mm.html" target=_blank>MASLAN.C</a> WORMS!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=al.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_OPTXPRO.132" target=_blank>OPTXPRO.132</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Synchronization Manager]
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ak.html" target=_blank>SDBOT.AK</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=Cool.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html" target="_blank">DONK.B</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=Wnetlib.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.c.html" target="_blank">DONK.C</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=dbnetlib.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html" target="_blank">DONK.L</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=Keymgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html" target="_blank">DONK.M</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=inetman.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html" target="_blank">DONK.O</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=ntsysmgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.donk.s.html" target="_blank">DONK.S</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=ntsysman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqw.html" target=_blank>SDBOT-QW</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=libsysmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html" target=_blank>SDBOT-CAF</a> WORM!
Source=Paul Collins Startup list
[Microsoft System Checkup]
Confirmed=X
Filename=sysmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotoo.html" target=_blank>SDBOT-OO</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft System Restore Configuration]
Confirmed=X
Filename=CBRSS.EXE
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft System32 Update]
Confirmed=X
Filename=cmsrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgn.html" target=_blank>RBOT-GN</a> WORM!
Source=Paul Collins Startup list
[Microsoft Time Manager]
Confirmed=X
Filename=dveldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothq.html" target="_blank">RBOT-HQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Transfer File Server]
Confirmed=X
Filename=mtfs.exe
Description=Added by the <a href="http://www.trendmicro-middleeast.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AFE&VSect=T" target=_blank>RBOT.AFE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Tray]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.vsantivirus.com/back-delf-bz.htm" target="_blank">DELF.BZ</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Microsoft.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=mssmgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JT" target="_blank">SDBOT.JT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=mvsc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.daz.html" target="_blank">SPYBOT.DAZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=ascdl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Isac.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotau.html" target="_blank">RBOT-AU</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=automgr32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=mediap.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Microsoftx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=msconfg.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39662" target=_blank>RBOT.H</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Mslti32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlx.html" target="_blank">RBOT-LX</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=muamgrd.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=navmgrd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DP" target="_blank">SDBOT.DP</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Smss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcb.html" target="_blank">RBOT.CB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=sys32cfg.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=VPC32.EXE
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_AGOBOT.XM" target="_blank">AGOBOT.XM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=winsys32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlk.html" target="_blank">RBOT-LK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wuammgr32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaw.html" target="_blank">RBOT-AW</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wudmate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AP" target="_blank">RBOT.AP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=msawindows.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=msiwin84.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html" target="_blank">GAOBOT.AFJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wuamgrd32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZB" target=_blank>RBOT.ZB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=NAV.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotiv.html" target=_blank>RBOT-IV</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=systemi32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=xpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqe.html" target=_blank>RBOT-QE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=webm.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.WK" target=_blank>SDBOT.WK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wuagrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfk.html" target=_blank>RBOT-FK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=aaupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrq.html" target=_blank>RBOT-RQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=lsac.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=48428" target=_blank>GAOBOT.XW</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=Mupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotag.html" target=_blank>RBOT-AG</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=prowind32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=snlogsvc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpi.html" target=_blank>RBOT-PI</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wauguard.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AEE" target=_blank>RBOT.AEE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=winscv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbh.html" target=_blank>RBOT-BH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgv.html" target=_blank>RBOT-GV</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wserv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AF&VSect=T" target=_blank>RBOT.AF</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wtm32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaq.html" target=_blank>RBOT-AQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update]
Confirmed=X
Filename=wumgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotky.html" target=_blank>SDBOT-KY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update 32]
Confirmed=X
Filename=explore32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.cym.html" target="_blank">SPYBOT.CYM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update 32]
Confirmed=X
Filename=MSupdate32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[MICROSOFT UPDATE CONFIGURATION]
Confirmed=X
Filename=WIN32SNC.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotai.html" target=_blank>RBOT-AI</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Emulator]
Confirmed=X
Filename=kern-mxe.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Loader]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=expl0rer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T" target="_blank">SDBOT.OK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=rxhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FC" target="_blank">RBOT.FC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=servicz.exe
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/w32rbothu.html" target="_blank">RBOT-HU</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=SP2.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.FP" target="_blank">SPYBOT.FP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkv.html" target="_blank">RBOT-KV</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=xvshost.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65722&VName=WORM_RBOT.QP&VSect=O" target="_blank">RBOT.QP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=memstat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotom.html" target=_blank>RBOT-OM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=ntce.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfa.html" target=_blank>RBOT-FA</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=system03.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnm.html" target=_blank>RBOT-NM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wuawx.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotce.html" target=_blank>RBOT-CE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=zonealarm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbz.html" target=_blank>RBOT-BZ</a> WORM! Note - this is not the valid Zone Labs firewall program!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=systemll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjt.html" target=_blank>RBOT-JT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfp.html"target=_blank>RBOT-FP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AK" target=_blank>RBOT.AK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wuamgd.exe
Description=Added by the <a href="http://tr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.HQ" target=_blank>SDBOT.HQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wupdt32x.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=linux.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotim.html" target=_blank>RBOT-IM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=lmrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdy.html" target=_blank>RBOT-DY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=windowsu.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wininigo.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winmgr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=Winmsixp32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=Winregs32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winxpini.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotob.html" target=_blank>RBOT-OB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothe.html" target=_blank>RBOT-HE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=wuagrd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgf.html" target=_blank>RBOT-GF</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=LANWAKE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqz.html" target=_blank>RBOT-QZ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgs.html" target=_blank>RBOT-GS</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgk.html" target=_blank>RBOT-GK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=winss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JU" target=_blank>RBOT.JU</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Machine]
Confirmed=X
Filename=WUAMGRDXS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgl.html" target=_blank>RBOT-GL</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Manager]
Confirmed=X
Filename=WINRLS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaf.html" target=_blank>RBOT-AF</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Mechene]
Confirmed=X
Filename=Updatez.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotgi.html" target=_blank>RBOT-GI</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Module]
Confirmed=X
Filename=rundll24.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotps.html" target=_blank>RBOT-PS</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Security Patch]
Confirmed=X
Filename=mssecurityupdatepatch.exe
Description=Added by the AGENT.EF TROJAN!
Source=Paul Collins Startup list
[Microsoft Update Server]
Confirmed=X
Filename=mssrv.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft Update Service]
Confirmed=X
Filename=csrss32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothc.html" target="_blank">AGOBOT-HC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Service]
Confirmed=X
Filename=mswin32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft update service]
Confirmed=X
Filename=systemm.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Time]
Confirmed=X
Filename=wuam.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotm.html" target="_blank">RBOT-M</a> WORM!
Source=Paul Collins Startup list
[Microsoft Update Win32a]
Confirmed=X
Filename=winupdate32a.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlo.html" target="_blank">RBOT-LO</a> WORM!
Source=Paul Collins Startup list
[Microsoft UPDATER32]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ar.html" target="_blank">RANDEX.AR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Microsoft Updaters Pros]
Confirmed=X
Filename=WINDLL32XP.EXE
Description=Added by the SPYBOTTER.GEN VIRUS!
Source=Paul Collins Startup list
[Microsoft Updates]
Confirmed=X
Filename=systemc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgr.html" target=_blank>RBOT-GR</a> WORM!
Source=Paul Collins Startup list
[Microsoft Updates Resources]
Confirmed=X
Filename=WinFixIDs.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft upnp Update]
Confirmed=X
Filename=msie.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlq.html" target="_blank">RBOT-LQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Utility Startup]
Confirmed=N
Filename=OSA9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Microsoft Video Controls]
Confirmed=X
Filename=tskmsgr.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Virual Machine]
Confirmed=X
Filename=sms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsp.html" target=_blank>RBOT-SP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Visual SourceSafe]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS!. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program
Source=Paul Collins Startup list
[Microsoft Visual SourceSafe]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program
Source=Paul Collins Startup list
[Microsoft Visual Studio VSA]
Confirmed=X
Filename=varpc32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Webserver]
Confirmed=U
Filename=svctrl.exe
Description=Personal web server program which enables you to create and host a web server from your computer. Not required for most people
Source=Paul Collins Startup list
[Microsoft Windows]
Confirmed=X
Filename=mstask0.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FQ" target=_blank>SDBOT.FQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows 2000]
Confirmed=X
Filename=Winupdsdgm.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Control]
Confirmed=X
Filename=mswctl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP" target=_blank>RBOT.JP</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows DHCP]
Confirmed=X
Filename=___r.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html" target=_blank>MASLAN.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.c@mm.html" target=_blank>MASLAN.C</a> WORMS!
Source=Paul Collins Startup list
[Microsoft Windows DLLHandler]
Confirmed=X
Filename=bitpaint.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=82113&VName=WORM_SDBOT.AHG&VSect=T" target=_blank>SDBOT.AHG</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows GUI]
Confirmed=X
Filename=Windowz.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aev.html" target="_blank">RANDEX.AEV</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows GUI]
Confirmed=X
Filename=msmonk32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html" target=_blank>SDBOT-PE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Kernel Services]
Confirmed=X
Filename=winkrnl386.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zebroxy.html" target="_blank">ZEBROXY</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Windows Loader]
Confirmed=X
Filename=wloader.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Media Player]
Confirmed=X
Filename=mediaplayer.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Media Player]
Confirmed=X
Filename=wimp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfn.html" target=_blank>RBOT-FN</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Secure Server]
Confirmed=X
Filename=rpcxWindows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotll.html" target="_blank">RBOT-LL</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Securety]
Confirmed=X
Filename=wurguar.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotky.html" target=_blank>RBOT-KY</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Security]
Confirmed=X
Filename=spvsper.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Task Manger]
Confirmed=X
Filename=Mstosk.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotww.html" target="_blank">SDBOT-WW</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=rundlls.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.habrack.html" target="_blank">HABRACK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=msoffice2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgb.html" target="_blank">RBOT-GB</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=WORM_SDBOT.TD" target="_blank">SDBOT.TD</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=svchos.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ac.html" target="_blank">SDBOT.AC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=svcshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcf.html" target=_blank>FORBOT-CF</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=svmhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotch.html" target=_blank>FORBOT-CH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66325&VName=WORM_WOOTBOT.CJ&VSect=T" target=_blank>WOOTBOT.CJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=msnmessenger.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.aj.html" target=_blank>SDBOT.AJ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=msnwun.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrm.html" target=_blank>SDBOT-RM</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update]
Confirmed=X
Filename=scvvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdh.html" target=_blank>FORBOT-DH</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Update Service]
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/dos.autocat.html" target="_blank">DOS.AUTOCAT</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=winupdgm.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bi.html" target="_blank">GAOBOT.BI</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=svchostz.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target="_blank">DAEMONI-E</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=WINIUPDATES.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkk.html" target="_blank">RBOT-KK</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=WINUPDATE.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotli.html" target=_blank>SDBOT-PU</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=TMNTSrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Updater]
Confirmed=X
Filename=win32upd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotec.html" target=_blank>RBOT-EC</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows updaterD]
Confirmed=X
Filename=log32zx.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows Updates]
Confirmed=X
Filename=explorer32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T" target=_blank>SDBOT.VQ</a> WORM!
Source=Paul Collins Startup list
[Microsoft Windows W32 Services]
Confirmed=X
Filename=mssw32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Winsock Wrapper]
Confirmed=X
Filename=ws2_32s.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft WinUpdate]
Confirmed=X
Filename=mntcgf032.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft WinUpdate]
Confirmed=X
Filename=svh0st.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DL&VSect=T" target="_blank">SPYBOT.DL</a> WORM!
Source=Paul Collins Startup list
[Microsoft WinUpdate]
Confirmed=X
Filename=syslx32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Microsoft WinUpdate]
Confirmed=X
Filename=syswin32.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft WinUpdates]
Confirmed=X
Filename=serm32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T" target="_blank">RBOT.GE</a> WORM!
Source=Paul Collins Startup list
[Microsoft Word]
Confirmed=X
Filename=BootSector.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Microsoft Works Calendar Reminders]
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list
[Microsoft Works Portfolio]
Confirmed=N
Filename=WksSb.exe
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
Source=Paul Collins Startup list
[Microsoft Works Update Detection ]
Confirmed=N
Filename=wkdetect.exe
Description=Checks for updates to MS Works
Source=Paul Collins Startup list
[Microsoft World Service]
Confirmed=X
Filename=winworld.exe
Description=Added by an unidentified IRC worm with backdoor capability!
Source=Paul Collins Startup list
[Microsoft Wxdate]
Confirmed=X
Filename=Syswu32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HZ&VSect=T" target=_blank>SPYBOT.HZ</a> WORM!
Source=Paul Collins Startup list
[microsoft xdaemon 2.0]
Confirmed=X
Filename=xdaemon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.d.html" target="_blank">DELF.D</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft XML Service]
Confirmed=X
Filename=msxmlx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
Source=Paul Collins Startup list
[Microsoft--Updates]
Confirmed=X
Filename=sxvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfh.html" target="_blank">RBOT-FH</a> WORM!
Source=Paul Collins Startup list
[Microsoft-Update]
Confirmed=X
Filename=wngard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjv.html" target="_blank">RBOT-JV</a> WORM!
Source=Paul Collins Startup list
[Microsoft-Updates]
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotct.html" target="_blank">RBOT-CT</a> WORM!
Source=Paul Collins Startup list
[microsoft420]
Confirmed=X
Filename=microsoft420.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B" target="_blank">MENACE.B</a> WORM!
Source=Paul Collins Startup list
[Microsoftkeysd]
Confirmed=X
Filename=systemproc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbi.html" target=_blank>FORBOT-BI</a> WORM!
Source=Paul Collins Startup list
[Microsoftkeysd]
Confirmed=X
Filename=systemwin32s.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.CO&VSect=T" target=_blank>WOOTBOT.CO</a> WORM!
Source=Paul Collins Startup list
[Microsoftmsn32.exe]
Confirmed=X
Filename=microsoftmsn32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifc.html" target=_blank>CERTIF-C</a> TROJAN!
Source=Paul Collins Startup list
[MicrosoftMultimediaTask]
Confirmed=X
Filename=Mmtask.exe
Description=Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
Source=Paul Collins Startup list
[MicrosoftNetwork Daemon for Win32]
Confirmed=X
Filename=NETD32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list
[MicrosoftOEM]
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list
[Microsofts media]
Confirmed=X
Filename=winmplayd.exe
Description=Added by an undidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Microsofts Security Manager]
Confirmed=X
Filename=****.exe [**** = random char]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwh.html" target=_blank>RBOT-WH</a> TROJAN!
Source=Paul Collins Startup list
[Microsofts Updatez]
Confirmed=X
Filename=cmsssr.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[MicrosoftServiceManager]
Confirmed=X
Filename=mstask32.exe
Description=Added by the <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=100092" target="_blank">YAHA.P</a> WORM!
Source=Paul Collins Startup list
[MicrosoftServiceManager]
Confirmed=X
Filename=Wintsk32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.yaha.u@mm.html" target="_blank">YAHA.U</a> WORM!
Source=Paul Collins Startup list
[MicrosoftServiceManager]
Confirmed=X
Filename=EXPLORERE.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ab@mm.html" target="_blank">YAHA.AB</a> WORM!
Source=Paul Collins Startup list
[MicrosoftServiceManager]
Confirmed=X
Filename=msupdat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.aa@mm.html" target="_blank">YAHA.AA</a> WORM!
Source=Paul Collins Startup list
[MicrosoftSourceSafe]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[MicrosoftUpdate]
Confirmed=X
Filename=syshelper.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[MicrosoftUpdate]
Confirmed=X
Filename=WinUp32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[MicrosoftValue]
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Microsoftvirus]
Confirmed=X
Filename=sysoverload.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotal.html" target="_blank">FORBOT-AL</a> WORM!
Source=Paul Collins Startup list
[MicrosoftWindows]
Confirmed=X
Filename=[various filenames]
Description=MagicSearch - a <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list
[Microsoft⌐ PID Lex]
Confirmed=X
Filename=PIDLex.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.niovadoor.html" target="_blank">NIOVADOOR</a> TROJAN!
Source=Paul Collins Startup list
[Microsoft« System Mapper]
Confirmed=X
Filename=SysMap.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mapsy.html" target="_blank">MAPSY</a> TROJAN!
Source=Paul Collins Startup list
[Microszoft Update Mach1nezs]
Confirmed=X
Filename=svchst.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>RBOT-ED</a> WORM!
Source=Paul Collins Startup list
[Microzoft_Ofiz]
Confirmed=X
Filename=KdzEregli.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.amus.a@mm.html" target="_blank">AMUS.A</a> WORM!
Source=Paul Collins Startup list
[Micrsoft Driver]
Confirmed=X
Filename=windrive.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.af.html" target=_blank>SDBOT.AF</a> TROJAN!
Source=Paul Collins Startup list
[MightyFAX Controller]
Confirmed=N
Filename=MFNTCTL.EXE
Description=<a href="http://www.rkssoftware.com/mightyfax/overview.html" target="_blank">Mighty FAX</a> from RKS Software - "installs a printer driver so that you can fax directly from Windows software"
Description=Starts <a href="http://www.musicmatch.com/" target=_blank>Musicmatch Jukebox</a> at bootup - can be started manually
Source=Paul Collins Startup list
[MINIBUG]
Confirmed=X
Filename=MINIBUG.EXE
Description=Displays ads inside Weatherbug - see <a href="http://spybot.safer-networking.de/index.php?lang=en&page=knowledgebase/threats/spybots-minibug" target="_blank">here</a>
Source=Paul Collins Startup list
[MINIFERT.EXE]
Confirmed=N
Filename=MINIFERT.EXE
Description=Part of Backweb
Source=Paul Collins Startup list
[minilog]
Confirmed=U
Filename=MINILOG.EXE
Description=If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
Source=Paul Collins Startup list
[MiniMavis]
Confirmed=N
Filename=MiniMavis.exe
Description=Mavis Beacon typing tutor
Source=Paul Collins Startup list
[MiniNote]
Confirmed=N
Filename=MININOTE.EXE
Description=<a href="http://www.fookes.com/software/mininote.htm" target="_blank">Mini NoteTab</a> was the first in the family of "NoteTab" text and HTML editors from Fookes Software
Source=Paul Collins Startup list
[Miniphone]
Confirmed=?
Filename=glophone.exe
Description=<a href="http://www.voiceglo.com/" target=_blank>VoiceGlo</a> Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - <font color="#FF0000">is it required in startup?</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html" target=_blank>SDBOT.AG</a> TROJAN!
Source=Paul Collins Startup list
[Mirabilis ICQ]
Confirmed=N
Filename=NDetect.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
Source=Paul Collins Startup list
[Mirabilis ICQ]
Confirmed=N
Filename=icq.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
Source=Paul Collins Startup list
[Mirabilis ICQ]
Confirmed=N
Filename=ICQNet.exe
Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
Source=Paul Collins Startup list
[Miramar Systems, Inc.]
Confirmed=U
Filename=atmsg.exe
Description=Miramar PC/Mac networking software
Source=Paul Collins Startup list
[Mirate Sp 2 Information]
Confirmed=X
Filename=miratesp2.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QH" target=_blank>RBOT.QH</a> WORM!
Source=Paul Collins Startup list
[miroVIDEO Tray Tool]
Confirmed=N
Filename=misitray.exe
Description=Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[misiTRAY]
Confirmed=?
Filename=misiTRAY.exe
Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[Mixer]
Confirmed=N
Filename=Mixer.exe
Description=C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
Source=Paul Collins Startup list
[Mixghost]
Confirmed=N
Filename=mixghost.exe
Description=Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu
Source=Paul Collins Startup list
[mload]
Confirmed=X
Filename=lxmstart.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[MM Install]
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">Possibly <a href="http://www.moneysoft.co.uk/" target="_blank">Money Manager</a> from Moneysoft?</font>
Source=Paul Collins Startup list
[mmcndmgr]
Confirmed=X
Filename=mmcndmgr.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[MMCWINMGMT]
Confirmed=N
Filename=winmgmt.exe
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/groups?q=PCHealth+pchschd.exe&hl=en&selm=eeuEENQ6AHA.1484@tkmsftngp03&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list
[MMERefresh]
Confirmed=U
Filename=MMERefresh.exe
Description=Part of <a href="http://www.digidesign.com/" target="_blank">Digidesgin</a> Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
Description=This is the <a href="http://www.microsoft.com/hwdev/tech/input/audctrl.asp" target="_blank">Human Interface Device Server</a> for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/hwdev/hid/audctrl.htm" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
Source=Paul Collins Startup list
[MMHK]
Confirmed=?
Filename=mmhk.exe
Description=<font color="#FF0000">A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?</font>
Source=Paul Collins Startup list
[MMHotKey]
Confirmed=N
Filename=MMHotKey.exe
Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
Source=Paul Collins Startup list
[MMKeybd]
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list
[mmod]
Confirmed=X
Filename=mmod.exe
Description=Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read <a href="http://www.ahfb2000.com/ezula/ezula.php" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[mmpti]
Confirmed=N
Filename=m1mmpti.exe
Description=Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
Source=Paul Collins Startup list
[MMRun]
Confirmed=?
Filename=mmrun.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[mmsys]
Confirmed=?
Filename=recover.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[MMSystem]
Confirmed=X
Filename=RunDll32
Description=Added by the FUNNER-A WORM!
Source=Paul Collins Startup list
[MMTASK]
Confirmed=Y
Filename=mmtask.tsk
Description=A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc
Source=Paul Collins Startup list
[mmtask]
Confirmed=N
Filename=mmtask.exe
Description=Part of <a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=" target="_blank"> MusicMatch Jukebox</a> - digital music player / CD burner and ripper / music organizer / playlist creator
Source=Paul Collins Startup list
[MMtask Service]
Confirmed=X
Filename=mmtask.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbackgata.html" target="_blank">BACKGAT.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
Source=Paul Collins Startup list
[MMTray]
Confirmed=N
Filename=mm_tray.exe
Description=<a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=" target="_blank">MusicMatch Jukebox</a> icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator
Source=Paul Collins Startup list
[MMTray]
Confirmed=N
Filename=MMTray.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list
[MMTray2K]
Confirmed=N
Filename=MMTray2K.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list
[MMTrayLSI]
Confirmed=N
Filename=MMTrayLSI.exe
Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
Source=Paul Collins Startup list
[mmusrstp]
Confirmed=?
Filename=procrun.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[mmxrun]
Confirmed=X
Filename=msosa.exe
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=" target="_blank">here</a>. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and RegCompres (REGCPM32.EXE), otherwise they return
Source=Paul Collins Startup list
[MNPol]
Confirmed=X
Filename=mnpol.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[MNS]
Confirmed=U
Filename=MNS.exe
Description=<a href="http://www.mobilenetswitch.com/" target=_blank>Mobile Net Switch</a> enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more
Source=Paul Collins Startup list
[mnsvc]
Confirmed=X
Filename=mnsvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list
[mnsvcsp]
Confirmed=X
Filename=mnsvcsp.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[mobsync]
Confirmed=N
Filename=mobsync.exe
Description=MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
Source=Paul Collins Startup list
[MOBSYNC32.EXE]
Confirmed=X
Filename=mobsync32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.finero.html" target="_blank">FINERO</a> TROJAN!
Source=Paul Collins Startup list
[MOD]
Confirmed=N
Filename=muamger.exe
Description=MicroAngelo On Display from <a href="http://www.impactsoft.com/muangelo/ondisplay/prodinfo.htm" target="_blank">Impact Software</a> lets you customize Windows icons. With a few exceptions, you can customize icons by right-clicking on them
Source=Paul Collins Startup list
[Modem]
Confirmed=X
Filename=locatesvc.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[MODEMBTR]
Confirmed=U
Filename=MODEMBTR.EXE
Description=Modem Booster from <a href="http://inklineglobal.com/" target="_blank">inKline Global</a> to improve ISP connections
Source=Paul Collins Startup list
[Modeminf]
Confirmed=X
Filename=Modeminf.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[ModemOnHold]
Confirmed=U
Filename=MOH.EXE
Description=NetWaiting Modem-on-Hold Application
Source=Paul Collins Startup list
[ModemUtility]
Confirmed=N
Filename=mdmsetpe.exe
Description=System Tray configuration icon for Aztech modems
Source=Paul Collins Startup list
[ModularConfig]
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Module Call initialize]
Confirmed=X
Filename=RUNDLL32.EXE reg.dll, ondll_reg
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Money Express]
Confirmed=N
Filename=moneyexpress.exe
Description=Part of MS Money. Available via Start -> Programs
Source=Paul Collins Startup list
[MoneyAgent]
Confirmed=N
Filename=money express.exe
Description=Part of MS Money. Available via Start -> Programs
Source=Paul Collins Startup list
[MoneyAgent]
Confirmed=N
Filename=mnyexpr.exe
Description=Microsoft Money
Source=Paul Collins Startup list
[MoneyStartUp]
Confirmed=N
Filename=Money Startup.exe
Description=Microsoft Money
Source=Paul Collins Startup list
[MoneyStartUp10.0]
Confirmed=N
Filename=Activation.exe
Description=Part of MS Money 2002. Available via Start -> Programs
Source=Paul Collins Startup list
[Monitor Apache Servers]
Confirmed=U
Filename=ApacheMonitor.exe
Description=Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
Source=Paul Collins Startup list
[Monitoring Service]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.c@mm.html" target="_blank">CONE.C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Monitormgt]
Confirmed=X
Filename=Monitormgt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Monstersoundtray]
Confirmed=N
Filename=Freectrl.exe
Description=Diamond Multimedia sound card control panel
Source=Paul Collins Startup list
[MonTest]
Confirmed=X
Filename=vccxzq.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotea.html" target=_blank>SDBOT-EA</a> WORM!
Source=Paul Collins Startup list
[MoodBook]
Confirmed=U
Filename=mb.exe
Description=<a href="http://www.moodbook.com/" target=_blank>MoodBook</a> is a free Windows utility that brings art to your desktop
Source=Paul Collins Startup list
[moon phase]
Confirmed=N
Filename=moon.exe
Description=<a href="http://www.locutuscodeware.com" target="_blank">Moon Phase</a> - tray icon that indicates the phases of the moon
Source=Paul Collins Startup list
[Morpheus]
Confirmed=N
Filename=morpheus.exe
Description=MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"
Source=Paul Collins Startup list
[mosearch]
Confirmed=X
Filename=mosearch.exe
Description=Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try <a href="http://support.microsoft.com/support/kb/articles/Q282/1/06.asp" target="_blank">here</a>
Source=Paul Collins Startup list
[Motive SmartBridge]
Confirmed=N
Filename=mpbtn.exe
Description=System tray icon for the Virtual Assistant from <a href="http://www.attbi.com/" target="_blank">AT&T Broadband</a>, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list
[Motive SmartBridge]
Confirmed=N
Filename=MotiveSB.exe
Description=System tray icon for the Virtual Assistant from <a href="http://www.attbi.com/" target="_blank">AT&T Broadband</a>, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list
[MotiveMonitor]
Confirmed=U
Filename=motmon.exe
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
Source=Paul Collins Startup list
[MotiveSB]
Confirmed=N
Filename=MotiveSB.exe
Description=System tray icon for the Virtual Assistant from <a href="http://www.attbi.com/" target="_blank">AT&T Broadband</a>, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list
[MotMon]
Confirmed=U
Filename=motmon.exe
Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
Source=Paul Collins Startup list
[Mount Safe & Sound]
Confirmed=U
Filename=Fbmount.exe
Description=From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
Source=Paul Collins Startup list
[Mouse 32A]
Confirmed=N
Filename=Mouse32A.exe
Description=Mouse driver to control mouse functions from Azona. Available via Start -> Programs
Source=Paul Collins Startup list
[Mouse Suite 98 Daemon]
Confirmed=N
Filename=pelmiced.exe
Description=Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Source=Paul Collins Startup list
[mousebut]
Confirmed=X
Filename=mousebut.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Mousecntl]
Confirmed=X
Filename=mousecntl.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[MouseCount]
Confirmed=N
Filename=MC.exe
Description=<a href="http://www.kittyfeet.com/mousecount.htm" target="_blank">MouseCount</a> by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required
Source=Paul Collins Startup list
[mousedrv]
Confirmed=X
Filename=mousedrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[mouseElf]
Confirmed=U
Filename=MC.exe
Description=<a href="http://www.geniusnet.com.tw/product/mouse_line.htm" target=_blank>Genius NetScroll</a> mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[mouseElf]
Confirmed=U
Filename=mouseElf.exe
Description=System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[MouseImp]
Confirmed=U
Filename=MImpHost.exe
Description=MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"
Source=Paul Collins Startup list
[Mousinfo]
Confirmed=U
Filename=mousinfo.exe
Description=MS mouse information tool - for troubleshooting mouse problems
Source=Paul Collins Startup list
[Movielink Manager Uninstall]
Confirmed=N
Filename=msvcmm32.exe
Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
Source=Paul Collins Startup list
[MovieNetworks]
Confirmed=X
Filename=MovieNetworks.exe
Description=<a href="http://www.movienetworks.com/" target="_blank">MovieNetworks</a> will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT" target="_blank">RANDEX.CT</a> WORM!
Source=Paul Collins Startup list
[MPEO]
Confirmed=U
Filename=Csinsm32.exe
Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
Source=Paul Collins Startup list
[MPFExe]
Confirmed=Y
Filename=mpf.exe
Description=McAfee Personal Firewall
Source=Paul Collins Startup list
[MPFExe]
Confirmed=Y
Filename=MpfTray.exe
Description=McAfee Personal Firewall
Source=Paul Collins Startup list
[MPL32 driver]
Confirmed=X
Filename=MPL32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonym.html" target="_blank">LOONY-M</a> TROJAN!
Source=Paul Collins Startup list
[MplSetup]
Confirmed=U
Filename=MplSetup.exe
Description=Used by Ricoh network printers to enable network printing from the client
Source=Paul Collins Startup list
[MPower]
Confirmed=U
Filename=MPower.exe
Description=<a href="http://www.mindbeat.com/" target="_blank">MPower</a> from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". Some users swear by programs such as this but I suggest you read <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[MPREXE]
Confirmed=X
Filename=MPREXE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mprexe/" target="_blank"> Mprexe.exe</a> system file
Source=Paul Collins Startup list
[MPREXE.exe]
Confirmed=Y
Filename=mprexe.exe
Description=WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see <a href="http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q178084" target="_blank">here</a> and <a href="http://www.ohsu.edu/win95/html/mprexe.html" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
Source=Paul Collins Startup list
[MprHTML]
Confirmed=X
Filename=MprHTML.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list
[MPSExe]
Confirmed=U
Filename=mscifapp.exe
Description=McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
Source=Paul Collins Startup list
[MPT]
Confirmed=?
Filename=MPT.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[MPtask Services]
Confirmed=X
Filename=mptask.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.html" target="_blank">LALA</a> or <a href="http://vil.nai.com/vil/content/v_99788.htm" target="_blank">AOT</a> TROJANS!
Source=Paul Collins Startup list
[MPTBox]
Confirmed=N
Filename=MPTBOX.EXE
Description=Cannon Multi-Pass toolbox - a button bar
Source=Paul Collins Startup list
[MPXTray]
Confirmed=N
Filename=mpxptray.exe
Description=Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
Source=Paul Collins Startup list
[MP_STATUS_MONITOR]
Confirmed=?
Filename=monitr32.exe
Description=<font color="#FF0000">Related to Cannon Multi-Pass</font>
Source=Paul Collins Startup list
[mqbkup]
Confirmed=X
Filename=mqbkup.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html" target="_blank">OPASERV.K</a> WORM!
Source=Paul Collins Startup list
[mrtMngr]
Confirmed=N
Filename=mrtMngr.exe
Description=Maintenance Release Task Manager for IntuitÆs QuickBooks or Quicken
Source=Paul Collins Startup list
[MRU-Blaster Scheduler]
Confirmed=U
Filename=scheduler.exe
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> scheduler - detects and cleans MRU (most recently used) lists on your computer
Source=Paul Collins Startup list
[MRU-Blaster Silent Clean]
Confirmed=N
Filename=mrublaster.exe
Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> - performs silent cleaning of MRU lists at boot
Source=Paul Collins Startup list
[MS Config Loader]
Confirmed=X
Filename=svchos1.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.R" target="_blank">AGOBOT.R</a> WORM!
Source=Paul Collins Startup list
[MS Config Loader]
Confirmed=X
Filename=MSWin32bck.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.aa.html" target="_blank">GAOBOT.AA</a> WORM!
Source=Paul Collins Startup list
[MS Config Service]
Confirmed=X
Filename=Msloader32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkj.html" target="_blank">RBOT-KJ</a> WORM!
Source=Paul Collins Startup list
[MS Configuration]
Confirmed=X
Filename=MSFramer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ol.html" target="_blank">RANDEX.OL</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ae@mm.html" target="_blank">YAHA.AE</a> WORM!
Source=Paul Collins Startup list
[MS FIREWALL]
Confirmed=X
Filename=msfrewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpu.html" target=_blank>SDBOT-PU</a> WORM!
Source=Paul Collins Startup list
[MS FIREWALL]
Confirmed=X
Filename=msfirewall.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqh.html" target=_blank>SDBOT-QH</a> WORM!
Source=Paul Collins Startup list
[MS HTML]
Confirmed=X
Filename=msHtml.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PESTDOOR.31" target="_blank">PESTDOOR.31</a> TROJAN!
Source=Paul Collins Startup list
[MS HTML]
Confirmed=X
Filename=mslat.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.SVR" target="_blank">LATINUS.SVR</a> TROJAN!
Source=Paul Collins Startup list
[MS lsass Startup]
Confirmed=X
Filename=lsass135.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.WM" target=_blank>RBOT.WM</a> WORM!
Source=Paul Collins Startup list
[MS management console]
Confirmed=?
Filename=mms.exe
Description=<font color="#FF0000">Suspicious as the Microsoft Management Console is "mmc.exe" and doesn't normally run at startup</font>
Source=Paul Collins Startup list
[MS Network Control]
Confirmed=X
Filename=mswin.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.dumba.html" target="_blank">DUMBA</a> TROJAN!
Source=Paul Collins Startup list
[MS Remote Procedure Call]
Confirmed=X
Filename=msrpc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotql.html" target=_blank>RBOT-QL</a> WORM!
Source=Paul Collins Startup list
[MS Security Hotfix]
Confirmed=X
Filename=service5.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ag.html" target="_blank">GAOBOT.AG</a> WORM!
Source=Paul Collins Startup list
[MS Sound Config 16bit]
Confirmed=X
Filename=sndcfg16.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_mb.shtml" target="_blank">SDBOT.MB</a> TROJAN!
Source=Paul Collins Startup list
[Ms Spool32]
Confirmed=X
Filename=MS SPOOL32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html" target="_blank">ASASSIN</a> TROJAN!
Source=Paul Collins Startup list
[MS SyS Restore]
Confirmed=X
Filename=sysrestore.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66436&VName=WORM_RBOT.XM&VSect=T" target=_blank>RBOT.XM</a> WORM!
Source=Paul Collins Startup list
[MS Update]
Confirmed=X
Filename=syshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32evamanf.html" target="_blank">EVAMAN-F</a> WORM!
Source=Paul Collins Startup list
[MS Updates]
Confirmed=X
Filename=mscache.exe
Description=Spyware web downloader
Source=Paul Collins Startup list
[MS Updates]
Confirmed=X
Filename=syshosts.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.y" target="_blank">MYDOOM.Y</a> WORM!
Source=Paul Collins Startup list
[MS Updates]
Confirmed=X
Filename=aupd.exe
Description=Spyware web downloader
Source=Paul Collins Startup list
[MS-Connect]
Confirmed=X
Filename=arr.exe
Description=Adult content dialler - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list
[MS-Connect]
Confirmed=X
Filename=cdm.exe
Description=Adult content dialler - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list
[MS-Connect]
Confirmed=X
Filename=game.exe
Description=Adult content dialler - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list
[MS-Connect]
Confirmed=X
Filename=msite18.exe
Description=Adult content dialler - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list
[MS-Connect]
Confirmed=X
Filename=web.exe
Description=Adult content dialler - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99972" target="_blank">here</a>
Source=Paul Collins Startup list
[MS-HTML]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.15" target="_blank">LATINUS.15</a> TROJAN!
Source=Paul Collins Startup list
[MS-RunKey]
Confirmed=X
Filename=arr.exe
Description=MS-Connect dialler/hijacker
Source=Paul Collins Startup list
[MS7531]
Confirmed=X
Filename=ms7531.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[MSACM]
Confirmed=X
Filename=msacm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
Source=Paul Collins Startup list
[msadcheck]
Confirmed=X
Filename=msadcheck32.exe
Description=Browser hijacker, redirecting to search-system.com
Source=Paul Collins Startup list
[MSAdmin]
Confirmed=X
Filename=jdbgmrg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A" target="_blank">DASMIN.A</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99436" target="_blank">here</a>
Source=Paul Collins Startup list
[MSAgent]
Confirmed=X
Filename=mshtm.exe
Description=Browser hijacker - redirecting to buldog-search.com
Source=Paul Collins Startup list
[MSBB]
Confirmed=X
Filename=msbb.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[MSChoExE]
Confirmed=X
Filename=suge.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[msci]
Confirmed=?
Filename=mcinfo.exe
Description=McAfee Internet Security related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[mscman]
Confirmed=X
Filename=mscman.exe
Description=Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
Source=Paul Collins Startup list
[mscn]
Confirmed=U
Filename=mscn.exe
Description=Part of the SafeChildNet internet filtering program - required if you use it
Source=Paul Collins Startup list
[Mscnt]
Confirmed=X
Filename=mscnt.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Mscolour]
Confirmed=X
Filename=mscolour.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
Source=Paul Collins Startup list
[MSCommX]
Confirmed=X
Filename=mscommx.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[MSCONFG32.EXE]
Confirmed=X
Filename=MSCONFG32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.c.html" target="_blank">OPTIX.04.C</a> TROJAN!
Source=Paul Collins Startup list
[MSConfig]
Confirmed=N
Filename=msconfig.exe
Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
Source=Paul Collins Startup list
[MSConfig]
Confirmed=X
Filename=MSCONFIG32.EXE
Description=Unidentified adware, spyware or virus
Source=Paul Collins Startup list
[msconfig]
Confirmed=X
Filename=msconfig.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
Source=Paul Collins Startup list
[Msconfig]
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html" target="_blank">WINUR</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source=Paul Collins Startup list
[msconfig]
Confirmed=X
Filename=wins.exe
Description=Added by an unidentified IRC WORM with backdoor trojan capabilities!
Source=Paul Collins Startup list
[Msconfig lptt01]
Confirmed=X
Filename=msconfig.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
Source=Paul Collins Startup list
[MSConfig Manager]
Confirmed=X
Filename=msupdate.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related
Source=Paul Collins Startup list
[Msconfig ml097e]
Confirmed=X
Filename=msconfig.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
Source=Paul Collins Startup list
[msconfig service]
Confirmed=X
Filename=MSupdate32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[msconfig.exe]
Confirmed=X
Filename=proxy.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[msconfig.exe]
Confirmed=X
Filename=uline.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[MSConfig45]
Confirmed=X
Filename=MSConfig45.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=56539&VName=BKDR_SDBOT.OJ" target="_blank">SDBOT.OJ</a> TROJAN!
Source=Paul Collins Startup list
[MSConfigr]
Confirmed=X
Filename=jdbgmrg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C" target="_blank">DASMIN.C</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99436" target="_blank">here</a>
Source=Paul Collins Startup list
[MSConfigReminder]
Confirmed=N
Filename=msconfig.exe
Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
Source=Paul Collins Startup list
[MSCORE]
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Mscsgs]
Confirmed=X
Filename=MSCSGS.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html" target="_blank">ZEZER</a> WORM!
Source=Paul Collins Startup list
[Mscsgs32]
Confirmed=X
Filename=MSCSGS32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html" target="_blank">ZEZER</a> WORM!
Source=Paul Collins Startup list
[Msctrl32]
Confirmed=X
Filename=Msctrl32.scr
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.redist@mm.html" target="_blank">REDIST</a> WORM!
Source=Paul Collins Startup list
[MSCVT]
Confirmed=X
Filename=MSCVT.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.slideshow.html" target="_blank">SLIDESHOW</a> WORM!
Source=Paul Collins Startup list
[msdev]
Confirmed=X
Filename=msdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcr.html" target=_blank>FORBOT-CR</a> WORM!
Source=Paul Collins Startup list
[msdev]
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAU&VSect=T" target=_blank>AGOBOT.AAU</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
Source=Paul Collins Startup list
[MSDLL]
Confirmed=X
Filename=syscnfg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Msdmxm]
Confirmed=X
Filename=msdmxm.exe
Description=Adult premium rate dialler
Source=Paul Collins Startup list
[Msdos32]
Confirmed=X
Filename=Msdos32.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.recory@mm.html" target="_blank">RECORY</a> WORM!
Source=Paul Collins Startup list
[msdos423]
Confirmed=X
Filename=msdos423.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A" target="_blank">MENACE.A</a> WORM!
Source=Paul Collins Startup list
[MSDosdrv]
Confirmed=N
Filename=msdosdrv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bacros.html" target=_blank>BACROS</a> WORM!
Source=Paul Collins Startup list
[MSDTC]
Confirmed=N
Filename=msdtc.exe
Description=MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cayam@mm.html" target="_blank">CAYAM</a> WORM!
Source=Paul Collins Startup list
[msfindosa.exe]
Confirmed=X
Filename=msfindosa.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99960.htm" target="_blank">DOWNLOADER-BS</a> TROJAN!
Source=Paul Collins Startup list
[Msg Fixage]
Confirmed=X
Filename=msgfixed.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list
[MsgApi]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target="_blank">DEDLER-D</a> TROJAN!
Source=Paul Collins Startup list
[msgb1]
Confirmed=X
Filename=msgb1.exe
Description=Added by the DLUCA.GEN TROJAN!
Source=Paul Collins Startup list
[Msgmgr]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html" target="_blank">BABYBEAR</a> WORM!
Source=Paul Collins Startup list
[msgserv_]
Confirmed=X
Filename=Syss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/fanta.trojan.html" target=_blank>FANTA</a> TROJAN!
Source=Paul Collins Startup list
[Msgsrv16]
Confirmed=X
Filename=Msgsrv16.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list
[MSGSRV32.exe]
Confirmed=Y
Filename=msgsrv32.exe
Description=Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see <a href="http://support.microsoft.com/support/kb/articles/q138/7/08.asp" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
Source=Paul Collins Startup list
[msgsvr32]
Confirmed=X
Filename=msgsvr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html" target="_blank">DEADHAT.B</a> WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine
Source=Paul Collins Startup list
[Msgtray]
Confirmed=X
Filename=sys16.exe
Description=Added by an unknown VIRUS!
Source=Paul Collins Startup list
[MSHT@]
Confirmed=X
Filename=MSHT@.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
Source=Paul Collins Startup list
[msidle]
Confirmed=X
Filename=msidle.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
Source=Paul Collins Startup list
[MSIdll]
Confirmed=X
Filename=winmp.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[MSIEXEC]
Confirmed=X
Filename=MSIEXEC32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ainesey.a@mm.html" target="_blank">AINESEY.A</a> WORM!
Source=Paul Collins Startup list
[MSIN]
Confirmed=?
Filename=MSin.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[MSInfo]
Confirmed=X
Filename=msinfo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html" target="_blank">ALADINZ.M</a> TROJAN!
Source=Paul Collins Startup list
[MSInfo]
Confirmed=X
Filename=AVBgle.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.o@mm.html" target="_blank">NETSKY.O</a> WORM!
Source=Paul Collins Startup list
[MSInstall]
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list
[msjava service]
Confirmed=X
Filename=xpcd.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/consumer/security_info/ve_detail.php?VName=WORM_SDBOT.VM&VSect=T" target="_blank">SDBOT.VM</a> WORM!
Source=Paul Collins Startup list
[MSKAGENTEXE]
Confirmed=U
Filename=MskAgent.exe
Description=Part of <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target="_blank">McAfee Spamkiller</a>
Source=Paul Collins Startup list
[MSKCES32]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html" target="_blank">CLONER</a> TROJAN!
Source=Paul Collins Startup list
[MSKDetectorExe]
Confirmed=U
Filename=MSKDetct.exe
Description=Part of <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target="_blank">McAfee Spamkiller</a>
Source=Paul Collins Startup list
[MSKernel32]
Confirmed=X
Filename=MSKernel32.vbs
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list
[MSkernel32]
Confirmed=X
Filename=System.exe 4820
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tuxder.html" target="_blank">TUXDER</a> TROJAN!
Description=Part of McAfee <a href="http://us.mcafee.com/root/package.asp?pkgid=156" target=_blank>Spamkiller</a>
Source=Paul Collins Startup list
[mslagent]
Confirmed=X
Filename=mslagent.exe
Description=Added by <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.simcss.b.html" target="_blank">SIMCSS.B</a> adware!
Source=Paul Collins Startup list
[MSLIB32]
Confirmed=?
Filename=mswatch32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Mslogon lptt01]
Confirmed=X
Filename=mslogon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Mslogon ml097e]
Confirmed=X
Filename=mslogon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[MsManager]
Confirmed=X
Filename=msmgr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.af@mm.html" target="_blank">YAHA.AF</a> WORM!
Source=Paul Collins Startup list
[msmanager32]
Confirmed=X
Filename=msmngr32.exe
Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/w32randonr.html" target="_blank">RANDON-R</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank">WOMANIZ.A</a>) WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html" target="_blank">FRAMAR</a> TROJAN!
Source=Paul Collins Startup list
[MSMcAfeeh]
Confirmed=X
Filename=Avsynmgr32h.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html" target="_blank">FRANGO</a> TROJAN!
Source=Paul Collins Startup list
[MSMcAfeeS]
Confirmed=X
Filename=Avsynmgr32S.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html" target="_blank">VOLAC</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.dr.html" target="_blank">VOLAC.DR</a> TROJANS!
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list
[MsmqIntCert]
Confirmed=?
Filename=regsvr32 /s mqrt.dll
Description=Microsoft Message Queue Server - Internal Certificate - see <a href="http://www.microsoft.com/msmq/" target="_blank">here</a> for more info and <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;230050" target="_blank">here</a> for a potential problem.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[MSMSGS]
Confirmed=U
Filename=msmsgs.exe
Description=<a href="http://www.microsoft.com/windowsxp/windowsmessenger/default.asp"_blank">Windows Messenger</a> utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Source=Paul Collins Startup list
[MSMsgSvc]
Confirmed=X
Filename=MSMSGSVC.exe
Description=Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN!
Source=Paul Collins Startup list
[msn]
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KITRO.A" target="_blank"> KITRO.A</a> WORM!
Source=Paul Collins Startup list
[msn]
Confirmed=X
Filename=msnmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgo.html" target="_blank">RBOT-GO</a> WORM!
Source=Paul Collins Startup list
[MSN]
Confirmed=X
Filename=msnmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkl.html" target="_blank">RBOT-KL</a> WORM!
Source=Paul Collins Startup list
[MSN]
Confirmed=X
Filename=ctfmoons.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SPYBOT.HI" target=_blank>SPYBOT.HI</a> WORM!
Source=Paul Collins Startup list
[MSN]
Confirmed=X
Filename=msnmesengers.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotme.html" target=_blank>RBOT-ME</a> WORM!
Source=Paul Collins Startup list
[MSN]
Confirmed=X
Filename=MSN.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.minit.html" target=_blank>MINIT</a> WORM!
Source=Paul Collins Startup list
[MSN ang]
Confirmed=X
Filename=cssrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotce.html" target=_blank>FORBOT-CE</a> WORM!
Source=Paul Collins Startup list
[Msn Config]
Confirmed=X
Filename=msngf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqg.html" target=_blank>RBOT-QG</a> WORM!
Source=Paul Collins Startup list
[MSN Internet Access]
Confirmed=N
Filename=trayclnt.exe
Description=Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards
Source=Paul Collins Startup list
[MSN Manager]
Confirmed=X
Filename=cvss.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[MSN Manager]
Confirmed=X
Filename=mscmgr.exe
Description=Unidentified malware - causes multiple browser windows to open
Source=Paul Collins Startup list
[MSN Messanger]
Confirmed=X
Filename=msnmsng.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XN" target="_blank">SDBOT.XN</a> WORM!
Source=Paul Collins Startup list
[MSN messenger]
Confirmed=X
Filename=messenger.exe
Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this <a href="http://forums.techguy.org/showthread.php?s=&threadid=109054" target="_blank">thread</a>
Source=Paul Collins Startup list
[Msn Messenger]
Confirmed=X
Filename=msnmsgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyp.html" target=_blank>LOONY-P</a> TROJAN!
Source=Paul Collins Startup list
[MSN messenger service]
Confirmed=X
Filename=mssgs.exe
Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this <a href="http://forums.techguy.org/showthread.php?s=&threadid=109054" target="_blank">thread</a>
Source=Paul Collins Startup list
[Msn Messengers]
Confirmed=X
Filename=MSNMSGR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T" target="_blank">RBOT.KX</a> WORM!
Source=Paul Collins Startup list
[Msn Patch]
Confirmed=X
Filename=msndp.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI" target=_blank>RBOT.AAI</a> WORM!
Source=Paul Collins Startup list
[Msn Patches]
Confirmed=X
Filename=msndr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Msn Plus Updater]
Confirmed=X
Filename=msnplus.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmu.html" target=_blank>RBOT-MU</a> WORM!
Source=Paul Collins Startup list
[MSN Quick View]
Confirmed=N
Filename=Msndc.exe
Description=Quick way to connect to MSN internet service
Source=Paul Collins Startup list
[MSN Start]
Confirmed=X
Filename=msnmsgr7.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotph.html" target=_blank>RBOT-PH</a> WORM!
Source=Paul Collins Startup list
[MSN Update]
Confirmed=X
Filename=mscon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqa.html" target=_blank>RBOT-QA</a> WORM!
Source=Paul Collins Startup list
[Msn Update Manager (Sp2)]
Confirmed=X
Filename=MSMSGS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnl.html" target=_blank>AGOBOT-NL</a> WORM!
Source=Paul Collins Startup list
[MSN Updater]
Confirmed=X
Filename=msnms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcg.html" target=_blank>FORBOT-CG</a> WORM!
Source=Paul Collins Startup list
[Msn Updater]
Confirmed=X
Filename=msnplugins.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboths.html" target=_blank>RBOT-HS</a> WORM!
Source=Paul Collins Startup list
[MSN UPDATERS]
Confirmed=X
Filename=virtualmemory.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjk.html" target="_blank">RBOT-JK</a> WORM!
Source=Paul Collins Startup list
[msnappau]
Confirmed=N
Filename=msnappau.exe
Description=Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar
Source=Paul Collins Startup list
[Msnarrator]
Confirmed=X
Filename=msnarrator.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A" target="_blank">NARAT.A</a> TROJAN! - also identified as <a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.mpgcom.html" target="_blank">MPGCOM Toolbar</a> adware
Source=Paul Collins Startup list
[MSNET]
Confirmed=X
Filename=msnet.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.boa.html" target="_blank">BOA</a> WORM!
Source=Paul Collins Startup list
[MsnFixer]
Confirmed=?
Filename=msnfixjs.js
Description=<font color="#FF0000">Located in the HPbinmsnfix directory of a HP PC</font>
Source=Paul Collins Startup list
[MSNGrabber]
Confirmed=X
Filename=MSNgrabber.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.envid.a@mm.html" target=_blank>ENVID.A</a> WORM!
Source=Paul Collins Startup list
[MSNIA]
Confirmed=N
Filename=MSNIASVC.EXE
Description=Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
Source=Paul Collins Startup list
[msnload32.exe]
Confirmed=X
Filename=msnload32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.m.html" target="_blank">BANCOS.M</a> TROJAN!
Source=Paul Collins Startup list
[MSNMESENGER]
Confirmed=X
Filename=Main.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list
[msnmsg.exe]
Confirmed=X
Filename=mscmd32.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[msnmsgr]
Confirmed=N
Filename=msnmsgr.exe
Description=<a href="http://messenger.msn.com/" target="_blank">MSN Messenger</a> utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Source=Paul Collins Startup list
[MsnMsgr]
Confirmed=X
Filename=MsnMsgrs.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.netsky.ad@mm.html" target=_blank>NETSKY-AD</a> WORM!
Source=Paul Collins Startup list
[msnmsgr32-.exe]
Confirmed=X
Filename=msnmsgr-.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[MSNMSGR5]
Confirmed=X
Filename=MSNMSGR5.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.PQ" target="_blank">RBOT.PQ</a> WORM!
Source=Paul Collins Startup list
[MSNMSGRE]
Confirmed=X
Filename=swef.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list
[MSNMSGRR]
Confirmed=X
Filename=swin.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list
[MSNMSGRS1]
Confirmed=X
Filename=swed.bat
Description=IRC backdoor TROJAN or WORM!
Source=Paul Collins Startup list
[msnmsgsgs]
Confirmed=X
Filename=msnmsgsgs.exe
Description=Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN!
Source=Paul Collins Startup list
[MSNService]
Confirmed=X
Filename=MSNService.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.carpet.c.html" target="_blank">CARPET.C</a> WORM!
Source=Paul Collins Startup list
[MSNSysRestore]
Confirmed=X
Filename=pc32.exe
Description=Added by a variant of the MASTAK VIRUS!
Source=Paul Collins Startup list
[MSObject32]
Confirmed=X
Filename=MSObject32.js
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.pun.trojan.html" target="_blank">PUN</a> TROJAN!
Source=Paul Collins Startup list
[Msoffice]
Confirmed=X
Filename=msoffice.hta
Description=Hijacker - redirecting to Searchdot.net
Source=Paul Collins Startup list
[MSOffice]
Confirmed=X
Filename=services.exe
Description=Browser hijacker. The file is placed in a newly created MSOffice folder in System32. Note - this is NOT the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target=_blank>services.exe</a> process, which should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[MSOleath32]
Confirmed=X
Filename=winss.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100491.htm" target=_blank>KATHER</a> TROJAN!
Source=Paul Collins Startup list
[MSOOBD]
Confirmed=X
Filename=MSOOBD.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
Source=Paul Collins Startup list
[mspaint.exe]
Confirmed=X
Filename=check32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentah.html" target=_blank>AGENT.AH</a> TROJAN!
Source=Paul Collins Startup list
[Mspatch69]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html" target="_blank">MPROX</a> TROJAN!
Source=Paul Collins Startup list
[Mspatch89]
Confirmed=X
Filename=cnqmax.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html" target="_blank">RANDEX.P</a> WORM!
Source=Paul Collins Startup list
[MSPQFile]
Confirmed=X
Filename=MSA****.TMP
Description=Homepage hijacker. See <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=10" target="_blank">here</a> for more information. **** can be anything
Source=Paul Collins Startup list
[MSprotect.exe]
Confirmed=X
Filename=MSprotect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A" target="_blank">DABYREV.A</a> VIRUS!
Source=Paul Collins Startup list
[mspwr]
Confirmed=U
Filename=pupstman.exe
Description="Transparent icon background" feature of Ashampoo's <a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0105" target="_blank">PowerUp XP</a> (WinNT/2K/XP) and <a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0005" target="_blank">PowerUp Deluxe</a> (Win98/Me)
Source=Paul Collins Startup list
[MSPY2002]
Confirmed=N
Filename=ImScInst.exe
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[MSR]
Confirmed=X
Filename=msr.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.RT" target=_blank>AGOBOT.RT</a> WORM!
Source=Paul Collins Startup list
[Msrc]
Confirmed=X
Filename=Msrc.exe
Description=Added by the KRYPTONIC GHOST TROJAN!
Source=Paul Collins Startup list
[msreg.exe]
Confirmed=X
Filename=msrege.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zinx.html" target="_blank">ZINX</a> TROJAN!
Source=Paul Collins Startup list
[msReg32 Loader]
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.IU&VSect=T" target=_blank>AGOBOT.IU</a> WORM!
Source=Paul Collins Startup list
[MSREGIT]
Confirmed=X
Filename=Msgp.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.13" target="_blank">KRYPGHOS.13</a> TROJAN!
Source=Paul Collins Startup list
[MSRegSvc]
Confirmed=X
Filename=regsvc32.exe
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list
[msrunocx32]
Confirmed=X
Filename=msrunocx32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.skus.html" target="_blank">SKUS</a> WORM!
Source=Paul Collins Startup list
[msservice]
Confirmed=X
Filename=msserv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hyd@mm.html" target="_blank">HYD</a> WORM!
Source=Paul Collins Startup list
[MSSGisg]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html" target=_blank>RANKY.N</a> TROJAN!
Source=Paul Collins Startup list
[MSSHVC]
Confirmed=X
Filename=MSSHVC.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.nuffy.a.html" target="_blank">NUFFY.A</a> WORM!
Source=Paul Collins Startup list
[mssoul]
Confirmed=X
Filename=msmscc2.exe
Description=Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!)
Source=Paul Collins Startup list
[MSSQL]
Confirmed=X
Filename=Mssql.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[Msstart]
Confirmed=X
Filename=msstart.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_LIVUP.C" target="_blank">LIVUP.C</a> TROJAN!
Source=Paul Collins Startup list
[MSStartOptimizer]
Confirmed=X
Filename=Iexpres.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html" target="_blank">POLDO.B</a> TROJAN!
Source=Paul Collins Startup list
[MSStartOptimizer]
Confirmed=X
Filename=WINUPD.EXE
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=" target="_blank">here</a>. This has to be cleared at the same time as RegCompres (REGCPM32.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return
Source=Paul Collins Startup list
[msstask]
Confirmed=X
Filename=msstask.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html" target="_blank">MYPARTY</a> WORM!
Source=Paul Collins Startup list
[mssurfer lptt01]
Confirmed=X
Filename=mssurfer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[mssurfer ml097e]
Confirmed=X
Filename=mssurfer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[mssvc]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html" target="_blank">PSK</a> TROJAN!
Source=Paul Collins Startup list
[MSSVC]
Confirmed=X
Filename=svcsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
Source=Paul Collins Startup list
[MSSVC.EXE]
Confirmed=Y
Filename=MSSVC.EXE
Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - hides folders, files and applications. Will also encrypt them for better protection
Source=Paul Collins Startup list
[mssvc32]
Confirmed=X
Filename=mssvc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotme.html" target=_blank>AGOBOT-ME</a> WORM!
Source=Paul Collins Startup list
[mssys]
Confirmed=X
Filename=mssys.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.myss.b.html" target="_blank">MYSS.B</a> TROJAN!
Source=Paul Collins Startup list
[mssysint]
Confirmed=X
Filename=Iexplore .exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/pwsteal.abchlp.html" target="_blank">PWSTEAL.ABCHLP</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.pspider.310.b.html" target="_blank">PSPIDER.310.B</a> TROJANS! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[mssyslanhelper]
Confirmed=X
Filename=msmsgri32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html" target="_blank">RANDEX.D</a> WORM!
Source=Paul Collins Startup list
[MsSystem]
Confirmed=X
Filename=msdos.exe
Description=Adult content downloader - see <a href="http://vil.nai.com/vil/content/v_100801.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[MsSystem]
Confirmed=X
Filename=mssys.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VANTA.A" target="_blank">VANTA.A</a> TROJAN!
Source=Paul Collins Startup list
[MSSYSTEM]
Confirmed=X
Filename=svcsys.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
Source=Paul Collins Startup list
[Mstapi]
Confirmed=X
Filename=Mstapi.exe
Description=Keylogger trojan
Source=Paul Collins Startup list
[Mstask]
Confirmed=X
Filename=mstask.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.N" target="_blank">OPASERV.N</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target="_blank">mstask.exe</a> system file and the executable resides in C:\Windows or C:\WINNT
Source=Paul Collins Startup list
[mstask]
Confirmed=X
Filename=mstask.exe
Description=Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target=_blank>mstask.exe</a> system file
Source=Paul Collins Startup list
[mstasks]
Confirmed=X
Filename=mstasks.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidray.html" target=_blank>MULTIDR-AY</a> TROJAN!
Source=Paul Collins Startup list
[Mstcgww]
Confirmed=?
Filename=MSTCGWW.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[MSTMON_Q]
Confirmed=N
Filename=MSTMON_Q.exe
Description=Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready
Source=Paul Collins Startup list
[Mstng32]
Confirmed=X
Filename=MSTng32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.tang@mm.html" target="_blank">TANG</a> WORM!
Source=Paul Collins Startup list
[MSUpdate]
Confirmed=X
Filename=wupd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html" target="_blank">ALADINZ.M</a> TROJAN!
Source=Paul Collins Startup list
[MSUpdate]
Confirmed=X
Filename=svchosthlp.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html" target="_blank">BLASTER.T</a> WORM!
Source=Paul Collins Startup list
[msupdate]
Confirmed=X
Filename=msupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmz.html" target=_blank>RBOT-MZ</a> WORM!
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related - resets home page to an adult content site
Source=Paul Collins Startup list
[MSupdater.exe]
Confirmed=X
Filename=N/A
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related. Installs the Winshow.dll browser plugin
Source=Paul Collins Startup list
[msupdates]
Confirmed=X
Filename=msupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjo.html" target="_blank">RBOT-JO</a> WORM!
Source=Paul Collins Startup list
[MSUpdSrv]
Confirmed=X
Filename=msupdsrv.exe
Description=Browser hijacker, redirecting to a porn site
Source=Paul Collins Startup list
[msurl]
Confirmed=X
Filename=msurl32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[msuser32.exe]
Confirmed=X
Filename=msuser32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.androv.html" target="_blank">ANDROV</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html" target="_blank">XOMBE</a> TROJAN!
Source=Paul Collins Startup list
[MSVersion]
Confirmed=X
Filename=INTERNETFEATURES.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list
[MSVersion]
Confirmed=X
Filename=clrschp038.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
Source=Paul Collins Startup list
[msvsc32]
Confirmed=X
Filename=msdev.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgj.html" target=_blank>RBOT-GJ</a> WORM!
Source=Paul Collins Startup list
[MSVSync]
Confirmed=X
Filename=videosync.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[MSVXD]
Confirmed=X
Filename=MSVXD.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A" target="_blank">DATOM.A</a> WORM!
Source=Paul Collins Startup list
[mswave]
Confirmed=X
Filename=mswave.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Mswavedll]
Confirmed=X
Filename=mswavedll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER-C</a> TROJAN!
Source=Paul Collins Startup list
[MSwheel]
Confirmed=U
Filename=mswheel.exe
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Mswincfg]
Confirmed=X
Filename=Mswincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D" target="_blank">CYBRSPY.D</a> TROJAN!
Source=Paul Collins Startup list
[MsWindows SysDate]
Confirmed=X
Filename=sysmsvc.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.spybot.fcd.html" target=_blank>SPYBOT.FCD</a> WORM!
Source=Paul Collins Startup list
[Mswinpid32]
Confirmed=X
Filename=mswinpid32.exe
Description=Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
Source=Paul Collins Startup list
[MSWinSrv]
Confirmed=X
Filename=MSWinSrv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mtron.html" target=_blank>MTRON</a> TROJAN!
Source=Paul Collins Startup list
[MSWinSrv32]
Confirmed=X
Filename=MSWinSrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmtronb.html" target=_blank>MTRON-B</a> TROJAN!
Source=Paul Collins Startup list
[mswspl]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ" target="_blank">SMALL.IQ</a> TROJAN!
Source=Paul Collins Startup list
[mswspl]
Confirmed=X
Filename=searchbarcash.exe
Description=SearchBarCash adware
Source=Paul Collins Startup list
[msys lptt01]
Confirmed=X
Filename=msys.exe
Description=New variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Msyss" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Msys32]
Confirmed=X
Filename=morfitwebentrance.exe
Description=<a href="http://www.morfit.com/Eng/" target="_blank">Morfit ADjectPager</a> - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage
Source=Paul Collins Startup list
[MS_NETD_WIN32]
Confirmed=X
Filename=netd32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list
[MS_SETUP.EXE]
Confirmed=X
Filename=MS_SETUP.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.charge.html" target="_blank">CHARGE</a> TROJAN!
Source=Paul Collins Startup list
[Mtr2]
Confirmed=X
Filename=mtr2.exe
Description=Added by the KRYPTONIC GHOST TROJAN!
Source=Paul Collins Startup list
[MUAL]
Confirmed=U
Filename=mual.exe
Description=Millesky video mail updater and launcher
Source=Paul Collins Startup list
[muamgr]
Confirmed=U
Filename=muamgr.exe
Description=Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
Source=Paul Collins Startup list
[Mufix]
Confirmed=?
Filename=mufix.exe
Description=Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - <font color="#FF0000">what does it do and is it required</font>
Source=Paul Collins Startup list
[Multi-function keyboard]
Confirmed=U
Filename=GWHotkey.exe
Description=Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)
Source=Paul Collins Startup list
[MultiCAM Initializer]
Confirmed=U
Filename=MCamBoot.exe
Description=The MultiCAM Initializer is part of the MultiCAM software package provided by <a href="http://www.vistaimaging.com/multicam.htm" target="_blank">Vista Imaging</a> in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled
Source=Paul Collins Startup list
[Multimedia Codecs]
Confirmed=X
Filename=mcc.exe
Description=Added by the <a href="http://www.giantcompany.com/antispyware/research/spyware/spyware-Trojan.PornDownloaderMCC.aspx" target="_blank">MCC</a> TROJAN!
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list
[MULTIMEDIA KEYBOARD]
Confirmed=U
Filename=MMKeybd.exe
Description=Multimedia keyboard manager. Required if you use the additional keys
Source=Paul Collins Startup list
[MultiRes]
Confirmed=U
Filename=MultiRes.exe
Description=<a href="http://www.entechtaiwan.com/" target="_blank">MultiRes</a> - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP
Source=Paul Collins Startup list
[MUPS]
Confirmed=U
Filename=MUPS.exe
Description=Lauches the <a href="http://www.belkin.com/" target="_blank">Belkin</a> Bulldog Plus Service - required if you want to access the UPS advanced functions
Source=Paul Collins Startup list
[murphy shield]
Confirmed=Y
Filename=lmgui.exe
Description=Firewall part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
Source=Paul Collins Startup list
[Music01 Server]
Confirmed=N
Filename=Music01 Server.exe
Description=J River <a target="_blank" href="http://www.musicex.com/mediajukebox/">Media Jukebox</a>
Source=Paul Collins Startup list
[MusIRC (irc.music.com) client]
Confirmed=X
Filename=musirc4.71.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
Description=MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive
Source=Paul Collins Startup list
[MWProEng]
Confirmed=N
Filename=MWProEng.exe
Description=Logitech Mouseware Pro software - only required when using special functions
Description=SeekSeek search hijacker related - as seen <a href="http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry34543" target="_blank"> here</a>
Source=Paul Collins Startup list
[MxHLp32]
Confirmed=X
Filename=MxHLp32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list
[MXO Auto Loader]
Confirmed=U
Filename=MXOaldr.exe
Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
Source=Paul Collins Startup list
[MxRunner]
Confirmed=U
Filename=MxRunner.exe
Description=<a href="http://www.aladdinsys.com/easyuninstall/" target="_blank">EasyUninstall</a> from Aladdin Systems (formerly by Ontrack)
Source=Paul Collins Startup list
[My Agent]
Confirmed=X
Filename=msagent.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
Source=Paul Collins Startup list
[My App]
Confirmed=X
Filename=SMSSvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list
[Myapp]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html" target="_blank">FATEE.B</a> WORM!
Source=Paul Collins Startup list
[Myapp]
Confirmed=X
Filename=service.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[MyAV]
Confirmed=X
Filename=avpguard.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html" target="_blank">NETSKY.J</a> WORM!
Source=Paul Collins Startup list
[MyCIO Agent Service]
Confirmed=Y
Filename=myagtsvc.exe
Description=McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> Agent service
Source=Paul Collins Startup list
[myCIO.com ASaP]
Confirmed=U
Filename=MyAgtTry.exe
Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
Source=Paul Collins Startup list
[myCIO.com Splash]
Confirmed=N
Filename=Splash.exe
Description=Splash screen for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
Source=Paul Collins Startup list
[myNetWatchman]
Confirmed=U
Filename=nwclient.exe
Description=Sends your firewall alerts to a <a href="http://www.mynetwatchman.com/" target="_blank">website</a>, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
Source=Paul Collins Startup list
[MyPointsPointAlert]
Confirmed=X
Filename=wjview ...MyPointsPointAlertrun.exe
Description="With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
Source=Paul Collins Startup list
[myprint mileage]
Confirmed=U
Filename=mpm.exe
Description=Reports battery status on a portable printer
Source=Paul Collins Startup list
[mysoft]
Confirmed=X
Filename=winexplor.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[MySoftware NewsFlash]
Confirmed=?
Filename=Newsflsh.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[MytekSystrayExePath]
Confirmed=U
Filename=MyTekSystray.exe
Description=<a href="http://www.mytek.com.au/" target="_blank">MyTek</a> system tray - web site providing computer tech support in Australia
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!
Source=Paul Collins Startup list
[MyVitalAgent]
Confirmed=U
Filename=VtlAgent.exe
Description=<a href="http://www.qip.lucent.com/qip/spectra/invoke.cfm?id=FBAD6307%2D6CCA%2D4CC3%2D851F5D42DB652AB2&Method=DisplayDetails" target="_blank">MyVitalAgent</a> from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the loaction of connection problems. Available via Start -> Programs
Source=Paul Collins Startup list
[MyWebSearch Email Plugin]
Confirmed=X
Filename=mwsoemon.exe
Description="My Web Search" malware
Source=Paul Collins Startup list
[N2PTray]
Confirmed=U
Filename=Net2fone.exe
Description=An Internet telephony application. Needed only if you have an account at <a href="http://web.net2phone.com/" target="_blank">Net2Phone, Inc</a>
Source=Paul Collins Startup list
[NADaemon]
Confirmed=N
Filename=NADAEMON.EXE
Description=Program by <a href="http://www.netactive.com/" target="_blank">NetActive</a> which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
Source=Paul Collins Startup list
[Naggerrunkey]
Confirmed=N
Filename=nagger.exe
Description=Packard Bell Free Internet Signup screen
Source=Paul Collins Startup list
[Naimagent_service]
Confirmed=Y
Filename=EPOAgentnaimas32.exe
Description=Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
Source=Paul Collins Startup list
[Naimagent_UI]
Confirmed=Y
Filename=EPOAgentnaimag32.exe
Description=Workstation background program for Network AssociatesÆ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list
[Naimagent_UI]
Confirmed=Y
Filename=naimag32.exe
Description=Workstation background program for Network AssociatesÆ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Source=Paul Collins Startup list
[Name]
Confirmed=X
Filename=Iexplorer0.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.threadsys.html" target="_blank">THREADSYS</a> TROJAN!
Source=Paul Collins Startup list
[Narrator]
Confirmed=X
Filename=******.exe [* = random char]
Description=Transponder/VX2 related adware
Source=Paul Collins Startup list
[Natal]
Confirmed=X
Filename=Natal.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.ae.worm.html" target="_blank">OPASERV.AE</a> WORM!
Source=Paul Collins Startup list
[NAV]
Confirmed=X
Filename=RuxDLL32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mapson.d.worm.html" target="_blank">MAPSON.D</a> WORM!
Source=Paul Collins Startup list
[NAV Agent]
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[nAv AGENT]
Confirmed=X
Filename=N/A
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html" target="_blank">RIOSYS</a> MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes
Source=Paul Collins Startup list
[NAV Agent]
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.c.html" target="_blank">TARNO.C</a> TROJAN! Note - this is not the valid Norton Antivirus entry of the same name
Source=Paul Collins Startup list
[NAV Agent]
Confirmed=X
Filename=winsnav.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.anpes@mm.html" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list
[NAV Auto Update]
Confirmed=X
Filename=Navautoupdate.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[NAV CfgWiz]
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list
[NAV Configuration Wizard]
Confirmed=N
Filename=cfgwiz.exe
Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
Source=Paul Collins Startup list
[NAV DefAlert]
Confirmed=U
Filename=DefAlert.exe
Description=Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
Source=Paul Collins Startup list
[NAV Live Update]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html" target="_blank">DEBORMS.C</a> WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
Source=Paul Collins Startup list
[NAV Scan Service]
Confirmed=X
Filename=NAVSCAN32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG" target="_blank">SDBOT.VG</a> WORM!
Source=Paul Collins Startup list
[NavAgent32]
Confirmed=X
Filename=lasvr32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.femot.d.worm.html" target="_blank">FEMOT.D</a> WORM!
Source=Paul Collins Startup list
[NavAgent32]
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[Naviscope]
Confirmed=U
Filename=naviscope.exe
Description=<a href="http://naviscope.com/" target="_blank">Naviscope</a> is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
Description=Hijacker, possibly a <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> variant
Source=Paul Collins Startup list
[navp.exe]
Confirmed=X
Filename=navp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotoe.html" target=_blank>AGOBOT-OE</a> WORM!
Source=Paul Collins Startup list
[NavPass]
Confirmed=X
Filename=NavPass.exe
Description=Free system for gaining access to and downloading from adult content web-sites
Source=Paul Collins Startup list
[NavScan]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html" target="_blank">OBSORB</a> TROJAN!
Source=Paul Collins Startup list
[NAVSCANNER32]
Confirmed=X
Filename=NAVSCANNER32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC" target="_blank">RBOT.QC</a> WORM!
Source=Paul Collins Startup list
[NAVUpd]
Confirmed=X
Filename=rundll32.exe navupd.dll, Startup
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.navu.html" target="_blank">NAVU</a> TROJAN!
Source=Paul Collins Startup list
[NB Common Dialog Enhancements]
Confirmed=N
Filename=COMDLGEX.EXE
Description=Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
Source=Paul Collins Startup list
[NB Start Menu]
Confirmed=N
Filename=STARTM.EXE
Description=Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B
Source=Paul Collins Startup list
[NB Windows Patterns]
Confirmed=N
Filename=WINDBKGND.EXE
Description=Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
Source=Paul Collins Startup list
[NBJ]
Confirmed=U
Filename=NBJ.exe
Description=Ahead Nero <a href="http://www.nero.com/en/631898241464531.html" target="_blank"> BackItUp</a> backup program. Only required for if you have scheduled back-ups
Source=Paul Collins Startup list
[NbkCtrl]
Confirmed=U
Filename=NbkCtrl.exe
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[NBT System alias]
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by a variant of the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
Source=Paul Collins Startup list
[NCClient]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[NCD]
Confirmed=N
Filename=ncd.exe
Description=Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
Source=Paul Collins Startup list
[NCLAUNCH]
Confirmed=?
Filename=NCLAUNCH.Exe
Description=Part of <a href="http://www.northcode.com/products/swfstudio/index.html" target="_blank">SWF Studio</a> from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[NCS_SS]
Confirmed=N
Filename=Csinsm32.exe
Description=Same as CleanSweep Smart Sweep-Internet Sweep
Source=Paul Collins Startup list
[NDDEAGNT]
Confirmed=?
Filename=NDDEAGNT.EXE
Description=WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
Source=Paul Collins Startup list
[NDIS Adapter]
Confirmed=X
Filename=ndis.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VF&VSect=T" target="_blank">SDBOT.VF</a> WORM!
Source=Paul Collins Startup list
[NDIS Adapter]
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbr.html" target=_blank>FORBOT-BR</a> WORM!
Source=Paul Collins Startup list
[NDIS Adapter]
Confirmed=X
Filename=lsass2.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[NDplDeamon]
Confirmed=X
Filename=nstask32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html" target="_blank">RANDEX.E</a> WORM!
Source=Paul Collins Startup list
[NDplDeamon]
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html" target="_blank">RANDEX.E</a> WORM!
Source=Paul Collins Startup list
[NDPS]
Confirmed=U
Filename=DPMW32.EXE
Description=Novell Distributed Printer Services - part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client and <a href="http://www.novell.com/products/groupwise/" target="_blank"> Groupwise</a> products. Not required if you don't use this feature
Description=ConfigFreeT Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
Source=Paul Collins Startup list
[Necbar]
Confirmed=N
Filename=Necbar.exe
Description=Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
Source=Paul Collins Startup list
[NECMFK]
Confirmed=Y
Filename=necmfk.exe
Description=NEC wireless keyboard driver
Source=Paul Collins Startup list
[Necutray]
Confirmed=U
Filename=Necutray.exe
Description=Driver for external USB storage devices (hard drives, flsh disks, etc)
Source=Paul Collins Startup list
[neqprvfy.exe]
Confirmed=?
Filename=neqprvfy.exe
Description=<font color="#FF0000">Appears to be related to the downloading of some application - possibly verifying updates?</font>
Source=Paul Collins Startup list
[Nero.ma]
Confirmed=X
Filename=***.exe [*** = 2 to 3 digits]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html" target="_blank">JONBARR.D</a> WORM!
Source=Paul Collins Startup list
[NeroAutoStartClient]
Confirmed=X
Filename=NeroASM.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T" target=_blank>AGOBOT.VG</a> WORM!
Source=Paul Collins Startup list
[NeroCheck]
Confirmed=U
Filename=nerocheck.exe
Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Source=Paul Collins Startup list
[NeroCheck]
Confirmed=X
Filename=regedit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.b.html" target="_blank">DOOMJUICE.B</a> WORM! Note - this is not the valid Ahead Nero CD burning program. Also it is not the valid Windows registry editor which resides in C:\Windows or C:\Winnt wheras this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
Source=Paul Collins Startup list
[NeroFilterCheck]
Confirmed=U
Filename=NeroCheck.exe
Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Source=Paul Collins Startup list
[NeroNETTrayIcon]
Confirmed=N
Filename=NNServiceCtrl.exe
Description=System tray access to <a href="http://www.nero.com/us/631898255953125.html" target="_blank">NeroNET</a> - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
Source=Paul Collins Startup list
[Net]
Confirmed=X
Filename=WINREG.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.d.html" target="_blank">ASSASIN.D</a> TROJAN!
Source=Paul Collins Startup list
[Net Accelerator]
Confirmed=U
Filename=NetAccelerator.exe
Description=<a href="http://www.rizalsoftware.com/" target="_blank">Rizal</a> NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
Source=Paul Collins Startup list
[Net Activity Diagram]
Confirmed=U
Filename=nad.exe
Description=<a href="http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=20" target="_blank">Net Activity Diagram</a> from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs
Source=Paul Collins Startup list
[Net-It Launcher]
Confirmed=N
Filename=NILaunch.exe
Description=<a href="http://www.net-it.com/" target="_blank">Net-It</a> - web publishing software
Source=Paul Collins Startup list
[NetAccelerator]
Confirmed=U
Filename=NetAccel.exe
Description=<a href="http://www.netaccelerator.net/" target="_blank">NetAccelerator</a> is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
Source=Paul Collins Startup list
[NetAdm7]
Confirmed=X
Filename=NETADM7.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.f.html" target="_blank">BANCOS.F</a> TROJAN!
Source=Paul Collins Startup list
[Netapi]
Confirmed=X
Filename=Netapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
Source=Paul Collins Startup list
[NetApp]
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SHADOWTHIEF" target="_blank">SHADOWTHIEF</a> TROJAN!
Source=Paul Collins Startup list
[netconfig]
Confirmed=X
Filename=netconfig.exe
Description=Added by the <a href="http://www.pestpatrol.com/PestInfo/n/netware_trojan_v1_0.asp" target="_blank">NETCONF</a> TROJAN!
Source=Paul Collins Startup list
[NetCruiser Dialer]
Confirmed=U
Filename=NCDialer.exe
Description=<a href="http://www.netcruiser-software.com/products.html" target="_blank">NetCruiser Dialer</a> from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"
Source=Paul Collins Startup list
[netdaemon]
Confirmed=X
Filename=netdaemon /v
Description=Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
Source=Paul Collins Startup list
[netdll32]
Confirmed=X
Filename=netdll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[netdllex]
Confirmed=X
Filename=netdllex.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[NetDy]
Confirmed=X
Filename=VisualGuard.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.n@mm.html" target="_blank">NETSKY.N</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.w@mm.html" target="_blank">NETSKY.W</a> WORMS!
Source=Paul Collins Startup list
[NETFP32.EXE]
Confirmed=X
Filename=NETFP32.EXE
Description=Added by the AGENT.CD TROJAN!
Source=Paul Collins Startup list
[netfxupdate]
Confirmed=?
Filename=netfxupdate.exe
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but <a href="http://www.techsupportforum.com/computer/topic/8189-1.html" target="_blank"> this</a> suggest's it's a trojan?</font>
Source=Paul Collins Startup list
[NetFxUpdate_v1.0.3705]
Confirmed=?
Filename=netfxupdate.exe
Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but <a href="http://www.techsupportforum.com/computer/topic/8189-1.html" target="_blank"> this</a> suggest's it's a trojan?</font>
Source=Paul Collins Startup list
[NetGuard]
Confirmed=U
Filename=NetGuard.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor
Source=Paul Collins Startup list
[Netlimiter]
Confirmed=U
Filename=Netlimiter.exe
Description=<a href="http://www.netlimiter.com/" target="_blank">Netlimiter</a> - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
Source=Paul Collins Startup list
[Netline User]
Confirmed=N
Filename=netchk.exe
Description=Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
Source=Paul Collins Startup list
[NetLink]
Confirmed=X
Filename=netlink32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html" target="_blank">GAOBOT.WO</a> WORM!
Source=Paul Collins Startup list
[NetLogon]
Confirmed=X
Filename=userint.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbc.html" target=_blank>SDBOT-BC</a> WORM!
Source=Paul Collins Startup list
[NetManagerService]
Confirmed=X
Filename=ntss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A" target="_blank">BESTPICS.A</a> TROJAN!
Source=Paul Collins Startup list
[NetMeter]
Confirmed=X
Filename=NetMeter.exe
Description=NetRatings software by <a href="http://www.opistat.com/mp/index.html" target=_blank>Opistat</a> . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Source=Paul Collins Startup list
[NetMon]
Confirmed=X
Filename=netmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.m@mm.html" target="_blank">MIMAIL.M</a> WORM!
Source=Paul Collins Startup list
[netmsg]
Confirmed=U
Filename=netmsg.exe
Description=<a href="http://users.pandora.be/Grrrippp/" target=_blank>Net_Message</a> is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well
Description=Malware, probably <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related
Source=Paul Collins Startup list
[NetPerSec]
Confirmed=N
Filename=NetPerSec.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,1735,00.asp" target="_blank">NetPerSec</a> - measures the real-time speed of your Internet connection
Source=Paul Collins Startup list
[NetPumper]
Confirmed=N
Filename=NetPumperIEProxy.exe
Description=<a href="http://www.netpumper.com/" target=_blank>NetPumper</a> download manager - bundles Cydoor and SaveNow adware, see <a href="http://www.kephyr.com/spywarescanner/library/netpumper/index.phtml" target=_blank>here</a>
Source=Paul Collins Startup list
[NetReach]
Confirmed=X
Filename=nrcheck.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Netropa Internet Receiver]
Confirmed=X
Filename=Netropa.exe
Description=Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
Source=Paul Collins Startup list
[NetRun]
Confirmed=U
Filename=NetRun.exe
Description=<a href="http://www.czarsoft.shorturl.com/" target="_blank">NetRun</a> - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
Source=Paul Collins Startup list
[Netscape Messenger]
Confirmed=N
Filename=NETSCAPE.EXE
Description=In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
Source=Paul Collins Startup list
[Netscp6]
Confirmed=N
Filename=Netscp6.exe
Description=Netscape 6
Source=Paul Collins Startup list
[netservices]
Confirmed=X
Filename=recall.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[NetShow Powerpoint Helper]
Confirmed=U
Filename=NSPPTHLP.EXE
Description=If disabled, user created fonts can no longer be seen by other programs
Source=Paul Collins Startup list
[NetStat Live]
Confirmed=N
Filename=Nsl.exe
Description=AnalogX <a href="http://www.analogx.com/contents/download/network/nsl.htm" target="_blank">NetStat Live</a> - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
Source=Paul Collins Startup list
[netsv32]
Confirmed=X
Filename=netsv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html" target="_blank">SDBOT-PX</a> WORM!
Source=Paul Collins Startup list
[NetTime]
Confirmed=U
Filename=NETTIME.EXE
Description=From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."
Source=Paul Collins Startup list
[NetTurbo]
Confirmed=U
Filename=netturbo.exe
Description=<a href="http://www.netturbo.com/" target="_blank">NetTurbo</a> from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled
Source=Paul Collins Startup list
[Netunit32]
Confirmed=X
Filename=wunit32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[NetWatch32]
Confirmed=X
Filename=netwatch.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html" target="_blank">MIMAIL.C</a> WORM!
Source=Paul Collins Startup list
[Netword Agent]
Confirmed=N
Filename=nwant33.exe
Description=An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
Source=Paul Collins Startup list
[NetWork]
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ" target="_blank">AGOBOT.JJ</a> WORM!
Source=Paul Collins Startup list
[Network Administration]
Confirmed=X
Filename=NAS.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.20.q.html" target="_blank">ANTILAM.20.Q</a> TROJAN!
Source=Paul Collins Startup list
[Network Administration Service]
Confirmed=X
Filename=rsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH" target=_blank>RBOT.ABH</a> WORM!
Source=Paul Collins Startup list
[Network Associates Error Reporting Service]
Confirmed=U
Filename=TBMon.exe
Description=Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
Source=Paul Collins Startup list
[NetWork Device Switch]
Confirmed=U
Filename=NetDevSW.exe
Description=Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
Source=Paul Collins Startup list
[Network Host Controller]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html" target="_blank">WHISPER</a> TROJAN!
Source=Paul Collins Startup list
[Network Protocol Service]
Confirmed=X
Filename=wuamgrd.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60289&VName=WORM_RBOT.EA&VSect=T" target="_blank">RBOT.EA</a> WORM!
Source=Paul Collins Startup list
[Network protocol service]
Confirmed=X
Filename=wintcp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Network Security Guard]
Confirmed=X
Filename=**********.exe [* = random char]
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related
Source=Paul Collins Startup list
[Network Service]
Confirmed=X
Filename=svchost.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Network Service Manager]
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Network Service Manager]
Confirmed=X
Filename=netsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
Source=Paul Collins Startup list
[NetworkAssociates Inc]
Confirmed=X
Filename=internet.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[NetworkClient]
Confirmed=X
Filename=NetworkClient.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lemur.html" target="_blank">LEMUR</a> WORM!
Source=Paul Collins Startup list
[Networks Configurator]
Confirmed=X
Filename=NetConfs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotox.html" target=_blank>RBOT-OX</a> WORM!
Source=Paul Collins Startup list
[Networks Controler]
Confirmed=X
Filename=Netsis.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotng.html" target=_blank>RBOT-NG</a> WORM!
Source=Paul Collins Startup list
[NetworkSetup]
Confirmed=N
Filename=dlink.exe
Description=<a href="http://www.dlink.com/tech/faq/dlink-icon.htm" target="_blank">D-Link</a> System Tray icon
Source=Paul Collins Startup list
[Netzip Smart Downloader]
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[NetZIPFolders]
Confirmed=N
Filename=nzfprop.exe
Description=<a href="http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc" target="_blank">Netzip Classic</a> zip file manager
Source=Paul Collins Startup list
[NeuroMedia(IESpeaker)]
Confirmed=X
Filename=NeuroMedia.exe
Description=Part of an older freeware version of <a href="http://www.iespeaker.com" target="_blank"> IESpeaker</a> - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
Source=Paul Collins Startup list
[NeuroSpeech OESpeaker]
Confirmed=N
Filename=OEMonitor.exe
Description=Part of <a href="http://www.iespeaker.com" target="_blank"> OESpeaker</a> - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
Description=<a href="http://www.f-secure.com/solutions/home.shtml" target="_blank">F-Secure</a> antivirus related. <font color="#FF0000" target="_blank">However, is this particular item required?</font>
Source=Paul Collins Startup list
[Newsalrt]
Confirmed=N
Filename=NEWSALRT.EXE
Description=MSNBC News system tray utility to alert you to new news
Source=Paul Collins Startup list
[Newsgroup lptt01]
Confirmed=X
Filename=newsgroup.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "newsgroup" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Newsgroup ml097e]
Confirmed=X
Filename=newsgroup.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "newsgroup" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[NewsUpd]
Confirmed=N
Filename=newsupd.exe
Description=For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see <a href="http://cexx.org/newsupd.htm" target="_blank">here</a>.
Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
Source=Paul Collins Startup list
[nForce Tray Options]
Confirmed=N
Filename=sstray.exe
Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
Source=Paul Collins Startup list
[NGClient]
Confirmed=U
Filename=ngctw32.exe
Description=Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
Source=Paul Collins Startup list
[NGServer]
Confirmed=N
Filename=ngserver.exe
Description=Symantec/Norton Ghost Console service
Source=Paul Collins Startup list
[NiceDownloads]
Confirmed=X
Filename=rundll32.exe MSA64CHK.dll, DllMostrar
Description=<a href="http://www.doxdesk.com/parasite/MatrixDialer.html" target="_blank">MatrixDialer</a> related
Source=Paul Collins Startup list
[Nielsen NetRatings]
Confirmed=N
Filename=insight.exe
Description=<a href="http://www.nielsen-netratings.com/mktg.jsp?section=ps" target="_blank">Nielsen NetRatings</a> - "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web siteÆs audience and your customers". <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[nikLaus]
Confirmed=X
Filename=nikLaus.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.niklas.html" target="_blank">NIKLAS</a> WORM!
Source=Paul Collins Startup list
[NInit]
Confirmed=N
Filename=NInit.exe
Description=Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
Source=Paul Collins Startup list
[nisserv]
Confirmed=Y
Filename=NISSERV.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list
[Nisum]
Confirmed=Y
Filename=NISUM.EXE
Description=Norton Personal Firewall
Source=Paul Collins Startup list
[NJG40]
Confirmed=X
Filename=NJG40.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.d.html" target="_blank">BANCOS.D</a> TROJAN!
Source=Paul Collins Startup list
[NkvMon.exe]
Confirmed=N
Filename=NkvMon.exe
Description=Nikon View 5 - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list
[NkVwMon.exe]
Confirmed=N
Filename=NkVwMon.exe
Description=Nikon View - for transferring pictures from Nikon digital cameras
Source=Paul Collins Startup list
[NLS Keyboard]
Confirmed=X
Filename=keyboard.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[NMSSvc]
Confirmed=?
Filename=NMSSVC.EXE
Description=NIC Management Service - diagnostics program for Intel Pro family network cards
Source=Paul Collins Startup list
[NMSVC]
Confirmed=Y
Filename=nmSvc.exe
Description=<a href="http://www.covenanteyes.com/about.php" target="_blank">Covenant Eyes</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
Source=Paul Collins Startup list
[NNSvc]
Confirmed=U
Filename=nnsvc.exe
Description=<a href="http://www.netnanny.com/products/netnanny5/index.html" target="_blank">NetNanny</a> internet filter
Source=Paul Collins Startup list
[No Credit Card]
Confirmed=X
Filename=plugin-[random].exe
Description=Adult content pop-up dialler
Source=Paul Collins Startup list
[No-IP DUC]
Confirmed=U
Filename=DUC20.exe
Description=Part of <a href="http://www.no-ip.com" target="_blank">http://www.no-ip.com</a> provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
Source=Paul Collins Startup list
[NoAds]
Confirmed=U
Filename=NoAds.exe
Description=Blocks advertisement banners in Internet Explorer
Source=Paul Collins Startup list
[NoAdware]
Confirmed=N
Filename=NoAdware.exe
Description=Adware/spyware remover - not particularly recommended, see <a href="http://www.adwarereport.com/mt/archives/000023.html" target=_blank>here</a>
Source=Paul Collins Startup list
[Nocana]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
Source=Paul Collins Startup list
[Nod32CC]
Confirmed=U
Filename=nod32cc.exe
Description=Control Center part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
Source=Paul Collins Startup list
[NOD32kernel]
Confirmed=Y
Filename=Nod32krn.exe
Description=<a href="http://www.nod32.com/home/home.htm" target="_blank">Nod32</a> Antivirus Version 2
Source=Paul Collins Startup list
[nod32kui]
Confirmed=Y
Filename=nod32kui.exe
Description=<a href="http://www.nod32.com/home/home.htm" target="_blank">Nod32</a> Antivirus Version 2
Source=Paul Collins Startup list
[NOD32POP3]
Confirmed=Y
Filename=Pop3scan.exe
Description=POP3 E-mail part of Eset's <a href="http://www.nod32.com/home/home.htm" target="_blank">NOD32</a> virus-scanner
Source=Paul Collins Startup list
[NodeMnger]
Confirmed=?
Filename=Nodemngr.exe
Description=<font color="#FF0000">Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?</font>
Source=Paul Collins Startup list
[nodriver]
Confirmed=X
Filename=AUEKXRZ.EXE
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Description=Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required
Source=Paul Collins Startup list
[Nokia Tray Application]
Confirmed=U
Filename=NclTray.exe
Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Source=Paul Collins Startup list
[NOMAD Detector]
Confirmed=U
Filename=ctmnrun.exe
Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
Source=Paul Collins Startup list
[NomdCheck]
Confirmed=N
Filename=nomdchek.exe
Description=Part of Intel's Native Audio
Source=Paul Collins Startup list
[nomtray]
Confirmed=U
Filename=nomtray.exe
Description=System Tray access to NetMotion Wireless options - including connectivity status (see <a href="http://www.netmotionwireless.com/support/technotes/2140.asp" target=_blank>here</a>)
Source=Paul Collins Startup list
[Norman ZANDA]
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
Source=Paul Collins Startup list
[Norton Antivirus AV]
Confirmed=X
Filename=FVProtect.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html" target="_blank">NETSKY.P</a> WORM! Note - this is not the popular AV software!
Source=Paul Collins Startup list
[Norton AntiVirus Sys]
Confirmed=X
Filename=NAVsys32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list
[Norton Auto Protect]
Confirmed=X
Filename=nava.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Norton Auto-Protect]
Confirmed=Y
Filename=navapw32.exe
Description=Norton Anti-Virus's background scanning process
Source=Paul Collins Startup list
[Norton AV Preload]
Confirmed=?
Filename=Premend.exe
Description=Norton Antivirus related. <font color="#FF0000"> What does it do and is it required</font>
Source=Paul Collins Startup list
[Norton Crashguard Monitor]
Confirmed=N
Filename=cgmenu.exe
Description=Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
Source=Paul Collins Startup list
[Norton Disk Doctor]
Confirmed=N
Filename=Ndd32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Source=Paul Collins Startup list
[Norton eMail Protect]
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list
[Norton Guard 32]
Confirmed=X
Filename=ntguard32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Norton Live Update Server]
Confirmed=X
Filename=cpsdv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW" target="_blank">AGOBOT.EW</a> TROJAN!
Source=Paul Collins Startup list
[Norton Live Updater]
Confirmed=X
Filename=Cavapsvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Norton Live Updater]
Confirmed=X
Filename=Sochost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Norton Navigator Loader]
Confirmed=N
Filename=nnloader.exe
Description=An older Norton utility for file management under Windows 95. More information <a href="http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Norton Program Scheduler]
Confirmed=U
Filename=nsched32.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list
[Norton Program Scheduler]
Confirmed=U
Filename=NPSsvc.exe
Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Source=Paul Collins Startup list
[Norton Program Scheduler Event Checker]
Confirmed=?
Filename=npscheck.exe
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker</font>
Source=Paul Collins Startup list
[Norton Service Process]
Confirmed=X
Filename=navapvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Norton SpySweeper AutoUpdate]
Confirmed=X
Filename=navsw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotas.html" target="_blank">FORBOT-AS</a> WORM!
Source=Paul Collins Startup list
[Norton System Doctor]
Confirmed=N
Filename=Sysdoc32.exe
Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Source=Paul Collins Startup list
[Norton SystemWorks]
Confirmed=N
Filename=cfgwiz.exe
Description=Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
Source=Paul Collins Startup list
[Norton Update]
Confirmed=X
Filename=ccUpdate.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Norton Updater]
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Norton Wizzard]
Confirmed=X
Filename=nwiz.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html" target="_blank">GAOBOT.ZX</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adv.html" target="_blank">GAOBOT.ADV</a> WORMS! Note - this is not the valid nVidia application that shares the same name
Source=Paul Collins Startup list
[norton32]
Confirmed=X
Filename=norton32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NortonAV]
Confirmed=X
Filename=norton_antivirus.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netjoe.html" target=_blank>NETJOE</a> TROJAN! Note - this is not the legitimate Symantec AV program
Source=Paul Collins Startup list
[nortonsantivirus]
Confirmed=X
Filename=ccEvtMngr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhzdoora.html" target=_blank>HZDOOR-A</a> TROJAN!
Source=Paul Collins Startup list
[Notebook Maximizer]
Confirmed=U
Filename=maximizer_startup.exe
Description=Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
Source=Paul Collins Startup list
[NotebookManager]
Confirmed=?
Filename=nbm.exe
Description=<font color="#FF0000">Associated with Acer notebook PCs. What does it do and is it required?</font>
Source=Paul Collins Startup list
[Notepad lptt01]
Confirmed=X
Filename=notepad.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list
[Notepad ml097e]
Confirmed=X
Filename=notepad.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not Windows Notepad which has the same executable name
Source=Paul Collins Startup list
[notepad.exe]
Confirmed=X
Filename=upx.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank">NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank">here</a>. * represents the version number
Source=Paul Collins Startup list
[NovaPortal Single User Service]
Confirmed=?
Filename=NPSU.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[NovastorSchedulerd]
Confirmed=U
Filename=SCHENGD.EXE
Description=NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
Source=Paul Collins Startup list
[NPFMonitor]
Confirmed=?
Filename=NPFMntor.exe
Description=Norton AntiVirus Firewall Install Monitor. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[NPROTECT]
Confirmed=U
Filename=nprotect.exe
Description=Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid - see <a href="http://service1.symantec.com/SUPPORT/nunt.nsf/e35d98be79cddc2785256951004d59cd/b6cb75a0d23fd6fb8825662f00734a64?OpenDocument&src=bar_sc" target="_blank"> here</a>
Source=Paul Collins Startup list
[NPS Event Checker]
Confirmed=?
Filename=npscheck.exe
Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as </font>Norton Program Scheduler Event Checker
Source=Paul Collins Startup list
[NS]
Confirmed=X
Filename=ns.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboths.html" target=_blank>AGOBOT-HS</a> WORM!
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[nse]
Confirmed=X
Filename=nse.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotml.html" target=_blank>AGOBOT-ML</a> WORM!
Source=Paul Collins Startup list
[Nsengine]
Confirmed=U
Filename=Nsengine.exe
Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[NSHelper]
Confirmed=U
Filename=aexnsinstallhelper.exe
Description=Altiris Express Notification Server Install helper - monitors integrity of the installation
Source=Paul Collins Startup list
[nssysconf]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59209&VName=TROJ_VIVIA.A&VSect=T" target="_blank">VIVIA.A</a> TROJAN!
Source=Paul Collins Startup list
[nstat]
Confirmed=X
Filename=netstat.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[NSupdate]
Confirmed=X
Filename=NSupdate.exe
Description=Adult content dialer
Source=Paul Collins Startup list
[Nsvdr]
Confirmed=X
Filename=nsvdr.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[NSystemMonitor]
Confirmed=N
Filename=Symmon.exe
Description=Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html" target="_blank">DONK.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.c.html" target="_blank">DONK.C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html" target="_blank">DONK.L</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html" target="_blank">DONK.M</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html" target="_blank">DONK.O</a> WORMS!
Source=Paul Collins Startup list
[NT Services]
Confirmed=X
Filename=ntsvc.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.VJ" target="_blank">AGOBOT.VJ</a> WORM!
Source=Paul Collins Startup list
[ntdll]
Confirmed=X
Filename=ntdll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.404.html" target="_blank">BIONET.404</a> TROJAN!
Source=Paul Collins Startup list
[NTDLM]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html" target="_blank">HALE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Ntech.patchs]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html" target="_blank">LEMIR.G</a> TROJAN!
Source=Paul Collins Startup list
[NTFS16]
Confirmed=X
Filename=ntfs16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotly.html" target="_blank">RBOT-LY</a> WORM!
Source=Paul Collins Startup list
[NTFSCLUP]
Confirmed=Y
Filename=NTFSCLUP.EXE
Description=Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"
Source=Paul Collins Startup list
[ntldr]
Confirmed=X
Filename=ntldr.exe
Description=Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat
Source=Paul Collins Startup list
[ntlfreedom]
Confirmed=N
Filename=RyDial.dll, QuickStart
Description=NTL Freedom ISP software - reportedly not required
Source=Paul Collins Startup list
[NTP Server]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html" target="_blank">RANKY.F</a> TROJAN!
Source=Paul Collins Startup list
[NTrtc]
Confirmed=N
Filename=ntrtc.exe
Description=Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support - see <a href="http://www.euro.dell.com/countries/ae/enu/bsd/topics/y2k_rtctest.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[NTsocket]
Confirmed=X
Filename=NoeWinnt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojatakae.html" target="_blank">ATAKA-E</a> TROJAN!
Source=Paul Collins Startup list
[NTsrv.exe]
Confirmed=X
Filename=NTsrv.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojservuo.html" target=_blank>SERVU-O</a> TROJAN!
Source=Paul Collins Startup list
[ntupdate]
Confirmed=X
Filename=dnsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottc.html" target=_blank>SDBOT-TC</a> WORM!
Source=Paul Collins Startup list
[NTVDM]
Confirmed=U
Filename=NTVDM.EXE
Description=Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264320" target="_blank">here</a>
Source=Paul Collins Startup list
[ntvdscm]
Confirmed=X
Filename=ntvdscm.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66002&VName=TROJ_SCKEYLOG.O&VSect=O" target="_blank">SCKEYLOG.O</a> TROJAN!
Source=Paul Collins Startup list
[NuTCSetupEnviron]
Confirmed=Y
Filename=ncoeenv.exe
Description=Used by the <a href="http://www.mkssoftware.com/products/tk/ds_tkedev.asp" target="_blank">MKS Toolkit for Enterprise Developers</a> product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
Source=Paul Collins Startup list
[NvClipRsv]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-AK</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[NvClipRsv]
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-AK</a> WORM!
Source=Paul Collins Startup list
[NVCLOCK]
Confirmed=?
Filename=rundll32 nvclock.dll, fnNvclock
Description=<font color="#FF0000">Overclocking utility for nVidia based graphics cards?</font>
Source=Paul Collins Startup list
[NvColorInit]
Confirmed=?
Filename=rundll32.exe NvQtwk.dll, NvColorInit
Description=<font color="#FF0000">Associated with Nvidia based graphics cards</font>
Source=Paul Collins Startup list
[NvCpl]
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list
[NvCpl]
Confirmed=X
Filename=NvCpl.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yanz.b@mm.html" target=_blank>YANZ.B</a> WORM!
Source=Paul Collins Startup list
[NvCpl]
Confirmed=U
Filename=NvCpl.EXE
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.yanz.b@mm.html" target=_blank>YANZ.B</a> WORM!
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
Source=Paul Collins Startup list
[NvCplDaemon]
Confirmed=U
Filename=rundll32.exe NvCpl.dll, NvStartup
Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
Source=Paul Collins Startup list
[NvCplDmn]
Confirmed=X
Filename=NAVSVC.EXE
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NvCplScan]
Confirmed=X
Filename=nvsc32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[NvCplScan]
Confirmed=X
Filename=msc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdd.html" target=_blank>FORBOT-DD</a> WORM!
Source=Paul Collins Startup list
[nvd32 lptt01]
Confirmed=X
Filename=nvd32.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[nvd32 ml097e]
Confirmed=X
Filename=nvd32.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Nvid]
Confirmed=X
Filename=[8 random charachters]
Description=Unidentified adware
Source=Paul Collins Startup list
[Nvid32]
Confirmed=X
Filename=Nvid32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Nvidex32]
Confirmed=X
Filename=Nvidex32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Nvidia Control Panel]
Confirmed=X
Filename=ncsvc32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[NVIDIA Driver]
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target="_blank">WOOTBOT.Y</a> WORM!
Source=Paul Collins Startup list
[NVIDIA nForce APU1 Utilities]
Confirmed=N
Filename=NVATray.exe
Description=nVidia's nForce Audio Processing Unit (<a href="http://www.nvidia.com/object/apu.html" target="_blank">APU</a>)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"
Source=Paul Collins Startup list
[NVIDIA Video drivers]
Confirmed=X
Filename=video_32D.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.KV" target="_blank">AGOBOT.KV</a> WORM!
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NVIEW]
Confirmed=U
Filename=rundll32.exe nview.dll, nViewLoadHook
Description=This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
Source=Paul Collins Startup list
[NvInitialize]
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvXTInit
Description=Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
Source=Paul Collins Startup list
[NVmax]
Confirmed=Y
Filename=NVmax.exe
Description=NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NvMediaCenter]
Confirmed=U
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NVMixerTray]
Confirmed=N
Filename=NVMixerTray.exe
Description=System Tray access to audio controls from nVidia's motherboard ForceWare software
Source=Paul Collins Startup list
[NVQuickTweak]
Confirmed=N
Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Source=Paul Collins Startup list
[NVRT]
Confirmed=N
Filename=nvrt.exe
Description=NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
Source=Paul Collins Startup list
[NVRTClk]
Confirmed=?
Filename=NVRTClk.exe
Description=Related to a Gigabyte video card. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[nvsv32.exe]
Confirmed=X
Filename=nvsv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdi.html" target=_blank>FORBOT-DI</a> WORM!
Source=Paul Collins Startup list
[NvSvc]
Confirmed=N
Filename=nvsvc.exe
Description=NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that
Source=Paul Collins Startup list
[NVSystem32]
Confirmed=X
Filename=nvscv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotno.html" target=_blank>AGOBOT-NO</a> WORM!
Source=Paul Collins Startup list
[NvXplDeamon]
Confirmed=X
Filename=xstyles.exe
Description=Added by the SMALL.AJ VIRUS!
Source=Paul Collins Startup list
[NWEReboot]
Confirmed=?
Filename=dummy.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[nwiz]
Confirmed=N
Filename=nwiz.exe
Description=Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system
Source=Paul Collins Startup list
[Nwpopup]
Confirmed=Y
Filename=Nwpopup.exe
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages
Source=Paul Collins Startup list
[nwrecmsg]
Confirmed=U
Filename=nwrecmsg.exe
Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages - can cause crashes
Source=Paul Collins Startup list
[NWTRAY]
Confirmed=Y
Filename=nwtray.exe
Description=<a href="http://www.novell.com/products/netware/" target="_blank">Novell Netware</a>. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client
Source=Paul Collins Startup list
[oadaemon]
Confirmed=?
Filename=oadaemon.exe
Description=Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. <font color="#FF0000">Can it be started manually?</font>
Source=Paul Collins Startup list
[oahstifr]
Confirmed=Y
Filename=oahstifr.exe
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
Source=Paul Collins Startup list
[OAKSTART]
Confirmed=U
Filename=OAKSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list
[OAKTASK]
Confirmed=N
Filename=OAKTASK.EXE
Description=Taskbar utility for a "control panel" for a CD-RW
Source=Paul Collins Startup list
[Object Store Server]
Confirmed=Y
Filename=osserver.exe
Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
Source=Paul Collins Startup list
[objtjprx]
Confirmed=?
Filename=objtjprx.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[obsver]
Confirmed=?
Filename=obsver.exe
Description=Part of <a href="http://www.lingoware.com/english/" target=_blank>LingoWare</a> translating software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[OCAudioIni]
Confirmed=N
Filename=OCAudioIni.exe
Description=<a href="http://www.streamware-dev.com/products.html" target="_blank">One-click Audio Converter</a> - allows you to convert files of multiple audio formats right from Windows Explorer
Source=Paul Collins Startup list
[ocraware]
Confirmed=N
Filename=ocraware.exe
Description=<u>O</u>ptical <u>C</u>haracter <u>R</u>ecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[ocx32]
Confirmed=X
Filename=ocx32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list
[OD]
Confirmed=X
Filename=SYSCNTR.EXE
Description=HotVideo dialler
Source=Paul Collins Startup list
[od-matrxx]
Confirmed=X
Filename=od-matrxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[od-stndxx]
Confirmed=X
Filename=od-stndxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[od-teenxx]
Confirmed=X
Filename=od-teenxx.exe
Description=Adult dialler - xx can be any number
Source=Paul Collins Startup list
[ODBC BackUp]
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see <a href="http://www.chip.de/artikel/c_artikel_8806643.html" target=_blank>here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list
[Odometer]
Confirmed=N
Filename=Odometer.EXE
Description=Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QB&VSect=T" target="_blank">RBOT.QB</a> WORM!
Source=Paul Collins Startup list
[OEM32 Tools]
Confirmed=X
Filename=sres32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[OEMCLEANUP]
Confirmed=N
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list
[OEMRESET]
Confirmed=U
Filename=oemreset.exe
Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
Source=Paul Collins Startup list
[OEPowerPlugs]
Confirmed=?
Filename=winoeinit.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[OEXCheck]
Confirmed=N
Filename=EA2Check.exe
Description=<a href="http://www.ajsystems.com/oexhome.html" target="_blank">Express Assist</a> from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
Source=Paul Collins Startup list
[Offer Companion]
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list
[Offers]
Confirmed=X
Filename=offers.exe
Description=Adware
Source=Paul Collins Startup list
[Office Startup]
Confirmed=N
Filename=Osa.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Source=Paul Collins Startup list
[Office Startup]
Confirmed=X
Filename=Exploer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bv.html" target="_blank">GAOBOT.BV</a> WORM! Note the different filename to the valid MS Office entries
Source=Paul Collins Startup list
[Office Startup]
Confirmed=N
Filename=Osa9.exe
Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
Description=Autodetects when a digital camera is attached to a USB port and launches <a href="http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&US=0&c=f_on">OfotoNow</a> image software. Available via Start -> Programs
Description=From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
Source=Paul Collins Startup list
[OIM]
Confirmed=?
Filename=oim.exe
Description=<font color="#FF0000">Related to the <a href="http://www.o2.co.uk/about/0,,600,00.html" target="_blank">O2</a> (was "genie") mobile phone service. What does it do and is it required?</font>
Source=Paul Collins Startup list
[OLE]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html" target="_blank">STAWIN</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.d.html" target="_blank">TARNO.D</a> TROJANS!
Source=Paul Collins Startup list
[OLE Automation Server]
Confirmed=X
Filename=ole32aut.vbe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.d.html" target="_blank">BOOKMARKER.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.g.html" target="_blank">BOOKMARKER.G</a> TROJANS!
Source=Paul Collins Startup list
[Olive System]
Confirmed=X
Filename=Szchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mercurycas.a.html" target="_blank">MERCURYCAS.A</a> TROJAN!
Source=Paul Collins Startup list
[Omf4]
Confirmed=X
Filename=OMF4.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.freemega.html" target="_blank">FREEMEGA</a> TROJAN!
Source=Paul Collins Startup list
[OmgStartup]
Confirmed=N
Filename=omgstartup.exe
Description=Sony program called OpenMG Jukebox - player and music organizer
Source=Paul Collins Startup list
[OmniHTTPd]
Confirmed=U
Filename=ohttpd.exe
Description=<a href="http://www.omnicron.ca/httpd/" target="_blank">OmniHTTPd</a> web server from Omnicron
Source=Paul Collins Startup list
[OmniPage]
Confirmed=N
Filename=Opware32.exe
Description=Part of <a href="http://www.scansoft.com/omnipage/">OmniPage Pro</a> from Scansoft (was Caere) - "the fastest, easiest way to turn paper documents into digital files you can edit." Opware32.exe links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Source=Paul Collins Startup list
[One Touch Monitor]
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[One Touch Monitor]
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[One Touch Monitor]
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouch Monitor]
Confirmed=N
Filename=OneTouchMon.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[OneTouchMonitor]
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Confirmed=N
Filename=OneTouchMonitor.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Confirmed=N
Filename=1tou~2.exe
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[ONETOU~2]
Confirmed=N
Filename=ONETOU~2.EXE
Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Source=Paul Collins Startup list
[Onflow]
Confirmed=X
Filename=onflow.exe
Description=Onflow is a internet company that offers an online advertising program. Not required - uninstall
Source=Paul Collins Startup list
[online cdrom]
Confirmed=?
Filename=Active acid.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Online Service]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.b.html" target="_blank">HOSTIDEL.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.c.html" target="_blank">HOSTIDEL.C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.b.html" target="_blank">TARNO.B</a> TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[OnlinePCfix SmoothSurfer]
Confirmed=U
Filename=SS.exe
Description=<a href="http://www.smooth-surfer.com/" target="_blank">Smooth-Surfer</a> - blocks banners, ads, popups, and cleans MRU and Recent file lists
Source=Paul Collins Startup list
[OnlineTime]
Confirmed=N
Filename=onlinetime.exe
Description=<a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html">OnlineTimer</a> - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
Description=Displays <a href="http://www.openoffice.org/" target="_blank">OpenOffice</a> quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number
Source=Paul Collins Startup list
[Openwares LiveUpdate]
Confirmed=U
Filename=LiveUpdate.exe
Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
Source=Paul Collins Startup list
[Operator]
Confirmed=N
Filename=??
Description=Media Pilot operator, in Win.ini. Locks port open
Source=Paul Collins Startup list
[Operator]
Confirmed=U
Filename=xtmop.exe
Description=Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
Source=Paul Collins Startup list
[OpiStat]
Confirmed=N
Filename=OPISTAT.EXE
Description=<a href="http://www.opistat.com/mp/index.html" target="_blank">OpiStat</a> is a European Research Institute whose goal is to understand consumer needs and opinions better
Source=Paul Collins Startup list
[OPQFile]
Confirmed=X
Filename=regedit.exe /s ...rad03FA6.tmp
Description=Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
Source=Paul Collins Startup list
[OPTIMIZER]
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html" target="_blank">EVIVINC</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[Optimum Online]
Confirmed=N
Filename=Netsurf.exe
Description=<a href="http://www.optimumonline.com/index.jhtml;jsessionid=5LMI3XSXKRAYYCQLARQCF3QKBMCGCI5G?pageType=what" target="_blank">Optimum Online</a> ISP software. Not required, just window dressing & advertising from Optimum
Source=Paul Collins Startup list
[Optus Cable Data Monitor]
Confirmed=U
Filename=datamonitor.exe
Description=Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits"
Source=Paul Collins Startup list
[OptusNetUsage]
Confirmed=U
Filename=OptusNet Usage Meter.exe
Description=Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be
Source=Paul Collins Startup list
[Opware12]
Confirmed=N
Filename=Opware12.exe
Description=<a href="http://www.scansoft.com/omnipage/" target="_blank">OmniPage Pro 12</a> from ScanSoft
Description=Lotus Organizer 5 application file, Lotus Organizer software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[OrgyCam]
Confirmed=X
Filename=OrgyCam.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[OrigRage128Tweaker]
Confirmed=U
Filename=RAGE128TWEAK.EXE
Description=Third party tweaker for ATI Rage 128 Video cards from <a href="http://www.rageunderground.com">http://www.rageunderground.com</a>
Source=Paul Collins Startup list
[ORiNOCO]
Confirmed=U
Filename=Cmluc.exe
Description=Client Manager software for an <a href="http://www.orinocowireless.com/" target="_blank">ORiNOCO</a> wireless LAN card
Source=Paul Collins Startup list
[Osa32]
Confirmed=X
Filename=NTOSA32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anig.html" target="_blank">ANIG</a> WORM!
Source=Paul Collins Startup list
[OSD]
Confirmed=U
Filename=OSD.exe
Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
Description=<a href="http://www.somix.com/products/ostivity.php" target="_blank">OStivity</a> - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carool.html" target="_blank">CAROOL</a> TROJAN!
Source=Paul Collins Startup list
[outlook]
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotru.html" target=_blank>SDBOT-RU</a> WORM!
Source=Paul Collins Startup list
[Outpost Firewall]
Confirmed=Y
Filename=outpost.exe
Description=<a href="http://www.agnitum.com/products/outpost/" target="_blank">Outpost</a> personal firewall
Source=Paul Collins Startup list
[Outwar]
Confirmed=X
Filename=syslaunch.exe
Description=Outwar adware downloader
Source=Paul Collins Startup list
[OVCJ]
Confirmed=?
Filename=ovcj.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Overnet]
Confirmed=N
Filename=Overnet.exe
Description=<a href="http://www.overnet.com/" target="_blank">Overnet</a> peer-to-peer (P2P) file sharing program
Source=Paul Collins Startup list
[OWCCardbusTray]
Confirmed=U
Filename=ocbtray.exe
Description=Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
Source=Paul Collins Startup list
[OWCWebCamDV]
Confirmed=U
Filename=wcdvtray.exe
Description=<a href="http://www.orangemicro.com/webcamdv.html" target="_blank">WebCamDV</a> from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
Source=Paul Collins Startup list
[OWMngr]
Confirmed=X
Filename=OWMngr.exe
Description=OnWebMedia advertising foistware - see <a href="http://www.f-secure.com/v-descs/checkin.shtml" target="_blank"> here</a> for exactly what to look for
Source=Paul Collins Startup list
[oz2]
Confirmed=X
Filename=oz2.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM!
Source=Paul Collins Startup list
[P17Helper]
Confirmed=?
Filename=Rundll32 P17.dll, P17Helper
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=60&cat=2" target=_blank>ASIO</a> driver for the Sound Blaster Audigy & Audigy 2 series sound card - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list
[P2P NETWORKING]
Confirmed=N
Filename=P2P Networking.exe
Description=Peer to Peer (P2P) sharing of files on the internet
Source=Paul Collins Startup list
[P2P Networking3]
Confirmed=N
Filename=P2P Networking3.exe
Description=P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see <a href="http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml" target="_blank">here</a>
Source=Paul Collins Startup list
[P3p4chk]
Confirmed=X
Filename=P3p4chk.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[p4mx4]
Confirmed=X
Filename=p4mx4.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Packard Bell EverSafe Tray Control]
Confirmed=?
Filename=TrayControl.exe
Description=Packard Bell EverSafe software. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[PadTouch]
Confirmed=N
Filename=PadExe.exe
Description=Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad
Source=Paul Collins Startup list
[Pagekeeper Jobs]
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list
[Pagekeeper Lite]
Confirmed=U
Filename=pkjobs.exe
Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
Source=Paul Collins Startup list
[PAgent]
Confirmed=X
Filename=PAgent.exe
Description=Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found. See <a href="http://and.doxdesk.com/parasite/DownloadWare.html" target="_blank">here</a> for more info
Source=Paul Collins Startup list
[Pagis Scheduler]
Confirmed=N
Filename=Monitor.exe
Description=Scheduler for the <a href="http://www.scansoft.com/pagis/" target="_blank">Pagis</a> scanning suite from Scansoft.
Source=Paul Collins Startup list
[pagmstart]
Confirmed=?
Filename=client.exe
Description=<font color="#FF0000">Possibly related to <a href="http://www.pagm.com/default.asp" target="_blank">this</a>?</font>
Source=Paul Collins Startup list
[Pagoo]
Confirmed=N
Filename=PAGOO.EXE
Description=<a href="http://www.pagoo.com/cc.asp" target="_blank">Pagoo</a> - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
Source=Paul Collins Startup list
[Palm MultiUser Config]
Confirmed=?
Filename=Configtool.exe
Description=<font color="#FF0000">MultiUser configuration for a Palm PDA device?. Is it required?</font>
Source=Paul Collins Startup list
[Palm.exe]
Confirmed=N
Filename=Palm.exe
Description=<a href="http://www.palm.com/support/downloads/win_desktop.html" target="_blank">Palm Desktop Software</a> for use with Palm handheld devices. Available via Start -> Programs
Source=Paul Collins Startup list
[PalNetaware]
Confirmed=X
Filename=pnetaware.exe
Description=PalTalk adware - as included in Morpheus, see <a href="http://www.pestpatrol.com/pestinfo/m/morpheus.asp" target="_blank">here</a> towards the bottom of the page
Source=Paul Collins Startup list
[PaltalkNetaware.exe]
Confirmed=N
Filename=PALNETAW~1.EXE
Description=Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated
Source=Paul Collins Startup list
[Panda Scheduler]
Confirmed=U
Filename=pavsched.exe
Description=<a href="http://www.pandasoftware.com/" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Source=Paul Collins Startup list
[PandaAVEngine]
Confirmed=X
Filename=PandaAVEngine.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.r@mm.html" target="_blank">NETSKY.R</a> WORM!
Source=Paul Collins Startup list
[Paperport]
Confirmed=N
Filename=runppdrv.exe
Description=Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see <a href="http://groups.google.com/groups?q=runppdrv.exe&hl=en&rnum=7&selm=6v04nv%24q3l%241%40supernews.com" target="_blank">here</a>
Source=Paul Collins Startup list
[PaperPort PTD]
Confirmed=N
Filename=pptd40nt.exe
Description="PaperPort" software associated with scanners
Source=Paul Collins Startup list
[PaperQuote System Tray Icon]
Confirmed=N
Filename=PQTRAY.EXE
Description=PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation
Source=Paul Collins Startup list
[Parallel Tasking]
Confirmed=X
Filename=ptask.exe
Description=Added by unidentified adware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.Small.adg
Source=Paul Collins Startup list
[PartSeal]
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Description=<a href="http://www.progency.com/pastelister.html" target="_blank">PasteLister</a> - clipboard extender. Start manually when required
Source=Paul Collins Startup list
[Patch]
Confirmed=X
Filename=patch.exe
Description=Added by the <a href="http://www.dark-e.com/archive/trojans/netbusworm/index.shtml" target="_blank"> NETBUS</a> WORM!
Source=Paul Collins Startup list
[Patches Value]
Confirmed=X
Filename=WinGamed.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BR" target="_blank">SDBOT.BR</a> WORM!
Source=Paul Collins Startup list
[Path]
Confirmed=?
Filename=lide.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[PAV.EXE]
Confirmed=X
Filename=%Number%
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM! %Number% can be any number
Description=MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
Source=Paul Collins Startup list
[PC Booster]
Confirmed=U
Filename=pcbooster.exe
Description=<a href="http://www.inklineglobal.net/products/pcb/index.html" target="_blank">PC Booster</a> from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
Source=Paul Collins Startup list
[PC-Config32]
Confirmed=X
Filename=corona.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32coronexa.html" target="_blank">CORONEX.A</a> WORM!
Source=Paul Collins Startup list
[PCBG]
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list
[PCBODYGUARD]
Confirmed=Y
Filename=PCBODYGUARD.EXE
Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
Source=Paul Collins Startup list
[PCCClient.exe]
Confirmed=Y
Filename=PCCClient.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list
[pccguide.exe]
Confirmed=Y
Filename=pccguide.exe
Description=PC-Cillin 2002 antivirus software
Source=Paul Collins Startup list
[PCCIOMON.EXE]
Confirmed=Y
Filename=PCCIOMON.EXE
Description=PC-Cillin 2000 antivirus software. This is the actual virus-scanner
Source=Paul Collins Startup list
[PCClient.exe]
Confirmed=Y
Filename=PCClient.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
Source=Paul Collins Startup list
[PccPfw]
Confirmed=Y
Filename=PccPfw.exe
Description=PC Cillin 2003 personal firewall
Source=Paul Collins Startup list
[PcCtlCom]
Confirmed=Y
Filename=Pcctlcom.exe
Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target=_blank>PC-cillin</a> Internet Security
Source=Paul Collins Startup list
[PCDRealtime]
Confirmed=N
Filename=realtime.exe
Description=Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
Source=Paul Collins Startup list
[PcEXPLODE]
Confirmed=X
Filename=specialfile.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
Source=Paul Collins Startup list
[PCHbutton]
Confirmed=N
Filename=PCHbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list
[PCHealth]
Confirmed=N
Filename=pchschd.exe
Description=This is a "scheduler" and does not turn off PC Health. For more information refer <a href="http://groups.google.com/groups?q=PCHealth%2Bpchschd.exe&hl=en&selm=eeuEENQ6AHA.1484%40tkmsftngp03&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list
[PCHEasySearch]
Confirmed=X
Filename=STUpdate.exe
Description=PCH EasySearch bar
Source=Paul Collins Startup list
[PCIMODEM]
Confirmed=?
Filename=pcimodem.exe
Description=Associated with Lucent based Aztech MDP7800-U PCI modems. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[PCLEPCI]
Confirmed=U
Filename=ppe.exe
Description=Pinnacle Systems <a href="http://www.pinnaclesys.com/docsupport1.asp?division_id=1&langue_id=2&product_id=469&product_name=Studio%20version%207&page_id=146" target="_blank">PCI Performance Enhancer</a>. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."
Source=Paul Collins Startup list
[PCMService]
Confirmed=?
Filename=PCMService.exe
Description=<font color="#FF0000">In a DellMedia Experience sub-directory</font>
Source=Paul Collins Startup list
[PCRecSA]
Confirmed=U
Filename=PCRecSA.exe
Description=Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
Source=Paul Collins Startup list
[PCShield]
Confirmed=X
Filename=regsvr32 /s [path] sfg_****.dll [* = random char]
Description=Runs as part of <a href="http://pcmonitor.com/" target="_blank">PCMonitor</a> which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
Source=Paul Collins Startup list
[PCSuiteTrayApplication]
Confirmed=N
Filename=TrayApplication.exe
Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
Source=Paul Collins Startup list
[Pcsv]
Confirmed=N
Filename=pcsvc.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
Source=Paul Collins Startup list
[PcSync]
Confirmed=N
Filename=PcSync.exe
Description=If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs
Source=Paul Collins Startup list
[pctspk]
Confirmed=U
Filename=pctspk.exe
Description=Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
Source=Paul Collins Startup list
[PCTVOICE]
Confirmed=U
Filename=pctvoice.exe
Description=The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. ItÆs better to leave it
Source=Paul Collins Startup list
[PDEngine]
Confirmed=U
Filename=PDEngine.exe
Description=<a href="http://www.raxco.com/products/perfectdisk2k/" target="_blank">PerfectDisk</a> from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
Source=Paul Collins Startup list
[pdexplo]
Confirmed=N
Filename=PDEXPLO.EXE
Description=<a href="http://www.ontrack.com/powerdesk/">PowerDesk Pro</a> by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs
Source=Paul Collins Startup list
[PDF Converter Registry Controller]
Confirmed=?
Filename=RegistryController.exe
Description=ScanSoft <a href="http://www.scansoft.com/pdfconverter/" target=_blank>PDF_Converter</a> related - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[pdfFactory Pro Dispatcher v1]
Confirmed=N
Filename=fppdis1.exe
Description="With <a href="http://www.fineprint.com/software/index.html" target="_blank">pdfFactory</a> you can create PDF documents from any program printing to the virtual PDF printer". Available via a desktop shortcut or Start -> Programs
Source=Paul Collins Startup list
[pdfSaver3]
Confirmed=N
Filename=pdfSaver3.exe
Description=<a href="http://www.docu-track.com/home/prod_user/pdfxchange_pro/" target=_blank>PDF-XChange</a> - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc
Source=Paul Collins Startup list
[PDirect]
Confirmed=N
Filename=PDirect.exe
Description=IBM Presentation Director software
Source=Paul Collins Startup list
[pdp Server]
Confirmed=U
Filename=ctpdpsrvr.exe
Description=Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
Source=Paul Collins Startup list
[PDVDServ]
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[Pe2ckfnt SE]
Confirmed=N
Filename=chkfont.exe
Description=Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
Source=Paul Collins Startup list
[Peeramid]
Confirmed=?
Filename=PService.exe
Description=In a "Koptimizer" folder in Program Files. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[PeerGuardian]
Confirmed=N
Filename=PeerGuardian_1.99b_pr14.exe
Description=<a href="http://www.afterdawn.com/software/p2p_software/p2p_tools/peerguardian.cfm" target=_blank>PeerGuardian</a> "is a tiny firewall program especially designed for P2P software users, but also for anyone who is concerned about the investigations that corporations and authorities perform on the internet. PeerGurdian blocks connections for the configured IP ranges and logs the blocked connections"
Source=Paul Collins Startup list
[Pent@VALUE 3.2]
Confirmed=U
Filename=Pent@VALUE.exe
Description=Pent@VALUE Digital Satellite Internet PC Receiver
Source=Paul Collins Startup list
[PeqBL100]
Confirmed=X
Filename=PEQBL100.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.d@mm.html" target=_blank>ENVID.D</a> WORM!
Description=Print engine used by Corel WordPerfect 7 and Presentations 7
Source=Paul Collins Startup list
[PersFw]
Confirmed=Y
Filename=PersFw.exe
Description=<a href="http://www.kerio.com/us/kpf_home.html" target="_blank">Kerio</a> or <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny</a> Personal Firewall
Source=Paul Collins Startup list
[Personal Firwall]
Confirmed=X
Filename=ptmedsrv.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XY" target=_blank>SDBOT.XY</a> WORM!
Source=Paul Collins Startup list
[Pervasive.SQL Workgroup Engine]
Confirmed=U
Filename=W3dbsmgr.exe
Description=Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
Source=Paul Collins Startup list
[PestPatrol Control Center]
Confirmed=U
Filename=PPControl.exe
Description=<a href="http://www.pestpatrol.com/PPControl/" target="_blank">PestPatrol Control Terminal</a> - launches <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol
Source=Paul Collins Startup list
[PestPatrolCL]
Confirmed=?
Filename=PestPatrolCL.exe
Description=Associated with <a href="http://www.pestpatrol.com/" target="_blank">PestPatrol</a> anti-malware software. <font color="#FF0000">What does this part do and is it required?</font>
Description=PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
Source=Paul Collins Startup list
[PGPSERVICE]
Confirmed=U
Filename=pgpservice.exe
Description=PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
Source=Paul Collins Startup list
[PGPtray]
Confirmed=N
Filename=pgptray.exe
Description=PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[PHIME2002ASync]
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[PhoneFree version 6.2]
Confirmed=U
Filename=PHONEF??.EXE
Description=An Internet telephony application. Complicated registration and ad banners tailored to your profile - see <a href="http://www.phonefree.com/" target="_blank">here</a>
Source=Paul Collins Startup list
[Photo Express Calendar Checker SE]
Confirmed=N
Filename=CALCHECK.EXE
Description=If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
Source=Paul Collins Startup list
[Photo Loader supervisory]
Confirmed=N
Filename=Plauto.exe
Description=Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
Source=Paul Collins Startup list
[PhotoWise QuickLink]
Confirmed=N
Filename=quicklnk.exe
Description=Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."
Source=Paul Collins Startup list
[Picasa Media Detector]
Confirmed=N
Filename=PicasaMediaDetector.exe
Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
Source=Paul Collins Startup list
[PicasaNet]
Confirmed=N
Filename=Hello.exe
Description=<a href="http://www.hello.com/index.php" target=_blank>Hello</a> is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs
Source=Paul Collins Startup list
[Pickatag]
Confirmed=N
Filename=pickatag.exe
Description=<a href="http://home.wanadoo.nl/jeroen/software.html" target="_blank">Pick-a-tag</a> - "Freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
Source=Paul Collins Startup list
[PICPRTR]
Confirmed=N
Filename=PICPRTR.EXE
Description=Program for viewing and measuring a variety of 3D CAD data formats
Source=Paul Collins Startup list
[pictureBUZZTray]
Confirmed=N
Filename=swtray.exe
Description=System Tray access to <a href="http://www.picturebuzz.com" target="_blank">PictureBUZZ</a> on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
Source=Paul Collins Startup list
[PiDunHK]
Confirmed=U
Filename=PIDUNHK.EXE
Description=Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
Source=Paul Collins Startup list
[piiserviceOE]
Confirmed=U
Filename=N/A
Description=<a href="http://www.giantcompany.com/piOe.aspx" target="_blank">Spam Inspector</a> (nee Postal Inspector) from The Giant Company or <a href="http://www.sunbelt-software.com/product.cfm?id=930" target="_blank">iHateSpam</a> from Sunbelt Software - spam filter add-ons for OE
Source=Paul Collins Startup list
[pilif]
Confirmed=X
Filename=pilif.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.fili@mm.html" target="_blank">FILI</a> WORM!
Source=Paul Collins Startup list
[Pinger]
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
Source=Paul Collins Startup list
[PinnacleDriverCheck]
Confirmed=Y
Filename=PSDrvCheck.exe
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Description=Software Piracy Alert feature bundled with <a href="http://www.pgware.com/products/gamegain/" target=_blank>PGWare</a> software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"
Source=Paul Collins Startup list
[PivotSoftware]
Confirmed=N
Filename=wpctrl.exe
Description=PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[Pixel32]
Confirmed=X
Filename=Pixel32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pixelpwr32]
Confirmed=X
Filename=Pixelpwr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pixelsvr]
Confirmed=X
Filename=Pixelsvr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[pjWebCam]
Confirmed=U
Filename=pjWebCam.exe
Description=Webcam automation software that saves regular photos from webcam and can also act as HTTP server
Source=Paul Collins Startup list
[PK Services]
Confirmed=X
Filename=pksvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbw.html" target=_blank>FORBOT-BW</a> WORM!
Source=Paul Collins Startup list
[PktAnything]
Confirmed=U
Filename=PocketCompanion.exe
Description=<a href="http://www.o2pocket.com/pocketanythinginfo" target=_blank>PocketAnything</a> lets you save anything on your computer to your mobile, with one click
Source=Paul Collins Startup list
[PLEAPCPUCPL]
Confirmed=U
Filename=pleapu.exe
Description=<a href="http://www.powerleap.com/Products/ccp.htm" target="_blank">CPU Control Panel</a> for the Powerleap CPU upgrade
Source=Paul Collins Startup list
[PLFFAP]
Confirmed=?
Filename=HotfixQ0306270.exe
Description=Prolific Technology Inc. USB Flash Disk driver - <font color="#FF0000">is it required in startup?</font>
Source=Paul Collins Startup list
[Plguni]
Confirmed=N
Filename=Plguni.exe
Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
Source=Paul Collins Startup list
[plmg.exe]
Confirmed=U
Filename=plmg.exe
Description=Paragon Last Minute Bidder - auction assistant software
Source=Paul Collins Startup list
[PLoader]
Confirmed=?
Filename=umsd.exe
Description=USB Mass Storage Disk related tray icon. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Plob]
Confirmed=X
Filename=kernel.com
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.12" target="_blank">OPTIXPRO.12</a> TROJAN!
Source=Paul Collins Startup list
[Pluck Tray]
Confirmed=U
Filename=PluckTray.exe
Description=RSS (XML TAGS) reader program
Source=Paul Collins Startup list
[Plug And Play]
Confirmed=X
Filename=msnmsg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotid.html" target=_blank>RBOT-ID</a> WORM!
Source=Paul Collins Startup list
[PLXSTART]
Confirmed=U
Filename=PLXSTART.EXE
Description=Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.
Source=Paul Collins Startup list
[PLXTASK]
Confirmed=N
Filename=PLXTASK.EXE
Description=Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
Source=Paul Collins Startup list
[pm32ctrl]
Confirmed=X
Filename=pwr32crtl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[pm32info]
Confirmed=X
Filename=pm32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[pmc]
Confirmed=X
Filename=764.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[PMedia]
Confirmed=X
Filename=winsrvc.exe
Description=Internet marketing sofware from <a href="http://www.pmedia.co.uk/" target="_blank">PMedia</a> as used in E-Card FriendGreetings foistware - see <a href="http://vil.nai.com/vil/content/v_99760.htm" target="_blank">here</a>. Treated by Trend as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.B" target="_blank"> FRIENDGRT.B</a> WORM!
Source=Paul Collins Startup list
[PmProxy]
Confirmed=?
Filename=PmProxy.exe
Description=Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. <font color="#FF0000">What does it do and is it required?</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.doep.a.html" target="_blank">DOEP.A</a> WORM!
Source=Paul Collins Startup list
[Pofatch]
Confirmed=X
Filename=nstrue.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randexz.html" target="_blank">RANDEX.Z</a> WORM!
Source=Paul Collins Startup list
[point32]
Confirmed=U
Filename=point32.exe
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[POINTER]
Confirmed=U
Filename=point32.exe
Description=<a href="http://www.microsoft.com/intellipoint/" target="_blank">Microsoft Intellipoint</a> software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[Points Manager]
Confirmed=N
Filename=points manager.exe
Description=<a href="http://www.altnet.com/faq/" target="_blank">Altnet Points Manager</a> - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required
Source=Paul Collins Startup list
[POP]
Confirmed=X
Filename=PopSrv***.exe
Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware, bundled with Grokster where *** are random digits
Description=<a href="http://www.popupstopper.net/product_dpps.html" target="_blank">Pop-Up Stopper</a> Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Source=Paul Collins Startup list
[Pop-Up_Blocker]
Confirmed=U
Filename=Popup.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
Description=<a href="http://www.jsmadeeasy.com/archive/shellutilities/" target="_blank">PopOpen</a> makes your windows spring open with animation effects
Source=Paul Collins Startup list
[Poproxy]
Confirmed=Y
Filename=POPROXY.EXE
Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Source=Paul Collins Startup list
[popsrv146]
Confirmed=X
Filename=popsrv146.exe
Description=PeopleOnPage online dating browser enhancement - also adware and privacy issues, see <a href="http://www.doxdesk.com/parasite/AproposMedia.html" target="_blank">here</a>. For removal instructions see <a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank"> here</a>
Description=Part of BPS Trace Remover - made by the folks who "developed" BPS Spyware Remover which reportedly uses an old, "borrowed" SpyBot database. Read <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps" target="_blank">this</a> and <a href="http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=3912" target="_blank">this</a>. Do not support these guys!
Source=Paul Collins Startup list
[POS-Partnerbatchprocessor]
Confirmed=?
Filename=BATCH.EXE
Description=VISA credit card batch processing related to Appcon. <font color="#FF0000">Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?</font>
Source=Paul Collins Startup list
[Post-It(r) Software]
Confirmed=N
Filename=Psnotes.exe
Description=Pop-up "yellow" notes on screen. Available via Start -> Programs
Source=Paul Collins Startup list
[POW!]
Confirmed=U
Filename=pow.exe
Description=Pop-up killer
Source=Paul Collins Startup list
[Power Scan]
Confirmed=X
Filename=powerscan.exe
Description=Foistware by Integrated Search Technologies - the people behind the <a href="http://217.115.153.73/parasite/ISTbar.html" target="_blank"> ISTbar</a> parasite
Source=Paul Collins Startup list
[PowerBar]
Confirmed=N
Filename=Powerbar.exe
Description=Part of CyberLink's PowerDVD software. Not sure what exactly it does, but not required in startup
Source=Paul Collins Startup list
[PowerChute]
Confirmed=Y
Filename=Pwrchute.exe
Description="During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff"
Source=Paul Collins Startup list
[PowerDOCSAPIHost]
Confirmed=U
Filename=papihost.exe
Description=<a href="http://www.imageware.ch/tr/products/dms/powerdocs.jsp" target="_blank">Hummingbird PowerDOCS</a> - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"
Source=Paul Collins Startup list
[PowerDVD]
Confirmed=N
Filename=PowerDVD.exe
Description=Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually
Source=Paul Collins Startup list
[PowerKey]
Confirmed=U
Filename=PowerKey.exe
Description=Part of <a href="http://global.acer.com/" target="_blank">Acer</a> Launch Manager - programmable keys on such laptops as the TravelMate 610
Source=Paul Collins Startup list
[PowerManagement]
Confirmed=X
Filename=Rundlll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.surdux.html" target="_blank">SURDUX</a> TROJAN!
Source=Paul Collins Startup list
[PowerManager]
Confirmed=X
Filename=Svchost.exe
Description=Added by the <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=100277" target="_blank">JEEFO</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[PowerPanel]
Confirmed=Y
Filename=POWPANEL.EXE
Description=Power management utility on notebooks/laptops - automatically switches modes when running on battery
Source=Paul Collins Startup list
[PowerPrifile]
Confirmed=X
Filename=rundl132 kenel.dll, PowerProfileEnable
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.inmota.worm.html" target="_blank">INMOTA</a> WORM!
Source=Paul Collins Startup list
[PowerPro]
Confirmed=U
Filename=powerpro.exe
Description=Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program
Source=Paul Collins Startup list
[PowerProf]
Confirmed=X
Filename=PowerProf.exe
Description=Added by the LOREX.B TROJAN!
Source=Paul Collins Startup list
[PowerQuest Startup Utility]
Confirmed=N
Filename=PQINIT.EXE
Description=From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems"
Source=Paul Collins Startup list
[PowerReg Scheduler]
Confirmed=N
Filename=PowerReg Scheduler.exe
Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list
[PowerReg SchedulerV2]
Confirmed=N
Filename=PowerReg SchedulerV2.exe
Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Source=Paul Collins Startup list
[PowerReg SchedulerV3]
Confirmed=N
Filename=PowerReg SchedulerV3.exe
Description=PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
Description=<a href="http://www.prolink-usa.com/" target="_blank">Prolink</a>Test for either their AGP graphics card or TV/FM capture card. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[PowerSet]
Confirmed=?
Filename=Regedit.exe /s ...PowerSet_8100_CU.REG
Description=<font color="#FF0000">Appears to be Toshiba power management related</font>
Source=Paul Collins Startup list
[PowerStrip]
Confirmed=N
Filename=powerstrip.exe
Description=<a href="http://www.entechtaiwan.com/ps.htm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list
[PowerStrip]
Confirmed=N
Filename=PSTRIP.EXE
Description=<a href="http://www.entechtaiwan.com/ps.htm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
Source=Paul Collins Startup list
[PowerTools Tray Icon]
Confirmed=U
Filename=pttray.exe
Description=<a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank">PowerTools</a> - add-on for AOL
Source=Paul Collins Startup list
[Powertweak]
Confirmed=U
Filename=PT2.EXE
Description="<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options
Source=Paul Collins Startup list
[Powertweak]
Confirmed=U
Filename=PTCTRL.EXE
Description="<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options
Source=Paul Collins Startup list
[Power_Gear]
Confirmed=U
Filename=BatteryLife.exe
Description=Power management for all Asus notebook. Useful but not critical
Source=Paul Collins Startup list
[PP****usb]
Confirmed=N
Filename=FBDirect.exe
Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
Source=Paul Collins Startup list
[PP2000 Instaupdate]
Confirmed=U
Filename=PPInupdt.exe
Description=Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
Source=Paul Collins Startup list
[PP2000 Real Time Scan]
Confirmed=Y
Filename=PPVstop.exe
Description=Protector Plus anti-virus software - real time scanner
Source=Paul Collins Startup list
[PP2000 Taskbar Control]
Confirmed=Y
Filename=PPTbc.exe
Description=Protector Plus anti-virus software - system tray access
Source=Paul Collins Startup list
[PP3100b]
Confirmed=N
Filename=flatbed.exe
Description=Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop
Source=Paul Collins Startup list
[ppass]
Confirmed=U
Filename=Antispy.exe
Description=<a href="http://www.antivirus-program.com/antivirus_program/antispy/" target="_blank">AntiSpy</a> firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"
Source=Paul Collins Startup list
[PPControl]
Confirmed=U
Filename=PPControl.exe
Description=<a href="http://www.pestpatrol.com/PPControl/" target="_blank">PestPatrol Control Terminal</a> - launches <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol
Source=Paul Collins Startup list
[PPK Setup(Server)]
Confirmed=U
Filename=SEServe.exe
Description=Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended"
Source=Paul Collins Startup list
[PPMemCheck]
Confirmed=U
Filename=ppmemcheck.exe
Description=<a href="http://www.pestpatrol.com/PPMemCheck/" target="_blank">PPMemCheck</a> - "extends <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a>'s power so that the most dangerous Pests -- those that are about to execute -- are found, terminated, and cleaned from a user's system"
Source=Paul Collins Startup list
[PProTray]
Confirmed=N
Filename=pprotray.exe
Description=Part of the power professional program. Loads the System Tray control
Source=Paul Collins Startup list
[pptd40nt]
Confirmed=N
Filename=pptd40nt.exe
Description="PaperPort" software associated with scanners
Source=Paul Collins Startup list
[PPUpdate]
Confirmed=U
Filename=ppupdater.exe
Description=<a href="http://www.pestpatrol.com/PPUpdater/" target="_blank">PPUpdater</a> - "is the update program that ships with <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a>. It is able to update licensed and evaluation versions, and presents a visual display of what it is doing". Run manually unless you think you'll forget to check for updates on a regular basis
Source=Paul Collins Startup list
[PPWWebCap]
Confirmed=N
Filename=PPWebCap.exe
Description="PaperPort" software associated with scanners
Description=<a href="http://www.practisearch.com/" target="_blank">PractiSearch</a> web search software
Source=Paul Collins Startup list
[Praize Messenger]
Confirmed=U
Filename=itLoad.exe
Description=<a target="_blank" href="http://www.praize.com/IM/">Praize IM</a> Christian chat instant messenger
Source=Paul Collins Startup list
[Prayer]
Confirmed=U
Filename=PTW.EXE
Description=Islamic <a href="http://www.muhaddith.org/" target="_blank">Adhan</a> program (call fpr daily prayers)
Source=Paul Collins Startup list
[prdtect]
Confirmed=X
Filename=prdtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[PreAnnotate]
Confirmed=?
Filename=PreAnntt.exe
Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Precision Time Clock Checker]
Confirmed=N
Filename=PrecisionTime.exe
Description=<a href="http://www.ubr.com/clocks/timesw/prectime/prectime.html" target="_blank">Precision Time 2.0</a>. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time
Description=NetRatings software by <a href="http://www.opistat.com/mp/index.html" target=_blank>Opistat</a> . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Source=Paul Collins Startup list
[Premeter]
Confirmed=X
Filename=prmt.exe
Description=NetRatings software by <a href="http://www.opistat.com/mp/index.html" target=_blank>Opistat</a> . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!
Source=Paul Collins Startup list
[Price Patrol]
Confirmed=N
Filename=neo.exe
Description=<a href="http://corp.half.ebay.com/20010612.html" target="_blank">Price Patrol</a> by Half.com - internet shopping companion for finding the best on-line prices
Source=Paul Collins Startup list
[PrimaLauncher]
Confirmed=?
Filename=Launcher.exe
Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[Primax 3D Mouse]
Confirmed=U
Filename=3dmoused.exe
Description=Enables the scroll button on the Primax 3-D Scroll mouse
Source=Paul Collins Startup list
[Primsta]
Confirmed=?
Filename=Primsta.exe
Description=Linksys Wireless CompactFlash Card driver related. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[Print Driver Helper Service]
Confirmed=X
Filename=crsrr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbc.html" target=_blank>AGENT-BC</a> TROJAN!
Source=Paul Collins Startup list
[Print Master Event Reminder]
Confirmed=N
Filename=PMremind.exe
Description=Print Master Gold - calander feature that pops up reminders, such as birthdays
Source=Paul Collins Startup list
[Print Screen Deluxe]
Confirmed=N
Filename=psdeluxe.exe
Description=Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window
Source=Paul Collins Startup list
[print sharing]
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list
[print sharing]
Confirmed=X
Filename=[path] hidden32.exe [path] explorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html" target="_blank">ZCREW.B</a> TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)
Source=Paul Collins Startup list
[Print Spooler]
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[Print Spooler]
Confirmed=X
Filename=spoolsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BB" target="_blank">SDBOT.BB</a> TROJAN!
Source=Paul Collins Startup list
[Print Spooler]
Confirmed=X
Filename=spools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotld.html" target="_blank">RBOT-LD</a> WORM!
Source=Paul Collins Startup list
[Printer]
Confirmed=X
Filename=Spyassault.exe
Description=Dubious "spyware killer" - see <a href="http://www.spywareinfo.com/yabbse/index.php?board=9;action=display;threadid=4696" target="_blank">here</a>. To be avoided
Source=Paul Collins Startup list
[Printer]
Confirmed=N
Filename=[path to file]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html" target=_blank>LOWTAPER</a> TROJAN!
Source=Paul Collins Startup list
[Printer]
Confirmed=X
Filename=dipset.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/Print119618.htm" target=_blank>FBSR</a> TROJAN!
Source=Paul Collins Startup list
[Printer spool Service]
Confirmed=X
Filename=spool.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Printer Update]
Confirmed=?
Filename=CFGREG.EXE
Description=<font color="#FF0000">Maybe a registration reminder or automatically updates drivers or application software for a printer?</font>
Source=Paul Collins Startup list
[PrinterSpool]
Confirmed=X
Filename=[path] RESTORE.EXE [path] SPOOL.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html" target="_blank">ALADINZ.K</a> TROJAN!
Source=Paul Collins Startup list
[Printkey2000]
Confirmed=N
Filename=printkey2000.exe
Description=Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required
Source=Paul Collins Startup list
[printnow]
Confirmed=N
Filename=printnow.exe
Description=<a href="http://www.pcmag.com/article2/0,4149,8418,00.asp" target="_blank">PrintNow</a> - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer
Source=Paul Collins Startup list
[PrinTray]
Confirmed=N
Filename=Printray.exe
Description=Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray
Source=Paul Collins Startup list
[PrintScreen]
Confirmed=N
Filename=UNWISE.EXE
Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list
[Printscreen 95]
Confirmed=N
Filename=PRT95MIN.EXE
Description=<a href="http://www.printscreen95.com/" target="_blank">Printscreen 95</a> - utility to capture, print or save the current window
Source=Paul Collins Startup list
[PrintSpoolSv]
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoors.html" target="_blank">BDOOR-S</a> TROJAN!
Source=Paul Collins Startup list
[PRISMSTA.EXE]
Confirmed=U
Filename=PRISMSTA.EXE
Description=Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
Source=Paul Collins Startup list
[Privacy Eraser Pro]
Confirmed=N
Filename=PrivacyEraser.exe
Description=<a href="http://www.privacyeraser.com/" target="_blank">Privacy Eraser Pro</a> - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities
Source=Paul Collins Startup list
[PrivacyScanner]
Confirmed=X
Filename=pscan.exe
Description=Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to porn websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase
Source=Paul Collins Startup list
[PrivateNet]
Confirmed=X
Filename=[various filenames]
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[Privoxy]
Confirmed=U
Filename=privoxy.exe
Description=<a href="http://www.privoxy.org/" target="_blank">Privoxy</a> - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
Source=Paul Collins Startup list
[PrizeSurfer]
Confirmed=X
Filename=prizesurfer.exe
Description="PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list
[prjtect]
Confirmed=X
Filename=prjtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prktect]
Confirmed=X
Filename=prktect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prltect]
Confirmed=X
Filename=prltect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prmt]
Confirmed=X
Filename=prmt.exe
Description=NetRatings software by <a href="http://www.opistat.com/mp/index.html" target="_blank">Opistat</a>. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Source=Paul Collins Startup list
[prmtect]
Confirmed=X
Filename=prmtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!
Source=Paul Collins Startup list
[PrnSys Executable]
Confirmed=U
Filename=PrnSys.exe
Description=Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature
Source=Paul Collins Startup list
[Pro PCL Status Monitor]
Confirmed=U
Filename=PENGSS.EXE
Description=Xerox printer/fax/copier status monitor (PCL = printer control language)
Source=Paul Collins Startup list
[ProArt]
Confirmed=?
Filename=ProArt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ProcessGovernor]
Confirmed=U
Filename=processgovernor.exe
Description=<a href="http://www.collakesoftware.com/prosuper.htm" target=_blank>Process Supervisor</a> "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"
Source=Paul Collins Startup list
[ProcessSupervisorGUI]
Confirmed=U
Filename=ProcessSupervisor.exe
Description=<a href="http://www.collakesoftware.com/prosuper.htm" target=_blank>Process Supervisor</a> "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"
Source=Paul Collins Startup list
[procmon]
Confirmed=X
Filename=procmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.40a.html" target="_blank">BIONET.40A</a> TROJAN!
Source=Paul Collins Startup list
[ProdikeysAutorun]
Confirmed=N
Filename=Prodload.exe
Description=Creative <a href="http://www.prodikeys.com/products/prodikeys/" target=_blank>Prodikeys</a> software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic ôQWERTYö keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"
Source=Paul Collins Startup list
[ProDsl]
Confirmed=N
Filename=ProDsl.exe
Description=Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
Source=Paul Collins Startup list
[Profile]
Confirmed=X
Filename=Profile.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.trappy@mm.html" target="_blank">TRAPPY</a> WORM!
Source=Paul Collins Startup list
[Profiler]
Confirmed=N
Filename=Profiler.exe
Description=Enables the "Profiler" to be launched from a System Tray icon for <a href="http://www.saitek.com/" target="_blank">Saitek</a>'s game controllers. Available via Start -> Programs
Source=Paul Collins Startup list
[Prog]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Prog]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Program File]
Confirmed=X
Filename=Progmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html" target="_blank">PEEPER</a> TROJAN!
Source=Paul Collins Startup list
[Program in Windows]
Confirmed=X
Filename=iexplore.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[ProgramWindow]
Confirmed=?
Filename=more comp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[projselector]
Confirmed=N
Filename=projselector.exe
Description=Roxio Project Selector - can be started manually
Source=Paul Collins Startup list
[Promon.exe]
Confirmed=N
Filename=promon.exe
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Source=Paul Collins Startup list
[PRONoMgrWired]
Confirmed=U
Filename=PRONoMgr.exe
Description=IntelÆs Pro 100 Ethernet card manager
Source=Paul Collins Startup list
[Propel Accelerator]
Confirmed=U
Filename=PropelAC.exe
Description=<a href="http://www.propel.com/" target="_blank">Propel</a> Internet Accelerator
Source=Paul Collins Startup list
[ProPort Startup]
Confirmed=U
Filename=ProPort.exe
Description=<a href="http://www.tdupage.com/main.htm" target="_blank">Proport</a> is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving
Source=Paul Collins Startup list
[Protected Storage]
Confirmed=X
Filename=RUNDLL32.EXE MSSIGN30.DLL ondll_reg
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Protection]
Confirmed=X
Filename=[path] runtask.exe [path] protection.exe
Description=Added by a variant of the AGENT.3.AU TROJAN!
Source=Paul Collins Startup list
[Protection]
Confirmed=X
Filename=Protection.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32febelnecka.html" target=_blank>FEBELNECK-A</a> WORM!
Source=Paul Collins Startup list
[PROXOMITRON]
Confirmed=N
Filename=PROXOMITRON.EXE
Description=HTML proxy
Source=Paul Collins Startup list
[PROXOMITRON]
Confirmed=N
Filename=PROXOM~1.EXE
Description=HTML proxy
Source=Paul Collins Startup list
[PRPCMonitor]
Confirmed=U
Filename=PRPCUI.exe
Description=Intel« SpeedStepÖ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%
Source=Paul Collins Startup list
[prrtect]
Confirmed=X
Filename=prrtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prstect]
Confirmed=X
Filename=prstect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prtcct]
Confirmed=X
Filename=prtcct.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prttect]
Confirmed=X
Filename=prttect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!
Source=Paul Collins Startup list
[prutcct]
Confirmed=X
Filename=prutcct.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutdct]
Confirmed=X
Filename=prutdct.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutgct]
Confirmed=X
Filename=prutgct.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[pruthct]
Confirmed=X
Filename=pruthct.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prutict]
Confirmed=X
Filename=prutict.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prvtect]
Confirmed=X
Filename=prvtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[prxtect]
Confirmed=X
Filename=prxtect.exe
Description=Prutect malware from <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
Source=Paul Collins Startup list
[PS2]
Confirmed=U
Filename=ps2.exe
Description=Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list
[PSFree]
Confirmed=U
Filename=PSFree.exe
Description=<a href="http://www.panicware.com/product_psfree.html" target="_blank">Pop-Up Stopper Free</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Description=Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
Source=Paul Collins Startup list
[PsMFCard]
Confirmed=U
Filename=PsMFCard.exe
Description=Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use
Source=Paul Collins Startup list
[PSNotify]
Confirmed=Y
Filename=psnotify.exe
Description=<a href="http://www.pharos.com/Products/SignUp.asp" target="_blank">Pharos SignUp Vx</a> - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"
Source=Paul Collins Startup list
[PsPCCard]
Confirmed=Y
Filename=PsPCCard.EXE
Description=Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF)
Source=Paul Collins Startup list
[PspContr]
Confirmed=U
Filename=pspcontr.exe
Description=Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver
Source=Paul Collins Startup list
[PsSound]
Confirmed=U
Filename=PsSound.exe
Description=On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay
Source=Paul Collins Startup list
[PSTORES]
Confirmed=?
Filename=PSTORES.EXE
Description=<font color="#FF0000">Part of Windows Services Protected Storage?</font>
Source=Paul Collins Startup list
[ptfb]
Confirmed=N
Filename=ptfb.exe
Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
Source=Paul Collins Startup list
[ptrun32]
Confirmed=U
Filename=ptrun32.exe
Description=<a href="http://www.parent-tools.com/" target="_blank">Parent Tools</a> for AIM
Source=Paul Collins Startup list
[Ptsnoop]
Confirmed=N
Filename=Ptsnoop.exe
Description=These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see <a href="http://www.f-secure.com/v-descs/ptsnoop.shtml" target="_blank">here</a> for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's <a href="http://www.karenware.com/" target="_blank"> Snooper</a> - "logs the start and stop time of all programs run under Windows"
Source=Paul Collins Startup list
[pttrun]
Confirmed=U
Filename=pttrun.exe
Description=Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"
Source=Paul Collins Startup list
[PtUDFApp]
Confirmed=N
Filename=PtUDFApp.exe
Description=Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar
Source=Paul Collins Startup list
[Pure Networks Port Magic]
Confirmed=N
Filename=PortAOL.exe
Description=Pure Networks Port Magic, as available in the latest version of the AOL« 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See <a href="http://www.purenetworks.com/products/" target="_blank">here</a>
Source=Paul Collins Startup list
[Purgative]
Confirmed=U
Filename=PURGATIVE100.EXE
Description=AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
Source=Paul Collins Startup list
[Push Client]
Confirmed=N
Filename=pull.exe
Description=Client software from <a href="http://www.interwise.com/products/iCast.asp" target="_blank">Interwise</a> that MS use for their webcasts
Source=Paul Collins Startup list
[Push The Freakin' Button]
Confirmed=N
Filename=ptfb.exe
Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
Source=Paul Collins Startup list
[PUSH6599]
Confirmed=N
Filename=PUSH6599.EXE
Description=Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software
Source=Paul Collins Startup list
[PutA!!]
Confirmed=X
Filename=PutA!!.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.L" target="_blank">OPASERV.L</a> WORM!
Source=Paul Collins Startup list
[PutAS!]
Confirmed=X
Filename=PutA!!.com
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Z" target="_blank">OPASERV.Z</a> WORM!
Source=Paul Collins Startup list
[putil]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html" target="_blank">LDPINCH</a> TROJAN!
Source=Paul Collins Startup list
[PVR]
Confirmed=N
Filename=PVR.exe
Description=<a href="http://www.xemico.com/pvr/" target="_blank">Pocket Voice Recorder</a> - freeware sound recorder that records from microphone and any other input line available with your sound card
Source=Paul Collins Startup list
[Pwr32ctr]
Confirmed=X
Filename=Pwr32ctr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pwr32ctrl]
Confirmed=X
Filename=Pwr32ctrl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pwr32mgt]
Confirmed=X
Filename=Pwr32mgt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pwrmonit]
Confirmed=Y
Filename=Rundll32 PwrMonit.dll
Description=IBM's proprietary 'battery maximiser' and power monitoring software for laptops
Source=Paul Collins Startup list
[Pwroff]
Confirmed=X
Filename=Pwroff.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Pwrsave]
Confirmed=U
Filename=Pwrsave.exe
Description=Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
Source=Paul Collins Startup list
[Pwruplogin]
Confirmed=?
Filename=pulogin.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[PwrupTweakMe]
Confirmed=U
Filename=PUPXPTWK.EXE
Description="Ashampoo <a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0105" target="_blank">PowerUp XP</a> is a convenient tool for fine-tuning your Windows« NT4, 2000 and XP configuration to suit your precise needs and wishes. It gives you direct access to many frequently-required settings and parameters, enabling you to make your operating system behave the way you want." Boot-up options won't work if disabled
Source=Paul Collins Startup list
[PWS Tray]
Confirmed=U
Filename=PwsTray.exe
Description=Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs
Source=Paul Collins Startup list
[p_981116]
Confirmed=N
Filename=p_981116.exe
Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/groups?hl=en&threadm=OpHhSjpd%24GA.249%40cppssbbsa04&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN" target="_blank">here</a>
Source=Paul Collins Startup list
[Q152404]
Confirmed=N
Filename=wsript.exe Q152404.VBS
Description=Appears to run Scandisk at bootup on NEC PCs
Source=Paul Collins Startup list
[q36i36O]
Confirmed=X
Filename=lms2cenu.exe
Description=Added by the SECONDTHOUGHT VIRUS!
Source=Paul Collins Startup list
[QAGENT]
Confirmed=N
Filename=qagent.exe
Description=Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet
Source=Paul Collins Startup list
[qappsrvc32.exe]
Confirmed=X
Filename=qappsrvc32.exe
Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant - identified by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Proxy.Win32.Webber.m
Source=Paul Collins Startup list
[QBCD autorun]
Confirmed=N
Filename=autorun.exe
Description=Quick Books CD
Source=Paul Collins Startup list
[qbkupdbs]
Confirmed=X
Filename=mqbkup.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html" target="_blank">OPASERV.K</a> WORM!
Source=Paul Collins Startup list
[qbotd]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html" target="_blank">BOTTEN</a> TROJAN!
Source=Paul Collins Startup list
[qBrowse]
Confirmed=?
Filename=qbrowse.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[QBRSR]
Confirmed=X
Filename=QuickBrowser.exe
Description=top-banners.com adware
Source=Paul Collins Startup list
[QCTRAY]
Confirmed=U
Filename=Qctray.exe
Description=System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN
Source=Paul Collins Startup list
[QCWLICON]
Confirmed=U
Filename=Qcwlicon.exe
Description=Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off
Source=Paul Collins Startup list
[QD FastAndSafe]
Confirmed=N
Filename=QDCSFS.exe
Description=Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually
Source=Paul Collins Startup list
[QDM]
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Source=Paul Collins Startup list
[QDMStart]
Confirmed=U
Filename=QdmStart.exe
Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Description=<a href="http://www.qurb.com/" target="_blank">Qurb 2.0</a> anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs
Source=Paul Collins Startup list
[QQ]
Confirmed=X
Filename=sendmess.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.semes.html" target="_blank">SEMES</a> TROJAN!
Source=Paul Collins Startup list
[QSort2000]
Confirmed=N
Filename=QSORT.EXE
Description=Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name"
Source=Paul Collins Startup list
[QT4HPOT]
Confirmed=U
Filename=OneTouch.exe
Description=Hewlett Packard One Touch keyboard driver. Required if you use the additional keys
Source=Paul Collins Startup list
[QTaskStartup]
Confirmed=U
Filename=qtask.exe
Description=Feature of Quicken.com Brokerage to customize and display <a href="http://www.quicken.com/support/investments/email/help/?desktop.q.howdoi&pop" target="_blank">Desktop Alerts</a> and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature
Source=Paul Collins Startup list
[QTSTUB.EXE]
Confirmed=N
Filename=Qtstub.exe
Description=Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders
Source=Paul Collins Startup list
[QTSvc]
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[QTSvc]
Confirmed=X
Filename=ssvr.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[qttask]
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Source=Paul Collins Startup list
[QUBCity]
Confirmed=?
Filename=qtp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Queensla]
Confirmed=?
Filename=Queensla.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Quick Controls]
Confirmed=U
Filename=Astrotoolbar.exe
Description=Gateway Astro Screen and Sound Controls tray icon
Description=Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99
Source=Paul Collins Startup list
[Quick Startup]
Confirmed=Y
Filename=Fquick32.exe
Description=For a <a href="http://www.nisis.com/index.html" target="_blank">Nisis G6 USB Graphics Tablet</a>. Re-enables itself if disabled therefore best left alone
Source=Paul Collins Startup list
[Quick View Plus]
Confirmed=N
Filename=QVP32.EXE
Description=Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
Source=Paul Collins Startup list
[QuickBooks Delivery Agent]
Confirmed=N
Filename=QBDAGENT.EXE
Description=As far QAGENT but for QuickBooks. Can also have the version number in the name
Source=Paul Collins Startup list
[Quickbooks Update Agent]
Confirmed=N
Filename=qbupdate.exe
Description=Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
Source=Paul Collins Startup list
[QuickCamPro]
Confirmed=U
Filename=QuickCamPro.exe
Description=System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>!
Description=Quicken option to load DLLs at startup
Source=Paul Collins Startup list
[QuickenSEMessage]
Confirmed=N
Filename=Qsemsg.exe
Description=Quicken option
Source=Paul Collins Startup list
[QuickFinder Scheduler]
Confirmed=N
Filename=QFSCHD100.exe
Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list
[QuickFinder Scheduler]
Confirmed=N
Filename=QFSched.exe
Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
Source=Paul Collins Startup list
[QuickLaunchEr]
Confirmed=Y
Filename=QuickLaunchEr.Exe
Description=<a href="http://www.rikster.co.uk/QuickLauncher.htm" target="_blank">QuickLaunchEr</a> - allows you to quickly launch programs from an icon in the system tray
Source=Paul Collins Startup list
[Quicklink III]
Confirmed=N
Filename=QL.EXE
Description=HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs
Description=Smart card-based authentication and digital signature client software
Source=Paul Collins Startup list
[QuickRes]
Confirmed=N
Filename=QUICKRES.EXE
Description=Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis
Source=Paul Collins Startup list
[quickset]
Confirmed=N
Filename=quickset.exe
Description=Dell taskbar icon allowing you to quickly change settings
Source=Paul Collins Startup list
[Quicktime Mediaplayer]
Confirmed=X
Filename=winmplyer32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpm.html" target=_blank>RBOT-PM</a> WORM!
Source=Paul Collins Startup list
[Quicktime Pro 3.0]
Confirmed=X
Filename=winuodps.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bh.html" target="_blank">GAOBOT.BH</a> WORM!
Source=Paul Collins Startup list
[QuickTime Task]
Confirmed=N
Filename=Qttask.exe
Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Description=Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)
Source=Paul Collins Startup list
[QuicktimeMngr]
Confirmed=X
Filename=QUICKTIMEMNGR.EXE
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.AW" target="_blank">WOOTBOT.AW</a> WORM!
Source=Paul Collins Startup list
[Quicktlme]
Confirmed=X
Filename=ru.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[QuickTV]
Confirmed=U
Filename=QuickTV.exe
Description=Infra-red remote control driver for the <a href="http://www.aver.com/products/tvtuner_AVerTV_studio.shtml" target="_blank"> AVerTV Studio</a> TV tuner/personal video recoder from AVerMedia. Required if you use the remote control
Source=Paul Collins Startup list
[Quickzip]
Confirmed=X
Filename=Ls.exe
Description=MsConnect browser hijacker and dialler
Source=Paul Collins Startup list
[QuickZip]
Confirmed=X
Filename=lu.exe
Description=MsConnect browser hijacker and dialler
Description=Added by the <a href="http://www.avp.ch/avpve/trojan/backdoor/ra.stm" target="_blank">RA</a> TROJAN!
Source=Paul Collins Startup list
[RabbitWannaHome]
Confirmed=X
Filename=rabbit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.s@mm.html" target="_blank">MIMAIL.S</a> WORM!
Source=Paul Collins Startup list
[Rabo Session Monitor]
Confirmed=Y
Filename=RaboSessionMon.exe
Description=Related to <a href="http://www.rabobank.com/" target="_blank">RaboBank</a> electronic banking software
Source=Paul Collins Startup list
[RadarSync]
Confirmed=N
Filename=RadarSync.exe
Description=Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
Source=Paul Collins Startup list
[RadBoot]
Confirmed=U
Filename=RadBoot.exe
Description=RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
Source=Paul Collins Startup list
[RadioSvr]
Confirmed=U
Filename=RadioSvr.EXE
Description=Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
Source=Paul Collins Startup list
[RAMASST]
Confirmed=U
Filename=RAMASST.exe
Description=Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
Source=Paul Collins Startup list
[RamBooster2]
Confirmed=X
Filename=rb.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.akak.html" target="_blank">AKAK</a> TROJAN!
Source=Paul Collins Startup list
[RAMDef]
Confirmed=U
Filename=ramdef.exe
Description=<a href="http://vstef.softnews.ro/ramdef.php" target="_blank">Ram Def Xtreme</a> - monitors and defragments your system RAM to improve reliability and speed. Some users swear by programs such as this but I suggest you read <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[RamIdle]
Confirmed=U
Filename=ramidle.exe
Description=<a href="http://www.tweaknow.com/ramidl.html" target="_blank">RAM Idle</a> - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." Some users swear by programs such as this but I suggest you read <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[RAMpage]
Confirmed=U
Filename=RAMpage.exe
Description=Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
Source=Paul Collins Startup list
[Randex virus built for IRBMe]
Confirmed=X
Filename=irbme.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.rh.html" target="_blank">RANDEX.RH</a> WORM!
Source=Paul Collins Startup list
[RandomWin32]
Confirmed=X
Filename=mgnwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdv.html" target=_blank>SDBOT-DV</a> WORM!
Source=Paul Collins Startup list
[RapApp]
Confirmed=Y
Filename=RAPAPP.EXE
Description=Application protection component of <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
Source=Paul Collins Startup list
[Rapid Restore]
Confirmed=U
Filename=rrpcsb.exe
Description=<a href="http://www.xpointdirect.com/jp/IBMRRPC/XPRRPC_why.asp" target="_blank">XPoint</a> "Rapid Restore PC" - a "Managed RecoveryÖ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"
Description=<a href="http://www.symantec.com/" target="_blank">Symantec</a> VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking
Source=Paul Collins Startup list
[RasCon Remote Access Service Manager]
Confirmed=X
Filename=rasmngr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EM&VSect=T" target="_blank">SPYBOT.EM</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.E@mm.html" target="_blank">BEAGLE.E</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.f@mm.html" target="_blank">BEAGLE.F</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.g@mm.html" target="_blank">BEAGLE.G</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.h@mm.html" target="_blank">BEAGLE.H</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html" target="_blank">BEAGLE.I</a> WORMS!
Source=Paul Collins Startup list
[rate.exe]
Confirmed=X
Filename=********.exe [* = random char]
Description=Unidentified adware
Source=Paul Collins Startup list
[RAV8Tray]
Confirmed=Y
Filename=ravtray8.exe
Description=<a href="http://www.ravantivirus.com/index.php" target="_blank">RAV</a> anti-virus related
Source=Paul Collins Startup list
[RAVEN_VLZS.EXE]
Confirmed=X
Filename=RAVEN_VLZS.EXE
Description=Another eAcceleration program - spyware. Read their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html" target="_blank">WULLIK.B</a> WORM!
Source=Paul Collins Startup list
[RavTimXP]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html" target="_blank">WULLIK.B</a> WORM!
Source=Paul Collins Startup list
[rav_temp.exe]
Confirmed=?
Filename=rav_temp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Ray Process Killer]
Confirmed=N
Filename=Prkill.exe
Description=<a href="http://www.delphi32.com/vcl/4248/" target="_blank">Ray Process Killer</a> - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead
Source=Paul Collins Startup list
[rb32 lptt01]
Confirmed=X
Filename=rb32.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[rb32 ml097e]
Confirmed=X
Filename=rb32.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[rbenh ml***e]
Confirmed=X
Filename=rbenh.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "RBEnhance" folder in Program Files) where *** represents random digits. It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[Rcf Driver]
Confirmed=X
Filename=rcf.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bld.html" target="_blank">RANDEX.BLD</a> WORM!
Source=Paul Collins Startup list
[RCScheduleCheck]
Confirmed=U
Filename=RCSCHED.EXE
Description=Scheduler for VCOM's <a href="http://www.v-com.com/product/Recovery_Commander_Home.html" target="_blank">Recovery Commander</a> - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
Source=Paul Collins Startup list
[RCSync]
Confirmed=X
Filename=RCSync.exe
Description=PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
Source=Paul Collins Startup list
[RDClient]
Confirmed=U
Filename=RDCLIENT.EXE
Description=<a href="http://www.twiga.ltd.uk/rdu.asp" target="_blank">Remote Disconnection Utility</a> from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
Source=Paul Collins Startup list
[RDLL]
Confirmed=X
Filename=RunDll16.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.f.html" target="_blank">SDBOT.F</a> TROJAN!
Source=Paul Collins Startup list
[rdvs]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&VSect=T" target="_blank"> ULTIMAX</a> WORM!
Source=Paul Collins Startup list
[Reactor3]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html" target=_blank>BOFRA.A</a> WORM!
Source=Paul Collins Startup list
[Reactor5]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html" target=_blank>BOFRA.D</a> WORM!
Source=Paul Collins Startup list
[Reactor6]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html" target=_blank>BOFRA.C</a> WORM!
Source=Paul Collins Startup list
[Reactor7]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html" target=_blank>BOFRA.B</a> WORM!
Source=Paul Collins Startup list
[Reactor8]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html" target=_blank>BOFRA.E</a> WORM!
Source=Paul Collins Startup list
[Reactor9]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html" target=_blank>BOFRA.E</a> WORM!
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Real player updater]
Confirmed=X
Filename=realupd.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> TROJAN!
Source=Paul Collins Startup list
[Real-Tens]
Confirmed=X
Filename=Real-Tens.exe
Description=<a href="http://www.doxdesk.com/parasite/DownloadWare.html" target="_blank">DownloadWare</a> based advetising spyware
Source=Paul Collins Startup list
[RealAudio]
Confirmed=X
Filename=RealAudio.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.ceegar.html" target=_blank>CEEGAR</a> TROJAN! Note - this is not associated with the popular <a href="http://www.real.com/" target=_blank>RealPlayer</a> media player
Source=Paul Collins Startup list
[RealDownload]
Confirmed=N
Filename=RealPlay.exe
Description=Download manager. Available via Start -> Programs
Source=Paul Collins Startup list
[RealDownload Express]
Confirmed=X
Filename=npnzdad.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[Reality Fusion GameCam SE]
Confirmed=N
Filename=RFTRay.exe
Description=System Tray access for Logitech's Reality Fusion GameCam. For more details see <a href="http://www.realityfusion.com/gamecam/bethere.html" target="_blank">here</a>. Available via Start -> Programs
Source=Paul Collins Startup list
[RealJukeboxSystray]
Confirmed=N
Filename=tsystray.exe
Description=System Tray icon for RealJukebox
Source=Paul Collins Startup list
[realone_nt2003]
Confirmed=X
Filename=moniker.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.snone.a.html" target="_blank">SNONE.A</a> WORM!
Source=Paul Collins Startup list
[realplay lptt01]
Confirmed=X
Filename=realplay.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list
[realplay ml097e]
Confirmed=X
Filename=realplay.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>. Note - this is not RealPlayer which can have the same executable name
Source=Paul Collins Startup list
[Realplayer One]
Confirmed=X
Filename=realplay.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnk.html" target=_blank>RBOT-NK</a> WORM!
Source=Paul Collins Startup list
[Realpopup]
Confirmed=?
Filename=Realpopup.exe
Description=<a href="http://www.realpopup.it/" target="_blank">RealPopup</a> - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"
Source=Paul Collins Startup list
[Realsched]
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
Source=Paul Collins Startup list
[Realtime Audio Engine]
Confirmed=?
Filename=mmrtkrnl.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Realtime Monitor]
Confirmed=Y
Filename=realmon.exe
Description=Realtime scanner part of <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates
Source=Paul Collins Startup list
[RealTimeUpdate]
Confirmed=?
Filename=RealTimeUpdate.exe
Description=<font color="#FF0000">Product description in properties is "InternetExplorerCommunicationAgent Module" ?</font>
Source=Paul Collins Startup list
[RealTray]
Confirmed=N
Filename=RealPlay.exe
Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Source=Paul Collins Startup list
[RealUpdater]
Confirmed=X
Filename=realupd.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.i.html" target="_blank">MITGLIEDER.I</a> TROJANS!
Source=Paul Collins Startup list
[Reboot]
Confirmed=N
Filename=Reboot.exe
Description=MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
Source=Paul Collins Startup list
[Recguard]
Confirmed=Y
Filename=recguard.exe
Description=On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
Description=Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
Source=Paul Collins Startup list
[RecoverFromReboo]
Confirmed=?
Filename=RECOVE~1.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RecoverFromReboo]
Confirmed=?
Filename=RecoverFromReboot.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RecoverFromReboot]
Confirmed=?
Filename=RECOVE~1.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RecoverFromReboot]
Confirmed=?
Filename=RecoverFromReboot.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RecShe]
Confirmed=N
Filename=RecSche.exe
Description=Recording scheduler for WatchTV Capture Card (TV Tuner card)
Source=Paul Collins Startup list
[RecycleSTR]
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottc.html" target=_blank>RBOT-TC</a> WORM!
Source=Paul Collins Startup list
[Red Flag]
Confirmed=N
Filename=redflag.exe
Description=PMS prediction program with modes for guys and girls - no longer available
Source=Paul Collins Startup list
[Red Swoosh EDN Client]
Confirmed=X
Filename=RSEDNClient.exe
Description=<a href="http://www.redswoosh.com/" target="_blank">Red Swoosh</a> - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently. Note from the <a href="http://www.redswoosh.com/rsednclient_eula.phtml" target="_blank">license agreement</a> they automatically update the software and share non-personally identifiable information with others in the network
Source=Paul Collins Startup list
[redirect]
Confirmed=X
Filename=redirect*.exe
Description=Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
Source=Paul Collins Startup list
[Redline Taskbar]
Confirmed=N
Filename=taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list
[REEGRUN]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI" target=_blank>SECDROP.AI</a> TROJAN
Source=Paul Collins Startup list
[Referee]
Confirmed=U
Filename=referee.exe
Description=<a href="http://www.mc1soft.com/" target="_blank">MediaComm's</a> monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
Source=Paul Collins Startup list
[Refresh]
Confirmed=N
Filename=Refresh.exe
Description=(Iomega) Refresh - loads the Iomega desktop icons at startup
Description=Related to <a href="http://www.supanet.com/" target=_blank>Supanet</a> ISP software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[Reg Service]
Confirmed=X
Filename=winsy.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Reg Services]
Confirmed=X
Filename=Winboot32.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.PB" target="_blank">RBOT.PB</a> WORM!
Source=Paul Collins Startup list
[reg1.reg]
Confirmed=X
Filename=vuamgard.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[Reg32]
Confirmed=X
Filename=Reg32.exe
Description=Hijacker - redirecting to only-virgins.com
Source=Paul Collins Startup list
[reg32]
Confirmed=X
Filename=reg32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.noupdate.b.html" target="_blank">NOUPDATE.B</a> TROJAN!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A" target="_blank">CYBRSPY.13A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13B target="_blank">CYBRSPY.13B</a> TROJANS!
Source=Paul Collins Startup list
[RegCleaner]
Confirmed=X
Filename=SYSio32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware
Source=Paul Collins Startup list
[RegCompres]
Confirmed=X
Filename=Regcpm32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html" target="_blank">POLDO.B</a> TROJAN!
Source=Paul Collins Startup list
[RegCompres]
Confirmed=X
Filename=REGCPM32.EXE
Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=" target="_blank">here</a>. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return
Source=Paul Collins Startup list
[Regcxn]
Confirmed=X
Filename=Regcxn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcoiboad.html" target=_blank>COIBOA-D</a> TROJAN!
Source=Paul Collins Startup list
[RegDone]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDone]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDone Ex]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[RegDoneEx]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[regedit]
Confirmed=X
Filename=regedit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.brid.a@mm.html" target="_blank">BRID.A</a> WORM! Note - resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). The valid "regedit.exe" resides in C:\Windows (Win9x/Me/XP) or C:\Winnt (WinNT/2K)
Source=Paul Collins Startup list
[REGEDIT]
Confirmed=X
Filename=Regsrv32.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html" target="_blank">SOUTHGHOST</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotms.html" target=_blank>SDBOT-MS</a> WORM!
Source=Paul Collins Startup list
[reginfo32]
Confirmed=?
Filename=reginfo32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Register MediaRing Talk]
Confirmed=N
Filename=register.exe
Description=If you don't want to register MediaRing and be reminded about it every bootup disable it
Source=Paul Collins Startup list
[Register SeqChk]
Confirmed=?
Filename=regsvr32.exe ..csseqchk.dll
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RegisterDropHandler]
Confirmed=U
Filename=REGIST~1.EXE
Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found <a href="http://www.nvdi.com/whertra/w950812.htm" target="_blank">here</a>. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Source=Paul Collins Startup list
[Registration-Studio 8]
Confirmed=N
Filename=RegTool.exe
Description=Registration for <a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=577&Langue_ID=2" target="_blank"> Pinnacle Studio Version 8</a> home video software from Pinnacle Systems
Source=Paul Collins Startup list
[Registry]
Confirmed=X
Filename=wscript.exe
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_VBSWG.AQ" target="_blank">VBSWG.AQ</a> WORM!
Source=Paul Collins Startup list
[Registry Checkup]
Confirmed=X
Filename=winreg.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Registry Loader]
Confirmed=X
Filename=regloadr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Registry Loader]
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Registry Scanner]
Confirmed=X
Filename=regscanr.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
Source=Paul Collins Startup list
[Registry Server]
Confirmed=X
Filename=regsrv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgm.html" target=_blank>RBOT-GM</a> WORM!
Source=Paul Collins Startup list
[Registry Services]
Confirmed=X
Filename=Registry.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.downloader.cile.html" target="_blank">DOWNLOADER.CILE</a> TROJAN!
Source=Paul Collins Startup list
[Registry System16 Checkup Monitor]
Confirmed=X
Filename=SystemReg16.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[RegistryChk]
Confirmed=X
Filename=winbackup.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mertian.worm.html" target="_blank">MERTIAN</a> WORM!
Source=Paul Collins Startup list
[RegistryMechanic]
Confirmed=U
Filename=RegMech.exe
Description=<a href="http://www.winguides.com/regmech/" target="_blank">Registry Mechanic for Windows</a> - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
Description=<a href="http://www.diamondcs.com.au/web/htm/regprot.htm" target="_blank">RegistryProt</a> from Diamond Computer Systems - protects the system registry against changes
Source=Paul Collins Startup list
[RegRun]
Confirmed=X
Filename=mActiveX.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Regrun2]
Confirmed=Y
Filename=WatchDog.exe
Description=Greatis Software's <a href="http://www.greatis.com/regrun3.htm" target="_blank">RegRun 3</a> Security Suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc
Source=Paul Collins Startup list
[regservices.exe]
Confirmed=X
Filename=regservices.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[RegShave]
Confirmed=N
Filename=regshave.exe
Description=Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
Source=Paul Collins Startup list
[regsrv]
Confirmed=X
Filename=regsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.11" target="_blank">OPTIXPRO.11</a> TROJAN!
Source=Paul Collins Startup list
[Regsv]
Confirmed=X
Filename=regsv.exe
Description=Search hijacker - redirecting to scheo.com
Source=Paul Collins Startup list
[regsvc32]
Confirmed=X
Filename=regsvc32.exe
Description=Homepage hijacker that changes your homepage to an adult content site
Source=Paul Collins Startup list
[regsvr]
Confirmed=X
Filename=regsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwebmoneyg.html" target=_blank>WEBMONEY-G</a> TROJAN!
Source=Paul Collins Startup list
[REGSVR32]
Confirmed=U
Filename=regsvr32.exe ctasio.dll
Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=60&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
Source=Paul Collins Startup list
[regtmlp]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RegTweak]
Confirmed=U
Filename=RegTwk.exe
Description=<a href="http://www.rage3d.com/r3dtweak/" target="_blank">Rage3d Tweak</a> - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
Source=Paul Collins Startup list
[RegVer]
Confirmed=X
Filename=REGVER.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.16" target="_blank">LATINUS.16</a> TROJAN!
Source=Paul Collins Startup list
[RegWrite]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokacaps.html" target="_blank">SOKACAPS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Regx10EXE]
Confirmed=U
Filename=atix10.exe
Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote Wonder</a> - PC wireless remote control
Source=Paul Collins Startup list
[reg_key]
Confirmed=X
Filename=FUKULAMER.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ah@mm.html" target="_blank">BEAGLE.AH</a> WORM!
Source=Paul Collins Startup list
[reg_key]
Confirmed=X
Filename=loader_name.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.y@mm.html" target="_blank">BEAGLE.Y</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.z@mm.html" target="_blank">BEAGLE.Z</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.aa@mm.html" target="_blank">BEAGLE.AA</a> WORMS!
Source=Paul Collins Startup list
[Reg_WFT]
Confirmed=X
Filename=Regsysw.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wilsef.html" target="_blank">WILSEF</a> VIRUS!
Source=Paul Collins Startup list
[ReleaseRAM]
Confirmed=U
Filename=RRAM.exe
Description="<a href="http://www.releaseram.com/" target="_blank">Release RAM</a> allows your computer to run faster and uses your computer's RAM more efficiently". Some users swear by programs such as this but I suggest you read <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
Source=Paul Collins Startup list
[reload]
Confirmed=X
Filename=reload.vbs
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
Source=Paul Collins Startup list
[RemHelp]
Confirmed=N
Filename=Remhelp.exe
Description=BT Voyager ADSL Modem Help related
Source=Paul Collins Startup list
[Reminder]
Confirmed=N
Filename=reminder.exe
Description=From MS Money. Reminds you of your bills
Source=Paul Collins Startup list
[Reminder]
Confirmed=N
Filename=Remind_XP.exe
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list
[Reminder-cpqXXXXX]
Confirmed=N
Filename=remind32.exe
Description=Compaq printer Registration
Source=Paul Collins Startup list
[Reminder-hpcXXXXX]
Confirmed=N
Filename=remind32.exe
Description=HP CD-Writer Registration
Source=Paul Collins Startup list
[Reminder-ranXXXXX]
Confirmed=N
Filename=remind32.exe
Description=Registration reminder widget for Rand Mcnally maps
Source=Paul Collins Startup list
[reminder-ScanSoft Product Registration]
Confirmed=N
Filename=remind32.exe
Description=Registration reminder for ScanSoft products such as PaperPort
Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
Source=Paul Collins Startup list
[Remndr]
Confirmed=X
Filename=CsRemnd.exe
Description=CasinoOnline foistware
Source=Paul Collins Startup list
[Remote Access]
Confirmed=U
Filename=rnaapp.exe
Description=Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
Source=Paul Collins Startup list
[Remote Access Slave]
Confirmed=X
Filename=Synchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ripjac.html" target="_blank">RIPJAC</a> TROJAN!
Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZENworks</a> - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation
Source=Paul Collins Startup list
[remote master]
Confirmed=U
Filename=remote master.exe
Description=Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
Source=Paul Collins Startup list
[Remote Procedure Call]
Confirmed=X
Filename=winrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkm.html" target="_blank">RBOT-KM</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Call]
Confirmed=X
Filename=winsysrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotps.html" target="_blank">SDBOT-PS</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Call For Windows 32bit]
Confirmed=X
Filename=rpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmd.html" target="_blank">RBOT-MD</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Call Locator]
Confirmed=X
Filename=RUNDLL32.EXE reg678.dll ondll_reg
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Confirmed=X
Filename=mswinrpc.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.KJ" target="_blank">RBOT.KJ</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Confirmed=X
Filename=mswinc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotit.html" target=_blank>RBOT-IT</a> WORM!
Source=Paul Collins Startup list
[Remote Procedure Calls]
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqi.html" target=_blank>SDBOT-QI</a> WORM!
Source=Paul Collins Startup list
[Remote Update Monitor]
Confirmed=Y
Filename=imonitor.exe
Description=<a href="http://www.sophos.com/products/sav/" target=_blank>Sophos</a> Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer
Source=Paul Collins Startup list
[RemoteAgent]
Confirmed=Y
Filename=RAUAgent.exe
Description=Trend Micro's Office Scan Client, see <a href="http://www.trendmicro-europe.com/relax/uk/" target=_blank>here</a> - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"
Source=Paul Collins Startup list
[RemoteCenter]
Confirmed=U
Filename=RcMan.exe
Description=Remote control for Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank">MediaSource</a> - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
Source=Paul Collins Startup list
[RemoteControl]
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[RemoteControl]
Confirmed=U
Filename=PDVDServ.exe
Description=Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[Remote_Agent]
Confirmed=N
Filename=RemoteAgent.exe
Description=<a href="http://www.cyberlink.com" target="_blank">Cyberlink Power VCR II 3.0</a> is a TV tuner recording utility. If you want to schedule recordings, you will need this, otherwise can be disabled. Available via Start -> Programs
Source=Paul Collins Startup list
[Removecpl]
Confirmed=N
Filename=Removecpl.exe
Description=Related to a Belkin 54Mbps Wireless Utility Control Panel applet
Source=Paul Collins Startup list
[Removed.exe]
Confirmed=X
Filename=Removed.exe
Description=GatorCheat - adware downloader
Source=Paul Collins Startup list
[RemStart]
Confirmed=?
Filename=remstart.exe
Description=Part of McAfee's Remote Desktop 32 Agent application. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[RenolB]
Confirmed=?
Filename=ib.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[RepliGo Assistant]
Confirmed=U
Filename=RepliGoMon.exe
Description=Cerience <a href="http://www.cerience.com/docs/ppc/docs/index.htm" target="_blank"> RepliGo</a> software - "any document you have on your PC can be transferred to your mobile device"
Source=Paul Collins Startup list
[ReproPRD]
Confirmed=U
Filename=PrdUsb.exe
Description=Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work
Source=Paul Collins Startup list
[requester]
Confirmed=X
Filename=requester.5.exe
Description=Adware downloader, identified as TrojanProxy.Win32.Delf.h
Source=Paul Collins Startup list
[requester]
Confirmed=X
Filename=requester.5.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41000" target=_blank>MUQUEST.A</a> TROJAN!
Source=Paul Collins Startup list
[requester]
Confirmed=X
Filename=requester.6.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41000" target=_blank>MUQUEST.A</a> TROJAN!
Source=Paul Collins Startup list
[requester]
Confirmed=X
Filename=requester.8.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41000" target=_blank>MUQUEST.A</a> TROJAN!
Source=Paul Collins Startup list
[Resolution Assistant]
Confirmed=N
Filename=matcli.exe
Description=Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[Resource Meter]
Confirmed=N
Filename=rsrcmtr.exe
Description=Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
Source=Paul Collins Startup list
[Restart Watch]
Confirmed=?
Filename=Watch.exe
Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> Diva ISDN or ADSL modem. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Restart WSC Setting]
Confirmed=U
Filename=wscrestp.exe
Description=WinStart Commander - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes
Source=Paul Collins Startup list
[Restart_VS]
Confirmed=?
Filename=Viewsonic.exe
Description=Could be a left-over from the installation of a Viewsonic flat panel display
Source=Paul Collins Startup list
[RestoreIT!]
Confirmed=Y
Filename=VBPTASK.EXE
Description=<a href="http://www.farstone.com/home/en/html/productsvbp.htm" target="_blank">RestoreIT!</a> from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure."
Source=Paul Collins Startup list
[restory]
Confirmed=X
Filename=restory.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html" target="_blank">RETSAM</a> TROJAN!
Source=Paul Collins Startup list
[Resume Copy]
Confirmed=U
Filename=copyfstq.exe
Description=Part of <a href="http://ranvik.net/totalcopy/" target="_blank">Total Copy</a> - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function
Source=Paul Collins Startup list
[ResumeFixClocks]
Confirmed=U
Filename=resumefix.exe
Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> utility for overclocking ATI Radeon graphics cards
Source=Paul Collins Startup list
[retime]
Confirmed=X
Filename=retime.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html" target="_blank">GIPMA</a> TROJAN!
Source=Paul Collins Startup list
[RetrieverScheduler]
Confirmed=U
Filename=retrieverscheduler.exe
Description=<a href="http://www.80-20.com/products/one-search/retriever.asp" target="_blank">80-20 Retriever</a> from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
Source=Paul Collins Startup list
[RevoTaskbarApp]
Confirmed=U
Filename=RevoTask.exe
Description=Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
Source=Paul Collins Startup list
[RexSyMon]
Confirmed=N
Filename=rexsymon.exe
Description=Intellisync for REX sychronization software for <a href="http://support.intel.com/support/peripherals/xc/pda/" target="_blank">Xircom REX MicroPDAs</a> for sharing information between the PDA and PC
Source=Paul Collins Startup list
[rfagent]
Confirmed=U
Filename=rfagent.exe
Description=<a href="http://www.rosecitysoftware.com/reg1aid/" target="_blank">Registry First Aid</a> - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
Source=Paul Collins Startup list
[RFTray]
Confirmed=X
Filename=RFTRay.exe
Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
Description=A browser plugin called the RichFX player. <a href="http://download.richfx.com/player/uninstall.exe">Here</a> is a link to download RichFX's solution to removing the auto upgrade
Source=Paul Collins Startup list
[RH]
Confirmed=U
Filename=rh32.exe
Description=EuroFonts - adds Euro symbols to pre-Euro computers
Source=Paul Collins Startup list
[Rhino]
Confirmed=X
Filename=[random name]32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html" target=_blank>BOFRA.A</a> WORM!
Description=<a href="http://www.rogershelp.com/help/content/download/software/softwareinfo.shtml" target="_blank">Rogers Hi-Speed Internet</a> software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"
Source=Paul Collins Startup list
[Ring Central Fax]
Confirmed=U
Filename=rcenterrll.exe
Description=Only needed if you want a PC to answer faxes automatically
Source=Paul Collins Startup list
[rIOphosIs]
Confirmed=X
Filename=rIOPHosIs.vBS
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html" target="_blank">RIOSYS</a> MACRO!
Source=Paul Collins Startup list
[RivaTuner]
Confirmed=U
Filename=RivaTuner.exe
Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list
[RivaTunerStartupDaemon]
Confirmed=U
Filename=RivaTuner.exe
Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
Source=Paul Collins Startup list
[RjLyraInstaller]
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[rmctrl]
Confirmed=U
Filename=rmctrl.exe
Description=Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
Source=Paul Collins Startup list
[rmmon]
Confirmed=N
Filename=mprmmon.exe
Description=Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card
Source=Paul Collins Startup list
[RMremote]
Confirmed=?
Filename=RmRemote.exe
Description=Remote control driver for <a href="http://www.sigmadesigns.com/products/xcard.htm" target="_blank">REALmagic Xcard</a>.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[rn4d]
Confirmed=X
Filename=dirote.exe
Description=Added by the <a href="http://nl.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59312&VName=BKDR_MAROON.A&VSect=O" target=_blank>BKDR_MAROON.A</a> TROJAN!
Source=Paul Collins Startup list
[RNBOStart]
Confirmed=U
Filename=sentstrt.exe
Description=Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools
Source=Paul Collins Startup list
[rndll2]
Confirmed=?
Filename=rndll2.exe
Description=<font color="#FF0000">May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?</font>
Source=Paul Collins Startup list
[rngmf]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html" target="_blank">RANKY.C</a> TROJAN!
Source=Paul Collins Startup list
[RoboForm]
Confirmed=N
Filename=RoboTaskBarIcon.exe
Description=Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
Source=Paul Collins Startup list
[RoboFormWatcher]
Confirmed=N
Filename=RoboFormWatcher.exe
Description=<a href="http://www.siber.com/roboform/" target="_blank">AI Roboform</a> from Siber Systems. Automatically completes web forms. Available via Start -> Programs
Source=Paul Collins Startup list
[Rocket.Time]
Confirmed=U
Filename=RocketTime.exe
Description=Time synchronization software from <a href="http://www.rocketsoftware.com/products/download.htm" target="_blank">Rocket Software</a>
Description=Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually
Source=Paul Collins Startup list
[Roxio Engine]
Confirmed=?
Filename=MSMNGR32.EXE
Description=<font color="#FF0000">Not believed to be a valid Roxio program - more likely a variant on the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank"> WOMANIZ.A</a> TROJAN!</font>
Source=Paul Collins Startup list
[RoxioAudioCentral]
Confirmed=N
Filename=RxMon.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.
Source=Paul Collins Startup list
[RoxioDragToDisc]
Confirmed=N
Filename=DrgToDsc.exe
Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
Source=Paul Collins Startup list
[RoxioEngineUtility]
Confirmed=Y
Filename=EngUtil.exe
Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Source=Paul Collins Startup list
[RP32]
Confirmed=U
Filename=rp32.exe
Description=<a href="http://" target="_blank">ControlIT</a> (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems.
Source=Paul Collins Startup list
[RPC]
Confirmed=X
Filename=MSschost.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
Source=Paul Collins Startup list
[RPC Patcher]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html" target="_blank">BOLGI</a> WORM!
Source=Paul Collins Startup list
[RPCSS.exe]
Confirmed=Y
Filename=rpcss.exe
Description=Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see <a href="http://www.cexx.org/rpc.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[RRMedic]
Confirmed=X
Filename=rrmedic.exe
Description=Troubleshooting utility for the <a href="http://www.rr.com/rdrun/" target="_blank">RoadRunner</a> cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
Source=Paul Collins Startup list
[rscmpt]
Confirmed=U
Filename=rscmpt.exe
Description=Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see <a href="http://www.guru3d.com/comments.php?category=1&id=673" target="_blank">here</a>. High CPU useage results - hence the U status
Source=Paul Collins Startup list
[rsMenu]
Confirmed=U
Filename=rsMenu.exe
Description=Synchronizes a Casio PDA with MS Outlook
Source=Paul Collins Startup list
[RSPC Driver]
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsn.html" target=_blank>RBOT-SN</a> WORM!
Source=Paul Collins Startup list
[RSPC Driver D]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Description=Real-time virus scanner component of Norton Anti-Virus Corporate Edition
Source=Paul Collins Startup list
[Ruby13]
Confirmed=X
Filename=Ruby13.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mexer.e" target="_blank">MEXER.E</a> WORM!
Source=Paul Collins Startup list
[Ruby14]
Confirmed=X
Filename=Ruby14.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fightruba.html" target=_blank>FIGHTRUB-A</a> WORM!
Source=Paul Collins Startup list
[RuLaunch]
Confirmed=U
Filename=RuLaunch.exe
Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Source=Paul Collins Startup list
[Run MSupdt32]
Confirmed=X
Filename=wscript MSupdt32.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.caser@mm.html" target="_blank">CASER</a> WORM!
Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list
[Run TaskMrg]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchw.html" target=_blank>LDPINCH-W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Run XP Service Pack]
Confirmed=X
Filename=xpservicepack.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=51815" target="_blank">SDBOT.AQA</a> WORM!
Source=Paul Collins Startup list
[run32dll]
Confirmed=X
Filename=WINClock.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[run32dll]
Confirmed=X
Filename=task32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Run32dll]
Confirmed=X
Filename=ocxdll.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[run=]
Confirmed=N
Filename=cmmpu.exe
Description=MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
Source=Paul Collins Startup list
[run=]
Confirmed=N
Filename=hpfsched
Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
Source=Paul Collins Startup list
[run=]
Confirmed=N
Filename=lxdboxcp.exe
Description=Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
Source=Paul Collins Startup list
[run=]
Confirmed=N
Filename=pcfix2k.exe
Description=pcfix2k splash screen
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=ptlseq.cpl
Description=PhoenixNet BIOS adware. See <a href="http://www.cexx.org/phoenix.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[run=]
Confirmed=U
Filename=ramsys.exe
Description=<a href="http://www.rayslab.com/startup_manager/startup_manager.html" target="_blank">Advanced Startup Manager</a> from Rays Lab
Description=Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs
Source=Paul Collins Startup list
[run=]
Confirmed=?
Filename=win.ini
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=RAVMOND.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=real.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=dec25.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html" target=_blank>ATAK.F</a> WORM!
Source=Paul Collins Startup list
[run=]
Confirmed=?
Filename=LXBTppls.exe
Description=Reportedly part of Lexmark printer software - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[run=]
Confirmed=N
Filename=fmedia.exe
Description=FMedia FaxWorks related - can be run manually
Source=Paul Collins Startup list
[run=]
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers - required for printer to work
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e@mm.html" target=_blank>GAGGLE.E</a> WORM!
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=RegistryReminder.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_10232.htm" target=_blank>APSTROJAN.OB</a> TROJAN!
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=sec5dec.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.g@mm.html" target=_blank>ATAK.G</a> WORM!
Source=Paul Collins Startup list
[run=]
Confirmed=X
Filename=wmplayer.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - Note: this is not the Windows Media Player executable!
Source=Paul Collins Startup list
[RunAlert]
Confirmed=U
Filename=AService.exe
Description=<a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php">MSI MOtherboard PC Alert III</a> - MSI motherboard monitoring software. Only required if you "overclock" your system
Source=Paul Collins Startup list
[runAP]
Confirmed=N
Filename=runAP.exe
Description=<font color="#FF0000">Not required but what is it?</font>
Source=Paul Collins Startup list
[Runapp32]
Confirmed=X
Filename=Runapp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.neodurk.html" target="_blank">NEODURK</a> TROJAN!
Source=Paul Collins Startup list
[Rund1l32]
Confirmed=X
Filename=Winfi1e32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mertian.worm.html" target="_blank">MERTIAN</a> WORM!
Source=Paul Collins Startup list
[rundl332]
Confirmed=X
Filename=math.exe ...pluged.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html" target="_blank">DOOMJUICE</a> WORM!
Source=Paul Collins Startup list
[rundli32]
Confirmed=X
Filename=rundli32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.lade.html" target="_blank">LADE</a> WORM!
Source=Paul Collins Startup list
[RunDLL]
Confirmed=X
Filename=rundll32.exe bridge.dll, Load
Description=Flingstone.com browser hijacker
Source=Paul Collins Startup list
[rundll***]
Confirmed=X
Filename=die.exe [path] mdll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Confirmed=X
Filename=die.exe [path] secure.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Confirmed=X
Filename=die.exe [path] secure.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[rundll***]
Confirmed=X
Filename=die.exe [path] ttg.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
Source=Paul Collins Startup list
[Rundll16]
Confirmed=X
Filename=Rundll16.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS!
Source=Paul Collins Startup list
[Rundll32]
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list
[RUNDLL32]
Confirmed=N
Filename=RUNDLL32.EXE NvQtwk, NvCplDaemon
Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
Source=Paul Collins Startup list
[RunDLL32]
Confirmed=N
Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list
[RunDLL32]
Confirmed=X
Filename=winupdate.exe
Description=Added by an unidentified TROJAN! - possibly a <a href="http://www.symantec.com/avcenter/venc/data/backdoor.bmbot.html" target="_blank">BMBOT</a> variant
Source=Paul Collins Startup list
[Rundll32]
Confirmed=X
Filename=Windows.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list
[Rundll32]
Confirmed=X
Filename=Rundll32.exe ptipbm.dll, SetWriteBack
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">If used is it required?</font>
Source=Paul Collins Startup list
[rundll32]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html" target="_blank">AUTEX</a> WORM!
Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller</font>
Source=Paul Collins Startup list
[rundll32]
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sanker.html" target="_blank">SANKER</a> WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows
Source=Paul Collins Startup list
[rundll32]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html" target="_blank">GUTTA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
Source=Paul Collins Startup list
[Rundll32 cmicnfg]
Confirmed=N
Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[Rundll32.exe]
Confirmed=X
Filename=Proyecto1.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Source=Paul Collins Startup list
[Rundll32.exe]
Confirmed=X
Filename=Root.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html" target="_blank">GRUEL</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list
[RundllSvr]
Confirmed=X
Filename=Rundll.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.huayu.html" target=_blank>HUAYU</a> WORM!
Source=Paul Collins Startup list
[Rundllsystem32]
Confirmed=X
Filename=Rundllsystem32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.B" target="_blank"> NETDEVIL.B</a> TROJAN!
Source=Paul Collins Startup list
[Rundnm]
Confirmed=X
Filename=Rundnm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfha.html" target=_blank>DELF-HA</a> TROJAN!
Source=Paul Collins Startup list
[RunOnce]
Confirmed=U
Filename=RUNONCE.EXE
Description=Part of MS Data Access Components - only required if you use these
Source=Paul Collins Startup list
[RunProg]
Confirmed=X
Filename=Server.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIX.04.A" target="_blank">OPTIX.04.A</a> TROJAN!
Source=Paul Collins Startup list
[RunProg]
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.optix.04.d.html" target="_blank">OPTIX.04.D</a> TROJAN!
Source=Paul Collins Startup list
[runreper]
Confirmed=X
Filename=viewer.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.reper.a.html" target=_blank>REPER.A</a> VIRUS!
Source=Paul Collins Startup list
[RunServices]
Confirmed=X
Filename=runsvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QJ" target=_blank>AGOBOT.QJ</a> WORM!
Source=Paul Collins Startup list
[RunSysd32]
Confirmed=U
Filename=RunSysd32.exe
Description=DesktopShield2000 by StΘphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
Source=Paul Collins Startup list
[runwin32]
Confirmed=X
Filename=runwin32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojesearcha.html" target="_blank">ESEARCH-A</a> TROJAN!
Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Source=Paul Collins Startup list
[Run_cd]
Confirmed=X
Filename=Run_cd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GHOST.23" target="_blank">GHOST.23</a> TROJAN!
Description=Spyware included with the latest version of Grokster. Also see <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=0" target="_blank">here</a>
Source=Paul Collins Startup list
[RxMon]
Confirmed=N
Filename=rxmon9x.exe
Description=Dell Resolution Assistant
Source=Paul Collins Startup list
[r_server]
Confirmed=Y
Filename=r_server.exe
Description=<a href="http://www.antivirus.com.au/radmin/info.html" target="_blank">Radmin</a> - remote admistrator server
Source=Paul Collins Startup list
[S0undMan]
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ab@mm.html" target="_blank">LOVGATE.AB</a> WORM!
Source=Paul Collins Startup list
[S24EvMon]
Confirmed=?
Filename=S24EvMon.exe
Description=Event Monitor - supports driver extensions to NIC Driver for wireless adapters.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[S3 Internal Chip]
Confirmed=X
Filename=s3serv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdd.html" target=_blank>AGOBOT-DD</a> WORM!
Description=Logitech QuickCam driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[SA Service]
Confirmed=?
Filename=SAservice.exe
Description=Associated with Cyber Trio and Warner troubleshooting software from<font color="#FF0000"> </font>G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. <font color="#FF0000">What function does this perform and is it required?</font>
Description=Airline reservation software from Sabre. Available via Start -> Programs
Source=Paul Collins Startup list
[SAClient]
Confirmed=N
Filename=RegCon.exe
Description=AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging
Source=Paul Collins Startup list
[Safe]
Confirmed=X
Filename=SafeWin.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/pwsteal.focosenha.html" target="_blank">FOCOSENHA</a> TROJAN!
Description="Smart Button Special Sauce" - included with the latest software for <a href="http://www.saitek.com/" target="_blank">Saitek</a> game controllers. Related to the "S", "Shift" or "Smart" button. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[SaitekAutoConfigure]
Confirmed=U
Filename=saicnfig.exe
Description=Configuration for <a href="http://www.saitek.com/" target="_blank">Saitek</a> game controllers
Description=<a href="http://home.houston.rr.com/samware/samcal_body.htm" target="_blank">SamCal</a> - calendar/reminder program
Source=Paul Collins Startup list
[Sametime Connect]
Confirmed=U
Filename=Connect.exe
Description=IBM Lotus Instant Messaging and Conferencing <a href="http://www.lotus.com/products/product3.nsf/wdocs/homepage" target="_blank">software</a>
Source=Paul Collins Startup list
[SandIcon]
Confirmed=N
Filename=SandIcon.exe
Description=SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources
Description=Browser hijacker - redirecting to Searchant.com
Source=Paul Collins Startup list
[SATARaid]
Confirmed=U
Filename=SATARaid.exe
Description=RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
Source=Paul Collins Startup list
[SAVAgent]
Confirmed=Y
Filename=SAVAgent.exe
Description=Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users
Source=Paul Collins Startup list
[Save]
Confirmed=X
Filename=Save.exe
Description=Rebranded version of SaveNow advertising spyware
Source=Paul Collins Startup list
[SaveDate]
Confirmed=X
Filename=SaveStartDate.Exe
Description=Unidentified adware
Source=Paul Collins Startup list
[Savenow]
Confirmed=X
Filename=SaveNow.exe
Description=Advertising spyware. Installed as part of the <a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">Kazaa Media Desktop</a> bundle for example
Source=Paul Collins Startup list
[Savenow]
Confirmed=X
Filename=savenow.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.spreda.b.html" target="_blank">SPREDA.B</a> VIRUS!
Source=Paul Collins Startup list
[Say The Time 5.0]
Confirmed=U
Filename=SAYTIME.EXE
Description=This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly
Source=Paul Collins Startup list
[SB]
Confirmed=U
Filename=SB.exe
Description=Acer Soft Button on Acer Tablet PCs
Source=Paul Collins Startup list
[SB Audigy 2 Startup Menu]
Confirmed=N
Filename=/l:eng
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Source=Paul Collins Startup list
[SB Watchdog]
Confirmed=X
Filename=SBWatchdog.exe
Description=Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank. See <a href="http://trek.thesteveco.com/slashnot.cgi?article=329" target="_blank"> here</a> for more information
Description=matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
Source=Paul Collins Startup list
[SBDrvDet]
Confirmed=U
Filename=SBDrv.exe
Description=Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one
Description=SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)
Source=Paul Collins Startup list
[SbUsb AudCtrl]
Confirmed=U
Filename=RunDll32 sbusbdll.dll, RCMonitor
Description=Control for Soundblaster MP3 external (USB) sound card
Source=Paul Collins Startup list
[sc]
Confirmed=N
Filename=scrubxp.exe
Description=<a href="http://www.bartdart.com/modules/mydownloads/" target="_blank">ScrubXP</a> - utility that deletes safe to remove files, cookies, browsing history, etc
Source=Paul Collins Startup list
[sc]
Confirmed=U
Filename=sc.exe
Description=<a href="http://www.rhombustechnologies.com/watchdog_software.htm">Watchdog 2.0 Software</a> - monitoring program
Source=Paul Collins Startup list
[sc]
Confirmed=U
Filename=run.exe
Description=<a href="http://www.allinonespy.com/" target=_blank>All-In-One_SPY</a> stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file
Source=Paul Collins Startup list
[sc23exec]
Confirmed=?
Filename=sc23exec.exe
Description=<font color="#FF0000">Possibly related to a digital camera</font>
Source=Paul Collins Startup list
[SC3300CC]
Confirmed=Y
Filename=SC3300CC.exe
Description=SiPix digital camera Twain device driver
Source=Paul Collins Startup list
[scan]
Confirmed=X
Filename=mscman.exe
Description=Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
Source=Paul Collins Startup list
[Scan Detector]
Confirmed=?
Filename=Pmxdetect.exe
Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[Scan Wizard]
Confirmed=?
Filename=button.exe
Description=Associated with ScanWizard as supplied with Microtek scanners - see also <a href="#Scanner%20Detector"> Scanner Detector</a> or <a href="#SDetect">SDetect</a>.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[ScanDisk]
Confirmed=X
Filename=ScanDisk.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.ganda.a@mm.html" target="_blank">GANDA.A</a> WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker
Source=Paul Collins Startup list
[scands32.exe]
Confirmed=X
Filename=scands32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html" target=_blank>Adclicker</a> TROJAN!
Source=Paul Collins Startup list
[ScanFile]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ScanInicio]
Confirmed=?
Filename=Inicio.exe
Description=Part of <a href="http://www.pandasoftware.com/" target="_blank">Panda Anti-Virus</a>. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active
Source=Paul Collins Startup list
[Scanner Detector]
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
Source=Paul Collins Startup list
[Scanreg]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list
[ScanRegistry]
Confirmed=X
Filename=nsrvnt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nerte.html" target="_blank">NERTE</a> TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe
Source=Paul Collins Startup list
[ScanRegistry]
Confirmed=X
Filename=scanregv.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98023.htm" target="_blank">MASTERLOCK</a> TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe
Source=Paul Collins Startup list
[ScanRegistry]
Confirmed=Y
Filename=Scanregw.exe
Description=Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable "Scanregw.exe" is located in %windir% (where %windir% is the Windows directory - C:\Windows or C:\Winnt)
Source=Paul Collins Startup list
[ScanRegistry]
Confirmed=X
Filename=Scanregw.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.stator@mm.html" target=_blank>STATOR</a> WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key
Source=Paul Collins Startup list
[ScanSpyware v *]
Confirmed=X
Filename=Scanner.exe
Description=Spyware remover (where * = the version number) of dubious repute, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[SCardSvr]
Confirmed=N
Filename=scardsvr.exe
Description=Related to SmartCard readers and sometimes uses lots of system resources
Source=Paul Collins Startup list
[SCardSvr]
Confirmed=X
Filename=SCardSvr32.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
Source=Paul Collins Startup list
[Scheduled Maintenance]
Confirmed=N
Filename=Scheduled_Maintenance.exe
Description=Scheduler for <a href="http://www.iolo.com" target="_blank">Iolo System Mechanic</a> tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs
Source=Paul Collins Startup list
[Scheduling Agent]
Confirmed=X
Filename=Scheduler.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html" target="_blank">SUBWOOFER</a> TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect
Source=Paul Collins Startup list
[SchedulingAgant]
Confirmed=X
Filename=MMTASK.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
Source=Paul Collins Startup list
[SchedulingAgent]
Confirmed=U
Filename=mstask.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list
[SchedulingAgent]
Confirmed=U
Filename=mstinit.exe
Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Source=Paul Collins Startup list
[Schmaili]
Confirmed=U
Filename=Schmaili.exe
Description=<a href="http://www.schmaili.com/index.htm" target="_blank">Schmaili</a> - insert animated smilies into your e-mail
Source=Paul Collins Startup list
[SCHWIZEX]
Confirmed=Y
Filename=SCHWIZEX.EXE
Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
Source=Paul Collins Startup list
[ScManager]
Confirmed=X
Filename=scman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcw.html" target=_blank>FORBOT-CW</a> WORM!
Source=Paul Collins Startup list
[scopedll]
Confirmed=X
Filename=scopedll.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[Scotia OnLine Recovery]
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list
[Scotia OnLine Security v*.* Recovery]
Confirmed=N
Filename=etdirrcv.exe
Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
Source=Paul Collins Startup list
[Scr]
Confirmed=X
Filename=scr.scr
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[ScrapPad]
Confirmed=N
Filename=Scrappad.exe
Description=<a href="http://www.jackcreations.com/scrappad/" target="_blank">ScrapPad</a> allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper
Source=Paul Collins Startup list
[Screen Calendar]
Confirmed=U
Filename=scrcal.exe
Description=<a href="http://www.screencalendar.com/" target=_blank>Screen Calendar</a> allows you to create custom desktop wallpapers with built in active calendar and scheduler
Source=Paul Collins Startup list
[Screen Guard]
Confirmed=U
Filename=launch.exe
Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
Source=Paul Collins Startup list
[Screen Guard Message Scan]
Confirmed=U
Filename=sgms.exe
Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
Source=Paul Collins Startup list
[Screen Saver Control]
Confirmed=N
Filename=FSScrCtl.exe
Description=Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
Source=Paul Collins Startup list
[ScreenPrint32]
Confirmed=N
Filename=ScreenPrint32.exe
Description=<a href="http://www.provtech.co.uk/software/screenprint32.asp" target=_blank>ScreenPrint32</a> screen capture software - can be launched manually
Source=Paul Collins Startup list
[screxe]
Confirmed=?
Filename=scruser2k.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[script]
Confirmed=?
Filename=script.bat
Description=<font color="#FF0000">Maybe associated with DOS on a Win9x machine</font>
Source=Paul Collins Startup list
[ScriptBlocking]
Confirmed=Y
Filename=SBServ.exe
Description=Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer <a href="http://www.symantec.com/search/" target="_blank">here</a> for more information
Source=Paul Collins Startup list
[ScriptSentry]
Confirmed=Y
Filename=Scriptsentry.exe
Description=<a href="http://www.jasons-toolbox.com/scriptsentry.asp" target="_blank">Script Sentry</a> from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly
Source=Paul Collins Startup list
[Scroll-In-Mouse V2.0]
Confirmed=U
Filename=SCROLL.EXE
Description=Toolkit for the <a href="http://www.qtronix.com/Lynx3dnet.html" target="_blank">Lynx-3D Net</a> scroll mouse from QTronix. Required if you use the special features
Source=Paul Collins Startup list
[ScrSvr]
Confirmed=X
Filename=ScrSvr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html" target="_blank">OPASERV</a> WORM!
Source=Paul Collins Startup list
[ScrSvrOld]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html" target="_blank">OPASERV</a> WORM!
Source=Paul Collins Startup list
[Scsi]
Confirmed=Y
Filename=Scsi.exe
Description=SCSI Miniport driver
Source=Paul Collins Startup list
[scvhost]
Confirmed=X
Filename=svzhost.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[scvhost loader]
Confirmed=X
Filename=ixplore.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
Source=Paul Collins Startup list
[scvhost.exe]
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavn.html" target="_blank">LOHAV-N</a> TROJAN!
Source=Paul Collins Startup list
[sd32info]
Confirmed=X
Filename=sd32info.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[SDaemon]
Confirmed=U
Filename=sdaemon.exe
Description=PC Security from Tropical Software. 'PC SecurityÖ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'
Source=Paul Collins Startup list
[sdchosts32]
Confirmed=X
Filename=vbdd.exe
Description=Added by the RANKY.AG TROJAN!
Source=Paul Collins Startup list
[SDetect]
Confirmed=N
Filename=SDetect.exe
Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
Source=Paul Collins Startup list
[sdfsdfsdf]
Confirmed=X
Filename=sp2update.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[SDIN Adapter]
Confirmed=X
Filename=sdin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotap.html" target="_blank">FORBOT-AP</a> WORM!
Source=Paul Collins Startup list
[SDJobCheck]
Confirmed=?
Filename=triggusr.exe
Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
Source=Paul Collins Startup list
[SDPhotoBar.exe]
Confirmed=N
Filename=SDPhotoBar.exe
Description=<a href="http://www.ttp.co.uk/abtsdphoto.html" target=_blank>SmartDraw Photo</a> - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"
Source=Paul Collins Startup list
[sdrss]
Confirmed=X
Filename=sdrss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsq.html" target=_blank>SDBOT-SQ</a> WORM!
Source=Paul Collins Startup list
[sealmon]
Confirmed=U
Filename=sealmon.exe
Description=<a href="http://www.sealedmedia.com/solutions/default.asp" target=_blank>SealedMedia</a> enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email
Description=<a href="http://www.pcug-colorado.org/newsletter/pcoc0200/2ndchanc.htm" target="_blank">Power Quest Second Chance</a>. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash
Source=Paul Collins Startup list
[Secret-Crush]
Confirmed=X
Filename=start.exe
Description=Hijacker that may reset your browser's home page and/or search settings to point to undesired sites
Source=Paul Collins Startup list
[Secsys]
Confirmed=U
Filename=Secsys.exe
Description=<a href="http://www.ultrasoft.ro/page_ky.htm" target="_blank">Key Interceptor</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Description=<a href="http://www.accessdata.com/Product05_Overview.htm?ProductNum=05" target="_blank">SecureClean</a> - scans your system for hidden temporary files, deleted email messages, Internet histories and caches
Source=Paul Collins Startup list
[SecureItPro]
Confirmed=U
Filename=Secureitpro470p.exe
Description=<a href="http://homepages.ihug.com.au/~ipex/secureitpro/secureitpro.htm" target="_blank">SecureIt Pro</a> - lock your computer when you're not there, to stop malicious users from accessing your desktop
Source=Paul Collins Startup list
[SecureLogin]
Confirmed=X
Filename=Mslg32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.redzed@mm.html" target="_blank">REDZED</a> WORM!
Source=Paul Collins Startup list
[Security Accounts Manager SM]
Confirmed=X
Filename=samsm.exe
Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
Source=Paul Collins Startup list
[Security Agent Manager]
Confirmed=X
Filename=mssams.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsv.html" target=_blank>RBOT-SV</a> WORM!
Source=Paul Collins Startup list
[Security iGuard]
Confirmed=N
Filename=Security iGuard.exe
Description=Spyware remover of dubious repute, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[Security Manager]
Confirmed=U
Filename=SecurityManager.exe
Description=A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private
Source=Paul Collins Startup list
[Security Patches]
Confirmed=X
Filename=msnkn.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WW" target=_blank>RBOT.WW</a> WORM!
Source=Paul Collins Startup list
[security service]
Confirmed=X
Filename=syss.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[SECWIZ98]
Confirmed=Y
Filename=SECWIZ98.EXE
Description=Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available <a href="http://www.zdnet.com/downloads/stories/info/0,,000T5S,.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SelfHostUtil]
Confirmed=?
Filename=slefhost.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SeMS]
Confirmed=U
Filename=SeMS.exe
Description=<p align=left><a href="http://www.pcsms.net/" target="_blank">PCsms</a> - tool that enables you to send sms text messages from your PC to any UK mobile phone
Source=Paul Collins Startup list
[Sensiva]
Confirmed=U
Filename=Sensiva.exe
Description=<a href="http://www.sensiva.com/symbolcommander/" target=_blank>Symbol Commander</a> makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly
Source=Paul Collins Startup list
[SENTRY]
Confirmed=X
Filename=SENTRY.exe
Description=From <a href="http://www.ipinsight.com/default.asp" target="_blank">IP Insight</a>. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it
Source=Paul Collins Startup list
[Sepate Security Firewall]
Confirmed=X
Filename=sepate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Serials]
Confirmed=X
Filename=serials.exe
Description=Any one of a variety of worms and trojans
Source=Paul Collins Startup list
[serrdctl.exe]
Confirmed=Y
Filename=serrdctl.exe
Description="Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems
Source=Paul Collins Startup list
[Serv-U]
Confirmed=N
Filename=serv-u32.exe
Description=FTP server
Source=Paul Collins Startup list
[Serv-U]
Confirmed=X
Filename=wssdsu.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.manifest.trojan.html" target="_blank">MANIFEST</a> TROJAN!
Source=Paul Collins Startup list
[server]
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list
[SERVER.EXE]
Confirmed=X
Filename=SERVER.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smokodoor.html" target="_blank">SMOKODOOR</a> TROJANS!
Source=Paul Collins Startup list
[serverex]
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list
[Service]
Confirmed=U
Filename=service.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.h.html" target="_blank">ALADINZ.H</a> TROJAN!
Source=Paul Collins Startup list
[Service]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html" target="_blank">NETSKY</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html" target="_blank">NETSKY.B</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Service]
Confirmed=X
Filename=[trojan filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html" target="_blank">KAITEX.E</a> TROJAN!
Source=Paul Collins Startup list
[Service Connection]
Confirmed=N
Filename=sccenter.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list
[Service Connection]
Confirmed=N
Filename=bwtray.exe
Description=For Compaq PC's. Part of Backweb
Source=Paul Collins Startup list
[Service Controller]
Confirmed=X
Filename=Csrrs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Service Host]
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html" target="_blank">TORVEL.B</a> WORM!
Source=Paul Collins Startup list
[Service Host]
Confirmed=X
Filename=spoolxx.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html" target=_blank>TORVEL</a> WORM!
Source=Paul Collins Startup list
[Service Host ]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html" target=_blank>TORVEL</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Service Host Driver]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hiton@mm.html" target="_blank">HITON</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Service Manager]
Confirmed=N
Filename=sqlmangr.exe
Description=SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start -> Programs
Source=Paul Collins Startup list
[Service Manager]
Confirmed=X
Filename=dxsound.exe
Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100886" target="_blank">PROXY-GRIC</a> TROJAN!
Source=Paul Collins Startup list
[Service Process]
Confirmed=X
Filename=SVCHOST.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.darker.worm.html" target="_blank">DARKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Service Process]
Confirmed=X
Filename=winset.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[service updaer]
Confirmed=X
Filename=qualityz.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - probably a <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> variant
Description=Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation
Source=Paul Collins Startup list
[ServiceLayer]
Confirmed=Y
Filename=ServiceLayer.exe
Description=Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly
Source=Paul Collins Startup list
[services]
Confirmed=X
Filename=start.bat
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
Source=Paul Collins Startup list
[Services]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html" target="_blank"> METEORSHELL</a> TROJAN!
Source=Paul Collins Startup list
[Services]
Confirmed=X
Filename=back32.exe ...service.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe
Source=Paul Collins Startup list
[Services]
Confirmed=X
Filename=services.exe
Description=Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Services]
Confirmed=X
Filename=winread.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Services Controller]
Confirmed=X
Filename=lsassa.exe
Description=Added by the CIADOOR.122 VIRUS!
Source=Paul Collins Startup list
[Services Host]
Confirmed=X
Filename=Scchost.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.donk.html" target="_blank">DONK</a> WORM!
Source=Paul Collins Startup list
[Services Process]
Confirmed=X
Filename=services.exe
Description=Added by unidentified spyware - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Small.X TROJAN!
Source=Paul Collins Startup list
[Services.EXE]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.kazping.html" target="_blank">KAZPING</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[services.exe]
Confirmed=X
Filename=Services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorf.html" target=_blank>CIADOOR-F</a> TROJAN! Note - this is NOT the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target=_blank>services.exe</a> process, which should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[Services004]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html" target="_blank">BUGBROS</a> WORM!
Source=Paul Collins Startup list
[ServUTrayIcon]
Confirmed=?
Filename=ServUTray.exe
Description=System Tray icon for Serv-U FTP server.<font color="#FF0000"> </font><font color="#FF0000">Is it required?</font>
Description=Related to a Soundblaster Audigy soundcards.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[setdefprt]
Confirmed=?
Filename=setdefprt.exe
Description=<font color="#FF0000">Related to a Brother printer?</font>
Source=Paul Collins Startup list
[SetecCertUtil]
Confirmed=U
Filename=Certutil.exe
Description=Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV
Source=Paul Collins Startup list
[setFTPBack]
Confirmed=X
Filename=createsw.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.html" target="_blank">FTP_BMAIL</a> TROJAN!
Source=Paul Collins Startup list
[SetHook]
Confirmed=N
Filename=SetHook.exe
Description=Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Source=Paul Collins Startup list
[SETI@home]
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list
[seticlient]
Confirmed=N
Filename=SETI@home.exe
Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
Source=Paul Collins Startup list
[SetIcon]
Confirmed=N
Filename=SetIcon.exe
Description=Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog
Source=Paul Collins Startup list
[SetiQueue]
Confirmed=N
Filename=Setiqu~1.exe
Description=Provides work unit buffering for Seti@Home clients - see <a href="http://www.reneris.com/seti/default.asp" target="_blank">here</a> for more details
Source=Paul Collins Startup list
[SetiSpy]
Confirmed=N
Filename=SetiSpy.exe
Description=From the site - '<a href="http://pages.tca.net/roelof/setispy/" target="_blank">SETI Spy</a> is a little program I wrote to "spy" on the progress and performance of the SETI@home client. I call it a "spy" because I tried to make it as unobtrusive as possible'
Source=Paul Collins Startup list
[SetRefresh]
Confirmed=?
Filename=SetRefresh.exe
Description=Found on a Compaq PC. <font color="#FF0000">Video refresh rate utility? Is it required?</font>
Source=Paul Collins Startup list
[Setting]
Confirmed=X
Filename=sysweb.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
Source=Paul Collins Startup list
[setup]
Confirmed=N
Filename=hphprld.exe ....setup.exe
Description=HP DeskJet Setup - printers function normally without it
Source=Paul Collins Startup list
[Setup experation]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeraw.html" target=_blank>TOFGER-AW</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process, which NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SetupICWDesktop]
Confirmed=N
Filename=icwconn1.exe
Description=Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
Source=Paul Collins Startup list
[setupuser]
Confirmed=X
Filename=regedit.exe setupuser.log
Description=Regfile in disguise - another <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list
[setuzp]
Confirmed=?
Filename=setuzp.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SetVrc]
Confirmed=X
Filename=setvrc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.huntocx.html" target="_blank">HUNTOCX</a> WORM!
Source=Paul Collins Startup list
[Sex Teris]
Confirmed=X
Filename=st01b.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.repad.worm.html" target="_blank">REPAD</a> WORM!
Source=Paul Collins Startup list
[Sexy_sg]
Confirmed=X
Filename=Sexy_sg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SFP]
Confirmed=N
Filename=vzSFPWin.EXE
Description=Verizon Online Support Center - prompts for online updates
Source=Paul Collins Startup list
[SFtrb Service]
Confirmed=X
Filename=cftrb32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sobig.d@mm.html" target="_blank">SOBIG.D</a> WORM!
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list
[Sgeecview]
Confirmed=U
Filename=Ecview.exe
Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Source=Paul Collins Startup list
[sginst]
Confirmed=N
Filename=sginst.exe
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Source=Paul Collins Startup list
[SGTBox]
Confirmed=?
Filename=SGTBox.exe
Description=Canon scanner driver.<font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[sgtray]
Confirmed=U
Filename=sgtray.exe
Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list
[shambl3r]
Confirmed=X
Filename=cnf.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html" target="_blank">REMABL</a> WORM!
Source=Paul Collins Startup list
[shambl3r*]
Confirmed=X
Filename=shambl3r.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html" target="_blank">REMABL</a> WORM! where * is 2 to 11
Source=Paul Collins Startup list
[Share-to-Web Namespace Daemon]
Confirmed=N
Filename=hpgs2wnd.exe
Description="HP's exclusive <a href="http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.makecall.trojan.html" target="_blank">MAKECALL</a> TROJAN!
Source=Paul Collins Startup list
[Sharing and Mapping Software]
Confirmed=Y
Filename=DShmap.exe
Description=<a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm">Intel AnyPoint</a> internet sharing software
Source=Paul Collins Startup list
[SharkEject]
Confirmed=N
Filename=AEJCT32.exe
Description=Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
Source=Paul Collins Startup list
[Shcenter]
Confirmed=N
Filename=chcenter.exe
Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
Source=Paul Collins Startup list
[SheduIer]
Confirmed=X
Filename=svchst.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[Shell]
Confirmed=X
Filename=Shell32.exe
Description=Added by the <a href="http://www.f-secure.com/v-descs/badsec.shtml" target="_blank">BADSECTOR</a> TROJAN!
Source=Paul Collins Startup list
[Shell]
Confirmed=X
Filename=ray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list
[Shell]
Confirmed=X
Filename=Tray.exe
Description=Homepage hijacker re-directing browsers to adult content websites
Source=Paul Collins Startup list
[Shell]
Confirmed=X
Filename=wmedia16.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.goldun.html" target=_blank>GOLDUN</a> TROJAN!
Source=Paul Collins Startup list
[Shell Extension]
Confirmed=X
Filename=spollsv.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[ShellApi]
Confirmed=X
Filename=SHELLMSN.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEV.B" target="_blank">NETDEV.B</a> TROJAN!
Source=Paul Collins Startup list
[Shellapi32]
Confirmed=X
Filename=Shellapi32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.html" target="_blank">NETDEVIL</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NERTE.76.B" target="_blank">NERTE</a>) TROJAN!
Source=Paul Collins Startup list
[ShellCommand]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremcona.html" target=_blank>REMCON-A</a> TROJAN!
Source=Paul Collins Startup list
[ShellEx]
Confirmed=X
Filename=ShellEx.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.anakha.html" target="_blank">ANAKHA</a> TROJAN!
Source=Paul Collins Startup list
[shellsystem]
Confirmed=X
Filename=shellsystem.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.upchan.html" target="_blank">UPCHAN</a> TROJAN!
Source=Paul Collins Startup list
[shicoxp]
Confirmed=N
Filename=shicoxp.exe
Description=Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
Source=Paul Collins Startup list
[Shine]
Confirmed=X
Filename=Shine.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
Source=Paul Collins Startup list
[SHINITV]
Confirmed=?
Filename=shinitv.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Shmgrate.exe]
Confirmed=X
Filename=ibot4.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gaster.html" target="_blank">GASTER</a> TROJAN!
Source=Paul Collins Startup list
[ShockmachineReminder]
Confirmed=N
Filename=SmReminder.exe
Description=<a href="http://www.shockwave.com/sw/downloads/collections/favorites/">Shockmachine</a> is an entertainment playback device that lets you save your favorite Shockwave.com titles and play them back in full-screen mode, off-line, anytime. <font color="#FF0000">Could be a registration reminder for the trial version</font>
Source=Paul Collins Startup list
[Shockwave]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sndog@mm.html" target="_blank">SNDOG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Shockwave Init]
Confirmed=N
Filename=SWINIT.EXE
Description=Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
Source=Paul Collins Startup list
[ShortKeys 99]
Confirmed=N
Filename=SHORTKEY.EXE
Description=<a href="http://www.shortkeys.com/" target="_blank">ShortKeys</a> from Insight Software Solutions - allows you to program keys with text strings
Source=Paul Collins Startup list
[Showbehind]
Confirmed=X
Filename=SHOWBEHIND.EXE
Description=Advertisement display which can be stopped <a href="http://www.showbehind.com/adremove.exe" target="_blank">here</a>
Description=Card reader for memory cards from digital cameras.<font color="#FF0000"> Is it required? </font>
Source=Paul Collins Startup list
[SHPC32]
Confirmed=U
Filename=SHPC32.exe
Description=Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
Source=Paul Collins Startup list
[ShStatEXE]
Confirmed=Y
Filename=SHSTAT.EXE
Description=From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[Shutdownaware]
Confirmed=U
Filename=shutdownaware.exe
Description=Loaded by the <a href="http://www.sweexeurope.com/product.asp?pid=98" target="_blank">SWEEX 6-in-1 Media Card Reader</a> to properly manage the reader while it is connected to your system
Source=Paul Collins Startup list
[ShutDownPro]
Confirmed=U
Filename=ShutDownPro.exe
Description=<a href="http://home.tiscali.de/kurtzimmermann/shutdownpro_e.htm" target="_blank">ShutDownPro</a> - shutdown, reboot, logoff your System with one mouse click
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
Source=Paul Collins Startup list
[SigX]
Confirmed=?
Filename=sigx.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SigXC]
Confirmed=X
Filename=SigX.exe
Description=<a href="http://sigx.yuriy.net/" target="_blank">SigX</a> is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"
Source=Paul Collins Startup list
[Simcast]
Confirmed=N
Filename=SimcastAlerts.exe
Description=<a href="http://www.simcast.com.au/index.jsp" target="_blank">Simcast</a> is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say
Source=Paul Collins Startup list
[SimpLite-MSN]
Confirmed=U
Filename=SimpLite-MSN.exe
Description=Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
Source=Paul Collins Startup list
[Singapore]
Confirmed=X
Filename=singapore.exe
Description=Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See <a href="http://groups.google.com/groups?q=singapore+singapore.exe&hl=en&lr=&safe=off&selm=38b007ea@news.swiftech.com.sg&rnum=1" target="_blank">here</a> for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself
Source=Paul Collins Startup list
[SIPPS]
Confirmed=U
Filename=SIPPS\SIPPS.exe
Description=Web.de Internet phone utility
Source=Paul Collins Startup list
[SiS KHooker]
Confirmed=N
Filename=khooker.exe
Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
Source=Paul Collins Startup list
[SiS Tray]
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list
[SiS Windows KeyHook]
Confirmed=U
Filename=keyhook.exe
Description=SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
Source=Paul Collins Startup list
[SISAM10M]
Confirmed=?
Filename=SISAM10M.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SiSAudio]
Confirmed=N
Filename=MP_S3.exe
Description=WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems
Source=Paul Collins Startup list
[siscolor]
Confirmed=U
Filename=color.exe
Description=Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board
Source=Paul Collins Startup list
[siService.exe]
Confirmed=U
Filename=siService.exe
Description=<a href="http://www.giantcompany.com/(xg1iwg55yqze3245i5lvaqbb)/p_features.aspx" target="_blank">Spam Inspector</a> - anti email spam software
Source=Paul Collins Startup list
[SiSSetCDfmt]
Confirmed=?
Filename=SiSSetCDfmt.exe
Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
Source=Paul Collins Startup list
[SISSoundman]
Confirmed=?
Filename=Soundman.exe
Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
Source=Paul Collins Startup list
[SiSSWLED]
Confirmed=U
Filename=sisswled.exe
Description=System Tray utility for SiS 900 network cards
Source=Paul Collins Startup list
[sistrai.exe]
Confirmed=X
Filename=sistrai.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html" target="_blank"> PROVA</a> TROJAN!
Source=Paul Collins Startup list
[sistray]
Confirmed=X
Filename=sistray.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html" target="_blank"> PROVA</a> TROJAN!
Source=Paul Collins Startup list
[sistray]
Confirmed=U
Filename=sistray.exe
Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
Source=Paul Collins Startup list
[sistry]
Confirmed=X
Filename=sistry.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cebe.html" target="_blank">CEBE</a> WORM!
Source=Paul Collins Startup list
[SiSUSBRG]
Confirmed=N
Filename=SiSUSBrg.exe
Description=SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
Source=Paul Collins Startup list
[SK9910DM]
Confirmed=U
Filename=SK9910DM.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[SKDAEMON]
Confirmed=U
Filename=SKDAEMON.EXE
Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
Source=Paul Collins Startup list
[skinkers]
Confirmed=U
Filename=skinkers.exe
Description=Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see <a href="http://www.skinkers.com/clients.html" target="_blank">here</a>. Leave enabled if you want to receive messages
Source=Paul Collins Startup list
[SkyBlaster Scheduler]
Confirmed=Y
Filename=SSFSch.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[skynetave.exe]
Confirmed=X
Filename=skynetave.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.d.html" target="_blank">SASSER.D</a> WORM!
Source=Paul Collins Startup list
[SkynetRevenge]
Confirmed=X
Filename=winlogon.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.aa@mm.html" target="_blank">NETSKY.AA</a> WORM!
Source=Paul Collins Startup list
[Skype]
Confirmed=N
Filename=Skype.exe
Description="<a href="http://www.skype.com/" target="_blank">Skype</a> is free and simple software that will enable you to make free calls anywhere in the world in minutes"
Source=Paul Collins Startup list
[SkySurfer Management Service]
Confirmed=Y
Filename=SmaServ.exe
Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Source=Paul Collins Startup list
[SleepManager]
Confirmed=N
Filename=SleepMgr.exe
Description=This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode
Source=Paul Collins Startup list
[SlickRun]
Confirmed=U
Filename=sr.exe
Description="<a href="http://www.bayden.com/SlickRun/" target="_blank">SlickRun</a> is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"
Source=Paul Collins Startup list
[slide]
Confirmed=X
Filename=Iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html" target="_blank">GASLIDE</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[slimp3]
Confirmed=N
Filename=SliMP3 Server.exe
Description=<a href="http://www.macupdate.com/info.php/id/8973" target="_blank">Slimp3 Server</a> - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"
Source=Paul Collins Startup list
[Slingshot]
Confirmed=N
Filename=SLINGS~1.EXE
Description=<a href="http://www.atomica.com/us/products/slingshot/index.html" target="_blank">Atomica Slingshot</a> - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more"
Source=Paul Collins Startup list
[slmss]
Confirmed=X
Filename=slmss.exe
Description=SeekSeek search hijacker related - as seen <a href="http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry34543" target="_blank"> here</a>
Source=Paul Collins Startup list
[slvchost32]
Confirmed=X
Filename=slvchost32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[SM1BG]
Confirmed=?
Filename=SM1BG.EXE
Description=USB driver for downloading from within Napster to portable MP3 players. <font color="#FF0000">Is it required to run at startup or can it be run manually?</font>
Source=Paul Collins Startup list
[Sm56acl]
Confirmed=N
Filename=sm56hlpr.exe
Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
Source=Paul Collins Startup list
[Smapp]
Confirmed=N
Filename=smtray.exe
Description=System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller
Source=Paul Collins Startup list
[Smart Card Service]
Confirmed=N
Filename=ScardSvr.exe
Description=For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see <a href="http://support.microsoft.com/support/kb/articles/Q293/5/07.ASP?LN=EN-GB&SD=gn&FR=0" target="_blank">here</a>. Probably not required unless you use such a device regularly
Source=Paul Collins Startup list
[Smart Connect Monitor]
Confirmed=U
Filename=SCMon.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list
[Smart Connect Setup]
Confirmed=U
Filename=SCSetup.exe
Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Source=Paul Collins Startup list
[Smart Label O Server]
Confirmed=N
Filename=ssloserv.exe
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list
[Smart Label RFViewer]
Confirmed=N
Filename=SSLFVIEW.EXE
Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Source=Paul Collins Startup list
[Smart Type Assistant]
Confirmed=N
Filename=sta.exe
Description=<a href="http://www.blazingtools.com/sta.html" target="_blank">Smart Type Assistant</a> - a complex typing automation tool, intended to make your work faster and safer
Source=Paul Collins Startup list
[Smartalec]
Confirmed=U
Filename=pcaccel.exe
Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
Source=Paul Collins Startup list
[SmartBarXP]
Confirmed=N
Filename=SmartBarXP.exe
Description=<a href="http://www.smartbarxp.com/cgi-bin/cws/home.php?page=desc" target="_blank">SmartBarXP</a> is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few
Source=Paul Collins Startup list
[sMaRTcaPs]
Confirmed=N
Filename=SMARTC~1.EXE
Description=<a href="http://www.phoebusllc.com/index.htm#SC%20Description" target="_blank">sMaRTcaPs</a> from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys
Source=Paul Collins Startup list
[Smarthruengine]
Confirmed=?
Filename=QS.exe
Description=<font color="#FF0000">Unknown but disabled without problems</font>
Source=Paul Collins Startup list
[SmartPCXL]
Confirmed=U
Filename=pcaccel.exe
Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
Source=Paul Collins Startup list
[SMax4]
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list
[SMax4PNP]
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list
[smbdpmi]
Confirmed=?
Filename=smbdpmi.exe
Description=IBM Netfinity Director and Universal Management Services related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[smc]
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[smc]
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SMC Service]
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SMC Service]
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[smcserv]
Confirmed=X
Filename=winsrv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotou.html" target=_blank>AGOBOT-OU</a> WORM!
Source=Paul Collins Startup list
[SmcServices]
Confirmed=Y
Filename=smc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[SmcServices]
Confirmed=Y
Filename=spfsmc.exe
Description=Sygate Firewall
Source=Paul Collins Startup list
[Smcsta.exe]
Confirmed=?
Filename=Smcsta.exe
Description=SMC Networks wireless PCI card driver. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[Smith Micro try]
Confirmed=N
Filename=smiptray.exe
Description=Smith Micro shared files. Comes with D-Link web cam
Source=Paul Collins Startup list
[SMS Application Launcher]
Confirmed=U
Filename=LAUNCH32.EXE
Description=Microsoft <a href="http://www.microsoft.com/smserver/default.asp" target="_blank">Systems Management Server</a> - used to manage computers on a network remotely
Source=Paul Collins Startup list
[SMS Client Service]
Confirmed=U
Filename=clisvc95.exe
Description=When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)
Source=Paul Collins Startup list
[SMS Win9x Message Agent]
Confirmed=U
Filename=??
Description=This program assigns a user to a Systems Management Server site
Source=Paul Collins Startup list
[SMS Win9x Message Agent]
Confirmed=U
Filename=SMSMsg.exe
Description=This program assigns a user to a Systems Management Server site
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.f.html" target="_blank">FLOOD.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank"> Smss.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[smss]
Confirmed=X
Filename=[path to smss.exe]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SMSSS]
Confirmed=X
Filename=smsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list
[SMSSS Loader]
Confirmed=X
Filename=smsss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MQ" target=_blank>AGOBOT.MQ</a> WORM!
Source=Paul Collins Startup list
[smsys]
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickerc.html" target="_blank">CLICKER-C</a> TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\Template or C:\Winnt\Template subdirectory
Source=Paul Collins Startup list
[smsys]
Confirmed=X
Filename=vi.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SMToolbar]
Confirmed=N
Filename=SMToolbar.exe
Description=StartMake.com toolbar
Source=Paul Collins Startup list
[SmWizard]
Confirmed=?
Filename=SmWizard.exe
Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[snbr]
Confirmed=?
Filename=snbr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[sncntr]
Confirmed=X
Filename=sncntr.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Sndcompat]
Confirmed=X
Filename=Sndcompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[SNDMon]
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadtes but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list
[Sndsaver]
Confirmed=X
Filename=Sndsaver.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[sndsrvc]
Confirmed=?
Filename=SNDSRVC.EXE
Description=Part of Norton Personal Firewall and Norton Internet Security - <font color="#FF0000">what does it do and is it required?</font>
Source=Paul Collins Startup list
[Snsicon]
Confirmed=N
Filename=Snsicon.exe
Description=Launches a screensaver program from Second Nature
Source=Paul Collins Startup list
[SO5 Integrator Pass One]
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
Source=Paul Collins Startup list
[SO5 Integrator Pass Two]
Confirmed=?
Filename=sointgr.exe
Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[SoDA Startup]
Confirmed=Y
Filename=SodaStartup.exe
Description=Used by the <a href="http://www.rational.com/products/soda/index.jsp" target="_blank">Rational SoDA</a> project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software
Source=Paul Collins Startup list
[soffice]
Confirmed=N
Filename=SOFFICE.EXE
Description=Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory).
Source=Paul Collins Startup list
[Soft Profile Inc]
Confirmed=X
Filename=hxdef.exe...
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[SOFTinst]
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[Software]
Confirmed=X
Filename=software.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html" target=_blank>CRABTON-B</a> TROJAN!
Description=Scheduler for <a target="_blank" href="http://www.srnmicro.com/">Solo Antivirus</a>. Leave enabled unless you scan manually on a regular basis
Source=Paul Collins Startup list
[SoloSysCheck]
Confirmed=U
Filename=Syscheck.exe
Description=<a href="http://www.srnmicro.com/" target=_blank>Solo antivirus</a> System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors
Description=Quickstart for <a href="http://www.sonique.com/" target="_blank">Sonique</a> audio player. Available via Start -> Programs
Source=Paul Collins Startup list
[SonnReg]
Confirmed=?
Filename=SonnReg.exe
Description=Part of E-Color <a href="http://www.ecolor.com/page.asp?content=colorific_and_3deep&lev1=1&lev2=1_4&lev3=1_4_1" target="_blank">3Deep</a> for color calibration.<font color="#FF0000"> Possibly a registration reminder?</font>
Source=Paul Collins Startup list
[Soot]
Confirmed=?
Filename=rcea.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[sophagnt]
Confirmed=?
Filename=sophagnt.exe
Description=<font color="#FF0000">Possibly related to <a href="http://www.sophocles.net/" target="_blank">Sophocles Screenwriting Software</a>?</font>
Source=Paul Collins Startup list
[SOS]
Confirmed=X
Filename=SOS.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.html" target="_blank">PHILIS</a> VIRUS!
Source=Paul Collins Startup list
[SoSyncMonitor]
Confirmed=?
Filename=SoSyncMonitor.exe
Description=<a href="http://www.superoffice.com/" target="_blank">SuperOffice</a> related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Sound Loader]
Confirmed=X
Filename=sndloader.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbv.html" target="_blank">AGOBOT-BV</a> WORM!
Source=Paul Collins Startup list
[Sound services]
Confirmed=X
Filename=SOUND32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GG" target="_blank">AGOBOT.GG</a> WORM!
Source=Paul Collins Startup list
[Sound System]
Confirmed=X
Filename=WinSound1.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[soundcontrl]
Confirmed=X
Filename=soundcontrl.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html" target="_blank">GAOBOT.AFJ</a> WORM!
Description=Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
Source=Paul Collins Startup list
[SoundFusion]
Confirmed=?
Filename=rundll32 hercplgs.cpl, BootEntryPoint
Description=Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
Source=Paul Collins Startup list
[soundman]
Confirmed=N
Filename=soundman.exe
Description=System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
Source=Paul Collins Startup list
[SoundMAX]
Confirmed=N
Filename=SMax4.exe
Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
Source=Paul Collins Startup list
[SoundMAXPnP]
Confirmed=U
Filename=SMax4PNP.exe
Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Source=Paul Collins Startup list
[SoundMixer]
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmd.html" target=_blank>AGOBOT-MD</a> WORM!
Source=Paul Collins Startup list
[soundtasks]
Confirmed=X
Filename=soundtasks.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[soundtctrls]
Confirmed=X
Filename=soundtctrls.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzv.html" target="_blank">AGOBOT-ZV</a> WORM!
Source=Paul Collins Startup list
[SoundView]
Confirmed=X
Filename=msdview32.exe
Description=Trojan downloader
Source=Paul Collins Startup list
[sounofts]
Confirmed=X
Filename=sounofts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target="_blank">AGOBOT-ND</a> WORM!
Source=Paul Collins Startup list
[SourcePath]
Confirmed=N
Filename=gwreg.exe
Description=Used to update Gateway registry settings for System Restoration Kit and Web update programs
Source=Paul Collins Startup list
[sp]
Confirmed=X
Filename=sp.reg
Description=IE search hijacker - changes the default search to http://www.gocybersearch.com/
Source=Paul Collins Startup list
[sp]
Confirmed=X
Filename=regedit-s .... sp.dll
Description=Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See <a href="http://groups.google.com/groups?q=sp.dll%2Bregedit&hl=en&rnum=3&selm=e991edcb.0110211021.67587458%40posting.google.com" target="_blank">here</a> for more and a fix
Source=Paul Collins Startup list
[SP TimeSync]
Confirmed=U
Filename=SP TimeSync.exe
Description=SP <a href="http://www.spdialer.com/timesync/" target="_blank">TimeSync</a> lets you synchronize your computer's clock with any Internet atomic clock (time server)
Source=Paul Collins Startup list
[SP00LSV]
Confirmed=X
Filename=Sp00lsv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.e.html" target="_blank">GRAYBIRD.E</a> TROJAN!
Source=Paul Collins Startup list
[sp2ctr]
Confirmed=X
Filename=sp2ctr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucam.html" target="_blank">DLUCA-M</a> TROJAN!
Source=Paul Collins Startup list
[Spam Sleuth]
Confirmed=U
Filename=SpamSleuth.exe
Description=Spam Sleuth E-mail spam detection program
Description=Intermute <a href="http://www.intermute.com/spamsubtract/" target="_blank">SpamSubtract</a> - junk email detection and removal program
Source=Paul Collins Startup list
[spc_w]
Confirmed=N
Filename=hcm.exe
Description=NetZero Search related
Source=Paul Collins Startup list
[Spdstart]
Confirmed=N
Filename=Spdstart.exe
Description=Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel."
Source=Paul Collins Startup list
[Speaking Clock Deluxe]
Confirmed=U
Filename=SpClDlx.exe
Description=<a href="http://www.lux-aeterna.com/clock/" target="_blank">Speaking Clock Deluxe</a> - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly
Source=Paul Collins Startup list
[Special Firewall Service]
Confirmed=X
Filename=avguard.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.g@mm.html" target="_blank">NETSKY.G</a> WORM!
Source=Paul Collins Startup list
[SpecialOffers]
Confirmed=X
Filename=SpecialOffers*.exe [* = digit]
Description=Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons"
Source=Paul Collins Startup list
[SpecialOffers]
Confirmed=X
Filename=SpecialOffers.exe
Description=Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons"
Source=Paul Collins Startup list
[Speed racer]
Confirmed=N
Filename=CTSRReg.exe
Description=Software for a Creative sound card
Source=Paul Collins Startup list
[Speed Tec]
Confirmed=U
Filename=speedtec.exe
Description=<a href="http://www.montanasoft.com/speedtec/index.asp" target="_blank">Accel SpeedTec</a> from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled
Source=Paul Collins Startup list
[SpeedBoss]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list
[Speedkey]
Confirmed=U
Filename=SPEEDKEY.EXE
Description=Additional keyboard shortcuts on MS programmable keyboard
Source=Paul Collins Startup list
[SpeedMeter]
Confirmed=U
Filename=SpeedMeter.exe
Description=Application measuring upload and download speed
Source=Paul Collins Startup list
[SpeedOptimizer]
Confirmed=U
Filename=spo.exe
Description=<a href="http://www.speedoptimizer.com/" target=_blank>SpeedOptimizer</a> is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication
Source=Paul Collins Startup list
[Speedtouch USB Diagnostics]
Confirmed=U
Filename=Dragdiag.exe
Description=For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)
Source=Paul Collins Startup list
[Spees1]
Confirmed=X
Filename=speedy.scr
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Y" target="_blank">OPASERV.Y</a> WORM!
Source=Paul Collins Startup list
[Spees2]
Confirmed=X
Filename=Speedy.bat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list
[Spees3]
Confirmed=X
Filename=SPEEDY.PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD" target="_blank">OPASERV.AD</a> WORM!
Source=Paul Collins Startup list
[Spellex Anywhere]
Confirmed=N
Filename=sa.exe
Description=<a href="http://www.spellex.com/Spellex-Anywhere/default.htm" target="_blank">Spellex-Anywhere</a> - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used
Source=Paul Collins Startup list
[SpIDerMail]
Confirmed=Y
Filename=spiderml.exe
Description=<a href="http://www.drweb-online.de/index_e.htm" target="_blank">DrWeb antivirus</a> Spider Mail e-mail scanner
Source=Paul Collins Startup list
[Spinner Plus]
Confirmed=N
Filename=spinner.exe
Description="Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs
Source=Paul Collins Startup list
[SPINX]
Confirmed=X
Filename=Wscript.exe OXNEY.B.VBS
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.b@mm.html" target=_blank>YENO.B</a> and <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html" target=_blank>YENO.C</a> WORMS!
Source=Paul Collins Startup list
[SPnt]
Confirmed=X
Filename=SPnt.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SpokeSysTray]
Confirmed=U
Filename=SpokeSysTray.exe
Description=<a href="http://www.spoke.com/products/enterpriseFAQ.html" target=_blank>Spoke Software</a> client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"
Source=Paul Collins Startup list
[spoo1sv]
Confirmed=X
Filename=spoo1sv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.souljet.html" target="_blank">SOULJET</a> TROJAN!
Source=Paul Collins Startup list
[Spool]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html" target=_blank>RANKY.R</a> TROJAN!
Source=Paul Collins Startup list
[SPOOL Configuration]
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkd.html" target="_blank">SDBOT-KD</a> WORM!
Source=Paul Collins Startup list
[Spool lptt01]
Confirmed=X
Filename=spool.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Spool ml097e]
Confirmed=X
Filename=spool.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Spooler Service]
Confirmed=X
Filename=Spoolsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JOINER.C1" target="_blank">JOINER.C1</a> TROJAN!
Source=Paul Collins Startup list
[Spooler Sub System Process]
Confirmed=X
Filename=SPOOL32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN!
Source=Paul Collins Startup list
[Spooler Subsytem App]
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotmm.html" target=_blank>SDBOT-MM</a> WORM!
Source=Paul Collins Startup list
[SpoolerSubSystemProcess]
Confirmed=X
Filename=SpooI32.exe
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/e/ehks_2_1.asp" target="_blank">EHKS.21</a> keylogger! Note - the "I" between "o" and "3" is a captial "i" not a lower case "L"
Source=Paul Collins Startup list
[spoolserv]
Confirmed=X
Filename=spoolserv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">SDBOT-PN</a> WORM!
Source=Paul Collins Startup list
[SpoolService]
Confirmed=X
Filename=spolsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotcs.html" target=_blank>AGOBOT-CS</a> WORM!
Source=Paul Collins Startup list
[Spoolsv]
Confirmed=X
Filename=Spoolsv.exe
Description=Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Source=Paul Collins Startup list
[spoolsv]
Confirmed=X
Filename=scvhosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaw.html" target=_blank>SMALL-AW</a> TROJAN!
Source=Paul Collins Startup list
[spoolsvr32]
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!
Source=Paul Collins Startup list
[spoolsvr32]
Confirmed=X
Filename=csmss32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.a@mm.html" target=_blank>SPORE.A</a> WORM!
Source=Paul Collins Startup list
[Spore.b]
Confirmed=X
Filename=Scmhlpr.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.b@mm.html" target=_blank>SPORE.B</a> WORM!
Source=Paul Collins Startup list
[SPP]
Confirmed=?
Filename=run.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[spp]
Confirmed=X
Filename=regedit -s spp.reg
Description=IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
Source=Paul Collins Startup list
[sppbridge]
Confirmed=?
Filename=sppbridge.exe
Description=Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example.<font color="#FF0000"> Is it required or can it be started manually? </font>
Source=Paul Collins Startup list
[SprintPort]
Confirmed=?
Filename=SprintPortA.exe
Description=Novatel wireless modem related. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[SPSTEALT]
Confirmed=U
Filename=SmartProtectorPro.exe
Description=<a href="http://smartprotector.com/eraser/index.htm" target="_blank">Smart Protector Pro</a> - internet privacy tool that erases tracks, MRU lists, etc
Source=Paul Collins Startup list
[spstore]
Confirmed=?
Filename=storesp.exe
Description=<a href="http://www.softprobe.com/" target="_blank">Softprobe</a> - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup
Source=Paul Collins Startup list
[Spy Blocker]
Confirmed=U
Filename=spyblocker.exe
Description=<a href="http://personal.atl.bellsouth.net/mia/k/r/kryp/" target="_blank">SpyBlocker</a> blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> that some applications containing spyware subsystems may not run correctly or at all
Source=Paul Collins Startup list
[SpyBlast]
Confirmed=X
Filename=SpyBlast.exe
Description=Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others
Source=Paul Collins Startup list
[SpyBlocs]
Confirmed=X
Filename=SpyBlocs.exe
Description=<a href="http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm" target="_blank">Rogue</a> anti-spyware program
Source=Paul Collins Startup list
[SpybotSD TeaTimer]
Confirmed=U
Filename=TeaTimer.exe
Description=TeaTimer is a new tool of <a href="http://www.spamihilator.com/" target="_blank">Spybot S&D</a> - spam filter which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future
Source=Paul Collins Startup list
[SpyBotSnD]
Confirmed=U
Filename=Spybotsd.exe
Description=<a href="http://spybot.safer-networking.de/" target="_blank">Spybot - Search & Destroy</a> - free multi-spyware removal tool from Patrick Kolla
Source=Paul Collins Startup list
[Spybott lptt01]
Confirmed=X
Filename=spybott.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Spybott ml097e]
Confirmed=X
Filename=spybott.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SpyCop ScanCheck]
Confirmed=U
Filename=MAIN.EXE
Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Source=Paul Collins Startup list
[SpyHunter]
Confirmed=N
Filename=SpyHunter.exe
Description=SpyHunter - spyware remover of somewhat dubious repute, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
Source=Paul Collins Startup list
[Spykiller]
Confirmed=U
Filename=Spykiller.exe
Description=Shareware "Spyware remover" of questionable quality and repute. There are better alternatives that are freeware to boot
Source=Paul Collins Startup list
[SpyNuker]
Confirmed=X
Filename=Spynuker.exe
Description=A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers æTrekDataÆ and æBlue Haven MediaÆ, who distribute spyware through ActiveX drive-by-download on web pages
Source=Paul Collins Startup list
[SpySpotter]
Confirmed=N
Filename=SpySpotter.exe
Description=Spyware remover of dubious repute, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[SpyStopper]
Confirmed=U
Filename=spystopper.exe
Description=<a href="http://www.itcompany.com/Privacy.htm" target="_blank">SpyStopper</a> - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked
Source=Paul Collins Startup list
[SpySubtract]
Confirmed=U
Filename=SpySub.exe
Description=<a href="http://www.intermute.com/spysubtract/" target=_blank>SpySubtract</a> - multi spyware removal tool
Source=Paul Collins Startup list
[SpySweeper]
Confirmed=U
Filename=SpySweeper.exe
Description=<a href="http://www.webroot.com/wb/products/spysweeper/index.php" target="_blank">Spy Sweeper</a> - detects and removes spyware
Source=Paul Collins Startup list
[Spyware]
Confirmed=X
Filename=Spyware.exe
Description=<p align=left>BPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps" target="_blank">this</a> and <a href="http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=3912" target="_blank">this</a>. Do not support these guys!
Source=Paul Collins Startup list
[Spyware Begone]
Confirmed=N
Filename=SpywareBeGone.exe
Description=Spyware BeGone - free spyware removal utility. Not recommended - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">note</a>
Source=Paul Collins Startup list
[Spyware Begone]
Confirmed=N
Filename=freescan.exe
Description=Spyware BeGone - free spyware removal utility. Not recommended - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">note</a>
Description=<p align=left>"<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
Source=Paul Collins Startup list
[Spyware Nuker Installer]
Confirmed=X
Filename=SpywareNukerInstaller.exe
Description=<p align=left>A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers æTrekDataÆ and æBlue Haven MediaÆ, who distribute spyware through ActiveX drive-by-download on web pages
Source=Paul Collins Startup list
[Spyware remover]
Confirmed=X
Filename=Remove_spyware.exe
Description=Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!
Source=Paul Collins Startup list
[Spyware Scanner]
Confirmed=U
Filename=AseScanner.exe
Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
Source=Paul Collins Startup list
[Spyware Slayer]
Confirmed=X
Filename=SpywareSlayer.Exe
Description=Spyware remover of dubious repute, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[Spyware Stormer]
Confirmed=N
Filename=SpywareStormer.Exe
Description=SpywareStormer spyware remover. Not recommended - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[Spyware Vanisher]
Confirmed=X
Filename=FreeScanner.exe
Description=Spyware remover of dubious repute, see this <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>list</a> of Rogue/Suspect Anti-Spyware Products & Web Sites
Source=Paul Collins Startup list
[SpywareGuard]
Confirmed=U
Filename=sgmain.exe
Description=<p align=left>"<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Spywareguard ml097e]
Confirmed=X
Filename=Spywareguard.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SpywareGuardPlus]
Confirmed=X
Filename=winmm64.exe
Description=StartPage.ht homepage hijacker
Source=Paul Collins Startup list
[SpywareKilla]
Confirmed=N
Filename=SpywareKilla.exe
Description=Spyware remover of ill repute. For more info about it do a search for 'SpyareKilla' at <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">this</a> web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"
Source=Paul Collins Startup list
[SPYWATCH]
Confirmed=U
Filename=SpyWatch.exe
Description=<p align=left>BPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e746190523affff;act=ST;f=28;t=1546;hl=bps" target="_blank">this</a> and <a href="http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=3912" target="_blank">this</a>. Do not support these guys!
Source=Paul Collins Startup list
[SQConfigChecker]
Confirmed=X
Filename=cc.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants
Description=SQL Server Service Control Manager. Available via Start -> Programs
Source=Paul Collins Startup list
[SQUpdatesChecker]
Confirmed=X
Filename=uc.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants
Source=Paul Collins Startup list
[sqvynikp]
Confirmed=X
Filename=sqvynikp.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list
[sr1exe]
Confirmed=?
Filename=updtSup3.exe
Description=<font color="#FF0000">Found on a Dell computer, in a Documents and SettingsAll UsersApplication DataDellAlert2 subfolder</font>
Source=Paul Collins Startup list
[sr64]
Confirmed=X
Filename=********. exe
Description=Adware, as yet unidentified
Source=Paul Collins Startup list
[SrchfstUpdate]
Confirmed=X
Filename=srchupdt.exe
Description=SearchFast adware downloader
Source=Paul Collins Startup list
[SRFirstRun]
Confirmed=?
Filename=rundll32 srclient.dll, CreateFirstRunRp
Description=Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. <font color="#FF0000">Does this indeed need to run at every bootup?</font>
Source=Paul Collins Startup list
[Srmclean]
Confirmed=U
Filename=srmclean.exe
Description=Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"
Source=Paul Collins Startup list
[SRNG]
Confirmed=X
Filename=srng.exe
Description=Search hijacker - see <a href="http://www.doxdesk.com/parasite/Srng.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SRP Startup]
Confirmed=U
Filename=srrpro.exe
Description=<a href="http://www.definition-software.com/" target="_blank">System Restore Remover Pro</a> allows you to safely and easily remove System Restore and various other Windows Millennium "features." This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SRS Applet]
Confirmed=Y
Filename=SrsTray.Exe
Description=S3 Sonic Vibes sound card drivers - if disabled you loose sound
Source=Paul Collins Startup list
[Srv RPCrom]
Confirmed=X
Filename=NClienti386.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.watsoon.a.html" target=_blank>WATSOON.A</a> TROJAN!
Source=Paul Collins Startup list
[Srv32]
Confirmed=X
Filename=Srv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html" target="_blank">OPASERV.J</a> WORM!
Source=Paul Collins Startup list
[Srv32]
Confirmed=X
Filename=Srv32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.S" target="_blank">OPASERV.S</a> WORM!
Source=Paul Collins Startup list
[Srv32 spool service]
Confirmed=X
Filename=runsrv32.exe
Description=Topantispyware.com malware, recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Clicker.Win32.Spyre.b
Source=Paul Collins Startup list
[Srv32 spool service]
Confirmed=X
Filename=spoolsrv32.exe
Description=Topantispyware.com malware, recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Clicker.Win32.Spyre.b
Source=Paul Collins Startup list
[Srv32Old]
Confirmed=X
Filename=[worm filename].PIF
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html" target="_blank">OPASERV.J</a> WORM!
Source=Paul Collins Startup list
[Srv32Win]
Confirmed=U
Filename=SpyAgent4.exe
Description=<a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[Srv32Win]
Confirmed=U
Filename=Svchost.exe
Description=<a href="http://www.realtime-spy.com/" target="_blank">Realtime-Spy</a> keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.servsax.html" target=_blank>SERVSAX</a> TROJAN!
Source=Paul Collins Startup list
[ssate.exe]
Confirmed=X
Filename=irun4.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html" target="_blank">BEAGLE.J</a> WORM!
Source=Paul Collins Startup list
[ssate.exe]
Confirmed=X
Filename=winsys.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html" target="_blank">BEAGLE.K</a> WORM!
Source=Paul Collins Startup list
[SSBkgdUpdate]
Confirmed=N
Filename=SSBkgdupdate.exe
Description=ScanSoft OmniPage auto updater. Can be disabled using the main program's options
Source=Paul Collins Startup list
[SSC_UserPrompt]
Confirmed=?
Filename=UsrPrmpt.exe
Description=Part of Symantec (Norton) Security Centre. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[Ssd]
Confirmed=Y
Filename=Std.exe
Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - file and folder hiding/locking utility
Source=Paul Collins Startup list
[ssdiag]
Confirmed=?
Filename=ssdiag.exe
Description=<a href="http://www.equinox.com/Utilities147.html" target="_blank">Equinox</a> "Configuration and DOS Diagnostic for DOS and Windows platforms"
Source=Paul Collins Startup list
[SSDPSRV]
Confirmed=N
Filename=ssdpsrv.exe
Description=Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
Source=Paul Collins Startup list
[ssgrate.exe]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.c.html" target="_blank">MITGLIEDER.C</a> TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Confirmed=X
Filename=irun.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.d.html" target="_blank">MITGLIEDER.D</a> TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Confirmed=X
Filename=irun4.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.f.html" target="_blank">MITGLIEDER.F</a> TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Confirmed=X
Filename=sysdoor.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.n.html" target="_blank">MITGLIEDER.N</a> TROJAN!
Source=Paul Collins Startup list
[ssgrate.exe]
Confirmed=X
Filename=winerdir.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.o.html" target="_blank">MITGLIEDER.O</a> TROJAN!
Source=Paul Collins Startup list
[SSK Service]
Confirmed=X
Filename=winssk32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html" target="_blank">SOBIG.E</a> WORM!
Source=Paul Collins Startup list
[SSL]
Confirmed=X
Filename=svchost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[ssmmgr]
Confirmed=U
Filename=ssmmgr.exe
Description=Samsung printer monitor - for checking ink levels, etc.
Source=Paul Collins Startup list
[sstata]
Confirmed=X
Filename=dwdas.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/TROJAN!.dasda.html" target="_blank">DASDA</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.helios.b.html" target="_blank">HELIOS.B</a> TROJAN!
Source=Paul Collins Startup list
[SSWPlauncher]
Confirmed=X
Filename=comet.exe /app:SSWPlauncher
Description=<a href="http://www.doxdesk.com/parasite/CometCursor.html" target="_blank">CometCursor</a> by Comet Systems
Source=Paul Collins Startup list
[Stacmon]
Confirmed=N
Filename=Stacmon.exe
Description=Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
Source=Paul Collins Startup list
[Start]
Confirmed=Y
Filename=Quick95.exe
Description=For a <a href="http://www.nisis.com/index.html" target="_blank">Nisis G6 USB Graphics Tablet</a>. Re-enables itself if disabled therefore best left alone
Description=Cyber Power <a href="http://www.cyberpowersystems.com/1500AVR.htm" target="_blank">PowerPanelPlus</a> software. "In the event of a power outage, PowerPanelPlus Software automatically saves and closes all open files, and then shuts down the computer system in an intelligent and orderly manner"
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Start Upping]
Confirmed=X
Filename=taskmrg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotma.html" target="_blank">RBOT-MA</a> WORM!
Source=Paul Collins Startup list
[Start Upping]
Confirmed=X
Filename=SVCHOSTES.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnb.html" target=_blank>RBOT-NB</a> WORM!
Source=Paul Collins Startup list
[Start Upping]
Confirmed=X
Filename=taksmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqk.html" target=_blank>RBOT-QK</a> WORM!
Source=Paul Collins Startup list
[Start Uppings]
Confirmed=X
Filename=svcchosts.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VY" target="_blank">SDBOT.VY</a> WORM!
Source=Paul Collins Startup list
[Start Uppings]
Confirmed=X
Filename=mssupdate.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Start Wingman Profiler]
Confirmed=N
Filename=lwtest.exe
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list
[Start Wingman Profiler]
Confirmed=N
Filename=lwemon.exeááá
Description=Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked
Source=Paul Collins Startup list
[Startacc]
Confirmed=U
Filename=startacc.exe
Description=Launches Webroot's <a href="http://www.webroot.com/wb/products/accelerate/index.php" target="_blank">Accelerate</a> 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection
Source=Paul Collins Startup list
[StartEAK]
Confirmed=Y
Filename=StartEAK.exe
Description=<a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank">Easy Access</a> Button Support for Compaq PCs. Required if you use these
Source=Paul Collins Startup list
[starter]
Confirmed=X
Filename=scvhosting.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.e.html" target="_blank">IRCBOT.E</a> TROJAN!
Source=Paul Collins Startup list
[Starter]
Confirmed=X
Filename=scvhosting.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RU" target="_blank">SDBOT.RU</a> WORM!
Source=Paul Collins Startup list
[startl.exe]
Confirmed=N
Filename=startl.exe
Description=<a href="http://www.lingoware.com/english/" target="_blank">Lingocom LingoWare</a> - translates any application into your language
Source=Paul Collins Startup list
[StartMenu]
Confirmed=X
Filename=s_menu.exe
Description=Added by a variant of the DELF-A TROJAN!
Source=Paul Collins Startup list
[startpage]
Confirmed=X
Filename=startpage.exe
Description=Browser hijacker - redirecting to pages2start.com
Source=Paul Collins Startup list
[STARTPAGE]
Confirmed=U
Filename=start1.exe
Description=<a href="http://www.nospy.org/1/" target=_blank>NoSpy.org</a> - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder
Source=Paul Collins Startup list
[StartStop]
Confirmed=U
Filename=STARTSTOP.EXE
Description=<a href="http://www.tfi-technology.com/startstop/default.htm" target="_blank">StartStop</a> from TFI Technology - startup manager
Source=Paul Collins Startup list
[StartSurfing]
Confirmed=U
Filename=STARTS.exe
Description=<a href="http://www.startsurfing.com" target="_blank">Start Surfing</a> allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[StartupMonitor]
Confirmed=U
Filename=StartupMonitor.exe
Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Source=Paul Collins Startup list
[startwindowskeyuser]
Confirmed=X
Filename=rundle2.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html" target="_blank">JAVAKILLER</a> TROJAN!
Source=Paul Collins Startup list
[Stat 'n' Perf]
Confirmed=N
Filename=StatnPerf.exe
Description=<a href="http://www.soft4ever.com/StatnPerf/En/" target="_blank">Stat 'n' Perf </a>monitors your internet connection and displays information about sent and received bytes
Source=Paul Collins Startup list
[StatBar]
Confirmed=X
Filename=STATBAR.exe
Description=<a href="http://www.statbar.nl/" target="_blank">StatBar</a> (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me
Source=Paul Collins Startup list
[Status Monitor]
Confirmed=N
Filename=BrMfcWnd.exe
Description=Brother scanner status monitor - can be started manually
Source=Paul Collins Startup list
[Status Monitor XE]
Confirmed=N
Filename=ENGSS.EXE
Description=The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
Source=Paul Collins Startup list
[StatusClient 2.6]
Confirmed=?
Filename=StatusClient.exe
Description=Part of Hewlett Packard network printer drivers.
Source=Paul Collins Startup list
[Stay Connected!]
Confirmed=N
Filename=StayCon.exe
Description=More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs
Source=Paul Collins Startup list
[StayAlive]
Confirmed=U
Filename=sa.exe
Description=<a href="http://www.tfi-technology.com/stayalive.htm" target="_blank">StayAlive</a> from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."
Source=Paul Collins Startup list
[STBVision]
Confirmed=?
Filename=STBVisn.exe
Description=Related to the STB Velocity graphics card. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[STBWEBTV]
Confirmed=N
Filename=STBWEBTV.EXE
Description=Used to display TV on your PC
Source=Paul Collins Startup list
[stcinstaller]
Confirmed=X
Filename=id53.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L" target=_blank>SCTHOUGHT.L</a> TROJAN!
Source=Paul Collins Startup list
[stcloader]
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[stcloader]
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCLOA~1]
Confirmed=X
Filename=stcloader.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCLOA~1]
Confirmed=X
Filename=STCLOA~1.exe
Description=Popup adware by 2ndThought software
Source=Paul Collins Startup list
[STCPO]
Confirmed=Y
Filename=STCPO.exe
Description=Sophos Sweep antivirus software
Source=Paul Collins Startup list
[Stealth Anonymizer 2.5]
Confirmed=U
Filename=stealth25.exe
Description=Now named <a href="http://www.photono-software.de/Stealther/main.php3" target="_blank">Stealther</a> - proxy server agent that lets you travel the Internet with maximum possible privacy
Source=Paul Collins Startup list
[Steam]
Confirmed=N
Filename=steam.exe
Description=Valve Software's <a href="http://www.steampowered.com/" target="_blank">STEAM</a> broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game
Source=Paul Collins Startup list
[Stickies]
Confirmed=N
Filename=STICKIES.EXE
Description=<a href="http://www.btinternet.com/~tom.revell/" target="_blank">Stickies</a> - utility that allows you to put yellow "Post-It" type messages on your desktop and can be used to set reminders. Available via Start -> Programs
Description=Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs
Source=Paul Collins Startup list
[StillImageMonitor]
Confirmed=U
Filename=Stimon.exe
Description=Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners
Source=Paul Collins Startup list
[stlbdist]
Confirmed=X
Filename=rundll32exe stlbdist.DLL, DllRunMain
Description=Hijacker pointing to www.searchandclick.com
Description=Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see <a href="http://flr.free.fr/spip/article.php?id_article=56" target=_blank>here</a>
Source=Paul Collins Startup list
[stmha]
Confirmed=X
Filename=wkfxi.js
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.speth.worm.html" target=_blank>SPETH</a> WORM!
Source=Paul Collins Startup list
[StopSignStatus]
Confirmed=N
Filename=stopsinfo.dll", VerifyStatus
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Source=Paul Collins Startup list
[STPMGR]
Confirmed=?
Filename=STPMGR.EXE
Description=<font color="#FF0000">Part of <a href="http://safetp.cs.berkeley.edu/" target="_blank">SafeTP</a> which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs</font>
Source=Paul Collins Startup list
[Strng32]
Confirmed=X
Filename=strngbox.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.strano.html" target="_blank">STRANO</a> WORM!
Source=Paul Collins Startup list
[StubPath]
Confirmed=X
Filename=Sservice.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html" target="_blank">PRORAT</a> TROJAN!
Source=Paul Collins Startup list
[StyleXP]
Confirmed=U
Filename=StyleXP.exe
Description=<a href="http://www.tgtsoft.com/product.html" target="_blank">StyleXP</a> allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it
Source=Paul Collins Startup list
[Subtract the Ads]
Confirmed=N
Filename=AdSub.exe
Description=Removes adverts from web pages. Although useful - not required
Source=Paul Collins Startup list
[Suitcase Startup]
Confirmed=U
Filename=Suitcase.exe
Description=<a href="http://www.extensis.com/en/products/font_management.jsp" target="_blank">Suitcase</a>. System font manager start up utility. Used for dynamic managment of fonts on your system
Source=Paul Collins Startup list
[SULFNBJ.EXE]
Confirmed=X
Filename=SULFNBJ.EXE
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.DAM" target="_blank">PE_MAGISTR.DAM</a> VIRUS!
Source=Paul Collins Startup list
[SunJavaUpdate]
Confirmed=X
Filename=smvss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
Source=Paul Collins Startup list
[SunJavaUpdateSched]
Confirmed=N
Filename=jusched.exe
Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
Source=Paul Collins Startup list
[Sunkist]
Confirmed=U
Filename=shwicon98.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list
[Sunkist2k]
Confirmed=U
Filename=shwicon2k.exe
Description=Card reader for memory cards from digital cameras, etc
Source=Paul Collins Startup list
[SupaDial]
Confirmed=?
Filename=SupaDial.exe
Description=SupaNet.com modem driver related - <font color="#FF0000">is it required?</font>
Description=<a href="http://www.softandco.com/redir.html?u=http://www.SouthBayPC.com/SuperCleaner&pn=SuperCleaner" target="_blank">Supercleaner</a> - all in one disk cleaner for your computer
Source=Paul Collins Startup list
[SuperCool Compress Backup]
Confirmed=U
Filename=Main.exe
Description="<a href="http://www.supercoolbookmark.com/zipbackup/">SuperCool Zip Backup</a> software is a data backup,restore and file synchronization program"
Source=Paul Collins Startup list
[Supernova]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A" target="_blank">SURNOVA</a> (or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.supova.worm.html" target="_blank">SUPOVA</a>) WORM!
Source=Paul Collins Startup list
[superslut]
Confirmed=X
Filename=msslut32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32slutera.html" target="_blank">SLUTER-A</a> WORM!
Description=Has been reported to be associated with various antitrojan software like <a href="http://www.atshield.com/" target=_blank>ATS</a> and <a href="http://www.astonsoft.com/" target=_blank>PC Doorguard</a>. If so it's required in Startup - any further information is welcome
Source=Paul Collins Startup list
[supporter5]
Confirmed=X
Filename=supporter5.exe
Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
Source=Paul Collins Startup list
[SureCleanProfessional]
Confirmed=U
Filename=SRClean.exe
Description=<a href="http://www.panicware.com/product_sureclean.html" target=_blank>SureClean</a> PC and Internet tracks cleaner
Description=SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by <a href="http://www.surfapps.com/surfbuddy/index.html" target=_blank>SurfApps!</a>
Source=Paul Collins Startup list
[SurfChoice]
Confirmed=U
Filename=SCMan.exe
Description=SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa
Source=Paul Collins Startup list
[Surfer lptt01]
Confirmed=X
Filename=surfer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Surfer ml097e]
Confirmed=X
Filename=surfer.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SurfinGuard Pro]
Confirmed=U
Filename=winsfcm.exe
Description=<a href="http://www.finjan.com/products/surfinguard.cfm" target="_blank">SurfinGuard Pro</a> - internet protection software
Source=Paul Collins Startup list
[SurfSecret]
Confirmed=U
Filename=ss2-full.exe
Description="House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache"
Description=Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"
Description=Found in the Sony\Vaio\survey directory on a Sony Vaio PC. <font color="#FF0000" target="_blank">What does it do and is it required?</font>
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[SustemUpdate]
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[SVA Player]
Confirmed=X
Filename=SVAplayer.exe
Description=<a href="http://www.quickflicks.com/index.html" target="_blank">QuickFlicks Streaming Player</a> - regarded as spyware. See <a href="http://www.quickflicks.com/help.html" target="_blank">here</a> for details of how to disable or uninstall it
Source=Paul Collins Startup list
[Svc]
Confirmed=X
Filename=svc.exe
Description=Hijacker, <a href="http://www.doxdesk.com/parasite/ClientMan.html" target="_blank"> Clientman</a> parasite variant, redirecting to madfinder.com. Detected by Symantec as the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.madfind.html" target="_blank"> MADFIND</a> TROJAN!
Source=Paul Collins Startup list
[SVC Service]
Confirmed=X
Filename=svcinit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sinit.html" target="_blank">SINIT</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.f.html" target="_blank">DELF.F</a> TROJAN!
Source=Paul Collins Startup list
[SvcH0st]
Confirmed=X
Filename=msexploren.exe
Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_127365.htm" target="_blank">BACKDOOR-CGZ</a> TROJAN!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=Svch0st.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.graybird.b.html" target="_blank">GRAYBIRD.B</a> TROJAN!
Source=Paul Collins Startup list
[SVCHOST]
Confirmed=X
Filename=svchost.exe
Description=System1060 homepage hi-jacker. Found in a Windows\System1060 directory. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.morb@mm.html" target="_blank">MORB</a> WORM or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.html" target="_blank">TARNO</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SVCHOST]
Confirmed=X
Filename=mrowyekdc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gotorm.html" target="_blank">GOTORM</a> WORM!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=Svch0st.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html" target="_blank">GRAYBIRD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html" target="_blank">HAZZER</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=ADMAGIC.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.smibag.worm.html" target="_blank">SMIBAG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Svchost]
Confirmed=X
Filename=winhost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.A" target="_blank">LOLAWEB.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Svchost]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mozea.html" target="_blank">MOXE-A</a> WORM! This is not the valid svchost.exe as described <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q250320&" target="_blank" target="_blank">here</a>
Source=Paul Collins Startup list
[SVCHOST]
Confirmed=X
Filename=var.txt.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/pwsteal.ldpinch.c.html" target="_blank">LDPINCH.C</a> TROJAN!
Source=Paul Collins Startup list
[Svchost]
Confirmed=X
Filename=svchosl.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.a@mm.html" target=_blank>INZAE.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html" target=_blank>INZAE.B</a> WORMS!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=[path] SETUP.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html" target=_blank>SETCLO</a> WORM!
Source=Paul Collins Startup list
[svchost]
Confirmed=X
Filename=[path] SETUP.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html" target=_blank>SETCLO</a> WORM!
Source=Paul Collins Startup list
[svchost.exe]
Confirmed=X
Filename=svchost32.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related. Note - this is not the valid svchost.exe as described <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q250320&" target="_blank">here</a>
Source=Paul Collins Startup list
[svchost1]
Confirmed=X
Filename=svchost1.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZZ" target=_blank>AGOBOT.ZZ</a> WORM!
Source=Paul Collins Startup list
[SvcHost32]
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html" target="_blank">MIMAIL.I</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.j@mm.html" target="_blank">MIMAIL.J</a> WORMS!
Source=Paul Collins Startup list
[svchost64]
Confirmed=X
Filename=svchost64.exe
Description=Added by the SDBOTER.G VIRUS!
Source=Paul Collins Startup list
[svchostr]
Confirmed=X
Filename=svchostr.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[svcinfo]
Confirmed=X
Filename=svcinfo.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[svcroot]
Confirmed=X
Filename=svcroot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogac.html" target=_blank>KEYLOG-AC</a> TROJAN!
Source=Paul Collins Startup list
[svcsys32]
Confirmed=X
Filename=svcsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotll.html" target=_blank>AGOBOT-LL</a> WORM!
Source=Paul Collins Startup list
[svcwinprocess32]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html" target="_blank">UPERING</a> WORM!
Source=Paul Collins Startup list
[SVHOST]
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.i@mm.html" target="_blank">MYDOOM.I</a> WORM!
Source=Paul Collins Startup list
[Svhost Loader]
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.G" target=_blank>AGOBOT.G</a> WORM!
Source=Paul Collins Startup list
[SVIDC32M]
Confirmed=?
Filename=SVIDC32M.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SVM Pop]
Confirmed=?
Filename=svmpop.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[svphost.exe]
Confirmed=X
Filename=svphost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CS&VSect=T" target=_blank>AGENT.CS</a> TROJAN!
Source=Paul Collins Startup list
[svrrun]
Confirmed=X
Filename=svrrun.exe
Description=Adware hailing from Deskwizz.com
Source=Paul Collins Startup list
[svshost]
Confirmed=X
Filename=svshost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[svshost32]
Confirmed=X
Filename=msgrsv32.exe
Description=Added by the RANKY.AJ TROJAN!
Source=Paul Collins Startup list
[svshostdriver]
Confirmed=X
Filename=svshost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbothn.html" target=_blank>SDBOT-HN</a> TROJAN!
Source=Paul Collins Startup list
[svwin32]
Confirmed=X
Filename=unninst32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnf.html" target=_blank>AGOBOT-NF</a> WORM!
Source=Paul Collins Startup list
[SVX Control Service]
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotk.html" target="_blank">FORBOT-K</a> WORM!
Source=Paul Collins Startup list
[Swap Nut]
Confirmed=N
Filename=javaw.exe
Description=SwapNut is a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network
Source=Paul Collins Startup list
[SWCaller]
Confirmed=X
Filename=SWcaller.exe
Description=Homepage hijacker - see <a href="http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html" target="_blank">here</a>
Source=Paul Collins Startup list
[SWCaller]
Confirmed=X
Filename=Swcaller2.exe
Description=Homepage hijacker - see <a href="http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html" target="_blank">here</a>
Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
Source=Paul Collins Startup list
[Swf32]
Confirmed=X
Filename=AVupdate.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.merkur.e@mm.html" target="_blank">MERKUR</a> WORM!
Source=Paul Collins Startup list
[Swf32]
Confirmed=X
Filename=_backup.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html" target="_blank">SYMTEN</a> WORM!
Source=Paul Collins Startup list
[SwimSuitNetwork]
Confirmed=X
Filename=SwimSuitNetwork.exe
Description=Advertising spyware
Source=Paul Collins Startup list
[Switch Off]
Confirmed=U
Filename=swoff.exe
Description=<a href="http://yasoft.km.ru/eng/" target="_blank">Switch Off</a> - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc
Source=Paul Collins Startup list
[Switchboard.com Toolbar]
Confirmed=N
Filename=AtHoc.exe
Description=Toolbar for the on-line version of Yellow Pages in the US - <a href="http://www.switchboard.com/" target="_blank">Switchboard.com</a>
Source=Paul Collins Startup list
[sws.exe]
Confirmed=X
Filename=[random filename]
Description=<a href="http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html" target="_blank">Haldex</a> type adult content dialler
Source=Paul Collins Startup list
[SwTray]
Confirmed=N
Filename=SWTRAY.EXE
Description=MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it
Source=Paul Collins Startup list
[SWTrayV4]
Confirmed=N
Filename=SWTrayV4.exe
Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
Source=Paul Collins Startup list
[SYDNEY]
Confirmed=X
Filename=[file path]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html" target="_blank">SYNEY</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Confirmed=X
Filename=Win32x.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkz.html" target="_blank">RBOT-KZ</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VI" target=_blank>RBOT.VI</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Confirmed=X
Filename=sysgut.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WM&Vsect=T" target=_blank>SDBOT.WM</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Confirmed=X
Filename=Sygate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpn.html" target=_blank>RBOT-PN</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall]
Confirmed=X
Filename=Mcafeeupdate.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66562&VName=WORM_RBOT.YN&VSect=T" target=_blank>RBOT.YN</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall Start]
Confirmed=X
Filename=services32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmb.html" target="_blank">RBOT-MB</a> WORM!
Source=Paul Collins Startup list
[Sygate Personal Firewall Start]
Confirmed=X
Filename=servic.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotry.html" target=_blank>RBOT-RY</a> WORM!
Source=Paul Collins Startup list
[Sygate Personals Firewalls]
Confirmed=X
Filename=ccsrn.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[SyGateService]
Confirmed=U
Filename=sgserv95.exe
Description=<a href="http://www.sygate.com/" target="_blank">SyGate</a> is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs
Source=Paul Collins Startup list
[Symantec Anti Virus]
Confirmed=X
Filename=symantec32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list
[Symantec Configuration Loader]
Confirmed=X
Filename=ccApp32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.hllw.gaobot.gen.html" target="_blank">GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Symantec Core LC]
Confirmed=Y
Filename=symlcsvc.exe
Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
Source=Paul Collins Startup list
[Symantec Fax Starter Edition Port]
Confirmed=N
Filename=OLFSNT40.EXE
Description=Offers a virtual printer as a fax machine. Can be run via a desktop shortcut
Source=Paul Collins Startup list
[Symantec NetDriver Monitor]
Confirmed=U
Filename=SNDMon.exe
Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadtes but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
Source=Paul Collins Startup list
[Symantec Security]
Confirmed=X
Filename=symantec32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.pr.html" target="_blank">RANDEX.PR</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.yr.html" target="_blank">RANDEX.YR</a> WORMS!
Source=Paul Collins Startup list
[Symantec Security Addon]
Confirmed=X
Filename=nvsvc.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Symantec Security Routine Addon for Microsoft Windows]
Confirmed=X
Filename=navpxaw32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqj.html" target=_blank>AGOBOT-GJ</a> TROJAN!
Source=Paul Collins Startup list
[SymAV]
Confirmed=X
Filename=SymAV.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.u@mm.html" target="_blank">NETSKY.U</a> WORM!
Source=Paul Collins Startup list
[SymKeepAlive]
Confirmed=U
Filename=CKA.exe
Description=Part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2003</a> - keeps a dial-up modem connection alive
Source=Paul Collins Startup list
[SymTray - Norton SystemWorks]
Confirmed=N
Filename=SYMTRAY.EXE
Description=Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray
Source=Paul Collins Startup list
[Sync Data]
Confirmed=U
Filename=Hndsync.exe
Description=<a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp">Pocket Real Estate</a> - mobile synchronization manager
Source=Paul Collins Startup list
[Sync Server]
Confirmed=X
Filename=drwatsoon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.watsoon.a.html" target=_blank>WATSOON.A</a> TROJAN!
Source=Paul Collins Startup list
[Sync-It]
Confirmed=U
Filename=Syncit.exe
Description=<a href="http://www.tolvanen.com/syncit/" target="_blank">Sync-It</a> - synchronizes the system clock with time servers on the internet
Source=Paul Collins Startup list
[SyncAgent]
Confirmed=U
Filename=syncagent.exe
Description=<a href="http://www.keylogger.net/" target="_blank">Ghost Keylogger</a> (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Source=Paul Collins Startup list
[Synchronization Manager]
Confirmed=N
Filename=mobsync.exe
Description=Find more information about its use <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;256139" target="_blank">here</a>
Source=Paul Collins Startup list
[SynSetup]
Confirmed=?
Filename=SynTP.tmp RunOnce.exe
Description=<font color="#FF0000">Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?</font>
Source=Paul Collins Startup list
[Syntax Script]
Confirmed=X
Filename=systacq.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ai.html" target=_blank>SDBOT.AI</a> WORM!
Source=Paul Collins Startup list
[SynTPEnh]
Confirmed=U
Filename=syntpenh.exe
Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
Source=Paul Collins Startup list
[SynTPLpr]
Confirmed=Y
Filename=syntplpr.exe
Description=Synaptics touchpad driver helper. Required for touchpad features to work
Description=Added by the <a href="http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?VName=BKDR_FLUX.E" target=_blank>FLUX.E</a> TROJAN!
Source=Paul Collins Startup list
[sys32cmd]
Confirmed=U
Filename=sys32win.exe
Description=Active Keylogger monitoring software - also see <a href="http://securityresponse.symantec.com/avcenter/venc/data/spyware.activekeylog.html" target="_blank">here</a>. From the Symantec article: "This spyware program must be manually installed. However, there are several known programs that have Spyware.ActiveKeylog within them and that install it as the program itself is installed". Disable/remove if you didn't install it
Description=<a href="http://www.netsizzle.net/sysagent.asp" target="_blank">SYSagent</a> - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Source=Paul Collins Startup list
[SysAI]
Confirmed=X
Filename=SysAI.exe
Description=<a href="http://doxdesk.com/parasite/AproposMedia.html" target="_blank">AproposMedia</a> adware - also creates SysAI folder in Program Files where the SysAI.exe is also located
Source=Paul Collins Startup list
[Sysbot]
Confirmed=U
Filename=sysbot.exe
Description=<a href="http://www.spectorsoft.com/products/Spector_Windows/index.html" target="_blank">Spector</a> - spying (or monitoring) software to record internet activity
Source=Paul Collins Startup list
[syscfg]
Confirmed=X
Filename=syscfg32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.s.worm@mm.html" target="_blank">KWBOT.S</a> WORM!
Source=Paul Collins Startup list
[syscfg34.exe]
Confirmed=X
Filename=syscfg34.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html" target="_blank">ELECTRON</a> WORM!
Description=<font color="#FF0000">Unknown but suspect as *.com are not usually run at start up and the name isn't recognized</font>
Source=Paul Collins Startup list
[syscon lptt01]
Confirmed=X
Filename=syscon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Syscon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[syscon ml097e]
Confirmed=X
Filename=syscon.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Syscon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[sysconfig]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.html" target="_blank">CULT.C</a> WORM!
Source=Paul Collins Startup list
[SysConfig]
Confirmed=X
Filename=syscfg35.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kazmor.c.html" target="_blank">KAZMOR.C</a> WORM!
Source=Paul Collins Startup list
[sysconfig]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.h@mm.html" target="_blank">CULT.H</a> WORM!
Source=Paul Collins Startup list
[SysConfig]
Confirmed=X
Filename=wincfg32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
Source=Paul Collins Startup list
[Syscpy]
Confirmed=X
Filename=Syscpy.exe
Description=Firewall-bypassing, proxied spam relayer. Detected by Symantec as the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hogle.html" target="_blank"> HOGLE</a> TROJAN!
Source=Paul Collins Startup list
[SysCtl]
Confirmed=X
Filename=sysctl.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99942.htm" target="_blank">AOK</a> TROJAN!
Source=Paul Collins Startup list
[Sysctrls]
Confirmed=X
Filename=procdll.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WEEDBOTZ.14&VSect=T" target="_blank">WEEDBOTZ.14</a> TROJAN!
Source=Paul Collins Startup list
[sysdir]
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html" target="_blank">WINBUR.B</a> WORM!
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[syshelp]
Confirmed=X
Filename=syshelp.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[sysinfo]
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bedrill.html" target="_blank">BEDRILL</a> TROJAN!
Source=Paul Collins Startup list
[sysinfo.exe]
Confirmed=X
Filename=sysinfo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.v@mm.html" target="_blank">BEAGLE.V</a> WORM!
Source=Paul Collins Startup list
[SysInit]
Confirmed=X
Filename=wininit32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.xabot.worm.html" target="_blank">XABOT</a> WORM!
Source=Paul Collins Startup list
[sysinit]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnewifrma.html" target="_blank">NEWLFRM-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Sysino]
Confirmed=X
Filename=lsess.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbf.html" target=_blank>FORBOT-BF</a> WORM!
Source=Paul Collins Startup list
[sysint16]
Confirmed=X
Filename=sysint16.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcryptera.html" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Syskey]
Confirmed=X
Filename=sysinit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ax@mm.html" target=_blank>BEAGLE.AX</a> WORM!
Source=Paul Collins Startup list
[Syslib]
Confirmed=X
Filename=Syslib.exe
Description=Adult content related downloader trojan
Source=Paul Collins Startup list
[Syslog lptt01]
Confirmed=X
Filename=Syslog.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Syslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Syslog ml097e]
Confirmed=X
Filename=Syslog.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Syslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[syslogin.exe]
Confirmed=X
Filename=syslogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagzb.html" target="_blank">BAGZ-B</a> WORM!
Source=Paul Collins Startup list
[SysMetrix]
Confirmed=U
Filename=SysMetrix.exe
Description=<a href="http://www.xymantix.com/sysmetrix/" target="_blank">SysMetrix</a> - skinnable clock and metering application. It monitors and reports on a great number of statistics
Source=Paul Collins Startup list
[sysmon]
Confirmed=X
Filename=sysmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.bizex.worm.html" target="_blank">BIZEX</a> WORM!
Source=Paul Collins Startup list
[Sysmon]
Confirmed=X
Filename=rpcmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.atx.html" target="_blank">RANDEX.ATX</a> WORM!
Source=Paul Collins Startup list
[sysmon]
Confirmed=X
Filename=sysmon44.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_122468.htm" target=_blank>BACKDOOR-CBA</a> TROJAN!
Source=Paul Collins Startup list
[SysMonXP]
Confirmed=X
Filename=SysMonXP.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html" target="_blank">NETSKY.Q</a> WORM!
Source=Paul Collins Startup list
[sysnate]
Confirmed=X
Filename=sysnate.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.medias.html" target="_blank">MEDIAS</a> TROJAN!
Source=Paul Collins Startup list
[SysOps]
Confirmed=X
Filename=SysOps
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.msncorrupt.html" target="_blank">MSNCORRUPT</a> TROJAN!
Source=Paul Collins Startup list
[syspath]
Confirmed=X
Filename=drv.exe
Description=Added by the <a href="http://www.avp.ch/avpve/worms/email/sober.stm" target="_blank">SOBER</a> WORM!
Source=Paul Collins Startup list
[SysPilot]
Confirmed=U
Filename=fdxxl.exe
Description=G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see <a href="http://www.chip.de/artikel/c_artikel_8806643.html" target=_blank>here</a>. Disable/remove if you didn't install it yourself!
Source=Paul Collins Startup list
[sysPnP]
Confirmed=X
Filename=bootconf.exe
Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
Description=Search hijacker - see <a href="http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=8643&st=0&#entry60560" target="_blank"> here</a>
Source=Paul Collins Startup list
[SysPool]
Confirmed=Y
Filename=Mssvc.exe
Description=<a href="http://www.invisicom.com/index.asp" target="_blank">StealthDisk</a> - hides folders, files and applications. Will also encrypt them for better protection
Source=Paul Collins Startup list
[SysProtect]
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
Source=Paul Collins Startup list
[SysR]
Confirmed=X
Filename=sysmd.exe
Description=Adult content based "foistware" (adds hidden components to your system)
Source=Paul Collins Startup list
[SysReg]
Confirmed=X
Filename=SysReg.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.download.chekin.html" target="_blank">CHEKIN</a> TROJAN!
Description=Added by the <a href="http://www.viruslist.com/eng/viruslist.html?id=51465" target="_blank">LOGMOD</a> TROJAN!
Source=Paul Collins Startup list
[SysScan]
Confirmed=X
Filename=bvt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list
[SysSearch]
Confirmed=X
Filename=Regedit.exe -s [path] pcsearch.reg
Description=Added by the <a href="http://vil.nai.com/vil/content/v_130084.htm" target=_blank>StartPage-FN</a> browser hijacker
Source=Paul Collins Startup list
[SysSearch]
Confirmed=X
Filename=REGEDIT.EXE -s [path] sysreg.reg
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpame.html" target=_blank>STARTPA-ME</a> TROJAN!
Source=Paul Collins Startup list
[sysser]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.rahack.html" target=_blank>RAHACK</a> WORM!
Source=Paul Collins Startup list
[SysService]
Confirmed=X
Filename=SysService.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html" target="_blank">DELF</a> family of TROJANS!
Source=Paul Collins Startup list
[SysService32]
Confirmed=X
Filename=SysService32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
Source=Paul Collins Startup list
[SysService32]
Confirmed=X
Filename=ln32k.dll
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
Source=Paul Collins Startup list
[SysService32l]
Confirmed=X
Filename=systask32l.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.theug.html" target="_blank">THEUG</a> WORM!
Source=Paul Collins Startup list
[SYSsfitb]
Confirmed=X
Filename=SYSsfitb.exe
Description=Searchforit browser hijacker
Source=Paul Collins Startup list
[SysStrt]
Confirmed=X
Filename=systemc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqa.html" target=_blank>AGOBOT-QA</a> TROJAN!
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=run322.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lanfilt.html" target="_blank">LANFILT</a> TROJAN!
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=system.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list
[system]
Confirmed=X
Filename=regedit -s system.dll
Description=Homepage hijacker
Source=Paul Collins Startup list
[system]
Confirmed=X
Filename=systemsearch.hta
Description=Jetseeker.com hijacker
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=dcomx.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html" target="_blank">CIREBOT</a> TROJAN!
Source=Paul Collins Startup list
[system]
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html" target="_blank">GRAYBIRD</a> TROJAN! Note - this is located in this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) rather than the valid Windows Explorer which is located in C:\Windows or C:\Winnt
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=YPager.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN! Note - this is not Yahoo! Messenger
Source=Paul Collins Startup list
[system]
Confirmed=X
Filename=outlook.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.q@mm.html" target="_blank">MIMAIL.Q</a> WORM! Note that Microsoft's outlook.exe resides in the Program Files sub-directory wheras this resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=Atira.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kotira.html" target="_blank">KOTIRA</a> VIRUS!
Source=Paul Collins Startup list
[SYSTEM]
Confirmed=X
Filename=lsas.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ" target="_blank">SPYBOT.CJ</a> WORM!
Source=Paul Collins Startup list
[System]
Confirmed=X
Filename=kernels32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html" target=_blank>DLOADER-FC</a> TROJAN!
Source=Paul Collins Startup list
[System 64 Driver for Games]
Confirmed=X
Filename=sys64dvr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[System Applications Profile]
Confirmed=X
Filename=sap.exe
Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotqf.html" target=_blank>RBOT-QF</a> WORM!
Source=Paul Collins Startup list
[System Backup]
Confirmed=X
Filename=msystem.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[System Cache]
Confirmed=X
Filename=SysCache.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[System Check]
Confirmed=U
Filename=Rundll32.exe SysDll32.dll, SystemCheck
Description=<a href="http://www.x-pcsoft.com/" target="_blank">XPCSpy Pro</a> keylogger, surveillance and monitoring software
Source=Paul Collins Startup list
[system check]
Confirmed=X
Filename=updater.exe
Description=Unidentified adware downloader
Source=Paul Collins Startup list
[System Config Manager]
Confirmed=X
Filename=crss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH" target="_blank">AGOBOT.GH</a> WORM!
Source=Paul Collins Startup list
[System Configuration]
Confirmed=X
Filename=iexplore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.a.d.html" target="_blank">RANDEX.AD</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
Source=Paul Collins Startup list
[System Diagnostics]
Confirmed=X
Filename=sysdiag32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
Source=Paul Collins Startup list
[System DLF]
Confirmed=N
Filename=cpqdiaga.exe
Description=Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
Source=Paul Collins Startup list
[System Document Application]
Confirmed=X
Filename=nmod.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html" target=_blank>SDBOT-ABB</a> WORM!
Source=Paul Collins Startup list
[System driver]
Confirmed=X
Filename=Messenger.exe
Description=Added by a variant of the SMALL.BJ TROJAN!
Source=Paul Collins Startup list
[System Efficiency Monitor]
Confirmed=X
Filename=mscedit32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.p.html" target="_blank">SDBOT.P</a> TROJAN!
Source=Paul Collins Startup list
[System Efficiency Monitor]
Confirmed=X
Filename=mscommand.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.p.worm.html" target="_blank">KWBOT.P</a> WORM!
Source=Paul Collins Startup list
[System Executable DLL Library]
Confirmed=X
Filename=EXECDLL32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.az.html" target="_blank">RANDEX.AZ</a> WORM!
Source=Paul Collins Startup list
[System Failure Statistic]
Confirmed=X
Filename=cnstat.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlf.html" target="_blank">RBOT-LF</a> WORM!
Source=Paul Collins Startup list
[System File Drivers]
Confirmed=X
Filename=nvsysvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WJ" target="_blank">AGOBOT.WJ</a> WORM!
Source=Paul Collins Startup list
[System Handler]
Confirmed=X
Filename=LSASS.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html" target="_blank">NIMOS</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[System Host Service]
Confirmed=X
Filename=svchost.exe
Description=Added the the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.f@mm.html" target="_blank">CONE.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[System Information Manager]
Confirmed=X
Filename=Navcpe.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqb.html" target="_blank">SDBOT-QB</a> WORM!
Source=Paul Collins Startup list
[System Information Manager]
Confirmed=X
Filename=Msbb.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[System Initialization]
Confirmed=X
Filename=msmsgri32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html" target="_blank"> RANDEX.D</a> WORM or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.html" target="_blank">ROXY</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.b.html" target="_blank">ROXY.B</a> TROJANS!
Source=Paul Collins Startup list
[System Initialization]
Confirmed=X
Filename=payload.dat
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html" target="_blank"> RANDEX.D</a> WORM or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.html" target="_blank">ROXY</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.b.html" target="_blank">ROXY.B</a> TROJANS!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotji.html" target="_blank">AGOBOT-JI</a> WORM!
Source=Paul Collins Startup list
[System Manager]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerae.html" target=_blank>BANKER-AE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[system manager]
Confirmed=X
Filename=System.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbo.html" target=_blank>FORBOT-BO</a> WORM!
Source=Paul Collins Startup list
[System Manager]
Confirmed=X
Filename=winsrv32.exe
Description=Added by an unidentified WORM or TROJAN!
Description=Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal
Source=Paul Collins Startup list
[System Monitor]
Confirmed=X
Filename=Sysmon16.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list
[System MScvb]
Confirmed=X
Filename=mscvb32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html" target="_blank">SOBIG.C</a> WORM!
Source=Paul Collins Startup list
[System Profile]
Confirmed=X
Filename=Regsrv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
Source=Paul Collins Startup list
[System Restore]
Confirmed=X
Filename=svcnet.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.tibick.html" target="_blank">TIBICK</a> WORM!
Source=Paul Collins Startup list
[System Restore Data]
Confirmed=X
Filename=[path] repcale.exe [path] beird.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN" target=_blank>RANDON.AN</a> WORM!
Source=Paul Collins Startup list
[System Service]
Confirmed=X
Filename=MSREXE.EXE
Description=Added by the <a href="http://vil.nai.com/vil/content/v_99793.htm" target="_blank">AML</a> TROJAN!
Source=Paul Collins Startup list
[system service]
Confirmed=X
Filename=spoolcrv.cpl
Description=Added by the INSPIR.11 TROJAN!
Source=Paul Collins Startup list
[System Service]
Confirmed=X
Filename=systems.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=64895&VName=WORM_AGOBOT.VZ&VSect=T" target="_blank">AGOBOT.VZ</a> WORM!
Source=Paul Collins Startup list
[System Soap Pro]
Confirmed=X
Filename=soap.exe
Description=<a href="http://www.systemsoap.com/" target="_blank">System Soap Pro</a> internet cleaning software. Bundles foistware like <a href="http://www.doxdesk.com/parasite/Httper.html" target="_blank"> HTTPER</a> and <a href="http://www.doxdesk.com/parasite/Zipclix.html" target="_blank"> Zipclix</a> - best avoided
Source=Paul Collins Startup list
[System startup]
Confirmed=U
Filename=charmapx.exe
Description=Only required if using an oriental language
Source=Paul Collins Startup list
[System Startup]
Confirmed=X
Filename=Voltio.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.NJ" target="_blank">RBOT.NJ</a> WORM!
Source=Paul Collins Startup list
[System Stats]
Confirmed=X
Filename=SystemStats.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
Source=Paul Collins Startup list
[System Terminal]
Confirmed=X
Filename=SYSTEM2.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotbz.html" target="_blank">SPYBOT-BZ</a> TROJAN!
Source=Paul Collins Startup list
[System time updator]
Confirmed=X
Filename=CSysTime.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.s.html" target="_blank">RANDEX.S</a> WORM!
Source=Paul Collins Startup list
[System Toolkit]
Confirmed=X
Filename=Systools.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ronoperg.html" target="_blank">RONOPER-G</a> WORM!
Source=Paul Collins Startup list
[System Tray]
Confirmed=X
Filename=msccn32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100307.htm" target="_blank"> PALYH.A</a> WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com. Note - this is not the valid SystemTray (SysTray.exe)
Source=Paul Collins Startup list
[System Tray Services]
Confirmed=X
Filename=spooles32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T" target=_blank>AGOBOT.ZH</a> WORM!
Source=Paul Collins Startup list
[System Tray32]
Confirmed=X
Filename=SysTray32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.repad.worm.html" target="_blank">REPAD</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html" target="_blank">KORGO.W</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.x.html" target="_blank">KORGO.X</a> WORMS!
Source=Paul Collins Startup list
[System Update]
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoromoa.html" target="_blank">SOROMO-A</a> TROJAN!
Source=Paul Collins Startup list
[System Update Service]
Confirmed=X
Filename=wmiprvsa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrg.html" target=_blank>AGOBOT-RG</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target="_blank">AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=taskman.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=taskmon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=webcheck.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=wininet.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=winspool.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Update2]
Confirmed=X
Filename=wupdmgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
Source=Paul Collins Startup list
[System Updater Service]
Confirmed=X
Filename=wmiprvsw.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afc.html" target="_blank">GAOBOT.AFC</a> WORM!
Source=Paul Collins Startup list
[System Uptime Server]
Confirmed=X
Filename=SYSENTRY.EXE
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
Source=Paul Collins Startup list
[System Uptime Server]
Confirmed=X
Filename=SYSENTRY32.EXE
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
Source=Paul Collins Startup list
[system xp]
Confirmed=X
Filename=acdsee demo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html" target=_blank>SALGA.A</a> WORM!
Source=Paul Collins Startup list
[System-Config]
Confirmed=X
Filename=msptmf32.com
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39429" target="_blank">LIOTEN.FA</a> WORM!
Source=Paul Collins Startup list
[System-Service]
Confirmed=X
Filename=EXPLORER.SCR
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T" target="_blank"> BENJAMIN</a> WORM! KaZaA file-sharing users beware!
Source=Paul Collins Startup list
[system.]
Confirmed=X
Filename=system..exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html" target="_blank">OPTIXPRO.13.C</a> TROJAN!
Source=Paul Collins Startup list
[system...]
Confirmed=X
Filename=system...exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html" target="_blank">OPTIXPRO.13.C</a> TROJAN!
Source=Paul Collins Startup list
[System.exe]
Confirmed=X
Filename=System.exe
Description=Added by various WORMS and TROJANS!
Source=Paul Collins Startup list
[System32]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> TROJAN!
Source=Paul Collins Startup list
[System32]
Confirmed=X
Filename=System32.exe
Description=Added by any number of WORMS or TROJANS!
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[system32]
Confirmed=X
Filename=NeT-BoT.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlj.html" target=_blank>AGOBOT-LJ</a> WORM!
Source=Paul Collins Startup list
[system32.dll]
Confirmed=X
Filename=systeminit.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> hijacker re-directing to your-search.info
Source=Paul Collins Startup list
[system32.dll]
Confirmed=X
Filename=sysdll32.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related. Redirecting to wholeworldmarket.com, most likely other domains as well
Source=Paul Collins Startup list
[system32.exe]
Confirmed=X
Filename=services32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[System32Dll]
Confirmed=X
Filename=DLL32SYS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcz.html" target="_blank">SPYBOT-CZ</a> WORM!
Source=Paul Collins Startup list
[System32Ex]
Confirmed=X
Filename=System32Ex.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html" target="_blank">IRCCONTACT</a> TROJAN!
Source=Paul Collins Startup list
[System33]
Confirmed=X
Filename=FB_PNU.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html" target="_blank">NICHELLO-A</a> WORM!
Source=Paul Collins Startup list
[SystemAdministration]
Confirmed=X
Filename=Wincmp32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.asylum.html" target="_blank">ASYLUM</a> TROJAN!
Source=Paul Collins Startup list
[SystemAgent]
Confirmed=U
Filename=Sage.exe
Description="Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"
Source=Paul Collins Startup list
[SystemBackup]
Confirmed=X
Filename=mtx.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w95.mtx.html" target="_blank">MTX</a> VIRUS/WORM!
Source=Paul Collins Startup list
[SystemBackup]
Confirmed=X
Filename=MicroLog.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MICROLOG.A" target="_blank">MICROLOG.A</a> TROJAN!
Source=Paul Collins Startup list
[SystemBoot]
Confirmed=?
Filename=ladies.htm
Description=<font color="#FF0000">Unknown but sounds very suspicious??</font>
Source=Paul Collins Startup list
[SystemBoot]
Confirmed=X
Filename=Mshta.exe ...filename.hta
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemCheck]
Confirmed=X
Filename=Systemcheck.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.lavits.html" target="_blank">LAVITS</a> WORM!
Source=Paul Collins Startup list
[SystemChecker]
Confirmed=X
Filename=Syschk.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.galil.f@mm.html" target="_blank">GALIL.F</a> WORM!
Source=Paul Collins Startup list
[SystemCONF98i]
Confirmed=X
Filename=SystemCONF98i.exe
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/t/trojan_win32_glitch.asp" target="_blank">GLITCH BOT</a> TROJAN!
Source=Paul Collins Startup list
[SystemDebug]
Confirmed=X
Filename=Sysdeb32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sysbug.html" target="_blank">SYSBUG</a> TROJAN!
Source=Paul Collins Startup list
[SystemDll]
Confirmed=X
Filename=SystemDll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html" target="_blank">LOXOSCAM</a> TROJAN!
Source=Paul Collins Startup list
[systemdrv]
Confirmed=X
Filename=ms32sys.exe
Description=Added by an unidentified WORM or TROJAN - most likely <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.html" target="_blank">GAOBOT</a> variant
Source=Paul Collins Startup list
[SystemEmergency]
Confirmed=X
Filename=[various filenames]
Description=SmartSearch - a <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite variant
Source=Paul Collins Startup list
[SystemExplorer]
Confirmed=X
Filename=explore.exe
Description=Homepage hijacker - file located in the "Services" folder in Common Files
Source=Paul Collins Startup list
[SystemFTP]
Confirmed=X
Filename=VSENMB.exe
Description=Malware (ie, <u>mal</u>icious soft<u>ware</u>). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well
Source=Paul Collins Startup list
[SystemInit]
Confirmed=X
Filename=iservc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html" target="_blank">FIZZER</a> WORM!
Source=Paul Collins Startup list
[Systemiom Updater]
Confirmed=X
Filename=Systemiom.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.TY" target="_blank">SPYBOT.TY</a> WORM!
Source=Paul Collins Startup list
[SystemLoad32]
Confirmed=X
Filename=sysload32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.e@mm.html" target="_blank">MIMAIL.E</a> WORM!
Source=Paul Collins Startup list
[SystemManager]
Confirmed=X
Filename=Sysman32.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100164.htm" target="_blank">DOWNLOADER-BW.B</a> TROJAN!
Source=Paul Collins Startup list
[SystemMap32]
Confirmed=X
Filename=Netisp32.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html" target="_blank">REDIST.C</a> WORM!
Source=Paul Collins Startup list
[SystemMD]
Confirmed=X
Filename=md.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[SystemMonitor]
Confirmed=X
Filename=Sysmon32.exe
Description=Added by the <a href="http://si.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_AIDID.A" target="_blank">AIDID.A</a> WORM!
Source=Paul Collins Startup list
[SystemNetwork]
Confirmed=X
Filename=NETSERV.EXE
Description=Added by the NETCONTROL VIRUS!
Source=Paul Collins Startup list
[SystemReg]
Confirmed=?
Filename=PROCES.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[SystemReg]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.E" target="_blank">DEWIN.E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SystemReg]
Confirmed=X
Filename=WINREG.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.A" target="_blank">DEWIN.A</a> TROJAN!
Source=Paul Collins Startup list
[Systems]
Confirmed=X
Filename=scchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN!
Source=Paul Collins Startup list
[Systems Restart]
Confirmed=X
Filename=slchost.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF" target=_blank>BANCOS.RF</a> TROJAN!
Source=Paul Collins Startup list
[Systems Restart]
Confirmed=X
Filename=spchost.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF" target=_blank>BANCOS.RF</a> TROJAN!
Source=Paul Collins Startup list
[Systems Restart]
Confirmed=X
Filename=Rundll32.exe beem.dll, DllRegisterServer
Description=Browser hijacker - the file serves to register a dll implemented as a browser plugin
Source=Paul Collins Startup list
[Systems.exe]
Confirmed=U
Filename=Systems.exe
Description=<a href="http://www.refog.com/download.htm" target="_blank">Keyboard Spectator</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[SystemSafe]
Confirmed=U
Filename=Syssafe.exe
Description=<a href="http://www.webattack.com/get/systemsafety.shtml" target="_blank">System Safety Monitor</a> - system monitoring tool with additional application firewalling
Source=Paul Collins Startup list
[SYSTEMSars32]
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.ahlem.a@mm.html" target="_blank">AHLEM.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[SystemSAS]
Confirmed=X
Filename=System32.exe
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T" target="_blank">KWBOT.C</a> WORM!
Source=Paul Collins Startup list
[SystemSearch]
Confirmed=X
Filename=regedit.exe -s c:\ie.reg
Description=Installs a Seachxl.com browser page hijack
Source=Paul Collins Startup list
[SystemSearch]
Confirmed=X
Filename=regedit.exe -s c:\sys.reg
Description=Installs a i--search.com browser page hijack
Source=Paul Collins Startup list
[SystemService]
Confirmed=X
Filename=msocfg.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Confirmed=X
Filename=navchk.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Confirmed=X
Filename=qservice.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemService]
Confirmed=X
Filename=shman.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[SystemSettingf]
Confirmed=X
Filename=TRUG.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w97m.trug.b.html" target="_blank">TRUG.B</a> MACRO!
Source=Paul Collins Startup list
[SystemSuite Task Manager]
Confirmed=U
Filename=MXTASK.EXE
Description=vcom (nee Ontrack) <a href="http://www.v-com.com/product/ss_ind.html" target="_blank">SystemSuite</a> - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro
Source=Paul Collins Startup list
[SystemTasks]
Confirmed=X
Filename=filez.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemTasks]
Confirmed=X
Filename=sexypicz.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[SystemTasks]
Confirmed=X
Filename=loaded.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Systemtra]
Confirmed=X
Filename=Systra.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[SystemTra]
Confirmed=X
Filename=CDPlay.EXE
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[SystemTray]
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SystemTray]
Confirmed=X
Filename=SystemTray.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.bigfoot.html" target="_blank">BIGFOOT</a> TROJAN! Note - this is not the valid SystemTray (SysTray.exe)
Source=Paul Collins Startup list
[SystemTray]
Confirmed=X
Filename=SysTray.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html" target="_blank">ALADINZ.P</a> TROJAN! Note - this is not the valid System Tray (systray.exe) which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP). If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
Source=Paul Collins Startup list
[SystemUpd]
Confirmed=N
Filename=SystemUpd.exe
Description=Updater for Swapoo.com, a kind of Napster for games
Source=Paul Collins Startup list
[SystemWideHook for Windows NT]
Confirmed=X
Filename=%WinHook32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html" target="_blank">MYDOOM.AC</a> WORM!
Source=Paul Collins Startup list
[SystemWizard Sniffer]
Confirmed=U
Filename=Sniffer.exe
Description=<a href="http://www.systemsoft.com/l-2/l-3/products-systemwizard.htm" target="_blank">SystemWizard</a> for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC
Source=Paul Collins Startup list
[systemyom Updater]
Confirmed=X
Filename=systemyom.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[SYSTEMZ Patch]
Confirmed=X
Filename=SYSZ.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.p.html" target="_blank">ALADINZ.P</a> TROJAN!
Source=Paul Collins Startup list
[System_Messages]
Confirmed=U
Filename=pprsen.exe
Description=<a href="http://www.plevna.f9.co.uk/" target="_blank">TerminatorX</a> - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"
Source=Paul Collins Startup list
[Systesms.exe]
Confirmed=X
Filename=systesms.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothi.html" target="_blank">RBOT-HI</a> WORM!
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
Source=Paul Collins Startup list
[SysTray]
Confirmed=U
Filename=SysTray.Exe
Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[SysTray]
Confirmed=X
Filename=Snnpapi.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list
[Systray driver]
Confirmed=X
Filename=systray.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.mutebot.html" target="_blank">MUTEBOT</a> TROJAN! Note - this is not the real SystemTray which shares the same filename
Source=Paul Collins Startup list
[SystrayServices]
Confirmed=X
Filename=Msxpw.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.citor.html" target="_blank">CITOR</a> WORM!
Source=Paul Collins Startup list
[systree]
Confirmed=X
Filename=systree
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.l.html" target="_blank">BANCOS.L</a> TROJAN!
Source=Paul Collins Startup list
[Systry]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list
[SYStry]
Confirmed=X
Filename=spoolsvr.exe
Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=42984" target=_blank>SDBOT.GN</a> WORM!
Source=Paul Collins Startup list
[Systryt]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html" target="_blank">AUTEX</a> WORM!
Source=Paul Collins Startup list
[sysu]
Confirmed=X
Filename=sysu.exe
Description=Dynamic Desktop Media adware - see <a href="http://www.symantec.com/avcenter/venc/data/adware.dynamicupdater.html" target="_blank">here</a>
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.medias.html" target="_blank">MEDIAS</a> TROJAN!
Source=Paul Collins Startup list
[SysW8]
Confirmed=U
Filename=csta.exe
Description=<a href="http://www.teosoft.com/en/index.htm" target="_blank">Clean Space</a> - privacy and perfomance enhancer
Source=Paul Collins Startup list
[SYSWB6]
Confirmed=U
Filename=SYSWB6.exe
Description=<a href="http://www.we-blocker.com/">We-Blocker</a> - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content
Source=Paul Collins Startup list
[SysWin]
Confirmed=X
Filename=SysWin.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html" target="_blank">IRCCONTACT</a> TROJAN!
Source=Paul Collins Startup list
[syswin32]
Confirmed=X
Filename=syswin32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Syswindow]
Confirmed=X
Filename=Syswindow.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.cow.html" target="_blank">COW</a> TROJAN!
Source=Paul Collins Startup list
[SYS_CLEAN]
Confirmed=X
Filename=Service.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.flopcopy.html" target="_blank">FLOPCOPY</a> WORM!
Description=T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically
Source=Paul Collins Startup list
[Taba]
Confirmed=X
Filename=stte.exe
Description=Clickspring spyware
Source=Paul Collins Startup list
[Tablet]
Confirmed=N
Filename=Tablet.exe
Description=Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)
Source=Paul Collins Startup list
[tablet s]
Confirmed=Y
Filename=tablet s
Description=Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)
Source=Paul Collins Startup list
[TabletTip]
Confirmed=U
Filename=tabtip.exe
Description=The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text
Source=Paul Collins Startup list
[TabUserW]
Confirmed=Y
Filename=TabUserW.exe
Description=Wacom pen tablet driver
Source=Paul Collins Startup list
[Tad]
Confirmed=N
Filename=tad.exe
Description=From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute
Source=Paul Collins Startup list
[TAG]
Confirmed=?
Filename=tag.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Tahni Deskmate]
Confirmed=N
Filename=Tahni.exe
Description=<a href="http://www.tahni.com/" target="_blank">Tahni Deskmate</a> - "Interactive cartoon character that lives on your Windows desktop"
Source=Paul Collins Startup list
[TalkingReminder]
Confirmed=N
Filename=TALKINGREMINDER.EXE
Description=<a href="http://www.softwareriver.com/html/talking_reminder.html" target="_blank">Talking Reminder</a> from Software River Solutions - talking calendar reminder
Source=Paul Collins Startup list
[talknow]
Confirmed=?
Filename=talknow.exe
Description=<font color="#FF0000">Could it be related to <a href="http://www.multilingualbooks.com/talknow.html" target="_blank">this</a> or something similar?</font>
Source=Paul Collins Startup list
[Tango]
Confirmed=?
Filename=Setup.exe
Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[TangoManager]
Confirmed=?
Filename=TangoManager.exe
Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
Description=Telephony Location Selector allowing mobile users to change dialling locations - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
Source=Paul Collins Startup list
[Tardis]
Confirmed=U
Filename=Tardis.exe
Description=<a href="http://www.kaska.demon.co.uk/" target="_blank">Tardis</a> - time synchronization software
Source=Paul Collins Startup list
[Task]
Confirmed=X
Filename=tasker.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.r@mm.html" target="_blank">MYDOOM.R</a> WORM!
Source=Paul Collins Startup list
[Task Bar]
Confirmed=X
Filename=TASKBAR.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.J" target="_blank">FRETHEM.J</a> WORM!
Source=Paul Collins Startup list
[Task BarClient]
Confirmed=?
Filename=TaskBarClient.exe
Description=Responsible for creating the System Tray icon and associated display system for the<font color="#FF0000"> <a href="http://www.starband.com/" target="_blank">Starband</a> </font> satellite always on internet service
Source=Paul Collins Startup list
[Task BarSvr]
Confirmed=?
Filename=TaskBarSvr.exe
Description=<font color="#FF0000">Part of the <a href="http://www.starband.com/" target="_blank">Starband</a> satellite always on internet service. Not included on the current system. What does it do and is it needed?</font>
Source=Paul Collins Startup list
[Task Manager]
Confirmed=X
Filename=taskmngr.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.Y" target="_blank">RBOT.Y</a> WORM!
Source=Paul Collins Startup list
[Task Monitoring Service]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.d@mm.html" target="_blank">CONE.D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[task service]
Confirmed=X
Filename=taskservices.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Taskbar]
Confirmed=N
Filename=Taskbar.exe
Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
Source=Paul Collins Startup list
[TaskBar]
Confirmed=N
Filename=CTLTask.exe
Description=Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see <a href="http://support.microsoft.com/?kbid=321969" target=_blank>this</a> Microsoft Knowledge Base article
Description=Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed
Source=Paul Collins Startup list
[Taskbell.exe]
Confirmed=X
Filename=Rund1.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/TROJAN!.yipid.html" target="_blank">YIPID</a> TROJAN!
Source=Paul Collins Startup list
[TaskMan]
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory
Source=Paul Collins Startup list
[taskmanager]
Confirmed=X
Filename=taskmgr.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bereb.html" target="_blank">BEREB</a> WORM!
Source=Paul Collins Startup list
[Taskmgo]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbant.html" target=_blank>BANCBAN-T</a> TROJAN!
Source=Paul Collins Startup list
[Taskmgr]
Confirmed=X
Filename=Taskmgr.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list
[Taskmgr]
Confirmed=X
Filename=tskmgr32.exe
Description=Homepage hi-jacker
Source=Paul Collins Startup list
[taskmgr]
Confirmed=X
Filename=taskmgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.g.html" target=_blank>Startpage.G</a> hijacker. Note - this is NOT the Windows Task Manager file!
Source=Paul Collins Startup list
[taskmgr.exe]
Confirmed=N
Filename=taskmgr.exe
Description=Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut
Source=Paul Collins Startup list
[taskmgr.exe]
Confirmed=X
Filename=paint.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[taskmgr.exe]
Confirmed=X
Filename=mirc.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[taskmgr.exe]
Confirmed=X
Filename=paintms.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[taskmngr lptt01]
Confirmed=X
Filename=taskmngr.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Taskmngr" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[taskmngr ml097e]
Confirmed=X
Filename=taskmngr.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Taskmngr" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[TaskMon]
Confirmed=X
Filename=taskmon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html" target="_blank">MYDOOM.A</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.j@mm.html" target="_blank">MYDOOM.J</a> WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system
Source=Paul Collins Startup list
[Taskmon driver]
Confirmed=X
Filename=winampa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyi.html" target=_blank>LOONY-I</a> TROJAN!
Source=Paul Collins Startup list
[TaskMonitor]
Confirmed=U
Filename=taskmon.exe
Description=The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Source=Paul Collins Startup list
[taskopen.exe]
Confirmed=X
Filename=taskopen.exe
Description=Added by the HIDD.C TROJAN!
Source=Paul Collins Startup list
[TaskPlus]
Confirmed=N
Filename=TASKPLUS0.EXE
Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
Source=Paul Collins Startup list
[TaskPlus]
Confirmed=N
Filename=TASKPL~1.EXE
Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
Source=Paul Collins Startup list
[TaskReg]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A" target="_blank">CBLAD</a> WORM!
Source=Paul Collins Startup list
[Taskschd]
Confirmed=X
Filename=TRAYWND.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.002" target="_blank">LITMUS.002</a> TROJAN!
Source=Paul Collins Startup list
[taskswitch]
Confirmed=N
Filename=taskswitch.exe
Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Source=Paul Collins Startup list
[tasksys]
Confirmed=X
Filename=tasksys.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html" target="_blank">BYRON</a> WORM!
Source=Paul Collins Startup list
[Tasktray]
Confirmed=N
Filename=CTLTray.exe
Description=Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray can be accessed via Start -> Programs -> Creative -> Sound Blaster Audigy -> Taskbar
Description="<a href="http://www.agnitum.com/download/tauscan.html" target="_blank">Tauscan</a> is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system."
Description=<a href="http://www.wfcravener.com/tbcpro.html" target="_blank">TitleBarClock Pro</a> - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus
Source=Paul Collins Startup list
[tbctray]
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
Description=VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel
Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - stops virus trojans before they can do any damage
Source=Paul Collins Startup list
[TCASUTIEXE]
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list
[TCASUTIEXE]
Confirmed=N
Filename=TCASUTI.exe
Description=Associated with the 3COM diagnostic module (3COM NIC Doctor).áNo further information is available
Source=Paul Collins Startup list
[TCAUDIAG -off]
Confirmed=N
Filename=tcaudiag.exe
Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
Source=Paul Collins Startup list
[TCDPbtn]
Confirmed=?
Filename=TCDPbtn.exe
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list
[TCDPlay]
Confirmed=?
Filename=TCDPlay.drv
Description=<font color="#FF0000">Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?</font>
Source=Paul Collins Startup list
[TClock]
Confirmed=U
Filename=TCLOCK.EXE
Description=Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs
Source=Paul Collins Startup list
[TClockEx]
Confirmed=U
Filename=TCLOCKEX.EXE
Description=Puts a configurable time/date display in the tray (and other features). Freeware by <a href="http://users.iafrica.com/d/da/dalen" target="_blank">Dale Nurden</a> and is popular on cover disks
Source=Paul Collins Startup list
[tcmonitor]
Confirmed=U
Filename=tcm.exe
Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - warns of changes to the registry
Source=Paul Collins Startup list
[TCP Monitoring]
Confirmed=X
Filename=LanNSvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aas.html" target="_blank">RANDEX.AAS</a> WORM!
Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
Source=Paul Collins Startup list
[TDKTASK]
Confirmed=N
Filename=TDKTASK.EXE
Description=Taskbar utility for a "control panel" for a CD-RW
Source=Paul Collins Startup list
[TDockNUndock]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Found on a Toshiba laptop - for use with a docking station?</font>
Source=Paul Collins Startup list
[TDS3]
Confirmed=U
Filename=TDS-3.exe
Description=DiamondCS <a href="http://tds.diamondcs.com.au/" target=_blank>TDS3</a> antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection
Source=Paul Collins Startup list
[TDspOff]
Confirmed=?
Filename=Tdspoff.exe
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list
[Teach In Box]
Confirmed=N
Filename=teachbox.exe
Description=Tutoring program that comes with a SystemAX Computer
Source=Paul Collins Startup list
[Tech-In-A-Box]
Confirmed=Y
Filename=techbox.exe
Description=<a href="http://tools.supportforyourpc.com/tiab.html" target="_parent">Tech-in-a-Box</a> "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"
Source=Paul Collins Startup list
[Telemeter 3.0]
Confirmed=N
Filename=telemeter3.exe
Description=Internet connection bandwidth meter from a user ISP
Source=Paul Collins Startup list
[Telepath]
Confirmed=Y
Filename=telepath.exe
Description=Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list
[TELUS Security service]
Confirmed=Y
Filename=freedom.exe
Description=<a href="http://www.freedom.net/products/bundles/security_bundle.html" target="_blank">Freedom</a> Internet Security, provided by TELUS Communications Inc
Source=Paul Collins Startup list
[TempCom]
Confirmed=X
Filename=[randomname].com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html" target="_blank">TRAXG</a> WORM!
Source=Paul Collins Startup list
[tempx]
Confirmed=X
Filename=tempx.exe
Description=Added by the TEMPEX.A TROJAN!
Source=Paul Collins Startup list
[Tencent QQ]
Confirmed=X
Filename=Rund1132.exe qq.dll, Rundll32
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html" target="_blank">QQPASS.F</a> TROJAN!
Source=Paul Collins Startup list
[Terminate Popup]
Confirmed=X
Filename=ZPU.exe
Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
Source=Paul Collins Startup list
[Terminate Popup]
Confirmed=X
Filename=FPUK.exe
Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
Source=Paul Collins Startup list
[TEscKey]
Confirmed=U
Filename=TEscKey.exe
Description=Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function
Source=Paul Collins Startup list
[Tesla]
Confirmed=?
Filename=TESLA.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Testing 123]
Confirmed=X
Filename=msdata.dat
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.nits.a.html" target=_blank>NITS.A</a> WORM!
Source=Paul Collins Startup list
[TExBUtil Registry]
Confirmed=?
Filename=TExBUtil.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[TextAloud]
Confirmed=N
Filename=TextAloudMP3.exe
Description=<a href="http://www.nextuptech.com/TextAloud/index.html" target="_blank">TextAloud MP3</a> - convert text into spoken words and MP3s
Source=Paul Collins Startup list
[Textbridge Instant Access OCR]
Confirmed=N
Filename=telepath.exe
Description=<a href="http://www.scansoft.com/textbridge/" target="_blank">TextBridge</a> from Scansoft. OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs
Source=Paul Collins Startup list
[TEXTCONV]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[TEXTCONV]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[TFncKy]
Confirmed=U
Filename=TFncky.exe
Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
Source=Paul Collins Startup list
[TFNF5]
Confirmed=U
Filename=TFNF5.exe
Description=Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen û LCD, LCD + CRT, CRT, TV
Source=Paul Collins Startup list
[tfswctrl]
Confirmed=Y
Filename=tfswctrl.exe
Description=Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
Source=Paul Collins Startup list
[TFTP***]
Confirmed=X
Filename=tftp***
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM! where *** can be any number
Source=Paul Collins Startup list
[TFunckey]
Confirmed=U
Filename=TFuncKey.exe
Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
Source=Paul Collins Startup list
[TgAddServer]
Confirmed=N
Filename=tgfix.exe
Description=Software from <a href="http://www.support.com/" target="_blank">SupportSoft</a> (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (<a href="http://virtualtech.answerteam.com/home/default.asp" target="_blank">Virtual Tech</a>)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see <a href="http://www.interesting-people.org/archives/interesting-people/200202/msg00164.html" target="_blank">here</a>). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove, <a href="http://webpages.charter.net/ncpipeline/uninstall%20program.htm" target="_blank">Charter</a> offer some uninstallation instructions involving a registry patch that you may be able to modify for your proivder or try <a href="http://www.practicallynetworked.com/support/sticky_proxy.htm">here</a>
Source=Paul Collins Startup list
[tgbcde]
Confirmed=X
Filename=module32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40098" target=_blank>REIGN.R</a> TROJAN!
Source=Paul Collins Startup list
[Tgcmd]
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/info/policy.asp" target="_blank">Cox</a>. Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[tgcmdprovidersbc]
Confirmed=U
Filename=tgcmd.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/info/policy.asp" target="_blank">Cox</a>. Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[TGCMG]
Confirmed=N
Filename=??
Description=Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work
Source=Paul Collins Startup list
[TGDC IE Plugin]
Confirmed=X
Filename=tgdc.exe
Description=ShopForGood spyware - see <a href="http://www.spywareguide.com/spydet_424_tgdc.html" target="_blank">here</a>
Source=Paul Collins Startup list
[tgkill]
Confirmed=X
Filename=tgkill.exe
Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
Source=Paul Collins Startup list
[Tgsetsite]
Confirmed=U
Filename=tgfix.exe
Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/info/policy.asp" target="_blank">Cox</a>. Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Source=Paul Collins Startup list
[Thdetrf]
Confirmed=N
Filename=thdetr32.exe
Description=<font color="#FF0000">Appears to be related to Lycos advertising</font>
Source=Paul Collins Startup list
[The Easy Bee's Hive]
Confirmed=U
Filename=ATCEgSvr.exe
Description=The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence
Source=Paul Collins Startup list
[TheMainStart]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[THGuard]
Confirmed=U
Filename=TH_Guard.exe
Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target="_blank">TrojanHunter</a>
Source=Paul Collins Startup list
[THGuard]
Confirmed=U
Filename=THGuard.exe
Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target=_blank>TrojanHunter</a>
Source=Paul Collins Startup list
[This is a virus, please delete it]
Confirmed=X
Filename=bigbadvirus.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html" target="_blank">RANDEX.F</a> WORM!
Source=Paul Collins Startup list
[THOTKEY]
Confirmed=U
Filename=THotkey.exe
Description=Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen
Source=Paul Collins Startup list
[Threaded]
Confirmed=X
Filename=intcp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ug.html" target="_blank">RANDEX.UG</a> WORM!
Source=Paul Collins Startup list
[ThrustTSR]
Confirmed=U
Filename=TMTMTSR.exe
Description=Thrustmaster <a href="http://us.thrustmaster.com/news/read.php3?newsid=159&skin=Thrustmaster" target="_blank">Thrustmapper</a>. "The Thrustmapper - t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Source=Paul Collins Startup list
[TiADSL]
Confirmed=U
Filename=tidslmon.exe
Description=Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs
Source=Paul Collins Startup list
[tibs3]
Confirmed=X
Filename=tibs3.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[Tiger]
Confirmed=X
Filename=Shine.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
Source=Paul Collins Startup list
[Time Zone Synchronization]
Confirmed=X
Filename=wscript zshell.js
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdexa.html" target="_blank">NETDEX-A</a> TROJAN!
Source=Paul Collins Startup list
[TimeCalendar]
Confirmed=U
Filename=tc.exe
Description=<a href="http://www.timecalendar.com/" target="_blank">TimeCalendar</a> digital planner
Description=<a target="_blank" href="http://www.timeupsoft.com/English/timeup/index.htm">TimeUp</a> - internet online timer
Source=Paul Collins Startup list
[Timezone]
Confirmed=U
Filename=TimeZone.exe
Description=Microsoft Daylight Saving Time Update Utility - see <a href="http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/timezone.asp" target=_blank>here</a>
Source=Paul Collins Startup list
[TINTSETP]
Confirmed=N
Filename=TINTSETP.EXE
Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Source=Paul Collins Startup list
[Tiny AV]
Confirmed=X
Filename=fooding.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.i@mm.html" target="_blank">NETSKY.I</a> WORM!
Source=Paul Collins Startup list
[Tiny Personal Firewall]
Confirmed=Y
Filename=persfw.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
Source=Paul Collins Startup list
[tinySpell]
Confirmed=U
Filename=tinyspell.exe
Description=<a href="http://www.megspace.com/computers/tinyspell/" target="_blank">Tinyspell</a> - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"
Source=Paul Collins Startup list
[TiomanExe]
Confirmed=U
Filename=Tioman.Exe
Description=Agate <a href="http://www.agatetech.com" target="_blank"> Tioman</a> - warm and hot swap removable bay device manager for IBM laptops
Source=Paul Collins Startup list
[Tips]
Confirmed=N
Filename=mousetips.exe
Description=Suggests tips on using your mouse
Source=Paul Collins Startup list
[TiTleBarClock]
Confirmed=U
Filename=TiTleBarClock.exe
Description=<a href="http://www.wfcravener.com/TBC.html" target="_blank">TitleBarClock</a> displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup
Source=Paul Collins Startup list
[Tivoli]
Confirmed=N
Filename=LCFEP.EXE
Description=Tivoli æTMEÆ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
Source=Paul Collins Startup list
[TizzleTalk]
Confirmed=U
Filename=TizzleTalk.exe
Description=<a href="http://www.tizzletalk.com/" target=_blank>TizzeTalk</a> is a dialect translator for Yahoo, MSN, AOL Instant Messangers
Source=Paul Collins Startup list
[tjstartup]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.curdeal.html" target=_blank>CURDEAL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[tjstartup]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html" target=_blank>TJSERV.C</a> TROJAN!
Source=Paul Collins Startup list
[TkBell.Exe]
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. Not required - see <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version
Source=Paul Collins Startup list
[TkBell.Exe]
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. Not required - see <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it
Source=Paul Collins Startup list
[TkBell.Exe]
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[TkBellExe]
Confirmed=N
Filename=evntsvc.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. Not required - see <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version
Source=Paul Collins Startup list
[TkBellExe]
Confirmed=N
Filename=realsched.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. Not required - see <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it
Source=Paul Collins Startup list
[TkBellExe]
Confirmed=N
Filename=tkbell.exe
Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Source=Paul Collins Startup list
[tkonnect]
Confirmed=N
Filename=TKONNECT.EXE
Description=Dialer for the <a href="http://www.tiscali.co.uk/" target="_blank">Tiscali</a> internet service provider. Available as a desktop shortcut
Description=Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner
Source=Paul Collins Startup list
[TMA distribution]
Confirmed=U
Filename=cfinst.exe
Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Source=Paul Collins Startup list
[tmax]
Confirmed=X
Filename=pupdate.exe
Description=Adware pop-up generator
Source=Paul Collins Startup list
[tmchook]
Confirmed=X
Filename=tmchook.exe
Description=Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS!
Source=Paul Collins Startup list
[TMEEJME]
Confirmed=?
Filename=TMEEJME.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list
[TMERzCtl]
Confirmed=?
Filename=TMERzCtl.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list
[TMESBS]
Confirmed=U
Filename=TMESBS21.exe
Description=Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station
Source=Paul Collins Startup list
[TMESBS32]
Confirmed=?
Filename=TMESBS32.EXE
Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
Source=Paul Collins Startup list
[TMESRV31]
Confirmed=U
Filename=TMESRV31.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Source=Paul Collins Startup list
[TMExLogon]
Confirmed=U
Filename=TMESRV.EXE
Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Description=Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint
Description=Installed with Thrustmaster game controllers. It launches the Thrustmapper utility. Not required if you install the "driver only" from Thrustmaster <a href="http://www.thrustmaster.com" target="_blank">website</a>
Source=Paul Collins Startup list
[TNTClk]
Confirmed=U
Filename=TNTCLK.exe
Description=Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[TomcatStartup 2.5]
Confirmed=?
Filename=hpbpsttp.exe
Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[Tommorrow]
Confirmed=?
Filename=tomorrow.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ToPassSrv]
Confirmed=?
Filename=Pktopass.exe
Description=Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems
Source=Paul Collins Startup list
[TopDesk]
Confirmed=U
Filename=TopDesk.exe
Description=TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files
Source=Paul Collins Startup list
[ToPicks Starter]
Confirmed=X
Filename=Idhost.exe
Description=<a href="http://www.doxdesk.com/parasite/TOPicks.html" target="_blank">ToPicks</a> parasite related
Source=Paul Collins Startup list
[topmoxie]
Confirmed=X
Filename=JavaRun.exe
Description=Marketing software from <a href="http://www.etraffic.com/" target="_blank">TopMoxie</a>
Source=Paul Collins Startup list
[TOSCDSPD]
Confirmed=?
Filename=toscdspd.exe
Description=Toshiba laptop related
Source=Paul Collins Startup list
[Toshiba Fan]
Confirmed=Y
Filename=fan.exe
Description=Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat
Source=Paul Collins Startup list
[Toshiba Key State]
Confirmed=U
Filename=KEYSTATE.EXE
Description=Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs
Source=Paul Collins Startup list
[ToshibaPinger]
Confirmed=N
Filename=pinger.exe
Description=Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions <a href="http://www.spywareinfo.com/yabbse/index.php?board=18;action=display;threadid=2673" target="_blank">here</a>
Source=Paul Collins Startup list
[TOSHIBSU]
Confirmed=U
Filename=Toshibsu.exe
Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly
Source=Paul Collins Startup list
[TosHKCW]
Confirmed=U
Filename=TosHKCW.exe
Description=Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)
Source=Paul Collins Startup list
[TosMem]
Confirmed=Y
Filename=tosmem.exe
Description=Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem
Source=Paul Collins Startup list
[TotRecSched]
Confirmed=U
Filename=TotRecSched.exe
Description=Scheduler for <a href="http://www.highcriteria.com/products.htm" target="_blank">Total Recorder</a> - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm
Source=Paul Collins Startup list
[Touch Manager]
Confirmed=U
Filename=WinLED.exe
Description=Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
Source=Paul Collins Startup list
[TouchED]
Confirmed=U
Filename=TouchED.exe
Description=TouchPad On/Off Utility on a Toshiba laptop
Source=Paul Collins Startup list
[tour]
Confirmed=N
Filename=regedit ..tour.reg
Description=Edits registry values to keep the WinMe tour in Task Scheduler
Source=Paul Collins Startup list
[Tour]
Confirmed=N
Filename=wincool.exe
Description=Component of WinME that's annoying as hell. Pop's up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only
Source=Paul Collins Startup list
[tourpath]
Confirmed=N
Filename=regedit /s [path] tour.reg
Description=Edits registry values to keep the Win 2000 "tour" in Task Scheduler
Source=Paul Collins Startup list
[TP4EX]
Confirmed=U
Filename=tp4ex.exe
Description=Adds accessibility options for an IBM TrackPoint
Source=Paul Collins Startup list
[tp4mon]
Confirmed=?
Filename=tp4mon.exe
Description=<font color="#FF0000">May be IBM Thinkpad mouse/trackpoint related, if so is it required?</font>
Source=Paul Collins Startup list
[tp4serv]
Confirmed=U
Filename=tp4serv.exe
Description=Supports the "pointer stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[TP98TRAY]
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
Description=Adware, probably <a href="http://www.mediapost.com/dtls_dsp_news.cfm?newsID=259401" target="_blank">180Solutions</a> related
Source=Paul Collins Startup list
[TpHotKey]
Confirmed=U
Filename=TPHKMGR.EXE
Description=Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30
Source=Paul Collins Startup list
[TPKMAPHELPER]
Confirmed=?
Filename=TpKmapAp.exe
Description=IBM ThinkPad related. <font color="#FF0000">What does it do, and is it required?</font>
Source=Paul Collins Startup list
[TpKmapMn]
Confirmed=U
Filename=TpKmapMn.exe
Description=Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs
Source=Paul Collins Startup list
[tpopservice]
Confirmed=U
Filename=tpopservice.exe
Description=DirecWay two-way satellite internet service enhanced POP proxy server for email
Source=Paul Collins Startup list
[TPP Auto Loader]
Confirmed=U
Filename=Tppaldr.exe
Description=Installed with <a href="http://www.datastor.com.tw/" target="_blank">DataStor's</a> (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed
Source=Paul Collins Startup list
[Tprtray]
Confirmed=U
Filename=Tprtray.exe
Description=Displays the Power icon in the System Tray on a Toshiba laptop
Source=Paul Collins Startup list
[TpScrLk]
Confirmed=U
Filename=TpScrLk.exe
Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
Source=Paul Collins Startup list
[TpShocks]
Confirmed=Y
Filename=TpShocks.exe
Description=Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns
Source=Paul Collins Startup list
[TPSmain]
Confirmed=?
Filename=TPSMain.exe
Description=Toshiba related
Source=Paul Collins Startup list
[TPTray]
Confirmed=N
Filename=TPTray.exe
Description=Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TPTRAY]
Confirmed=?
Filename=TP98TRAY.EXE
Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[TPwrMgr]
Confirmed=?
Filename=TPwrMgr.exe
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
Source=Paul Collins Startup list
[TPWRTRAY]
Confirmed=Y
Filename=Tpwrtray.exe
Description=Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
Description=<a href="http://users.bigpond.com/pvantarakis/traceless/index.htm" target="_blank">Traceless 2003</a> - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box
Source=Paul Collins Startup list
[Tracker]
Confirmed=?
Filename=Tracker.exe
Description=<font color="#FF0000">Possibly associated with My Deluxe Invoices program</font>
Source=Paul Collins Startup list
[TrackpointSrv]
Confirmed=U
Filename=daemon.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[TrackpointSrv]
Confirmed=U
Filename=tp4serv.exe
Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Source=Paul Collins Startup list
[Tracks Eraser]
Confirmed=U
Filename=te.exe
Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser</a> from Acesoft - "Erases all tracks of your internet activity"
Source=Paul Collins Startup list
[Tracks Eraser Pro]
Confirmed=U
Filename=te.exe
Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser Pro</a> from Acesoft - "Erases all tracks of your internet activity"
Source=Paul Collins Startup list
[tranicon]
Confirmed=U
Filename=tranicon.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list
[Transparent]
Confirmed=U
Filename=TransparentW.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://home.attbi.com/~jguerette/transparent/" target="_blank">here</a>
Source=Paul Collins Startup list
[Transparent]
Confirmed=U
Filename=TransparentD.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://home.attbi.com/~jguerette/transparent/" target="_blank">here</a>
Source=Paul Collins Startup list
[Transparent]
Confirmed=U
Filename=TransparentB.exe
Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://home.attbi.com/~jguerette/transparent/" target="_blank">here</a>
Source=Paul Collins Startup list
[TransparentIcons]
Confirmed=U
Filename=tranicon.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Source=Paul Collins Startup list
[transtask]
Confirmed=U
Filename=transtask.exe
Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, makes the taskbar icons transparent
Source=Paul Collins Startup list
[Trashgrd]
Confirmed=U
Filename=TRASHGRD.EXE
Description=Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin
Source=Paul Collins Startup list
[Tray Temperature]
Confirmed=N
Filename=Weatherbug.exe
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list
[Traybar]
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.l@mm.html" target="_blank">MYDOOM.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[traydate.exe]
Confirmed=U
Filename=TRAYDATE.EXE
Description=Displays the date as well as the time in the System Tray. Available from <a href="http://download.tucows.com/perl/PDA.html?Target=/wince/preview/32627.html" target="_blank">TUCOWS</a>
Source=Paul Collins Startup list
[TrayManager]
Confirmed=U
Filename=Trayman.exe
Description=<a href="http://www.zdnet.com/pcmag/pctech/content/18/04/ut1804.001.html" target="_blank">TrayManager</a> hides system tray icons (FreeCell won't work when TrayMan is loaded)
Source=Paul Collins Startup list
[Traymon]
Confirmed=U
Filename=traymon.exe
Description=Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news
Source=Paul Collins Startup list
[TraySantaCruz]
Confirmed=N
Filename=tbctray.exe
Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[TrayServer]
Confirmed=N
Filename=TrayServer.exe
Description=For monitoring tray icons
Source=Paul Collins Startup list
[TrayX]
Confirmed=X
Filename=winppr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html" target="_blank">SOBIG.F</a> WORM!
Source=Paul Collins Startup list
[tray_helper]
Confirmed=N
Filename=tray_helper.exe
Description=<a href="http://www.republika.pl/trayhelper/indexeng.html" target="_blank">Tray Helper</a> is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder
Source=Paul Collins Startup list
[TrendMicro Antivirus]
Confirmed=Y
Filename=Aveagent.exe
Description=Virus scanner
Source=Paul Collins Startup list
[TrendMicro OfficeScan NT]
Confirmed=Y
Filename=TMLISTEN.EXE
Description=Virus scanner
Source=Paul Collins Startup list
[Trickler]
Confirmed=X
Filename=fsg.exe
Description=Adware
Source=Paul Collins Startup list
[Trickler]
Confirmed=X
Filename=fsg-ag_3102.exe
Description=Adware
Source=Paul Collins Startup list
[Trickler]
Confirmed=X
Filename=gain_trickler_3202.exe
Description=Adware
Source=Paul Collins Startup list
[trickler_bic_GatorDM_4010]
Confirmed=X
Filename=trickler_bic_GatorDM_4010.exe
Description=Adware
Source=Paul Collins Startup list
[TridTray]
Confirmed=?
Filename=TridTray.exe
Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
Source=Paul Collins Startup list
[TridTray]
Confirmed=?
Filename=TridTray.exe
Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
Source=Paul Collins Startup list
[trirot]
Confirmed=Y
Filename=trirot.exe
Description=Trident Microsystems 3D video driver
Source=Paul Collins Startup list
[TrojanScanner]
Confirmed=U
Filename=Trjscan.exe
Description=<a href="http://www.simplysup.com/tremover/details.html" target="_blank">Trojan Remover</a> from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed
Description=Part of Colorific & 3Deep from <a href="http://www.colorific.com/index.htm" target="_blank">LightSurf Technologies</a> (nee E-Color). "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"
Source=Paul Collins Startup list
[TrueFonts]
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list
[TrueSync Launcher]
Confirmed=N
Filename=tstool.exe
Description=Starfish <a href="http://www.starfish.com/solutions/data/data.html" target="_blank">TrueSync</a> - for synchronization between Windows platforms and popular devices, applications and services
Source=Paul Collins Startup list
[TrueVector]
Confirmed=Y
Filename=VSMON.EXE
Description=Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this
Description=Epson scannner software - required for "one-touch" operation. Can be launched manually
Source=Paul Collins Startup list
[TSPower]
Confirmed=?
Filename=spower.drv
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
Source=Paul Collins Startup list
[TSService]
Confirmed=?
Filename=NSSERVICE.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[tsyssmon]
Confirmed=?
Filename=tsyssmon.exe
Description=<font color="#FF0000">Found in a Toshibasysstability directory</font>
Source=Paul Collins Startup list
[ttasq]
Confirmed=?
Filename=ttasq.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Tukati]
Confirmed=?
Filename=TukatiRedistributor.exe
Description=<a href="http://www.tukati.com/vno.html" target="_blank">Tukati Digital Content Distribution</a>. <font color="#FF0000"> Is it required?</font>
Source=Paul Collins Startup list
[TuneUp MemOptimizer]
Confirmed=U
Filename=memoptimizer.exe
Description=Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard
Source=Paul Collins Startup list
[TurboExplorer]
Confirmed=U
Filename=TE.exe
Description=Web accelerator - "<a href="http://www.downlinx.com/proghtml/9/969.htm" target="_blank">TurboExplorer«</a> 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer« 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing
Source=Paul Collins Startup list
[TurboMemoryCharger]
Confirmed=U
Filename=turbomemorycharger.exe
Description=Some users swear by memory management utilities such as <a href="http://www.turbomemorycharger.com/" target="_blank"> Turbo Memory Charger</a> but others say you don't need them - especially if you have Win98 or WinME. See <a href="http://www.aumha.org/a/memmgmt.htm" target="_blank"> this</a> article and make up your own mind
Source=Paul Collins Startup list
[TurboNote]
Confirmed=N
Filename=tbnote.exe
Description=Post-It's on your desktop. Available via Start -> Programs
Source=Paul Collins Startup list
[TurboTop]
Confirmed=U
Filename=TurboTop.exe
Description=<a href="http://www.savardsoftware.com/turbotop/" target="_blank">TurboTop</a> - make any window "Always on top"
Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> - "Secure commerce company that enables the æcheckoutÆ process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware
Source=Paul Collins Startup list
[TvNow]
Confirmed=U
Filename=TvNow.exe
Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[Tvwatch]
Confirmed=?
Filename=tvwatch.exe
Description=Associated with the TV-oOut option on Asus AGP or Intel graphics cards. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Twain image]
Confirmed=X
Filename=mmp32.exe
Description=<a href="http://www.doxdesk.com/parasite/DailyWinner.html" target=_blank>DailyWinner</a> adware related
Source=Paul Collins Startup list
[TWarmBay]
Confirmed=?
Filename=N/A
Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to hotswap bay management?</font>
Source=Paul Collins Startup list
[TWarnMsg]
Confirmed=U
Filename=twarnmsg.exe
Description=Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops
Source=Paul Collins Startup list
[TWBbtn]
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">Found on a Toshiba laptop</font>
Source=Paul Collins Startup list
[TWBrowse]
Confirmed=?
Filename=TWBrowse.drv
Description=<font color="#FF0000">Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see <a href="http://www.twaintools.de/support.html" target="_blank">this</a>?</font>
Source=Paul Collins Startup list
[Tweak Manager]
Confirmed=?
Filename=WinManager.Exe
Description=WinGuides <a href="http://www.winguides.com/tweak/" target="_blank">Tweak Manager</a>. <font color="#FF0000">Is this required for the live updates feature and/or if settings are changed?</font>
Source=Paul Collins Startup list
[Tweak UI]
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweakmeup
Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed
Source=Paul Collins Startup list
[Tweak UI]
Confirmed=U
Filename=rundll32.exe tweakui.cpl, tweaklogon
Description=Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed
Source=Paul Collins Startup list
[Tweak UI]
Confirmed=X
Filename=RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html" target="_blank">SUBWOOFER</a> TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
Source=Paul Collins Startup list
[Tweak-Me]
Confirmed=U
Filename=TWEAK-ME.exe
Description=3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from <a href="http://www.tweak-me.de/" target="_blank">here</a>
Source=Paul Collins Startup list
[Tweak-xp]
Confirmed=U
Filename=Tweak-xp.exe
Description=Main program for <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> - a WinXP tweaking utility
Source=Paul Collins Startup list
[TweakDUN]
Confirmed=U
Filename=tweakdun.exe
Description=Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets
Source=Paul Collins Startup list
[tweakico]
Confirmed=?
Filename=tweakico.exe
Description=<font color="#FF0000">May be a HP program to control their icons?</font>
Source=Paul Collins Startup list
[TwkSCardSrv]
Confirmed=N
Filename=SCardS32.Exe
Description=Used with Towitoko SmartCard Readers for card recognition
Source=Paul Collins Startup list
[Twunk_64]
Confirmed=X
Filename=twunk_64.exe
Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Source=Paul Collins Startup list
[type32]
Confirmed=N
Filename=type32.exe
Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
Source=Paul Collins Startup list
[TypingSatellite]
Confirmed=N
Filename=KBOOST.exe
Description=<a href="http://www.typingmaster.com" target="_blank">Typing Master 2002</a> background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs
Description=Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed
Source=Paul Collins Startup list
[uc_start]
Confirmed=N
Filename=ucstartup.exe
Description=Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc
Source=Paul Collins Startup list
[UD Agent]
Confirmed=U
Filename=UD.EXE
Description=The <a href="http://members.ud.com/download/gold/" target="_blank">United Devices Agent</a> can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs
Source=Paul Collins Startup list
[Ueproc32]
Confirmed=U
Filename=UEPROC32.exe
Description=Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
Source=Paul Collins Startup list
[ugon]
Confirmed=?
Filename=aockstrs.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Uidler]
Confirmed=N
Filename=Uidler.exe
Description=Uniloc Titlewave Browser used with some shareware
Source=Paul Collins Startup list
[UIWatcher]
Confirmed=N
Filename=UIWatcher.exe
Description=<a href="http://www.ashampoo.com/frontend/products/php/product.php?idstring=0103&session_langid=2" target="_blank">Ashampoo Uninstaller Suite</a> - installation watcher. Available via Start -> Programs
Source=Paul Collins Startup list
[UKVideo2]
Confirmed=X
Filename=ukvideo2.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[Ulead Photo Express x.0 Calendar]
Confirmed=N
Filename=calcheck.exe
Description=Ulead Calendar Checker - part of <a href="http://www.ulead.com/pe/runme.htm" target="_blank">Ulead Photo Express</a>, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See <a href="http://support.ulead.com/kb/0008/KB603.htm" target="_blank">here</a> for disabling instructions
Description=<a href="http://www.zabaware.com/assistant/" target="_blank">Zabaware Ultra Hal Assistant</a> - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion
Source=Paul Collins Startup list
[Ulubione]
Confirmed=X
Filename=sys****.exe
Description=Search Hijacker, redirecting to maxxxhosters.com - where **** are random characters
Source=Paul Collins Startup list
[UMAX VistaAccess]
Confirmed=N
Filename=vsaccess.exe
Description=VistaAccess gives you quick and easy access to scanning functions right from your desktop
Source=Paul Collins Startup list
[UMonit]
Confirmed=U
Filename=umonit.exe
Description=Alerts when USB device is plugged in
Source=Paul Collins Startup list
[umxagent]
Confirmed=Y
Filename=umxagent.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4 - main engine
Source=Paul Collins Startup list
[umxldra]
Confirmed=Y
Filename=umxldra.exe
Description=User mode executive module DLL loader - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
Source=Paul Collins Startup list
[UMXLDRW]
Confirmed=Y
Filename=UMXLDRW.exe
Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> (pre V4)
Source=Paul Collins Startup list
[un32info]
Confirmed=X
Filename=un32info.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[uninstal]
Confirmed=X
Filename=regsvr32 /u /s image.dll
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related
Source=Paul Collins Startup list
[Uninstall****]
Confirmed=X
Filename=upd.exe
Description=Adult content based screen saver where **** can be any number
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[unldr32]
Confirmed=X
Filename=unldr32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list
[untray]
Confirmed=Y
Filename=untray.exe
Description=Part of <a href="http://www.authentium.com/solutions/products/commandantivirus.cfm" target="_blank">Command AntiVirus</a>
Source=Paul Collins Startup list
[uoltray]
Confirmed=N
Filename=exec.exe
Description=Netzero free ISP software - not required
Source=Paul Collins Startup list
[UpConfgVer]
Confirmed=N
Filename=UpgConf.exe
Description=Panda Antivirus Platinum. Purpose unclear, but according to Panda Software not required for the AV to function
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=[original file path]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html" target="_blank">LYNDEGG</a> WORM!
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=CDUpdater.exe
Description="Carpe Diem" adult premium rate dialler related
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=Sysupd.exe
Description=Added by the SLACKBOT VIRUS!
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=Zupdate.exe
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=mshtm.exe
Description=Browser hijacker - redirecting to buldog-search.com
Source=Paul Collins Startup list
[Update]
Confirmed=X
Filename=UPDATE-28062004.exe[25 blank spaces].vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.midfin@mm.html" target=_blank>MIDFIN</a> WORM!
Source=Paul Collins Startup list
[Update for Works]
Confirmed=?
Filename=MSWkstz.exe
Description=<font color="#FF0000">Maybe related to later versions of MS Works?</font>
Source=Paul Collins Startup list
[Update Grokster]
Confirmed=N
Filename=WiseUpdt.exe
Description=Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor
Source=Paul Collins Startup list
[Update Install]
Confirmed=X
Filename=Schost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Update local]
Confirmed=?
Filename=SetCPQLC.exe
Description=<font color="#FF0000">Running on a Compaq desktop. Any ideas?</font>
Source=Paul Collins Startup list
[Update Manager]
Confirmed=N
Filename=UpdateManager.exe
Description=Searches for updates for the Rogers <a href="http://help.yahoo.com/rogers/browser/" target=_blank>Yahoo! Browser</a> - can be run manually
Source=Paul Collins Startup list
[update run dos]
Confirmed=X
Filename=logon.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Update Service]
Confirmed=Y
Filename=Update.exe
Description=Loaded by Handybits programs such as <a href="http://www.handybits.com/easycrypto.htm" target="_blank">EasyCrypto</a>. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall
Source=Paul Collins Startup list
[update service]
Confirmed=X
Filename=svxhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmg.html" target=_blank>RBOT-MG</a> WORM!
Source=Paul Collins Startup list
[Update TUT]
Confirmed=?
Filename=WiseUpdt.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Update ver 1.0]
Confirmed=X
Filename=Swap.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32swapc.html" target=_blank>SWAP-C</a> WORM!
Source=Paul Collins Startup list
[UpdateComponent]
Confirmed=X
Filename=CNF UPD.EXE
Description=Added by the SPYBOT.GEN VIRUS!
Source=Paul Collins Startup list
[UpdateFW]
Confirmed=?
Filename=fwdload.exe
Description=<font color="#FF0000">Appears to be firmware update software for a <a href="http://www.sniffer.com/products/atmbook/default.asp" target="_blank">Network Associates ATMbook OC-3 SMF Interface Module</a>?</font>
Source=Paul Collins Startup list
[UPDATEHOOK]
Confirmed=?
Filename=Rundll32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[UpdateManager]
Confirmed=U
Filename=sgtray.exe
Description=StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list
[updater]
Confirmed=X
Filename=wupdater.exe
Description=eUniverse <a href="http://www.doxdesk.com/parasite/KeenValue.html" target="_blank"> KeenValue</a> parasite related
Source=Paul Collins Startup list
[updater]
Confirmed=?
Filename=updater.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Updater Service Process]
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TY" target=_blank>AGOBOT.TY</a> WORM!
Source=Paul Collins Startup list
[updater32]
Confirmed=X
Filename=winload32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.m@mm.html" target="_blank">CULT.M</a> WORM!
Description=Automatically detects an internet connection and downloads any available updates - * is random digit
Source=Paul Collins Startup list
[Updatestats]
Confirmed=N
Filename=Updatestats.exe
Description=<a href="http://www.statblaster.com/" target="_blank">Statblaster</a> - "Get officially liscensed MLB pitch-by-pitch real time updates from every stadium around the league. StatBlaster provides live streaming statistics for each fantasy matchup you want tracked either in one league or across all your leagues"
Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
Source=Paul Collins Startup list
[upddateit]
Confirmed=X
Filename=winit.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotms.html" target=_blank>RBOT-MS</a> WORM!
Description=Reminder to register Creative Labs SoundBlaster Live! cards
Source=Paul Collins Startup list
[UpdSys]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://hq.mcafeeasap.com/dispVirus.asp?virus_k=100057" target="_blank">BJ</a> TROJAN!
Source=Paul Collins Startup list
[UPERVGAS]
Confirmed=?
Filename=UPERVGAS.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[upme]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html" target=_blank>MUGLY.F</a> WORM!
Source=Paul Collins Startup list
[UPNPService]
Confirmed=X
Filename=WinSVCservice.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.UN" target="_blank">AGOBOT.UN</a> WORM!
Description=Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things
Description=Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
Source=Paul Collins Startup list
[URLMAP]
Confirmed=N
Filename=Urlmap.exe
Description=Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it
Source=Paul Collins Startup list
[UrtSvcExe]
Confirmed=Y
Filename=Urt95Svc.exe
Description="Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"
Source=Paul Collins Startup list
[Usb]
Confirmed=?
Filename=Usb.exe
Description=<font color="#FF0000">HP related - not sure whether it's required</font>
Source=Paul Collins Startup list
[USB 2.1 Driver]
Confirmed=X
Filename=winupdate1.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[USB controller]
Confirmed=X
Filename=Svcmm32.exe
Description=Ouchvideo.com 'n-Lite' spyware
Source=Paul Collins Startup list
[USB Device]
Confirmed=X
Filename=servicelog.exe
Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CB" target=_blank>WOOTBOT.CB</a> WORM!
Source=Paul Collins Startup list
[USB Device]
Confirmed=X
Filename=win32usb.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbq.html" target=_blank>FORBOT-BQ</a> WORM!
Source=Paul Collins Startup list
[USB Hardware Monitoring]
Confirmed=X
Filename=USBhardware.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnn.html" target=_blank>RBOT-NN</a> WORM!
Source=Paul Collins Startup list
[USB Host Service]
Confirmed=X
Filename=usbsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgg.html" target="_blank">RBOT-GG</a> WORM!
Source=Paul Collins Startup list
[USB Hub Keyboard Patch]
Confirmed=?
Filename=SKBPATCH.EXE
Description=USB HUB Update
Source=Paul Collins Startup list
[USB SECURITY DEVICE CoInstaller]
Confirmed=Y
Filename=JupitCo.exe
Description=<a href="http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm" target=_blank>ButterflyMedia</a> USB Flash drive related - required for the password security feature to work
Source=Paul Collins Startup list
[UsbD]
Confirmed=X
Filename=smss32.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Proxy.Win32.Agent.cj
Source=Paul Collins Startup list
[UsbD]
Confirmed=X
Filename=svhost32.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_AGENT.IB" target=_blank>AGENT.IB</a> TROJAN!
Source=Paul Collins Startup list
[Usbd]
Confirmed=X
Filename=usb_d.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcidraa.html" target=_blank>CIDRA-A</a> TROJAN!
Source=Paul Collins Startup list
[USBDetector]
Confirmed=U
Filename=USBDetector.exe
Description=USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware
Source=Paul Collins Startup list
[USBDetector]
Confirmed=?
Filename=UDetect.exe
Description=USB detector, apparently for an MP3 player - <font color="#FF0000">any further information appreciated!</font>
Source=Paul Collins Startup list
[usbdrv]
Confirmed=X
Filename=servicetask.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[USBMMKBD]
Confirmed=U
Filename=usbmmkbd.exe
Description=USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version (available <a href="http://h20015.www2.hp.com/en/softwareDownloadIndex.jhtml?reg=&cc=&softitem=pv-10327-1&prodId=hppavilion18376&lc=en&sw_lang=en" target="_blank">here</a>) no longer pings a server when on-line wheras the older version did but did not transmit any user information
Source=Paul Collins Startup list
[usbn]
Confirmed=X
Filename=usbn.exe
Description=Adult content dialer, recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.Small.afa
Source=Paul Collins Startup list
[USBPNP]
Confirmed=Y
Filename=USBPNP.exe
Description=SiPix digital camera Twain USB driver
Source=Paul Collins Startup list
[USBTA]
Confirmed=N
Filename=usbtapnp.exe
Description=System Tray access for the <a href="http://www.bewan.com/bewan/products/isdn/gazel128usb.php" target="_blank">BeWAN Gazel 128 USB</a> ISDN adapter
Source=Paul Collins Startup list
[User Services]
Confirmed=X
Filename=usersvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.a.html" target="_blank">REVCUSS.A</a> TROJAN!
Source=Paul Collins Startup list
[User23.exe]
Confirmed=X
Filename=DIAL.exe
Description=This is a trojan trying to disguise itself as User32.dll
Source=Paul Collins Startup list
[User32]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html" target="_blank">NETTRASH</a> TROJAN!
Source=Paul Collins Startup list
[UserFaultCheck]
Confirmed=N
Filename=dumprep 0 -u
Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
Source=Paul Collins Startup list
[UserSystem]
Confirmed=X
Filename=[filename]
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> SmartSearch variant - also see <a href="http://www.sophos.com/virusinfo/analyses/trojsearcha.html" target="_blank">here</a>
Source=Paul Collins Startup list
[ushli]
Confirmed=X
Filename=sscbltqu.exe
Description=Obtained from an MP3 search list site. Also generates random processes on reboot
Source=Paul Collins Startup list
[usrgtway.exe]
Confirmed=X
Filename=syswrun4x.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.e.html" target="_blank">MITGLIEDER.E</a> TROJAN!
Source=Paul Collins Startup list
[USRobotics 802.11g Wireless Network Utility]
Confirmed=N
Filename=USRWLANG.exe
Description=USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties
Source=Paul Collins Startup list
[Usrobotics Online Registration]
Confirmed=N
Filename=??
Description=Pop-up reminding customers to register their products online at US Robotics
Description=Wireless Card controller. <font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[USSShReg]
Confirmed=N
Filename=USSSHREG.EXE
Description=Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers
Source=Paul Collins Startup list
[Utility Ping]
Confirmed=?
Filename=UTILIT~1.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[UtilityPro]
Confirmed=N
Filename=UtilityPro.exe
Description=IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by <a href="http://www.buildyourowntoolbar.com/" target="_blank"> Rawhide Search Solutions</a>
Source=Paul Collins Startup list
[UTILsInst]
Confirmed=Y
Filename=N/A
Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Source=Paul Collins Startup list
[Utopia Angel]
Confirmed=N
Filename=Angel.exe
Description=Calculator for the online <a href="http://games.swirve.com/utopia/" target="_blank">Utopia</a> game
Source=Paul Collins Startup list
[uwyrl]
Confirmed=X
Filename=uwyrl.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.phel.a.html" target=_blank>PHEL.A</a> TROJAN!
Source=Paul Collins Startup list
[V.92 Modem On Hold]
Confirmed=U
Filename=Ltmoh.exe
Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Source=Paul Collins Startup list
[V128IID]
Confirmed=Y
Filename=Rundll32.exe v128iitw.dll, STB_InitTweak
Description=Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
Source=Paul Collins Startup list
[V128IITV]
Confirmed=?
Filename=??
Description=Loads drivers for some STB graphics cards. <font color="#FF0000">May be related to such a card with a TV out option?</font>
Source=Paul Collins Startup list
[V66SHELL]
Confirmed=?
Filename=V66SHELL.EXE
Description=<font color="#FF0000">It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?</font>
Source=Paul Collins Startup list
[va10key]
Confirmed=U
Filename=va10key.exe
Description=Only required if you use the 10 kay bay unit with a Sony Vaio laptop
Source=Paul Collins Startup list
[VAGCtrl]
Confirmed=Y
Filename=VAGCTRL.EXE
Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
Source=Paul Collins Startup list
[VAGuard]
Confirmed=Y
Filename=VAGNT.exe
Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
Source=Paul Collins Startup list
[VAIO Action Setup (Server)]
Confirmed=U
Filename=VAServ.exe
Description=Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB
Source=Paul Collins Startup list
[VAIO Recovery]
Confirmed=U
Filename=PartSeal.exe
Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Source=Paul Collins Startup list
[ValidData]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html" target="_blank">RANKY.H</a> TROJAN!
Source=Paul Collins Startup list
[vb6]
Confirmed=X
Filename=vb6.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.d@mm.html" target=_blank>MUGLY.D</a> WORM!
Source=Paul Collins Startup list
[VBouncer]
Confirmed=X
Filename=VirtualBouncer.exe
Description=<a href="http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp" target=_blank>Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=95e66f0.0302121154.4a347ea0%40posting.google.com" target=_blank>here</a> and <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=3789" target=_blank>here</a>
Source=Paul Collins Startup list
[VbouncerDL]
Confirmed=X
Filename=VbouncerInner****.exe [* = random char]
Description=<a href="http://www.doxdesk.com/parasite/" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=95e66f0.0302121154.4a347ea0%40posting.google.com" target="_blank">here</a> and <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=3789" target="_blank">here</a>
Source=Paul Collins Startup list
[VbouncerDL]
Confirmed=X
Filename=VBouncerInner.exe
Description=Virtual <a href="http://www.doxdesk.com/parasite/" target=_blank>Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself
Source=Paul Collins Startup list
[VBundleOuterDL]
Confirmed=X
Filename=BundleOuter.EXE
Description=<a href="http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp" target="_blank">VirtualBouncer 2.0</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
Source=Paul Collins Startup list
[VB_run]
Confirmed=X
Filename=comctl_32.exe
Description=Dubious downloader from densmail.com
Source=Paul Collins Startup list
[VC5MediaPlayer]
Confirmed=X
Filename=csmss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dedlerb.html" target=_blank>DEDLER-B</a> WORM!
Source=Paul Collins Startup list
[VC5Play]
Confirmed=N
Filename=VC5Play.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 5. Available via Start -> Programs
Source=Paul Collins Startup list
[VCatch]
Confirmed=X
Filename=Vcatch.exe
Description=CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!
Source=Paul Collins Startup list
[VCatch Premium]
Confirmed=X
Filename=VCatchpre.exe
Description=VCatch antivirus. Considered spyware itself - see <a href="http://research.pestpatrol.com/PestInfo/Pest_Detail.asp?id=57684" target="_blank">here</a>
Source=Paul Collins Startup list
[VCDPlayer]
Confirmed=N
Filename=VCDPlayer.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[vcdplayx]
Confirmed=N
Filename=vcdplayx.exe
Description=CD emulation part of <a href="http://www.farstone.com/home/en/shtml/gamedovview.shtml" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/home/en/shtml/vdpoverview.shtml" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
Source=Paul Collins Startup list
[VCDTower]
Confirmed=U
Filename=VCDTower.exe
Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Source=Paul Collins Startup list
[VCDWATCH]
Confirmed=?
Filename=VCDWATCH.EXE
Description=<font color="#FF0000">Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?</font>
Source=Paul Collins Startup list
[VCSPlayer]
Confirmed=N
Filename=vcsplay.exe
Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[VDI Manager (HP)]
Confirmed=?
Filename=HPO0VDX05.exe
Description=<font color="#FF0000">HP (Hewlett-Packard) related. Now - what does it do?</font>
Source=Paul Collins Startup list
[vdtask]
Confirmed=N
Filename=vdtask.exe
Description=Program part of <a href="http://www.farstone.com/home/en/shtml/gamedovview.shtml" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/home/en/shtml/vdpoverview.shtml" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
Description=<a href="http://www.verizon.net/pands/dsl/benefits/controlpad.asp" target="_blank">Control Pad</a> - installed with Verizon DSL accounts. Tool designed to streamline the online experience
Source=Paul Collins Startup list
[Verizon Online Support Center]
Confirmed=U
Filename=matcli.exe
Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide
Description="Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly <a href="http://www.mic-innovations.com/keyboards_keypads_notes.html" target="_blank">Micro Innovations</a>) keyboards
Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware related
Source=Paul Collins Startup list
[Vet Alert]
Confirmed=Y
Filename=vetmsg9x.exe
Description=Computer Associates "InnoculateIT" and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software
Source=Paul Collins Startup list
[Vet Start Up]
Confirmed=Y
Filename=vet98.exe
Description=Computer Associates "InnoculateIT" and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list
[Vet Start Up]
Confirmed=Y
Filename=vet32.exe
Description=Computer Associates "InnoculateIT" and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
Source=Paul Collins Startup list
[VetTray]
Confirmed=U
Filename=vettray.exe
Description=Computer Associates "InnoculateIT" and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources
Source=Paul Collins Startup list
[VFW Encoder/Decoder Settings]
Confirmed=X
Filename=RUNDLL32.exe MSSIGN30.DLL ondll_reg
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[VGAUtil]
Confirmed=U
Filename=G-VGA.exe
Description=Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)
Source=Paul Collins Startup list
[vid32cntl]
Confirmed=X
Filename=vid32cntl.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[vidcntl]
Confirmed=X
Filename=vidcntl.Exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
Source=Paul Collins Startup list
[Vidcompat]
Confirmed=X
Filename=Vidcompat.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Video]
Confirmed=X
Filename=explored.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rf.html" target="_blank">GAOBOT.RF</a> WORM!
Source=Paul Collins Startup list
[Video]
Confirmed=X
Filename=winamp32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotng.html" target=_blank>AGOBOT-NG</a> WORM!
Source=Paul Collins Startup list
[Video Lan Player]
Confirmed=X
Filename=VideoLanPlayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmy.html" target=_blank>RBOT-MY</a> WORM!
Source=Paul Collins Startup list
[Video Manager]
Confirmed=X
Filename=videomgr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.c.worm.html" target="_blank">PANDEM.C</a> WORM!
Source=Paul Collins Startup list
[Video Multimedia Driver]
Confirmed=X
Filename=ndrives32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdk.html" target="_blank">RBOT-DK</a> WORM!
Source=Paul Collins Startup list
[Video Proces]
Confirmed=X
Filename=winaps.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HD&VSect=T" target=_blank>AGOBOT.HD</a> WORM!
Source=Paul Collins Startup list
[Video Process]
Confirmed=X
Filename=sysconf.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html" target="_blank">GAOBOT.GEN!POLY</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html" target="_blank">GAOBOT.UM</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adx.html" target="_blank">GAOBOT.ADX</a> WORMS!
Source=Paul Collins Startup list
[Video Process]
Confirmed=X
Filename=MS32x16.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
Source=Paul Collins Startup list
[Video Process]
Confirmed=X
Filename=netsvcs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LH" target="_blank">AGOBOT.LH</a> WORM!
Source=Paul Collins Startup list
[Video Process]
Confirmed=X
Filename=MSlti64.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UE" target=_blank>AGOBOT.UE</a> WORM!
Source=Paul Collins Startup list
[Video Process]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlm.html" target=_blank>RBOT-LM</a> WORM!
Source=Paul Collins Startup list
[Video Services]
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gl.html" target="_blank">GAOBOT.GL</a> WORM!
Source=Paul Collins Startup list
[Video Services]
Confirmed=X
Filename=videol_32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdm.html" target="_blank">AGOBOT-DM</a> WORM!
Source=Paul Collins Startup list
[Video Services]
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.PS" target=_blank>AGOBOT.PS</a> WORM!
Source=Paul Collins Startup list
[Videocntl]
Confirmed=X
Filename=Videocntl.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
Source=Paul Collins Startup list
[VideoDriver]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A" target="_blank">GSPOT20.A</a> TROJAN!
Source=Paul Collins Startup list
[VideoDriver]
Confirmed=X
Filename=videodrv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html" target="_blank">MIMAIL.A</a> WORM!
Source=Paul Collins Startup list
[VideoDriver]
Confirmed=X
Filename=gspotbot.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spigot.c.html" target="_blank">SPIGOT.C</a> TROJAN!
Source=Paul Collins Startup list
[Videool32]
Confirmed=X
Filename=VIDEOL32.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EC" target="_blank">AGOBOT.EC</a> WORM!
Source=Paul Collins Startup list
[VidSvr]
Confirmed=N
Filename=vidsvr.exe
Description=MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Source=Paul Collins Startup list
[vietato.exe]
Confirmed=X
Filename=vietato.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[ViewMgr]
Confirmed=N
Filename=ViewMgr.exe
Description=<a href="http://www.viewpoint.com/pub/products/manager.html" target=_blank>Viewpoint Manager</a> - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again
Source=Paul Collins Startup list
[Vinny]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Virt.exe]
Confirmed=X
Filename=Virt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!
Source=Paul Collins Startup list
[VirtuaGirl]
Confirmed=U
Filename=Vg.exe
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list
[VirtuaGirl2]
Confirmed=U
Filename=VirtuaGirl2
Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
Source=Paul Collins Startup list
[virtual]
Confirmed=X
Filename=winit.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.mugly.a@mm.html" target=_blank>MUGLY.A</a> or <a href="http://www.symantec.com/avcenter/venc/data/w32.mugly.b@mm.html" target=_blank>MUGLY.B</a> WORMS!
Source=Paul Collins Startup list
[virtual]
Confirmed=X
Filename=winprotect.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.c@mm.html" target=_blank>MUGLY.C</a> WORM!
Source=Paul Collins Startup list
[Virtual Access Scheduler]
Confirmed=U
Filename=VASCHD32.EXE
Description=The scheduler for mail and usenet tool
Source=Paul Collins Startup list
[Virtual Bouncer]
Confirmed=X
Filename=VirtualBouncer.exe
Description=<a href="http://www.doxdesk.com/parasite/" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=95e66f0.0302121154.4a347ea0%40posting.google.com" target="_blank">here</a> and <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=3789" target="_blank">here</a>
Source=Paul Collins Startup list
[VirtualCloneDrive]
Confirmed=N
Filename=VCDDaemon.exe
Description=Virtual Clone Drive, part of <a href="http://www.elby.ch/products/clone_cd/" target="_blank">CloneCD</a> CD/DVD copying sofware. Discontinued
Source=Paul Collins Startup list
[VirtualDrive]
Confirmed=N
Filename=VDTask.exe
Description=<a href="http://www.farstone.com/home/en/html/productsvdp.htm" target="_blank">VirtualDrive</a> from Farstone - virtual CD drive emulator. Available via Start -> Programs
Source=Paul Collins Startup list
[VirtuaReminder]
Confirmed=U
Filename=VirtuaReminder.exe
Description=<a href="http://hus7.rsn.bth.se/~nopo/" target="_blank">VirtuaReminder</a> is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc
Source=Paul Collins Startup list
[Virus Scan]
Confirmed=X
Filename=virscana.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[VirusCheckII]
Confirmed=X
Filename=AVIRCHK.EXE
Description=Added by the <a href="http://www.esecurityplanet.com/alerts/article.php/1031_1572161" target="_blank">DASMIN</a> TROJAN!
Source=Paul Collins Startup list
[VirusScan Online]
Confirmed=Y
Filename=mcvsshld.exe
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list
[VirusScanMSC]
Confirmed=?
Filename=VsStat.exe
Description=Part of McAfee VirusScan. <font color="#FF0000">System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required?</font>
Source=Paul Collins Startup list
[Virus_Scanner]
Confirmed=X
Filename=Virus_Cleaner.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.panol@mm.html" target="_blank">PANOL</a> WORM!
Description=Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens
Source=Paul Collins Startup list
[VividGalut]
Confirmed=X
Filename=VividGalut.exe
Description=Adult content related web downloader
Source=Paul Collins Startup list
[VMDFW]
Confirmed=Y
Filename=vmdfw.exe
Description=<a href="http://www.virusmd.com/products/firewall.php" target="_blank">VirusMD Personal Firewall</a>
Source=Paul Collins Startup list
[Vmmon32]
Confirmed=X
Filename=vmmon32.exe
Description=Browser hijacker
Source=Paul Collins Startup list
[vmsnGraber]
Confirmed=X
Filename=VMSNGRABER.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.b@mm.html" target=_blank>ENVID.B</a> WORM!
Source=Paul Collins Startup list
[vmss]
Confirmed=X
Filename=vmss.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
Source=Paul Collins Startup list
[VnCplUpdate]
Confirmed=X
Filename=msdm.exe
Description=Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in <a href="http://www.dslreports.com/forum/remark,8021632~root=security,1~mode=flat" target="_blank"> this advisory</a>
Source=Paul Collins Startup list
[VOBID]
Confirmed=U
Filename=InstantDrive.exe
Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computerÆs hard drive. Part of InstantCD/DVD burning software
Source=Paul Collins Startup list
[VOBRegCheck]
Confirmed=Y
Filename=VOBRegCheck.exe
Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
Source=Paul Collins Startup list
[Vonage]
Confirmed=U
Filename=click2call.exe
Description=<a href="http://www.vonage.com/index.php" target=_blank>Vonage</a> Voice over IP Internet phone service
Description=Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not
Source=Paul Collins Startup list
[voowsmcr]
Confirmed=?
Filename=huhdir.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Vortex Tray]
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Confirmed=N
Filename=au30setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Confirmed=N
Filename=asp4tray.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VortexTray]
Confirmed=N
Filename=asp4setp.exe
Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Source=Paul Collins Startup list
[VoyetraTray]
Confirmed=N
Filename=vtray.exe
Description=This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
Source=Paul Collins Startup list
[Vpop3 Mail Server]
Confirmed=U
Filename=vpop3.exe
Description=Mail server from <a href="http://www.vpop3.co.uk" target="_blank">Paul Smith Computer Services</a>. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!
Source=Paul Collins Startup list
[vptray]
Confirmed=U
Filename=vptray.exe
Description=System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer <a href="http://groups.google.com/groups?q=vptray.exe%2BNorton&hl=en&safe=off&rnum=1&ic=1&selm=3A9D3F14.64A4B969%40birminghamchamber.com" target="_blank">here</a>
Description=Part of <a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> antivirus "SmartScan" - alerts the user if files have been changed/added
Source=Paul Collins Startup list
[vscanner]
Confirmed=X
Filename=spooll32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.10" target="_blank">OPTIXPRO.10</a> TROJAN!
Source=Paul Collins Startup list
[VsEcomrEXE]
Confirmed=N
Filename=VSECOMR.EXE
Description=From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts
Source=Paul Collins Startup list
[Vshwin32EXE]
Confirmed=Y
Filename=VSHWIN32.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[VSN]
Confirmed=N
Filename=VSN.exe
Description=Software to share photographs across the internet
Source=Paul Collins Startup list
[VSOCheckTask]
Confirmed=Y
Filename=MCMNHDLR.EXE
Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank"> SecurityCenter</a> and Virusscan Online. Must be enabled for scanning to work
Source=Paul Collins Startup list
[vspdfprsrv.exe]
Confirmed=N
Filename=vspdfprsrv.exe
Description=<a href="http://www.visagesoft.com/pdfprinter/" target="_blank">Visage PDF Printer</a>
Source=Paul Collins Startup list
[VsStatEXE]
Confirmed=Y
Filename=VSSTAT.EXE
Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
Source=Paul Collins Startup list
[vTPass]
Confirmed=N
Filename=vtpassld.exe
Description=Part of <a href="http://www.vtrails.com/about/FAQ.html">vTrails</a> - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file
Source=Paul Collins Startup list
[VTPreset]
Confirmed=U
Filename=VTPreset.exe
Description=Savage Pro S3 graphics software
Source=Paul Collins Startup list
[VTTimer]
Confirmed=U
Filename=VTTimer.exe
Description=Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication
Source=Paul Collins Startup list
[vTunerStartUp]
Confirmed=N
Filename=vTuner.exe
Description=<a href="http://www.vtuner.com/" target="_blank">vTuner</a> - "an easy way to find and listen to radio and TV broadcasts over the Internet"
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokeven.html" target="_blank">SOKEVEN</a> TROJAN!
Source=Paul Collins Startup list
[W32.Scran]
Confirmed=X
Filename=Scran.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.narcs.html" target=_blank>NARCS</a> WORM!
Source=Paul Collins Startup list
[w32alanis]
Confirmed=X
Filename=mope.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sinala@mm.html" target="_blank">SINALA</a> WORM!
Source=Paul Collins Startup list
[W32Load]
Confirmed=X
Filename=[random filename].scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html" target="_blank">CASPID</a> WORM!
Source=Paul Collins Startup list
[w32sup]
Confirmed=X
Filename=w32sup.exe
Description=Adult content dialler
Source=Paul Collins Startup list
[W32Tc]
Confirmed=X
Filename=WTC32.scr
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.vote.d@mm.html" target="_blank">VOTE.D</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.vote.k@mm.html" target="_blank"> VOTE.K</a> WORMS!
Source=Paul Collins Startup list
[W3KNetwork]
Confirmed=X
Filename=rundll32.exe w3knet.dll, dllinitrun
Description=Advertising spyware. Check <a href="http://www.safersite.com/PestInfo/Web3000.asp" target="_blank">here</a> for more info on this particular one
Source=Paul Collins Startup list
[W75P2PSERVER]
Confirmed=Y
Filename=W75P2PS.EXE
Description=Printer utility which is required in order to make the printer work correctly
Source=Paul Collins Startup list
[W815DM]
Confirmed=?
Filename=W815DM.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Wanadoo Messenger.exe]
Confirmed=N
Filename=Wanadoo Messenger.exe
Description=Wanadoo ISP instant messenger client
Source=Paul Collins Startup list
[WanMPSvc]
Confirmed=Y
Filename=WanMPSvc.exe
Description=An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesnÆt help
Description=<a href="http://www.jgaa.com/index.php?menu=154" target="_blank">War FTP Daemon</a> from JGAA's Internet - FTP client
Source=Paul Collins Startup list
[Wardo]
Confirmed=X
Filename=syslaunch.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.a.d.clicker.g.trojan.html" target="_blank">ADLCICKER.G</a> TROJAN!
Source=Paul Collins Startup list
[WareOut]
Confirmed=X
Filename=WareOut.exe
Description=Malware masquerading as a spyware and dialer remover, see <a href="http://www.easydesksoftware.com/news/news29.htm" target=_blank>here</a>
Description=Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files
Source=Paul Collins Startup list
[Warnet]
Confirmed=U
Filename=warnet.exe
Description=<a href="http://www.warnet.com/download.html" target="_blank">Warnet</a> - system cleanup software
Source=Paul Collins Startup list
[Warning: do not remove it!]
Confirmed=U
Filename=fpplock.exe
Description=Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"
Source=Paul Collins Startup list
[WARSVR]
Confirmed=N
Filename=war-ftpd.exe
Description="<a href="http://www.jgaa.com/index.php?menu=154&PHPSESSID=5e40946a3f777b0446aa51537bf27f9f" target="_blank">War FTP Daemon</a> - the original free FTP server for windows"
Description=<a href="http://www.webroot.com/products/windowwasher/" target="_blank">Windows Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[Washerie.exe]
Confirmed=N
Filename=washerie.exe
Description=Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs
Source=Paul Collins Startup list
[washindex]
Confirmed=U
Filename=washidx.exe
Description=<a href="http://www.webroot.com/products/windowwasher/" target="_blank">Windows Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[Wast]
Confirmed=X
Filename=wast.exe
Description=Grokster ads updater
Source=Paul Collins Startup list
[Watch]
Confirmed=N
Filename=watch.exe
Description=Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
Source=Paul Collins Startup list
[Watch]
Confirmed=?
Filename=1200UBWATCH.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Watch Dog Program]
Confirmed=N
Filename=watchdog.exe
Description=For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
Source=Paul Collins Startup list
[Watchdog]
Confirmed=N
Filename=Watchdog.exe
Description=Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage
Source=Paul Collins Startup list
[WatchDog]
Confirmed=?
Filename=watchdog.exe
Description=Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files
Source=Paul Collins Startup list
[WaveTop Launcher]
Confirmed=N
Filename=WaveTop.exe
Description=<a href="http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Receiver 1]
Confirmed=N
Filename=N/A
Description=<a href="http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm" target=_blank>WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Receiver 2]
Confirmed=N
Filename=N/A
Description=<a href="http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm" target=_blank>WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[WaveTop Upload Manager]
Confirmed=N
Filename=N/A
Description=<a href="http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm" target=_blank>WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Source=Paul Collins Startup list
[Wbiff]
Confirmed=N
Filename=Wbiff.exe
Description=<a href="http://shareware.lycos.com/tucows/winnt/preview/6187.shtml" target="_blank">Wbiff!</a> E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received
Source=Paul Collins Startup list
[Wbutton]
Confirmed=?
Filename=Wbutton.exe
Description=Related to the Wacom Penabled driver on Acer Tablet PCs. <font color="#FF0000">Appears to do nothing so is it required?</a>
Source=Paul Collins Startup list
[WCESCOMM]
Confirmed=N
Filename=WCESCOMM.EXE
Description=Active sync for use with Windows CE based palm PC
Source=Paul Collins Startup list
[wcmdmgr]
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[wcmdmgr.exe]
Confirmed=N
Filename=wcmdmgr.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[wcmdmgrl]
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WCOLOREAL]
Confirmed=U
Filename=coloreal.exe
Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.e.html" target="_blank">DLUCA.E</a> TROJAN!
Source=Paul Collins Startup list
[WEATHER]
Confirmed=N
Filename=WEATHER.EXE
Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Source=Paul Collins Startup list
[WeatherCast]
Confirmed=N
Filename=Weather.exe
Description=Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
Source=Paul Collins Startup list
[WeatherOnTray]
Confirmed=X
Filename=WeatherOnTray.exe
Description=<a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target="_blank">Hotbar's</a> Weather Forecast tool for your desktop - adware
Source=Paul Collins Startup list
[WeatherWatcher]
Confirmed=N
Filename=ww.exe
Description=<a href="http://www.singerscreations.com/AboutWeatherWatcher.html" target="_blank">WeatherWatcher</a> - weather reporting in the System Tray
Source=Paul Collins Startup list
[web]
Confirmed=X
Filename=******.exe [* = random char]
Description=Added by a variant of the <a href="http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp" target=_blank>EASTO.A</a> TROJAN!
Description=<a href="http://www.webarmyknife.com/home.php" target=_blank>Web Army Knife</a> - a suite of web site developer's tools
Source=Paul Collins Startup list
[webassist]
Confirmed=X
Filename=webassist.exe
Description=Adware popup generator
Source=Paul Collins Startup list
[Webcam Go Sti Service Application]
Confirmed=?
Filename=wbcgosvc.exe
Description=Control software for the portable <a href="http://www.americas.creative.com/products/product.asp?maincategory=6&category=61&product=56" target="_blank">Creative Video Blaster Webcam Go</a> digital camera/PC web cam. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[WebcamRT.exe]
Confirmed=N
Filename=WEBCAMRT.exe
Description=For Logitech Web Cams. Not required - camera works fine without it
Source=Paul Collins Startup list
[Webcelerator]
Confirmed=X
Filename=webcel.exe
Description=<a href="http://www.webcelerator.com/" target="_blank">Webcelerator</a> from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Spyware and troublesome - see <a href="http://www.sacrelicious.org/webcelerator.html" target="_blank">here</a>
Source=Paul Collins Startup list
[WebCheck]
Confirmed=X
Filename=WebCheck.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.d@mm.html" target="_blank">CONE.C</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.f@mm.html" target="_blank">CONE.F</a> WORMS!
Description=IRC DDoS bot which gives the hacker full control over your system
Source=Paul Collins Startup list
[WebHancer Agent]
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[webHancer Survey Companion]
Confirmed=X
Filename=whSurvey.exe
Description=<a href="http://doxdesk.com/parasite/webHancer.html" target="_blank">WebHancer</a> foistware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there
Source=Paul Collins Startup list
[WebInstall]
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list
[WebInstall2]
Confirmed=X
Filename=WebInstall.exe
Description=ClipGenie adware downloader
Source=Paul Collins Startup list
[WebKey]
Confirmed=N
Filename=WebKey.exe
Description=<a href="http://variagate.com/webkeydl.htm">WebKey</a> from JB Utilities. Utility to keep track of login data required when browsing the internet
Source=Paul Collins Startup list
[WebOutfitterTray]
Confirmed=N
Filename=sttray.exe
Description=Intel <a href="http://www.intel.com/pressroom/archive/releases/cn032699.htm" target="_blank">WebOutfitter</a> service System Tray icon
Source=Paul Collins Startup list
[Webposition Gold 2]
Confirmed=N
Filename=wpsche~1.exe
Description=Scheduler for <a href="http://www.web-positiongold.com/" target="_blank"> Web Position Gold</a> - utility to help optimize the position of web-sites in search engines
Description=<a href="http://12.47.194.20/help/channels.html" target="_blank">WebSaver Live!</a> is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle
Source=Paul Collins Startup list
[WebSavingsfromEbates]
Confirmed=X
Filename=WebSavingsfromEbatesrun.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebSavingsFromEbates0]
Confirmed=X
Filename=WebSavingsFromEbates0.exe
Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebScan]
Confirmed=X
Filename=DEFSCANGUI.EXE
Description=<a href="http://www.stop-sign.com/" target="_blank">Stop-Sign</a> from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware in itself - see their privacy statement <a href="http://www.eacceleration.com/privacy/" target="_blank">here</a>
Source=Paul Collins Startup list
[webscan]
Confirmed=N
Filename=stopsignav.exe
Description=eAcceleration Stop-Sign related - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">note</a>
Source=Paul Collins Startup list
[WebScanX]
Confirmed=Y
Filename=WebScanX.exe
Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Source=Paul Collins Startup list
[websearch]
Confirmed=X
Filename=wjview ...websearch.exe
Description="Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
Source=Paul Collins Startup list
[WebSecureAlert]
Confirmed=X
Filename=WebSecureAlert.exe
Description=WebSecureAlert. "Can help protect your browser security and privacy". However, it's by GAIN Publishing, and will display pop up ads on your computer screen based on your online Web surfing behavior
Source=Paul Collins Startup list
[WebServer]
Confirmed=?
Filename=VBI_SE~1.EXE
Description=<font color="#FF0000">Related to a Pinnacle sound card. What does it do and is it needed?</font>
Source=Paul Collins Startup list
[Webshots]
Confirmed=N
Filename=Webshots Tray.exe
Description=Screensaver program that automatically downloads from the webshots web site
Source=Paul Collins Startup list
[Webshots]
Confirmed=N
Filename=websho~1.exe
Description=Screensaver program that automatically downloads from the webshots web site
Description=Adult content dialler - where ***** are random
Source=Paul Collins Startup list
[Webtrap]
Confirmed=Y
Filename=webtrap.exe
Description=Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
Source=Paul Collins Startup list
[WebTrapNT.exe]
Confirmed=Y
Filename=WebTrapNT.exe
Description=Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
Source=Paul Collins Startup list
[WebWasher]
Confirmed=U
Filename=wwasher.exe
Description=Free Pop-up/ad/javascript filter program from <a href="http://www.webwasher.com" target="_blank">Siemens</a>. If not running then browsers will not be protected but will still work. Available via Start -> Programs
Source=Paul Collins Startup list
[Welcome]
Confirmed=N
Filename=Welcome.exe
Description=Launches the Welcome to Windows tutorial on boot up
Source=Paul Collins Startup list
[WEPstat]
Confirmed=?
Filename=Wepstat.exe
Description=Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". <font color="#FF0000"> Can anybody confirm this?</font>
Source=Paul Collins Startup list
[wersds]
Confirmed=X
Filename=doriot.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/download.ject.c.html" target="_blank">JECT.C</a> TROJAN!
Source=Paul Collins Startup list
[WetSock]
Confirmed=N
Filename=wetsock.exe
Description=<a href="http://www.robomagic.com/wetsock.htm" target="_blank">RoboMagic Wetsock</a> - weather reporting in the System Tray
Source=Paul Collins Startup list
[WFGStartup]
Confirmed=N
Filename=WFGStartup.exe
Description=<a href="http://asia.cnet.com/downloads/handheld/swinfo/0,39001949,39022960s,00.htm" target="_blank">World Weather</a>. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones"
Source=Paul Collins Startup list
[wfips]
Confirmed=U
Filename=iphider.exe
Description=ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. '<a href="http://www.yammie.cc/ibinfo/ibinfo8.asp" target="_blank">ICQ Defoolder</a>' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see <a href="http://www.arcwebserv.com/jumpsite/icqprotect.html" target="_blank">here</a>
Source=Paul Collins Startup list
[WFXCTL32.EXE]
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list
[wfxsnt40]
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
Source=Paul Collins Startup list
[WFXSwtch]
Confirmed=?
Filename=WFXSWTCH.exe
Description=Related to WinFax. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[WG511WLU]
Confirmed=Y
Filename=WG511WLU.exe
Description=Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
Source=Paul Collins Startup list
[WGWLocalManager]
Confirmed=U
Filename=WGWLocalManager.exe
Description=Part of Flash-Networks <a href="http://www.flash-networks.com/Product.asp?table=Providers" target="_blank">NettGain2000</a> product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system
Source=Paul Collins Startup list
[whagent]
Confirmed=X
Filename=whagent.exe
Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[WheelMouse]
Confirmed=U
Filename=4DMAIN.EXE
Description=Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide
Source=Paul Collins Startup list
[WheelMouse]
Confirmed=U
Filename=AMOUMAIN.EXE
Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless mouse driver and utility - required if you use non-standard Windows driver features
Source=Paul Collins Startup list
[WhenUSave]
Confirmed=X
Filename=Save.exe
Description=Rebranded version of SaveNow advertising spyware
Description=Part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games system. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[WildTangent Web Driver updater]
Confirmed=U
Filename=wcmdmgrl.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[Wildwire Monitor]
Confirmed=N
Filename=WWMon.exe
Description=This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
Source=Paul Collins Startup list
[Willow Road]
Confirmed=N
Filename=WillowRoad.exe
Description=Willow Road Screen Saver
Source=Paul Collins Startup list
[win]
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html" target="_blank">SEEKER.K</a> TROJAN!
Source=Paul Collins Startup list
[win]
Confirmed=X
Filename=xwinxrpc32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target="_blank">AGOBOT-MV</a> WORM!
Source=Paul Collins Startup list
[win]
Confirmed=X
Filename=xwinxrpc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target=_blank>AGOBOT-MV</a> WORM!
Source=Paul Collins Startup list
[Win Chimes]
Confirmed=U
Filename=winchi~1.exe
Description=<a href="http://www.ddd.communitech.net/software/winchimes/winchimes.html" target="_blank">WinChimes</a> - enhancement software for the system clock that runs in the system tray
Source=Paul Collins Startup list
[Win Comm]
Confirmed=X
Filename=WinComm.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=804" target=_blank>WebRebates</a> related adware
Source=Paul Collins Startup list
[Win Command]
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65289&VName=WORM_AGOBOT.XQ&VSect=T" target="_blank">AGOBOT.XQ</a> WORM!
Source=Paul Collins Startup list
[Win Command]
Confirmed=X
Filename=command32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65289&VName=WORM_AGOBOT.XQ&VSect=T" target=_blank>AGOBOT.XQ</a> WORM!
Source=Paul Collins Startup list
[WIN HOST PROCESS]
Confirmed=X
Filename=WIN HOST PROCESS.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/keylogger.cone.trojan.html" target="_blank">KEYLOGGER.CLONE</a> TROJAN!
Source=Paul Collins Startup list
[Win l5oahder]
Confirmed=X
Filename=winampa.exe
Description=Added by the SPYBOTER.GEN VIRUS! Not the valid Winamp Agent which uses the same filename. This resides in the System32 sub-folder wheras real one is located in the winamp folder
Source=Paul Collins Startup list
[win name]
Confirmed=?
Filename=stat.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Win Patch]
Confirmed=X
Filename=ntldr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotgs.html" target=_blank>SDBOT-GS</a> WORM!
Source=Paul Collins Startup list
[Win Server]
Confirmed=X
Filename=winserv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list
[Win Server Updt]
Confirmed=X
Filename=wupdt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list
[win update]
Confirmed=X
Filename=wupda32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> WORM!
Source=Paul Collins Startup list
[WIN USB 2.0]
Confirmed=X
Filename=usbsystem.exe
Description=Added by an unidentified WORM of TROJAN!
Source=Paul Collins Startup list
[Win USB 2.0 USB Driver]
Confirmed=X
Filename=HPPrint.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnb.html" target="_blank">SPYBOT.DNB</a> WORM!
Source=Paul Collins Startup list
[WIN-BUGSFIX]
Confirmed=X
Filename=WIN-BUGSFIX.EXE
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list
[Win2Drv]
Confirmed=X
Filename=[worm filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html" target="_blank">WINTOO</a> WORM!
Source=Paul Collins Startup list
[WIN32]
Confirmed=X
Filename=WIN32.EXE
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ratega.html" target="_blank">RATEGA</a> TROJAN!
Source=Paul Collins Startup list
[win32]
Confirmed=X
Filename=Shakira_1997_Part_1_.Mpeg_.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife.n@mm.html" target="_blank">MYLIFE.N</a> WORM!
Source=Paul Collins Startup list
[win32]
Confirmed=X
Filename=Setup_32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.b.html" target="_blank">EVILBOT.B</a> TROJAN!
Source=Paul Collins Startup list
[Win32]
Confirmed=X
Filename=Win32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ISRAZ.A" target="_blank">ISRAZ.A</a> WORM!
Source=Paul Collins Startup list
[win32]
Confirmed=X
Filename=winsrv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.aduent.html" target="_blank">ADUENT</a> TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites
Source=Paul Collins Startup list
[win32]
Confirmed=X
Filename=WinSetup.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.b.html" target="_blank">EVILBOT.B</a> TROJAN!
Source=Paul Collins Startup list
[Win32 Configuration]
Confirmed=X
Filename=videosd32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.TT&VSect=T" target="_blank">SDBOT.TT</a> WORM!
Source=Paul Collins Startup list
[Win32 Configuration]
Confirmed=X
Filename=dllhelp.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.UL" target="_blank">SDBOT.UL</a> WORM!
Source=Paul Collins Startup list
[Win32 Device Loader]
Confirmed=X
Filename=Win32ldr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 DRK Driver]
Confirmed=X
Filename=wdrk32.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.CY" target=_blank>WOOTBOT.CY</a> WORM!
Source=Paul Collins Startup list
[Win32 exe file]
Confirmed=X
Filename=winstr32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 Kernel core component]
Confirmed=X
Filename=Kernel32.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.moks.html" target="_blank">MOKS</a> VIRUS!
Source=Paul Collins Startup list
[Win32 Ms Auto Updater]
Confirmed=X
Filename=AutomsUPD.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 Network Driver]
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 NVIDIA Driver]
Confirmed=X
Filename=MSPMSPSU.EXE
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target=_blank>WOOTBOT.Y</a> WORM!
Source=Paul Collins Startup list
[win32 regedit]
Confirmed=X
Filename=msn32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Win32 Rundll Loader]
Confirmed=X
Filename=Rundll32.exe
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.A" target="_blank">SDBOT.A</a> TROJAN! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:\Windows directory. The version created by this virus is saved in the C:\Windows\System directory
Source=Paul Collins Startup list
[Win32 Services1]
Confirmed=X
Filename=wuamngr1.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpv.html" target="_blank">SDBOT-PV</a> WORM!
Source=Paul Collins Startup list
[Win32 Src Service]
Confirmed=X
Filename=win32src.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsx.html" target=_blank>RBOT-SX</a> WORM!
Source=Paul Collins Startup list
[Win32 SSL Driver]
Confirmed=X
Filename=winssv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbh.html" target=_blank>FORBOT-BH</a> WORM!
Source=Paul Collins Startup list
[Win32 System Spool]
Confirmed=X
Filename=spoolsvc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UK" target="_blank">SDBOT.UK</a> WORM!
Source=Paul Collins Startup list
[Win32 USB Driver]
Confirmed=X
Filename=winxpinit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.aa.html" target="_blank">SDBOT.AA</a> TROJAN!
Source=Paul Collins Startup list
[Win32 USB Driver]
Confirmed=X
Filename=mvsecn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbk.html" target=_blank>FORBOT-BK</a> WORM!
Source=Paul Collins Startup list
[Win32 Usb Driver]
Confirmed=X
Filename=svhosint32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbe.html" target=_blank>FORBOT-BE</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32forbotj.html" target=_blank>FORBOT-J</a> WORMS!
Source=Paul Collins Startup list
[Win32 Usb Driver]
Confirmed=X
Filename=usb32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotov.html" target=_blank>SDBOT-OV</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=win32usb.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dhv.html" target="_blank">SPYBOT.DHV</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=smsc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FO&Vsect=T" target="_blank">SDBOT.FO</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=svchosting.exe
Description=Added by the FORBOT.J or <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.HU" target="_blank">SDBOT.HU</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=sys32.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.X" target="_blank">WOOTBOT.X</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=sys32snd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotan.html" target="_blank">FORBOT-AN</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=wind32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotah.html" target="_blank">FORBOT-AH</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YE" target="_blank">AGOBOT.YE</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=updatemgr.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2 Driver]
Confirmed=X
Filename=winsnd32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Confirmed=X
Filename=386.exe
Description=Added by the <a href="http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html" target="_blank">IRCBOT.D</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Confirmed=X
Filename=rundll16.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.H&VSect=T" target="_blank">WOOTBOT.H</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Confirmed=X
Filename=w32usb2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DN" target="_blank">SPYBOT.DN</a> WORM!
Source=Paul Collins Startup list
[Win32 USB2.0 Driver]
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html" target=_blank>SDBOT-QF</a> WORM!
Source=Paul Collins Startup list
[Win32 Wmls Driver]
Confirmed=X
Filename=winitr32.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.B&VSect=T" target="_blank">WOOTBOT.B</a> WORM!
Source=Paul Collins Startup list
[win32.exe]
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagh.html" target="_blank">STARTPAGE</a> TROJAN!
Source=Paul Collins Startup list
[Win32BaseServiceMOD]
Confirmed=X
Filename=Wintask.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.navidad.16896.html" target="_blank">NAVIDAD</a> WORM!
Source=Paul Collins Startup list
[win32clf]
Confirmed=X
Filename=win32clf.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Win32DLL]
Confirmed=X
Filename=Win32DLL.vbs
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
Source=Paul Collins Startup list
[Win32dll]
Confirmed=X
Filename=Win32dll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.html" target="_blank">BANPAES</a> TROJAN!
Source=Paul Collins Startup list
[Win32G]
Confirmed=X
Filename=Kernel32.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html" target="_blank">ESTRELLA</a> TROJAN!
Source=Paul Collins Startup list
[Win32G]
Confirmed=X
Filename=Scandisk.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html" target="_blank">ESTRELLA</a> TROJAN
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.c.html" target="_blank">IRC.ALADINZ.C</a> TROJAN!
Source=Paul Collins Startup list
[Win32R]
Confirmed=X
Filename=Server.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html" target="_blank">ESTRELLA</a> TROJAN!
Source=Paul Collins Startup list
[WIN32SL]
Confirmed=Y
Filename=Win32sl.exe
Description=Part of <a href="http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work
Source=Paul Collins Startup list
[WIN32SNDS]
Confirmed=X
Filename=banc.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Win32system]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html" target="_blank">DDV.B</a> WORM!
Source=Paul Collins Startup list
[Win32System]
Confirmed=X
Filename=win32s.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.v" target="_blank">MYDOOM.V</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotra.html" target=_blank>RBOT-RA</a> WORM!
Source=Paul Collins Startup list
[win32_i lptt01]
Confirmed=X
Filename=win32_i.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "win32_i" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[win32_i ml097e]
Confirmed=X
Filename=win32_i.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "win32_i" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[Win386]
Confirmed=X
Filename=Win386.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.gosusub.html" target="_blank">GOSUSUB</a> VIRUS!
Source=Paul Collins Startup list
[Win386]
Confirmed=X
Filename=sp32.dll
Description=Homepage hijacker. Not a dll but a regfile in disguise
Source=Paul Collins Startup list
[WIN3S2SNDS]
Confirmed=X
Filename=winabsmod.exe
Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Source=Paul Collins Startup list
[WIN3S2SNDS]
Confirmed=X
Filename=winiprtx.exe
Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcs.html" target=_blank>FORBOT-CS</a> WORM!
Source=Paul Collins Startup list
[winactive]
Confirmed=X
Filename=WINACTIVE.EXE
Description=Active variant of LOP.com hijacker - see <a href="http://www.doxdesk.com/parasite/lop.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[WinActiveJ]
Confirmed=X
Filename=WinActiveJ.exe
Description=Added by the ROTARRAN VIRUS!
Source=Paul Collins Startup list
[Winad Client]
Confirmed=X
Filename=Winad.exe
Description=WinAd adware by eXact Advertising
Source=Paul Collins Startup list
[winadm]
Confirmed=X
Filename=winadm.exe
Description=Browser hijacker - redirecting to Search-World.net. Related to the <a href="http://castlecops.com/modules.php?name=Encyclopedia&op=content&tid=6" target=_blank>SMALL.LR</a> TROJAN!
Source=Paul Collins Startup list
[Winahlp.exe]
Confirmed=X
Filename=Winahlp.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
Source=Paul Collins Startup list
[winallap]
Confirmed=X
Filename=winallap.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.e.html" target="_blank">DELF.E</a> TROJAN!
Source=Paul Collins Startup list
[winallapu]
Confirmed=X
Filename=winallapu.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.e.html" target="_blank">DELF.E</a> TROJAN!
Source=Paul Collins Startup list
[Winamp]
Confirmed=X
Filename=winamp.hta
Description=Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp
Source=Paul Collins Startup list
[Winamp]
Confirmed=X
Filename=winamp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmc.html" target=_blank>AGOBOT-MC</a> WORM! Note - this is NOT the Winamp Media Player (WinAmpa.exe)
Source=Paul Collins Startup list
[Winamp media player]
Confirmed=X
Filename=winapa.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Winampa]
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
Source=Paul Collins Startup list
[Winampa]
Confirmed=X
Filename=winampa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotgs.html" target=_blank>AGOBOT-GS</a> WORM!
Source=Paul Collins Startup list
[Winampa Agent]
Confirmed=X
Filename=WINAMPA.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotbr.html" target=_blank>SPYBOT-BR</a> WORM! Note - this is NOT the Winamp Media Player
Source=Paul Collins Startup list
[WinampAgent]
Confirmed=U
Filename=WINAMPa.exe
Description=Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
Source=Paul Collins Startup list
[WinApi]
Confirmed=X
Filename=winapix.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[Winapp]
Confirmed=X
Filename=winpup32.exe
Description=Produces popup ads to adult content sites
Source=Paul Collins Startup list
[WinApp32]
Confirmed=X
Filename=msapp.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.rsbot.html" target="_blank">RSBOT</a> TROJAN!
Source=Paul Collins Startup list
[WinAuth]
Confirmed=X
Filename=winlogon.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the valid <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process
Description="<a href="http://www.winbar.nl/" target="_blank">WinBar</a> is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"
Source=Paul Collins Startup list
[winbas12]
Confirmed=X
Filename=winbas12.exe
Description=Adware, probably <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as TrojanDownloader.Win32.VB.du
Source=Paul Collins Startup list
[Winbed]
Confirmed=X
Filename=winbed.exe
Description=Hijacker
Source=Paul Collins Startup list
[WinCheck]
Confirmed=X
Filename=WinCheck.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_98807.htm" target="_blank">PWS-CY</a> TROJAN!
Source=Paul Collins Startup list
[WINCINEMAMGR]
Confirmed=N
Filename=WINCIN~1.EXE
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[WinCinemaMgr]
Confirmed=N
Filename=WinCinemaMgr.exe
Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Source=Paul Collins Startup list
[WinCSRSS]
Confirmed=X
Filename=MSGRT32.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrewindoa.html" target=_blank>REWINDO-A</a> TROJAN!
Source=Paul Collins Startup list
[wind.exe]
Confirmed=X
Filename=wind.exe
Description=Added by the <a href="http://www.viruslist.com/eng/viruslist.html?id=796840" target="_blank">MITGLIEDER.BD</a> TROJAN!
Source=Paul Collins Startup list
[WIND0WS]
Confirmed=X
Filename=WIND0WS.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.DQ" target="_blank">SPYBOT.DQ</a> WORM!
Source=Paul Collins Startup list
[WinDates]
Confirmed=N
Filename=windates.exe
Description=WinDates is a calendar, date organizer and event reminder program from Rockin' Software
Source=Paul Collins Startup list
[windbs]
Confirmed=X
Filename=winxtc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwd.html" target="_blank">AGOBOT-WD</a> WORM!
Source=Paul Collins Startup list
[Winde]
Confirmed=X
Filename=winde.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.html" target="_blank"> DLUCA</a> TROJAN!
Source=Paul Collins Startup list
[windef]
Confirmed=X
Filename=Win32sp.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.anpes@mm.html" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list
[windir]
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list
[Windll]
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trynoma.html" target="_blank">TRYNOMA</a> TROJAN!
Source=Paul Collins Startup list
[WINDLL]
Confirmed=U
Filename=WSYS.EXE
Description=STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more"
Source=Paul Collins Startup list
[windll]
Confirmed=X
Filename=windll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list
[Windll.exe]
Confirmed=X
Filename=Windll.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.stealer.html" target="_blank">STEALER</a> TROJAN!
Source=Paul Collins Startup list
[Windll32]
Confirmed=X
Filename=Windll32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/msnpws.trojan.html" target="_blank">MSNPWS</a> TROJAN!
Source=Paul Collins Startup list
[windllsys32.exe]
Confirmed=X
Filename=windllsys32.exe
Description=Added by a variant of the <a href="http://castlecops.com/modules.php?name=Encyclopedia&op=content&tid=5" target="_blank">MITGLIEDER.BY</a> TROJAN!
Source=Paul Collins Startup list
[WinDNS]
Confirmed=X
Filename=windns32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wx.html" target="_blank">GAOBOT.WX</a> WORM!
Source=Paul Collins Startup list
[Windoes Kernel]
Confirmed=X
Filename=kernel32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
Source=Paul Collins Startup list
[Window]
Confirmed=X
Filename=explore.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adw.html" target="_blank">GAOBOT.ADW</a> WORM!
Source=Paul Collins Startup list
[Window Loader]
Confirmed=X
Filename=Dos32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Window Monitor]
Confirmed=X
Filename=winmon32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RT&VSect=T" target="_blank">SDBOT.RT</a> WORM!
Source=Paul Collins Startup list
[Window Washer]
Confirmed=U
Filename=wwDisp.exe
Description=<a href="http://www.webroot.com/products/windowwasher/" target="_blank">Windows Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Source=Paul Collins Startup list
[window.exe]
Confirmed=X
Filename=window.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.h.html" target="_blank">MITGLIEDER.H</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.j.html" target="_blank">MITGLIEDER.J</a> TROJANS!
Source=Paul Collins Startup list
[window2]
Confirmed=X
Filename=ssvchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.h.html" target="_blank">IRCBOT.H</a> TROJAN!
Source=Paul Collins Startup list
[WindowBlinds]
Confirmed=U
Filename=wbload.exe
Description=<a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins
Description=Stardock <a href="http://www.stardock.com/products/windowfx/" target="_blank"> WindowFX</a> - "Allows you to add an unprecedented number of special effects to windows"
Source=Paul Collins Startup list
[Windows]
Confirmed=X
Filename=Kernel32.exe
Description=Added by the <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A" target="_blank"> TENDOOLF</a> WORM!
Source=Paul Collins Startup list
[Windows]
Confirmed=X
Filename=msdos98.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.trojan.html" target="_blank"> PWSTEAL</a> TROJAN!
Source=Paul Collins Startup list
[Windows]
Confirmed=X
Filename=Windows.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KAZMOR.A&VSect=T" target="_blank"> KAZMOR</a>, <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bobbins.html" target="_blank">BOBBINS</a> & <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.d.html" target="_blank"> ALADINZ.D</a> TROJANS!
Source=Paul Collins Startup list
[Windows]
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[windows]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html" target="_blank">AIMWIN</a> TROJAN!
Source=Paul Collins Startup list
[windows]
Confirmed=X
Filename=hkey.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html" target="_blank">GAOBOT.AFW</a> WORM!
Source=Paul Collins Startup list
[windows]
Confirmed=X
Filename=system copy.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html" target=_blank>SALGA.A</a> WORM!
Source=Paul Collins Startup list
[Windows (random character)]
Confirmed=X
Filename=diskcheck.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.singu.b.html" target=_blank>SINGU.B</a> TROJAN!
Source=Paul Collins Startup list
[Windows Accelerators]
Confirmed=U
Filename=setup.exe
Description=<a href="http://www.keyspy.net/" target="_blank">KeySpy</a> keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html" target=_blank>SDBOT-BG</a> WORM!
Source=Paul Collins Startup list
[windows auto update]
Confirmed=X
Filename=penis32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html" target="_blank">BLASTER</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A" target="_blank">MSBLAST.A</a>) WORM!
Source=Paul Collins Startup list
[Windows Auto Update]
Confirmed=X
Filename=winupdater.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.TF" target=_blank>SDBOT.TF</a> WORM!
Source=Paul Collins Startup list
[windows auto update ]
Confirmed=X
Filename=msblast.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html" target="_blank">BLASTER.B</a> WORM!
Source=Paul Collins Startup list
[Windows Automatic Update]
Confirmed=X
Filename=wuamgrder.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Automatic Updates]
Confirmed=X
Filename=dvldr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF" target=_blank>RBOT.MF</a> WORM!
Source=Paul Collins Startup list
[windows automation]
Confirmed=X
Filename=mslaugh.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html" target="_blank">BLASTER.E</a> WORM!
Source=Paul Collins Startup list
[Windows Automation]
Confirmed=X
Filename=msdspr.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.solame.a.html" target="_blank">SOLAME.A</a> WORM!
Source=Paul Collins Startup list
[Windows backup]
Confirmed=X
Filename=systemss.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Backup Configuration]
Confirmed=X
Filename=IEXPLORER.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html" target="_blank">GAOBOT.AZ</a> WORM!
Source=Paul Collins Startup list
[Windows Ba■lang²τ Dosyas²]
Confirmed=X
Filename=sistem.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.muzk.irc.html" target="_blank">MUZK</a> WORM!
Source=Paul Collins Startup list
[Windows Communicator]
Confirmed=X
Filename=wincomm.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbh.html" target=_blank>AGOBOT-BH</a> WORM!
Source=Paul Collins Startup list
[Windows Compliant]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotir.html" target="_blank">RBOT-IR</a> WORM!
Source=Paul Collins Startup list
[Windows Config]
Confirmed=X
Filename=SSYS.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotda.html" target="_blank">SPYBOT-DA</a> WORM!
Source=Paul Collins Startup list
[Windows Config Loader]
Confirmed=X
Filename=Wincfg32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.silverftp.html" target="_blank">SILVERFTP</a> TROJAN!
Source=Paul Collins Startup list
[Windows Configuration]
Confirmed=X
Filename=wsys32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fb.html" target="_blank">GAOBOT.FB</a> WORM!
Source=Paul Collins Startup list
[Windows Control]
Confirmed=X
Filename=Control.exe
Description=Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcb.html" target=_blank>SPYBOT-CB</a> WORM!
Source=Paul Collins Startup list
[Windows Database]
Confirmed=X
Filename=WinDat.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Dcom2 Fix]
Confirmed=X
Filename=mscom32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqt.html" target=_blank>RBOT-QT</a> WORM!
Source=Paul Collins Startup list
[Windows debug logging]
Confirmed=X
Filename=winlogg.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoy.html" target=_blank>RBOT-OY</a> WORM!
Source=Paul Collins Startup list
[Windows debug logging]
Confirmed=X
Filename=winloggs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqn.html" target=_blank>RBOT-QN</a> WORM!
Source=Paul Collins Startup list
[Windows Debugger]
Confirmed=X
Filename=windbg.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=RUNDLL16.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html" target="_blank">DOMWIS</a> TROJAN!
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=defragfat32z.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.a.html" target=_blank>LINKBOT.A</a> WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=rundll32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32whipserb.html" target=_blank>WHIPSER-B</a> WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=defragfat32pi.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqq.html" target=_blank>RBOT-QQ</a> WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=defragfat39.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotc.html" target=_blank>POEBOT-C</a> WORM!
Source=Paul Collins Startup list
[Windows DLL Loader]
Confirmed=X
Filename=defragfatz.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html" target=_blank>LINKBOT.H</a> WORM!
Source=Paul Collins Startup list
[Windows DNS Daemon]
Confirmed=X
Filename=windnsd.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AS" target=_blank>WOOTBOT.AS</a> WORM!
Source=Paul Collins Startup list
[Windows Drive Compatibility]
Confirmed=X
Filename=System32Driver32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.supova.z@mm.html" target="_blank">SUPOVA.Z</a> WORM!
Source=Paul Collins Startup list
[Windows Driver Services]
Confirmed=X
Filename=msdrvs32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.L" target="_blank">WOOTBOT.L</a> WORM!
Source=Paul Collins Startup list
[Windows Explorer]
Confirmed=X
Filename=[filename].exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html" target="_blank">SDBOT</a> TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[Windows Explorer]
Confirmed=X
Filename=Lsas.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[Windows Explorer]
Confirmed=X
Filename=olecom32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Explorer]
Confirmed=X
Filename=EEXPLORER.EXE
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Explorer Shell]
Confirmed=X
Filename=Winexec32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.redist.b@mm.html" target="_blank">REDIST.B</a> WORM!
Source=Paul Collins Startup list
[Windows Explorer Update Build 1142]
Confirmed=X
Filename=EXPLORER32.EXE
Description=Added by the KaZaA based <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A" target="_blank"> KWBOT</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.y.worm.html" target="_blank"> KWBOT.Y</a> WORMS!
Source=Paul Collins Startup list
[Windows Explorer-3212]
Confirmed=X
Filename=WINRE16.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hardoc@mm.html" target="_blank">HARDOC</a> WORM!
Source=Paul Collins Startup list
[Windows Eyes]
Confirmed=N
Filename=??
Description=For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs
Source=Paul Collins Startup list
[Windows File Protection]
Confirmed=X
Filename=winprotect.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB" target=_blank>AGOBOT.JB</a> WORM!
Source=Paul Collins Startup list
[Windows Firewall Manager]
Confirmed=X
Filename=msfw.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WR" target=_blank>RBOT.WR</a> WORM!
Source=Paul Collins Startup list
[Windows Fix]
Confirmed=X
Filename=integator.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB" target=_blank>SDBOT.ZAB</a> WORM!
Source=Paul Collins Startup list
[Windows Graphics Loaders]
Confirmed=X
Filename=wingraphics.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JG" target=_blank>SPYBOT.JG</a> WORM!
Source=Paul Collins Startup list
[Windows Guardian]
Confirmed=U
Filename=thehel1iawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list
[Windows Guardian]
Confirmed=U
Filename=Fawgrd32.exe
Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Source=Paul Collins Startup list
[Windows Help File]
Confirmed=X
Filename=winhelper32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqk.html" target=_blank>SDBOT-QK</a> TROJAN!
Source=Paul Collins Startup list
[Windows Help Manager]
Confirmed=X
Filename=svchost32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoz.html" target=_blank>RBOT-OZ</a> WORM!
Source=Paul Collins Startup list
[Windows Help Service]
Confirmed=X
Filename=winhelpsv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlp.html" target="_blank">RBOT-LP</a> WORM!
Source=Paul Collins Startup list
[Windows Help System]
Confirmed=?
Filename=Help.pif
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Windows Host Device]
Confirmed=X
Filename=hostsvc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zootya.html" target="_blank">ZOOTY-A</a> WORM!
Source=Paul Collins Startup list
[Windows HTML file reader]
Confirmed=X
Filename=Sysconf32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOOMY.A" target="_blank">NOOMY.A</a> WORM!
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=WORM_WOOTBOT.AF" target="_blank">WOOTBOT.AF</a> WORM!
Source=Paul Collins Startup list
[Windows Load]
Confirmed=?
Filename=windows.com
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Windows Loader]
Confirmed=X
Filename=wstart32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ca.html" target="_blank">GAOBOT.CA</a> WORM!
Source=Paul Collins Startup list
[Windows Loader Service]
Confirmed=X
Filename=civsc.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Windows logging]
Confirmed=X
Filename=winlogd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboton.html" target=_blank>RBOT-ON</a> WORM!
Source=Paul Collins Startup list
[Windows Login]
Confirmed=X
Filename=explored.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list
[Windows Logon]
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotc.html" target=_blank>SPYBOT-C</a> TROJAN!
Source=Paul Collins Startup list
[Windows Logon Procedure]
Confirmed=X
Filename=Svchoste.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Management Instrumentation]
Confirmed=X
Filename=mwd.exe
Description=Added by the <a href="https://www.europe.f-secure.com/v-descs/graps.shtml" target="_blank">GRAPS</a> WORM!
Source=Paul Collins Startup list
[Windows Manager]
Confirmed=X
Filename=winmants.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mantas.html" target="_blank">MANTAS</a> WORM!
Source=Paul Collins Startup list
[Windows mangement]
Confirmed=X
Filename=winlogonn.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.fc.html" target="_blank">RANDEX.FC</a> WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Confirmed=X
Filename=wmediaplayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnq.html" target=_blank>AGOBOT-NQ</a> WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Confirmed=X
Filename=MediaPIayer.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotqo.html" target=_blank>SDBOT-QO</a> TROJAN! - note, the executable is called 'Mediap<font color="#FF0000">I</font>ayer', with an 'i' !)
Source=Paul Collins Startup list
[Windows Media Player]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Media Player]
Confirmed=X
Filename=msa.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsi.html" target=_blank>RBOT-SI</a> WORM!
Source=Paul Collins Startup list
[Windows Media Player Update]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotet.html" target=_blank>RBOT-ET</a> WORM!
Source=Paul Collins Startup list
[Windows Media Powerpoint Helper]
Confirmed=N
Filename=NSPPTHLP.EXE
Description=German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
Source=Paul Collins Startup list
[Windows media service]
Confirmed=X
Filename=crvss.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP" target="_blank">SDBOT.VP</a> WORM!
Source=Paul Collins Startup list
[Windows media service]
Confirmed=X
Filename=crsss.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?id=67015&VName=WORM_RBOT.ACY&VSect=T" target=_blank>RBOT.ACY</a> WORM!
Source=Paul Collins Startup list
[Windows media services]
Confirmed=X
Filename=cvrsss.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmw.html" target=_blank>RBOT-MW</a> WORM!
Source=Paul Collins Startup list
[Windows Media SP.2.37]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html" target="_blank">LEMIR.C</a> TROJAN!
Source=Paul Collins Startup list
[Windows MeTaLRoCk service]
Confirmed=X
Filename=metalrock.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.tastyred.html" target="_blank">TASTYRED</a> TROJAN!
Source=Paul Collins Startup list
[Windows Monitor]
Confirmed=X
Filename=winmon.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.VB" target="_blank">SDBOT.VB</a> WORM!
Source=Paul Collins Startup list
[Windows Monitoring Service]
Confirmed=X
Filename=winmon.exe
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Nets]
Confirmed=X
Filename=WinNET.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmo.html" target=_blank>RBOT-MO</a> WORM!
Source=Paul Collins Startup list
[Windows Network Controller]
Confirmed=X
Filename=Mqguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcl.html" target=_blank>FORBOT-CL</a> WORM!
Source=Paul Collins Startup list
[Windows Network Service]
Confirmed=X
Filename=winvc32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RY" target=_blank>RBOT.RY</a> WORM!
Source=Paul Collins Startup list
[Windows Networking]
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fl.html" target="_blank">GAOBOT.FL</a> WORM!
Source=Paul Collins Startup list
[Windows Nivedia Driver]
Confirmed=X
Filename=sysMGT.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Windows NNT]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html" target="_blank">RANKY.E</a> TROJAN!
Source=Paul Collins Startup list
[Windows NT 32]
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.randex.brd.html" target=_blank>RANDEX.BRD</a> WORM!
Source=Paul Collins Startup list
[Windows NT Login]
Confirmed=X
Filename=ntlogin32.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.WG" target="_blank">SDBOT.WG</a> WORM!
Source=Paul Collins Startup list
[Windows NT Service Name]
Confirmed=X
Filename=winshock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpk.html" target=_blank>RBOT-PK</a> WORM!
Source=Paul Collins Startup list
[Windows NT Update Manager]
Confirmed=X
Filename=WINL0G0N.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnu.html" target=_blank>AGOBOT-NU</a> WORM! Note that those are zeroes in the filename and not capital "o"
Source=Paul Collins Startup list
[Windows OEM Tools]
Confirmed=X
Filename=winres32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65276&VName=WORM_SPYBOT.FD&VSect=T" target="_blank">SPYBOT.FD</a> WORM!
Source=Paul Collins Startup list
[Windows OLE Automation Server]
Confirmed=X
Filename=ole32aut.vbe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related browser hijacker
Source=Paul Collins Startup list
[Windows Print Spooler]
Confirmed=?
Filename=SCVHOSTS.EXE
Description=Suspicious due to the similarity to the valid "svchost.exe" file
Source=Paul Collins Startup list
[Windows Print Spooler]
Confirmed=X
Filename=NavAgent32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Print Spooler]
Confirmed=X
Filename=SVEHOST.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.H" target="_blank">SPYBOT.H</a> WORM!
Source=Paul Collins Startup list
[Windows Registry]
Confirmed=X
Filename=msnmsg.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Registry Cleaner]
Confirmed=X
Filename=winclean.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Registry Express Loader]
Confirmed=X
Filename=regexpress.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcj.html" target=_blank>FORBOT-CJ</a> WORM!
Source=Paul Collins Startup list
[Windows Registry Scan]
Confirmed=X
Filename=regscan32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KE&Vsect=T" target="_blank">RBOT.KE</a> WORM!
Source=Paul Collins Startup list
[Windows Registry Scan]
Confirmed=X
Filename=timeupdate.exe
Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
Source=Paul Collins Startup list
[Windows Registry Security]
Confirmed=X
Filename=crss.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html" target=_blank>IRC.BOT</a> TROJAN!
Source=Paul Collins Startup list
[Windows Registry Startup]
Confirmed=X
Filename=wind32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbz.html" target="_blank">AGOBOT-BZ</a> WORM!
Source=Paul Collins Startup list
[Windows report]
Confirmed=X
Filename=swchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallbd.html" target=_blank>SMALL-BD</a> TROJAN!
Source=Paul Collins Startup list
[Windows Runtime Help]
Confirmed=X
Filename=win32hlp.exe
Description=Added by a variant of the <a href="http://www.pestpatrol.com/pestinfo/a/aimvision.asp" target="_blank">AIMVISION</a> TROJAN!
Source=Paul Collins Startup list
[Windows Runtime Help]
Confirmed=X
Filename=WinRunHelp.wrh
Description=Added by a variant of the <a href="http://www.pestpatrol.com/pestinfo/a/aimvision.asp" target="_blank">AIMVISION</a> TROJAN!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqw.html" target=_blank>RBOT-QW</a> WORM!
Source=Paul Collins Startup list
[Windows Service Host]
Confirmed=X
Filename=scvhost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.n.html" target="_blank">SDBOT.N</a> TROJAN!
Source=Paul Collins Startup list
[Windows Service Host]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.b@mm.html" target="_blank">CONE.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Services]
Confirmed=X
Filename=service.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.r.html" target="_blank">RANDEX.R</a> WORM!
Source=Paul Collins Startup list
[Windows Services]
Confirmed=X
Filename=svchosts.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkl.html" target=_blank>AGOBOT-KL</a> TROJAN!
Source=Paul Collins Startup list
[Windows Services Host]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone@mm.html" target="_blank">CONE</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.e@mm.html" target="_blank">CONE.E</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Windows Services Update]
Confirmed=X
Filename=svch0st.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.k.worm.html" target="_blank">BLASTER.K</a> WORM!
Source=Paul Collins Startup list
[Windows Smart Manager]
Confirmed=X
Filename=smart.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsl.html" target=_blank>RBOT-SL</a> WORM!
Source=Paul Collins Startup list
[Windows Sound Driver]
Confirmed=X
Filename=SndMon32.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Sound Manager]
Confirmed=X
Filename=SndMon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbu.html" target=_blank>FORBOT-BU</a> WORM!
Source=Paul Collins Startup list
[Windows SP2 Update]
Confirmed=X
Filename=Sp2update.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.BS" target=_blank>WOOTBOT.BS</a> WORM!
Source=Paul Collins Startup list
[Windows Spooler]
Confirmed=X
Filename=SPOOLSRV.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.P" target="_blank">SPYBOT.P</a> WORM!
Source=Paul Collins Startup list
[Windows SSL File]
Confirmed=X
Filename=winssv.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.CA" target=_blank>WOOTBOT.CA</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html" target="_blank">GAOBOT.AO</a> WORM!
Source=Paul Collins Startup list
[Windows Startup]
Confirmed=X
Filename=services21.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmx.html" target="_blank">AGOBOT-MX</a> WORM!
Source=Paul Collins Startup list
[Windows Startup 32 Bits]
Confirmed=X
Filename=sysrun32.exe
Description=Added by a variant of the DARKSUN TROJAN!
Source=Paul Collins Startup list
[Windows Streams Server]
Confirmed=X
Filename=localsrv.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60777&VName=WORM_SDBOT.LN" target=_blank>SDBOT.LN</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwisdoork.html" target="_blank">WISDOOR.Z</a> TROJAN!
Source=Paul Collins Startup list
[Windows System Manager]
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotan.html" target="_blank">RBOT-AN</a> WORM!
Source=Paul Collins Startup list
[Windows System Manager Proc]
Confirmed=X
Filename=winsmc.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH" target=_blank>RBOT.JH</a> WORM!
Source=Paul Collins Startup list
[Windows System Restore Configuration]
Confirmed=X
Filename=Sblhost.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows System Restorer]
Confirmed=X
Filename=SystemRestorer.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list
[Windows System Security]
Confirmed=X
Filename=winmp.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.IV" target=_blank>RBOT.IV</a> WORM!
Source=Paul Collins Startup list
[Windows System Serivce]
Confirmed=X
Filename=winserv.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[windows system service]
Confirmed=X
Filename=winsock.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmr.html" target=_blank>RBOT-MR</a> WORM!
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Windows Task Manager]
Confirmed=X
Filename=ACCOUNT_DETAILS.DOC.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html" target="_blank">QUATERS.A</a> WORM!
Source=Paul Collins Startup list
[Windows Task Manager]
Confirmed=X
Filename=taskmgn.exe
Description=Unidentified malware, either a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>WIN32.RBOT</a> WORM, or part of a Casino Palazzo foistware install
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32protorideh.html" target=_blank>PROTORIDE-H</a> WORM!
Source=Paul Collins Startup list
[Windows Taskbar Manager]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html" target=_blank>PROTORIDE.B</a> WORM!
Source=Paul Collins Startup list
[Windows Taskbar System]
Confirmed=X
Filename=tasksys.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[Windows TCP/IP]
Confirmed=X
Filename=wintcp.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzh.html" target=_blank>AGOBOT-ZH</a> WORM!
Source=Paul Collins Startup list
[Windows Telnet Server]
Confirmed=X
Filename=wintel.exe
Description=Added by the <a href="http://sophos.com/virusinfo/analyses/w32agobotmw.html" target="_blank">AGOBOT-MW</a> WORM!
Source=Paul Collins Startup list
[Windows Time Server]
Confirmed=X
Filename=TimeSRV.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnc.html" target="_blank">SPYBOT.DNC</a> WORM!
Source=Paul Collins Startup list
[Windows Upate]
Confirmed=X
Filename=rundll.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.hako.html" target=_blank>HAKO</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html" target="_blank"> NORIO</a> TROJAN! Acts as a hi-jacker redirecting to adult content sites
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=iexplorere.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ap.html" target="_blank">GAOBOT.AP</a> WORM!
Source=Paul Collins Startup list
[windows update]
Confirmed=X
Filename=uddater.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.leox.html" target="_blank">LEOX</a> TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=wudate.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ML" target=_blank>AGOBOT.ML</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.leox.b.html" target="_blank">LEOX.B</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=Wuamgrd.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=inetinf.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=host32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgu.html" target=_blank>RBOT-GU</a> WORM!
Source=Paul Collins Startup list
[windows update]
Confirmed=X
Filename=wuraclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!
Source=Paul Collins Startup list
[windows update]
Confirmed=X
Filename=Wuanclt.exe
Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.XZ" target=_blank>RBOT.XZ</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=ebay.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.buu.html" target=_blank>GAOBOT.BUU</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=windows.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrb.html" target=_blank>RBOT-RB</a> WORM!
Source=Paul Collins Startup list
[windows update]
Confirmed=X
Filename=wuaurlt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADG&VSect=T" target=_blank>RBOT.ADG</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=Update.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelffn.html" target=_blank>DELF-FN</a> TROJAN!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=winmguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotem.html" target=_blank>RBOT-EM</a> WORM!
Source=Paul Collins Startup list
[Windows Update]
Confirmed=X
Filename=wuampd.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UM" target=_blank>RBOT.UM</a> WORM!
Source=Paul Collins Startup list
[windows update]
Confirmed=X
Filename=wuarclt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotof.html" target=_blank>RBOT-OF</a> WORM!
Source=Paul Collins Startup list
[Windows Update AutoUpdate Client Product]
Confirmed=X
Filename=wuauct.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66904&VName=WORM_AGOBOT.ACL&VSect=O" target=_blank>AGOBOT.ACL</a> WORM!
Source=Paul Collins Startup list
[Windows Update Checker]
Confirmed=X
Filename=[random filename]
Description=Adware downloader trojan
Source=Paul Collins Startup list
[Windows Update Client]
Confirmed=X
Filename=wuclient.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
Source=Paul Collins Startup list
[Windows Update Client Service]
Confirmed=X
Filename=windrvl32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmm.html" target=_blank>AGOBOT-MM</a> TROJAN!
Source=Paul Collins Startup list
[Windows update config]
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpf.html" target="_blank">SDBOT-PF</a> WORM!
Source=Paul Collins Startup list
[windows update configurator]
Confirmed=X
Filename=svghost.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Update Files]
Confirmed=X
Filename=dnetc.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update
Source=Paul Collins Startup list
[Windows Update Manager]
Confirmed=X
Filename=wupdmngr.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.randex.btb.html" target=_blank>RANDEX.BTB</a> WORM!
Source=Paul Collins Startup list
[Windows Update Manager]
Confirmed=X
Filename=Winlog0n.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbo.html" target=_blank>AGENT-BO</a> TROJAN!
Source=Paul Collins Startup list
[Windows Update Manager for NT]
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ah.html" target=_blank>SDBOT.AH</a> WORM!
Source=Paul Collins Startup list
[Windows Update Monitoring Service]
Confirmed=X
Filename=winupdt.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpl.html" target=_blank>RBOT-PL</a> WORM!
Source=Paul Collins Startup list
[Windows Update Process]
Confirmed=X
Filename=wmiprvsc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcb.html" target="_blank">SDBOT-CB</a> WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Confirmed=X
Filename=csrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotni.html" target="_blank">AGOBOT-NI</a> WORM!
Source=Paul Collins Startup list
[Windows Update Service]
Confirmed=X
Filename=smcg.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.QY" target="_blank">SDBOT.QY</a> WORM!
Source=Paul Collins Startup list
[Windows Update Service 2004/2005]
Confirmed=X
Filename=systemupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotje.html" target="_blank">RBOT-JE</a> WORM!
Source=Paul Collins Startup list
[Windows Update V6]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkt.html" target="_blank">RBOT-KT</a> WORM!
Source=Paul Collins Startup list
[Windows Update.exe]
Confirmed=X
Filename=N/A
Description=Homepage hijacker, see <a href="http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3eafe1342019ffff;act=ST;f=32;t=2924;hl=new" target="_blank">here</a>
Source=Paul Collins Startup list
[Windows Updater]
Confirmed=X
Filename=wupdmgr32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/avcenter/venc/data/dos.autocat.html" target="_blank">DOS.AUTOCAT</a> TROJAN!
Source=Paul Collins Startup list
[Windows Version Check]
Confirmed=N
Filename=ver_chk.exe
Description=Version checker for <a href="http://www.cyberaudiolibrary.com/" target="_blank">CyberAudioLibrary</a> ("A new way to exchange information through the Internet")
Source=Paul Collins Startup list
[Windows video]
Confirmed=X
Filename=vide_32.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
Source=Paul Collins Startup list
[Windows Video Acquisition (WVA)]
Confirmed=X
Filename=wvsvc.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59309&VName=WORM_AGOBOT.YM" target="_blank">AGOBOT.YM</a> WORM!
Source=Paul Collins Startup list
[Windows Video Drivers]
Confirmed=X
Filename=videons32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.azt.html" target="_blank">GAOBOT.AZT</a> WORM!
Source=Paul Collins Startup list
[Windows-System]
Confirmed=X
Filename=System32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.logpole.c.html" target="_blank">LOGPOLE.C</a> WORM!
Source=Paul Collins Startup list
[Windows-TCP-IP]
Confirmed=X
Filename=rfkampig.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html" target="_blank">GIPMA</a> TROJAN!
Source=Paul Collins Startup list
[Windows32]
Confirmed=X
Filename=rundll.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlk.html" target=_blank>AGOBOT-LK</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target=_blank>AGOBOT-ND</a> WORMS!
Source=Paul Collins Startup list
[WindowsAgent]
Confirmed=X
Filename=WindowsAgent.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.gop.g@mm.html" target="_blank">GOP.G</a> WORM!
Source=Paul Collins Startup list
[WindowsAPI.DLL]
Confirmed=X
Filename=Server5.exe
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/f/fear_and_hope.asp" target="_blank">"Fear and Hope"</a> TROJAN!
Source=Paul Collins Startup list
[WindowsCriticalUpdate]
Confirmed=X
Filename=windows_critical_update.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS!
Source=Paul Collins Startup list
[WindowsKeyUpdate]
Confirmed=X
Filename=master.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.josam.worm.html" target="_blank">JOSAM</a> WORM!
Source=Paul Collins Startup list
[WindowsMGM]
Confirmed=X
Filename=Winmgm32.exe
Description=Added by the <a href="http://vil.mcafee.com/dispVirus.asp?virus_k=99950" target="_blank">SOBIG</a> WORM and <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.c.html" target="_blank">LALA.C</a> TROJAN!
Source=Paul Collins Startup list
[WindowsReg% update]
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothh.html" target=_blank>RBOT-HH</a> WORM!
Source=Paul Collins Startup list
[WindowsRegistration]
Confirmed=X
Filename=[random filename]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotno.html" target=_blank>RBOT-NO</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey Autoupdate]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey upd4te2d4te]
Confirmed=X
Filename=*********.exe [* = random char]
Description=Added by the <a href="http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ" target=_blank>RBOT.XQ</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey update]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqj.html" target=_blank>RBOT-QJ</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey%$ update]
Confirmed=X
Filename=msi332.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotix.html" target="_blank">RBOT-IX</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKey%update]
Confirmed=X
Filename=ethernet32m.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboten.html" target=_blank>RBOT-EN</a> WORM!
Source=Paul Collins Startup list
[WindowsRegKeys update]
Confirmed=X
Filename=winsysi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WE" target="_blank">SDBOT.WE</a> WORM!
Source=Paul Collins Startup list
[WindowsSetup]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html" target="_blank">EZBOT</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.lofni.worm.html" target="_blank">LOFNI</a> WORM!
Source=Paul Collins Startup list
[WindowsUpdate]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html" target="_blank">ASTEF</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repsan.html" target="_blank">RESPAN</a> WORMS or <a href="http://www.sophos.com/virusinfo/analyses/trojagentv.html" target="_blank">AGENT-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[windowsupdate]
Confirmed=X
Filename=RPCX1sQ3.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.b.html" target="_blank">IRCBOT.B</a> TROJAN!
Source=Paul Collins Startup list
[WindowsUpdate]
Confirmed=X
Filename=USRINIT.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.maddis.b.html" target="_blank">MADDIS.B</a> WORM!
Source=Paul Collins Startup list
[WindowsUpdate Service]
Confirmed=X
Filename=wuautlc.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnr.html" target=_blank>RBOT-NR</a> WORM!
Source=Paul Collins Startup list
[WindowsXP Module]
Confirmed=X
Filename=DirectX3D.exe
Description=Malware, reportedly a keylogger - see <a href="http://www.anti-spy.info/process/directx3d.exe.html" target=_blank>here</a>
Source=Paul Collins Startup list
[WindowsXP Update]
Confirmed=X
Filename=windowsxpupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpb.html" target=_blank>RBOT-PB</a> WORM!
Source=Paul Collins Startup list
[Windows_Serivce]
Confirmed=X
Filename=SERVICE.exe
Description=Added by the <a href="http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AH" target="_blank">WOOTBOT.AH</a> WORM!
Source=Paul Collins Startup list
[Windows_Updates]
Confirmed=X
Filename=svthost.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Windows_VXD]
Confirmed=X
Filename=user32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.pport.html" target="_blank">PWSTEAL.PPORT</a> TROJAN!
Source=Paul Collins Startup list
[Windowz Update V2.0]
Confirmed=X
Filename=Explorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodo.html" target="_blank">YODO</a> WORM! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in the System32 sub-directory
Source=Paul Collins Startup list
[WinDriv32]
Confirmed=X
Filename=WinDriv32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallba.html" target=_blank>SMALL-BA</a> TROJAN!
Source=Paul Collins Startup list
[WinDriver Configuration]
Confirmed=X
Filename=windrvconf.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlx.html" target=_blank>AGOBOT-LX</a> TROJAN!
Source=Paul Collins Startup list
[windrv]
Confirmed=X
Filename=windrv32.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET
Source=Paul Collins Startup list
[WinDrv]
Confirmed=X
Filename=windrvx.exe
Description=Added by a variant of the TIBSER.A downloader TROJAN!
Source=Paul Collins Startup list
[WinDSL MTU-Adjust]
Confirmed=U
Filename=WinDSL_MTU.exe
Description=Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung
Source=Paul Collins Startup list
[WinDSL_MTU]
Confirmed=?
Filename=WinDSL_MTU.exe
Description=<font color="#FF0000">May be realted to Tiscali broadband, if so is it required?</font>
Source=Paul Collins Startup list
[WinDSNX]
Confirmed=X
Filename=Win????.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.dsnx.html" target="_blank">DNSX</a> TROJAN!
Source=Paul Collins Startup list
[WindUpdates]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF" target="_blank">AGENT.BF</a> TROJAN!
Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with CreativeÆs sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
Source=Paul Collins Startup list
[WinDVR SchSvr]
Confirmed=N
Filename=SchSvr.exe
Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
Source=Paul Collins Startup list
[WinDVRCtrl]
Confirmed=N
Filename=WinDVRCtrl.exe
Description=Control center software for an AOpen VA1000 TV tuner card
Source=Paul Collins Startup list
[Windws Configuration Loader]
Confirmed=X
Filename=LEXPLORE.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sodabot.html" target="_blank">SODABOT</a> WORM!
Description=Loads default settings for Leadtek Winfast graphics cards
Source=Paul Collins Startup list
[Winfast_2K]
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Description=Loads default settings for Leadtek WinFast graphics cards
Source=Paul Collins Startup list
[WinFavorites]
Confirmed=X
Filename=WinFavorites.exe1
Description=Loudmarketing.com adware downloader
Source=Paul Collins Startup list
[WinFax PRO Controller]
Confirmed=N
Filename=WFXCTL32.EXE
Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
Source=Paul Collins Startup list
[WinFaxAppPortStarter]
Confirmed=Y
Filename=wfxsnt40.exe
Description=WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.
Source=Paul Collins Startup list
[winfont]
Confirmed=X
Filename=winfont.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.death.html" target="_blank">DEATH</a> TROJAN!
Source=Paul Collins Startup list
[WinFoxV2]
Confirmed=U
Filename=WF2k.exe
Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
Source=Paul Collins Startup list
[WinFX]
Confirmed=X
Filename=cssrs.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
Source=Paul Collins Startup list
[WinGate]
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[WinGate Engine Monitor]
Confirmed=U
Filename=wgengmon.exe
Description=WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server
Source=Paul Collins Startup list
[WinGate initialize]
Confirmed=X
Filename=WinGate.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[wingo]
Confirmed=X
Filename=wingo.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.beagle.aw@mm.html" target=_blank>BEAGLE.AW</a> or <a href="http://www.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html" target=_blank>BEAGLE.AV</a> WORMS!
Source=Paul Collins Startup list
[wingo]
Confirmed=X
Filename=[various filenames]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagleau.html" target=_blank>BAGLE-AU</a> WORM!
Source=Paul Collins Startup list
[WinGuage Pro]
Confirmed=N
Filename=WGPRO32.EXE
Description=Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
Description=Tweaking utility by <a href="http://www.winhacker.com/" target="_blank">Wedge Software</a>. There are far better tweakers and, unlike WinHacker, most are free
Source=Paul Collins Startup list
[Winhelp]
Confirmed=X
Filename=winhe1p.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html" target="_blank">QQPASS.E</a> TROJAN!
Source=Paul Collins Startup list
[WinHelp]
Confirmed=X
Filename=WinHelp.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM! Note - "winhelp.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "winhelp.exe" resides in C:\Windows or C:\Winnt
Source=Paul Collins Startup list
[WinHelp]
Confirmed=X
Filename=realsched.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Source=Paul Collins Startup list
[Winhelp]
Confirmed=X
Filename=TkBellExe.exe...
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html" target="_blank">LOVGATE</a> WORM!
Source=Paul Collins Startup list
[winhlp3.exe]
Confirmed=X
Filename=winhlp3.exe
Description=Added by a variant of the <a href="http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp" target=_blank>EASTO.A</a> TROJAN!
Source=Paul Collins Startup list
[Winhlp32]
Confirmed=X
Filename=Wscript.exe ..Msexec32.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GANT.B" target="_blank">GANT.B</a> WORM!
Source=Paul Collins Startup list
[winhlp32.exe]
Confirmed=X
Filename=winhlp32.exe
Description=Added by a variant of the <a href="http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp" target=_blank>EASTO.A</a> TROJAN!
Source=Paul Collins Startup list
[winhlpp32.exe]
Confirmed=X
Filename=winhlpp32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html" target="_blank">GAOBOT.SY</a> WORM!
Source=Paul Collins Startup list
[Winhost]
Confirmed=X
Filename=wintt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.B" target="_blank">LOLAWEB.B</a> TROJAN!
Source=Paul Collins Startup list
[Winhost]
Confirmed=X
Filename=win.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderap.html" target="_blank">DLOADER-AP</a> TROJAN!
Source=Paul Collins Startup list
[winhost32.exe]
Confirmed=X
Filename=winhost32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tabdim.html" target=_blank>TABDIM</a> TROJAN!
Source=Paul Collins Startup list
[wininet32]
Confirmed=X
Filename=wininet32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojraznewa.html" target="_blank">RAZNEW-A</a> TROJAN!
Source=Paul Collins Startup list
[wininetd]
Confirmed=X
Filename=wininetd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winet.html" target="_blank">WINET</a> TROJAN!
Source=Paul Collins Startup list
[wininit]
Confirmed=X
Filename=wininit.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.wollf.16.html" target="_blank">WOLLF.16</a> TROJAN!
Source=Paul Collins Startup list
[Wink*.exe]
Confirmed=X
Filename=Wink*.exe [* = random char]
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html" target="_blank">KLEZ</a> WORM!
Source=Paul Collins Startup list
[Winkb6]
Confirmed=U
Filename=winkb6.exe
Description=Part of <a href="http://www.we-blocker.com/">We-Blocker</a>, works in tandem with <a href="http://www.vtoy.fi/jv16/shtml/powertools.shtml#SYSWB6">syswb6</a>. Both files are needed to run WeBlocker. Required if We-Blocker is installed
Source=Paul Collins Startup list
[WinKernel]
Confirmed=X
Filename=WinKer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mirab.html" target="_blank">MIRAB</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SERVIDOR.C" target="_blank">SERVIDOR</a> TROJANS!
Source=Paul Collins Startup list
[WinKernel]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html" target="_blank">PLEA</a> VIRUS!
Source=Paul Collins Startup list
[winkernel32]
Confirmed=X
Filename=wWin32.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.bansap.html" target="_blank">BANSAP</a> TROJAN!
Source=Paul Collins Startup list
[WinKey]
Confirmed=U
Filename=winkey.exe
Description=Loads <a href="http://www.copernic.com/winkey/" target="_blank">Copernic's WinKey</a>. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
Source=Paul Collins Startup list
[winlibs.exe]
Confirmed=X
Filename=winlibs.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.evaman.c@mm.html" target="_blank">EVAMAN.C</a> WORM!
Source=Paul Collins Startup list
[WinLibUpdate]
Confirmed=X
Filename=libupdate.exe
Description=Added by the BIONET series of TROJANS such as <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.31" target="_blank">BIONET.31</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.310" target="_blank">BIONET.310</a>
Source=Paul Collins Startup list
[WinLibUpdate32]
Confirmed=X
Filename=libupdate32.exe
Description=Added by the BIONET.405 TROJAN!
Source=Paul Collins Startup list
[WinLibUpdte]
Confirmed=X
Filename=libupdte.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN!
Source=Paul Collins Startup list
[Winlink]
Confirmed=X
Filename=winlink32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aay.html" target="_blank">GAOBOT.AAY</a> WORM!
Source=Paul Collins Startup list
[Winlme]
Confirmed=X
Filename=windll.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOP.F" target="_blank">GOP.F</a> WORM!
Source=Paul Collins Startup list
[WinLoader]
Confirmed=X
Filename=[random filename]
Description=Added by variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B" target="_blank"> SUBSEVEN</a> TROJAN!
Source=Paul Collins Startup list
[winlocatorupdate]
Confirmed=X
Filename=updatewinlocator.exe
Description=Locator adult content toolbar related
Source=Paul Collins Startup list
[WinLogin]
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotix.html" target=_blank>AGOBOT-IX</a> WORM!
Source=Paul Collins Startup list
[Winlogin.exe]
Confirmed=X
Filename=log.exe
Description=Added by a variant of the AGENT.AH downloader TROJAN!
Source=Paul Collins Startup list
[winlogin.exe]
Confirmed=X
Filename=logfile.exe
Description=Added by the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[winlogin.exe]
Confirmed=X
Filename=mspaint.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[Winlogin.exe]
Confirmed=X
Filename=steam.exe
Description=Added by a variant of the AGENT.AH TROJAN!
Source=Paul Collins Startup list
[winlogon]
Confirmed=Y
Filename=winlogon.exe
Description=Windows Logon Process - handles user logons described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">here</a>
Source=Paul Collins Startup list
[winlogon]
Confirmed=X
Filename=winlogon.exe
Description=Hijacker or adult content dialler - file is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate Windows Logon (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a>) process
Source=Paul Collins Startup list
[winlogon]
Confirmed=X
Filename=winlogin.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html" target=_blank>RANDEX.E</a> WORM!
Source=Paul Collins Startup list
[winlogon]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trodal.html" target="_blank">TRODAL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup! File is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory
Source=Paul Collins Startup list
[winlogon]
Confirmed=X
Filename=msreg32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_SDBOT.EO" target=_blank>SDBOT.EO</a> WORM!
Source=Paul Collins Startup list
[winlogon service]
Confirmed=X
Filename=urx.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EN" target=_blank>SPYBOT.EN</a> WORM!
Source=Paul Collins Startup list
[Winlogon.exe]
Confirmed=X
Filename=N/A
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related - resets home page to an adult material site
Source=Paul Collins Startup list
[WinLsass]
Confirmed=X
Filename=servicec.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.scane.html" target="_blank">SCANE</a> WORM!
Source=Paul Collins Startup list
[WinLsass]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.scane.html" target="_blank">SCANE</a> WORM!
Source=Paul Collins Startup list
[winltmpv]
Confirmed=X
Filename=winln.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
Source=Paul Collins Startup list
[winltmpv]
Confirmed=X
Filename=wutop.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
Source=Paul Collins Startup list
[Winmain]
Confirmed=X
Filename=winmain.exe
Description=One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. BOClean's <a href="http://www.nsclean.com/freebies.html" target="_blank"> HTA Stop</a> offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
Source=Paul Collins Startup list
[WinManager]
Confirmed=?
Filename=schost.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[winmatrix.exe]
Confirmed=U
Filename=WinMatrixXP.exe
Description=<a href="http://www.emotionrays.com/wmxp.php4" target="_blank">WinMatrix XP</a> - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
Source=Paul Collins Startup list
[WinMem]
Confirmed=U
Filename=WinMem.exe
Description=WinMem Cleaner - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Makes more memory available for your programs and the Operating System. It also defragments your system
Source=Paul Collins Startup list
[WinMenssage]
Confirmed=X
Filename=winmax.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html" target="_blank">BANCOS.B</a> TROJAN!
Source=Paul Collins Startup list
[WinMgmt]
Confirmed=N
Filename=WinMgmt.exe
Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/groups?q=PCHealth%2Bpchschd.exe&hl=en&selm=eeuEENQ6AHA.1484%40tkmsftngp03&rnum=1" target="_blank">here</a>
Source=Paul Collins Startup list
[WinMgr32]
Confirmed=X
Filename=winmgr32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.p@mm.html" target="_blank">MIMAIL.P</a> WORM!
Source=Paul Collins Startup list
[WinMine]
Confirmed=X
Filename=D4NG3.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list
[winmodem]
Confirmed=Y
Filename=wmexe.exe
Description=Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list
[WinMsrv32]
Confirmed=X
Filename=WinMsrv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html" target="_blank">GAOBOT.AFJ</a> WORM!
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list
[Winnov Menu]
Confirmed=?
Filename=WnvMenu.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[Winnov Remote]
Confirmed=?
Filename=WnvRsvr.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[Winnov Status]
Confirmed=?
Filename=WvStatus.Exe
Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
Source=Paul Collins Startup list
[WinNtBB]
Confirmed=X
Filename=WinntBB.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list
[Winnup]
Confirmed=X
Filename=win32nls.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[winocx32]
Confirmed=X
Filename=winocx32.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39755" target=_blank>PROTORIDE.I</a> WORM!
Source=Paul Collins Startup list
[Winpack]
Confirmed=X
Filename=winpack.exe
Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as Trojan-Downloader.Win32.Agent.gg
Source=Paul Collins Startup list
[WinPatrol]
Confirmed=U
Filename=WinPatrol.exe
Description=<a href="http://www.winpatrol.com/" target="_blank">WinPatrol</a> - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"
Source=Paul Collins Startup list
[winphonics7536]
Confirmed=X
Filename=vbsystem35.exe setups.exe vb.vb
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
Source=Paul Collins Startup list
[winpipe]
Confirmed=X
Filename=winpipe.exe
Description=Browser hijacker redirecting to wow-access.com
Source=Paul Collins Startup list
[WinPoet]
Confirmed=Y
Filename=WinPPPoverEthernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/products/winpoet/index.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list
[WinPopup]
Confirmed=N
Filename=WINPOPUP.EXE
Description=Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup
Source=Paul Collins Startup list
[winpopup]
Confirmed=X
Filename=winupie.exe
Description=Adware by Tradeexit.com
Source=Paul Collins Startup list
[WinProfile]
Confirmed=X
Filename=Command.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
Source=Paul Collins Startup list
[WinProfile]
Confirmed=X
Filename=sndcfg16.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39771" target="_blank">SNDC.A</a> WORM!
Source=Paul Collins Startup list
[WinProt]
Confirmed=X
Filename=Winprot.exe
Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
Source=Paul Collins Startup list
[WinProt]
Confirmed=X
Filename=server.exe
Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
Source=Paul Collins Startup list
[winprotect]
Confirmed=X
Filename=win32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.e@mm.html" target=_blank>MUGLY.E</a> WORM!
Source=Paul Collins Startup list
[WinProxy]
Confirmed=U
Filename=WinProxy.EXE
Description="<a href="http://www.winproxy.net/" target="_blank">WinProxy</a> is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"
Source=Paul Collins Startup list
[winpsd]
Confirmed=X
Filename=winpsd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.q@mm.html" target="_blank">MYDOOM.Q</a> WORM!
Source=Paul Collins Startup list
[winrar]
Confirmed=X
Filename=winrar.exe
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a> and it's located in C:\Winnt or C:\Windows
Source=Paul Collins Startup list
[winrarshell]
Confirmed=X
Filename=winrarshell32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.salira.html" target="_blank">SALIRA</a> TROJAN!
Source=Paul Collins Startup list
[winReg]
Confirmed=X
Filename=winReg.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html" target="_blank">YAHA.H</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.j@mm.html" target="_blank">YAHA.J</a> WORMS!
Source=Paul Collins Startup list
[winregsrv]
Confirmed=X
Filename=winregsrv.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.synrg.html" target="_blank">SYNRG</a> TROJAN!
Source=Paul Collins Startup list
[Winres32vis]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A" target="_blank">THRAX.A</a> WORM!
Source=Paul Collins Startup list
[winroute]
Confirmed=N
Filename=winroute.exe
Description=Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
Source=Paul Collins Startup list
[winrun]
Confirmed=X
Filename=msconfig.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html" target="_blank">WINUR.A</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
Source=Paul Collins Startup list
[winrun]
Confirmed=X
Filename=winrun.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list
[WinRunners]
Confirmed=X
Filename=WinDrivers.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
Source=Paul Collins Startup list
[WinSec]
Confirmed=X
Filename=winsec16.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF" target=_blank>AGOBOT.ZF</a> WORM!
Source=Paul Collins Startup list
[winsecure]
Confirmed=X
Filename=winsecure.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list
[WinSecured32]
Confirmed=X
Filename=ssmr.exe
Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
Source=Paul Collins Startup list
[winserver]
Confirmed=X
Filename=Server.txt.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
Source=Paul Collins Startup list
[WinService32]
Confirmed=U
Filename=ssmgr.exe
Description=<a href="http://www.e-spy-software.com/" target="_blank">007 Spy Software</a> - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"
Source=Paul Collins Startup list
[WinServices]
Confirmed=X
Filename=WinServices.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html" target="_blank">YAHA.K</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.m@mm.html" target="_blank">YAHA.M</a> WORMS!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html" target="_blank">BISCUIT.A</a> WORM!
Source=Paul Collins Startup list
[Winshoe]
Confirmed=?
Filename=wuadfdqr.exe
Description=<font color="#FF0000">Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed</font>
Description=<a href="http://www.doxdesk.com/parasite/Winshow.html" target="_blank">Winshow</a> parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version
Source=Paul Collins Startup list
[WinSig]
Confirmed=X
Filename=NetXP.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfn.html" target=_blank>BANKER-FN</a> TROJAN!
Source=Paul Collins Startup list
[winsock]
Confirmed=X
Filename=svch0st.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sagea.html" target=_blank>SAGE-A</a> WORM!
Source=Paul Collins Startup list
[winsock2]
Confirmed=X
Filename=netsvr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LY&VSect=T" target=_blank>AGOBOT.LY</a> WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=SDJOIJE.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dr.html" target="_blank">SPYBOT.DR</a> TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=MIRC32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.spybuzz.html" target="_blank">SPYBUZZ</a> TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=kgzgjkpcw.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html" target="_blank">SDBOT.T</a> TROJAN!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=ZONEALARM.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html" target="_blank">SDBOT.T</a> TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=WINCFG.SCR
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotbx.html" target="_blank">SPYBOT-BX</a> WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=SPOLSV.EXE
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcm.html" target=_blank>SPYBOT-CM</a> WORM!
Source=Paul Collins Startup list
[Winsock2 driver]
Confirmed=X
Filename=Zonealarmupdate.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target=_blank>SPYBOT</a> WORM!
Source=Paul Collins Startup list
[Winsock2.dll]
Confirmed=X
Filename=WINLODR.SCR
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Winsock32 driver]
Confirmed=X
Filename=Testing.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list
[Winsock32 driver]
Confirmed=X
Filename=lcd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list
[Winsock32 driver]
Confirmed=X
Filename=Sdjoije.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=win32server.scr
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.html" target="_blank">HACARMY</a> TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=sp2XPupdate.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=win32server.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100723.htm" target="_blank">BACKDOOR-AZV</a> TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=ZoneAlarmPr0.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhackarmyb.html" target="_blank">HACKARMY-B</a> TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=ZoneLockup.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.d.html" target="_blank">HACARMY.D</a> TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=win32server.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.f.html" target=_blank>HACARMY.F</a> TROJAN!
Source=Paul Collins Startup list
[Winsock32driver]
Confirmed=X
Filename=winXPupdate.exe
Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=1574" target=_blank>HACKARMY.9728</a> TROJAN!
Source=Paul Collins Startup list
[winsockdriver]
Confirmed=X
Filename=tskmg.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.warpigs.c.html" target="_blank">WARPIGS.C</a> WORM!
Source=Paul Collins Startup list
[winsockdriver]
Confirmed=X
Filename=winsock2.2.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list
[WinSocketComponent]
Confirmed=X
Filename=nthost.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[WinSPF]
Confirmed=X
Filename=windrv32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.t@mm.html" target="_blank">MYDOOM.T</a> WORM!
Source=Paul Collins Startup list
[WinSPF]
Confirmed=X
Filename=winspf32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.s@mm.html" target="_blank">MYDOOM.S</a> WORM!
Source=Paul Collins Startup list
[Winspl]
Confirmed=X
Filename=winsplx.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojtrolla.html" target=_blank>TROLL-A</a> TROJAN!
Source=Paul Collins Startup list
[Winspool]
Confirmed=X
Filename=spoolsvr.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[WinSrv]
Confirmed=X
Filename=kn0x.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F" target="_blank">HOBBIT.F</a> WORM!
Source=Paul Collins Startup list
[WinSrv]
Confirmed=X
Filename=SHIZZLE.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.C" target="_blank">HOBBIT.C</a> WORM!
Source=Paul Collins Startup list
[Winsrv]
Confirmed=X
Filename=winsrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list
[WinStart]
Confirmed=X
Filename=WinStart.exe
Description=From<font color="#FF0000"> <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list
[WinStart]
Confirmed=X
Filename=Wscript.exe WinStart.vbs
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/vbs.cian.c.html" target="_blank">CIAN.C</a> WORM!
Source=Paul Collins Startup list
[WinStart]
Confirmed=X
Filename=winstart32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.purol.html" target="_blank">PUROL</a> WORM!
Source=Paul Collins Startup list
[WinStart]
Confirmed=X
Filename=WinStart.pif
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.e@mm.html" target="_blank">CONE.E</a> WORM!
Source=Paul Collins Startup list
[WinStart001]
Confirmed=X
Filename=WinStart001.exe
Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Source=Paul Collins Startup list
[WinStart001.EXE]
Confirmed=X
Filename=WinStart001.exe
Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html" target="_blank">CAKE</a> WORM!
Source=Paul Collins Startup list
[winstro]
Confirmed=X
Filename=RUN32DLL.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_ana.html" target="_blank">FTP_ANA</a> TROJAN!
Source=Paul Collins Startup list
[Winsvc32]
Confirmed=X
Filename=Winsvc32.exe
Description=Homepage hijacker
Source=Paul Collins Startup list
[Winsys]
Confirmed=U
Filename=Winsys.exe
Description=<a href="http://www.bc-technologies.com/products.htm" target="_blank">Win-Spy</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Source=Paul Collins Startup list
[WINSYS]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html" target="_blank">GOLDPLAY</a> TROJAN!
Source=Paul Collins Startup list
[WinSys32]
Confirmed=X
Filename=Winsys32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cigivip.html" target="_blank">CIGIVIP</a> TROJAN or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reckus.html" target="_blank"> RECKUS</a> WORM!
Source=Paul Collins Startup list
[winsys32 Driver]
Confirmed=X
Filename=winsys32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyo.html" target="_blank">LOONY-O</a> TROJAN!
Source=Paul Collins Startup list
[WinSysAppMon]
Confirmed=U
Filename=WinSysRM.exe
Description=Home & Family Content Filter related. See <a href="http://s.planetgood.net/Users/TechSupportFAQ.htm#_Toc9925457" target="_blank">here</a>
Source=Paul Collins Startup list
[winsyslog lptt01]
Confirmed=X
Filename=winsyslog.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Winsyslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[WinSysStartUpWKbLw]
Confirmed=X
Filename=TaskSystemDll.Exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.backzat.g.html" target="_blank">BACKZAT.G</a> WORM!
Source=Paul Collins Startup list
[WinSyst32]
Confirmed=X
Filename=winsyst32.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.morb@mm.html" target="_blank">MORB</a> WORM!
Source=Paul Collins Startup list
[WinSystem]
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.whitebait@mm.html" target="_blank"> WHITEBAIT</a> WORM!
Source=Paul Collins Startup list
[Winsystem]
Confirmed=X
Filename=winsystem.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=65604&VName=TROJ_BANCOS.CR&VSect=T" target="_blank">BANCOS.CR</a> TROJAN!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hipo.html" target="_blank">HIPO</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.f.html" target="_blank">LEMIR.F</a> TROJANS!
Source=Paul Collins Startup list
[WinTask driver]
Confirmed=X
Filename=wintask.exe
Description=Added by the SMALL.ABD downloader TROJAN!
Source=Paul Collins Startup list
[WinTasks Traybar]
Confirmed=U
Filename=wintasks.exe
Description=<a href="http://www.liutilities.com/products/wintasksstd/" target="_blank">WinTasks</a> - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"
Source=Paul Collins Startup list
[wintasks.exe]
Confirmed=X
Filename=wintasks.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.evaman@mm.html" target="_blank">EVAMAN</a> WORM!
Source=Paul Collins Startup list
[Wintercooler Pro]
Confirmed=N
Filename=WINCOOL.EXE
Description=<a href="http://www.liveye.com/wintercooler/index.html" target="_blank">Wintercooler Pro</a> - utility that monitors CPU usage, RAM consumption and Internet connection speed
Source=Paul Collins Startup list
[WinTidy]
Confirmed=N
Filename=WinTidy.exe
Description=Desktop icon manager from <a href="http://downloads-zdnet.com.com/3000-2094-5933571.html?tag=lst-0-1" target="_blank">PC Magazine</a> (Ziff-Davis) for Win95. Available via Start -> Programs
Source=Paul Collins Startup list
[Wintime]
Confirmed=X
Filename=Wintime.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/downloader.harnig.html" target="_blank">HARNIG</a> TROJAN!
Source=Paul Collins Startup list
[Wintime Wtxpload]
Confirmed=N
Filename=Wxpload.exe Wintime
Description=Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG"
Description=WinTOTAL Real estate appraisal software related
Source=Paul Collins Startup list
[WinTray]
Confirmed=X
Filename=wintray.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.leguardien.b.html" target="_blank">LEGUARDIEN.B</a> TROJAN!
Source=Paul Collins Startup list
[winupated.exe]
Confirmed=X
Filename=winupated.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
Source=Paul Collins Startup list
[winupd]
Confirmed=X
Filename=RUNDLL32.EXE [random value].dll, _mainRD
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mota.a.html" target="_blank">MOTA.A</a> WORM!
Source=Paul Collins Startup list
[winupd.exe]
Confirmed=X
Filename=winupd.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html" target="_blank">BEAGLE.M</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.n@mm.html" target="_blank">BEAGLE.N</a> WORMS!
Source=Paul Collins Startup list
[WinUPD32]
Confirmed=X
Filename=explorer.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Source=Paul Collins Startup list
[winupdat]
Confirmed=X
Filename=winupdat.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40033" target="_blank">CANBOT.A</a> WORM!
Source=Paul Collins Startup list
[WinUpdate]
Confirmed=X
Filename=RBSKQQBO.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.vbswg2b.a@mm.html" target="_blank">VBSWG2B.A</a> WORM!
Source=Paul Collins Startup list
[WinUpdate]
Confirmed=X
Filename=wmbem.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.b.html" target="_blank">REVCUSS.B</a> TROJAN!
Source=Paul Collins Startup list
[WinUpdate Loader]
Confirmed=X
Filename=msnnm.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.c.html" target="_blank">REVCUSS.C</a> TROJAN!
Source=Paul Collins Startup list
[winupdate.exe]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rado.html" target="_blank">RADO</a> TROJAN!
Source=Paul Collins Startup list
[winupdate.reg]
Confirmed=X
Filename=winupdate.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.eas.html" target=_blank>SPYBOT.EAS</a> WORM!
Source=Paul Collins Startup list
[winupdate2846]
Confirmed=X
Filename=vbsystem35.exe msvbrun.exe
Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
Source=Paul Collins Startup list
[WinUpdateProtection]
Confirmed=U
Filename=csrss.exe
Description=<a href="http://www.kephyr.com/spywarescanner/library/iceremotespy/index.phtml" target=_blank>ICE Remote Spy</a> monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder
Source=Paul Collins Startup list
[winupdt]
Confirmed=X
Filename=RUNDLL32.EXE [random.dll]
Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=57406" target=_blank>MABUT.A</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.b.html" target="_blank">WINBUR.B</a> WORM!
Source=Paul Collins Startup list
[winusb.dll]
Confirmed=X
Filename=winguard.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcn.html" target=_blank>FORBOT-CN</a> WORM!
Source=Paul Collins Startup list
[Winux Piriax Service]
Confirmed=X
Filename=PH32.EXE
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.g.html" target="_blank">RANDEX.G</a> WORM!
Source=Paul Collins Startup list
[winversion]
Confirmed=X
Filename=winversion.exe
Description=Browser hijacker, redirecting to specificsearches.com
Source=Paul Collins Startup list
[WinVNC]
Confirmed=U
Filename=WinVNC.exe
Description=<a href="http://www.uk.research.att.com/vnc/winvnc.html" target="_blank">WinVNC</a> is an application that allows you to remote control your PC from another PC somewhere on the internet
Source=Paul Collins Startup list
[WinVNC]
Confirmed=X
Filename=iexplorer.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html" target="_blank">EVIVINC</a> VIRUS!
Source=Paul Collins Startup list
[winwan lptt01]
Confirmed=X
Filename=winwan.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Winwan" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[winwan ml097e]
Confirmed=X
Filename=winwan.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "Winwan" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">here</a>
Source=Paul Collins Startup list
[winXP]
Confirmed=X
Filename=33.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html" target=_blank>ANPES</a> WORM!
Source=Paul Collins Startup list
[WinXP]
Confirmed=X
Filename=plugin1.exe
Description=Added by the Downloader-JW TROJAN!
Source=Paul Collins Startup list
[WinXP fix]
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html" target=_blank>RANKY.P</a> TROJAN!
Source=Paul Collins Startup list
[winxpdll32.exe]
Confirmed=X
Filename=winxpdll32.exe
Description=Added by a variant of the SMALL downloader TROJAN!
Source=Paul Collins Startup list
[WinXPLoad]
Confirmed=U
Filename=Rundll32 LoadDll, LoadExe WinXPLoad.exe
Description=Compaq hotkey related - required if you use the hotkeys
Source=Paul Collins Startup list
[winzip]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html" target="_blank">BANCOS.G</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.k.html" target="_blank">BANCOS.K</a> TROJANS!
Source=Paul Collins Startup list
[WinZip Quick Pick]
Confirmed=N
Filename=WZQKPICK.EXE
Description=Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
Source=Paul Collins Startup list
[Win_api_driver]
Confirmed=X
Filename=system.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.download.revird.html" target="_blank">REVIRD</a> TROJAN!
Source=Paul Collins Startup list
[Win_Library]
Confirmed=X
Filename=INISvc.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anarch@mm.html" target="_blank">ANARCH</a> WORM!
Source=Paul Collins Startup list
[win_spool2]
Confirmed=X
Filename=win_spool2.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=57618&VName=TROJ_SCKEYLOG.B" target=_blank>SCKEYLOG.B</a> TROJAN!
Source=Paul Collins Startup list
[win_upd.exe]
Confirmed=X
Filename=WINdirect.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.m.html" target="_blank">MITGLIEDER.M</a> TROJAN!
Source=Paul Collins Startup list
[win_upd2.exe]
Confirmed=X
Filename=WINdirect.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html" target="_blank">BEAGLE.AO</a> WORM!
Source=Paul Collins Startup list
[Win_vader]
Confirmed=X
Filename=Win_vader.vbs
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INVASION.A" target="_blank">INVASION.A</a> VIRUS!
Source=Paul Collins Startup list
[WIP Config GUI]
Confirmed=X
Filename=Winipcfgs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcn.html" target=_blank>RBOT-CN</a> WORM!
Source=Paul Collins Startup list
[Wireless PCI Card Configuration Utility]
Confirmed=U
Filename=WMP11Cfg.exe
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> wireless PCI card (<a href="http://www.linksys.com/products/product.asp?prid=196&grid=" target="_blank">WMP11</a>) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Source=Paul Collins Startup list
[Wireless Provider Server]
Confirmed=X
Filename=wpsvr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotad.html" target="_blank">FORBOT-AD</a> WORM!
Source=Paul Collins Startup list
[Wireless-G Notebook Adapter Utility]
Confirmed=U
Filename=WPC54CFG.EXE
Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> Wireless-G Notebook Adapter (<a href="http://www.linksys.com/splash/wpc54g_splash.asp" target="_blank">WPC54G</a>)
Source=Paul Collins Startup list
[wjview]
Confirmed=N
Filename=wjview.exe
Description=MS tool used to view window-based Java applications from the command line
Source=Paul Collins Startup list
[wkcalrem]
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list
[WkDetect]
Confirmed=N
Filename=WkDetect.exe
Description=Checks for updates to MS Works
Source=Paul Collins Startup list
[wkfud]
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list
[WksSb]
Confirmed=N
Filename=WksSb.exe
Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file
Source=Paul Collins Startup list
[WkUFind]
Confirmed=N
Filename=WkUFind.exe
Description=MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update <a href="http://www.officeupdate.com/ProductUpdates/default.aspx" target="_blank">site</a>
Source=Paul Collins Startup list
[Wlan Drier]
Confirmed=X
Filename=Winusb2.exe
Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66546&VName=WORM_WOOTBOT.DC&VSect=T" target=_blank>WOOTBOT.DC</a> WORM!
Source=Paul Collins Startup list
[Wlan Driver]
Confirmed=X
Filename=avscan.exe
Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=66558&VName=WORM_WOOTBOT.DH&VSect=T" target=_blank>WOOTBOT.DH</a> WORM!
Source=Paul Collins Startup list
[WLAN Status Tray Applet]
Confirmed=N
Filename=WLANSTA.EXE
Description=System Tray icon for checking the status of a Wireless LAN
Source=Paul Collins Startup list
[WLAN_Cfg.exe]
Confirmed=Y
Filename=WLAN_Cfg.exe
Description=Linksys Instant Wireless USB Network Adapter driver
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html" target="_blank">NEVEG.B</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WMAudio]
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[WMBoot]
Confirmed=N
Filename=N/A
Description=Associated with Logitech Wingman game controllers. <font color="#FF0000"> Not required but what does it do?</font>
Source=Paul Collins Startup list
[WMIEXE.exe]
Confirmed=U
Filename=wmiexe.exe
Description=NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed. Check <a href="http://www.bits.bris.ac.uk/mxcl/tweaks/wmiexe.php" target="_blank">here</a> for some details on what to do to stop it loading
Source=Paul Collins Startup list
[Wminf]
Confirmed=X
Filename=Wminf.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[Wminfo]
Confirmed=X
Filename=Wminfo.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html" target="_blank">GEMA</a> TROJAN!
Source=Paul Collins Startup list
[wmiprv]
Confirmed=X
Filename=wmiprv.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwm.html" target=_blank>RBOT-WM</a> WORM!
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.b.html" target="_blank">BANPAES.B</a> TROJAN!
Source=Paul Collins Startup list
[WM_LOGIN]
Confirmed=?
Filename=MSGLOGIN.EXE
Description=<font color="#FF0000">Part of McAfee Firewall. What is it for and is it needed?</font>
Source=Paul Collins Startup list
[WNAD]
Confirmed=X
Filename=WNAD.EXE
Description=Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). See <a href="http://www.cexx.org/osama.htm" target="_blank">here</a> for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like
Description=Wanadoo ISP software related - not required - <a href="http://www.faqoe.com/index.php?bas=/connexionmanel.htm" target=_blank>here's</a> how to bypass it
Source=Paul Collins Startup list
[Woowatch]
Confirmed=N
Filename=Watch.exe
Description=<a target="_blank" href="http://www.wanadoo.com/eng/profil.htm?rub_5162.htm">Wanadoo ISP</a> software, not required
Source=Paul Collins Startup list
[WordWeb]
Confirmed=N
Filename=wweb32.exe
Description=<a href="http://wordweb.info/free/" target="_blank">WordWeb</a> - free theasaurus and dictionary. Start manually
Source=Paul Collins Startup list
[Workflo]
Confirmed=?
Filename=workflow.exe
Description=Related to <a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation - broadband troubleshooting software installed by various companies. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[Works Calendar Reminder]
Confirmed=N
Filename=wkcalrem.exe
Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
Source=Paul Collins Startup list
[WorksFUD]
Confirmed=N
Filename=wkfud.exe
Description=A marketing program for MS Works
Source=Paul Collins Startup list
[Workstation Scheduler]
Confirmed=U
Filename=wm95.exe
Description=Desktop Management Scheduler. Part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog
Source=Paul Collins Startup list
[Workstation Services]
Confirmed=X
Filename=wrkstn.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoj.html" target=_blank>RBOT-OJ</a> WORM!
Source=Paul Collins Startup list
[Worm Detector]
Confirmed=U
Filename=wd.exe
Description=<a href="http://www.kl-soft.com/wd.php" target="_blank">Worm Detector</a> - antivirus add-on for Outlook 2K or XP for handling worms and spam
Source=Paul Collins Startup list
[wormexe]
Confirmed=X
Filename=winstart.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.earlybird@mm.html" target="_blank">EARLYBIRD</a> WORM!
Source=Paul Collins Startup list
[wovax]
Confirmed=X
Filename=wovax.exe
Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wovax/" target="_blank">DAQA.A</a> TROJAN!
Source=Paul Collins Startup list
[Wpctrl]
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[Wpctrl]
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[wpctrl95]
Confirmed=N
Filename=wpctrlnt.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[wpctrl95]
Confirmed=N
Filename=wpctrl95.exe
Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Source=Paul Collins Startup list
[WPCycle.exe]
Confirmed=Y
Filename=WpCycleWin.exe
Description=Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing)
Source=Paul Collins Startup list
[wpds.exe]
Confirmed=X
Filename=doriot.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallky.html" target=_blank>SMALL-KY</a> TROJAN!
Source=Paul Collins Startup list
[WQK]
Confirmed=X
Filename=WQK.exe
Description=Added by a variant of the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html" target="_blank">KLEZ</a> WORM!
Source=Paul Collins Startup list
[wr]
Confirmed=?
Filename=WR.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[WR Command]
Confirmed=?
Filename=wr.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[WrCtrl]
Confirmed=N
Filename=WrCtrl.exe
Description=Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time
Source=Paul Collins Startup list
[WRDialer]
Confirmed=X
Filename=WrDialer.exe
Description=WinPoet DSL dialler
Source=Paul Collins Startup list
[WRECK GUARD]
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[WregBios]
Confirmed=?
Filename=wregbios.exe
Description=Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list
[wrexec]
Confirmed=U
Filename=wrexec.exe
Description=Watch Right - monitoring program, part of the <a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank"> PowerTools</a> add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online
Source=Paul Collins Startup list
[wriste]
Confirmed=?
Filename=wriste.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ws2help]
Confirmed=X
Filename=ws2help.exe
Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AN" target=_blank>SMALL.AN</a> TROJAN!
Source=Paul Collins Startup list
[WSAConfiguration]
Confirmed=X
Filename=wmon32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.baj.html" target="_blank">GAOBOT.BAJ</a> WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Confirmed=X
Filename=svchostt.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZT" target="_blank">AGOBOT.ZT</a> WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Confirmed=X
Filename=rpcxmn32.exe
Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66485&VName=WORM_AGOBOT.ABG&VSect=T" target=_blank>AGOBOT.ABG</a> WORM!
Source=Paul Collins Startup list
[WSAConfiguration]
Confirmed=X
Filename=win32upd.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[WSAConfiguration1]
Confirmed=X
Filename=csass.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH" target=_blank>AGOBOT.WH</a> WORM!
Source=Paul Collins Startup list
[wsbklite]
Confirmed=?
Filename=wsbklite.exe
Description=Related to the Acer Soft Button on Acer Tablet PCs. <font color="#FF0000">Appears to do nothing so is it required?</a>
Source=Paul Collins Startup list
[WScheduler]
Confirmed=U
Filename=WScheduler.exe
Description=<a href="http://www.splinterware.com/products/wincron.htm" target="_blank">Windows Scheduler</a> - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events."
Source=Paul Collins Startup list
[wscript.exe]
Confirmed=X
Filename=vabian.vbs
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/vbs.vabi@mm.html" target="_blank">VABI</a> VIRUS!
Source=Paul Collins Startup list
[Wsdata service]
Confirmed=X
Filename=WSconf.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZU" target=_blank>SDBOT.ZU</a> WORM!
Source=Paul Collins Startup list
[wserver]
Confirmed=X
Filename=wserver.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ac@mm.html" target="_blank">NETSKY.AC</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html" target="_blank">SASSER.G</a> WORMS!
Source=Paul Collins Startup list
[WService]
Confirmed=U
Filename=WService.exe
Description=Tablet client Driver for <a href="http://www.uc-logic.com" target="_blank"> UC-Logic</a> Pen/Graphics Tablet
Source=Paul Collins Startup list
[WSSAConfiguration]
Confirmed=X
Filename=wmmon32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkc.html" target="_blank">AGOBOT-KC</a> WORM!
Source=Paul Collins Startup list
[Wstat32 driver]
Confirmed=X
Filename=Wstat32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.loonbot.html" target="_blank">LOONBOT</a> TROJAN!
Source=Paul Collins Startup list
[wstimeb]
Confirmed=Y
Filename=wstimeb.exe
Description=Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it
Source=Paul Collins Startup list
[wswpd]
Confirmed=Y
Filename=wswpd.exe
Description=Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work
Source=Paul Collins Startup list
[WT Game Channel]
Confirmed=N
Filename=GameChannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT Game Channel]
Confirmed=N
Filename=wtgamechannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT GameChannel]
Confirmed=N
Filename=GameChannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WT GameChannel]
Confirmed=N
Filename=wtgamechannel.exe
Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list
[WTIndicator]
Confirmed=U
Filename=SchedInd.exe
Description=<a href="http://www.wintask.com/" target="_blank">WinTask</a> - software that automates a variety of routine tasks quickly and simply
Description=Remote wakeup status agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a>. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)
Source=Paul Collins Startup list
[WUPD]
Confirmed=X
Filename=iglmtray.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.tzet.worm.html" target="_blank">TZET</a> WORM!
Source=Paul Collins Startup list
[wupdt]
Confirmed=X
Filename=wupdt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
Source=Paul Collins Startup list
[WUSB11B.exe]
Confirmed=Y
Filename=WUSB11B.exe
Description=Linksys WUSB11 WLAN USB adapter
Source=Paul Collins Startup list
[WUx_RegSvr]
Confirmed=?
Filename=RegSvr32.exe
Description=<font color="#FF0000">x is any number??</font>
Source=Paul Collins Startup list
[wvsvc]
Confirmed=X
Filename=wvsvc.exe
Description=Added by the <a href="http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59309&VName=WORM_AGOBOT.YM" target="_blank">AGOBOT.YM</a> WORM!
Source=Paul Collins Startup list
[www.hidro.4t.com]
Confirmed=X
Filename=enbiei.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html" target="_blank">BLASTER.F</a> WORM!
Source=Paul Collins Startup list
[www.symantec.com]
Confirmed=X
Filename=oz11111.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html" target="_blank">MYDOOM.W</a> WORM
Source=Paul Collins Startup list
[Wxp4]
Confirmed=X
Filename=Norton Update.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html" target=_blank>ERKEZ.D</a> WORM!
Source=Paul Collins Startup list
[WXProcMgr Module]
Confirmed=N
Filename=WXprocMgr.exe
Description=<a href="http://www.tvtonic.com/" target="_blank">TVTonic</a> from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system
Description="XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network
Source=Paul Collins Startup list
[X-Cleaner Deluxe]
Confirmed=U
Filename=xcleaner.exe
Description=<a href="http://www.xblock.com/deluxe.shtml" target=_blank>X-Cleaner Deluxe</a> - privacy and anti-spy application
Description=<a href="http://www.download.com/WeatherCheck/3000-2381_4-10284439.html" target=_blank>WeatherCheck</a> - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller
Source=Paul Collins Startup list
[x3watch]
Confirmed=U
Filename=x3watch.exe
Description="program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable"
Source=Paul Collins Startup list
[x3yy]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/trojan.tannick.html" target="_blank">TANNICK</a> TROJAN!
Source=Paul Collins Startup list
[Xanadu]
Confirmed=N
Filename=Xanadu.exe
Description=<a href="http://www.foreignword.biz/software/xanadu/" target="_blank">Xanadu</a> - free language and translation wizard from Foreignword
Source=Paul Collins Startup list
[xBrotherMeCom]
Confirmed=?
Filename=BrMeCom.exe
Description=Related to Brother MFC-9200c printer. <font color="#FF0000">What does it do and is it required?</font>
Description=Terratec DMXFire 1024 soundcard control panel
Source=Paul Collins Startup list
[xftpGraber]
Confirmed=X
Filename=Xftpgraber.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.envid.c@mm.html" target=_blank>ENVID.C</a> WORM!
Source=Paul Collins Startup list
[xicon]
Confirmed=?
Filename=xicon.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[XiD]
Confirmed=X
Filename=mmx.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.analogx.html" target="_blank">ANALOGX</a> TROJAN!
Source=Paul Collins Startup list
[XircWinModem4]
Confirmed=Y
Filename=ltcm000c.exe
Description=WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://808hi.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list
[xitami]
Confirmed=U
Filename=Xiwin32.exe
Description=<a href="http://www.xitami.com/" target="_blank">Xitami</a> Multiplatform Open Source web server
Source=Paul Collins Startup list
[xkstartup]
Confirmed=?
Filename=RunDll32 InstZ82.dll, SetUsbPrinterPort
Description=On a system with a Lexmark printer
Source=Paul Collins Startup list
[xload32]
Confirmed=X
Filename=netdd.exe
Description=Added by the <a href="http://www.pestpatrol.com/pestinfo/n/netspy__dk32_.asp" target=_blank>NETSPY</a> TROJAN!
Source=Paul Collins Startup list
[XML Service]
Confirmed=X
Filename=msxml.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothd.html" target=_blank>RBOT-HD</a> WORM!
Source=Paul Collins Startup list
[XNSearchAssistant]
Confirmed=X
Filename=SrchAsst.exe
Description=iWon Search Assistant - spyware
Source=Paul Collins Startup list
[xor]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xordoor.html" target="_blank">XORDOOR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[xp service pack 2]
Confirmed=X
Filename=xpsp2.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkw.html" target="_blank">RBOT-KW</a> WORM!
Source=Paul Collins Startup list
[Xpagent]
Confirmed=?
Filename=xpagent.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[xpcfg]
Confirmed=?
Filename=xpcfg.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Xpclient]
Confirmed=?
Filename=xpclient.exe
Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list
[xPlanetControl]
Confirmed=U
Filename=xPlanetControl.exe
Description=<a href="http://www.xplanetcontrol.de/download.php">Tool</a> that displays a globe with current day/night zones and clouds on users desktop.
Source=Paul Collins Startup list
[XPSoft]
Confirmed=X
Filename=CVDAsDW.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html" target=_blank>SDBOT-SY</a> WORM!
Source=Paul Collins Startup list
[XPSP2 Firewall]
Confirmed=X
Filename=xpsp2fw.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant, identified by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky_antivirus</a> as TrojanDropper.Win32.Small.cw
Source=Paul Collins Startup list
[xp_system]
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperg.html" target="_blank">KREPPER-G</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list
[xp_system]
Confirmed=X
Filename=winlogon.exe
Description=<a href="http://www.sophos.com/virusinfo/analyses/trojkrepperg.html" target=_blank>KREPPER-G</a> trojan, a <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is NOT the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should NOT figure in Msconfig/Startup!
Source=Paul Collins Startup list
[XStop95]
Confirmed=U
Filename=XStop95.exe
Description=<a href="http://www.xstop.com/" target="_blank">XStop</a> - internet filter
Source=Paul Collins Startup list
[xswin]
Confirmed=N
Filename=xswin.exe
Description=Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between Palm PDAs and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - ErPhn2]
Confirmed=U
Filename=ErPhn2.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - ErTray]
Confirmed=U
Filename=ErTray.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
Source=Paul Collins Startup list
[XTNDConnect PC - LtNts4]
Confirmed=U
Filename=NtsAgnt.exe
Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>
Source=Paul Collins Startup list
[Xtray]
Confirmed=X
Filename=xtray_link.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VB.JL" target="_blank">VB.JL</a> TROJAN!
Source=Paul Collins Startup list
[XtreamLok License Manager]
Confirmed=U
Filename=xl.exe
Description=License manager for <a href="http://www.xtreamlok.com/">xLok</a> (XtreamLok) - prevents software being reverse engineered
Source=Paul Collins Startup list
[XTServiceUpdate]
Confirmed=X
Filename=XTServiceUpdate.exe
Description=hahame.net adware downloader
Source=Paul Collins Startup list
[XtTb.exe]
Confirmed=X
Filename=XtTb.exe
Description=Top-banners.com adware
Source=Paul Collins Startup list
[xuio.exe]
Confirmed=?
Filename=xuio.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[Xupiter Startup]
Confirmed=X
Filename=XupiterStartup.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> - adware and homepage hijacker. To remove Xupiter go <a href="http://www.xupiter.com/uninstall/" target="_blank">here</a> and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[XupiterCfgLoader]
Confirmed=X
Filename=XTCfgLoader.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> - adware and homepage hijacker. To remove Xupiter go <a href="http://www.xupiter.com/uninstall/" target="_blank">here</a> and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[XupiterCfgLoader]
Confirmed=X
Filename=BWCfgLoader.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> - adware and homepage hijacker. To remove Xupiter go <a href="http://www.xupiter.com/uninstall/" target="_blank">here</a> and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[xupiterstartup2003]
Confirmed=X
Filename=xupiterstartup2003.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> - adware and homepage hijacker. To remove Xupiter go <a href="http://www.xupiter.com/uninstall/" target="_blank">here</a> and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[XupiterToolbarLoader]
Confirmed=X
Filename=XupiterToolbarLoader.exe
Description=<a href="http://www.doxdesk.com/parasite/Xupiter.html" target="_blank">Xupiter</a> - adware and homepage hijacker. To remove Xupiter go <a href="http://www.xupiter.com/uninstall/" target="_blank">here</a> and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target="_blank">here</a>
Source=Paul Collins Startup list
[xv_ctrl]
Confirmed=U
Filename=v_ctrl.exe
Description=3dfx Underground Tools - "Gives direct hardware control to your video graphics adapter"
Source=Paul Collins Startup list
[XWMSUSBAPI]
Confirmed=?
Filename=XWMSAPI.EXE
Description=Part of the installation of a Xerox WorkCentre printer/scanner.<font color="#FF0000"> Is it required?</font>
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "yahoo_toolbar" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[yahoo_toolbar ml097e]
Confirmed=X
Filename=yahoo_toolbar.exe
Description=Variant of the <a href="http://www.doxdesk.com/parasite/RapidBlaster.html" target="_blank"> RapidBlaster</a> parasite (in a "yahoo_toolbar" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see <a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank"> here</a>
Source=Paul Collins Startup list
[YAMAHA DS-XG Launcher]
Confirmed=N
Filename=dslaunch.exe
Description=System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups
Source=Paul Collins Startup list
[Yankee Clipper III]
Confirmed=N
Filename=YankClip.exe
Description=<a href="http://www.yankee-clipper.net/index.htm" target="_blank">Yankee Clipper III</a> - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware
Source=Paul Collins Startup list
[YBrowser]
Confirmed=N
Filename=ybrwicon.exe
Description=<a href="http://help.yahoo.com/help/us/sbc/browser/" target="_blank">SBC Yahoo! Browser</a> system tray icon
Source=Paul Collins Startup list
[yeahdude.exe]
Confirmed=X
Filename=hallowelt.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rs.html" target="_blank">GAOBOT.RS</a> or <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sa.html" target="_blank">GAOBOT.SA</a> WORMS!
Source=Paul Collins Startup list
[You've Got Pictures Screensaver]
Confirmed=U
Filename=ygpsstra.exe
Description=AOL You've Got Pictures« Screensaver
Source=Paul Collins Startup list
[YOW tuner]
Confirmed=?
Filename=WatchPNM.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ypager]
Confirmed=N
Filename=ypager.exe
Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Source=Paul Collins Startup list
[YPC]
Confirmed=U
Filename=ypc.exe
Description=Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access"
Source=Paul Collins Startup list
[YTrayMagic Lite 1]
Confirmed=Y
Filename=YTRAYMAGIC.EXE
Description=<a href="http://yoconsoft.hypermart.net/products.html#ytraymagic" target="_blank">YTrayMagic</a> from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored
Source=Paul Collins Startup list
[ywzizdon]
Confirmed=X
Filename=ywzizdon.exe
Description=Free_Scratch_Cards foistware
Source=Paul Collins Startup list
[yyyyyyyy]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html" target="_blank">MUMUBOY.B</a> TROJAN!
Source=Paul Collins Startup list
[yz.exe]
Confirmed=X
Filename=yz.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.vardo.html" target="_blank">VARDO</a> TROJAN!
Source=Paul Collins Startup list
[YZH.SYS]
Confirmed=X
Filename=YZH.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.sophily.html" target=_blank>SOPHILY</a> VIRUS!
Source=Paul Collins Startup list
[z-WrDialer]
Confirmed=U
Filename=WrDialer.exe
Description=WinPoet DSL dialer
Source=Paul Collins Startup list
[ZaCker]
Confirmed=X
Filename=[filename].PIF
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
Source=Paul Collins Startup list
[Zacker]
Confirmed=X
Filename=Zacker.exe
Description=Added by the <a href="http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html" target="_blank">GEMEL</a> WORM!
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list
[zBrowser Launcher]
Confirmed=U
Filename=iTouch.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list
[zBrowser Launcher]
Confirmed=U
Filename=Commandr.exe
Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
Source=Paul Collins Startup list
[zcb]
Confirmed=?
Filename=zcb.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[zcproo]
Confirmed=X
Filename=qssstiej.exe
Description=Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise. see this <a href="http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=0" target="_blank">thread</a>
Source=Paul Collins Startup list
[zdnet]
Confirmed=N
Filename=kontiki.exe
Description=<a href="http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=2846" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list
[Zebus]
Confirmed=N
Filename=msdc32.exe
Description=Runs a HTML tutorial on the Zebus web-site
Source=Paul Collins Startup list
[Zen.A]
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/perlzoomena.html" target="_blank">ZOOMEN-A</a> TROJAN!
Source=Paul Collins Startup list
[Zenet]
Confirmed=X
Filename=rundll32 CNBabe.dll, DllStartup
Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
Source=Paul Collins Startup list
[ZENRC]
Confirmed=Y
Filename=zenrc32.exe
Description=The main component of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management".<font color="#FF0000"> </font>Leave well alone
Source=Paul Collins Startup list
[ZENRC Tray Icon]
Confirmed=Y
Filename=zentray.exe
Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management".<font color="#FF0000"> </font>Best left alone
Source=Paul Collins Startup list
[ZENworks Imaging Service]
Confirmed=Y
Filename=ZISWin.exe
Description=Imaging Agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management"
Source=Paul Collins Startup list
[ZeroAds]
Confirmed=U
Filename=0
Description=<a href="http://zeroads.com/flash/default.asp" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually
Source=Paul Collins Startup list
[ZeroAds]
Confirmed=U
Filename=LAS0Ads.exe
Description=<a href="http://zeroads.com/flash/default.asp" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Required for the cookie interception to work
Source=Paul Collins Startup list
[ZeroSpyware]
Confirmed=U
Filename=ZeroSpyware.exe
Description=FBM Software ZeroSpyware 2004 spyware detector and remover
Source=Paul Collins Startup list
[zervpack2]
Confirmed=X
Filename=update2.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WD&VSect=T" target=_blank>SDBOT.WD</a> WORM!
Source=Paul Collins Startup list
[ZGNUBI]
Confirmed=?
Filename=ZGNUBI.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[ZIBMACC]
Confirmed=X
Filename=rundll.exe ZIBMACC.INF
Description=ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
Source=Paul Collins Startup list
[ZingSpooler]
Confirmed=U
Filename=ZingSpooler.exe
Description=Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
Source=Paul Collins Startup list
[Zinio DLM]
Confirmed=N
Filename=ZDLM.EXE
Description=<a href="http://www.zinio.com/main" target="_blank">Zinio</a> - used to read magazines in digital rather than paper format
Source=Paul Collins Startup list
[Zip Driver Loader]
Confirmed=X
Filename=ZipLoader32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[Zip Driver Loader]
Confirmed=X
Filename=msload32.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
Source=Paul Collins Startup list
[ZipDisk Icons]
Confirmed=U
Filename=IMGICON.EXE
Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Description=<a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target="_blank">CoolWebSearch</a> parasite related
Source=Paul Collins Startup list
[ZipMagic]
Confirmed=N
Filename=zm32.exe
Description=Zip utility by <a href="http://www.ontrack.com/zipmagic/" target="_blank">Ontrack</a>. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first
Source=Paul Collins Startup list
[zlclient]
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
Source=Paul Collins Startup list
[ZLH]
Confirmed=U
Filename=ZLH.EXE
Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
Source=Paul Collins Startup list
[Zonavirus]
Confirmed=X
Filename=0
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
Source=Paul Collins Startup list
[Zone Alarm]
Confirmed=X
Filename=vsmon.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BO" target="_blank">RBOT.BO</a> WORM! If this was the ZoneAlarm firewall the name column would be TrueVector
Source=Paul Collins Startup list
[Zone Labs Client]
Confirmed=Y
Filename=zlclient.exe
Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
Source=Paul Collins Startup list
[Zone Labs Client Ex]
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.f@mm.html" target="_blank">NETSKY.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
Source=Paul Collins Startup list
[Zone system]
Confirmed=X
Filename=szchost.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrac.html" target=_blank>MULTIDR-AC</a> TROJAN!
Source=Paul Collins Startup list
[ZoneAlarm]
Confirmed=Y
Filename=zonealarm.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - free version
Source=Paul Collins Startup list
[zonealarm]
Confirmed=X
Filename=[random filename]
Description=Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running
Source=Paul Collins Startup list
[Zonealarm]
Confirmed=X
Filename=Removeme.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbg.html" target=_blank>FORBOT-BG</a> WORM!
Source=Paul Collins Startup list
[ZoneAlarm Plus]
Confirmed=Y
Filename=zaplus.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list
[ZoneAlarm Pro]
Confirmed=Y
Filename=Zapro.exe
Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
Source=Paul Collins Startup list
[Zoom]
Confirmed=U
Filename=zoom.exe
Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_04.htm" target="_blank">Zoom</a> - speeds up Windows startup and manages startup applications
Source=Paul Collins Startup list
[ZoomingHook]
Confirmed=?
Filename=ZoomingHook.exe
Description=Related to the Toshiba Zooming Utility for Tablet PC. <font color="#FF0000">What does it do and is it required?</font>
Description="<a href="http://pjwalczak.com/spguard/index.php" target="_blank">StartPage Guard</a> (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."
Source=Paul Collins Startup list
[ZtgServerSwitch]
Confirmed=X
Filename=server.vbs
Description=ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
Source=Paul Collins Startup list
[Zupdate]
Confirmed=X
Filename=Zupdate.exe
Description=<a href="http://www.kazaa.com/en/privacy/bundles.htm" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Description=Homepage hi-jacker that re-defines your IE or Netscape start page
Source=Paul Collins Startup list
[zzz-hpi-boot]
Confirmed=?
Filename=hpi-boot.exe
Description=<font color="#FF0000">Associated with HP Photosmart printers</font>
Source=Paul Collins Startup list
[zzzCamlnSuitelll]
Confirmed=?
Filename=setup.exe 46***
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[zzzhpsetup]
Confirmed=?
Filename=setup.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list
[[Ephemeral 2.x] by TreeHugger,]
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html" target="_blank">LEMOOR.A</a> WORM! where "x" represents 3 or 4
Source=Paul Collins Startup list
[[executed file name]]
Confirmed=X
Filename=App.exe
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.waxpow.worm.html" target="_blank">WAXPOW</a> WORM!
Source=Paul Collins Startup list
[[executed file name]]
Confirmed=X
Filename=Regsrv32.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html" target="_blank">SOUTHGHOST</a> WORM!
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotn.html" target="_blank">SDBOT.N</a> TROJAN!
Source=Paul Collins Startup list
[[random name]]
Confirmed=X
Filename=wincpu.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list
[[System Mechanic Professional Update [Incinerator.dll]]
Confirmed=N
Filename=REREG: [path] Incinerator.dll
Description=<a href="http://www.iolo.com/sm/4pro/tutorials.cfm" target=_blank>System_Mechanic's</a> "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=elf.exe
Description=Elf is a hacker program, tied to a trojan server
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=crsrs.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotak.html" target="_blank">FORBOT-AK</a> WORM!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=Windows32.exe
Description=Added by any of a number of WORM or TROJAN variants
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=bling.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotni.html" target=_blank>RBOT-NI</a> WORM!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=mediaplayer32.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=winlogon32.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=svchostss.exe
Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=win32snd.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdq.html" target=_blank>RBOT-DQ</a> WORM!
Source=Paul Collins Startup list
[[various names]]
Confirmed=X
Filename=shch.exe
Description=Premium rate adult content dialler
Source=Paul Collins Startup list
[[]]
Confirmed=X
Filename=spolsvr2.exe
Description=Added by the EVILSOCK.10 TROJAN!
Source=Paul Collins Startup list
[[]]
Confirmed=X
Filename=iexpl0res.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list
[[]]
Confirmed=X
Filename=winbas12.exe
Description=Adware, probably <a href="http://www.spywareinfo.com/~merijn/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related - recognized by <a href="http://www.kaspersky.com/personalpro" target=_blank>Kaspersky</a> antivirus as TrojanDownloader.Win32.VB.du
Source=Paul Collins Startup list
[\IEService.exe]
Confirmed=X
Filename=IEService.exe
Description=FastFind parasite variant
Source=Paul Collins Startup list
[\Pribi.exe]
Confirmed=X
Filename=Pribi.exe
Description=FastFind parasite variant
Source=Paul Collins Startup list
[^`d}qZxu]
Confirmed=X
Filename=~`d}qzxu3zYF
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html" target="_blank">GAOBOT.GEN!POLY</a> WORM!
Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B" target="_blank">ZAFI.B</a> WORM!
Source=Paul Collins Startup list
[_svchost.con]
Confirmed=X
Filename=svchost.com
Description=Added by the <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.c@mm.html" target=_blank>ERKEZ.C</a> WORM!
Source=Paul Collins Startup list
[_winadm]
Confirmed=U
Filename=winadm.exe
Description=<a href="http://people.freenet.de/winadm/anleitung_eng.htm" target="_blank">Parents Friend</a> - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"
Source=Paul Collins Startup list
[_x-Finder]
Confirmed=X
Filename=_x-Finder.exe
Description=Disconnects and redials an ISP modem to an adult content site
Source=Paul Collins Startup list
[{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
Confirmed=U
Filename=gnotify.exe
Description=Google <a href="http://toolbar.google.com/gmail-helper/" target=_blank>Gmail_notifier</a>. Alerts you when you have new Gmail messages
