home *** CD-ROM | disk | FTP | other *** search

---

/ Personal Computer World 2009 February / PCWFEB09.iso / Software / Resources / Security / Spybot Search and Destroy 1.6 / spybotsd160.exe / {app} / Includes / Startup.tnfo

< prev

next >

Wrap

Text File  |  2007-09-19  |  4MB  |  100,995 lines

---

1. []
2. Number=1
3. Confirmed=X
4. Filename=system32.exe
5. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotku.html" target=_blank>AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field
6. Source=Paul Collins Startup list
7.  
8. []
9. Number=2
10. Confirmed=X
11. Filename=pathex.exe
12. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmkmoosea.html" target="_blank">MKMOOSE-A</a> WORM! Note - has a blank entry under the Startup Item/Name field
13. Source=Paul Collins Startup list
14.  
15. []
16. Number=3
17. Confirmed=X
18. Filename=svchost.exe
19. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfux.html" target="_blank">DELF-UX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
20. Source=Paul Collins Startup list
21.  
22. []
23. Number=4
24. Confirmed=X
25. Filename=MSPF.EXE
26. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
27. Source=Paul Collins Startup list
28.  
29. []
30. Number=5
31. Confirmed=X
32. Filename=dllvirtual.exe
33. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
34. Source=Paul Collins Startup list
35.  
36. []
37. Number=6
38. Confirmed=X
39. Filename=dllvirtual.dll
40. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
41. Source=Paul Collins Startup list
42.  
43. []
44. Number=7
45. Confirmed=X
46. Filename=dllvirtual.js
47. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
48. Source=Paul Collins Startup list
49.  
50. [ SystemBoot]
51. Number=8
52. Confirmed=X
53. Filename=services.exe
54. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoberq.html" target="_blank">SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
55. Source=Paul Collins Startup list
56.  
57. [ WinCheck]
58. Number=9
59. Confirmed=X
60. Filename=services.exe
61. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sobers.html" target=_blank>SOBER-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
62. Source=Paul Collins Startup list
63.  
64. [ Windows]
65. Number=10
66. Confirmed=X
67. Filename=services.exe
68. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target=_blank>SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
69. Source=Paul Collins Startup list
70.  
71. [ WinStart]
72. Number=11
73. Confirmed=X
74. Filename=services.exe
75. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
76. Source=Paul Collins Startup list
77.  
78. [ winsystem.sys]
79. Number=12
80. Confirmed=X
81. Filename=smss.exe
82. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target=_blank>SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
83. Source=Paul Collins Startup list
84.  
85. [!1_pgaccount]
86. Number=13
87. Confirmed=Y
88. Filename=pgaccount.exe
89. Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
90. Source=Paul Collins Startup list
91.  
92. [!1_ProcessGuard_Startup]
93. Number=14
94. Confirmed=Y
95. Filename=procguard.exe
96. Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target=_blank>ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
97. Source=Paul Collins Startup list
98.  
99. [!AVG Anti-Spyware]
100. Number=15
101. Confirmed=U
102. Filename=avgas.exe
103. Description=Part of <a href="http://www3.grisoft.com/doc/products-avg-anti-spyware/us/crp/0" target="_blank">AVG Anti-Spyware</a> from Grisoft
104. Source=Paul Collins Startup list
105.  
106. [!ewido]
107. Number=16
108. Confirmed=U
109. Filename=ewido.exe
110. Description=Part of <a href="http://www.ewido.net/en/" target="_blank">Ewido</a> anti-spyware
111. Source=Paul Collins Startup list
112.  
113. [!NoLoad]
114. Number=17
115. Confirmed=N
116. Filename=winrecon.exe
117. Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winrecon/" target="_blank">WinRecon</a> keystroke logger/monitoring program - remove unless you installed it yourself!
118. Source=Paul Collins Startup list
119.  
120. [$EnterNet]
121. Number=18
122. Confirmed=?
123. Filename=Enternet.exe
124. Description=Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a>
125. Source=Paul Collins Startup list
126.  
127. [$sys$cmp]
128. Number=19
129. Confirmed=X
130. Filename=$sys$xp.exe
131. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111015-0804-99" target=_blank>RYKNOS.B</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
132. Source=Paul Collins Startup list
133.  
134. [$sys$crash]
135. Number=20
136. Confirmed=X
137. Filename=$sys$sonyTimer.exe
138. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
139. Source=Paul Collins Startup list
140.  
141. [$sys$crash]
142. Number=21
143. Confirmed=X
144. Filename=$sys$sos$sys$.exe
145. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
146. Source=Paul Collins Startup list
147.  
148. [$sys$crash]
149. Number=22
150. Confirmed=X
151. Filename=$sys$WeLoveMcCOL.exe
152. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
153. Source=Paul Collins Startup list
154.  
155. [$sys$drv]
156. Number=23
157. Confirmed=X
158. Filename=$sys$drv.exe
159. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111012-2048-99" target=_blank>RYKNOS</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
160. Source=Paul Collins Startup list
161.  
162. [$sys$momomomochin]
163. Number=24
164. Confirmed=X
165. Filename=$sys$sonyTimer.exe
166. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
167. Source=Paul Collins Startup list
168.  
169. [$sys$momomomochin]
170. Number=25
171. Confirmed=X
172. Filename=$sys$sos$sys$.exe
173. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
174. Source=Paul Collins Startup list
175.  
176. [$sys$momomomochin]
177. Number=26
178. Confirmed=X
179. Filename=$sys$WeLoveMcCOL.exe
180. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
181. Source=Paul Collins Startup list
182.  
183. [$sys$umaiyo]
184. Number=27
185. Confirmed=X
186. Filename=$sys$sonyTimer.exe
187. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
188. Source=Paul Collins Startup list
189.  
190. [$sys$umaiyo]
191. Number=28
192. Confirmed=X
193. Filename=$sys$sos$sys$.exe
194. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
195. Source=Paul Collins Startup list
196.  
197. [$sys$umaiyo]
198. Number=29
199. Confirmed=X
200. Filename=$sys$WeLoveMcCOL.exe
201. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target=_blank>WELOMOCH</a> TROJAN!
202. Source=Paul Collins Startup list
203.  
204. [$Volumouse$]
205. Number=30
206. Confirmed=U
207. Filename=volumouse.exe
208. Description=<a href="http://www.nirsoft.net/utils/volumouse.html" target="_blank">Volumouse</a> from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
209. Source=Paul Collins Startup list
210.  
211. [$WindowsRegKey%update]
212. Number=31
213. Confirmed=X
214. Filename=IEXPLORE.EXE
215. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotez.html" target=_blank>RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
216. Source=Paul Collins Startup list
217.  
218. [%cmpmixtitle%]
219. Number=32
220. Confirmed=N
221. Filename=%cmpmixstr%
222. Description=<font color="#FF0000">Possibly related to C-Media Mixer Control panel?</font>
223. Source=Paul Collins Startup list
224.  
225. [%FP%012-L2TP fts.exe]
226. Number=33
227. Confirmed=N
228. Filename=fts.exe
229. Description=012.Net.il Israeli ISP software front-end
230. Source=Paul Collins Startup list
231.  
232. [%FP%012-L2TP FWPortal.exe]
233. Number=34
234. Confirmed=U
235. Filename=FWPortal.exe
236. Description=012.Net.il Israeli ISP dial-up software
237. Source=Paul Collins Startup list
238.  
239. [%FP%1776 Internet fts.exe]
240. Number=35
241. Confirmed=N
242. Filename=fts.exe
243. Description=1776 Internet US ISP software ISP software front-end
244. Source=Paul Collins Startup list
245.  
246. [%FP%1776 Internet FWPortal.exe]
247. Number=36
248. Confirmed=U
249. Filename=FWPortal.exe
250. Description=1776 Internet US ISP dial-up software
251. Source=Paul Collins Startup list
252.  
253. [%FP%Barak013 fts.exe]
254. Number=37
255. Confirmed=N
256. Filename=fts.exe
257. Description=Barak013 Israeli ISP software front-end
258. Source=Paul Collins Startup list
259.  
260. [%FP%Barak013 FWPortal.exe]
261. Number=38
262. Confirmed=U
263. Filename=FWPortal.exe
264. Description=Barak013 Israeli ISP dial-up software
265. Source=Paul Collins Startup list
266.  
267. [%FP%Friendly fts.exe]
268. Number=39
269. Confirmed=N
270. Filename=fts.exe
271. Description=Friendly ISP software front-end
272. Source=Paul Collins Startup list
273.  
274. [(*)API Machine]
275. Number=40
276. Confirmed=X
277. Filename=winSOCKS.exe
278. Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winsocks/" target="_blank">here</a> (* = any digit)
279. Source=Paul Collins Startup list
280.  
281. [(*)Run]
282. Number=41
283. Confirmed=X
284. Filename=win32API.exe
285. Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/win32api/" target="_blank">here</a> (* = any digit)
286. Source=Paul Collins Startup list
287.  
288. [(default)]
289. Number=42
290. Confirmed=X
291. Filename=[random filename].exe
292. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032319-2209-99" target="_blank">BLACKMAL</a> WORM!
293. Source=Paul Collins Startup list
294.  
295. [(default)]
296. Number=43
297. Confirmed=X
298. Filename=rundll32.exe [path] Zykheptd.dll
299. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022116-5404-99" target=_blank>HESIVE.B</a> TROJAN!
300. Source=Paul Collins Startup list
301.  
302. [(L4r1$$4) (4nt1) (V1ruz)]
303. Number=44
304. Confirmed=X
305. Filename=SP00Lsv32.pif
306. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
307. Source=Paul Collins Startup list
308.  
309. [*JanisRuckenbrodII]
310. Number=45
311. Confirmed=X
312. Filename=janis.com
313. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012114-5256-99" target="_blank">POPS</a> WORM!
314. Source=Paul Collins Startup list
315.  
316. [*Microsoft Update]
317. Number=46
318. Confirmed=X
319. Filename=ctxma.exe
320. Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
321. Source=Paul Collins Startup list
322.  
323. [*Microsoft Update]
324. Number=47
325. Confirmed=X
326. Filename=cxma.exe
327. Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
328. Source=Paul Collins Startup list
329.  
330. [*Microsoft Update]
331. Number=48
332. Confirmed=X
333. Filename=wstcl.exe
334. Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
335. Source=Paul Collins Startup list
336.  
337. [*Microsoft Update]
338. Number=49
339. Confirmed=X
340. Filename=wucxt.exe
341. Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
342. Source=Paul Collins Startup list
343.  
344. [*Microsoft Update]
345. Number=50
346. Confirmed=X
347. Filename=wuytc.exe
348. Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
349. Source=Paul Collins Startup list
350.  
351. [*MS Setup]
352. Number=51
353. Confirmed=X
354. Filename=[random filename]
355. Description=Virtumondo adware, also known as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target=_blank>VUNDO</a> TROJAN!
356. Source=Paul Collins Startup list
357.  
358. [*Security Center]
359. Number=52
360. Confirmed=X
361. Filename=secctr.exe
362. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRO&VSect=P" target=_blank>SDBOT.BRO</a> WORM!
363. Source=Paul Collins Startup list
364.  
365. [*StateMgr]
366. Number=53
367. Confirmed=Y
368. Filename=statemgr.exe
369. Description=Windows ME default for System Restore. Do NOT disable!
370. Source=Paul Collins Startup list
371.  
372. [*windows update]
373. Number=54
374. Confirmed=X
375. Filename=wrauclt.exe
376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqu.html" target=_blank>RBOT-QU</a> WORM!
377. Source=Paul Collins Startup list
378.  
379. [*windows update]
380. Number=55
381. Confirmed=X
382. Filename=wuanclt.exe
383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpg.html" target=_blank>RBOT-PG</a> WORM!
384. Source=Paul Collins Startup list
385.  
386. [*windows update]
387. Number=56
388. Confirmed=X
389. Filename=wuaucrlt.exe
390. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010714-2915-99" target=_blank>SPYBOT.HUR</a> WORM!
391. Source=Paul Collins Startup list
392.  
393. [*windows update]
394. Number=57
395. Confirmed=X
396. Filename=wuraclt.exe
397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!
398. Source=Paul Collins Startup list
399.  
400. [*windows update]
401. Number=58
402. Confirmed=X
403. Filename=wurauclt.exe
404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsy.html" target=_blank>RBOT-SY</a> WORM!
405. Source=Paul Collins Startup list
406.  
407. [*windows update]
408. Number=59
409. Confirmed=X
410. Filename=wsctl.exe
411. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.PR" target="_blank">SPYBOT.PR</a> WORM!
412. Source=Paul Collins Startup list
413.  
414. [*windows update]
415. Number=60
416. Confirmed=X
417. Filename=wkmst.exe
418. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AVD" target="_blank">SDBOT.AVD</a> WORM!
419. Source=Paul Collins Startup list
420.  
421. [*windows update]
422. Number=61
423. Confirmed=X
424. Filename=wscxt.exe
425. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOS&VSect=P" target=_blank>RBOT.AOS</a> WORM!
426. Source=Paul Collins Startup list
427.  
428. [*windows update]
429. Number=62
430. Confirmed=X
431. Filename=waurclt.exe
432. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
433. Source=Paul Collins Startup list
434.  
435. [*Windows [filename] Checker]
436. Number=63
437. Confirmed=X
438. Filename=[filename]
439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kedebeb.html" target=_blank>KEDEBE-B</a> WORM!
440. Source=Paul Collins Startup list
441.  
442. [*WindowsAudio]
443. Number=64
444. Confirmed=X
445. Filename=systemupd.exe
446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentth.html" target=_blank>AGENT-TH</a> WORM!
447. Source=Paul Collins Startup list
448.  
449. [*WinLogon]
450. Number=65
451. Confirmed=X
452. Filename=[trojan path] ren time:[random number]
453. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target=_blank>VUNDO</a> TROJAN!
454. Source=Paul Collins Startup list
455.  
456. [*winstats]
457. Number=66
458. Confirmed=X
459. Filename=winstats.exe
460. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target=_blank>GARGAFX</a> TROJAN!
461. Source=Paul Collins Startup list
462.  
463. [*wuauclt.exe]
464. Number=67
465. Confirmed=X
466. Filename=w****.exe [* = random char]
467. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotug.html" target="_blank">RBOT-UG</a> WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
468. Source=Paul Collins Startup list
469.  
470. [,main drive Loader]
471. Number=68
472. Confirmed=X
473. Filename=wininfo.exe
474. Description=Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a>
475. Source=Paul Collins Startup list
476.  
477. [..]
478. Number=69
479. Confirmed=X
480. Filename=ABC2007.exe
481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrash.html" target="_blank">DLOADR-ASH</a> TROJAN!
482. Source=Paul Collins Startup list
483.  
484. [.mscdr]
485. Number=70
486. Confirmed=X
487. Filename=lassa.exe
488. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101212-0903-99" target=_blank>WEBUS.C</a> TROJAN!
489.  
490. Source=Paul Collins Startup list
491.  
492. [.mscdr]
493. Number=71
494. Confirmed=X
495. Filename=lsvchost.exe
496. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111216-2213-99" target=_blank>WEBUS.D</a> TROJAN!
497. Source=Paul Collins Startup list
498.  
499. [.mscdsr]
500. Number=72
501. Confirmed=X
502. Filename=lsvchost.exe
503. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorcr.html" target=_blank>CR</a> TROJAN!
504. Source=Paul Collins Startup list
505.  
506. [.mscsbl]
507. Number=73
508. Confirmed=X
509. Filename=svhost.exe
510. Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_130850.htm" target=_blank>CMQ</a> TROJAN!
511. Source=Paul Collins Startup list
512.  
513. [.msfupdate]
514. Number=74
515. Confirmed=X
516. Filename=msveup.exe
517. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040411-1529-99" target=_blank>ALLOCUP.A</a> WORM!
518. Source=Paul Collins Startup list
519.  
520. [.mssecure]
521. Number=75
522. Confirmed=X
523. Filename=mssecure.exe
524. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DDOS_BOXED.X&VSect=P" target=_blank>DDOS_BOXED.X</a> TROJAN!
525. Source=Paul Collins Startup list
526.  
527. [.NET config]
528. Number=76
529. Confirmed=?
530. Filename=sysmon32.exe
531. Description=<font color="#FF0000">??</font>
532. Source=Paul Collins Startup list
533.  
534. [.norton]
535. Number=77
536. Confirmed=X
537. Filename=rchost.exe
538. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojboxeda.html" target=_blank>BOXED-A</a> TROJAN!
539. Source=Paul Collins Startup list
540.  
541. [.nvsvc]
542. Number=78
543. Confirmed=X
544. Filename=smss.exe
545. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotfp.html" target=_blank>IRCBOT-FP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!
546.  
547. Source=Paul Collins Startup list
548.  
549. [.nvsvcb]
550. Number=79
551. Confirmed=X
552. Filename=smssb.exe
553. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=57167" target="_blank">BOXED.CG</a> TROJAN!
554. Source=Paul Collins Startup list
555.  
556. [.Prog]
557. Number=80
558. Confirmed=X
559. Filename=services.exe
560. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
561. Source=Paul Collins Startup list
562.  
563. [.Prog]
564. Number=81
565. Confirmed=X
566. Filename=winlogon.exe
567. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
568. Source=Paul Collins Startup list
569.  
570. [.protected]
571. Number=82
572. Confirmed=X
573. Filename=N/A
574. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
575. Source=Paul Collins Startup list
576.  
577. [.svchost]
578. Number=83
579. Confirmed=X
580. Filename=CSRSS.EXE
581. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051709-5609-99" target=_blank>WEBUS.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
582. Source=Paul Collins Startup list
583.  
584. [.TEXTCONV]
585. Number=84
586. Confirmed=X
587. Filename=csrss.exe
588. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
589. Source=Paul Collins Startup list
590.  
591. [.TEXTCONV]
592. Number=85
593. Confirmed=X
594. Filename=lsass.exe
595. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
596. Source=Paul Collins Startup list
597.  
598. [.WMAudio]
599. Number=86
600. Confirmed=X
601. Filename=csrss.exe
602. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
603. Source=Paul Collins Startup list
604.  
605. [.WMAudio]
606. Number=87
607. Confirmed=X
608. Filename=lsass.exe
609. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
610. Source=Paul Collins Startup list
611.  
612. [/l:eng]
613. Number=88
614. Confirmed=N
615. Filename=N/A
616. Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
617. Source=Paul Collins Startup list
618.  
619. [000]
620. Number=89
621. Confirmed=U
622. Filename=pit.exe
623. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061617-2707-99" target="_blank">PrivateEye</a> surveillance software. Uninstall this software unless you put it there yourself
624. Source=Paul Collins Startup list
625.  
626. [000hpdllhos]
627. Number=90
628. Confirmed=X
629. Filename=hpdllhost.exe
630. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
631. Source=Paul Collins Startup list
632.  
633. [000StTHK]
634. Number=91
635. Confirmed=U
636. Filename=000StTHK.exe
637. Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
638. Source=Paul Collins Startup list
639.  
640. [0050726-007-i32-1]
641. Number=92
642. Confirmed=X
643. Filename=0050726-007-i32-1.exe
644. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanec.html" target=_blank>BANCBAN-EC</a> TROJAN!
645. Source=Paul Collins Startup list
646.  
647. [00DSKSVR00]
648. Number=93
649. Confirmed=?
650. Filename=desksaver.exe
651. Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
652. Source=Paul Collins Startup list
653.  
654. [00DSKSVR01]
655. Number=94
656. Confirmed=?
657. Filename=desksaver.exe
658. Description=Related to <a href="http://www.softstack.com/deskshield.html" target=_blank>Advanced Desktop Shield</a>
659. Source=Paul Collins Startup list
660.  
661. [00TCrdMain]
662. Number=95
663. Confirmed=Y
664. Filename=TCrdMain.exe
665. Description=Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
666. Source=Paul Collins Startup list
667.  
668. [00THotkey]
669. Number=96
670. Confirmed=U
671. Filename=00THotKey.exe
672. Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
673. Source=Paul Collins Startup list
674.  
675. [0190 Warner]
676. Number=97
677. Confirmed=U
678. Filename=WARN0190.EXE
679. Description=Anti-dialer <a href="http://www.wt-rate.com/" target=_blank>program</a> (Germany)
680. Source=Paul Collins Startup list
681.  
682. [0900 Warner]
683. Number=98
684. Confirmed=U
685. Filename=WARN0900.EXE
686. Description=Anti-dialer <a href="http://www.wt-rate.com/" target=_blank>program</a> (Germany)
687. Source=Paul Collins Startup list
688.  
689. [0mcamcap]
690. Number=99
691. Confirmed=X
692. Filename=0mcamcap.exe
693. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamh.html" target=_blank>COSIAM-H</a> TROJAN!
694.  
695. Source=Paul Collins Startup list
696.  
697. [0utlook Express]
698. Number=100
699. Confirmed=X
700. Filename=*****.exe [* = random char]
701. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcc.html" target=_blank>RBOT-CC</a> WORM! Note the first letter is actually the digit "0" and not a capital "o"
702. Source=Paul Collins Startup list
703.  
704. [1]
705. Number=101
706. Confirmed=X
707. Filename=1.exe
708. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041515-1002-99" target=_blank>ESTEEMS</a> TROJAN!
709. Source=Paul Collins Startup list
710.  
711. [1]
712. Number=102
713. Confirmed=X
714. Filename=lsass.scr
715. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052411-0618-99" target=_blank>BANCOS.V</a> TROJAN!
716.  
717. Source=Paul Collins Startup list
718.  
719. [1]
720. Number=103
721. Confirmed=X
722. Filename=svchost.scr
723. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052515-4611-99" target=_blank>BANCOS.X</a> TROJAN!
724. Source=Paul Collins Startup list
725.  
726. [1111swapmgr.exe]
727. Number=104
728. Confirmed=X
729. Filename=1111swapmgr.exe
730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooric.html" target=_blank>IC</a> TROJAN!
731. Source=Paul Collins Startup list
732.  
733. [123456]
734. Number=105
735. Confirmed=X
736. Filename=rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl
737. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070209-4033-99" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A&VSect=T" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number
738. Source=Paul Collins Startup list
739.  
740. [12Ghosts Popup-Killer]
741. Number=106
742. Confirmed=U
743. Filename=12popup.exe
744. Description=<a href="http://12ghosts.com/ghosts/popup.htm" target="_blank">12Ghosts Popup-Killer</a>
745. Source=Paul Collins Startup list
746.  
747. [17779Proj2002]
748. Number=107
749. Confirmed=?
750. Filename=N/A
751. Description=<font color="#FF0000">??</font>
752. Source=Paul Collins Startup list
753.  
754. [180adsolution]
755. Number=108
756. Confirmed=X
757. Filename=180adsolution.exe
758. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
759. Source=Paul Collins Startup list
760.  
761. [180ax]
762. Number=109
763. Confirmed=X
764. Filename=180ax.exe
765. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
766. Source=Paul Collins Startup list
767.  
768. [180ClientStubInstall]
769. Number=110
770. Confirmed=X
771. Filename=stubinstaller****.exe [* = digit]
772. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
773. Source=Paul Collins Startup list
774.  
775. [180ClientStubInstall]
776. Number=111
777. Confirmed=X
778. Filename=[path to trojan]
779. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
780. Source=Paul Collins Startup list
781.  
782. [180ClientStubInstall]
783. Number=112
784. Confirmed=X
785. Filename=******.tmp [* = random digit/char]
786. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
787. Source=Paul Collins Startup list
788.  
789. [196_150_ni]
790. Number=113
791. Confirmed=X
792. Filename=196_150_ni.exe
793. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
794. Source=Paul Collins Startup list
795.  
796. [197_150_ni_3]
797. Number=114
798. Confirmed=X
799. Filename=197_150_ni_3.exe
800. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
801. Source=Paul Collins Startup list
802.  
803. [1:]
804. Number=115
805. Confirmed=N
806. Filename=hpdrv.exe
807. Description=HP utility for monitoring when and how many recoveries have been done
808. Source=Paul Collins Startup list
809.  
810. [1A:MacVisionTrayMonitor]
811. Number=116
812. Confirmed=N
813. Filename=TrayMonitor.exe
814. Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
815. Source=Paul Collins Startup list
816.  
817. [1A:Stardock MCP]
818. Number=117
819. Confirmed=Y
820. Filename=mcpserver.exe
821. Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
822. Source=Paul Collins Startup list
823.  
824. [1A:Stardock TrayMonitor]
825. Number=118
826. Confirmed=Y
827. Filename=TrayServer.exe
828. Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
829. Source=Paul Collins Startup list
830.  
831. [1CmailS]
832. Number=119
833. Confirmed=?
834. Filename=NETMAIL.EXE
835. Description=<font color="#FF0000">??</font>
836. Source=Paul Collins Startup list
837.  
838. [1on1]
839. Number=120
840. Confirmed=X
841. Filename=1on1.exe
842. Description=Adult content dialler
843. Source=Paul Collins Startup list
844.  
845. [1Srv32]
846. Number=121
847. Confirmed=U
848. Filename=SpyAgent4.exe
849. Description=SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
850. Source=Paul Collins Startup list
851.  
852. [1u7]
853. Number=122
854. Confirmed=X
855. Filename=1u7.exe
856. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmurbaca.html" target="_blank">MURBAC-A</a> TROJAN!
857. Source=Paul Collins Startup list
858.  
859. [1Win32Cfg]
860. Number=123
861. Confirmed=U
862. Filename=SpyBuddy.exe
863. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99" target=_blank>SpyBuddy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
864. Source=Paul Collins Startup list
865.  
866. [1Win32Cfg]
867. Number=124
868. Confirmed=U
869. Filename=Keyloggerpro.exe
870. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120711-4013-99" target=_blank>Keyloggerpro</a> keystroke logger/monitoring program - remove unless you installed it yourself!
871. Source=Paul Collins Startup list
872.  
873. [1WinCfg32]
874. Number=125
875. Confirmed=X
876. Filename=WebMailSpy.exe
877. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062918-0745-99" target=_blank>WebMailSpy</a> spyware
878. Source=Paul Collins Startup list
879.  
880. [2020Downloader]
881. Number=126
882. Confirmed=X
883. Filename=mssvr.exe
884. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=2020Search&threatid=13811" target="_blank">2020Search</a> Toolbar
885. Source=Paul Collins Startup list
886.  
887. [252]
888. Number=127
889. Confirmed=X
890. Filename=winmgr.exe
891. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirat.html" target=_blank>LEGMIR-AT</a> TROJAN!
892. Source=Paul Collins Startup list
893.  
894. [27]
895. Number=128
896. Confirmed=X
897. Filename=slsorve.exe
898. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorvea.html" target="_blank">SLSORVE-A</a> TROJAN!
899. Source=Paul Collins Startup list
900.  
901. [27]
902. Number=129
903. Confirmed=X
904. Filename=csrss32.exe
905. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorved.html" target=_blank>SLSORVE-D</a> TROJAN!
906. Source=Paul Collins Startup list
907.  
908. [27]
909. Number=130
910. Confirmed=X
911. Filename=msm32.exe
912. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorvee.html" target=_blank>SLSORVE-E</a> TROJAN!
913. Source=Paul Collins Startup list
914.  
915. [2Search]
916. Number=131
917. Confirmed=X
918. Filename=main.exe
919. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080302-3232-99" target="_blank">2Search</a> adware
920. Source=Paul Collins Startup list
921.  
922. [2thousandbuck]
923. Number=132
924. Confirmed=X
925. Filename=[path to file]
926. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110410-0039-99" target=_blank>RANKY.L</a> TROJAN!
927. Source=Paul Collins Startup list
928.  
929. [2wSysTray]
930. Number=133
931. Confirmed=U
932. Filename=2portalmon.exe
933. Description=<a target="_blank" href="http://www.2wire.com/">2Wire</a> Homeportal user interface
934. Source=Paul Collins Startup list
935.  
936. [32-bit Thunking service]
937. Number=134
938. Confirmed=X
939. Filename=thunk32.exe
940. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021712-1032-99" target=_blank>DERDERO.A</a> WORM!
941. Source=Paul Collins Startup list
942.  
943. [333]
944. Number=135
945. Confirmed=X
946. Filename=svchost.exe
947. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
948. Source=Paul Collins Startup list
949.  
950. [39ELTFH25Z8SKF]
951. Number=136
952. Confirmed=?
953. Filename=Ezg1q5.exe
954. Description=<font color="#FF0000">Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ?</font>
955. Source=Paul Collins Startup list
956.  
957. [3c1807pd]
958. Number=137
959. Confirmed=Y
960. Filename=3cmlink.exe 3cpipe-3c1807pd
961. Description=3Com WinModem driver. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
962. Source=Paul Collins Startup list
963.  
964. [3capplnk]
965. Number=138
966. Confirmed=Y
967. Filename=3capplnk.exe
968. Description=US Robotics Modem driver
969. Source=Paul Collins Startup list
970.  
971. [3cdminic]
972. Number=139
973. Confirmed=N
974. Filename=3CDMINIC.EXE
975. Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
976. Source=Paul Collins Startup list
977.  
978. [3CM Link]
979. Number=140
980. Confirmed=Y
981. Filename=3cmcnkw.exe
982. Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it
983. Source=Paul Collins Startup list
984.  
985. [3Cmlink]
986. Number=141
987. Confirmed=Y
988. Filename=3CmlinkW.exe
989. Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
990. Source=Paul Collins Startup list
991.  
992. [3ComDMIAgent]
993. Number=142
994. Confirmed=N
995. Filename=3CDMINIC.EXE
996. Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
997. Source=Paul Collins Startup list
998.  
999. [3cpipe-USRpdA]
1000. Number=143
1001. Confirmed=Y
1002. Filename=USRmlnkA.exe
1003. Description=Modem driver files from US Robotics
1004. Source=Paul Collins Startup list
1005.  
1006. [3D Text]
1007. Number=144
1008. Confirmed=X
1009. Filename=3D Text.scr
1010. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-2855-99" target="_blank"> JERMY.A</a> WORM!
1011. Source=Paul Collins Startup list
1012.  
1013. [3Deep Control Panel]
1014. Number=145
1015. Confirmed=U
1016. Filename=3DeepCTL.EXE
1017. Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games
1018. Source=Paul Collins Startup list
1019.  
1020. [3Dfx Acc]
1021. Number=146
1022. Confirmed=X
1023. Filename=GFXACC.EXE
1024. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM!
1025.  
1026. Source=Paul Collins Startup list
1027.  
1028. [3dfx Task Manager]
1029. Number=147
1030. Confirmed=N
1031. Filename=3dfxMan.exe
1032. Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
1033. Source=Paul Collins Startup list
1034.  
1035. [3dfx Tools]
1036. Number=148
1037. Confirmed=Y
1038. Filename=3dfxCmn.dll
1039. Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
1040. Source=Paul Collins Startup list
1041.  
1042. [3dfxv2ps.dll]
1043. Number=149
1044. Confirmed=Y
1045. Filename=3dfxv2ps.dll
1046. Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
1047. Source=Paul Collins Startup list
1048.  
1049. [3Dlabs Taskbar Display Manager]
1050. Number=150
1051. Confirmed=?
1052. Filename=3DLman.exe
1053. Description=3DLabs graphics driver related. <font color="#FF0000"> System Tray access to display settings?</font>
1054. Source=Paul Collins Startup list
1055.  
1056. [3DLabsHelperDemon]
1057. Number=151
1058. Confirmed=U
1059. Filename=3dldemon.exe
1060. Description=Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
1061. Source=Paul Collins Startup list
1062.  
1063. [3DMouse.EXE]
1064. Number=152
1065. Confirmed=Y
1066. Filename=3DMouse.EXE
1067. Description=Dritek System Inc. 3D Mouse driver
1068. Source=Paul Collins Startup list
1069.  
1070. [3d_sound]
1071. Number=153
1072. Confirmed=X
1073. Filename=3d_sound.exe
1074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojriadosa.html" target=_blank>RIADOS-A</a> TROJAN!
1075. Source=Paul Collins Startup list
1076.  
1077. [3qdctl.exe]
1078. Number=154
1079. Confirmed=U
1080. Filename=3qdctl.exe
1081. Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
1082. Source=Paul Collins Startup list
1083.  
1084. [3ware 3DM]
1085. Number=155
1086. Confirmed=Y
1087. Filename=3dm.exe
1088. Description=Monitors status of the disk array on 3ware IDE RAID controllers
1089. Source=Paul Collins Startup list
1090.  
1091. [456655]
1092. Number=156
1093. Confirmed=X
1094. Filename=explorer.exe
1095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosede.html" target=_blank>BIFROSE-DE</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
1096. Source=Paul Collins Startup list
1097.  
1098. [4da92ad5.exe]
1099. Number=157
1100. Confirmed=X
1101. Filename=4da92ad5.exe
1102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrwz.html" target="_blank">DLOADR-WZ</a> TROJAN!
1103. Source=Paul Collins Startup list
1104.  
1105. [4wd!!!]
1106. Number=158
1107. Confirmed=X
1108. Filename=Natal!.pif
1109. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM!
1110. Source=Paul Collins Startup list
1111.  
1112. [5-1-61-96]
1113. Number=159
1114. Confirmed=X
1115. Filename=members-area.exe
1116. Description=Adult content dialler
1117. Source=Paul Collins Startup list
1118.  
1119. [5-2-46-112]
1120. Number=160
1121. Confirmed=X
1122. Filename=5-2-46-112.exe
1123. Description=Adult content pop-up dialler. Removal instructions <a href="http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/eb788b5ae71219be/b143744d5a592352?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&rnum=9&prev=/groups%3Fq%3D5-2-46-112.exe%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF8%26safe%3Doff%26selm%3D1e10cd61.0203201743.78f51cfa%40posting.google.com%26rnum%3D9#b143744d5a592352" target="_blank">here</a>
1124. Source=Paul Collins Startup list
1125.  
1126. [55278]
1127. Number=161
1128. Confirmed=X
1129. Filename=grepclient1.exe
1130. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineages.html" target=_blank>LINEAGE-S</a> TROJAN!
1131. Source=Paul Collins Startup list
1132.  
1133. [5p4m]
1134. Number=162
1135. Confirmed=X
1136. Filename=[path to trojan]
1137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebotc.html" target=_blank>LITEBOT-C</a> TROJAN!
1138. Source=Paul Collins Startup list
1139.  
1140. [5whgue21]
1141. Number=163
1142. Confirmed=X
1143. Filename=5whgue21.exe
1144. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
1145. Source=Paul Collins Startup list
1146.  
1147. [666]
1148. Number=164
1149. Confirmed=X
1150. Filename=Ska.exe
1151. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpipes.html" target=_blank>PIPES</a> TROJAN!
1152. Source=Paul Collins Startup list
1153.  
1154. [678]
1155. Number=165
1156. Confirmed=X
1157. Filename=lsas32.exe
1158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojslsorveb.html" target=_blank>SLSORVE-B</a> TROJAN!
1159. Source=Paul Collins Startup list
1160.  
1161. [98D0CE0C16B1]
1162. Number=166
1163. Confirmed=X
1164. Filename=rundll32.exe D0CE0C16B1, D0CE0C16B1
1165. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
1166. Source=Paul Collins Startup list
1167.  
1168. [9m]
1169. Number=167
1170. Confirmed=X
1171. Filename=winlog0n.exe
1172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqk.html" target="_blank">LEGMIR-AQK</a> TROJAN!
1173. Source=Paul Collins Startup list
1174.  
1175. [9xadiras]
1176. Number=168
1177. Confirmed=Y
1178. Filename=9xadiras.exe
1179. Description=<a href="http://www.alliedtelesyn.co.uk/en-gb/" target=_blank>Allied Telesyn</a> AT series router/modem related - apparently required
1180. Source=Paul Collins Startup list
1181.  
1182. [9xHtProtect]
1183. Number=169
1184. Confirmed=X
1185. Filename=AVprotect9x.exe
1186. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-0018-99" target="_blank">NETSKY.M</a> WORM!
1187. Source=Paul Collins Startup list
1188.  
1189. [;Rundll]
1190. Number=170
1191. Confirmed=X
1192. Filename=[filename]
1193. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN!
1194. Source=Paul Collins Startup list
1195.  
1196. [?ekio Startups]
1197. Number=171
1198. Confirmed=X
1199. Filename=?nksvc32.exe
1200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotov.html" target=_blank>AGOBOT-OV</a> WORM where ? is a random character
1201.  
1202. Source=Paul Collins Startup list
1203.  
1204. [@]
1205. Number=172
1206. Confirmed=X
1207. Filename=regedit -s ..win.dll
1208. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN!
1209. Source=Paul Collins Startup list
1210.  
1211. [@Hoc Toolbar]
1212. Number=173
1213. Confirmed=N
1214. Filename=AtHoc.exe
1215. Description=One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info
1216. Source=Paul Collins Startup list
1217.  
1218. [@loha]
1219. Number=174
1220. Confirmed=N
1221. Filename=reminder.exe
1222. Description=Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility
1223. Source=Paul Collins Startup list
1224.  
1225. [@tour_ww]
1226. Number=175
1227. Confirmed=X
1228. Filename=@tour_ww[1].exe
1229. Description=Adult content dialler
1230. Source=Paul Collins Startup list
1231.  
1232. [a]
1233. Number=176
1234. Confirmed=X
1235. Filename=a.exe
1236. Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
1237. Source=Paul Collins Startup list
1238.  
1239. [a]
1240. Number=177
1241. Confirmed=X
1242. Filename=jesse.exe
1243. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32meloa.html" target=_blank>MELO-A</a> WORM!
1244. Source=Paul Collins Startup list
1245.  
1246. [A New Windows Updater]
1247. Number=178
1248. Confirmed=X
1249. Filename=w32NTupdt.exe
1250. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042420-4303-99" target="_blank">MYTOB.BM</a> WORM!
1251. Source=Paul Collins Startup list
1252.  
1253. [A Verizon App]
1254. Number=179
1255. Confirmed=U
1256. Filename=VERIZO~1.EXE
1257. Description=Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager
1258. Source=Paul Collins Startup list
1259.  
1260. [a-squared]
1261. Number=180
1262. Confirmed=U
1263. Filename=a2guard.exe
1264. Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature
1265. Source=Paul Collins Startup list
1266.  
1267. [a-winpoet-service]
1268. Number=181
1269. Confirmed=Y
1270. Filename=winpppoverethernet.exe
1271. Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
1272. Source=Paul Collins Startup list
1273.  
1274. [A1000 Settings Utility]
1275. Number=182
1276. Confirmed=U
1277. Filename=cpqa1000.exe
1278. Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
1279. Source=Paul Collins Startup list
1280.  
1281. [A4Proxy]
1282. Number=183
1283. Confirmed=U
1284. Filename=A4Proxy.exe
1285. Description=<a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites
1286. Source=Paul Collins Startup list
1287.  
1288. [AAACLEAN]
1289. Number=184
1290. Confirmed=?
1291. Filename=AAACLEAN.INF
1292. Description=<font color="#FF0000">??</font>
1293. Source=Paul Collins Startup list
1294.  
1295. [AAAKeyboard]
1296. Number=185
1297. Confirmed=?
1298. Filename=??
1299. Description=<font color="#FF0000">??</font>
1300. Source=Paul Collins Startup list
1301.  
1302. [AAATraySaver]
1303. Number=186
1304. Confirmed=N
1305. Filename=TraySaver.exe
1306. Description=System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
1307. Source=Paul Collins Startup list
1308.  
1309. [AAK]
1310. Number=187
1311. Confirmed=U
1312. Filename=aak.exe
1313. Description=<a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
1314. Source=Paul Collins Startup list
1315.  
1316. [Aaou]
1317. Number=188
1318. Confirmed=X
1319. Filename=amee.exe
1320. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
1321. Source=Paul Collins Startup list
1322.  
1323. [Aapp]
1324. Number=189
1325. Confirmed=X
1326. Filename=adprot.exe
1327. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware
1328. Source=Paul Collins Startup list
1329.  
1330. [aauclient]
1331. Number=190
1332. Confirmed=?
1333. Filename=ACNUpdater.exe
1334. Description=Appears to be related to software from <a href="http://www.accenture.com/home/default.htm?viewType=Flash" target=_blank>Accenture.com</a>
1335. Source=Paul Collins Startup list
1336.  
1337. [ab EazyScheduler]
1338. Number=191
1339. Confirmed=?
1340. Filename=ezsched.exe
1341. Description=<font color="#FF0000">??</font>
1342. Source=Paul Collins Startup list
1343.  
1344. [ABBYY Community Agent]
1345. Number=192
1346. Confirmed=N
1347. Filename=CAGENT.EXE
1348. Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
1349. Source=Paul Collins Startup list
1350.  
1351. [ABC]
1352. Number=193
1353. Confirmed=U
1354. Filename=keylogger.exe
1355. Description=Keystroke logger/monitoring program - remove unless you installed it yourself!
1356.  
1357. Source=Paul Collins Startup list
1358.  
1359. [abcdefgh]
1360. Number=194
1361. Confirmed=X
1362. Filename=abcdefgh.exe
1363. Description=<a href="http://www.securitystronghold.com/gates/spyware-adware-solutions/abcdefgh_abcdefgh.exe_solution.htm" target=_blank>EPJ</a> TROJAN! 
1364.  
1365. Source=Paul Collins Startup list
1366.  
1367. [ABIT uGuru]
1368. Number=195
1369. Confirmed=U
1370. Filename=uGuru.exe
1371. Description=<a href="http://www2.abit.com.tw/page/en/news/newspop.php?pDOCNO=en_0309184" target=_blank>ABIT ╡Guru</a> - on motherboards incorporating the ╡Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
1372. Source=Paul Collins Startup list
1373.  
1374. [ABITEQ]
1375. Number=196
1376. Confirmed=N
1377. Filename=abiteq.exe
1378. Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
1379. Source=Paul Collins Startup list
1380.  
1381. [Abrada WIN32]
1382. Number=197
1383. Confirmed=X
1384. Filename=abrada.exe
1385. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermong.html" target=_blank>DERMON-G</a> TROJAN!
1386.  
1387. Source=Paul Collins Startup list
1388.  
1389. [Absolute Shield]
1390. Number=198
1391. Confirmed=U
1392. Filename=dseraser.exe
1393. Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dseraser/" target=_blank>Absolute Shield Evidence Eliminator</a> - internet history eraser
1394.  
1395. Source=Paul Collins Startup list
1396.  
1397. [Absolute StartUp monitor]
1398. Number=199
1399. Confirmed=U
1400. Filename=ASMon.exe
1401. Description=<a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software
1402. Source=Paul Collins Startup list
1403.  
1404. [AbsoluteShield Internet Eraser]
1405. Number=200
1406. Confirmed=U
1407. Filename=cseraser.exe
1408. Description=<a href="http://www.internet-track-eraser.com/" target=_blank>AbsoluteShield Internet Eraser</a> - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
1409.  
1410. Source=Paul Collins Startup list
1411.  
1412. [ABsr]
1413. Number=201
1414. Confirmed=X
1415. Filename=absr.exe
1416. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
1417. Source=Paul Collins Startup list
1418.  
1419. [absr]
1420. Number=202
1421. Confirmed=X
1422. Filename=mwsvm.exe
1423. Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>
1424.  
1425. Source=Paul Collins Startup list
1426.  
1427. [abtu]
1428. Number=203
1429. Confirmed=X
1430. Filename=mp3serch.exe
1431. Description=Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. mp3serch.exe is the final version
1432. Source=Paul Collins Startup list
1433.  
1434. [abtu]
1435. Number=204
1436. Confirmed=X
1437. Filename=lopsearch.exe
1438. Description=Loads the executable for <a href="http://www.spywareinfo.com/articles/lop/" target="_blank">Lop.com</a>. lopsearch.exe is the beta version
1439. Source=Paul Collins Startup list
1440.  
1441. [AbyssWebServer]
1442. Number=205
1443. Confirmed=U
1444. Filename=abyssws.exe
1445. Description=<a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server
1446. Source=Paul Collins Startup list
1447.  
1448. [AcBtnMgr_Xxx]
1449. Number=206
1450. Confirmed=Y
1451. Filename=AcBtnMgr_Xxx.exe
1452. Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
1453. Source=Paul Collins Startup list
1454.  
1455. [acc]
1456. Number=207
1457. Confirmed=U
1458. Filename=acc.exe
1459. Description=<a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem"
1460. Source=Paul Collins Startup list
1461.  
1462. [ACCDEFRAGINFO]
1463. Number=208
1464. Confirmed=X
1465. Filename=[path to worm]
1466. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32darbyo.html" target=_blank>DARBY-O</a> WORM!
1467. Source=Paul Collins Startup list
1468.  
1469. [Accelerate]
1470. Number=209
1471. Confirmed=U
1472. Filename=accelerate.exe
1473. Description=Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
1474. Source=Paul Collins Startup list
1475.  
1476. [Access Ramp Monitor]
1477. Number=210
1478. Confirmed=N
1479. Filename=armon32.exe
1480. Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
1481. Source=Paul Collins Startup list
1482.  
1483. [Access WebControl]
1484. Number=211
1485. Confirmed=X
1486. Filename=[path to file]
1487. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorm.html" target=_blank>PPDOOR-M</a> TROJAN!
1488. Source=Paul Collins Startup list
1489.  
1490. [AccessManager]
1491. Number=212
1492. Confirmed=U
1493. Filename=AccessMgr.exe
1494. Description=Part of SmartPipes <a href="http://www.smartpipes.com/SecureSite.htm" target=_blank>SecureSite</a> software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
1495. Source=Paul Collins Startup list
1496.  
1497. [AccessMedia P2P Loader]
1498. Number=213
1499. Confirmed=X
1500. Filename=amp2pl.exe
1501. Description=My AccessMedia toolbar related, stealth installed!
1502. Source=Paul Collins Startup list
1503.  
1504. [AccessoriesPlus]
1505. Number=214
1506. Confirmed=U
1507. Filename=clockplus.exe
1508. Description=Clock Plus, part of <a href="http://simplypowerful.com/software/accessoriesplus.html" target=_blank>Accessories Plus</a> allows you to select from dozens of alternatives for the Windows clock
1509. Source=Paul Collins Startup list
1510.  
1511. [AccessRamp Monitor01]
1512. Number=215
1513. Confirmed=N
1514. Filename=ARMon32a.exe
1515. Description=From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
1516. Source=Paul Collins Startup list
1517.  
1518. [AccessRampLAN01]
1519. Number=216
1520. Confirmed=N
1521. Filename=ARUpld32.exe
1522. Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
1523. Source=Paul Collins Startup list
1524.  
1525. [AcctMgr]
1526. Number=217
1527. Confirmed=U
1528. Filename=AcctMgr.exe
1529. Description=NortonÖ Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
1530. Source=Paul Collins Startup list
1531.  
1532. [AccuWeather.com« Desktop]
1533. Number=218
1534. Confirmed=N
1535. Filename=AccuWeatherDesktop.exe
1536. Description=Desktop weather from <a href="http://home.accuweather.com/index.asp?partner=accuweather" target="_blank">AccuWeather</a>
1537. Source=Paul Collins Startup list
1538.  
1539. [accwizz.exe]
1540. Number=219
1541. Confirmed=X
1542. Filename=accwizz.exe
1543. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
1544. Source=Paul Collins Startup list
1545.  
1546. [accwizzz.exe]
1547. Number=220
1548. Confirmed=X
1549. Filename=accwizzz.exe
1550. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
1551. Source=Paul Collins Startup list
1552.  
1553. [acdllib3]
1554. Number=221
1555. Confirmed=X
1556. Filename=bcdlmem.exe
1557. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotba.html" target="_blank">MAILBOT-BA</a> TROJAN!
1558. Source=Paul Collins Startup list
1559.  
1560. [ACDSee]
1561. Number=222
1562. Confirmed=N
1563. Filename=ACDSee8Pro.exe
1564. Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> 8 photo software. Organize, manage, enhance, and share all your valued photo memories
1565. Source=Paul Collins Startup list
1566.  
1567. [Ace bows]
1568. Number=223
1569. Confirmed=?
1570. Filename=Ace bows.exe
1571. Description=<font color="#FF0000">??</font>
1572. Source=Paul Collins Startup list
1573.  
1574. [AceGain LiveUpdate]
1575. Number=224
1576. Confirmed=N
1577. Filename=LiveUpdate.exe
1578. Description="<a href="http://www.acegain.com/products_lu.htm" target="_blank">AceGain LiveUpdate</a> can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
1579. Source=Paul Collins Startup list
1580.  
1581. [Acer ePower Management]
1582. Number=225
1583. Confirmed=U
1584. Filename=Acer ePower Management.exe
1585. Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
1586. Source=Paul Collins Startup list
1587.  
1588. [AcerGoto]
1589. Number=226
1590. Confirmed=U
1591. Filename=AcerGoto.exe
1592. Description=Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
1593. Source=Paul Collins Startup list
1594.  
1595. [AcerNotebookManager]
1596. Number=227
1597. Confirmed=U
1598. Filename=almxptray.exe
1599. Description=System Tray access on some Acer Notebooks to give faster access to system settings
1600. Source=Paul Collins Startup list
1601.  
1602. [AcerPowerkey]
1603. Number=228
1604. Confirmed=U
1605. Filename=Powerkey.exe
1606. Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
1607. Source=Paul Collins Startup list
1608.  
1609. [Aceu]
1610. Number=229
1611. Confirmed=X
1612. Filename=[random filename]
1613. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
1614. Source=Paul Collins Startup list
1615.  
1616. [AClntUsr]
1617. Number=230
1618. Confirmed=U
1619. Filename=AClntUsr.exe
1620. Description=Altiris <a href="http://www.cdg-group.com/go.exe?prodid=299" target="_blank">AClient</a> Service Windows Tray Icon
1621. Source=Paul Collins Startup list
1622.  
1623. [Acme.PCHButton]
1624. Number=231
1625. Confirmed=N
1626. Filename=pchbutton.exe
1627. Description=Used by HP Instant Support
1628. Source=Paul Collins Startup list
1629.  
1630. [ACMonitor_Xxx]
1631. Number=232
1632. Confirmed=Y
1633. Filename=ACMonitor_Xxx.exe
1634. Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
1635. Source=Paul Collins Startup list
1636.  
1637. [acocash]
1638. Number=233
1639. Confirmed=X
1640. Filename=fastdown.exe
1641. Description=Adult content dialler
1642. Source=Paul Collins Startup list
1643.  
1644. [acocash]
1645. Number=234
1646. Confirmed=X
1647. Filename=fastdown.exe
1648. Description=Adult content dialler
1649. Source=Paul Collins Startup list
1650.  
1651. [Acombo3dmouse]
1652. Number=235
1653. Confirmed=U
1654. Filename=Acombo3d.exe
1655. Description=Mouse driver - required if you use non-standard Windows driver features
1656. Source=Paul Collins Startup list
1657.  
1658. [Aconti]
1659. Number=236
1660. Confirmed=X
1661. Filename=aconti.exe
1662. Description=Adult content dialler
1663. Source=Paul Collins Startup list
1664.  
1665. [acoustic]
1666. Number=237
1667. Confirmed=U
1668. Filename=acoustic.exe
1669. Description=Control panel program for Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained
1670. Source=Paul Collins Startup list
1671.  
1672. [acpart]
1673. Number=238
1674. Confirmed=N
1675. Filename=agpart11.exe
1676. Description=Program for finding trucks on-line
1677. Source=Paul Collins Startup list
1678.  
1679. [Acrobat]
1680. Number=239
1681. Confirmed=X
1682. Filename=acrmon32.exe
1683. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallect.html" target="_blank">SMALL-ECT</a> TROJAN!
1684. Source=Paul Collins Startup list
1685.  
1686. [Acrobat Assistant *.*]
1687. Number=240
1688. Confirmed=U
1689. Filename=ACROTRAY.EXE
1690. Description=Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
1691. Source=Paul Collins Startup list
1692.  
1693. [Acrobat Read]
1694. Number=241
1695. Confirmed=X
1696. Filename=acroup32.exe
1697. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvanbotbq.html" target="_blank">VANBOT-BQ</a> TROJAN!
1698. Source=Paul Collins Startup list
1699.  
1700. [Acronis Popup Blocker]
1701. Number=242
1702. Confirmed=U
1703. Filename=RunDll32.exe [path] Blocker.dll, Run
1704. Description=Part of <a href="http://www.acronis.com/homecomputing/products/privacyexpert/" target=_blank>Acronis Privacy Expert</a> - anti-spyware and security suite
1705.  
1706. Source=Paul Collins Startup list
1707.  
1708. [Acronis Scheduler2 Service]
1709. Number=243
1710. Confirmed=U
1711. Filename=schedhlp.exe
1712. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
1713. Source=Paul Collins Startup list
1714.  
1715. [Acronis True Image]
1716. Number=244
1717. Confirmed=U
1718. Filename=TimounterMonitor.exe
1719. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
1720. Source=Paul Collins Startup list
1721.  
1722. [Acronis True Image Monitor]
1723. Number=245
1724. Confirmed=N
1725. Filename=TrueImageMonitor.exe
1726. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
1727. Source=Paul Collins Startup list
1728.  
1729. [Acronis TrueImage Monitor]
1730. Number=246
1731. Confirmed=N
1732. Filename=TrueImageMonitor.exe
1733. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
1734. Source=Paul Collins Startup list
1735.  
1736. [AcronisTimounterMonitor]
1737. Number=247
1738. Confirmed=U
1739. Filename=TimounterMonitor.exe
1740. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
1741. Source=Paul Collins Startup list
1742.  
1743. [AcronisTrueImage Monitor]
1744. Number=248
1745. Confirmed=N
1746. Filename=TrueImageMonitor.exe
1747. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
1748. Source=Paul Collins Startup list
1749.  
1750. [Act! Preloader]
1751. Number=249
1752. Confirmed=U
1753. Filename=Act8.exe
1754. Description=Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
1755. Source=Paul Collins Startup list
1756.  
1757. [Action Manager 32]
1758. Number=250
1759. Confirmed=N
1760. Filename=am32.exe
1761. Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
1762. Source=Paul Collins Startup list
1763.  
1764. [ActionAgent]
1765. Number=251
1766. Confirmed=?
1767. Filename=actionagent.exe
1768. Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". <font color="#FF0000">Is it required?</font>
1769. Source=Paul Collins Startup list
1770.  
1771. [Activation]
1772. Number=252
1773. Confirmed=N
1774. Filename=Activation.exe
1775. Description=Part of Microsoft Money
1776. Source=Paul Collins Startup list
1777.  
1778. [Activboard]
1779. Number=253
1780. Confirmed=U
1781. Filename=MMKeybd.exe
1782. Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
1783. Source=Paul Collins Startup list
1784.  
1785. [Active Bit Station]
1786. Number=254
1787. Confirmed=X
1788. Filename=abs.exe
1789. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-3728-99" target="_blank">MYTOB.BZ</a> WORM!
1790. Source=Paul Collins Startup list
1791.  
1792. [Active Email Monitor]
1793. Number=255
1794. Confirmed=U
1795. Filename=aem25.exe
1796. Description=<a href="http://www.vicman.net/emailmon/" target="_blank">Active Email Monitor</a> checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
1797. Source=Paul Collins Startup list
1798.  
1799. [Active shield]
1800. Number=256
1801. Confirmed=U
1802. Filename=Activeshield.exe
1803. Description=<a href="http://www.securitystronghold.com/" target=_blank>Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
1804. Source=Paul Collins Startup list
1805.  
1806. [ActiveDesktop]
1807. Number=257
1808. Confirmed=X
1809. Filename=systray32.exe
1810. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030717-0234-99" target="_blank">DABOOM</a> WORM!
1811. Source=Paul Collins Startup list
1812.  
1813. [ACTIVEDS]
1814. Number=258
1815. Confirmed=X
1816. Filename=ACTIVEDS.EXE
1817. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
1818. Source=Paul Collins Startup list
1819.  
1820. [ActiveEyes]
1821. Number=259
1822. Confirmed=N
1823. Filename=ActiveEyes.exe
1824. Description=ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
1825. Source=Paul Collins Startup list
1826.  
1827. [ActiveKeys.AAB635BD7D054a37A576]
1828. Number=260
1829. Confirmed=U
1830. Filename=akeys.exe
1831. Description="<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
1832. Source=Paul Collins Startup list
1833.  
1834. [ActiveMenu]
1835. Number=261
1836. Confirmed=U
1837. Filename=ActiveMenu.exe
1838. Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
1839. Source=Paul Collins Startup list
1840.  
1841. [ActivePlus]
1842. Number=262
1843. Confirmed=U
1844. Filename=activeplus.exe
1845. Description=Interactive Agents Plugin for <a href="http://www.patchou.com/msgplus/" target="_blank">Messenger Plus!</a> (MSN Messenger add-on)
1846. Source=Paul Collins Startup list
1847.  
1848. [ActiveScan Antivirus]
1849. Number=263
1850. Confirmed=X
1851. Filename=ActiveScan.exe
1852. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkq.html" target="_blank">RBOT-FKQ</a> WORM!
1853. Source=Paul Collins Startup list
1854.  
1855. [ActiveShield]
1856. Number=264
1857. Confirmed=Y
1858. Filename=MCVSSHLD.EXE
1859. Description=McAfee VirusScan On-line. See also the McAgentExe entry
1860. Source=Paul Collins Startup list
1861.  
1862. [ActiveSpeed]
1863. Number=265
1864. Confirmed=U
1865. Filename=AS.exe
1866. Description=Ascentive <a href="http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html" target=_blank>ActiveSpeed</a> Internet Optimizer
1867. Source=Paul Collins Startup list
1868.  
1869. [ActiveSync]
1870. Number=266
1871. Confirmed=X
1872. Filename=wcescom32.exe
1873. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmancsyne.html" target="_blank">MANCSYN-E</a> TROJAN!
1874. Source=Paul Collins Startup list
1875.  
1876. [ActiveWords]
1877. Number=267
1878. Confirmed=N
1879. Filename=AWMonitor.exe
1880. Description=<a href="http://www.activewords.com" target="_blank">ActiveWords</a> from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that youÆve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text youÆve defined
1881. Source=Paul Collins Startup list
1882.  
1883. [ActiveX Streamer]
1884. Number=268
1885. Confirmed=X
1886. Filename=msgfix.exe
1887. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NQ" target="_blank">SDBOT.NQ</a> WORM!
1888. Source=Paul Collins Startup list
1889.  
1890. [ActiveXUpdate]
1891. Number=269
1892. Confirmed=X
1893. Filename=svcss.exe
1894. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerc.html" target=_blank>DEDLER.C</a> TROJAN!
1895. Source=Paul Collins Startup list
1896.  
1897. [Activity]
1898. Number=270
1899. Confirmed=U
1900. Filename=actik.exe
1901. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032917-5224-99" target="_blank">ActivityKey</a> Keystroke logger/monitoring program - remove unless you installed it yourself!
1902. Source=Paul Collins Startup list
1903.  
1904. [ActivSurf]
1905. Number=271
1906. Confirmed=N
1907. Filename=backweb*****.exe
1908. Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
1909. Source=Paul Collins Startup list
1910.  
1911. [ActMaker]
1912. Number=272
1913. Confirmed=U
1914. Filename=ActMak25.exe
1915. Description="<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
1916. Source=Paul Collins Startup list
1917.  
1918. [ActMaker]
1919. Number=273
1920. Confirmed=U
1921. Filename=ActMaker25.exe
1922. Description=<a href="http://www.789987.com/products.htm" target=_blank>ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
1923.  
1924. Source=Paul Collins Startup list
1925.  
1926. [ACTray]
1927. Number=274
1928. Confirmed=U
1929. Filename=ACTray.exe
1930. Description=System Tray icon for <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/accessconnections.html" target="_blank">ThinkVantage Access Connections</a> - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
1931. Source=Paul Collins Startup list
1932.  
1933. [Actual Window Minimizer]
1934. Number=275
1935. Confirmed=U
1936. Filename=ActualWindowMinimizerCenter.exe
1937. Description=<a href="http://www.actualtools.com/windowminimizer/" target=_blank>Actual Window Minimizer</a> - "allows minimizing any window to task tray notification area or to the edge of the screen"
1938.  
1939. Source=Paul Collins Startup list
1940.  
1941. [ACTX1]
1942. Number=276
1943. Confirmed=X
1944. Filename=v1201.exe
1945. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097395" target="_blank">VB.IS</a> TROJAN!
1946. Source=Paul Collins Startup list
1947.  
1948. [ACU]
1949. Number=277
1950. Confirmed=U
1951. Filename=ACU.exe
1952. Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
1953. Source=Paul Collins Startup list
1954.  
1955. [ACU_QSB]
1956. Number=278
1957. Confirmed=U
1958. Filename=ACU.exe
1959. Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
1960. Source=Paul Collins Startup list
1961.  
1962. [ACWLIcon]
1963. Number=279
1964. Confirmed=U
1965. Filename=ACWLIcon.exe
1966. Description=Related to IBM ThinkVantage Connectivity Solution
1967.  
1968. Source=Paul Collins Startup list
1969.  
1970. [Ad Blocker]
1971. Number=280
1972. Confirmed=U
1973. Filename=blocker.exe
1974. Description=<a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads
1975. Source=Paul Collins Startup list
1976.  
1977. [Ad Blocker Pro]
1978. Number=281
1979. Confirmed=U
1980. Filename=Ad Blocker Pro.exe
1981. Description=Ad Away popup and banner remover
1982. Source=Paul Collins Startup list
1983.  
1984. [Ad Muncher]
1985. Number=282
1986. Confirmed=U
1987. Filename=AdMunch.exe
1988. Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
1989. Source=Paul Collins Startup list
1990.  
1991. [Ad Online Guide]
1992. Number=283
1993. Confirmed=?
1994. Filename=adonlineguide.exe
1995. Description=<font color="#FF0000">??</font>
1996. Source=Paul Collins Startup list
1997.  
1998. [Ad-aware]
1999. Number=284
2000. Confirmed=N
2001. Filename=Ad-aware.exe
2002. Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
2003. Source=Paul Collins Startup list
2004.  
2005. [Ad-Aware]
2006. Number=285
2007. Confirmed=X
2008. Filename=Ad-Aware.exe
2009. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadj.html" target=_blank>RBOT-ADJ</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool and is located in the Winnt\System32 or Windows\System32 directory
2010. Source=Paul Collins Startup list
2011.  
2012. [Ad-Eliminator]
2013. Number=286
2014. Confirmed=N
2015. Filename=ad-eliminator.exe
2016. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
2017. Source=Paul Collins Startup list
2018.  
2019. [Ad-Muncher]
2020. Number=287
2021. Confirmed=U
2022. Filename=ADMUNCH.EXE
2023. Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
2024. Source=Paul Collins Startup list
2025.  
2026. [Ad-Protect]
2027. Number=288
2028. Confirmed=U
2029. Filename=ad-protect.exe
2030. Description=<a href="http://www.adprotectplus.com/" target=_blank>Ad-Protect</a> spyware and spam monitoring tool
2031.  
2032. Source=Paul Collins Startup list
2033.  
2034. [Ad-watch]
2035. Number=289
2036. Confirmed=U
2037. Filename=Ad-watch.exe
2038. Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
2039. Source=Paul Collins Startup list
2040.  
2041. [AD2KClient]
2042. Number=290
2043. Confirmed=U
2044. Filename=AD2KClient.exe
2045. Description=Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
2046. Source=Paul Collins Startup list
2047.  
2048. [Adaptec DirectCD]
2049. Number=291
2050. Confirmed=N
2051. Filename=Directcd.exe
2052. Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
2053.  
2054. Source=Paul Collins Startup list
2055.  
2056. [AdaptecDirectCD]
2057. Number=292
2058. Confirmed=N
2059. Filename=Directcd.exe
2060. Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
2061. Source=Paul Collins Startup list
2062.  
2063. [AdAware]
2064. Number=293
2065. Confirmed=X
2066. Filename=wini.exe
2067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxn.html" target="_blank">RBOT-XN</a> WORM!
2068. Source=Paul Collins Startup list
2069.  
2070. [Adaware Bootup]
2071. Number=294
2072. Confirmed=N
2073. Filename=ad-aware.exe
2074. Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
2075. Source=Paul Collins Startup list
2076.  
2077. [Adaware lptt01]
2078. Number=295
2079. Confirmed=X
2080. Filename=adaware.exe
2081. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
2082. Source=Paul Collins Startup list
2083.  
2084. [Adaware ml097e]
2085. Number=296
2086. Confirmed=X
2087. Filename=adaware.exe
2088. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
2089. Source=Paul Collins Startup list
2090.  
2091. [Add**.exe [* = random char]]
2092. Number=297
2093. Confirmed=X
2094. Filename=Add**.exe [* = random char]
2095. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
2096. Source=Paul Collins Startup list
2097.  
2098. [Add**32.exe [* = random char]]
2099. Number=298
2100. Confirmed=X
2101. Filename=Add**32.exe [* = random char]
2102. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
2103. Source=Paul Collins Startup list
2104.  
2105. [AddClass]
2106. Number=299
2107. Confirmed=X
2108. Filename=AddClass.exe
2109. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#addclass" target=_blank>Addclass</a> parasite variant
2110. Source=Paul Collins Startup list
2111.  
2112. [AddClass]
2113. Number=300
2114. Confirmed=X
2115. Filename=[Installation_Path]
2116. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080815-4711-99" target=_blank>STARTPAGE.F</a> hijacker
2117. Source=Paul Collins Startup list
2118.  
2119. [AddClass]
2120. Number=301
2121. Confirmed=X
2122. Filename=[path to trojan]
2123. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsecdla.html" target=_blank>SECDL-A</a> TROJAN!
2124. Source=Paul Collins Startup list
2125.  
2126. [AdDelete]
2127. Number=302
2128. Confirmed=U
2129. Filename=AdDelete.exe
2130. Description=Banner advertisment blocker
2131. Source=Paul Collins Startup list
2132.  
2133. [AdDestroyer]
2134. Number=303
2135. Confirmed=X
2136. Filename=AdDestroyer.exe
2137. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
2138. Source=Paul Collins Startup list
2139.  
2140. [addproxy]
2141. Number=304
2142. Confirmed=?
2143. Filename=addproxy.exe
2144. Description=Related to Adobe Photoshop
2145. Source=Paul Collins Startup list
2146.  
2147. [ADG]
2148. Number=305
2149. Confirmed=?
2150. Filename=ADG.exe
2151. Description=<font color="#FF0000"> SoundBlaster Audigy related?</font>
2152. Source=Paul Collins Startup list
2153.  
2154. [ADGJdet]
2155. Number=306
2156. Confirmed=N
2157. Filename=ADGJDet.exe
2158. Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
2159. Source=Paul Collins Startup list
2160.  
2161. [aDir]
2162. Number=307
2163. Confirmed=X
2164. Filename=adirss.exe
2165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspamsrve.html" target="_blank">SPAMSRV-E</a> TROJAN!
2166. Source=Paul Collins Startup list
2167.  
2168. [Adiras]
2169. Number=308
2170. Confirmed=Y
2171. Filename=Adiras.exe
2172. Description=ADSL USB modem related
2173. Source=Paul Collins Startup list
2174.  
2175. [adirka]
2176. Number=309
2177. Confirmed=X
2178. Filename=adirka.exe
2179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibsqt.html" target="_blank">TIBS-QT</a> TROJAN!
2180. Source=Paul Collins Startup list
2181.  
2182. [AdKiller]
2183. Number=310
2184. Confirmed=U
2185. Filename=AD Defender.exe
2186. Description=Part of <a href="http://www.evonsoft.com/Advanced-Spyware-Remover.htm" target="_blank">Advanced Spyware Remover</a> anti-spyware tool
2187. Source=Paul Collins Startup list
2188.  
2189. [ADM Library Loader]
2190. Number=311
2191. Confirmed=X
2192. Filename=admlib32.exe
2193. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
2194. Source=Paul Collins Startup list
2195.  
2196. [Admanager Controller]
2197. Number=312
2198. Confirmed=X
2199. Filename=AdManCtl.exe
2200. Description=Adware, probably a Windupdates variant
2201. Source=Paul Collins Startup list
2202.  
2203. [Admilli Service]
2204. Number=313
2205. Confirmed=X
2206. Filename=AdmilliServ.exe
2207. Description=Windupdates adware variant
2208. Source=Paul Collins Startup list
2209.  
2210. [Administrator]
2211. Number=314
2212. Confirmed=X
2213. Filename=svchost.scr
2214. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092910-5215-99" target=_blank>NOVACAL</a> TROJAN!
2215. Source=Paul Collins Startup list
2216.  
2217. [AdminSoft]
2218. Number=315
2219. Confirmed=X
2220. Filename=sysfile.vbs
2221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsstargruba.html" target="_blank">STARGRUB-A</a> WORM!
2222. Source=Paul Collins Startup list
2223.  
2224. [admtray.exe]
2225. Number=316
2226. Confirmed=U
2227. Filename=admtray.exe
2228. Description=Related to <a href="http://global.acer.com/" target=_blank>Acer</a> Inc. destop tray
2229. Source=Paul Collins Startup list
2230.  
2231. [Adobe]
2232. Number=317
2233. Confirmed=X
2234. Filename=Adobe.exe
2235. Description=Added by an unidentified VIRUS, WORM or TROJAN!
2236. Source=Paul Collins Startup list
2237.  
2238. [Adobe]
2239. Number=318
2240. Confirmed=X
2241. Filename=sysconfig.exe
2242. Description=Added by an unidentified WORM or TROJAN!
2243. Source=Paul Collins Startup list
2244.  
2245. [adobe]
2246. Number=319
2247. Confirmed=X
2248. Filename=gam.exe
2249. Description=Added by an unidentified WORM or TROJAN!
2250. Source=Paul Collins Startup list
2251.  
2252. [Adobe]
2253. Number=320
2254. Confirmed=X
2255. Filename=sysbat32.exe
2256. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.T" target=_blank>LOWZONES.T</a> TROJAN!
2257. Source=Paul Collins Startup list
2258.  
2259. [Adobe]
2260. Number=321
2261. Confirmed=X
2262. Filename=zteam.exe
2263. Description=Added by an unidentified TROJAN!
2264. Source=Paul Collins Startup list
2265.  
2266. [Adobe Acrobat]
2267. Number=322
2268. Confirmed=N
2269. Filename=READER~1.EXE
2270. Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
2271. Source=Paul Collins Startup list
2272.  
2273. [Adobe Acrobat Distiller Application]
2274. Number=323
2275. Confirmed=X
2276. Filename=acrotray.exe
2277. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040512-3029-99" target=_blank>RANDEX.DFJ</a> WORM!
2278. Source=Paul Collins Startup list
2279.  
2280. [Adobe Acrobat Reader CFG]
2281. Number=324
2282. Confirmed=X
2283. Filename=[random filename]
2284. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
2285. Source=Paul Collins Startup list
2286.  
2287. [Adobe Filter Platform]
2288. Number=325
2289. Confirmed=X
2290. Filename=afilterplatform.exe
2291. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotop.html" target=_blank>RBOT-OP</a> WORM!
2292. Source=Paul Collins Startup list
2293.  
2294. [Adobe Gamma Loader]
2295. Number=326
2296. Confirmed=U
2297. Filename=Adobe Gamma Loader.exe
2298. Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
2299. Source=Paul Collins Startup list
2300.  
2301. [Adobe Photo Downloader]
2302. Number=327
2303. Confirmed=N
2304. Filename=apdproxy.exe
2305. Description=Part of <a href="http://www.adobe.com/" target=_blank>Adobe's</a> Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see <a href="http://www.adobe.com/support/techdocs/332361.html" target=_blank>here</a>)
2306. Source=Paul Collins Startup list
2307.  
2308. [Adobe Reader Speed Lauch]
2309. Number=328
2310. Confirmed=N
2311. Filename=reader_sl.exe
2312. Description=Speeds up the launch of Adobe (Acrobat) Reader 7
2313. Source=Paul Collins Startup list
2314.  
2315. [Adobe Reader Speed Launch]
2316. Number=329
2317. Confirmed=N
2318. Filename=reader_sl.exe
2319. Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target=_blank>Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
2320. Source=Paul Collins Startup list
2321.  
2322. [Adobe Reader Speed Launch]
2323. Number=330
2324. Confirmed=N
2325. Filename=READER~1.EXE
2326. Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
2327. Source=Paul Collins Startup list
2328.  
2329. [Adobe Version Cue CS2]
2330. Number=331
2331. Confirmed=U
2332. Filename=VersionCueCS2Tray.exe
2333. Description=File manager that's part of <a href="http://www.adobe.com/products/creativesuite/index.html?c=us" target="_blank">Adobe Creative Suite 2</a> - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
2334. Source=Paul Collins Startup list
2335.  
2336. [AdobeA]
2337. Number=332
2338. Confirmed=X
2339. Filename=adobes.exe
2340. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100373.htm" target="_blank">FLOOD.BA</a> TROJAN!
2341. Source=Paul Collins Startup list
2342.  
2343. [AdobeFonts]
2344. Number=333
2345. Confirmed=X
2346. Filename=fonts.hta
2347. Description=Browser hijacker - redirecting to Hugesearch.net
2348. Source=Paul Collins Startup list
2349.  
2350. [adobemgr]
2351. Number=334
2352. Confirmed=X
2353. Filename=adobemgr.exe
2354. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99" target=_blank>ADCLICKER</a> TROJAN!
2355. Source=Paul Collins Startup list
2356.  
2357. [AdobeReader]
2358. Number=335
2359. Confirmed=X
2360. Filename=msni.exe
2361. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DAO" target="_blank">RBOT.DAO</a> TROJAN!
2362. Source=Paul Collins Startup list
2363.  
2364. [AdobeReaderPro]
2365. Number=336
2366. Confirmed=X
2367. Filename=msnxpsp.exe
2368. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotask.html" target=_blank>RBOT-ASK</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaus.html" target=_blank>RBOT-AUS</a> WORMS!
2369. Source=Paul Collins Startup list
2370.  
2371. [AdobeReaderPro]
2372. Number=337
2373. Confirmed=X
2374. Filename=ntkernell32.exe
2375. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaty.html" target=_blank>RBOT-ATY</a> WORM!
2376. Source=Paul Collins Startup list
2377.  
2378. [AdobeReaderPro]
2379. Number=338
2380. Confirmed=X
2381. Filename=msnserve.exe
2382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotakh.html" target="_blank">SDBOT-AKH</a> WORM!
2383. Source=Paul Collins Startup list
2384.  
2385. [AdobeReaderPro]
2386. Number=339
2387. Confirmed=X
2388. Filename=updt.exe
2389. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotvq.html" target="_blank">IRCBOT-VQ</a> WORM!
2390. Source=Paul Collins Startup list
2391.  
2392. [AdobeReaderProfessional]
2393. Number=340
2394. Confirmed=X
2395. Filename=msx64.exe
2396. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgat.html" target="_blank">RBOT-GAT</a> WORM!
2397. Source=Paul Collins Startup list
2398.  
2399. [AdobeReaderPros]
2400. Number=341
2401. Confirmed=X
2402. Filename=sysmsn.exe
2403. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbgh.html" target="_blank">RBOT-BGH</a> WORM!
2404. Source=Paul Collins Startup list
2405.  
2406. [AdobeVersionCue]
2407. Number=342
2408. Confirmed=N
2409. Filename=VersionCueTray.exe
2410. Description="An exclusive feature of the Adobe« Creative Suite, <a href="http://www.adobe.com/products/creativesuite/versioncue.html" target=_blank>Version CueÖ</a> helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
2411. Source=Paul Collins Startup list
2412.  
2413. [Adope File Manager]
2414. Number=343
2415. Confirmed=X
2416. Filename=lsasv.exe
2417. Description=Added by an unidentified WORM or TROJAN!
2418. Source=Paul Collins Startup list
2419.  
2420. [adp]
2421. Number=344
2422. Confirmed=X
2423. Filename=adp.exe
2424. Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
2425. Source=Paul Collins Startup list
2426.  
2427. [AdPopup]
2428. Number=345
2429. Confirmed=X
2430. Filename=dcf5678.exe
2431. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentfz.html" target=_blank>AGENT-FZ</a> TROJAN!
2432. Source=Paul Collins Startup list
2433.  
2434. [adprot]
2435. Number=346
2436. Confirmed=X
2437. Filename=adprot.exe
2438. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware
2439. Source=Paul Collins Startup list
2440.  
2441. [ADQuickAccess]
2442. Number=347
2443. Confirmed=N
2444. Filename=Adtray.exe
2445. Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
2446. Source=Paul Collins Startup list
2447.  
2448. [ADriver]
2449. Number=348
2450. Confirmed=X
2451. Filename=windrv.exe
2452. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
2453. Source=Paul Collins Startup list
2454.  
2455. [AdRoarUpdate]
2456. Number=349
2457. Confirmed=X
2458. Filename=ARUpdate.exe
2459. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120211-0649-99" target="_blank">AdRoar</a> adware updater
2460. Source=Paul Collins Startup list
2461.  
2462. [AdRotator.Application]
2463. Number=350
2464. Confirmed=X
2465. Filename=[path to csrss.exe]
2466. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target=_blank>SMALL-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
2467. Source=Paul Collins Startup list
2468.  
2469. [AdRotator.Application]
2470. Number=351
2471. Confirmed=X
2472. Filename=services.exe
2473. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99&tabid=1" target=_blank>FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
2474. Source=Paul Collins Startup list
2475.  
2476. [ADS Adware Remover]
2477. Number=352
2478. Confirmed=N
2479. Filename=ADS Adware Remover.exe
2480. Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
2481. Source=Paul Collins Startup list
2482.  
2483. [AdsBlocker]
2484. Number=353
2485. Confirmed=X
2486. Filename=stopAds.exe
2487. Description=Reported as DILAER.DW by <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a>
2488. Source=Paul Collins Startup list
2489.  
2490. [ADService]
2491. Number=354
2492. Confirmed=U
2493. Filename=ADService.exe
2494. Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
2495. Source=Paul Collins Startup list
2496.  
2497. [AdsGone]
2498. Number=355
2499. Confirmed=U
2500. Filename=Adsgone.exe
2501. Description=<a href="http://www.adsgone.com/" target="_blank">AdsGone</a> - pop-up stopper
2502. Source=Paul Collins Startup list
2503.  
2504. [ADSL Diagnostic Tools]
2505. Number=356
2506. Confirmed=N
2507. Filename=mapiicon.exe
2508. Description=System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
2509. Source=Paul Collins Startup list
2510.  
2511. [ADSLSYSTEMTRAY]
2512. Number=357
2513. Confirmed=?
2514. Filename=SystemtrayV100B.exe
2515. Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
2516. Source=Paul Collins Startup list
2517.  
2518. [AdslTaskBar]
2519. Number=358
2520. Confirmed=Y
2521. Filename=rundll32.exe stmctrl.dll, TaskBar
2522. Description=ISP software, initializes DSL modem
2523. Source=Paul Collins Startup list
2524.  
2525. [AdslTaskBars]
2526. Number=359
2527. Confirmed=X
2528. Filename=taskmng.exe
2529. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxz.html" target=_blank>RBOT-AXZ</a> WORM!
2530. Source=Paul Collins Startup list
2531.  
2532. [ADSL_A2]
2533. Number=360
2534. Confirmed=?
2535. Filename=A2Installed
2536. Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. <font color="#FF0000">What does it do and is it required?</font>
2537. Source=Paul Collins Startup list
2538.  
2539. [ADSS]
2540. Number=361
2541. Confirmed=Y
2542. Filename=ADSS.exe
2543. Description=ADSS is part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
2544. Source=Paul Collins Startup list
2545.  
2546. [adstartup]
2547. Number=362
2548. Confirmed=X
2549. Filename=automove.exe
2550. Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target="_blank">Adlogix</a> adware variant
2551. Source=Paul Collins Startup list
2552.  
2553. [adstartup]
2554. Number=363
2555. Confirmed=X
2556. Filename=Adstartup.exe
2557. Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target=_blank>Adlogix</a> adware variant
2558. Source=Paul Collins Startup list
2559.  
2560. [AdStatus Service]
2561. Number=364
2562. Confirmed=X
2563. Filename=AdStatServ.exe
2564. Description=WindUpdates <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094113" target="_blank">AdStatus Service</a> adware
2565. Source=Paul Collins Startup list
2566.  
2567. [AdSubtract]
2568. Number=365
2569. Confirmed=U
2570. Filename=adsub.exe
2571. Description=AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by <a href="http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm" target="_blank">Trend Micro AntiSpyware</a>
2572. Source=Paul Collins Startup list
2573.  
2574. [adtech2005]
2575. Number=366
2576. Confirmed=X
2577. Filename=adtech2005.exe
2578. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.StartPage.aw
2579. Source=Paul Collins Startup list
2580.  
2581. [adtech2006]
2582. Number=367
2583. Confirmed=X
2584. Filename=adtech2006.exe
2585. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Clicker.Win32.VB.kc
2586. Source=Paul Collins Startup list
2587.  
2588. [Adtools Service]
2589. Number=368
2590. Confirmed=X
2591. Filename=AdTools.exe
2592. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082798" target="_blank">Windupdates</a> Adware
2593. Source=Paul Collins Startup list
2594.  
2595. [ADU]
2596. Number=369
2597. Confirmed=?
2598. Filename=adu.exe
2599. Description=Related to <a href="http://www.cisco.com/" target="_blank">Cisco</a> Aironet wireless products. <font color="#FF0000">What does it do and is it required?</font>
2600. Source=Paul Collins Startup list
2601.  
2602. [AdultX]
2603. Number=370
2604. Confirmed=X
2605. Filename=AdultX.exe
2606. Description=Adult content dialler and hijacker
2607. Source=Paul Collins Startup list
2608.  
2609. [Adult_Chat]
2610. Number=371
2611. Confirmed=X
2612. Filename=Adult_Chat.exe
2613. Description=Adult content dialler
2614. Source=Paul Collins Startup list
2615.  
2616. [Adult_Chat1]
2617. Number=372
2618. Confirmed=X
2619. Filename=Adult_Chat1.exe
2620. Description=Adult content dialler
2621. Source=Paul Collins Startup list
2622.  
2623. [AdUpdater]
2624. Number=373
2625. Confirmed=X
2626. Filename=sysupudt.exe
2627. Description=Unidentified adware downloader/updater
2628. Source=Paul Collins Startup list
2629.  
2630. [ADUserMon]
2631. Number=374
2632. Confirmed=U
2633. Filename=ADUserMon.exe
2634. Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip« disk. Required if you wish the applications to launch on insertion of a disk
2635. Source=Paul Collins Startup list
2636.  
2637. [Advanced DHTML Enable]
2638. Number=375
2639. Confirmed=X
2640. Filename=exo32.exe
2641. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckfi.html" target="_blank">RANCK-FI</a> TROJAN!
2642. Source=Paul Collins Startup list
2643.  
2644. [Advanced Internet Protocol]
2645. Number=376
2646. Confirmed=X
2647. Filename=cerf.exe
2648. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
2649. Source=Paul Collins Startup list
2650.  
2651. [Advanced Protection System]
2652. Number=377
2653. Confirmed=X
2654. Filename=advpsys.exe
2655. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
2656. Source=Paul Collins Startup list
2657.  
2658. [Advanced Spyware Remover]
2659. Number=378
2660. Confirmed=U
2661. Filename=Asr.exe
2662. Description=<a href="http://www.evonsoft.com/" target=_blank>Advanced Spyware Remover</a> anti spyware tool
2663.  
2664. Source=Paul Collins Startup list
2665.  
2666. [Advanced Tool Checks]
2667. Number=379
2668. Confirmed=X
2669. Filename=advchks.exe
2670. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
2671. Source=Paul Collins Startup list
2672.  
2673. [Advanced Tools Check]
2674. Number=380
2675. Confirmed=N
2676. Filename=ADVCHK.EXE
2677. Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
2678. Source=Paul Collins Startup list
2679.  
2680. [Advanced Uninstaller PRO Installation Monitor]
2681. Number=381
2682. Confirmed=U
2683. Filename=monitor.exe
2684. Description=Innovative Solutions <a href="http://www.innovative-sol.com/products.htm#uninstaller" target=_blank>Advanced Uninstaller PRO</a> - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
2685. Source=Paul Collins Startup list
2686.  
2687. [Advapi]
2688. Number=382
2689. Confirmed=X
2690. Filename=Advapi.exe
2691. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.12" target="_blank">NETDEVIL.12</a> WORM!
2692. Source=Paul Collins Startup list
2693.  
2694. [ADVCHK]
2695. Number=383
2696. Confirmed=N
2697. Filename=ADVCHK.EXE
2698. Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
2699. Source=Paul Collins Startup list
2700.  
2701. [Advertising Killer]
2702. Number=384
2703. Confirmed=U
2704. Filename=Akiller.exe
2705. Description=<a href="http://sourceforge.net/projects/akiller/" target="_blank">Advertising Killer</a> - popup stopper
2706. Source=Paul Collins Startup list
2707.  
2708. [advmon32]
2709. Number=385
2710. Confirmed=X
2711. Filename=advmon32.exe
2712. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
2713. Source=Paul Collins Startup list
2714.  
2715. [Adware Agent]
2716. Number=386
2717. Confirmed=U
2718. Filename=adware agent.exe
2719. Description=<a href="http://www.topshareware.com/Adware-Agent-download-4866.htm" target="_blank">Adware Agent</a> popup blocker
2720. Source=Paul Collins Startup list
2721.  
2722. [Adware Spy]
2723. Number=387
2724. Confirmed=N
2725. Filename=AdwareSpy.exe
2726. Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
2727. Source=Paul Collins Startup list
2728.  
2729. [AdwareAlert]
2730. Number=388
2731. Confirmed=U
2732. Filename=AdwareAlert.Exe
2733. Description=Adware program, previously not recommended (see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#adw-alert_note" target=_blank>here</a>). It has now been delisted, so make sure you have the latest version
2734. Source=Paul Collins Startup list
2735.  
2736. [AdwareDelete]
2737. Number=389
2738. Confirmed=N
2739. Filename=adwaredelete.exe
2740. Description=Adware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
2741. Source=Paul Collins Startup list
2742.  
2743. [Aeiwlsta.exe]
2744. Number=390
2745. Confirmed=?
2746. Filename=Aeiwlsta.exe
2747. Description=IBM High Rate Wireless LAN Adapter driver.<font color="#FF0000"> Is it required?</font>
2748. Source=Paul Collins Startup list
2749.  
2750. [AELaunch]
2751. Number=391
2752. Confirmed=N
2753. Filename=AELaunch.exe
2754. Description=Audio Applications Launcher for the Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard
2755. Source=Paul Collins Startup list
2756.  
2757. [AERVICESN]
2758. Number=392
2759. Confirmed=X
2760. Filename=AERVICESN.exe
2761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32randonao.html" target=_blank>RANDON-AO</a> WORM!
2762. Source=Paul Collins Startup list
2763.  
2764. [AeXAgentLogon]
2765. Number=393
2766. Confirmed=N
2767. Filename=AeXAgentActivate.exe
2768. Description=<a href="http://www.altiris.com" target=_blank>Altiris</a> Agent transmits information about your machine for the purpose of asset management and deployment
2769. Source=Paul Collins Startup list
2770.  
2771. [AeXSWDUsr]
2772. Number=394
2773. Confirmed=?
2774. Filename=AeXSWDUsr.exe
2775. Description=<a href="http://www.altiris.com/" target="_blank">Altiris</a> Express NS Client Manager software. <font color="#FF0000"> Is it required?</font>
2776. Source=Paul Collins Startup list
2777.  
2778. [AEZBProc]
2779. Number=395
2780. Confirmed=U
2781. Filename=aptezbp.exe
2782. Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
2783. Source=Paul Collins Startup list
2784.  
2785. [AFAFilter]
2786. Number=396
2787. Confirmed=U
2788. Filename=windefault.exe
2789. Description=<a href="http://www.afafilter.com/" target="_blank">AFAFilter</a> - internet filter software
2790. Source=Paul Collins Startup list
2791.  
2792. [Agent]
2793. Number=397
2794. Confirmed=N
2795. Filename=Agent.exe
2796. Description=<a href="http://www.cyberlink.com/" target=_blank>Cyberlink's</a> Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
2797.  
2798. Source=Paul Collins Startup list
2799.  
2800. [Agent]
2801. Number=398
2802. Confirmed=X
2803. Filename=alsys.exe
2804. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefv.html" target="_blank">DREF-V</a> VIRUS!
2805. Source=Paul Collins Startup list
2806.  
2807. [agent]
2808. Number=399
2809. Confirmed=X
2810. Filename=ppl.exe
2811. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefu.html" target="_blank">DREF-U</a> VIRUS!
2812. Source=Paul Collins Startup list
2813.  
2814. [Agent Browser]
2815. Number=400
2816. Confirmed=X
2817. Filename=[random filename]
2818. Description=Added by the PPdoor.M-bdr backdoor TROJAN!
2819. Source=Paul Collins Startup list
2820.  
2821. [Agent Explorer]
2822. Number=401
2823. Confirmed=X
2824. Filename=[random filename]
2825. Description=Unidentified adware
2826. Source=Paul Collins Startup list
2827.  
2828. [Agente]
2829. Number=402
2830. Confirmed=?
2831. Filename=Remupd.exe
2832. Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. <font color="#FF0000">Is this an update reminder (guess because of the name), virus definition update reminder or something similar?</font>
2833. Source=Paul Collins Startup list
2834.  
2835. [agentsvr]
2836. Number=403
2837. Confirmed=X
2838. Filename=agentsvr.exe
2839. Description=Malware, detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described  <a href="http://www.microsoft.com/msagent/default.asp" target=_blank>here</a> - the legitimate file will always be located in the Windows\Msagent folder
2840. Source=Paul Collins Startup list
2841.  
2842. [AgfaCLnk]
2843. Number=404
2844. Confirmed=U
2845. Filename=AgfaCLnk.exe
2846. Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
2847. Source=Paul Collins Startup list
2848.  
2849. [agp]
2850. Number=405
2851. Confirmed=X
2852. Filename=agp32.exe
2853. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
2854. Source=Paul Collins Startup list
2855.  
2856. [AGRSMMSG]
2857. Number=406
2858. Confirmed=Y
2859. Filename=AGRSMMSG.exe
2860. Description=IBM AMR modem driver
2861. Source=Paul Collins Startup list
2862.  
2863. [AGSatellite]
2864. Number=407
2865. Confirmed=N
2866. Filename=AGSatellite.exe
2867. Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
2868. Source=Paul Collins Startup list
2869.  
2870. [ahfp]
2871. Number=408
2872. Confirmed=U
2873. Filename=ahfp.exe
2874. Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
2875. Source=Paul Collins Startup list
2876.  
2877. [ahfprog]
2878. Number=409
2879. Confirmed=U
2880. Filename=ahfp.exe
2881. Description=<a href="http://www.softbe.com/" target="_blank">Advanced Hide Folders</a> - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
2882. Source=Paul Collins Startup list
2883.  
2884. [AHNSD]
2885. Number=410
2886. Confirmed=Y
2887. Filename=AhnSD.exe
2888. Description=<a href="http://global.ahnlab.com/" target="_blank">AhnLab</a> V3 antivirus updater - leave enabled unless you manually update on a regular basis
2889. Source=Paul Collins Startup list
2890.  
2891. [AHNUE]
2892. Number=411
2893. Confirmed=?
2894. Filename=AHNUE.exe
2895. Description=<font color="#FF0000">??</font>
2896. Source=Paul Collins Startup list
2897.  
2898. [ahost]
2899. Number=412
2900. Confirmed=X
2901. Filename=ahost.exe
2902. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
2903. Source=Paul Collins Startup list
2904.  
2905. [AHQInit]
2906. Number=413
2907. Confirmed=N
2908. Filename=ahqinit.exe
2909. Description=Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
2910. Source=Paul Collins Startup list
2911.  
2912. [Ahst]
2913. Number=414
2914. Confirmed=X
2915. Filename=iebs.exe
2916. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
2917. Source=Paul Collins Startup list
2918.  
2919. [AHU]
2920. Number=415
2921. Confirmed=X
2922. Filename=[path to worm]
2923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
2924. Source=Paul Collins Startup list
2925.  
2926. [ahui32.exe]
2927. Number=416
2928. Confirmed=X
2929. Filename=ahui32.exe
2930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifm.html" target=_blank>CERTIF-M</a> TROJAN!
2931. Source=Paul Collins Startup list
2932.  
2933. [Aica]
2934. Number=417
2935. Confirmed=X
2936. Filename=tuaa.exe
2937. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
2938. Source=Paul Collins Startup list
2939.  
2940. [Aida]
2941. Number=418
2942. Confirmed=X
2943. Filename=ttuh.exe
2944. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
2945. Source=Paul Collins Startup list
2946.  
2947. [Aida]
2948. Number=419
2949. Confirmed=X
2950. Filename=eetu.exe
2951. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target=_blank>PurityScan/Clickspring</a> adware
2952. Source=Paul Collins Startup list
2953.  
2954. [aiepk]
2955. Number=420
2956. Confirmed=U
2957. Filename=aiepk2.exe
2958. Description=<a href="http://www.fadsoft.net/Another%20IE%20Popup%20Killer.htm" target="_blank">Another IE Popup Killer</a> - pop-up stopper
2959. Source=Paul Collins Startup list
2960.  
2961. [AIM]
2962. Number=421
2963. Confirmed=N
2964. Filename=aim.exe
2965. Description=AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
2966. Source=Paul Collins Startup list
2967.  
2968. [AIM]
2969. Number=422
2970. Confirmed=U
2971. Filename=AIM+.exe
2972. Description=AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
2973. Source=Paul Collins Startup list
2974.  
2975. [AIM Instant Message Cookies]
2976. Number=423
2977. Confirmed=X
2978. Filename=[random filename]
2979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafv.html" target=_blank>RBOT-AFV</a> WORM!
2980. Source=Paul Collins Startup list
2981.  
2982. [Aim Plugin]
2983. Number=424
2984. Confirmed=X
2985. Filename=aimplugin.exe
2986. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32guapf.html" target=_blank>GUAP-F</a> WORM!
2987. Source=Paul Collins Startup list
2988.  
2989. [AIM reminder]
2990. Number=425
2991. Confirmed=X
2992. Filename=AIM reminder.exe
2993. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
2994. Source=Paul Collins Startup list
2995.  
2996. [Aim6]
2997. Number=426
2998. Confirmed=N
2999. Filename=AOLLaunch.exe
3000. Description=<a href="http://www.aim.com/" target="_blank">AOL Instant Messenger</a> - start it when you want to use it
3001. Source=Paul Collins Startup list
3002.  
3003. [AIM95 Startup]
3004. Number=427
3005. Confirmed=X
3006. Filename=aim95.exe
3007. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE" target=_blank>AGOBOT.AEE</a> WORM!
3008. Source=Paul Collins Startup list
3009.  
3010. [aimaol lptt01]
3011. Number=428
3012. Confirmed=X
3013. Filename=aimaol.exe
3014. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
3015. Source=Paul Collins Startup list
3016.  
3017. [aimaol ml097e]
3018. Number=429
3019. Confirmed=X
3020. Filename=aimaol.exe
3021. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
3022. Source=Paul Collins Startup list
3023.  
3024. [aimb.exe]
3025. Number=430
3026. Confirmed=U
3027. Filename=aimb.exe
3028. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html" target=_blank>IMSufSentinel</a> is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
3029. Source=Paul Collins Startup list
3030.  
3031. [AimingClick]
3032. Number=431
3033. Confirmed=N
3034. Filename=AimingClick.exe
3035. Description=<a href="http://www.aimingtech.com/aimingclick/" target="_blank">AimingClick</a> from AimingTech. Web searching tool. Available via Start -> Programs
3036. Source=Paul Collins Startup list
3037.  
3038. [AIMPro]
3039. Number=432
3040. Confirmed=U
3041. Filename=aimpro.exe
3042. Description=<a href="http://aimpro.premiumservices.aol.com/" target="_blank">AIM Pro</a> - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing
3043. Source=Paul Collins Startup list
3044.  
3045. [AIMster]
3046. Number=433
3047. Confirmed=N
3048. Filename=??
3049. Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
3050. Source=Paul Collins Startup list
3051.  
3052. [AIMWDInstall]
3053. Number=434
3054. Confirmed=N
3055. Filename=AIMWDInstall.exe
3056. Description=Version of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
3057. Source=Paul Collins Startup list
3058.  
3059. [Aiptek Graphics Tablet (USB)]
3060. Number=435
3061. Confirmed=Y
3062. Filename=atwtusb.exe
3063. Description=USB interface for Aiptek Graphics Tablet (USB)
3064. Source=Paul Collins Startup list
3065.  
3066. [aircity]
3067. Number=436
3068. Confirmed=X
3069. Filename=aircity.exe
3070. Description=Related to "Prutect" malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a>
3071. Source=Paul Collins Startup list
3072.  
3073. [AKEYNAME]
3074. Number=437
3075. Confirmed=X
3076. Filename=WinServ.exe
3077. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101912-0427-99" target="_blank">EVILBOT.C</a> TROJAN!
3078. Source=Paul Collins Startup list
3079.  
3080. [akeys]
3081. Number=438
3082. Confirmed=U
3083. Filename=akeys.exe
3084. Description="<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
3085. Source=Paul Collins Startup list
3086.  
3087. [AKiller]
3088. Number=439
3089. Confirmed=U
3090. Filename=akiller.exe
3091. Description=<a href="http://sourceforge.net/projects/akiller/" target="_blank">Advertising Killer</a> - popup stopper
3092. Source=Paul Collins Startup list
3093.  
3094. [ala.exe]
3095. Number=440
3096. Confirmed=X
3097. Filename=ala.exe
3098. Description=<a href="http://www.softheap.com/lock.html" target=_blank>Access Lock</a> is a system-tray security utility you can use to secure your desktop when you are away from your computer
3099. Source=Paul Collins Startup list
3100.  
3101. [Alarm Manager]
3102. Number=441
3103. Confirmed=U
3104. Filename=Alarm.app.exe
3105. Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
3106. Source=Paul Collins Startup list
3107.  
3108. [AlarmWatcher]
3109. Number=442
3110. Confirmed=?
3111. Filename=AlarmWatcher.exe
3112. Description=<font color="#FF0000">Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?</font>
3113. Source=Paul Collins Startup list
3114.  
3115. [Album Fast Start]
3116. Number=443
3117. Confirmed=N
3118. Filename=ABMTSR.EXE
3119. Description=Scanner software, not required for scanner to work
3120. Source=Paul Collins Startup list
3121.  
3122. [AlcFDMonitor]
3123. Number=444
3124. Confirmed=?
3125. Filename=ALCFDRTM.EXE
3126. Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
3127. Source=Paul Collins Startup list
3128.  
3129. [ALCFDRTM16]
3130. Number=445
3131. Confirmed=?
3132. Filename=ALCFDRTM16.com
3133. Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - <font color="#FF0000">is it required in startup?</font>
3134. Source=Paul Collins Startup list
3135.  
3136. [Alchem]
3137. Number=446
3138. Confirmed=X
3139. Filename=Alchem.exe
3140. Description=<a href="http://www.symantec.com/security_response/print_writeup.jsp?docid=2004-050512-4801-99" target="_blank">ClickAlchemy</a> adware
3141. Source=Paul Collins Startup list
3142.  
3143. [Alcmtr]
3144. Number=447
3145. Confirmed=U
3146. Filename=Alcmtr.exe
3147. Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
3148. Source=Paul Collins Startup list
3149.  
3150. [Alcohol]
3151. Number=448
3152. Confirmed=U
3153. Filename=Alcohol.exe
3154. Description=<a href="http://www.alcohol-software.com/index.php" target="_blank">Alcohol 120%</a> - CD/DVD emulation/writing/copying software 
3155. Source=Paul Collins Startup list
3156.  
3157. [Alcohol Autorun]
3158. Number=449
3159. Confirmed=U
3160. Filename=Alcohol.exe
3161. Description=<a href="http://www.alcohol-software.com/index.php" target="_blank">Alcohol 120%</a> - CD/DVD emulation/writing/copying software
3162. Source=Paul Collins Startup list
3163.  
3164. [Alcom PCL Capture]
3165. Number=450
3166. Confirmed=?
3167. Filename=FMW_PCAP.EXE
3168. Description=<font color="#FF0000">??</font>
3169. Source=Paul Collins Startup list
3170.  
3171. [AlcWzrd]
3172. Number=451
3173. Confirmed=N
3174. Filename=ALCWZRD.EXE
3175. Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
3176. Source=Paul Collins Startup list
3177.  
3178. [AlcxMonitor]
3179. Number=452
3180. Confirmed=U
3181. Filename=Alcxmntr.exe
3182. Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
3183. Source=Paul Collins Startup list
3184.  
3185. [aldefr ere service]
3186. Number=453
3187. Confirmed=X
3188. Filename=tay0x.exe
3189. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxs.html" target=_blank>RBOT-XS</a> WORM!
3190. Source=Paul Collins Startup list
3191.  
3192. [Alevir]
3193. Number=454
3194. Confirmed=X
3195. Filename=Alevir.exe
3196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaserva.html" target=_blank>OPASERV-A</a> WORM!
3197.  
3198. Source=Paul Collins Startup list
3199.  
3200. [AlevirOld]
3201. Number=455
3202. Confirmed=X
3203. Filename=[worm filename]
3204. Description=Added by the <a href="http://www.bullguard.com/virus/default.aspx?id=24" target=_blank>OPASERV</a> WORM!
3205.  
3206. Source=Paul Collins Startup list
3207.  
3208. [Alexa]
3209. Number=456
3210. Confirmed=N
3211. Filename=alexa.exe
3212. Description=Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the <a href="http://www.alexa.com/site/help/privacy" target="_blank">Privacy Policy</a>. Not Recommended
3213. Source=Paul Collins Startup list
3214.  
3215. [AlexaToolbar]
3216. Number=457
3217. Confirmed=X
3218. Filename=alt.exe
3219. Description=Reported as the DELF.EB hijacker by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
3220. Source=Paul Collins Startup list
3221.  
3222. [AlfaCleaner]
3223. Number=458
3224. Confirmed=X
3225. Filename=AlfaCleaner.exe
3226. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AlfaCleaner&threatid=44118" target="_blank">AlphaCleaner</a> is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware 
3227.  
3228. Source=Paul Collins Startup list
3229.  
3230. [AlfaClock Classic]
3231. Number=459
3232. Confirmed=U
3233. Filename=AlfaClock.exe
3234. Description=<a href="http://www.alfasoftweb.com/" target=_blank>AlfaClock</a> from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"
3235.  
3236. Source=Paul Collins Startup list
3237.  
3238. [ALFY Accellerator]
3239. Number=460
3240. Confirmed=?
3241. Filename=AlfyAC~1.exe
3242. Description=<font color="#FF0000">??</font>
3243. Source=Paul Collins Startup list
3244.  
3245. [ALG.EXE]
3246. Number=461
3247. Confirmed=X
3248. Filename=iexplorer .exe
3249. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32demotryb.html" target=_blank>DEMOTRY-B</a> WORM!
3250. Source=Paul Collins Startup list
3251.  
3252. [ALG32]
3253. Number=462
3254. Confirmed=X
3255. Filename=ALG32.EXE
3256. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031109-3305-99" target=_blank>STARTPAGE.K</a> hijacker
3257. Source=Paul Collins Startup list
3258.  
3259. [ALGU]
3260. Number=463
3261. Confirmed=X
3262. Filename=ALGU.EXE
3263. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsi.html" target=_blank>CWS-I</a> TROJAN!
3264. Source=Paul Collins Startup list
3265.  
3266. [ALi5289]
3267. Number=464
3268. Confirmed=U
3269. Filename=ALi5289.exe
3270. Description=Related to <a href="http://www.uli.com.tw/" target="_blank">Uli Integrated Drivers</a> from Uli Electronics Inc
3271. Source=Paul Collins Startup list
3272.  
3273. [Alias SketchBook Snapshot]
3274. Number=465
3275. Confirmed=N
3276. Filename=ALIASS~2.EXE
3277. Description=Screen-capture utility for Alias Sketchbook
3278. Source=Paul Collins Startup list
3279.  
3280. [AlienAutopsy]
3281. Number=466
3282. Confirmed=N
3283. Filename=Test_BS.exe
3284. Description=<a href="http://www.alienware.com/" target="_blank">Alienware</a> computer technical support software
3285. Source=Paul Collins Startup list
3286.  
3287. [ALiSndMgr]
3288. Number=467
3289. Confirmed=Y
3290. Filename=ALiSndMg.exe
3291. Description=ALi AC97 Sound driver
3292. Source=Paul Collins Startup list
3293.  
3294. [AliUSBfix]
3295. Number=468
3296. Confirmed=?
3297. Filename=GREENMK.exe
3298. Description=<font color="#FF0000">May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?</font>
3299. Source=Paul Collins Startup list
3300.  
3301. [Alive SYstem]
3302. Number=469
3303. Confirmed=X
3304. Filename=scchost.exe
3305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofdropb.html" target=_blank>TOFDROP-B</a> TROJAN!
3306. Source=Paul Collins Startup list
3307.  
3308. [Alive SYstem]
3309. Number=470
3310. Confirmed=X
3311. Filename=scchostc.exe
3312. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofdropb.html" target=_blank>TOFDROP-B</a> TROJAN!
3313. Source=Paul Collins Startup list
3314.  
3315. [alkasr]
3316. Number=471
3317. Confirmed=X
3318. Filename=╬Σ╥φ╤.exe
3319. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090212-3607-99" target="_blank">BALKART</a> TROJAN!
3320. Source=Paul Collins Startup list
3321.  
3322. [All Aboard Status]
3323. Number=472
3324. Confirmed=U
3325. Filename=stswin.exe
3326. Description=<a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm">All Aboard! Internet Connection Sharing</a> status icon
3327. Source=Paul Collins Startup list
3328.  
3329. [All Sea screen saver]
3330. Number=473
3331. Confirmed=X
3332. Filename=TaskTray.exe
3333. Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
3334. Source=Paul Collins Startup list
3335.  
3336. [All Sea web link]
3337. Number=474
3338. Confirmed=X
3339. Filename=FWLink.exe
3340. Description="Free screensaver", installs lots of foistware. See <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=10&t=5833&hl=&s=" target="_blank">here</a>. Get rid of it
3341. Source=Paul Collins Startup list
3342.  
3343. [AllerCalc]
3344. Number=475
3345. Confirmed=N
3346. Filename=AllerCalc.exe
3347. Description=<a href="http://www.allersoft.com/allercalc.htm" target=_blank>AllerCalc</a> is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
3348. Source=Paul Collins Startup list
3349.  
3350. [Allopassw]
3351. Number=476
3352. Confirmed=X
3353. Filename=[path to trojan]
3354. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RANKY.CU" target="_blank">RANKY.CU</a> TROJAN!
3355. Source=Paul Collins Startup list
3356.  
3357. [AllSeeingEye]
3358. Number=477
3359. Confirmed=U
3360. Filename=ase.exe
3361. Description=<a href="http://www.fortego.com/en/ase.html" target=_blank>All-Seeing_Eye</a> security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"
3362. Source=Paul Collins Startup list
3363.  
3364. [allSnap]
3365. Number=478
3366. Confirmed=U
3367. Filename=allSnap.exe
3368. Description="<a href="http://ca.geocities.com/ivanheckman@rogers.com/" target="_blank">allSnap</a> is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
3369. Source=Paul Collins Startup list
3370.  
3371. [AllToTray]
3372. Number=479
3373. Confirmed=U
3374. Filename=ALLTOTRAY.EXE
3375. Description=<a href="http://www.dntsoft.com/" target=_blank>AlltoTray</a> from DNTSoft - minimize any program to your System Tray
3376.  
3377. Source=Paul Collins Startup list
3378.  
3379. [Alogrithm Link Queue]
3380. Number=480
3381. Confirmed=X
3382. Filename=alq.exe
3383. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
3384. Source=Paul Collins Startup list
3385.  
3386. [Alogserv]
3387. Number=481
3388. Confirmed=U
3389. Filename=Alogserv.exe
3390. Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
3391. Source=Paul Collins Startup list
3392.  
3393. [ALPass]
3394. Number=482
3395. Confirmed=U
3396. Filename=ALPass.exe
3397. Description=<a href="http://www.altools.net/Default.aspx?tabid=62" target=_blank>ALPass</a> password manager
3398. Source=Paul Collins Startup list
3399.  
3400. [Alps Electric USB Server]
3401. Number=483
3402. Confirmed=Y
3403. Filename=Monserv.exe
3404. Description=Alps Electric USB Server - required according to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;200692" target="_blank">this</a> article
3405.  
3406.  
3407. Source=Paul Collins Startup list
3408.  
3409. [AlpsPoint]
3410. Number=484
3411. Confirmed=U
3412. Filename=Apoint.exe
3413. Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
3414. Source=Paul Collins Startup list
3415.  
3416. [ALServ]
3417. Number=485
3418. Confirmed=?
3419. Filename=ALServ.exe
3420. Description=Altec Lansing AMS speaker related.<font color="#FF0000"> What does it do and is it required?</font>
3421. Source=Paul Collins Startup list
3422.  
3423. [Altnet]
3424. Number=486
3425. Confirmed=X
3426. Filename=points manager.exe
3427. Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
3428. Source=Paul Collins Startup list
3429.  
3430. [AltnetPointsManager]
3431. Number=487
3432. Confirmed=X
3433. Filename=points manager.exe
3434. Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
3435. Source=Paul Collins Startup list
3436.  
3437. [AltoMB_service]
3438. Number=488
3439. Confirmed=U
3440. Filename=AltoMBsrv.exe
3441. Description=Alto Memory Booster from <a href="http://www.altosoftware.com/" target="_blank">Alto Software</a> - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
3442. Source=Paul Collins Startup list
3443.  
3444. [ALTOOLS]
3445. Number=489
3446. Confirmed=U
3447. Filename=AccessL.exe
3448. Description=<a href="http://www.altools.net/" target=_blank>ALTools</a> family of PC utilities
3449.  
3450. Source=Paul Collins Startup list
3451.  
3452. [AltPayments]
3453. Number=490
3454. Confirmed=X
3455. Filename=AltPayments.exe
3456. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053116-5734-99" target="_blank">WeirdOnTheWeb</a> adware
3457. Source=Paul Collins Startup list
3458.  
3459. [ALU Scheduler Service]
3460. Number=491
3461. Confirmed=N
3462. Filename=ALUSchedulerSvc.exe
3463. Description=Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
3464. Source=Paul Collins Startup list
3465.  
3466. [ALUAlert]
3467. Number=492
3468. Confirmed=U
3469. Filename=ALUNotify.exe
3470. Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
3471. Source=Paul Collins Startup list
3472.  
3473. [Aluria Security Center]
3474. Number=493
3475. Confirmed=N
3476. Filename=SecurityCenter.exe
3477. Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target="_blank">here</a>
3478. Source=Paul Collins Startup list
3479.  
3480. [Aluria's Pop-Up Stopper]
3481. Number=494
3482. Confirmed=U
3483. Filename=eps.exe
3484. Description=Aluria Pop-Stopper
3485. Source=Paul Collins Startup list
3486.  
3487. [Aluria's Spyware Eliminator]
3488. Number=495
3489. Confirmed=N
3490. Filename=ASE.exe
3491. Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target="_blank">here</a>
3492. Source=Paul Collins Startup list
3493.  
3494. [AlwaysOnTopMaker]
3495. Number=496
3496. Confirmed=U
3497. Filename=AlwaysOnTopMaker.exe
3498. Description=<a href="http://www.fadsoft.net/AlwaysOnTopMaker.htm" target="_blank">Always On Top Maker</a> - utilty to enable an application to always be displayed "on top" of others on the desktop
3499. Source=Paul Collins Startup list
3500.  
3501. [AlwaysReady Power Message APP]
3502. Number=497
3503. Confirmed=N
3504. Filename=ARPWRMSG.EXE
3505. Description=Related to HP and Compaq Desktop PCs. Read <a href="http://h10025.www1.hp.com:80/ewfrf/wc/genericDocument?docname=bph07149&cc=us&lc=en&dlc=en&dlc=en&lang=en" target="_blank">this</a> article
3506. Source=Paul Collins Startup list
3507.  
3508. [AmazingTens]
3509. Number=498
3510. Confirmed=X
3511. Filename=AmazingTens.exe
3512. Description=Premium rate adult content dialler
3513. Source=Paul Collins Startup list
3514.  
3515. [AMD PowerNow!]
3516. Number=499
3517. Confirmed=U
3518. Filename=GemBack.exe
3519. Description=<a href="http://www.amd.com/us-en/0,,3715_13530_1260_1204^964,00.html" target="_blank">AMD PowerNow!</a> - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"
3520. Source=Paul Collins Startup list
3521.  
3522. [amd_dc_opt]
3523. Number=500
3524. Confirmed=Y
3525. Filename=amd_dc_opt.exe
3526. Description=<a href="http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_9706,00.html" target="_blank">AMD Dual-Core Optimizer</a> - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"
3527. Source=Paul Collins Startup list
3528.  
3529. [America Online *.* Tray Icon]
3530. Number=501
3531. Confirmed=N
3532. Filename=aoltray.exe
3533. Description=Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
3534. Source=Paul Collins Startup list
3535.  
3536. [AME_CSA]
3537. Number=502
3538. Confirmed=N
3539. Filename=rundll32 amecsa.cpl, RUN_DLL
3540. Description=Loads ADSL modem Control Panel applet
3541. Source=Paul Collins Startup list
3542.  
3543. [AModemLockDown]
3544. Number=503
3545. Confirmed=U
3546. Filename=ModemLockDown.exe
3547. Description=<a href="http://modemlockdown.techconz.com/index.html" target=_blank>ModemLockDown</a> - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
3548. Source=Paul Collins Startup list
3549.  
3550. [Amon]
3551. Number=504
3552. Confirmed=Y
3553. Filename=AMON.EXE
3554. Description=Monitoring part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner
3555. Source=Paul Collins Startup list
3556.  
3557. [Amonitor]
3558. Number=505
3559. Confirmed=Y
3560. Filename=amon.exe
3561. Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
3562. Source=Paul Collins Startup list
3563.  
3564. [AMP WinOFF]
3565. Number=506
3566. Confirmed=U
3567. Filename=winoff.exe
3568. Description=<a href="http://www.ampsoft.net/utilities/WinOFF.php" target=_blank>WinOFF</a> is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
3569. Source=Paul Collins Startup list
3570.  
3571. [AMSG]
3572. Number=507
3573. Confirmed=U
3574. Filename=Amsg.exe
3575. Description=Part of the IBM <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/productivity_ctr.html" target="_blank">ThinkVantage Productivity Center</a>. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"
3576. Source=Paul Collins Startup list
3577.  
3578. [AMSN]
3579. Number=508
3580. Confirmed=N
3581. Filename=amsn.exe
3582. Description=<a href="http://sourceforge.net/projects/amsn/" target="_blank">aMSN Messenger</a> is a multiplatform MSN messenger clone
3583. Source=Paul Collins Startup list
3584.  
3585. [amsn]
3586. Number=509
3587. Confirmed=X
3588. Filename=amsn.exe
3589. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbnz.html" target="_blank">BANKER-BNZ</a> TROJAN!
3590. Source=Paul Collins Startup list
3591.  
3592. [Anapod Manager]
3593. Number=510
3594. Confirmed=N
3595. Filename=anamgr.exe
3596. Description=<a href="http://www.redchairsoftware.com/anapod/" target="_blank">Anapod Explorer</a> "is the most advanced Windows iPod software available, offering iPod management through full Windows Explorer integration under My Computer"
3597. Source=Paul Collins Startup list
3598.  
3599. [anbv32]
3600. Number=511
3601. Confirmed=X
3602. Filename=nabv32.exe
3603. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091209-3011-99" target="_blank">TITOG.C</a> WORM!
3604. Source=Paul Collins Startup list
3605.  
3606. [ANIWZCS2Service]
3607. Number=512
3608. Confirmed=Y
3609. Filename=WZCSLDR2.exe
3610. Description=<a href="http://www.alphanetworks.com/" target=_blank>ALPHA Networks</a> wireless driver
3611. Source=Paul Collins Startup list
3612.  
3613. [ANIWZCSService]
3614. Number=513
3615. Confirmed=?
3616. Filename=WZCSLDR.exe
3617. Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
3618. Source=Paul Collins Startup list
3619.  
3620. [AnnotateCheck]
3621. Number=514
3622. Confirmed=?
3623. Filename=AnnCheck.exe
3624. Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
3625. Source=Paul Collins Startup list
3626.  
3627. [Announcements]
3628. Number=515
3629. Confirmed=N
3630. Filename=Annclist.exe
3631. Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
3632. Source=Paul Collins Startup list
3633.  
3634. [Anntext]
3635. Number=516
3636. Confirmed=N
3637. Filename=Anntext.exe
3638. Description=Caere Pagekeeper text annotation server
3639. Source=Paul Collins Startup list
3640.  
3641. [Anonymizer Total Net Shield]
3642. Number=517
3643. Confirmed=U
3644. Filename=AnonTns.exe
3645. Description=Anonymizer <a href="http://www.anonymizer.com/consumer/products/total_net_shield/" target="_blank">Total Net Shield</a> - ID protection and privacy software
3646. Source=Paul Collins Startup list
3647.  
3648. [ANONYMIZER_SPYWAREKILLER]
3649. Number=518
3650. Confirmed=U
3651. Filename=SpyWareKiller.exe
3652. Description=Anonymizer Spyware Killer - now <a href="http://www.anonymizer.com/consumer/products/anti_spyware/" target="_blank">Anti-Spyware</a>
3653. Source=Paul Collins Startup list
3654.  
3655. [ANONYMIZER_SPYWAREKILLER]
3656. Number=519
3657. Confirmed=U
3658. Filename=AnonAntiSpyware.exe
3659. Description=Anonymizer Spyware Killer - now <a href="http://www.anonymizer.com/consumer/products/anti_spyware/" target="_blank">Anti-Spyware</a>
3660. Source=Paul Collins Startup list
3661.  
3662. [Another Internet Explorer Popup Killer]
3663. Number=520
3664. Confirmed=U
3665. Filename=aiepk2.exe
3666. Description=<a href="http://www.fadsoft.net/Another%20IE%20Popup%20Killer.htm" target="_blank">Another IE Popup Killer</a> - pop-up stopper
3667. Source=Paul Collins Startup list
3668.  
3669. [ansjava]
3670. Number=521
3671. Confirmed=X
3672. Filename=[path to worm]
3673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32randonan.html" target=_blank>RANDON-AN</a> WORM!
3674. Source=Paul Collins Startup list
3675.  
3676. [Anskya]
3677. Number=522
3678. Confirmed=X
3679. Filename=PYSKY.NET.exe
3680. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadermw.html" target="_blank">DLOADER-MW</a> TROJAN!
3681. Source=Paul Collins Startup list
3682.  
3683. [Answer Problem]
3684. Number=523
3685. Confirmed=X
3686. Filename=dSAFsqs.exe
3687. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsc.html" target="_blank">SDBOT-SC</a> WORM!
3688. Source=Paul Collins Startup list
3689.  
3690. [AnswerTool]
3691. Number=524
3692. Confirmed=U
3693. Filename=AnswerTool.exe
3694. Description=<a href="http://www.answertool.com/" target=_blank>AnswerTool</a> - save your E-mail replies in AnswerTool, then reuse them again and again
3695.  
3696. Source=Paul Collins Startup list
3697.  
3698. [Anti Spam Service]
3699. Number=525
3700. Confirmed=X
3701. Filename=spamsvc.exe
3702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbk.html" target=_blank>MYTOB-BK</a> WORM!
3703. Source=Paul Collins Startup list
3704.  
3705. [Anti-Blaxx Manager]
3706. Number=526
3707. Confirmed=N
3708. Filename=Anti-Blaxx.exe
3709. Description=<a href="http://www.antiblaxx.com/" target=_blank>Anti-Blaxx</a> - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives
3710.  
3711. Source=Paul Collins Startup list
3712.  
3713. [Anti-keylogger check]
3714. Number=527
3715. Confirmed=U
3716. Filename=antikey.exe
3717. Description=<a href="http://www.anti-keyloggers.com/" target="_blank">Anti-keylogger</a> - protects against keylogger programs monitoring your keystrokes
3718. Source=Paul Collins Startup list
3719.  
3720. [Anti-Trojan-Watch]
3721. Number=528
3722. Confirmed=U
3723. Filename=ATWatch.exe
3724. Description=Anti-Trojan Watch - trojan detector
3725. Source=Paul Collins Startup list
3726.  
3727. [Anti-Virus]
3728. Number=529
3729. Confirmed=X
3730. Filename=vpms.exe
3731. Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.GV.htm" target="_blank">SDBOT.GV</a> WORM!
3732. Source=Paul Collins Startup list
3733.  
3734. [Anti-Virus]
3735. Number=530
3736. Confirmed=X
3737. Filename=[random filename].exe
3738. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcaprobada.html" target="_blank">CAPROBAD-A</a> TROJAN!
3739. Source=Paul Collins Startup list
3740.  
3741. [Anti-Virus Product Sync]
3742. Number=531
3743. Confirmed=X
3744. Filename=[unprintable character][3 characters]log.exe
3745. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061311-1623-99" target=_blank>KEDEBE.D</a> WORM!
3746. Source=Paul Collins Startup list
3747.  
3748. [Anti-Virus Update Scheduler]
3749. Number=532
3750. Confirmed=X
3751. Filename=[path to trojan]
3752. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammita.html" target=_blank>SPAMMIT-A</a> TROJAN!
3753. Source=Paul Collins Startup list
3754.  
3755. [Anti-Virus Update Scheduler]
3756. Number=533
3757. Confirmed=X
3758. Filename=winsp3.exe
3759. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor which allows a remote hacker to connect to other systems via the compromised system
3760. Source=Paul Collins Startup list
3761.  
3762. [Anti-Virus Update Scheduler V1.39.12R]
3763. Number=534
3764. Confirmed=X
3765. Filename=[path to trojan]
3766. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050122-5053-99" target="_blank">HEPLANE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050215-0935-99" target="_blank">STAPREW.B</a> TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
3767. Source=Paul Collins Startup list
3768.  
3769. [AntiClicker]
3770. Number=535
3771. Confirmed=X
3772. Filename=SVCHST32.EXE
3773. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100928.htm" target="_blank">CBH</a> TROJAN!
3774. Source=Paul Collins Startup list
3775.  
3776. [antidialer.co.uk]
3777. Number=536
3778. Confirmed=U
3779. Filename=Dialer_Watcher.exe
3780. Description=<a href="http://freespace.virgin.net/glenn.fletcher/index2.htm" target="_blank">Dialer_Watcher</a> is an application that allows you to detect <a href="http://www.mcgill.ca/ncs/products/security/threatsdangers/virus/dialers/" target="_blank">dialers</a> on your computer
3781. Source=Paul Collins Startup list
3782.  
3783. [AntiPopUp]
3784. Number=537
3785. Confirmed=U
3786. Filename=AntiPopUp.exe
3787. Description=<a href="http://www.webknacks.com/antipopup.htm" target="_blank">AntiPopUp for IE</a> - pop-up stopper
3788. Source=Paul Collins Startup list
3789.  
3790. [AntiVerminser]
3791. Number=538
3792. Confirmed=N
3793. Filename=AntiVerminser.exe
3794. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
3795. Source=Paul Collins Startup list
3796.  
3797. [Antivir]
3798. Number=539
3799. Confirmed=X
3800. Filename=svchst.exe
3801. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojragruka.html" target=_blank>RAGRUK-A</a> TROJAN!
3802. Source=Paul Collins Startup list
3803.  
3804. [AntiVir]
3805. Number=540
3806. Confirmed=X
3807. Filename=scvhost.exe
3808. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
3809. Source=Paul Collins Startup list
3810.  
3811. [AntiVir]
3812. Number=541
3813. Confirmed=X
3814. Filename=winlog.exe
3815. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
3816. Source=Paul Collins Startup list
3817.  
3818. [AntiVir XP]
3819. Number=542
3820. Confirmed=Y
3821. Filename=AVwin.exe
3822. Description=<a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> - antivirus
3823.  
3824. Source=Paul Collins Startup list
3825.  
3826. [Antivirus]
3827. Number=543
3828. Confirmed=X
3829. Filename=av.exe
3830. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101417-5541-99" target="_blank">SINKIN</a> TROJAN! Resets IE start page to realphx.com
3831. Source=Paul Collins Startup list
3832.  
3833. [Antivirus]
3834. Number=544
3835. Confirmed=X
3836. Filename=maja.exe
3837. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030509-1444-99" target="_blank">NETSKY.H</a> WORM!
3838. Source=Paul Collins Startup list
3839.  
3840. [Antivirus]
3841. Number=545
3842. Confirmed=X
3843. Filename=iexpl0res.exe
3844. Description=Added by an unidentified WORM or TROJAN!
3845. Source=Paul Collins Startup list
3846.  
3847. [AntiVirus]
3848. Number=546
3849. Confirmed=X
3850. Filename=kaspery.exe
3851. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
3852. Source=Paul Collins Startup list
3853.  
3854. [Antivirus Installer]
3855. Number=547
3856. Confirmed=X
3857. Filename=[path to trojan]
3858. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbadgenta.html" target=_blank>BADGENT-A</a> TROJAN!
3859. Source=Paul Collins Startup list
3860.  
3861. [Antivirus-Golden]
3862. Number=548
3863. Confirmed=N
3864. Filename=Antivirus-Golden.exe
3865. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
3866. Source=Paul Collins Startup list
3867.  
3868. [antivirus32]
3869. Number=549
3870. Confirmed=X
3871. Filename=antivirus.exe
3872. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022323-4358-99" target=_blank>SPYBOT.KAI</a> WORM!
3873. Source=Paul Collins Startup list
3874.  
3875. [AntivirusGold]
3876. Number=550
3877. Confirmed=X
3878. Filename=AntivirusGold.exe
3879. Description=<a href="http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453094194" target="_blank">AntivirusGold</a> malware
3880. Source=Paul Collins Startup list
3881.  
3882. [AntiVirusProtection]
3883. Number=551
3884. Confirmed=?
3885. Filename=qumk.exe
3886. Description=<font color="#FF0000">??</font>
3887. Source=Paul Collins Startup list
3888.  
3889. [antiware]
3890. Number=552
3891. Confirmed=X
3892. Filename=elite***32.exe [*** = random char]
3893. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderhw.html" target=_blank>DLOADER-HW</a> TROJAN!
3894. Source=Paul Collins Startup list
3895.  
3896. [AntiWindowsMessenger]
3897. Number=553
3898. Confirmed=U
3899. Filename=AntiMsMsg.exe
3900. Description=<a href="http://fileforum.betanews.com/detail/1069500643/1" target="_blank">Anti-Windows_Messenger</a> is a small application that prevents Windows Messenger from remaining resident in memory
3901. Source=Paul Collins Startup list
3902.  
3903. [anti_troj]
3904. Number=554
3905. Confirmed=X
3906. Filename=anti_troj.exe
3907. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112315-1052-99" target=_blank>LODEAR.D</a> TROJAN!
3908. Source=Paul Collins Startup list
3909.  
3910. [AnVir]
3911. Number=555
3912. Confirmed=Y
3913. Filename=AnVir.exe
3914. Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
3915. Source=Paul Collins Startup list
3916.  
3917. [AnVir Task Manager]
3918. Number=556
3919. Confirmed=Y
3920. Filename=AnVir.exe
3921. Description=<a href="http://anvir.com/taskmanager/" target="_blank">AnVir Task Manager</a> - protects computer against viruses and manages running processes and startup files
3922. Source=Paul Collins Startup list
3923.  
3924. [anvshell]
3925. Number=557
3926. Confirmed=U
3927. Filename=anvshell.exe
3928. Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
3929. Source=Paul Collins Startup list
3930.  
3931. [Any To-Do List]
3932. Number=558
3933. Confirmed=U
3934. Filename=anytodo.exe
3935. Description=<a href="http://www.anyutils.com/anytodo.htm" target=_blank>Any To-Do List</a> "the ultimate software solution to keep yourself organized and reminded"
3936.  
3937. Source=Paul Collins Startup list
3938.  
3939. [anycom bluetooth]
3940. Number=559
3941. Confirmed=?
3942. Filename=ftflauncher.exe
3943. Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
3944. Source=Paul Collins Startup list
3945.  
3946. [AnyDVD]
3947. Number=560
3948. Confirmed=U
3949. Filename=AnyDVD.exe
3950. Description=<a href="http://www.slysoft.com/en/anydvd.html" target="_blank">AnyDVD</a> - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
3951. Source=Paul Collins Startup list
3952.  
3953. [AO Tray]
3954. Number=561
3955. Confirmed=N
3956. Filename=AOTray.Exe
3957. Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
3958. Source=Paul Collins Startup list
3959.  
3960. [aol]
3961. Number=562
3962. Confirmed=Y
3963. Filename=avp.exe
3964. Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
3965. Source=Paul Collins Startup list
3966.  
3967. [AOL 9.0 Optimized]
3968. Number=563
3969. Confirmed=X
3970. Filename=AOLClient.exe
3971. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021517-4127-99" target=_blank>SPYBOTER.A</a> TROJAN!
3972. Source=Paul Collins Startup list
3973.  
3974. [AOL Broadband Check-Up]
3975. Number=564
3976. Confirmed=U
3977. Filename=matcli.exe
3978. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
3979. Source=Paul Collins Startup list
3980.  
3981. [AOL Companion]
3982. Number=565
3983. Confirmed=N
3984. Filename=companion.exe
3985. Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
3986.  
3987. Source=Paul Collins Startup list
3988.  
3989. [Aol Configuration Loader]
3990. Number=566
3991. Confirmed=X
3992. Filename=aimsng.exe
3993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxe.html" target=_blank>SDBOT-XE</a> WORM!
3994. Source=Paul Collins Startup list
3995.  
3996. [AOL Fast Start]
3997. Number=567
3998. Confirmed=?
3999. Filename=AOL.exe
4000. Description=AOL ISP software related. <font color="#FF0000">What does it do and is it required?</font>
4001. Source=Paul Collins Startup list
4002.  
4003. [AOL Instant Messanger]
4004. Number=568
4005. Confirmed=X
4006. Filename=aim.exe
4007. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html" target=_blank>SDBOT-YT</a> WORM!
4008. Source=Paul Collins Startup list
4009.  
4010. [AOL Instant Messengar]
4011. Number=569
4012. Confirmed=X
4013. Filename=aol.exe
4014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotfn.html" target="_blank">AGOBOT-FN</a> WORM!
4015. Source=Paul Collins Startup list
4016.  
4017. [AOL Instant Messenger]
4018. Number=570
4019. Confirmed=?
4020. Filename=AlM.EXE
4021. Description=That is an L between the A and M, the start up location is wrong for AIM. <font color="#FF0000">What does this relate to?</font>
4022. Source=Paul Collins Startup list
4023.  
4024. [Aol Instant Messenger]
4025. Number=571
4026. Confirmed=X
4027. Filename=aolmsg.exe
4028. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042300-3701-99" target="_blank">KELVIR.AL</a> WORM!
4029. Source=Paul Collins Startup list
4030.  
4031. [AOL Instant Messenger 7.213]
4032. Number=572
4033. Confirmed=X
4034. Filename=aim9283.exe
4035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html" target=_blank>SDBOT-ZF</a> WORM!
4036. Source=Paul Collins Startup list
4037.  
4038. [Aol Instant Messenger Fix]
4039. Number=573
4040. Confirmed=X
4041. Filename=aolfix.exe
4042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html" target=_blank>SDBOT-ABJ</a> WORM!
4043. Source=Paul Collins Startup list
4044.  
4045. [AOL Messenger]
4046. Number=574
4047. Confirmed=X
4048. Filename=[random filename]
4049. Description=Added by an unidentified VIRUS, WORM or TROJAN!
4050. Source=Paul Collins Startup list
4051.  
4052. [AOL Messenger]
4053. Number=575
4054. Confirmed=X
4055. Filename=aolmsngr.exe
4056. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html" target=_blank>SDBOT-JF</a> WORM!
4057. Source=Paul Collins Startup list
4058.  
4059. [AOL Messenger Optimized]
4060. Number=576
4061. Confirmed=X
4062. Filename=AOLOpt.exe
4063. Description=Added by the <a href="http://www.superadblocker.com/definition/aolopt/" target=_blank>AOLOPT</a> TROJAN! 
4064.  
4065. Source=Paul Collins Startup list
4066.  
4067. [AOL Services Hosts]
4068. Number=577
4069. Confirmed=X
4070. Filename=aolserviceshosts.exe
4071. Description=Added by an unidentified WORM or TROJAN!
4072. Source=Paul Collins Startup list
4073.  
4074. [AOL Spyware Protection]
4075. Number=578
4076. Confirmed=U
4077. Filename=AOLSP Scheduler.exe
4078. Description=AOL's spyware protection program
4079. Source=Paul Collins Startup list
4080.  
4081. [AOL TopSpeedMonitor]
4082. Number=579
4083. Confirmed=U
4084. Filename=aoltsmon.exe
4085. Description=AOL's <a href="http://site.aol.com/price_plans/bfsdialup.adp" target=_blank>TopSpeed</a> web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
4086. Source=Paul Collins Startup list
4087.  
4088. [AolAcsDaemon1]
4089. Number=580
4090. Confirmed=Y
4091. Filename=Acsd.exe
4092. Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
4093. Source=Paul Collins Startup list
4094.  
4095. [AolAcsDaemon1]
4096. Number=581
4097. Confirmed=Y
4098. Filename=AOLACSD.EXE
4099. Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
4100. Source=Paul Collins Startup list
4101.  
4102. [AOLCC]
4103. Number=582
4104. Confirmed=?
4105. Filename=ACCAgnt.exe
4106. Description=AOL ISP software related, file located in a "AOL Computer Check-Up" folder. <font color="#FF0000">What does it do and is it required?</font>
4107. Source=Paul Collins Startup list
4108.  
4109. [AolCon]
4110. Number=583
4111. Confirmed=X
4112. Filename=config.com
4113. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112012-0423-99" target="_blank">TAPLAK</a> WORM!
4114. Source=Paul Collins Startup list
4115.  
4116. [AOLDialer]
4117. Number=584
4118. Confirmed=N
4119. Filename=AOLDial.exe
4120. Description=AOL ISP software dialer - can be activated through a desktop shortcut
4121. Source=Paul Collins Startup list
4122.  
4123. [AolFix]
4124. Number=585
4125. Confirmed=N
4126. Filename=AolFix.exe
4127. Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL  to run correctly. Not seen much any more and should only run once
4128. Source=Paul Collins Startup list
4129.  
4130. [AOLRegKey32]
4131. Number=586
4132. Confirmed=X
4133. Filename=AOREGSVR512.EXE
4134. Description=Unidentified malware - see <a href="http://fileinfo.prevx.com/QQ2cb317153874-AORE13820788/AOREGSVR512.EXE.html" target=_blank>here</a>
4135.  
4136. Source=Paul Collins Startup list
4137.  
4138. [AOLStart]
4139. Number=587
4140. Confirmed=X
4141. Filename=AOLStart.exe
4142. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41605" target="_blank">KRAIMER.12</a> TROJAN!
4143. Source=Paul Collins Startup list
4144.  
4145. [Aornum]
4146. Number=588
4147. Confirmed=X
4148. Filename=aornum.exe
4149. Description=Installed along with <a href="http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf">iWon Prize Machine</a>. Based upon their <a href="http://www.iwon.com/home/companyinfo/privacy/privacy_overview/0,11882,,00.html#1">privacy</a> statement this can be regarded as spyware
4150. Source=Paul Collins Startup list
4151.  
4152. [AOTray]
4153. Number=589
4154. Confirmed=N
4155. Filename=AOTray.Exe
4156. Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
4157. Source=Paul Collins Startup list
4158.  
4159. [APC UPS Status]
4160. Number=590
4161. Confirmed=Y
4162. Filename=Display.exe
4163. Description=<a href="http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=" target="_blank">APC PowerChute Personal Edition</a> status icon
4164. Source=Paul Collins Startup list
4165.  
4166. [APC_SERVICE]
4167. Number=591
4168. Confirmed=U
4169. Filename=mainserv.exe
4170. Description=<a href="http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW75" target="_blank">PowerChute« Personal Edition</a> - "safe system shutdown software with sophisticated power management functions"
4171. Source=Paul Collins Startup list
4172.  
4173. [apc_tray]
4174. Number=592
4175. Confirmed=Y
4176. Filename=apc_tray.exe
4177. Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
4178. Source=Paul Collins Startup list
4179.  
4180. [APD123]
4181. Number=593
4182. Confirmed=X
4183. Filename=APD123.exe
4184. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware
4185. Source=Paul Collins Startup list
4186.  
4187. [Api**.exe [* = random char]]
4188. Number=594
4189. Confirmed=X
4190. Filename=Api**.exe [* = random char]
4191. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
4192. Source=Paul Collins Startup list
4193.  
4194. [Api**32.exe [* = random char]]
4195. Number=595
4196. Confirmed=X
4197. Filename=Api**32.exe [* = random char]
4198. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
4199. Source=Paul Collins Startup list
4200.  
4201. [API32]
4202. Number=596
4203. Confirmed=X
4204. Filename=api32.exe
4205. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotb.html" target=_blank>IRCBOT-B</a> TROJAN!
4206. Source=Paul Collins Startup list
4207.  
4208. [APIClass]
4209. Number=597
4210. Confirmed=X
4211. Filename=lexplore_.exe
4212. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
4213. Source=Paul Collins Startup list
4214.  
4215. [APIMon]
4216. Number=598
4217. Confirmed=X
4218. Filename=apimonx.exe
4219. Description=Added by the TIBSER.A downloader TROJAN!
4220. Source=Paul Collins Startup list
4221.  
4222. [APIMon]
4223. Number=599
4224. Confirmed=X
4225. Filename=winapix.exe
4226. Description=Added by a variant of the TIBSER.A downloader TROJAN!
4227. Source=Paul Collins Startup list
4228.  
4229. [APIMon]
4230. Number=600
4231. Confirmed=X
4232. Filename=msreg.exe
4233. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.Z" target="_blank">DROPPER.Z</a> TROJAN!
4234. Source=Paul Collins Startup list
4235.  
4236. [apisvc.exe]
4237. Number=601
4238. Confirmed=X
4239. Filename=apisvc.exe
4240. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_116121.htm" target=_blank>LAMEBOT</a> TROJAN!
4241. Source=Paul Collins Startup list
4242.  
4243. [APL]
4244. Number=602
4245. Confirmed=U
4246. Filename=APL.exe
4247. Description=Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
4248. Source=Paul Collins Startup list
4249.  
4250. [Apmsrv9x]
4251. Number=603
4252. Confirmed=?
4253. Filename=APMSRV9X.EXE
4254. Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> Wireless II Home Network related. Now discontinued. <font color="#FF0000">What does it do and is it required?</font>
4255. Source=Paul Collins Startup list
4256.  
4257. [Apoint]
4258. Number=604
4259. Confirmed=U
4260. Filename=Apoint.exe
4261. Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
4262. Source=Paul Collins Startup list
4263.  
4264. [App**32.exe [* = random char]]
4265. Number=605
4266. Confirmed=X
4267. Filename=App**32.exe [* = random char]
4268. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
4269. Source=Paul Collins Startup list
4270.  
4271. [App.EXEName]
4272. Number=606
4273. Confirmed=X
4274. Filename=[path to worm]\.exe
4275. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120812-3452-99" target="_blank">BODIRU</a> WORM!
4276. Source=Paul Collins Startup list
4277.  
4278. [Appcon]
4279. Number=607
4280. Confirmed=U
4281. Filename=vAppCon.exe
4282. Description=Vital Application Console - part of <a href="http://www.pos-partner.com/Product.htm" target="_blank">POS-partner 2000</a> point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
4283. Source=Paul Collins Startup list
4284.  
4285. [appconn]
4286. Number=608
4287. Confirmed=X
4288. Filename=appconn.exe
4289. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071414-1355-99" target="_blank">CARGAO</a> WORM!
4290. Source=Paul Collins Startup list
4291.  
4292. [AppExtender]
4293. Number=609
4294. Confirmed=U
4295. Filename=AppExtCB.exe
4296. Description=Loads the <a href="http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f" target="_blank">Confimax</a> add-in for popular E-mail programs to confirm E-mails have been sent and received
4297. Source=Paul Collins Startup list
4298.  
4299. [appis.exe]
4300. Number=610
4301. Confirmed=X
4302. Filename=appis.exe
4303. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088191" target="_blank">AGENT-BC</a> TROJAN!
4304. Source=Paul Collins Startup list
4305.  
4306. [Application]
4307. Number=611
4308. Confirmed=Y
4309. Filename=mdmsetsp.exe
4310. Description=<a href="http://www.aztech.com/" target=_blank>Aztech Labs</a> modem driver
4311. Source=Paul Collins Startup list
4312.  
4313. [Application Explorer]
4314. Number=612
4315. Confirmed=U
4316. Filename=Naldesk.exe
4317. Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." 
4318. Source=Paul Collins Startup list
4319.  
4320. [Application Explorer]
4321. Number=613
4322. Confirmed=U
4323. Filename=NalView.exe
4324. Description=<a href="http://www.novell.com/documentation/zdfs/index.html?page=/documentation/zdfs/zdfsadmn/data/acpsmx1.html" target="_blank">Application Explorer</a> - file manager type access to Novell Application Launcher for installing and updating network residing applications
4325. Source=Paul Collins Startup list
4326.  
4327. [Application Layer Gateway Service]
4328. Number=614
4329. Confirmed=X
4330. Filename=algs.exe
4331. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
4332. Source=Paul Collins Startup list
4333.  
4334. [ApplicationProtocolRun]
4335. Number=615
4336. Confirmed=X
4337. Filename=smsbvl32.exe
4338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotcx.html" target="_blank">IRCBOT-CX</a> TROJAN!
4339. Source=Paul Collins Startup list
4340.  
4341. [AppPlus]
4342. Number=616
4343. Confirmed=U
4344. Filename=AppPlus.exe
4345. Description=<a href="http://www.appplusonline.com/" target="_blank">AppPlus</a> - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
4346. Source=Paul Collins Startup list
4347.  
4348. [Apvxd]
4349. Number=617
4350. Confirmed=Y
4351. Filename=APVXDWIN.EXE
4352. Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. Required to enable permanent virus protection
4353. Source=Paul Collins Startup list
4354.  
4355. [Apvxdwin]
4356. Number=618
4357. Confirmed=Y
4358. Filename=APVXDWIN.EXE
4359. Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus </a>. Required to enable permanent virus protection
4360. Source=Paul Collins Startup list
4361.  
4362. [Apwheel]
4363. Number=619
4364. Confirmed=Y
4365. Filename=Apwheel.exe
4366. Description=Wheel support for an Alps mouse 
4367. Source=Paul Collins Startup list
4368.  
4369. [apyginapygin]
4370. Number=620
4371. Confirmed=X
4372. Filename=simenu.exe
4373. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTR&VSect=P" target=_blank>SDBOT.BTR</a> WORM!
4374. Source=Paul Collins Startup list
4375.  
4376. [AQ3HelperStartUp]
4377. Number=621
4378. Confirmed=U
4379. Filename=AQ3HEL~1.EXE
4380. Description=ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
4381. Source=Paul Collins Startup list
4382.  
4383. [aqadcup.exe]
4384. Number=622
4385. Confirmed=X
4386. Filename=aqadcup.exe
4387. Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
4388. Source=Paul Collins Startup list
4389.  
4390. [Aqujyjax]
4391. Number=623
4392. Confirmed=X
4393. Filename=[path to file]
4394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcq.html" target="_blank">RANCK-CQ</a> TROJAN!
4395. Source=Paul Collins Startup list
4396.  
4397. [Aqujyjax]
4398. Number=624
4399. Confirmed=X
4400. Filename=aqujyjax.exe
4401. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyc.html" target="_blank">SDBOT-YC</a> WORM!
4402. Source=Paul Collins Startup list
4403.  
4404. [ara-key]
4405. Number=625
4406. Confirmed=X
4407. Filename=[random filename]
4408. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080817-4045-99" target="_blank">ANTINNY</a> WORM!
4409. Source=Paul Collins Startup list
4410.  
4411. [arcaderockstar]
4412. Number=626
4413. Confirmed=X
4414. Filename=arcaderockstar32.exe
4415. Description=Arcade Rockstar (now <a href="http://www.gamevance.com/" target="_blank">Gamevance</a>) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer
4416. Source=Paul Collins Startup list
4417.  
4418. [Archive]
4419. Number=627
4420. Confirmed=X
4421. Filename=archive.exe
4422. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Centim.a
4423. Source=Paul Collins Startup list
4424.  
4425. [ARCHIVE CONTROL]
4426. Number=628
4427. Confirmed=X
4428. Filename=fixupdattr.exe
4429. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070712-1709-99" target=_blank>MYTOB.GU</a> WORM!
4430. Source=Paul Collins Startup list
4431.  
4432. [ARCSolo Recovery]
4433. Number=629
4434. Confirmed=N
4435. Filename=N/A
4436. Description=Backup software by Computer Associates - no longer supported
4437. Source=Paul Collins Startup list
4438.  
4439. [Ardamax Keylogger]
4440. Number=630
4441. Confirmed=U
4442. Filename=akl.exe
4443. Description=<a href="http://www.bleepingcomputer.com/startups/akl.exe-10964.html" target=_blank>Ardakey B</a> keystroke logger/monitoring program - remove unless you installed it yourself!
4444.  
4445. Source=Paul Collins Startup list
4446.  
4447. [ares]
4448. Number=631
4449. Confirmed=N
4450. Filename=ares.exe
4451. Description="<a href="http://aresgalaxy.sourceforge.net/" target="_blank">Ares</a> is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
4452. Source=Paul Collins Startup list
4453.  
4454. [areslite]
4455. Number=632
4456. Confirmed=N
4457. Filename=AresLite.exe
4458. Description="<a href="http://aresgalaxy.sourceforge.net/" target="_blank">Ares</a> is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
4459. Source=Paul Collins Startup list
4460.  
4461. [Argentum Backup]
4462. Number=633
4463. Confirmed=U
4464. Filename=ab.exe
4465. Description=<a href="http://www.argentuma.com/backup.html" target="_blank">Argentum Backup</a> - a small backup program that lets you easily back up your documents and folders
4466. Source=Paul Collins Startup list
4467.  
4468. [Aritima]
4469. Number=634
4470. Confirmed=X
4471. Filename=aritima.exe
4472. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081915-4836-99" target="_blank">ARITIM</a> WORM!
4473. Source=Paul Collins Startup list
4474.  
4475. [ARMOR2NET]
4476. Number=635
4477. Confirmed=N
4478. Filename=Armor2net.exe
4479. Description=Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
4480. Source=Paul Collins Startup list
4481.  
4482. [ARPWRMSG]
4483. Number=636
4484. Confirmed=N
4485. Filename=ARPWRMSG.EXE
4486. Description=Related to HP and Compaq Desktop PCs. Read <a href="http://h10025.www1.hp.com:80/ewfrf/wc/genericDocument?docname=bph07149&cc=us&lc=en&dlc=en&dlc=en&lang=en" target="_blank">this</a> article
4487. Source=Paul Collins Startup list
4488.  
4489. [Artera]
4490. Number=637
4491. Confirmed=U
4492. Filename=arteraui.exe
4493. Description=<a href="http://www.arteraturbo.com/" target="_blank">Artera Turbo Internet Accelerator</a> - "surf faster, boost download speed". Only required if you find it helps improve your performance
4494. Source=Paul Collins Startup list
4495.  
4496. [AS00 Gear511]
4497. Number=638
4498. Confirmed=?
4499. Filename=Gear511.exe
4500. Description=Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. <font color="#FF0000">Is it at all required?</font>
4501. Source=Paul Collins Startup list
4502.  
4503. [AS00_WN511B]
4504. Number=639
4505. Confirmed=U
4506. Filename=WN511B.exe
4507. Description=Netgear <a href="http://www.netgear.com/Products/Adapters/RangeMaxNextWirelessAdapters/WN511B.aspx" target="_blank">RangeMax NEXT</a> wireless adapter configuration utility
4508. Source=Paul Collins Startup list
4509.  
4510. [AS00_WPN511]
4511. Number=640
4512. Confirmed=?
4513. Filename=WPN511.exe
4514. Description=NetgearRev MFC Application - software for Netgear wireless network cards - <font color="#FF0000">what does it do and is it required in startup?</font>
4515. Source=Paul Collins Startup list
4516.  
4517. [ASDPLUGIN]
4518. Number=641
4519. Confirmed=X
4520. Filename=dsldbaccess.exe
4521. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4522. Source=Paul Collins Startup list
4523.  
4524. [ASDPLUGIN]
4525. Number=642
4526. Confirmed=X
4527. Filename=canada.exe
4528. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4529. Source=Paul Collins Startup list
4530.  
4531. [ASDPLUGIN]
4532. Number=643
4533. Confirmed=X
4534. Filename=france.exe
4535. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4536. Source=Paul Collins Startup list
4537.  
4538. [ASDPLUGIN]
4539. Number=644
4540. Confirmed=X
4541. Filename=fullgames.exe
4542. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4543. Source=Paul Collins Startup list
4544.  
4545. [ASDPLUGIN]
4546. Number=645
4547. Confirmed=X
4548. Filename=100171be.exe
4549. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4550. Source=Paul Collins Startup list
4551.  
4552. [ASDPLUGIN]
4553. Number=646
4554. Confirmed=X
4555. Filename=100176br.exe
4556. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4557. Source=Paul Collins Startup list
4558.  
4559. [ASDPLUGIN]
4560. Number=647
4561. Confirmed=X
4562. Filename=adult1.exe
4563. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4564. Source=Paul Collins Startup list
4565.  
4566. [ASDPLUGIN]
4567. Number=648
4568. Confirmed=X
4569. Filename=Austria.exe
4570. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4571. Source=Paul Collins Startup list
4572.  
4573. [ASDPLUGIN]
4574. Number=649
4575. Confirmed=X
4576. Filename=belgium nm.exe
4577. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4578. Source=Paul Collins Startup list
4579.  
4580. [ASDPLUGIN]
4581. Number=650
4582. Confirmed=X
4583. Filename=czech.exe
4584. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4585. Source=Paul Collins Startup list
4586.  
4587. [ASDPLUGIN]
4588. Number=651
4589. Confirmed=X
4590. Filename=dbaccess.exe
4591. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4592. Source=Paul Collins Startup list
4593.  
4594. [ASDPLUGIN]
4595. Number=652
4596. Confirmed=X
4597. Filename=dslgeaccess.exe
4598. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4599. Source=Paul Collins Startup list
4600.  
4601. [ASDPLUGIN]
4602. Number=653
4603. Confirmed=X
4604. Filename=Finland.exe
4605. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4606. Source=Paul Collins Startup list
4607.  
4608. [ASDPLUGIN]
4609. Number=654
4610. Confirmed=X
4611. Filename=geaccess.exe
4612. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4613. Source=Paul Collins Startup list
4614.  
4615. [ASDPLUGIN]
4616. Number=655
4617. Confirmed=X
4618. Filename=mexico.exe
4619. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4620. Source=Paul Collins Startup list
4621.  
4622. [ASDPLUGIN]
4623. Number=656
4624. Confirmed=X
4625. Filename=netherlands.exe
4626. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4627. Source=Paul Collins Startup list
4628.  
4629. [ASDPLUGIN]
4630. Number=657
4631. Confirmed=X
4632. Filename=turkey.exe
4633. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4634. Source=Paul Collins Startup list
4635.  
4636. [ASDPLUGIN]
4637. Number=658
4638. Confirmed=X
4639. Filename=uk nm.exe
4640. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4641. Source=Paul Collins Startup list
4642.  
4643. [ASDPLUGIN]
4644. Number=659
4645. Confirmed=X
4646. Filename=Xadult1.exe
4647. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4648. Source=Paul Collins Startup list
4649.  
4650. [ASDPLUGIN]
4651. Number=660
4652. Confirmed=X
4653. Filename=temp532.exe
4654. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
4655. Source=Paul Collins Startup list
4656.  
4657. [asdx]
4658. Number=661
4659. Confirmed=X
4660. Filename=xwinrpc32.exe
4661. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VO" target="_blank">AGOBOT.VO</a> WORM!
4662. Source=Paul Collins Startup list
4663.  
4664. [ASE Scheduler]
4665. Number=662
4666. Confirmed=N
4667. Filename=ASE Scheduler.exe
4668. Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
4669. Source=Paul Collins Startup list
4670.  
4671. [Ashampoo PopUpBlocker]
4672. Number=663
4673. Confirmed=U
4674. Filename=PopUpKiller.exe
4675. Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo</a> popup blocker, part of Magical Security (was Privacy Protector Plus)
4676. Source=Paul Collins Startup list
4677.  
4678. [ashAvast]
4679. Number=664
4680. Confirmed=Y
4681. Filename=ashAvast.exe
4682. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast</a> antivirus
4683. Source=Paul Collins Startup list
4684.  
4685. [ASHLT]
4686. Number=665
4687. Confirmed=X
4688. Filename=Ashlt.exe
4689. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100811-0814-99" target="_blank">Ashlt</a> adware
4690. Source=Paul Collins Startup list
4691.  
4692. [ashMaiSv]
4693. Number=666
4694. Confirmed=Y
4695. Filename=ashmaisv.exe
4696. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software - E-mail scanner
4697. Source=Paul Collins Startup list
4698.  
4699. [AsioReg]
4700. Number=667
4701. Confirmed=U
4702. Filename=regsvr32.exe ctasio.dll
4703. Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
4704. Source=Paul Collins Startup list
4705.  
4706. [ASK]
4707. Number=668
4708. Confirmed=U
4709. Filename=rundll32.exe [path] ASK.dll rdl
4710. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071816-1110-99" target=_blank>Stealth Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
4711. Source=Paul Collins Startup list
4712.  
4713. [asl]
4714. Number=669
4715. Confirmed=X
4716. Filename=Aslru.exe
4717. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscu.html" target=_blank>BANCOS-CU</a> TROJAN!
4718. Source=Paul Collins Startup list
4719.  
4720. [Asmw Soft Popups Burner]
4721. Number=670
4722. Confirmed=U
4723. Filename=popups burner.exe
4724. Description=Popup blocker, part of Asmw Soft <a href="http://www.asmwsoft.com/products/002.htm" target= blank>PC Optimizer</a>
4725. Source=Paul Collins Startup list
4726.  
4727. [asnconsole]
4728. Number=671
4729. Confirmed=X
4730. Filename=msasn.exe
4731. Description=Added by the <a href="https://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=53404" target="_blank">RBOT.EVU</a> TROJAN!
4732. Source=Paul Collins Startup list
4733.  
4734. [ASocksrv]
4735. Number=672
4736. Confirmed=X
4737. Filename=SocksA.exe
4738. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CBW" target="_blank">VB.CBW</a> WORM!
4739. Source=Paul Collins Startup list
4740.  
4741. [ASP.NET State Service]
4742. Number=673
4743. Confirmed=X
4744. Filename=csrss.exe
4745. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqi.html" target=_blank>DLOADER-QI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
4746. Source=Paul Collins Startup list
4747.  
4748. [ASP.NET State Service]
4749. Number=674
4750. Confirmed=X
4751. Filename=crsass.exe
4752. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloadm.html" target=_blank>BANLOAD-M</a> TROJAN!
4753. Source=Paul Collins Startup list
4754.  
4755. [ASP.NET State Service]
4756. Number=675
4757. Confirmed=X
4758. Filename=servicos..exe
4759. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobrai.html" target=_blank>DADOBRA-I</a> TROJAN!
4760. Source=Paul Collins Startup list
4761.  
4762. [asp4tray]
4763. Number=676
4764. Confirmed=N
4765. Filename=asp4tray.exe
4766. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
4767. Source=Paul Collins Startup list
4768.  
4769. [AspireTimeMachine]
4770. Number=677
4771. Confirmed=Y
4772. Filename=acertmb.exe
4773. Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
4774. Source=Paul Collins Startup list
4775.  
4776. [asrupdate.exe]
4777. Number=678
4778. Confirmed=X
4779. Filename=asrupdate.exe
4780. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Win32.VB.atz&threatid=90801" target="_blank">VB.ATZ</a> TROJAN!
4781. Source=Paul Collins Startup list
4782.  
4783. [assistse]
4784. Number=679
4785. Confirmed=X
4786. Filename=ASSISTSE.EXE
4787. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target="_blank">CnsMin</a> (Chinese Keywords) hijacker related
4788. Source=Paul Collins Startup list
4789.  
4790. [AST]
4791. Number=680
4792. Confirmed=X
4793. Filename=AST
4794. Description=Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS!
4795. Source=Paul Collins Startup list
4796.  
4797. [AST]
4798. Number=681
4799. Confirmed=X
4800. Filename=AST
4801. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
4802. Source=Paul Collins Startup list
4803.  
4804. [AST]
4805. Number=682
4806. Confirmed=X
4807. Filename=AST.exe
4808. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082809" target=_blank>AutoStarter</a> parasite
4809.  
4810. Source=Paul Collins Startup list
4811.  
4812. [ASTART]
4813. Number=683
4814. Confirmed=U
4815. Filename=astart.exe
4816. Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
4817. Source=Paul Collins Startup list
4818.  
4819. [AStart]
4820. Number=684
4821. Confirmed=X
4822. Filename=AStart
4823. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068322" target=_blank>VB.AH</a> TROJAN!
4824. Source=Paul Collins Startup list
4825.  
4826. [asTray]
4827. Number=685
4828. Confirmed=N
4829. Filename=Astray.exe
4830. Description=Voyetra Audio Station - part of <a href="http://www.voyetra.com/site/default.asp" target="_blank">Voyetra's</a> Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
4831. Source=Paul Collins Startup list
4832.  
4833. [Astro]
4834. Number=686
4835. Confirmed=N
4836. Filename=Astro.exe
4837. Description=Checks for updates to Quicken on a system reboot
4838. Source=Paul Collins Startup list
4839.  
4840. [ASUS Live Update]
4841. Number=687
4842. Confirmed=N
4843. Filename=ALU.exe
4844. Description=ASUS Live Update utility for their motherboards
4845. Source=Paul Collins Startup list
4846.  
4847. [ASUS Probe]
4848. Number=688
4849. Confirmed=N
4850. Filename=AsusProb.exe
4851. Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
4852. Source=Paul Collins Startup list
4853.  
4854. [ASUS SmartDoctor]
4855. Number=689
4856. Confirmed=U
4857. Filename=VGAProbe.exe
4858. Description=ASUS video card fan/thermal monitor
4859. Source=Paul Collins Startup list
4860.  
4861. [ASUS TweakEnable]
4862. Number=690
4863. Confirmed=U
4864. Filename=astart.exe
4865. Description=Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
4866. Source=Paul Collins Startup list
4867.  
4868. [ASUSKey]
4869. Number=691
4870. Confirmed=N
4871. Filename=V38SHELL.EXE
4872. Description=System tray Icon for quickly changing video modes
4873. Source=Paul Collins Startup list
4874.  
4875. [asustweakenable]
4876. Number=692
4877. Confirmed=U
4878. Filename=ATweak.exe
4879. Description=Asus tweaking utility - for fine tuning the settings of your ASUS display card
4880. Source=Paul Collins Startup list
4881.  
4882. [ASWDP]
4883. Number=693
4884. Confirmed=N
4885. Filename=ASWDP.exe
4886. Description=<a href="http://www.mlspulse.com/login.jsp" target="_blank">MLS Pulse</a> - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
4887. Source=Paul Collins Startup list
4888.  
4889. [ASWnk]
4890. Number=694
4891. Confirmed=X
4892. Filename=aswnk.exe
4893. Description=Adult content dialler
4894. Source=Paul Collins Startup list
4895.  
4896. [AT-Watch]
4897. Number=695
4898. Confirmed=U
4899. Filename=ATWatch.exe
4900. Description=Anti-Trojan Watch - trojan detector
4901. Source=Paul Collins Startup list
4902.  
4903. [atapidrv]
4904. Number=696
4905. Confirmed=X
4906. Filename=atapidrv.exe
4907. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsl.html" target=_blank>AGOBOT-SL</a> WORM!
4908. Source=Paul Collins Startup list
4909.  
4910. [Athan]
4911. Number=697
4912. Confirmed=U
4913. Filename=Athan.exe
4914. Description=<a href="http://www.islamasoft.co.uk/products/athan/athansoftware.html" target=_blank>Athan</a> - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
4915. Source=Paul Collins Startup list
4916.  
4917. [ATI Active Graphics Card Monitor]
4918. Number=698
4919. Confirmed=X
4920. Filename=atievx.exe
4921. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottl.html" target="_blank">IRCBOT-TL</a> WORM!
4922. Source=Paul Collins Startup list
4923.  
4924. [ATI AS Filter]
4925. Number=699
4926. Confirmed=X
4927. Filename=msnse.exe
4928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotccy.html" target="_blank">RBOT-CCY</a> WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites
4929. Source=Paul Collins Startup list
4930.  
4931. [ATI CATALYST System Tray]
4932. Number=700
4933. Confirmed=N
4934. Filename=CLI.exe SystemTray
4935. Description=System Tray access to ATI's CATALYSTÖ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
4936. Source=Paul Collins Startup list
4937.  
4938. [ATI DeviceDetect]
4939. Number=701
4940. Confirmed=N
4941. Filename=ATIDtct.EXE
4942. Description=Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
4943. Source=Paul Collins Startup list
4944.  
4945. [ATI Display Driver]
4946. Number=702
4947. Confirmed=X
4948. Filename=atixd.exe
4949. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfov.html" target="_blank">RBOT-FOV</a> WORM!
4950. Source=Paul Collins Startup list
4951.  
4952. [Ati Display Settings]
4953. Number=703
4954. Confirmed=X
4955. Filename=atividx.exe
4956. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgas.html" target="_blank">RBOT-GAS</a> WORM!
4957. Source=Paul Collins Startup list
4958.  
4959. [ATI GART Set-up Utility]
4960. Number=704
4961. Confirmed=N
4962. Filename=Atigart.exe
4963. Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
4964. Source=Paul Collins Startup list
4965.  
4966. [ATI Launchpad]
4967. Number=705
4968. Confirmed=U
4969. Filename=launchpd.exe
4970. Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
4971. Source=Paul Collins Startup list
4972.  
4973. [ATI Rage3d Pro]
4974. Number=706
4975. Confirmed=X
4976. Filename=AtiRage4dPro.exe
4977. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotog.html" target=_blank>AGOBOT-OG</a> WORM!
4978. Source=Paul Collins Startup list
4979.  
4980. [ATI Remote Control]
4981. Number=707
4982. Confirmed=Y
4983. Filename=ATIRW.exe
4984. Description=Driver for the <a href="http://www.ati.com/products/home-office.html" target=_blank>ATI REMOTE WONDERÖ</a> RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
4985. Source=Paul Collins Startup list
4986.  
4987. [ATI Remote Control]
4988. Number=708
4989. Confirmed=Y
4990. Filename=ATIX10.exe
4991. Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote WonderÖ</a> - PC wireless remote control driver. Required if you use it
4992. Source=Paul Collins Startup list
4993.  
4994. [ATI Scheduler]
4995. Number=709
4996. Confirmed=N
4997. Filename=Atisched.exe
4998. Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
4999. Source=Paul Collins Startup list
5000.  
5001. [ATI Task Application]
5002. Number=710
5003. Confirmed=N
5004. Filename=Atitkad.exe
5005. Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
5006. Source=Paul Collins Startup list
5007.  
5008. [ATI Task Application (Atikey)]
5009. Number=711
5010. Confirmed=N
5011. Filename=Atitask.exe
5012. Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
5013. Source=Paul Collins Startup list
5014.  
5015. [ATI Technology Startup]
5016. Number=712
5017. Confirmed=X
5018. Filename=techstart.exe
5019. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeu.html" target=_blank>RBOT-AEU</a> WORM!
5020. Source=Paul Collins Startup list
5021.  
5022. [ATI Video Driver Control]
5023. Number=713
5024. Confirmed=X
5025. Filename=atigfx.exe
5026. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwl.html" target="_blank">RBOT-FWL</a> WORM!
5027. Source=Paul Collins Startup list
5028.  
5029. [ATI VIDEO REGKEY]
5030. Number=714
5031. Confirmed=X
5032. Filename=ati2vid.exe
5033. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR" target="_blank">SDBOT.UR</a> WORM!
5034. Source=Paul Collins Startup list
5035.  
5036. [Ati2cwxx]
5037. Number=715
5038. Confirmed=?
5039. Filename=Ati2cwxx.exe
5040. Description=<font color="#FF0000">For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it </font>
5041. Source=Paul Collins Startup list
5042.  
5043. [Ati2mdxx]
5044. Number=716
5045. Confirmed=U
5046. Filename=Ati2mdxx.exe
5047. Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
5048. Source=Paul Collins Startup list
5049.  
5050. [ATICCC]
5051. Number=717
5052. Confirmed=N
5053. Filename=cli.exe runtime
5054. Description=ATI's CATALYSTÖ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime as it can casue problems when starting Windows
5055. Source=Paul Collins Startup list
5056.  
5057. [ATICCC]
5058. Number=718
5059. Confirmed=N
5060. Filename=CLIStart.exe
5061. Description=Puts the ATI CatalystÖ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
5062. Source=Paul Collins Startup list
5063.  
5064. [aticpaxx.exe]
5065. Number=719
5066. Confirmed=X
5067. Filename=aticpaxx.exe
5068. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxp.html" target= blank>RBOT-XP</a> WORM!
5069. Source=Paul Collins Startup list
5070.  
5071. [AtiCwd]
5072. Number=720
5073. Confirmed=U
5074. Filename=AtiCwd.exe
5075. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5076. Source=Paul Collins Startup list
5077.  
5078. [AtiCwd]
5079. Number=721
5080. Confirmed=U
5081. Filename=AtiCwd32.exe
5082. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5083. Source=Paul Collins Startup list
5084.  
5085. [AtiCwd]
5086. Number=722
5087. Confirmed=U
5088. Filename=Ati2cwad.exe
5089. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5090. Source=Paul Collins Startup list
5091.  
5092. [AtiCwd32]
5093. Number=723
5094. Confirmed=U
5095. Filename=AtiCwd.exe
5096. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5097. Source=Paul Collins Startup list
5098.  
5099. [AtiCwd32]
5100. Number=724
5101. Confirmed=U
5102. Filename=AtiCwd32.exe
5103. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5104. Source=Paul Collins Startup list
5105.  
5106. [AtiCwd32]
5107. Number=725
5108. Confirmed=U
5109. Filename=Ati2cwad.exe
5110. Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
5111. Source=Paul Collins Startup list
5112.  
5113. [AtiDisplayDrv]
5114. Number=726
5115. Confirmed=X
5116. Filename=atidrvxx.exe
5117. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvz.html" target= blank>RBOT-VZ</a> WORM!
5118. Source=Paul Collins Startup list
5119.  
5120. [atidriver]
5121. Number=727
5122. Confirmed=X
5123. Filename=reaIplayer.exe
5124. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32warpigse.html" target=_blank>WARPIGS-E</a> WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
5125. Source=Paul Collins Startup list
5126.  
5127. [AtiKey]
5128. Number=728
5129. Confirmed=N
5130. Filename=AtiKey32.exe
5131. Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
5132. Source=Paul Collins Startup list
5133.  
5134. [AtiKey]
5135. Number=729
5136. Confirmed=?
5137. Filename=atiptkad.exe
5138. Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
5139. Source=Paul Collins Startup list
5140.  
5141. [Atikey]
5142. Number=730
5143. Confirmed=N
5144. Filename=Atitask.exe
5145. Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
5146. Source=Paul Collins Startup list
5147.  
5148. [ATIMACE]
5149. Number=731
5150. Confirmed=U
5151. Filename=MACE.exe
5152. Description=ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst Environment (MACE) component
5153.  
5154. Source=Paul Collins Startup list
5155.  
5156. [ATIModeChange]
5157. Number=732
5158. Confirmed=U
5159. Filename=Ati2mdxx.exe
5160. Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
5161. Source=Paul Collins Startup list
5162.  
5163. [AtiPanel]
5164. Number=733
5165. Confirmed=X
5166. Filename=atip.exe
5167. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
5168. Source=Paul Collins Startup list
5169.  
5170. [atipatxx]
5171. Number=734
5172. Confirmed=X
5173. Filename=atipatxx.exe
5174. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalled.html" target=_blank>SMALL-ED</a> TROJAN!
5175. Source=Paul Collins Startup list
5176.  
5177. [ATIPOLAB]
5178. Number=735
5179. Confirmed=U
5180. Filename=ati2evxx.exe
5181. Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
5182. Source=Paul Collins Startup list
5183.  
5184. [ATIPOLAB]
5185. Number=736
5186. Confirmed=U
5187. Filename=ati2evae.exe
5188. Description=ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
5189. Source=Paul Collins Startup list
5190.  
5191. [ATIPOLL]
5192. Number=737
5193. Confirmed=U
5194. Filename=ati2evxx.exe
5195. Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
5196. Source=Paul Collins Startup list
5197.  
5198. [AtiPTA]
5199. Number=738
5200. Confirmed=U
5201. Filename=Ati2ptxx.exe
5202. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5203. Source=Paul Collins Startup list
5204.  
5205. [AtiPTA]
5206. Number=739
5207. Confirmed=U
5208. Filename=Atiptaxx.exe
5209. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5210. Source=Paul Collins Startup list
5211.  
5212. [AtiPTAAA]
5213. Number=740
5214. Confirmed=U
5215. Filename=Ati2ptxx.exe
5216. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5217. Source=Paul Collins Startup list
5218.  
5219. [AtiPTAAA]
5220. Number=741
5221. Confirmed=U
5222. Filename=Atiptaxx.exe
5223. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5224. Source=Paul Collins Startup list
5225.  
5226. [atiptaxx]
5227. Number=742
5228. Confirmed=U
5229. Filename=Ati2ptxx.exe
5230. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5231. Source=Paul Collins Startup list
5232.  
5233. [atiptaxx]
5234. Number=743
5235. Confirmed=U
5236. Filename=Atiptaxx.exe
5237. Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
5238. Source=Paul Collins Startup list
5239.  
5240. [atiptext]
5241. Number=744
5242. Confirmed=X
5243. Filename=atiptext.exe
5244. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiama.html" target= blank>COSIAM-A</a> TROJAN!
5245. Source=Paul Collins Startup list
5246.  
5247. [AtiQiPcl]
5248. Number=745
5249. Confirmed=U
5250. Filename=AtiQiPcl.exe
5251. Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
5252. Source=Paul Collins Startup list
5253.  
5254. [ATISmart]
5255. Number=746
5256. Confirmed=U
5257. Filename=ati2s9ag.exe
5258. Description=ATI's "SMARTGART", which is included with the "<a href="http://mirror.ati.com/products/pc/catalyst/index.html" target="_blank">Catalyst</a>" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
5259. Source=Paul Collins Startup list
5260.  
5261. [AtiSound]
5262. Number=747
5263. Confirmed=U
5264. Filename=csrss.exe
5265. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110711-5846-99" target="_blank">WinSpy</a> surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "ComRoot" subfolder
5266. Source=Paul Collins Startup list
5267.  
5268. [atisrc2]
5269. Number=748
5270. Confirmed=X
5271. Filename=windfind.exe
5272. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwindfinda.html" target=_blank>WINDFIND-A</a> TROJAN!
5273.  
5274. Source=Paul Collins Startup list
5275.  
5276. [ATITech]
5277. Number=749
5278. Confirmed=X
5279. Filename=Active.exe
5280. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN!
5281. Source=Paul Collins Startup list
5282.  
5283. [atitray]
5284. Number=750
5285. Confirmed=U
5286. Filename=atitray.exe
5287. Description=ATI Tray Tools - allows quick access to ATI graphics card settings
5288. Source=Paul Collins Startup list
5289.  
5290. [AtiTrayTools]
5291. Number=751
5292. Confirmed=U
5293. Filename=atitray.exe
5294. Description=ATI Tray Tools - allows quick access to ATI graphics card settings
5295. Source=Paul Collins Startup list
5296.  
5297. [atiupdate]
5298. Number=752
5299. Confirmed=X
5300. Filename=ATIUPDATE5.EXE
5301. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A" target="_blank">DEBESKI.A</a> TROJAN!
5302. Source=Paul Collins Startup list
5303.  
5304. [atiupdate]
5305. Number=753
5306. Confirmed=X
5307. Filename=msshed32.exe
5308. Description=Added by the DELF.EP downloader TROJAN!
5309. Source=Paul Collins Startup list
5310.  
5311. [ATIUpdater]
5312. Number=754
5313. Confirmed=X
5314. Filename=atiupdxx.exe
5315. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabx.html" target= blank>RBOT-ABX</a> WORM!
5316. Source=Paul Collins Startup list
5317.  
5318. [Atiupdpl]
5319. Number=755
5320. Confirmed=X
5321. Filename=atiupdpl.exe
5322. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AOS" target="_blank">SMALL.AOS</a> TROJAN!
5323. Source=Paul Collins Startup list
5324.  
5325. [ativopen]
5326. Number=756
5327. Confirmed=X
5328. Filename=ativopen.exe
5329. Description=Premium rate adult content dialler
5330. Source=Paul Collins Startup list
5331.  
5332. [ATIX10]
5333. Number=757
5334. Confirmed=Y
5335. Filename=atix10.exe
5336. Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote WonderÖ</a> - PC wireless remote control driver. Required if you use it
5337. Source=Paul Collins Startup list
5338.  
5339. [Atl**.exe [* = random char]]
5340. Number=758
5341. Confirmed=X
5342. Filename=Atl**.exe [* = random char]
5343. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
5344. Source=Paul Collins Startup list
5345.  
5346. [Atl**32.exe [* = random char]]
5347. Number=759
5348. Confirmed=X
5349. Filename=Atl**32.exe [* = random char]
5350. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
5351. Source=Paul Collins Startup list
5352.  
5353. [ATM Control]
5354. Number=760
5355. Confirmed=X
5356. Filename=adpn.exe
5357. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&VSect=T" target="_blank">MMS.A</a> WORM!
5358. Source=Paul Collins Startup list
5359.  
5360. [ATnotes]
5361. Number=761
5362. Confirmed=N
5363. Filename=atnotes.exe
5364. Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
5365. Source=Paul Collins Startup list
5366.  
5367. [Atomic Time Synchronizer]
5368. Number=762
5369. Confirmed=U
5370. Filename=TimeSync.exe
5371. Description=<a href="http://www.spdialer.com/timesync/" target="_blank">TimeSync</a> - lets you synchronize your computer's clock with any internet atomic clock
5372. Source=Paul Collins Startup list
5373.  
5374. [Atomic-x27]
5375. Number=763
5376. Confirmed=X
5377. Filename=Atomic-x27.exe
5378. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
5379. Source=Paul Collins Startup list
5380.  
5381. [Atomic-x27C]
5382. Number=764
5383. Confirmed=X
5384. Filename=AtomicpartC.exe
5385. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32katomika.html" target=_blank>KATOMIK-A</a> WORM!
5386. Source=Paul Collins Startup list
5387.  
5388. [Atomic.exe]
5389. Number=765
5390. Confirmed=U
5391. Filename=Atomic.exe
5392. Description=<a href="http://www.worldtimeserver.com/atomic-clock/" target=_blank>Atomic Clock Sync</a> - synchronizes your computer's time with the NIST time server
5393. Source=Paul Collins Startup list
5394.  
5395. [Atomica]
5396. Number=766
5397. Confirmed=N
5398. Filename=atomica.exe
5399. Description=<a href="http://www.atomica.com/" target="_blank">Atomica</a> runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
5400. Source=Paul Collins Startup list
5401.  
5402. [AtomicTime]
5403. Number=767
5404. Confirmed=U
5405. Filename=ATOMICTIME.EXE
5406. Description=<a href="http://schmail.com/atomictime/" target="_blank">AtomicTime</a> - utility that synchronizes your PC clock to an atomic clock
5407. Source=Paul Collins Startup list
5408.  
5409. [Atrack]
5410. Number=768
5411. Confirmed=U
5412. Filename=atrack.exe
5413. Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
5414. Source=Paul Collins Startup list
5415.  
5416. [Atray]
5417. Number=769
5418. Confirmed=U
5419. Filename=Atray.exe
5420. Description=<a href="http://www.activetray.com/" target="_blank">Active Tray</a> is a utility which lets you configure the system tray. You can also create your own tray icons
5421. Source=Paul Collins Startup list
5422.  
5423. [ATSpooler]
5424. Number=770
5425. Confirmed=U
5426. Filename=AppsTraka.exe
5427. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062416-0348-99" target= blank>DeskTopScout</a> keystroke logger/monitoring program - remove unless you installed it yourself!
5428. Source=Paul Collins Startup list
5429.  
5430. [ATTBroadbandUpdate]
5431. Number=771
5432. Confirmed=U
5433. Filename=SAUpdate.exe
5434. Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
5435. Source=Paul Collins Startup list
5436.  
5437. [ATTRedUpdate]
5438. Number=772
5439. Confirmed=U
5440. Filename=AutoUpdate.exe
5441. Description=Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
5442. Source=Paul Collins Startup list
5443.  
5444. [AttuneClientEngine]
5445. Number=773
5446. Confirmed=X
5447. Filename=attune_ce.exe
5448. Description=Spyware - part of an automated helpdesk software called Aveo Attune
5449. Source=Paul Collins Startup list
5450.  
5451. [AttuneContentUpdater]
5452. Number=774
5453. Confirmed=X
5454. Filename=attune_cu.exe
5455. Description=Spyware - part of an automated helpdesk software called Aveo Attune
5456. Source=Paul Collins Startup list
5457.  
5458. [AttuneDiscovery]
5459. Number=775
5460. Confirmed=X
5461. Filename=attune_di.exe
5462. Description=Spyware - part of an automated helpdesk software called Aveo Attune
5463. Source=Paul Collins Startup list
5464.  
5465. [Attunel]
5466. Number=776
5467. Confirmed=X
5468. Filename=Attunel.exe
5469. Description=Spyware - part of an automated helpdesk software called Aveo Attune
5470. Source=Paul Collins Startup list
5471.  
5472. [AttuneSystray]
5473. Number=777
5474. Confirmed=X
5475. Filename=attune_st.exe
5476. Description=Spyware - part of an automated helpdesk software called Aveo Attune
5477. Source=Paul Collins Startup list
5478.  
5479. [aTuner]
5480. Number=778
5481. Confirmed=N
5482. Filename=atuner.exe
5483. Description=<a href="http://www.3dcenter.de/atuner/index_e.php" target="_blank">aTuner</a> - tweak tool for GeForce based graphics cards
5484. Source=Paul Collins Startup list
5485.  
5486. [atwtusb]
5487. Number=779
5488. Confirmed=Y
5489. Filename=atwtusb.exe
5490. Description=USB interface for Aiptek Graphics Tablet (USB)
5491. Source=Paul Collins Startup list
5492.  
5493. [AtxBrw]
5494. Number=780
5495. Confirmed=X
5496. Filename=Iexplor.exe
5497. Description="Pop Marketing" adware
5498. Source=Paul Collins Startup list
5499.  
5500. [au]
5501. Number=781
5502. Confirmed=U
5503. Filename=DealioAu.exe
5504. Description=<a href="http://www.dealio.com/toolbar/index.html" target="_blank">Dealio Toolbar</a> is a free shopping comparison toolbar that allows users to search for a wide range of consumer products
5505. Source=Paul Collins Startup list
5506.  
5507. [AU Agent]
5508. Number=782
5509. Confirmed=U
5510. Filename=AUagent.exe
5511. Description=<a href="http://www.zilab.com/Products/Au/index_2.shtml" target="_blank">Au Agent</a> from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
5512. Source=Paul Collins Startup list
5513.  
5514. [au.exe]
5515. Number=783
5516. Confirmed=X
5517. Filename=au.exe
5518. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021713-3625-99" target="_blank">BEAGLE.B</a> WORM!
5519. Source=Paul Collins Startup list
5520.  
5521. [AUCBPNP]
5522. Number=784
5523. Confirmed=Y
5524. Filename=aucbnpn.exe
5525. Description=Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
5526. Source=Paul Collins Startup list
5527.  
5528. [Aucompat]
5529. Number=785
5530. Confirmed=X
5531. Filename=Aucompat.exe
5532. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
5533. Source=Paul Collins Startup list
5534.  
5535. [Audcntr]
5536. Number=786
5537. Confirmed=X
5538. Filename=audcntr.exe
5539. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
5540. Source=Paul Collins Startup list
5541.  
5542. [AudCtrl]
5543. Number=787
5544. Confirmed=?
5545. Filename=RunDll32 AudCtrl.dll, RCMonitor
5546. Description=<font color="#FF0000">Audio control panel?</font>
5547. Source=Paul Collins Startup list
5548.  
5549. [audi32]
5550. Number=788
5551. Confirmed=X
5552. Filename=audi32.exe
5553. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckfl.html" target="_blank">RANCK-FL</a> TROJAN!
5554. Source=Paul Collins Startup list
5555.  
5556. [AUDIO]
5557. Number=789
5558. Confirmed=X
5559. Filename=SOUND.exe
5560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialployba.html" target=_blank>PLOYB-A</a> TROJAN!
5561. Source=Paul Collins Startup list
5562.  
5563. [audiocfg.exe]
5564. Number=790
5565. Confirmed=X
5566. Filename=audiocfg.exe
5567. Description=Added by the VB.ATE WORM!
5568. Source=Paul Collins Startup list
5569.  
5570. [Audiocntl]
5571. Number=791
5572. Confirmed=X
5573. Filename=audiocntl.exe
5574. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
5575. Source=Paul Collins Startup list
5576.  
5577. [AudioDeck]
5578. Number=792
5579. Confirmed=N
5580. Filename=ADeck.exe
5581. Description=ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
5582. Source=Paul Collins Startup list
5583.  
5584. [Audiodrv]
5585. Number=793
5586. Confirmed=X
5587. Filename=audiodrv.exe
5588. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target= blank>CRYPTER-C</a> TROJAN!
5589. Source=Paul Collins Startup list
5590.  
5591. [AudioDrvEmulator]
5592. Number=794
5593. Confirmed=U
5594. Filename=DLLML.exe AudDrvEm.dll
5595. Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
5596. Source=Paul Collins Startup list
5597.  
5598. [AudioHQ]
5599. Number=795
5600. Confirmed=N
5601. Filename=Ahqtb.exe
5602. Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
5603. Source=Paul Collins Startup list
5604.  
5605. [AudioHQU]
5606. Number=796
5607. Confirmed=N
5608. Filename=AHQTBU.EXE
5609. Description=System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
5610.  
5611. Source=Paul Collins Startup list
5612.  
5613. [audioinf]
5614. Number=797
5615. Confirmed=X
5616. Filename=audioinf.exe
5617. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
5618. Source=Paul Collins Startup list
5619.  
5620. [auloadplx]
5621. Number=798
5622. Confirmed=X
5623. Filename=mplprogsm.exe
5624. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Win32.Slaper.k&threatid=102648" target="_blank">SLAPER.K</a> TROJAN!
5625. Source=Paul Collins Startup list
5626.  
5627. [AUNPS2]
5628. Number=799
5629. Confirmed=X
5630. Filename=RUNDLL32 AUNPS2.DLL, _Run@16
5631. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062019-0029-99" target="_blank">AUNPS</a> adware
5632. Source=Paul Collins Startup list
5633.  
5634. [aupd]
5635. Number=800
5636. Confirmed=X
5637. Filename=symcsvc.exe
5638. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072614-3940-99" target=_blank>ABWIZ.D</a> TROJAN!
5639. Source=Paul Collins Startup list
5640.  
5641. [aupd]
5642. Number=801
5643. Confirmed=X
5644. Filename=sysvcs.exe
5645. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072216-2140-99" target=_blank>ABWIZ.C</a> TROJAN!
5646. Source=Paul Collins Startup list
5647.  
5648. [aupd]
5649. Number=802
5650. Confirmed=X
5651. Filename=sywsvcs.exe
5652. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsem.html" target=_blank>ORSE-M</a> TROJAN!
5653. Source=Paul Collins Startup list
5654.  
5655. [Aureal A3D Interactive Audio]
5656. Number=803
5657. Confirmed=Y
5658. Filename=sa3dsrv.exe
5659. Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
5660. Source=Paul Collins Startup list
5661.  
5662. [Aureal A3D Interactive Audio Init]
5663. Number=804
5664. Confirmed=Y
5665. Filename=A3dInit.exe
5666. Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled
5667. Source=Paul Collins Startup list
5668.  
5669. [ausvc]
5670. Number=805
5671. Confirmed=X
5672. Filename=ausvc.exe
5673. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
5674. Source=Paul Collins Startup list
5675.  
5676. [Auth Starter Ident]
5677. Number=806
5678. Confirmed=X
5679. Filename=startauth.exe
5680. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwp.html" target= blank>RBOT-WP</a> WORM!
5681. Source=Paul Collins Startup list
5682.  
5683. [authz]
5684. Number=807
5685. Confirmed=X
5686. Filename=authz.exe
5687. Description=Added by an unidentified VIRUS, WORM or TROJAN!
5688. Source=Paul Collins Startup list
5689.  
5690. [Auto CD-ROM Startup]
5691. Number=808
5692. Confirmed=X
5693. Filename=cdaccess.exe
5694. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BLA&VSect=P" target=_blank>SPYBOT.BLA</a> WORM!
5695. Source=Paul Collins Startup list
5696.  
5697. [Auto EPSON Stylus CX6400 on DDLS1Z11]
5698. Number=809
5699. Confirmed=U
5700. Filename=E_S4I2L1.EXE
5701. Description=Related to Epson Stylus CX6400 Series printer
5702.  
5703. Source=Paul Collins Startup list
5704.  
5705. [auto repair system]
5706. Number=810
5707. Confirmed=X
5708. Filename=qualityx.exe
5709. Description=Added by an unidentified WORM or TROJAN - probably a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> variant
5710. Source=Paul Collins Startup list
5711.  
5712. [Auto Switch]
5713. Number=811
5714. Confirmed=U
5715. Filename=TASKBAR.exe
5716. Description=Related to 2-port Bitronics AutoSwitch kit from Belkin
5717. Source=Paul Collins Startup list
5718.  
5719. [Auto T Bar]
5720. Number=812
5721. Confirmed=N
5722. Filename=autotbar.exe
5723. Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
5724. Source=Paul Collins Startup list
5725.  
5726. [Auto Updat]
5727. Number=813
5728. Confirmed=X
5729. Filename=WindowsSys32.exe
5730. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
5731. Source=Paul Collins Startup list
5732.  
5733. [Auto updat]
5734. Number=814
5735. Confirmed=X
5736. Filename=crcss.exe
5737. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AAG&VSect=T" target=_blank>SDBOT.AAG</a> WORM!
5738. Source=Paul Collins Startup list
5739.  
5740. [Auto Update]
5741. Number=815
5742. Confirmed=X
5743. Filename=AUP.exe
5744. Description=Added by an unididentified WORM or TROJAN!
5745. Source=Paul Collins Startup list
5746.  
5747. [Auto Update]
5748. Number=816
5749. Confirmed=X
5750. Filename=dma.exe
5751. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavo.html" target=_blank>RBOT-AVO</a> WORM!
5752. Source=Paul Collins Startup list
5753.  
5754. [Auto Update]
5755. Number=817
5756. Confirmed=X
5757. Filename=svchost.exe
5758. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdumardla.html" target=_blank>DUMARDI-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
5759. Source=Paul Collins Startup list
5760.  
5761. [Auto Updates]
5762. Number=818
5763. Confirmed=X
5764. Filename=svchost.exe
5765. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukoa.html" target=_blank>CHEUKO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
5766. Source=Paul Collins Startup list
5767.  
5768. [Auto WinUpdate]
5769. Number=819
5770. Confirmed=X
5771. Filename=taskmrg.exe
5772. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafa.html" target=_blank>RBOT-AFA</a> WORM!
5773. Source=Paul Collins Startup list
5774.  
5775. [Autobar]
5776. Number=820
5777. Confirmed=U
5778. Filename=autobar.exe
5779. Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers
5780. Source=Paul Collins Startup list
5781.  
5782. [AutoCAD Startup Accelerator]
5783. Number=821
5784. Confirmed=U
5785. Filename=acstart16.exe
5786. Description=Preloads some libraries that are used by <a href="http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=5127213" target=_blank>AutoCAD</a> in order to make the software load faster
5787. Source=Paul Collins Startup list
5788.  
5789. [autoclk]
5790. Number=822
5791. Confirmed=U
5792. Filename=autoclk.exe
5793. Description=<a href="http://autoclik.8m.com/" target=_blank>Autoclik</a> is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
5794. Source=Paul Collins Startup list
5795.  
5796. [AutoEA]
5797. Number=823
5798. Confirmed=N
5799. Filename=Ahqrun.exe
5800. Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
5801. Source=Paul Collins Startup list
5802.  
5803. [AUTOEXE]
5804. Number=824
5805. Confirmed=X
5806. Filename=AUTOEXE.exe
5807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
5808. Source=Paul Collins Startup list
5809.  
5810. [Autoloaderaproposclient]
5811. Number=825
5812. Confirmed=X
5813. Filename=Apropos_Client_Loader.exe
5814. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
5815. Source=Paul Collins Startup list
5816.  
5817. [Autoloaderaproposclient]
5818. Number=826
5819. Confirmed=X
5820. Filename=cxtpls_loader.exe
5821. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
5822. Source=Paul Collins Startup list
5823.  
5824. [AutoLoaderEnvoloAutoUpdater]
5825. Number=827
5826. Confirmed=X
5827. Filename=auto_update_loader.exe
5828. Description=<a href="http://www.securemost.com/articles/trou_3_remove_aproposmedia.htm" target=_blank>Envolo/AproposMedia</a> adware updater
5829. Source=Paul Collins Startup list
5830.  
5831. [AutoMate Task Service ]
5832. Number=828
5833. Confirmed=N
5834. Filename=automate.exe
5835. Description=Task scheduler for <a href="http://www.unisyn.com/" target="_blank">Unisyn Automate 4</a> task automation/macro running software. Available via a desktop shortcut or Start -> Programs
5836. Source=Paul Collins Startup list
5837.  
5838. [AutoMate5]
5839. Number=829
5840. Confirmed=U
5841. Filename=Am5HkWnd.exe
5842. Description="<a href="http://www.networkautomation.com/automate/index.htm" target="_blank">Automate</a> is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"
5843. Source=Paul Collins Startup list
5844.  
5845. [Automatic Defrag Manager]
5846. Number=830
5847. Confirmed=X
5848. Filename=defrag.exe
5849. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotake.html" target=_blank>RBOT-AKE</a> WORM!
5850. Source=Paul Collins Startup list
5851.  
5852. [Automatic Microsoft Windows Updater]
5853. Number=831
5854. Confirmed=X
5855. Filename=suchost.exe
5856. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteq.html" target=_blank>RBOT-EQ</a> WORM!
5857.  
5858. Source=Paul Collins Startup list
5859.  
5860. [Automatic Windows Updater]
5861. Number=832
5862. Confirmed=X
5863. Filename=Update.exe
5864. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
5865. Source=Paul Collins Startup list
5866.  
5867. [Automatically launches the United Devices Agent when you start your computer]
5868. Number=833
5869. Confirmed=N
5870. Filename=UD.EXE
5871. Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
5872. Source=Paul Collins Startup list
5873.  
5874. [Autopdate]
5875. Number=834
5876. Confirmed=X
5877. Filename=Autopdate.exe
5878. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagl.html" target=_blank>RBOT-AGL</a> WORM!
5879. Source=Paul Collins Startup list
5880.  
5881. [AUTOPROP]
5882. Number=835
5883. Confirmed=N
5884. Filename=REGPROP.EXE WMPADDIN.DLL
5885. Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
5886. Source=Paul Collins Startup list
5887.  
5888. [AUTOPROTECTU]
5889. Number=836
5890. Confirmed=X
5891. Filename=navapq32.exe
5892. Description=Added by an unidentified WORM or TROJAN!
5893. Source=Paul Collins Startup list
5894.  
5895. [autorepair]
5896. Number=837
5897. Confirmed=X
5898. Filename=dexs.exe
5899. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
5900. Source=Paul Collins Startup list
5901.  
5902. [Autoroute SMTP]
5903. Number=838
5904. Confirmed=U
5905. Filename=AutoSmtp.exe
5906. Description=<a href="http://www.mailutilities.com/ars/" target="_blank">Autoroute SMTP</a> - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers
5907. Source=Paul Collins Startup list
5908.  
5909. [autorun]
5910. Number=839
5911. Confirmed=X
5912. Filename=autorun.exe
5913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsautomb.html" target="_blank">AUTOM-B</a> WORM!
5914. Source=Paul Collins Startup list
5915.  
5916. [AutoShutdown]
5917. Number=840
5918. Confirmed=?
5919. Filename=pssvc.exe
5920. Description=<font color="#FF0000">Utility to fix vCard Export in MS Outlook 2000 - although why are these together?</font>
5921. Source=Paul Collins Startup list
5922.  
5923. [AutoSizer]
5924. Number=841
5925. Confirmed=U
5926. Filename=AUTOSIZER.EXE
5927. Description=<a href="http://www.southbaypc.com/AutoSizer/" target="_blank">AutoSizer</a> - utility that automatically maximizes windows when they're opened
5928. Source=Paul Collins Startup list
5929.  
5930. [AutoSpell]
5931. Number=842
5932. Confirmed=N
5933. Filename=autospel.exe
5934. Description=<a href="http://www.spellchecker.com/" target="_blank">AutoSpell</a> - spell checker (version 6.*)
5935. Source=Paul Collins Startup list
5936.  
5937. [AutoSpell 5]
5938. Number=843
5939. Confirmed=N
5940. Filename=ASWATC32.EXE
5941. Description=<a href="http://www.spellchecker.com/" target="_blank">AutoSpell</a> - spell checker
5942. Source=Paul Collins Startup list
5943.  
5944. [AutoSys]
5945. Number=844
5946. Confirmed=U
5947. Filename=autosys.exe
5948. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Winguardian&threatid=40587" target="_blank">Winguardian</a> surveillance software. Uninstall this software unless you put it there yourself
5949. Source=Paul Collins Startup list
5950.  
5951. [autotbar]
5952. Number=845
5953. Confirmed=N
5954. Filename=autotbar.exe
5955. Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
5956. Source=Paul Collins Startup list
5957.  
5958. [AutoTKit]
5959. Number=846
5960. Confirmed=N
5961. Filename=AUTOTKIT.EXE
5962. Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
5963. Source=Paul Collins Startup list
5964.  
5965. [autoupd]
5966. Number=847
5967. Confirmed=N
5968. Filename=autoupd.exe
5969. Description=<a href="http://www.raxco.com/support/windows/kb_details.cfm?kbid=46" target="_blank">Raxco Software Auto Update</a> utility."Used to keep your software up-to-date"
5970. Source=Paul Collins Startup list
5971.  
5972. [autoupd]
5973. Number=848
5974. Confirmed=X
5975. Filename=autoupd.exe
5976. Description=Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
5977. Source=Paul Collins Startup list
5978.  
5979. [autoupdate]
5980. Number=849
5981. Confirmed=X
5982. Filename=WINUP2DATE.DLL, SHStart
5983. Description=Unidentified adware - detected by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as the CLICKER.CY TROJAN!
5984. Source=Paul Collins Startup list
5985.  
5986. [autoupdate]
5987. Number=850
5988. Confirmed=X
5989. Filename=rundll32 [path] DATADX.DLL, SHStart
5990. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
5991. Source=Paul Collins Startup list
5992.  
5993. [autoupdate]
5994. Number=851
5995. Confirmed=X
5996. Filename=rundll32 [path] SUPDATE.DLL, SHStart
5997. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target="_blank">QOOLOGIC</a> TROJAN!
5998. Source=Paul Collins Startup list
5999.  
6000. [Autoupdate Service]
6001. Number=852
6002. Confirmed=X
6003. Filename=kaka.exe
6004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsympeb.html" target=_blank>SYMPE-B</a> TROJAN!
6005. Source=Paul Collins Startup list
6006.  
6007. [AutoUpdater]
6008. Number=853
6009. Confirmed=X
6010. Filename=aupdate.exe
6011. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TinyBar&threatid=13064&search=Tinybar" target="_blank">Tinybar</a> variant
6012. Source=Paul Collins Startup list
6013.  
6014. [AutoUpdater]
6015. Number=854
6016. Confirmed=X
6017. Filename=AutoUpdate.exe
6018. Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware
6019. Source=Paul Collins Startup list
6020.  
6021. [autoupdatev2]
6022. Number=855
6023. Confirmed=X
6024. Filename=[path to file]
6025. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdropperbm.html" target=_blank>DROPPER-BM</a> TROJAN!
6026. Source=Paul Collins Startup list
6027.  
6028. [autoupdatev2]
6029. Number=856
6030. Confirmed=X
6031. Filename=autoupdatev2.exe
6032. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Clicker.Win32.Agent.fq
6033. Source=Paul Collins Startup list
6034.  
6035. [AutoVirusProtection]
6036. Number=857
6037. Confirmed=X
6038. Filename=ciscv.exe
6039. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
6040. Source=Paul Collins Startup list
6041.  
6042. [auto__antiav__key]
6043. Number=858
6044. Confirmed=X
6045. Filename=antiav_exe.exe
6046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlaa.html" target=_blank>BAGLEDI-AA</a> TROJAN!
6047. Source=Paul Collins Startup list
6048.  
6049. [auto__hloader__key]
6050. Number=859
6051. Confirmed=X
6052. Filename=hloader_exe.exe
6053. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.AB&VSect=P" target=_blank>BAGLE.AB</a> TROJAN!
6054. Source=Paul Collins Startup list
6055.  
6056. [aux.exe]
6057. Number=860
6058. Confirmed=X
6059. Filename=aux.exe
6060. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010115-5424-99" target=_blank>ZINS</a> TROJAN!
6061. Source=Paul Collins Startup list
6062.  
6063. [auxAudioDevice]
6064. Number=861
6065. Confirmed=X
6066. Filename=aux32.exe
6067. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091017-5519-99" target="_blank">AIZU</a> WORM!
6068. Source=Paul Collins Startup list
6069.  
6070. [AUXXTRAY]
6071. Number=862
6072. Confirmed=N
6073. Filename=au30setp.exe
6074. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
6075. Source=Paul Collins Startup list
6076.  
6077. [AV]
6078. Number=863
6079. Confirmed=X
6080. Filename=UPDATE-28062004.exe[25 blank spaces].vbs
6081. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110809-1153-99" target=_blank>MIDFIN</a> WORM!
6082. Source=Paul Collins Startup list
6083.  
6084. [AV Client]
6085. Number=864
6086. Confirmed=X
6087. Filename=patch31345.exe
6088. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100413-3115-99" target=_blank>MYDOOM.AD</a> WORM!
6089. Source=Paul Collins Startup list
6090.  
6091. [AV Industry]
6092. Number=865
6093. Confirmed=X
6094. Filename=patch31345.exe
6095. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100413-3115-99" target=_blank>MYDOOM.AD</a> WORM!
6096. Source=Paul Collins Startup list
6097.  
6098. [AV UpDate]
6099. Number=866
6100. Confirmed=X
6101. Filename=Update.exe
6102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfuroota.html" target= blank>FUROOT-A</a> TROJAN!
6103. Source=Paul Collins Startup list
6104.  
6105. [AvaFind]
6106. Number=867
6107. Confirmed=N
6108. Filename=AvaFind.exe
6109. Description=<a href="http://www.think-less-do-more.com/avafind/" target="_blank">AvaFind</a> file search utility
6110. Source=Paul Collins Startup list
6111.  
6112. [AVantivirus]
6113. Number=868
6114. Confirmed=X
6115. Filename=Avconsol.exe
6116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
6117. Source=Paul Collins Startup list
6118.  
6119. [Avast!]
6120. Number=869
6121. Confirmed=Y
6122. Filename=ashserv.exe
6123. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
6124. Source=Paul Collins Startup list
6125.  
6126. [avast!]
6127. Number=870
6128. Confirmed=Y
6129. Filename=ashDisp.exe
6130. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
6131. Source=Paul Collins Startup list
6132.  
6133. [avast! Web Scanner]
6134. Number=871
6135. Confirmed=Y
6136. Filename=Ashwebsv.exe
6137. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
6138. Source=Paul Collins Startup list
6139.  
6140. [Avast32]
6141. Number=872
6142. Confirmed=Y
6143. Filename=Astart32.exe
6144. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software
6145. Source=Paul Collins Startup list
6146.  
6147. [avc]
6148. Number=873
6149. Confirmed=X
6150. Filename=avmon.exe
6151. Description=Added by an unidentified TROJAN!
6152. Source=Paul Collins Startup list
6153.  
6154. [AvconsoleEXE]
6155. Number=874
6156. Confirmed=U
6157. Filename=Avconsol.exe
6158. Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
6159. Source=Paul Collins Startup list
6160.  
6161. [AveoAttune]
6162. Number=875
6163. Confirmed=X
6164. Filename=atmdlusr.exe
6165. Description=Spyware - part of an automated helpdesk software
6166. Source=Paul Collins Startup list
6167.  
6168. [AVFX Engine]
6169. Number=876
6170. Confirmed=U
6171. Filename=StartFX.exe
6172. Description=<a href="http://www.creative.com/products/webcams/avfx/" target="_blank">Advanced Video FX</a> - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"
6173. Source=Paul Collins Startup list
6174.  
6175. [AvG]
6176. Number=877
6177. Confirmed=X
6178. Filename=svchost323.exe
6179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotza.html" target= blank>RBOT-ZA</a> WORM!
6180. Source=Paul Collins Startup list
6181.  
6182. [AVG Anti-Virus system]
6183. Number=878
6184. Confirmed=Y
6185. Filename=avgcc.exe
6186. Description=<a href="http://www.grisoft.com/" target="_blank">AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
6187. Source=Paul Collins Startup list
6188.  
6189. [Avg Antivirus]
6190. Number=879
6191. Confirmed=X
6192. Filename=icpldrvx.exe
6193. Description=Added by the <a href="http://www.quickheal.co.in/public/alerts/banker_byu.asp" target="_blank">BANKER.BYU</a> TROJAN!
6194. Source=Paul Collins Startup list
6195.  
6196. [AVG Grisoft Updater]
6197. Number=880
6198. Confirmed=X
6199. Filename=updater.exe
6200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotot.html" target=_blank>AGOBOT-OT</a> WORM!
6201. Source=Paul Collins Startup list
6202.  
6203. [AVG7_AMSVR]
6204. Number=881
6205. Confirmed=Y
6206. Filename=Avgamsvr.exe
6207. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
6208. Source=Paul Collins Startup list
6209.  
6210. [AVG7_CC]
6211. Number=882
6212. Confirmed=Y
6213. Filename=AVGCC.exe
6214. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
6215. Source=Paul Collins Startup list
6216.  
6217. [AVG7_CC]
6218. Number=883
6219. Confirmed=Y
6220. Filename=avgcc.exe
6221. Description=<a href="http://www.grisoft.com/" target="_blank">AVG</a> Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
6222. Source=Paul Collins Startup list
6223.  
6224. [AVG7_EMC]
6225. Number=884
6226. Confirmed=Y
6227. Filename=AVGEMC.exe
6228. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
6229. Source=Paul Collins Startup list
6230.  
6231. [AVG7_Run]
6232. Number=885
6233. Confirmed=Y
6234. Filename=avgw.exe
6235. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
6236. Source=Paul Collins Startup list
6237.  
6238. [avgamsvr.exe]
6239. Number=886
6240. Confirmed=Y
6241. Filename=Avgamsvr.exe
6242. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus related
6243. Source=Paul Collins Startup list
6244.  
6245. [avgcc32]
6246. Number=887
6247. Confirmed=Y
6248. Filename=avgcc32.exe
6249. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
6250. Source=Paul Collins Startup list
6251.  
6252. [AVGCtrl]
6253. Number=888
6254. Confirmed=Y
6255. Filename=AVGCtrl.exe
6256. Description=Part of <a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> antivirus
6257. Source=Paul Collins Startup list
6258.  
6259. [avgfwsrv]
6260. Number=889
6261. Confirmed=Y
6262. Filename=AVGFWSRV.EXE
6263. Description=Firewall part of the <a href="http://www.grisoft.com/doc/31/us/crp/4?prd=afw" target="_blank">AVG Plus Firewall Edition</a>
6264. Source=Paul Collins Startup list
6265.  
6266. [avgmsvr.exe]
6267. Number=890
6268. Confirmed=Y
6269. Filename=avgmsvr.exe
6270. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 related
6271. Source=Paul Collins Startup list
6272.  
6273. [AVGnt]
6274. Number=891
6275. Confirmed=Y
6276. Filename=AVGnt.exe
6277. Description=<a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> antivirus. System Tray icon and control program
6278.  
6279. Source=Paul Collins Startup list
6280.  
6281. [Avgserv9.exe]
6282. Number=892
6283. Confirmed=Y
6284. Filename=Avgserv9.exe
6285. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> antivirus background monitoring
6286. Source=Paul Collins Startup list
6287.  
6288. [AVGuard]
6289. Number=893
6290. Confirmed=Y
6291. Filename=AVGuard.exe
6292. Description=<a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> antivirus. Background task which scans files transparently
6293.  
6294. Source=Paul Collins Startup list
6295.  
6296. [AVG_CC]
6297. Number=894
6298. Confirmed=Y
6299. Filename=avgcc32.exe
6300. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
6301. Source=Paul Collins Startup list
6302.  
6303. [AVG_EMC]
6304. Number=895
6305. Confirmed=Y
6306. Filename=AVGEMC.exe
6307. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
6308. Source=Paul Collins Startup list
6309.  
6310. [AVG_RegCleaner]
6311. Number=896
6312. Confirmed=Y
6313. Filename=AVGREGCL.exe
6314. Description=<a href="http://www.grisoft.com/" target=_blank>AVG</a> Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
6315. Source=Paul Collins Startup list
6316.  
6317. [avidrv]
6318. Number=897
6319. Confirmed=X
6320. Filename=drvsc.exe
6321. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Agent.ph
6322. Source=Paul Collins Startup list
6323.  
6324. [Avimgt]
6325. Number=898
6326. Confirmed=X
6327. Filename=Avimgt.exe
6328. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
6329. Source=Paul Collins Startup list
6330.  
6331. [Avimgt32]
6332. Number=899
6333. Confirmed=X
6334. Filename=Avimgt32.exe
6335. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
6336. Source=Paul Collins Startup list
6337.  
6338. [avinit]
6339. Number=900
6340. Confirmed=Y
6341. Filename=AVINIT9X.EXE
6342. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
6343. Source=Paul Collins Startup list
6344.  
6345. [AVK Mail Checker]
6346. Number=901
6347. Confirmed=Y
6348. Filename=AVKPop.exe
6349. Description=<a href="http://www.boomerangsoftware.com/Products/AntiVirus/AVKProInfo.htm" target=_blank>eXtendia</a> AVK AntiVirus email checker 
6350. Source=Paul Collins Startup list
6351.  
6352. [AVKBar]
6353. Number=902
6354. Confirmed=Y
6355. Filename=AVKBar.exe
6356. Description=GData <a href="http://www.gdata.de/trade/productview/488/16/" target=_blank>AntiVirusKit</a> Anti-virus
6357. Source=Paul Collins Startup list
6358.  
6359. [AvMaiSrv]
6360. Number=903
6361. Confirmed=Y
6362. Filename=Avmaisrv.exe
6363. Description=Part of <a href="http://www.avast.com/" target="_blank">Avast!</a> anti-virus software - E-mail scanner
6364. Source=Paul Collins Startup list
6365.  
6366. [avnort]
6367. Number=904
6368. Confirmed=X
6369. Filename=formatsys.exe
6370. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
6371. Source=Paul Collins Startup list
6372.  
6373. [avnort]
6374. Number=905
6375. Confirmed=X
6376. Filename=msmbw.exe
6377. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
6378. Source=Paul Collins Startup list
6379.  
6380. [avnort]
6381. Number=906
6382. Confirmed=X
6383. Filename=serbw.exe
6384. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
6385. Source=Paul Collins Startup list
6386.  
6387. [avp]
6388. Number=907
6389. Confirmed=Y
6390. Filename=avp.exe
6391. Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
6392. Source=Paul Collins Startup list
6393.  
6394. [AVP]
6395. Number=908
6396. Confirmed=X
6397. Filename=[path to trojan]
6398. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmutboa.html" target=_blank>MUTBO-A</a> TROJAN!
6399. Source=Paul Collins Startup list
6400.  
6401. [AVP-SE]
6402. Number=909
6403. Confirmed=X
6404. Filename=avp-32.exe
6405. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FS" target="_blank">AGOBOT.FS</a> WORM!
6406. Source=Paul Collins Startup list
6407.  
6408. [avpcc]
6409. Number=910
6410. Confirmed=Y
6411. Filename=avpcc.exe
6412. Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
6413. Source=Paul Collins Startup list
6414.  
6415. [avpm]
6416. Number=911
6417. Confirmed=Y
6418. Filename=avpm.exe
6419. Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> anti-virus
6420. Source=Paul Collins Startup list
6421.  
6422. [Avpr]
6423. Number=912
6424. Confirmed=X
6425. Filename=avpr.exe
6426. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101709-2151-99" target=_blank>MYDOOM.AF</a> WORM!
6427. Source=Paul Collins Startup list
6428.  
6429. [avptask]
6430. Number=913
6431. Confirmed=X
6432. Filename=[path to trojan]
6433. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnofereg.html" target="_blank">NOFERE-G</a> TROJAN!
6434. Source=Paul Collins Startup list
6435.  
6436. [avptask]
6437. Number=914
6438. Confirmed=X
6439. Filename=expl0rer.exe
6440. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.JJO" target="_blank">AGENT.JJO</a> TROJAN!
6441. Source=Paul Collins Startup list
6442.  
6443. [Avptask]
6444. Number=915
6445. Confirmed=X
6446. Filename=rund1132.exe
6447. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.PKZ" target="_blank">AGENT.PKZ</a> TROJAN!
6448. Source=Paul Collins Startup list
6449.  
6450. [Avril Lavigne - Muse]
6451. Number=916
6452. Confirmed=X
6453. Filename=[random filename]
6454. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avrila.html" target="_blank">AVRIL-A</a> WORM!
6455. Source=Paul Collins Startup list
6456.  
6457. [AVSCHED32]
6458. Number=917
6459. Confirmed=Y
6460. Filename=AVSched32.exe
6461. Description=<a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> - antivirus
6462.  
6463. Source=Paul Collins Startup list
6464.  
6465. [AVSchedScan]
6466. Number=918
6467. Confirmed=Y
6468. Filename=SCHSC9X.EXE
6469. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
6470. Source=Paul Collins Startup list
6471.  
6472. [AvSer]
6473. Number=919
6474. Confirmed=X
6475. Filename=dsm.exe
6476. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
6477. Source=Paul Collins Startup list
6478.  
6479. [AvSer]
6480. Number=920
6481. Confirmed=X
6482. Filename=msmpatch.exe
6483. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
6484. Source=Paul Collins Startup list
6485.  
6486. [AvSer]
6487. Number=921
6488. Confirmed=X
6489. Filename=svosm.exe
6490. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
6491. Source=Paul Collins Startup list
6492.  
6493. [AvSer]
6494. Number=922
6495. Confirmed=X
6496. Filename=sysup.exe
6497. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
6498. Source=Paul Collins Startup list
6499.  
6500. [avserve.exe]
6501. Number=923
6502. Confirmed=X
6503. Filename=avserve.exe
6504. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050116-1831-99" target="_blank">SASSER</a> WORM!
6505. Source=Paul Collins Startup list
6506.  
6507. [avserve2.exe]
6508. Number=924
6509. Confirmed=X
6510. Filename=avserve2.exe
6511. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1001-99" target="_blank">SASSER.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050216-3656-99" target="_blank">SASSER.C</a> WORMS!
6512. Source=Paul Collins Startup list
6513.  
6514. [avserve3.exe]
6515. Number=925
6516. Confirmed=X
6517. Filename=avserve3.exe
6518. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082413-3637-99" target="_blank">SASSER.G</a> WORM!
6519. Source=Paul Collins Startup list
6520.  
6521. [AVStation premium]
6522. Number=926
6523. Confirmed=U
6524. Filename=AVStation agent.exe
6525. Description=Related to <a href="http://www.samsung.com/in/products/notepc/notepc/leaflets/X20.pdf" target=_blank>Samsung AV Station</a> - instant playback of music, photos, videos
6526. Source=Paul Collins Startup list
6527.  
6528. [Avtray]
6529. Number=927
6530. Confirmed=N
6531. Filename=Avtray.exe
6532. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> tray icon
6533. Source=Paul Collins Startup list
6534.  
6535. [AVWLPSTA]
6536. Number=928
6537. Confirmed=?
6538. Filename=AVWLPSTA.exe
6539. Description=PRISM Status Tray Applet - <font color="#FF0000">but what is it for and is it required?</font>
6540. Source=Paul Collins Startup list
6541.  
6542. [AVWUpd32]
6543. Number=929
6544. Confirmed=Y
6545. Filename=AVWUPD32.EXE
6546. Description=<a href="http://www.free-av.com/" target=_blank>AntiVir« PersonalEdition Classic</a> - updater
6547.  
6548. Source=Paul Collins Startup list
6549.  
6550. [avx communicator]
6551. Number=930
6552. Confirmed=Y
6553. Filename=xcommsur.exe
6554. Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
6555. Source=Paul Collins Startup list
6556.  
6557. [Avxlive]
6558. Number=931
6559. Confirmed=Y
6560. Filename=avxlive.exe
6561. Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> or <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
6562. Source=Paul Collins Startup list
6563.  
6564. [avxlni]
6565. Number=932
6566. Confirmed=Y
6567. Filename=avxinit.exe
6568. Description=Anti-virus part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
6569. Source=Paul Collins Startup list
6570.  
6571. [Avxnews]
6572. Number=933
6573. Confirmed=?
6574. Filename=??
6575. Description=<font color="#FF0000">??</font>
6576. Source=Paul Collins Startup list
6577.  
6578. [Awatch]
6579. Number=934
6580. Confirmed=U
6581. Filename=Awatch.exe
6582. Description=Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
6583. Source=Paul Collins Startup list
6584.  
6585. [AwaySch]
6586. Number=935
6587. Confirmed=U
6588. Filename=AwaySch.EXE
6589. Description=Part of the IBM <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/productivity_ctr.html" target="_blank">ThinkVantage Productivity Center</a>. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"
6590. Source=Paul Collins Startup list
6591.  
6592. [awhost32]
6593. Number=936
6594. Confirmed=N
6595. Filename=awhost32.exe
6596. Description=Part of Symantec's <a href="http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=pf&pvid=pca12" target="_blank">pcAnywhere</a> remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
6597. Source=Paul Collins Startup list
6598.  
6599. [AWMON]
6600. Number=937
6601. Confirmed=U
6602. Filename=Ad-Watch.exe
6603. Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
6604. Source=Paul Collins Startup list
6605.  
6606. [AWMON]
6607. Number=938
6608. Confirmed=U
6609. Filename=Ad-Monitor.exe
6610. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> Anti-Spyware
6611. Source=Paul Collins Startup list
6612.  
6613. [AWUSGSTA]
6614. Number=939
6615. Confirmed=?
6616. Filename=AWUSGSTA.exe
6617. Description=Reportedly related to a USB Wifi Adapter - <font color="#FF0000">is it required at startup?</font>
6618.  
6619. Source=Paul Collins Startup list
6620.  
6621. [awxDTools]
6622. Number=940
6623. Confirmed=U
6624. Filename=awxDTools.dll, awxRegisterDll
6625. Description=<a href="http://www.hbreitner.de/awxdtools/" target= blank>AwxDTools</a> related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...)
6626. Source=Paul Collins Startup list
6627.  
6628. [AxFilter]
6629. Number=941
6630. Confirmed=?
6631. Filename=Rundll32 AXFILTER.DLL, Rundll32
6632. Description=<font color="#FF0000">??</font>
6633. Source=Paul Collins Startup list
6634.  
6635. [AXVenore]
6636. Number=942
6637. Confirmed=X
6638. Filename=AXVenore.exe
6639. Description=<a href="http://fileinfo.prevx.com/QQb33919476991-AXVE15381588/AXVENORE.EXE.html" target=_blank>Identified</a> as a TROJAN!
6640.  
6641. Source=Paul Collins Startup list
6642.  
6643. [AzMixerSel]
6644. Number=943
6645. Confirmed=U
6646. Filename=AzMixerSel.exe
6647. Description=Related to <a href="http://www.realtek.com.tw/" target="_blank">Realtek_Azalia</a> Mixer Selector
6648. Source=Paul Collins Startup list
6649.  
6650. [azmodem]
6651. Number=944
6652. Confirmed=Y
6653. Filename=azexe.exe
6654. Description=<a href="http://www.aztech.com/" target=_blank>Aztech Labs</a> modem driver
6655. Source=Paul Collins Startup list
6656.  
6657. [a_vpd]
6658. Number=945
6659. Confirmed=?
6660. Filename=vpd.exe
6661. Description=Located in the IBMTOOLS\VPD sub-directory. <font color="#FF0000">What does it do and is it required?</font>
6662. Source=Paul Collins Startup list
6663.  
6664. [a▓]
6665. Number=946
6666. Confirmed=U
6667. Filename=a2guard.exe
6668. Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a▓ 'Background Guard' real time protection feature
6669. Source=Paul Collins Startup list
6670.  
6671. [B'sCLiP]
6672. Number=947
6673. Confirmed=N
6674. Filename=BSCLIP.exe
6675. Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
6676. Source=Paul Collins Startup list
6677.  
6678. [b.exe]
6679. Number=948
6680. Confirmed=X
6681. Filename=b.exe
6682. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BND&VSect=T" target=_blank>SDBOT.BND</a> WORM!
6683. Source=Paul Collins Startup list
6684.  
6685. [B.Reader]
6686. Number=949
6687. Confirmed=N
6688. Filename=remin.exe
6689. Description=<a href="http://www.harshal.da.ru/" target="_blank">Birthday Reminder 5.0</a> - as the name implies
6690. Source=Paul Collins Startup list
6691.  
6692. [b3d]
6693. Number=950
6694. Confirmed=X
6695. Filename=BDEsecureinstall.exe
6696. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
6697. Source=Paul Collins Startup list
6698.  
6699. [b3dUpdate]
6700. Number=951
6701. Confirmed=X
6702. Filename=Zupdate.exe
6703. Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
6704. Source=Paul Collins Startup list
6705.  
6706. [b9]
6707. Number=952
6708. Confirmed=U
6709. Filename=B9.exe
6710. Description=<a href="http://www.firetrust.com/firetrustbenign.html" target="_blank">FireTrust Benign</a> - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
6711. Source=Paul Collins Startup list
6712.  
6713. [b99]
6714. Number=953
6715. Confirmed=X
6716. Filename=msmm.exe
6717. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
6718. Source=Paul Collins Startup list
6719.  
6720. [bab]
6721. Number=954
6722. Confirmed=X
6723. Filename=svchst32.exe
6724. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41035" target="_blank">AGENT.Q</a> TROJAN!
6725. Source=Paul Collins Startup list
6726.  
6727. [babeie]
6728. Number=955
6729. Confirmed=X
6730. Filename=rundll32 cnbabe.dll, dllstartup
6731. Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
6732. Source=Paul Collins Startup list
6733.  
6734. [Babylon Client]
6735. Number=956
6736. Confirmed=N
6737. Filename=Babylon.exe
6738. Description=<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
6739. Source=Paul Collins Startup list
6740.  
6741. [Babylon Translator]
6742. Number=957
6743. Confirmed=N
6744. Filename=Babylon.exe
6745. Description="<a href="http://www.babylon.com/" target="_blank">Babylon-Pro</a> is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
6746. Source=Paul Collins Startup list
6747.  
6748. [Back Updates]
6749. Number=958
6750. Confirmed=X
6751. Filename=Uninstall.log.vbs
6752. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040911-2617-99" target=_blank>YPSAN.D</a> WORM!
6753. Source=Paul Collins Startup list
6754.  
6755. [Backdoor.NuAgent]
6756. Number=959
6757. Confirmed=X
6758. Filename=agent.exe
6759. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdp.html" target=_blank>AGENT-DP</a> TROJAN!
6760. Source=Paul Collins Startup list
6761.  
6762. [Background Intelligent Transfer Service]
6763. Number=960
6764. Confirmed=X
6765. Filename=rundll32.exe
6766. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>VB-ZD</a> TROJAN! Note - this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file!
6767. Source=Paul Collins Startup list
6768.  
6769. [BackgroundSwitcher]
6770. Number=961
6771. Confirmed=U
6772. Filename=bgswitch.exe
6773. Description=Originally included with Microsoft's XP PowerToys (but now withdrawn - see <a href="http://www.aumha.org/a/powertoy.php" target="_blank">here</a>, Background Switcher allows your desktop background to periodically change
6774. Source=Paul Collins Startup list
6775.  
6776. [Backpack UDF]
6777. Number=962
6778. Confirmed=N
6779. Filename=bpudfmon.exe
6780. Description=<a href="http://www.nero.com/" target="_blank">Backpack UDF</a> packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
6781. Source=Paul Collins Startup list
6782.  
6783. [backup]
6784. Number=963
6785. Confirmed=X
6786. Filename=[path to worm]
6787. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboth.html" target="_blank">AGOBOT-H</a> WORM!
6788. Source=Paul Collins Startup list
6789.  
6790. [Backup Service]
6791. Number=964
6792. Confirmed=X
6793. Filename=backup.svc
6794. Description=Unidentified adware
6795. Source=Paul Collins Startup list
6796.  
6797. [Backup4all OTB Agent]
6798. Number=965
6799. Confirmed=U
6800. Filename=B4AOTB.exe
6801. Description="<a href="http://www.backup4all.com/backup4all.php" target="_blank">Backup4all</a> is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"
6802. Source=Paul Collins Startup list
6803.  
6804. [BackupExecScheduler]
6805. Number=966
6806. Confirmed=U
6807. Filename=besch.exe
6808. Description=Veritas "Back Up My PC" software
6809. Source=Paul Collins Startup list
6810.  
6811. [BackupNotify]
6812. Number=967
6813. Confirmed=?
6814. Filename=backupnotify.exe
6815. Description=HP Digital Imaging related. <font color="#FF0000">What does it do and is it required?</font>
6816. Source=Paul Collins Startup list
6817.  
6818. [BackWeb]
6819. Number=968
6820. Confirmed=N
6821. Filename=backweb.exe
6822. Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
6823. Source=Paul Collins Startup list
6824.  
6825. [Backwork]
6826. Number=969
6827. Confirmed=N
6828. Filename=Backwork.exe
6829. Description=<a href="http://www.pcadvisor.co.uk/downloads/index.cfm?categoryID=1505&itemID=6930" target="_blank">Backwork</a> trojan detector
6830. Source=Paul Collins Startup list
6831.  
6832. [BACPI10]
6833. Number=970
6834. Confirmed=U
6835. Filename=bacpi10a.exe
6836. Description=Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
6837. Source=Paul Collins Startup list
6838.  
6839. [BacsTray]
6840. Number=971
6841. Confirmed=N
6842. Filename=BacsTray.exe
6843. Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
6844. Source=Paul Collins Startup list
6845.  
6846. [BADDATE]
6847. Number=972
6848. Confirmed=X
6849. Filename=BADDATE.EXE
6850. Description=Added by an unidentified VIRUS, WORM or TROJAN!
6851. Source=Paul Collins Startup list
6852.  
6853. [BagleAV]
6854. Number=973
6855. Confirmed=X
6856. Filename=csrss.exe
6857. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042814-2354-99" target=_blank>NETSKY.AB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
6858. Source=Paul Collins Startup list
6859.  
6860. [Bakra]
6861. Number=974
6862. Confirmed=X
6863. Filename=IEHost.EXE
6864. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrah.html" target=_blank>MULTIDR-AH</a> TROJAN!
6865. Source=Paul Collins Startup list
6866.  
6867. [bal]
6868. Number=975
6869. Confirmed=X
6870. Filename=SYSMONMS.EXE
6871. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.FakeAlert&threatid=43521" target="_blank">FAKEALERT</a> TROJAN!
6872. Source=Paul Collins Startup list
6873.  
6874. [Band-Aid]
6875. Number=976
6876. Confirmed=X
6877. Filename=[path to file]
6878. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122417-2948-99" target=_blank>RANKY.O</a> TROJAN!
6879. Source=Paul Collins Startup list
6880.  
6881. [Bandook]
6882. Number=977
6883. Confirmed=X
6884. Filename=ali.exe
6885. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexemasb.html" target=_blank>EXEMAS-B</a> TROJAN!
6886. Source=Paul Collins Startup list
6887.  
6888. [Bandwidth Monitor Pro]
6889. Number=978
6890. Confirmed=U
6891. Filename=Bandwidth Monitor Pro.exe
6892. Description=<a href="http://www.bandwidthmonitorpro.com/" target=_blank>Bandwidth Monitor Pro</a> - utililty to track your current download/upload limit that may be set by your ISP
6893.  
6894. Source=Paul Collins Startup list
6895.  
6896. [Banpopup by Pratik]
6897. Number=979
6898. Confirmed=U
6899. Filename=Banpopup.exe
6900. Description=Banpopup - popup killer
6901. Source=Paul Collins Startup list
6902.  
6903. [Bar Ding lolt]
6904. Number=980
6905. Confirmed=X
6906. Filename=Analiz.exe
6907. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrp.html" target=_blank>RBOT-RP</a> WORM!
6908. Source=Paul Collins Startup list
6909.  
6910. [bargains]
6911. Number=981
6912. Confirmed=X
6913. Filename=bargains.exe
6914. Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
6915. Source=Paul Collins Startup list
6916.  
6917. [bargains]
6918. Number=982
6919. Confirmed=X
6920. Filename=bargainbuddy.exe
6921. Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
6922. Source=Paul Collins Startup list
6923.  
6924. [Bart Station]
6925. Number=983
6926. Confirmed=?
6927. Filename=station.sbrt
6928. Description=<font color="#FF0000">Related to <a href="http://www.peoplepc.com/" target="_blank"> PeoplePC ISP</a>. May be a dialler for dial-up accounts?</font>
6929. Source=Paul Collins Startup list
6930.  
6931. [Bart Station]
6932. Number=984
6933. Confirmed=U
6934. Filename=PPCOLink.exe
6935. Description=Dialer for PeoplePC ISP
6936. Source=Paul Collins Startup list
6937.  
6938. [BarTheme]
6939. Number=985
6940. Confirmed=X
6941. Filename=bartent32.exe
6942. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotug.html" target=_blank>AGOBOT-UG</a> WORM!
6943. Source=Paul Collins Startup list
6944.  
6945. [bascstray]
6946. Number=986
6947. Confirmed=N
6948. Filename=BascsTray.exe
6949. Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
6950. Source=Paul Collins Startup list
6951.  
6952. [Bat]
6953. Number=987
6954. Confirmed=X
6955. Filename=secure2.bat
6956. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041517-5616-99" target="_blank">ZCREW.C</a> TROJAN!
6957. Source=Paul Collins Startup list
6958.  
6959. [Batchreg1]
6960. Number=988
6961. Confirmed=N
6962. Filename=N/A
6963. Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See <a href="http://www.vanwijk.com/-=%20Bookz%20=-/Special%20Edition%20Using%20Windows%2098/ch10/ch10.htm#Heading24" target="_blank">here</a>
6964. Source=Paul Collins Startup list
6965.  
6966. [BatInfEx]
6967. Number=989
6968. Confirmed=U
6969. Filename=rundll32.exe
6970. Description=Displays battery status information on an IBM Thinkpad
6971. Source=Paul Collins Startup list
6972.  
6973. [BatSrv]
6974. Number=990
6975. Confirmed=X
6976. Filename=batserv2.exe
6977. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the Win32.Locksky.m WORM!
6978. Source=Paul Collins Startup list
6979.  
6980. [Battery Scope]
6981. Number=991
6982. Confirmed=U
6983. Filename=batmgr.exe
6984. Description=Monitors battery levels on a notebook/laptop PC
6985. Source=Paul Collins Startup list
6986.  
6987. [BatteryBar]
6988. Number=992
6989. Confirmed=U
6990. Filename=batterybar.exe
6991. Description=<a href="http://www.nistech.com/BatteryBar/Default.htm" target="_blank">BatteryBar</a> - displays battery usage, and the current percentage of battery power left
6992. Source=Paul Collins Startup list
6993.  
6994. [BatzBack]
6995. Number=993
6996. Confirmed=X
6997. Filename=BatzBack.scr
6998. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122517-5425-99" target="_blank">BACKZAT</a> WORM!
6999. Source=Paul Collins Startup list
7000.  
7001. [BAUSB]
7002. Number=994
7003. Confirmed=U
7004. Filename=BAUSB.exe
7005. Description=Boston Acoustics Audio, USB driver
7006. Source=Paul Collins Startup list
7007.  
7008. [bawindo]
7009. Number=995
7010. Confirmed=X
7011. Filename=bawindo.exe
7012. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092811-5825-99" target="_blank">BEAGLE.AR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102909-4007-99" target=_blank>BEAGLE.AU</a> WORMS!
7013. Source=Paul Collins Startup list
7014.  
7015. [BayMgr]
7016. Number=996
7017. Confirmed=U
7018. Filename=DockApp.exe
7019. Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices 
7020. Source=Paul Collins Startup list
7021.  
7022. [Bayswap]
7023. Number=997
7024. Confirmed=U
7025. Filename=bayswap.exe
7026. Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
7027. Source=Paul Collins Startup list
7028.  
7029. [Bayswap2]
7030. Number=998
7031. Confirmed=U
7032. Filename=TbUpdate.exe
7033. Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
7034. Source=Paul Collins Startup list
7035.  
7036. [BBC Alerts]
7037. Number=999
7038. Confirmed=N
7039. Filename=BBC_Alerts.exe
7040. Description=<a href="http://news.bbc.co.uk/1/hi/help/4735697.stm" target="_blank">BBC Alerts</a> - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"
7041. Source=Paul Collins Startup list
7042.  
7043. [BBC News alerts]
7044. Number=1000
7045. Confirmed=U
7046. Filename=skinkers.exe
7047. Description=BBC News Desktop Alerts service - see <a href="http://news.bbc.co.uk/2/hi/help/3533099.stm" target= blank>here</a>. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
7048. Source=Paul Collins Startup list
7049.  
7050. [BBDial]
7051. Number=1001
7052. Confirmed=?
7053. Filename=BT Broadband.exe
7054. Description=<font color="#FF0000">Part of BT Broandband - is it required?</font>
7055. Source=Paul Collins Startup list
7056.  
7057. [bbSysTray]
7058. Number=1002
7059. Confirmed=N
7060. Filename=bbSysTray.exe
7061. Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
7062. Source=Paul Collins Startup list
7063.  
7064. [bbui]
7065. Number=1003
7066. Confirmed=U
7067. Filename=bbui.exe
7068. Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection
7069. Source=Paul Collins Startup list
7070.  
7071. [bca]
7072. Number=1004
7073. Confirmed=U
7074. Filename=bca.exe
7075. Description=BeClean Agent - registry, history, temp files, etc cleaner
7076. Source=Paul Collins Startup list
7077.  
7078. [BCDetect]
7079. Number=1005
7080. Confirmed=U
7081. Filename=bcdetect.exe
7082. Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
7083. Source=Paul Collins Startup list
7084.  
7085. [BCMDMMSG]
7086. Number=1006
7087. Confirmed=Y
7088. Filename=bcmdmmsg.exe
7089. Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
7090. Source=Paul Collins Startup list
7091.  
7092. [BCMHal]
7093. Number=1007
7094. Confirmed=U
7095. Filename=rundll32.exe bcmhal9x.dll, bcinit
7096. Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
7097. Source=Paul Collins Startup list
7098.  
7099. [BCMSMMSG]
7100. Number=1008
7101. Confirmed=Y
7102. Filename=BCMSMMSG.exe
7103. Description=BCM voicemodem driver. Required for dial-up if you have one of these modems
7104. Source=Paul Collins Startup list
7105.  
7106. [bcmwltry]
7107. Number=1009
7108. Confirmed=?
7109. Filename=bcmwltry.exe
7110. Description=Broadcom Corporation Wireless Network Tray Applet.<font color="#FF0000"> </font><font color="#FF0000">Is it required?</font>
7111. Source=Paul Collins Startup list
7112.  
7113. [BCNT]
7114. Number=1010
7115. Confirmed=N
7116. Filename=bcnt.exe
7117. Description=<a href="http://www.weatherbug.com/aws/index.asp" target="_blank">AWS Weatherbug</a> related. <font color="#FF0000">What does it do?</font>
7118. Source=Paul Collins Startup list
7119.  
7120. [BCPC]
7121. Number=1011
7122. Confirmed=X
7123. Filename=bcpc.exe
7124. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
7125. Source=Paul Collins Startup list
7126.  
7127. [bcpc_c]
7128. Number=1012
7129. Confirmed=X
7130. Filename=bcpc_c.exe
7131. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
7132. Source=Paul Collins Startup list
7133.  
7134. [BCTweak]
7135. Number=1013
7136. Confirmed=U
7137. Filename=bctweak.exe
7138. Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
7139. Source=Paul Collins Startup list
7140.  
7141. [Bcvsrv32]
7142. Number=1014
7143. Confirmed=X
7144. Filename=bcvsrv32.exe
7145. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110816-5549-99" target=_blank>GAOBOT.BQJ</a> WORM!
7146. Source=Paul Collins Startup list
7147.  
7148. [BCWipeTM]
7149. Number=1015
7150. Confirmed=N
7151. Filename=bcwipetm.exe
7152. Description=<a href="http://www.jetico.com/" target="_blank">BCWipe</a> Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
7153. Source=Paul Collins Startup list
7154.  
7155. [BD]
7156. Number=1016
7157. Confirmed=X
7158. Filename=dc.exe
7159. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrasdoora.html" target=_blank>RASDOOR-A</a> TROJAN!
7160. Source=Paul Collins Startup list
7161.  
7162. [BDAgent]
7163. Number=1017
7164. Confirmed=U
7165. Filename=bdagent.exe
7166. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7167. Source=Paul Collins Startup list
7168.  
7169. [BDMCon]
7170. Number=1018
7171. Confirmed=Y
7172. Filename=Bdmcon.exe
7173. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7174. Source=Paul Collins Startup list
7175.  
7176. [BDNewsAgent]
7177. Number=1019
7178. Confirmed=Y
7179. Filename=bdnagent.exe
7180. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus - updater
7181. Source=Paul Collins Startup list
7182.  
7183. [BDOESRV]
7184. Number=1020
7185. Confirmed=Y
7186. Filename=bdoesrv.exe
7187. Description=<a href="http://www.bitdefender.com/" target="_blank">Bitdefender</a> 8 antivirus and firewall
7188. Source=Paul Collins Startup list
7189.  
7190. [BDSwitchAgent]
7191. Number=1021
7192. Confirmed=Y
7193. Filename=bdswitch.exe
7194. Description=<a href="http://www.bitdefender.com/" target="_blank">Bitdefender</a> 8 antivirus and firewall
7195. Source=Paul Collins Startup list
7196.  
7197. [BearFlix]
7198. Number=1022
7199. Confirmed=U
7200. Filename=BearFlix.exe
7201. Description=<a href="http://www.bearflix.com/" target="_blank">BearFlix</a> is optimized for the fast download of video files
7202. Source=Paul Collins Startup list
7203.  
7204. [BearShare]
7205. Number=1023
7206. Confirmed=N
7207. Filename=bearshare.exe
7208. Description=<a href="http://www.bearshare.com/" target="_blank">BearShare</a> file sharing client. Versions known to include spyware - see <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
7209. Source=Paul Collins Startup list
7210.  
7211. [BeatNik Internet Clock]
7212. Number=1024
7213. Confirmed=U
7214. Filename=BeatNik.exe
7215. Description=<a href="http://www.somedec.com/" target=_blank>BeatNik Internet Clock</a> is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
7216. Source=Paul Collins Startup list
7217.  
7218. [Beawver]
7219. Number=1025
7220. Confirmed=X
7221. Filename=saqevre.exe
7222. Description=Added by the <a href="http://www.scanspyware.net/info/Ranky.AGA.htm" target="_blank">RANKY.AGA</a> TROJAN!
7223. Source=Paul Collins Startup list
7224.  
7225. [Beegees Update]
7226. Number=1026
7227. Confirmed=X
7228. Filename=beegees.exe
7229. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html" target=_blank>SDBOT-ADK</a> WORM!
7230. Source=Paul Collins Startup list
7231.  
7232. [BEEI]
7233. Number=1027
7234. Confirmed=?
7235. Filename=beei.exe
7236. Description=<font color="#FF0000">??</font>
7237. Source=Paul Collins Startup list
7238.  
7239. [BeFaster]
7240. Number=1028
7241. Confirmed=U
7242. Filename=befaster3.exe
7243. Description=<a href="http://www.ekremdeniz.com/" target= blank>BeFaster</a> internet connection optimization tool
7244. Source=Paul Collins Startup list
7245.  
7246. [BEHL]
7247. Number=1029
7248. Confirmed=?
7249. Filename=BEHL.exe
7250. Description=<font color="#FF0000">??</font>
7251. Source=Paul Collins Startup list
7252.  
7253. [BEHLO]
7254. Number=1030
7255. Confirmed=?
7256. Filename=BEHLO.exe
7257. Description=<font color="#FF0000">??</font>
7258. Source=Paul Collins Startup list
7259.  
7260. [Belkin PCMCIA WLAN Monitor]
7261. Number=1031
7262. Confirmed=N
7263. Filename=monitorbk.exe
7264. Description=Belkin USB Network Adapter Management utility - can be started manually
7265. Source=Paul Collins Startup list
7266.  
7267. [Belkin Wireless Utility]
7268. Number=1032
7269. Confirmed=N
7270. Filename=Belkinwcui.exe
7271. Description=Wireles configuration utility for some Belkin cards such as the <a href="http://catalog.belkin.com/IWCatProductPage.process?Product_Id=136479" target="_blank">Wireless G Desktop Card</a>
7272. Source=Paul Collins Startup list
7273.  
7274. [BellSouthAlertManager.exe]
7275. Number=1033
7276. Confirmed=U
7277. Filename=BellSouthAlertManager.exe
7278. Description=Related to <a href="http://pcpitstop.com/spycheck/SWDetail.asp?fn=BellSouthAlertManager.exe" target="_blank">BellSouth Alert Manager</a>
7279. Source=Paul Collins Startup list
7280.  
7281. [BelNotify]
7282. Number=1034
7283. Confirmed=U
7284. Filename=[path] NPBelv32.dll, RunDll32_BelNotify
7285. Description="BelTech from <a href="http://www.belarc.com/" target=_blank>Belarc</a> enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
7286. Source=Paul Collins Startup list
7287.  
7288. [BELORVBI]
7289. Number=1035
7290. Confirmed=?
7291. Filename=BELORVBI.exe
7292. Description=<font color="#FF0000">??</font>
7293. Source=Paul Collins Startup list
7294.  
7295. [Belsta.exe]
7296. Number=1036
7297. Confirmed=?
7298. Filename=Belsta.exe
7299. Description=Configuration tool for Belkin wireless network cards. Required to change the card's configuration.<font color="#FF0000"> Is it required for correct operation once the confuiguration is changed?</font>
7300. Source=Paul Collins Startup list
7301.  
7302. [Belt]
7303. Number=1037
7304. Confirmed=X
7305. Filename=Belt.exe
7306. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
7307. Source=Paul Collins Startup list
7308.  
7309. [Benadril Alert Tool]
7310. Number=1038
7311. Confirmed=X
7312. Filename=benadrilalert.exe
7313. Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
7314. Source=Paul Collins Startup list
7315.  
7316. [BestPopUpKiller]
7317. Number=1039
7318. Confirmed=N
7319. Filename=BestPopupKiller.exe
7320. Description=Popup killer by Swanksoft - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
7321. Source=Paul Collins Startup list
7322.  
7323. [BeSys]
7324. Number=1040
7325. Confirmed=X
7326. Filename=[path to file]
7327. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052015-1227-99" target="_blank">BeSys</a> adware
7328. Source=Paul Collins Startup list
7329.  
7330. [BF4P]
7331. Number=1041
7332. Confirmed=X
7333. Filename=bf4p.exe
7334. Description=Added by the <a href="http://fileinfo.prevx.com/QQc81816553925-BF4P13381774/BF4P.EXE.html" target="_blank">IRCBOT.GEN</a> WORM!
7335. Source=Paul Collins Startup list
7336.  
7337. [bg]
7338. Number=1042
7339. Confirmed=Y
7340. Filename=bullguard.exe
7341. Description=<a href="http://www.bullguard.com/" target="_blank">Bullguard</a> antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
7342. Source=Paul Collins Startup list
7343.  
7344. [BGInfo]
7345. Number=1043
7346. Confirmed=U
7347. Filename=Bginfo.exe
7348. Description=<a href="http://www.microsoft.com/technet/sysinternals/utilities/BgInfo.mspx" target="_blank">BGinfo</a> automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
7349. Source=Paul Collins Startup list
7350.  
7351. [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
7352. Number=1044
7353. Confirmed=U
7354. Filename=NMBgMonitor.exe
7355. Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www.help2go.com/Tutorials/Software_Utilities/Disable_Nero_Scout_in_Nero_7.html" target="_blank">clicking here</a>
7356. Source=Paul Collins Startup list
7357.  
7358. [BGNewsAgent]
7359. Number=1045
7360. Confirmed=Y
7361. Filename=bgnewsag.exe
7362. Description=<a href="http://www.bullguard.com/" target=_blank>BullGuard</a> antivirus updater
7363.  
7364. Source=Paul Collins Startup list
7365.  
7366. [bgsmsnd]
7367. Number=1046
7368. Confirmed=N
7369. Filename=bgsmsnd.exe
7370. Description=Printer driver to generate PDF files from any program
7371. Source=Paul Collins Startup list
7372.  
7373. [BHOCop]
7374. Number=1047
7375. Confirmed=N
7376. Filename=BHOCop.exe
7377. Description=PC Magazine's <a href="http://www.pcmag.com/article2/0,1895,1654861,00.asp" target="_blank">BHO Cop</a> that lets you see what browser helper objects are installed. Useful for detecting spyware
7378. Source=Paul Collins Startup list
7379.  
7380. [BHODemon 2.0]
7381. Number=1048
7382. Confirmed=U
7383. Filename=BHODemon.exe
7384. Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
7385. Source=Paul Collins Startup list
7386.  
7387. [BHR]
7388. Number=1049
7389. Confirmed=U
7390. Filename=BHR.exe
7391. Description=<a href="http://www.zamaansoft.com/products/bhr/" target="_blank">Browser Hijack Retaliator</a> - recovers your browser after it has been hijacked by spyware, adware, etc
7392. Source=Paul Collins Startup list
7393.  
7394. [BI1HelperStartUp]
7395. Number=1050
7396. Confirmed=U
7397. Filename=BI1HEL~1.EXE
7398. Description=ScreenScenes "Beach Islands" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
7399. Source=Paul Collins Startup list
7400.  
7401. [BIE]
7402. Number=1051
7403. Confirmed=X
7404. Filename=Rundll32.exe BDSrHook.dll, Rundll32
7405. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075264" target="_blank">BDplugin</a> parasite
7406. Source=Paul Collins Startup list
7407.  
7408. [BIG]
7409. Number=1052
7410. Confirmed=X
7411. Filename=biggy.exe
7412. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotag.html" target="_blank">DELBOT-AG</a> WORM!
7413. Source=Paul Collins Startup list
7414.  
7415. [BigDog303]
7416. Number=1053
7417. Confirmed=U
7418. Filename=VM303_STI.EXE
7419. Description=Related to <a href="http://www.vimicro.com/english/" target="_blank">VIMICRO USB</a> for PC Camera
7420. Source=Paul Collins Startup list
7421.  
7422. [BigDogPath]
7423. Number=1054
7424. Confirmed=?
7425. Filename=VM_STI.EXE
7426. Description=Bundled with some software for digital cameras that use a USB connection - <font color="#FF0000">what does it do and is it required?</font>
7427. Source=Paul Collins Startup list
7428.  
7429. [bigfix]
7430. Number=1055
7431. Confirmed=N
7432. Filename=BIGFIX.EXE
7433. Description=<a href="http://www.bigfix.com/index.html" target="_blank">BigFix</a> can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet« Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
7434. Source=Paul Collins Startup list
7435.  
7436. [BigPond Toolbar]
7437. Number=1056
7438. Confirmed=U
7439. Filename=bpumTray.exe
7440. Description=Telstra <a href="http://www.bigpond.com/default.asp" target="_blank">BigPond</a> Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
7441. Source=Paul Collins Startup list
7442.  
7443. [BigPondCable]
7444. Number=1057
7445. Confirmed=N
7446. Filename=bpcable.exe
7447. Description=Telstra Bigpond Cable login software - can be started manually
7448.  
7449. Source=Paul Collins Startup list
7450.  
7451. [bikini]
7452. Number=1058
7453. Confirmed=X
7454. Filename=bikini.exe
7455. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonecx.html" target="_blank">LOWZONE-CX</a> TROJAN!
7456. Source=Paul Collins Startup list
7457.  
7458. [Billminder]
7459. Number=1059
7460. Confirmed=N
7461. Filename=Billmind.exe
7462. Description=Can be setup in Quicken to remind user of due payments. Available via Start -> Programs
7463. Source=Paul Collins Startup list
7464.  
7465. [bin32hpu]
7466. Number=1060
7467. Confirmed=X
7468. Filename=ppstub.exe
7469. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021414-1601-99" target="_blank">PrecisionPop</a> adware
7470. Source=Paul Collins Startup list
7471.  
7472. [bingdian]
7473. Number=1061
7474. Confirmed=X
7475. Filename=Bingdian.vbs
7476. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072911-5238-99" target="_blank">BINGD</a> WORM!
7477. Source=Paul Collins Startup list
7478.  
7479. [Bingo Charm]
7480. Number=1062
7481. Confirmed=?
7482. Filename=charms.exe
7483. Description=<font color="#FF0000">Some kind of screen icon kind of like desk flag, but it gives you a choice of icons?</font>
7484. Source=Paul Collins Startup list
7485.  
7486. [Biomenu]
7487. Number=1063
7488. Confirmed=U
7489. Filename=menusw.exe
7490. Description=Related to <a href="http://vaio-online.sony.com/prod_info/vgn-bx168gp/solid_security.html" target=_blank>Sony VAIO</a> - passwords, encryption, and a biometric fingerprint sensor
7491. Source=Paul Collins Startup list
7492.  
7493. [Bios]
7494. Number=1064
7495. Confirmed=X
7496. Filename=Bios32.exe
7497. Description=Added by an unidentified VIRUS, WORM or TROJAN!
7498. Source=Paul Collins Startup list
7499.  
7500. [BIOS XP Loader]
7501. Number=1065
7502. Confirmed=X
7503. Filename=[random filename]
7504. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotic.html" target=_blank>RBOT-IC</a> WORM!
7505. Source=Paul Collins Startup list
7506.  
7507. [BIOS1]
7508. Number=1066
7509. Confirmed=X
7510. Filename=BIOS1.EXE
7511. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
7512. Source=Paul Collins Startup list
7513.  
7514. [BIOVCIP]
7515. Number=1067
7516. Confirmed=?
7517. Filename=BIOVCIP.exe
7518. Description=<font color="#FF0000">??</font>
7519. Source=Paul Collins Startup list
7520.  
7521. [BitComet]
7522. Number=1068
7523. Confirmed=N
7524. Filename=BitComet.exe
7525. Description=<a href="http://www.bitcomet.com/index.htm" target=_blank>BitComet</a> P2P client - can be launched from Start -> Programs
7526. Source=Paul Collins Startup list
7527.  
7528. [BitDefender Antivirus]
7529. Number=1069
7530. Confirmed=X
7531. Filename=BITDEFENDERX.EXE
7532. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
7533. Source=Paul Collins Startup list
7534.  
7535. [BitDefender Communicator]
7536. Number=1070
7537. Confirmed=Y
7538. Filename=xcommsvr.exe
7539. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7540. Source=Paul Collins Startup list
7541.  
7542. [BitDefender for MSN Messenger]
7543. Number=1071
7544. Confirmed=U
7545. Filename=msnmon.exe
7546. Description=Bitdefender anti-virus for MSN Messenger - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
7547. Source=Paul Collins Startup list
7548.  
7549. [BitDefender for Yahoo! Messenger]
7550. Number=1072
7551. Confirmed=U
7552. Filename=yahmon.exe
7553. Description=Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
7554. Source=Paul Collins Startup list
7555.  
7556. [BitDefender Live! Init]
7557. Number=1073
7558. Confirmed=Y
7559. Filename=bdinit.exe
7560. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7561. Source=Paul Collins Startup list
7562.  
7563. [BitDefender Scan Server]
7564. Number=1074
7565. Confirmed=Y
7566. Filename=bdss.exe
7567. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7568. Source=Paul Collins Startup list
7569.  
7570. [BitDefender Virus Shield]
7571. Number=1075
7572. Confirmed=Y
7573. Filename=vsserv.exe
7574. Description=<a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> antivirus
7575. Source=Paul Collins Startup list
7576.  
7577. [bitdefenderlive]
7578. Number=1076
7579. Confirmed=Y
7580. Filename=avxlive.exe
7581. Description=Main program of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
7582. Source=Paul Collins Startup list
7583.  
7584. [BitDefender_P2P_Startup]
7585. Number=1077
7586. Confirmed=U
7587. Filename=BitDefender_P2P_Startup.exe
7588. Description=Bitdefender anti-virus for P2P clients - no longer supported at the <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> website
7589. Source=Paul Collins Startup list
7590.  
7591. [BitWare Print Monitor]
7592. Number=1078
7593. Confirmed=N
7594. Filename=bwprnmon.exe
7595. Description=<a href="http://www.2point.com/FAXserve/" target="_blank">FaxServe</a> network fax software
7596. Source=Paul Collins Startup list
7597.  
7598. [BJ Printer Status Monitor]
7599. Number=1079
7600. Confirmed=N
7601. Filename=Cjstsr.exe
7602. Description=Canon BJ printer status monitor
7603. Source=Paul Collins Startup list
7604.  
7605. [BJ Status Monitor 5xx]
7606. Number=1080
7607. Confirmed=N
7608. Filename=CJSTRxx.EXE
7609. Description=Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
7610. Source=Paul Collins Startup list
7611.  
7612. [bjcfd]
7613. Number=1081
7614. Confirmed=N
7615. Filename=cdf.exe
7616. Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
7617. Source=Paul Collins Startup list
7618.  
7619. [BlackICE PC Protection]
7620. Number=1082
7621. Confirmed=N
7622. Filename=blackice.exe
7623. Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
7624. Source=Paul Collins Startup list
7625.  
7626. [BlackIce Utility]
7627. Number=1083
7628. Confirmed=N
7629. Filename=blackice.exe
7630. Description=Loads the user interface for the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall program. From the <a href="http://www.networkice.com/" target="_blank">parent site</a> - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
7631. Source=Paul Collins Startup list
7632.  
7633. [blads]
7634. Number=1084
7635. Confirmed=U
7636. Filename=blads.exe
7637. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
7638. Source=Paul Collins Startup list
7639.  
7640. [blah service]
7641. Number=1085
7642. Confirmed=X
7643. Filename=winupdate.exe
7644. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090709-0941-99" target="_blank">GAOBOT.BIA</a> WORM!
7645. Source=Paul Collins Startup list
7646.  
7647. [blah service]
7648. Number=1086
7649. Confirmed=X
7650. Filename=winsysengine.exe
7651. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotki.html" target="_blank">RBOT-KI</a> WORM!
7652. Source=Paul Collins Startup list
7653.  
7654. [blah service]
7655. Number=1087
7656. Confirmed=X
7657. Filename=internet.exe
7658. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
7659.  
7660. Source=Paul Collins Startup list
7661.  
7662. [blah service]
7663. Number=1088
7664. Confirmed=X
7665. Filename=smnp.exe
7666. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IZ" target=_blank>RBOT.IZ</a> WORM!
7667.  
7668. Source=Paul Collins Startup list
7669.  
7670. [blah service]
7671. Number=1089
7672. Confirmed=X
7673. Filename=msnmsgrr.exe
7674. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PZ&VSect=T" target=_blank>RBOT.PZ</a> WORM!
7675. Source=Paul Collins Startup list
7676.  
7677. [blah service]
7678. Number=1090
7679. Confirmed=X
7680. Filename=tazkmgr.exe
7681. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UA" target=_blank>RBOT.UA</a> WORM!
7682. Source=Paul Collins Startup list
7683.  
7684. [blah service]
7685. Number=1091
7686. Confirmed=X
7687. Filename=FaLeH.exe
7688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaes.html" target=_blank>RBOT-AES</a> WORM!
7689. Source=Paul Collins Startup list
7690.  
7691. [blah service]
7692. Number=1092
7693. Confirmed=X
7694. Filename=microsoft.exe
7695. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
7696. Source=Paul Collins Startup list
7697.  
7698. [blah service]
7699. Number=1093
7700. Confirmed=X
7701. Filename=evosys.exe
7702. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
7703. Source=Paul Collins Startup list
7704.  
7705. [blah service]
7706. Number=1094
7707. Confirmed=X
7708. Filename=win32.exe
7709. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxo.html" target=_blank>RBOT-AXO</a> WORM!
7710. Source=Paul Collins Startup list
7711.  
7712. [Blah service]
7713. Number=1095
7714. Confirmed=X
7715. Filename=CCAPPS32.EXE
7716. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TV" target="_blank">RBOT.TV</a> WORM!
7717. Source=Paul Collins Startup list
7718.  
7719. [blahh service]
7720. Number=1096
7721. Confirmed=X
7722. Filename=msengine.exe
7723. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
7724. Source=Paul Collins Startup list
7725.  
7726. [blahx service]
7727. Number=1097
7728. Confirmed=X
7729. Filename=msnjompa.exe
7730. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AML" target=_blank>SDBOT.AML</a> WORM!
7731. Source=Paul Collins Startup list
7732.  
7733. [BlazeChanger]
7734. Number=1098
7735. Confirmed=N
7736. Filename=FBZPaper.exe
7737. Description=<a href="http://www.firehand.com/Ember/" target="_blank">Ember</a> graphic file viewer, manager, and touch-up system
7738. Source=Paul Collins Startup list
7739.  
7740. [bldbubg]
7741. Number=1099
7742. Confirmed=N
7743. Filename=bldbubg.exe
7744. Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
7745. Source=Paul Collins Startup list
7746.  
7747. [BLF]
7748. Number=1100
7749. Confirmed=X
7750. Filename=blf.exe
7751. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotm.html" target="_blank">DELBOT-M</a> WORM!
7752. Source=Paul Collins Startup list
7753.  
7754. [blinkx]
7755. Number=1101
7756. Confirmed=U
7757. Filename=blinkx.exe
7758. Description=<a href="http://www.blinkx.com/" target=_blank>Blinkx</a> Desktop "Smart Folders" software
7759. Source=Paul Collins Startup list
7760.  
7761. [BLMessagingIntegration]
7762. Number=1102
7763. Confirmed=X
7764. Filename=blengine.exe
7765. Description=<a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007" target="_blank">BuddyLinks</a> adware
7766. Source=Paul Collins Startup list
7767.  
7768. [BlockAds]
7769. Number=1103
7770. Confirmed=U
7771. Filename=blads.exe
7772. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
7773. Source=Paul Collins Startup list
7774.  
7775. [BlockChecker]
7776. Number=1104
7777. Confirmed=X
7778. Filename=Block-checker.exe
7779. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082521-1906-99" target=_blank>BlockChecker</a> adware
7780. Source=Paul Collins Startup list
7781.  
7782. [Blocker System611 Monitoring]
7783. Number=1105
7784. Confirmed=X
7785. Filename=PopUpBlocker611.exe
7786. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLJ&VSect=P" target=_blank>RBOT.BLJ</a> WORM!
7787. Source=Paul Collins Startup list
7788.  
7789. [BlockTracker]
7790. Number=1106
7791. Confirmed=N
7792. Filename=BlockTracker.exe
7793. Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
7794. Source=Paul Collins Startup list
7795.  
7796. [blsloader]
7797. Number=1107
7798. Confirmed=U
7799. Filename=blsloader.exe
7800. Description=BellSouth ISP <a href="http://bellsouth.com/consumer/inetsrvcs/inetsrvcs_fa_features.html" target="_blank">Internet Tools</a>
7801. Source=Paul Collins Startup list
7802.  
7803. [blss]
7804. Number=1108
7805. Confirmed=X
7806. Filename=blss.exe
7807. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022118-1659-99" target=_blank>BLARUL</a> TROJAN!
7808. Source=Paul Collins Startup list
7809.  
7810. [BLSTAPP]
7811. Number=1109
7812. Confirmed=N
7813. Filename=blstapp.exe
7814. Description=Puts access to Creative's BlasterControl in the System Tray
7815. Source=Paul Collins Startup list
7816.  
7817. [Blubster]
7818. Number=1110
7819. Confirmed=N
7820. Filename=Blubster.exe
7821. Description=Related to <a href="http://www.blubster.com/" target=_blank>Blubster</a> Music sharing service
7822. Source=Paul Collins Startup list
7823.  
7824. [Blue Frog]
7825. Number=1111
7826. Confirmed=U
7827. Filename=bluefrog.exe
7828. Description=<a href="http://en.wikipedia.org/wiki/Blue_Frog" target="_blank">Blue Frog</a> by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive
7829. Source=Paul Collins Startup list
7830.  
7831. [BlueLight_uoltray]
7832. Number=1112
7833. Confirmed=?
7834. Filename=exec.exe
7835. Description=Related to <a href="http://www.mybluelight.com/" target="_blank">BlueLight Internet</a>. <font color="#FF0000">What does it do and is it required?</a>
7836. Source=Paul Collins Startup list
7837.  
7838. [BlueSoleil]
7839. Number=1113
7840. Confirmed=U
7841. Filename=BLUESO~1.EXE
7842. Description=<a href="http://www.bluesoleil.com/products/index.asp" target="_blank">BlueSoleil</a> Bluetooth wireless manager from IVT Corporation
7843. Source=Paul Collins Startup list
7844.  
7845. [BlueSpace NE]
7846. Number=1114
7847. Confirmed=U
7848. Filename=BlueSpaceNE.exe
7849. Description="BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
7850. Source=Paul Collins Startup list
7851.  
7852. [BlueToothAuthentication Agent]
7853. Number=1115
7854. Confirmed=U
7855. Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent
7856. Description=Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
7857. Source=Paul Collins Startup list
7858.  
7859. [Blueyonder Instant Support Tool]
7860. Number=1116
7861. Confirmed=U
7862. Filename=matcli.exe
7863. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
7864. Source=Paul Collins Startup list
7865.  
7866. [BMail Installation]
7867. Number=1117
7868. Confirmed=N
7869. Filename=FTP_back.exe
7870. Description=Part of <a href="http://www.imesh.com" target="_blank">iMesh</a> - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
7871. Source=Paul Collins Startup list
7872.  
7873. [Bman]
7874. Number=1118
7875. Confirmed=X
7876. Filename=BMan1.exe
7877. Description=Abcsearch.com/DealHelper adware variant
7878. Source=Paul Collins Startup list
7879.  
7880. [BMMGAG]
7881. Number=1119
7882. Confirmed=U
7883. Filename=Rundll32 PWRMONIT.DLL, StartPwrMonitor
7884. Description=Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
7885. Source=Paul Collins Startup list
7886.  
7887. [BMMLREF]
7888. Number=1120
7889. Confirmed=U
7890. Filename=BMMLREF.EXE
7891. Description=Battery Manager for IBM ThinkPad laptops
7892. Source=Paul Collins Startup list
7893.  
7894. [BMMMONWND]
7895. Number=1121
7896. Confirmed=?
7897. Filename=rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor
7898. Description=IBM Thinkpad related. <font color="#FF0000">What does it do and is it required?</font>
7899. Source=Paul Collins Startup list
7900.  
7901. [BMO MasterCard Wallet]
7902. Number=1122
7903. Confirmed=U
7904. Filename=EWALLET.EXE
7905. Description=The wallet conveniently stores billing, shipping and payment information on your PC
7906. Source=Paul Collins Startup list
7907.  
7908. [BMupdate]
7909. Number=1123
7910. Confirmed=N
7911. Filename=BMupdate.exe
7912. Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
7913. Source=Paul Collins Startup list
7914.  
7915. [BMZ]
7916. Number=1124
7917. Confirmed=X
7918. Filename=bmz.exe
7919. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target=_blank>NCase</a> adware
7920. Source=Paul Collins Startup list
7921.  
7922. [Bndt32]
7923. Number=1125
7924. Confirmed=X
7925. Filename=Bndt32.exe
7926. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-4622-99" target="_blank">LACON</a> WORM!
7927. Source=Paul Collins Startup list
7928.  
7929. [Bnexe]
7930. Number=1126
7931. Confirmed=X
7932. Filename=[random filename]
7933. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
7934. Source=Paul Collins Startup list
7935.  
7936. [BO1HelperStartUp]
7937. Number=1127
7938. Confirmed=U
7939. Filename=BO1HEL~1.EXE
7940. Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
7941. Source=Paul Collins Startup list
7942.  
7943. [BO1HelperStartUp]
7944. Number=1128
7945. Confirmed=U
7946. Filename=Bo1helper.exe
7947. Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
7948. Source=Paul Collins Startup list
7949.  
7950. [Boarddata]
7951. Number=1129
7952. Confirmed=X
7953. Filename=[path] repcale.exe [path] palsp.exe
7954. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
7955. Source=Paul Collins Startup list
7956.  
7957. [boby]
7958. Number=1130
7959. Confirmed=X
7960. Filename=csrs.scr
7961. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanpc.html" target="_blank">BANCBAN-PC</a> TROJAN!
7962. Source=Paul Collins Startup list
7963.  
7964. [BOC412]
7965. Number=1131
7966. Confirmed=Y
7967. Filename=BOC412.exe
7968. Description=Version 4.12 of NSClean's <a href="http://www.nsclean.com/boclean.html" target=_blank>BOClean</a> anti-trojan software
7969. Source=Paul Collins Startup list
7970.  
7971. [BOCleanautostart]
7972. Number=1132
7973. Confirmed=Y
7974. Filename=Boclean.exe
7975. Description=NSClean's <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> anti-trojan software
7976. Source=Paul Collins Startup list
7977.  
7978. [BOINC Manager]
7979. Number=1133
7980. Confirmed=U
7981. Filename=boincmgr.exe
7982. Description=<a href="http://boinc.berkeley.edu/manager.php" target="_blank">BOINC manager</a> - "controls the use of your computer's disk, network, and processor resources"
7983. Source=Paul Collins Startup list
7984.  
7985. [Boingo Wireless Utility]
7986. Number=1134
7987. Confirmed=U
7988. Filename=Icon###XXX#X#.exe
7989. Description=Starts the Boingo Wireless utility, used to detect and login into <a href="http://www.boingo.com/" target=blank>Boingo</a> wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
7990. Source=Paul Collins Startup list
7991.  
7992. [boler.exe]
7993. Number=1135
7994. Confirmed=X
7995. Filename=syser.exe
7996. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotays.html" target=_blank>RBOT-AYS</a> WORM!
7997. Source=Paul Collins Startup list
7998.  
7999. [bombshel]
8000. Number=1136
8001. Confirmed=U
8002. Filename=BOMB32.EXE
8003. Description=Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
8004. Source=Paul Collins Startup list
8005.  
8006. [Bonzi Buddy]
8007. Number=1137
8008. Confirmed=X
8009. Filename=??
8010. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=59256" target="_blank">Bonzi Buddy</a> adware - see <a href="http://www.pchell.com/support/bonzibuddy.shtml" target="_blank">here</a> for removal instructions
8011. Source=Paul Collins Startup list
8012.  
8013. [boo]
8014. Number=1138
8015. Confirmed=X
8016. Filename=boo.exe
8017. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the FAVADD.O TROJAN!
8018. Source=Paul Collins Startup list
8019.  
8020. [BookedSpace]
8021. Number=1139
8022. Confirmed=X
8023. Filename=RunDLL32.EXE [path] bs2.dll, DllRun
8024. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
8025. Source=Paul Collins Startup list
8026.  
8027. [BookmarkCentral]
8028. Number=1140
8029. Confirmed=N
8030. Filename=BMLauncher.exe
8031. Description=<a href="http://www.bookmarkexpress.com/" target="_blank">Bookmark Express</a> - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
8032. Source=Paul Collins Startup list
8033.  
8034. [BookMarkSink]
8035. Number=1141
8036. Confirmed=N
8037. Filename=syncit.exe
8038. Description=Bookmark synchronization utility
8039. Source=Paul Collins Startup list
8040.  
8041. [BookMarkSync]
8042. Number=1142
8043. Confirmed=N
8044. Filename=syncit.exe
8045. Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
8046. Source=Paul Collins Startup list
8047.  
8048. [BookMarkSync2It]
8049. Number=1143
8050. Confirmed=N
8051. Filename=sync2it.exe
8052. Description=<a href="http://www.sync2it.com/" target=_blank>Sync2IT BookMarkSync</a> - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
8053. Source=Paul Collins Startup list
8054.  
8055. [Boost XP Service]
8056. Number=1144
8057. Confirmed=U
8058. Filename=bxservice.exe
8059. Description=<a href="http://www.systweak.com/boostxp/" target="_blank">Boost XP</a> from Systweak - WinXP tweaking utility
8060. Source=Paul Collins Startup list
8061.  
8062. [boot]
8063. Number=1145
8064. Confirmed=X
8065. Filename=boot.exe
8066. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpuppeta.html" target=_blank>PUPPET-A</a> TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder
8067. Source=Paul Collins Startup list
8068.  
8069. [Boot]
8070. Number=1146
8071. Confirmed=U
8072. Filename=Boot.exe
8073. Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "Acer\Empowering Technology\ePower" directory
8074. Source=Paul Collins Startup list
8075.  
8076. [Boot Check]
8077. Number=1147
8078. Confirmed=X
8079. Filename=bootchk.exe
8080. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotab.html" target="_blank">DELBOT-AB</a> WORM!
8081. Source=Paul Collins Startup list
8082.  
8083. [Boot Manager]
8084. Number=1148
8085. Confirmed=X
8086. Filename=Njgal.exe
8087. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021319-1815-99" target="_blank">KILO</a> TROJAN!
8088. Source=Paul Collins Startup list
8089.  
8090. [Boot Manager]
8091. Number=1149
8092. Confirmed=X
8093. Filename=bootmng.exe
8094. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
8095. Source=Paul Collins Startup list
8096.  
8097. [BootCfg]
8098. Number=1150
8099. Confirmed=X
8100. Filename=Install.log.vbs
8101. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040911-2617-99" target=_blank>YPSAN.D</a> WORM!
8102. Source=Paul Collins Startup list
8103.  
8104. [BootCTRL]
8105. Number=1151
8106. Confirmed=X
8107. Filename=bootctrl.exe
8108. Description=Added by an unidentified WORM or TROJAN!
8109. Source=Paul Collins Startup list
8110.  
8111. [BootLoader]
8112. Number=1152
8113. Confirmed=X
8114. Filename=BootLoader.exe.vbs
8115. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020518-0826-99" target="_blank">WATERWORKS</a> WORM!
8116. Source=Paul Collins Startup list
8117.  
8118. [bootpd.exe]
8119. Number=1153
8120. Confirmed=X
8121. Filename=bootpd.exe
8122. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdt.html" target=_blank>AGENT-DT</a> TROJAN!
8123. Source=Paul Collins Startup list
8124.  
8125. [BootsCfg]
8126. Number=1154
8127. Confirmed=X
8128. Filename=Date.POP.vbs
8129. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-1243-99" target=_blank>KUULLIO</a> WORM!
8130. Source=Paul Collins Startup list
8131.  
8132. [BootsCfg]
8133. Number=1155
8134. Confirmed=X
8135. Filename=wscript.exe [path] All Users.vbs
8136. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050612-1340-99" target= blank>SPILTRON</a> WORM!
8137. Source=Paul Collins Startup list
8138.  
8139. [BootsCfg]
8140. Number=1156
8141. Confirmed=X
8142. Filename=wscript.exe [path] All Users.vbe
8143. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050612-1340-99" target= blank>SPILTRON</a> WORM!
8144. Source=Paul Collins Startup list
8145.  
8146. [BootsCfg]
8147. Number=1157
8148. Confirmed=X
8149. Filename=wscript.exe [path] Install.log.vbs
8150. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050715-3159-99" target= blank>YPSAN.E</a> WORM!
8151. Source=Paul Collins Startup list
8152.  
8153. [BootStatus]
8154. Number=1158
8155. Confirmed=U
8156. Filename=BOOTST~1.EXE
8157. Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.  Once you exit it, it has no more effect on resources
8158. Source=Paul Collins Startup list
8159.  
8160. [BootWarn]
8161. Number=1159
8162. Confirmed=U
8163. Filename=BootWarn.exe
8164. Description=From <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm" target=_blank>here</a>: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start \ Programs \ Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
8165. Source=Paul Collins Startup list
8166.  
8167. [boot_reg]
8168. Number=1160
8169. Confirmed=X
8170. Filename=[path to file]
8171. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanca.html" target=_blank>BANCBAN-CA</a> TROJAN!
8172. Source=Paul Collins Startup list
8173.  
8174. [Bose Wave/PC Monitor]
8175. Number=1161
8176. Confirmed=N
8177. Filename=wavepcmonitor.exe
8178. Description=System Tray access for this system (more info on the system <a href="http://www.bose.com/controller?event=VIEW_PRODUCT_PAGE_EVENT&product=wave_subcategory" target="_blank">here</a>). Available via Start -> Programs
8179. Source=Paul Collins Startup list
8180.  
8181. [BossIdea]
8182. Number=1162
8183. Confirmed=X
8184. Filename=winlogin.exe
8185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagei.html" target= blank>LINEAGE-I</a> TROJAN!
8186. Source=Paul Collins Startup list
8187.  
8188. [Boston]
8189. Number=1163
8190. Confirmed=?
8191. Filename=Boston.exe
8192. Description=Part of the Boston Acoustics USB speaker systems. <font color="#FF0000">What does it do and is it required?</font>
8193. Source=Paul Collins Startup list
8194.  
8195. [Bot Loader]
8196. Number=1164
8197. Confirmed=X
8198. Filename=svchostt.exe
8199. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052511-0816-99" target=_blank>GAOBOT.ALV</a> WORM!
8200. Source=Paul Collins Startup list
8201.  
8202. [Bouncer RunStartup]
8203. Number=1165
8204. Confirmed=X
8205. Filename=bouncer.exe
8206. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
8207. Source=Paul Collins Startup list
8208.  
8209. [Bouncer RunStartup]
8210. Number=1166
8211. Confirmed=X
8212. Filename=LiveUpdate.exe
8213. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
8214. Source=Paul Collins Startup list
8215.  
8216. [boy lovers of bsd]
8217. Number=1167
8218. Confirmed=X
8219. Filename=ilikeboys.exe
8220. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P" target=_blank>MYTOB.LY</a> WORM!
8221. Source=Paul Collins Startup list
8222.  
8223. [bpcpost.exe]
8224. Number=1168
8225. Confirmed=U
8226. Filename=bpcpost.exe
8227. Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
8228. Source=Paul Collins Startup list
8229.  
8230. [BPCv2 re]
8231. Number=1169
8232. Confirmed=X
8233. Filename=bpc2 re inst.exe
8234. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
8235. Source=Paul Collins Startup list
8236.  
8237. [BPK]
8238. Number=1170
8239. Confirmed=U
8240. Filename=bpk.exe
8241. Description=Blazing Tools <a href="http://www.blazingtools.com/bpk.html" target=_blank>Perfect Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
8242.  
8243. Source=Paul Collins Startup list
8244.  
8245. [BPServer]
8246. Number=1171
8247. Confirmed=N
8248. Filename=G6FTPSrv.exe
8249. Description=<a href="http://www.bpftpserver.com/?page=home&lang=en" target="_blank">BulletProof FTP Server</a>
8250. Source=Paul Collins Startup list
8251.  
8252. [BQTray.exe]
8253. Number=1172
8254. Confirmed=U
8255. Filename=BQTray.exe
8256. Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank"> BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
8257. Source=Paul Collins Startup list
8258.  
8259. [Brasil]
8260. Number=1173
8261. Confirmed=X
8262. Filename=Brasil.exe
8263. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
8264. Source=Paul Collins Startup list
8265.  
8266. [Brasil]
8267. Number=1174
8268. Confirmed=X
8269. Filename=BRASIL.PIF
8270. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E" target="_blank">OPASERV.E</a> WORM!
8271. Source=Paul Collins Startup list
8272.  
8273. [BrasilOld]
8274. Number=1175
8275. Confirmed=X
8276. Filename=[worm filename]
8277. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P" target="_blank">OPASERV.P</a> WORM!
8278. Source=Paul Collins Startup list
8279.  
8280. [BraveSentry]
8281. Number=1176
8282. Confirmed=N
8283. Filename=BraveSentry.exe
8284. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
8285. Source=Paul Collins Startup list
8286.  
8287. [Brct]
8288. Number=1177
8289. Confirmed=X
8290. Filename=trdb.exe
8291. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the PurityScan.y TROJAN!
8292. Source=Paul Collins Startup list
8293.  
8294. [Break_Reminder]
8295. Number=1178
8296. Confirmed=U
8297. Filename=BREAK REMINDER.exe
8298. Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See <a href="http://www.cheqsoft.com/break.html" target="_blank">here</a>
8299. Source=Paul Collins Startup list
8300.  
8301. [Breg]
8302. Number=1179
8303. Confirmed=X
8304. Filename=bcre.exe
8305. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
8306. Source=Paul Collins Startup list
8307.  
8308. [Breg]
8309. Number=1180
8310. Confirmed=X
8311. Filename=bptre.exe
8312. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
8313. Source=Paul Collins Startup list
8314.  
8315. [Breg]
8316. Number=1181
8317. Confirmed=X
8318. Filename=breg.exe
8319. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
8320. Source=Paul Collins Startup list
8321.  
8322. [Bridge]
8323. Number=1182
8324. Confirmed=X
8325. Filename=rundll32.exe ...Bridge.dll
8326. Description=Flingstone.com browser hijacker
8327. Source=Paul Collins Startup list
8328.  
8329. [Brindys BriTray]
8330. Number=1183
8331. Confirmed=Y
8332. Filename=BRITRAY.EXE
8333. Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from <a href="http://www.brindys.com/" target="_blank">Brindys Software</a>). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
8334. Source=Paul Collins Startup list
8335.  
8336. [BrmfRmPA]
8337. Number=1184
8338. Confirmed=U
8339. Filename=BrmfRmPA.exe
8340. Description=Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate
8341. Source=Paul Collins Startup list
8342.  
8343. [Broadband Wizard]
8344. Number=1185
8345. Confirmed=N
8346. Filename=bbwiz.exe
8347. Description=Starts <a href="http://www.broadbandwizard.net/" target="_blank">Broadband Wizard</a> so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
8348. Source=Paul Collins Startup list
8349.  
8350. [Broadcom Wireless Manager UI]
8351. Number=1186
8352. Confirmed=U
8353. Filename=bcmntray.exe
8354. Description=Related to <a href="http://www.broadcom.com/" target=_blank>Broadcom</a> Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems
8355. Source=Paul Collins Startup list
8356.  
8357. [Broadcom Wireless Manager UI]
8358. Number=1187
8359. Confirmed=N
8360. Filename=wltray.exe
8361. Description=System tray access to wireless LAN card configuration options
8362.  
8363. Source=Paul Collins Startup list
8364.  
8365. [Bron-Spizaetus]
8366. Number=1188
8367. Confirmed=X
8368. Filename=CVT.exe
8369. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99" target=_blank>RONTOKBRO</a> WORM!
8370. Source=Paul Collins Startup list
8371.  
8372. [Bron-Spizaetus]
8373. Number=1189
8374. Confirmed=X
8375. Filename=norBtok.exe
8376. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.B&VSect=P" target=_blank>RONTOKBRO.B</a> WORM!
8377. Source=Paul Collins Startup list
8378.  
8379. [Bron-Spizaetus]
8380. Number=1190
8381. Confirmed=X
8382. Filename=[path to file]
8383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokf.html" target=_blank>BRONTOK-F</a> WORM!
8384. Source=Paul Collins Startup list
8385.  
8386. [Bron-Spizaetus]
8387. Number=1191
8388. Confirmed=X
8389. Filename=bronstab.exe
8390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.C&VSect=P" target=_blank>RONTOKBRO.C</a> WORM!
8391. Source=Paul Collins Startup list
8392.  
8393. [Bron-Spizaetus]
8394. Number=1192
8395. Confirmed=X
8396. Filename=eksplorasi.exe
8397. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.J&VSect=P" target=_blank>RONTOKBRO.J</a> WORM!
8398. Source=Paul Collins Startup list
8399.  
8400. [Bron-Spizaetus]
8401. Number=1193
8402. Confirmed=X
8403. Filename=ElnorB.exe
8404. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.D&VSect=P" target=_blank>RONTOKBRO.D</a> WORM!
8405. Source=Paul Collins Startup list
8406.  
8407. [Bron-Spizaetus]
8408. Number=1194
8409. Confirmed=X
8410. Filename=sempalong.exe
8411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoke.html" target=_blank>BRONTOK-E</a> WORM!
8412. Source=Paul Collins Startup list
8413.  
8414. [Bron-Spizaetus]
8415. Number=1195
8416. Confirmed=X
8417. Filename=RakyatKelaparan.exe
8418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokj.html" target=_blank>BRONTOK-J</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32brontokl.html" target=_blank>BRONTOK-L</a> WORMS!
8419. Source=Paul Collins Startup list
8420.  
8421. [Bron-Spizaetus-5118REPM]
8422. Number=1196
8423. Confirmed=X
8424. Filename=komodo-6321422.exe
8425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokr.html" target=_blank>BRONTOK-R</a> WORM!
8426. Source=Paul Collins Startup list
8427.  
8428. [Bron-Spizaetus-cfgmktoq]
8429. Number=1197
8430. Confirmed=X
8431. Filename=bbm-qotkmgfc.exe
8432. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokm.html" target=_blank>BRONTOK-M</a> WORM!
8433. Source=Paul Collins Startup list
8434.  
8435. [Bron-Spizaetus-cfgmmnru]
8436. Number=1198
8437. Confirmed=X
8438. Filename=bbm-urnmmgfc.exe
8439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokn.html" target=_blank>BRONTOK-N</a> WORM!
8440. Source=Paul Collins Startup list
8441.  
8442. [BrowseProxy]
8443. Number=1199
8444. Confirmed=X
8445. Filename=FindService.exe
8446. Description=Actual Names <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075255" target="_blank">(AdvSearch)</a> Internet Keywords parasite
8447. Source=Paul Collins Startup list
8448.  
8449. [browser]
8450. Number=1200
8451. Confirmed=X
8452. Filename=msgaol.exe
8453. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
8454. Source=Paul Collins Startup list
8455.  
8456. [browser]
8457. Number=1201
8458. Confirmed=X
8459. Filename=s_menu.exe
8460. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
8461. Source=Paul Collins Startup list
8462.  
8463. [browser]
8464. Number=1202
8465. Confirmed=X
8466. Filename=browse.exe
8467. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
8468. Source=Paul Collins Startup list
8469.  
8470. [browser]
8471. Number=1203
8472. Confirmed=X
8473. Filename=deamon.exe
8474. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
8475. Source=Paul Collins Startup list
8476.  
8477. [browser]
8478. Number=1204
8479. Confirmed=X
8480. Filename=msgaol.exe
8481. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
8482. Source=Paul Collins Startup list
8483.  
8484. [browser aid]
8485. Number=1205
8486. Confirmed=X
8487. Filename=browseraid.exe
8488. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
8489. Source=Paul Collins Startup list
8490.  
8491. [Browser Help Svc]
8492. Number=1206
8493. Confirmed=X
8494. Filename=BHSV.EXE
8495. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavq.html" target=_blank>RBOT-AVQ</a> WORM!
8496. Source=Paul Collins Startup list
8497.  
8498. [Browser Hijack Blaster]
8499. Number=1207
8500. Confirmed=Y
8501. Filename=bhblaster.exe
8502. Description=Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by <a href="http://javacoolsoftware.com/spywareguard.html" target="_blank">SpywareGuard</a>
8503. Source=Paul Collins Startup list
8504.  
8505. [Browser Launcher]
8506. Number=1208
8507. Confirmed=U
8508. Filename=Commandr.exe
8509. Description=Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
8510. Source=Paul Collins Startup list
8511.  
8512. [Browser Pal]
8513. Number=1209
8514. Confirmed=X
8515. Filename=adblck.exe
8516. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
8517. Source=Paul Collins Startup list
8518.  
8519. [Browser Sentinel]
8520. Number=1210
8521. Confirmed=U
8522. Filename=BrowserSentinel.exe
8523. Description=<a href="http://www.browsersentinel.com/" target="_blank">Browser Sentinel</a> - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page
8524. Source=Paul Collins Startup list
8525.  
8526. [BrowserUpdateSched]
8527. Number=1211
8528. Confirmed=X
8529. Filename=qwinnsap.exe
8530. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
8531. Source=Paul Collins Startup list
8532.  
8533. [BrowserUpdateSched]
8534. Number=1212
8535. Confirmed=X
8536. Filename=twinorag.exe
8537. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
8538. Source=Paul Collins Startup list
8539.  
8540. [BrowserWebCheck]
8541. Number=1213
8542. Confirmed=N
8543. Filename=loadwc.exe
8544. Description=Checks to make sure that IE is still your default browser
8545. Source=Paul Collins Startup list
8546.  
8547. [brwdiag]
8548. Number=1214
8549. Confirmed=X
8550. Filename=[path to worm]
8551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stratiobn.html" target="_blank">STRATIO-BN</a> WORM!
8552. Source=Paul Collins Startup list
8553.  
8554. [BS Player]
8555. Number=1215
8556. Confirmed=N
8557. Filename=bsplayer.exe
8558. Description=<a href="http://www.bsplayer.org/" target= blank>BSplayer</a> - A video player used to play avi, mpg, wmv and other multimedia files
8559. Source=Paul Collins Startup list
8560.  
8561. [BsCLiP]
8562. Number=1216
8563. Confirmed=N
8564. Filename=BSCLIP.exe
8565. Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
8566. Source=Paul Collins Startup list
8567.  
8568. [Bsoft lppt01]
8569. Number=1217
8570. Confirmed=X
8571. Filename=Bsoft.exe
8572. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
8573. Source=Paul Collins Startup list
8574.  
8575. [bsplayer]
8576. Number=1218
8577. Confirmed=N
8578. Filename=bsplayer.exe
8579. Description=<a href="http://www.bsplayer.org/" target=_blank>BSplayer</a> - a video player used to play avi, mpg, wmv and other multimedia files
8580. Source=Paul Collins Startup list
8581.  
8582. [BSserver]
8583. Number=1219
8584. Confirmed=X
8585. Filename=FileKan.exe
8586. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CBW" target="_blank">VB.CBW</a> WORM!
8587. Source=Paul Collins Startup list
8588.  
8589. [BSVCHOST]
8590. Number=1220
8591. Confirmed=X
8592. Filename=SVCH0ST.EXE
8593. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-052311-1341-99" target="_blank">VOXOM</a> TROJAN!
8594. Source=Paul Collins Startup list
8595.  
8596. [Bsx3]
8597. Number=1221
8598. Confirmed=X
8599. Filename=RunDLL32.EXE [path] bs3.dll, DllRun
8600. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
8601. Source=Paul Collins Startup list
8602.  
8603. [BT]
8604. Number=1222
8605. Confirmed=X
8606. Filename=[path to trojan]
8607. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebotb.html" target=_blank>LITEBOT-B</a> TROJAN!
8608. Source=Paul Collins Startup list
8609.  
8610. [BT Broadband Help]
8611. Number=1223
8612. Confirmed=U
8613. Filename=matcli.exe
8614. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
8615. Source=Paul Collins Startup list
8616.  
8617. [BT00003*]
8618. Number=1224
8619. Confirmed=X
8620. Filename=abcdefg23.exe
8621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbvt.html" target=_blank>VB-VT</a> TROJAN where * = 5,6 or 7!
8622. Source=Paul Collins Startup list
8623.  
8624. [BT00003*]
8625. Number=1225
8626. Confirmed=X
8627. Filename=hiklmnop27.exe
8628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbvt.html" target=_blank>VB-VT</a> TROJAN where * = 2,3 or 4!
8629. Source=Paul Collins Startup list
8630.  
8631. [btbb_wcm_McciTrayApp]
8632. Number=1226
8633. Confirmed=U
8634. Filename=McciTrayApp.exe
8635. Description=System tray access to <a href="http://www.motive.com/" target="_blank">Motive's</a> Broadband 2.0 configuration and repair utility
8636. Source=Paul Collins Startup list
8637.  
8638. [btinst]
8639. Number=1227
8640. Confirmed=?
8641. Filename=btinst.exe
8642. Description=Associated with an Anycom bluetooth wireless card. <font color="#FF0000">What does it do and is it required?</font>
8643. Source=Paul Collins Startup list
8644.  
8645. [BTModemProtection]
8646. Number=1228
8647. Confirmed=U
8648. Filename=BTModemProtection.exe
8649. Description=BT Privacy Online modem protection software, see <a href="http://www.btmodemprotection.com/" target=_blank>here</a>
8650. Source=Paul Collins Startup list
8651.  
8652. [BTopenworld]
8653. Number=1229
8654. Confirmed=U
8655. Filename=DialBTYahoo.exe
8656. Description=BT Yahoo! internet connection manager
8657.  
8658. Source=Paul Collins Startup list
8659.  
8660. [BTSETBOOTKEY]
8661. Number=1230
8662. Confirmed=?
8663. Filename=BTSetBootKey.exe
8664. Description=Related to a USB Bluetooth adaptor. <font color="#FF0000">What does it do and is it required?</font>
8665. Source=Paul Collins Startup list
8666.  
8667. [BtStart]
8668. Number=1231
8669. Confirmed=U
8670. Filename=btstart.exe
8671. Description=<a href="http://www.broadcom.com/products/Bluetooth?source=top" target="_blank">Broadcom</a> (formerly WIDCOMM) Bluetooth Connectivity Software
8672. Source=Paul Collins Startup list
8673.  
8674. [bttray]
8675. Number=1232
8676. Confirmed=U
8677. Filename=bttray.exe
8678. Description=System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
8679. Source=Paul Collins Startup list
8680.  
8681. [BTUSRBDG]
8682. Number=1233
8683. Confirmed=Y
8684. Filename=BtUsrBdg.exe
8685. Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
8686. Source=Paul Collins Startup list
8687.  
8688. [BTUSRBDGF]
8689. Number=1234
8690. Confirmed=Y
8691. Filename=BtUsrBdg.exe
8692. Description=Used with a <a href="http://www.mitsumi.de/index4.html" target="_blank">Mitsumi USB Bluetooth</a> adaptor (and maybe others)
8693. Source=Paul Collins Startup list
8694.  
8695. [BTV]
8696. Number=1235
8697. Confirmed=X
8698. Filename=btv.exe
8699. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
8700. Source=Paul Collins Startup list
8701.  
8702. [Buddyizer]
8703. Number=1236
8704. Confirmed=N
8705. Filename=Buddyizer.exe
8706. Description=Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
8707. Source=Paul Collins Startup list
8708.  
8709. [BUFFALO Power Save Utility for HD]
8710. Number=1237
8711. Confirmed=U
8712. Filename=HDManage.exe
8713. Description=Power Save utility for <a href="http://www.buffalotech.com/buffalo-home.php" target="_blank">Buffalo</a> backup hard discs
8714. Source=Paul Collins Startup list
8715.  
8716. [bugwatcher service]
8717. Number=1238
8718. Confirmed=U
8719. Filename=bugwatcher.exe
8720. Description=<a href="http://www.pcworld.com/downloads/file_description/0,fid,17260,00.asp" target="_blank">Bugtoaster</a> is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
8721. Source=Paul Collins Startup list
8722.  
8723. [BuildBU]
8724. Number=1239
8725. Confirmed=N
8726. Filename=bldbubg.exe
8727. Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system
8728. Source=Paul Collins Startup list
8729.  
8730. [BuildLab]
8731. Number=1240
8732. Confirmed=X
8733. Filename=services.exe
8734. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
8735. Source=Paul Collins Startup list
8736.  
8737. [BuildLab]
8738. Number=1241
8739. Confirmed=X
8740. Filename=winlogon.exe
8741. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
8742. Source=Paul Collins Startup list
8743.  
8744. [BuildLabs]
8745. Number=1242
8746. Confirmed=X
8747. Filename=csrss.exe
8748. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
8749. Source=Paul Collins Startup list
8750.  
8751. [BuildLabs]
8752. Number=1243
8753. Confirmed=X
8754. Filename=lsass.exe
8755. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
8756. Source=Paul Collins Startup list
8757.  
8758. [Bulldog Service]
8759. Number=1244
8760. Confirmed=U
8761. Filename=upsd.exe
8762. Description=Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
8763. Source=Paul Collins Startup list
8764.  
8765. [BulletProof FTP Server]
8766. Number=1245
8767. Confirmed=N
8768. Filename=bpftpserver.exe
8769. Description=<a href="http://www.bpftpserver.com/?page=home&lang=en" target="_blank">BulletProof FTP Server</a>
8770. Source=Paul Collins Startup list
8771.  
8772. [BullGuard]
8773. Number=1246
8774. Confirmed=Y
8775. Filename=mgui.exe
8776. Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
8777. Source=Paul Collins Startup list
8778.  
8779. [BullGuard]
8780. Number=1247
8781. Confirmed=Y
8782. Filename=BullGuard.exe
8783. Description=Part of <a href="http://www.bullguard.com/" target="_blank">BullGuard</a> antivirus
8784. Source=Paul Collins Startup list
8785.  
8786. [BullGuard Update]
8787. Number=1248
8788. Confirmed=U
8789. Filename=avxlive.exe
8790. Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus. Leave enabled unless you manually update virus definitions
8791. Source=Paul Collins Startup list
8792.  
8793. [BullGuard XComm]
8794. Number=1249
8795. Confirmed=Y
8796. Filename=XCOMMSVR.EXE
8797. Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
8798. Source=Paul Collins Startup list
8799.  
8800. [BullGuardInit]
8801. Number=1250
8802. Confirmed=Y
8803. Filename=AVXINIT.EXE
8804. Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
8805. Source=Paul Collins Startup list
8806.  
8807. [BullguardoptIn]
8808. Number=1251
8809. Confirmed=Y
8810. Filename=bulldownload.exe
8811. Description=Part of <a href="http://www.bullguard.com/" target="_blank"> Bullguard</a> antivirus
8812. Source=Paul Collins Startup list
8813.  
8814. [BullsEye]
8815. Number=1252
8816. Confirmed=X
8817. Filename=bargains.exe
8818. Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> adware
8819. Source=Paul Collins Startup list
8820.  
8821. [BullsEye Network]
8822. Number=1253
8823. Confirmed=X
8824. Filename=bargains.exe
8825. Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> adware
8826. Source=Paul Collins Startup list
8827.  
8828. [BullsEye Tracker]
8829. Number=1254
8830. Confirmed=?
8831. Filename=BeTrack.exe
8832. Description=Bullseye - intelligent research assistant
8833. Source=Paul Collins Startup list
8834.  
8835. [Bunx]
8836. Number=1255
8837. Confirmed=X
8838. Filename=beagle.exe
8839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lebreate.html" target=_blank>LEBREAT-E</a> WORM!
8840. Source=Paul Collins Startup list
8841.  
8842. [BurnQuick Queue]
8843. Number=1256
8844. Confirmed=N
8845. Filename=BQTray.exe
8846. Description=System Tray access to <a href="http://www.burnquick.com/" target="_blank">BurnQuick</a> CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
8847. Source=Paul Collins Startup list
8848.  
8849. [Button Server]
8850. Number=1257
8851. Confirmed=U
8852. Filename=bttnserv.exe
8853. Description=Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
8854. Source=Paul Collins Startup list
8855.  
8856. [ButtonKey]
8857. Number=1258
8858. Confirmed=N
8859. Filename=ButtonKey.exe
8860. Description=CyberView TWAIN driver for the <a href="http://www.scanace.com/en/product/product.php" target="_blank">Pacific Image</a> range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
8861. Source=Paul Collins Startup list
8862.  
8863. [Buzme]
8864. Number=1259
8865. Confirmed=N
8866. Filename=Bmui.exe
8867. Description=<a href="http://www.buzme.com/buzme/default.asp" target="_blank">Buzme</a> by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
8868. Source=Paul Collins Startup list
8869.  
8870. [BuzMe]
8871. Number=1260
8872. Confirmed=U
8873. Filename=RCUI.exe
8874. Description=Display Client for the <a href="http://www.buzme.com/" target="_blank">BuzMe</a> Internet Call Waiting Service
8875. Source=Paul Collins Startup list
8876.  
8877. [Buzof.exe]
8878. Number=1261
8879. Confirmed=U
8880. Filename=buzof.exe
8881. Description=<a href="http://www.basta.com/ProdBuzof.htm" target="_blank">Buzof</a> from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
8882. Source=Paul Collins Startup list
8883.  
8884. [bxproxy]
8885. Number=1262
8886. Confirmed=X
8887. Filename=bxproxy.exe
8888. Description=Added by the <a href="http://www.superadblocker.com/definition/bxproxy/" target=_blank>BXPROXY</a> TROJAN!
8889. Source=Paul Collins Startup list
8890.  
8891. [bxsx5]
8892. Number=1263
8893. Confirmed=X
8894. Filename=RunDLL32.EXE [path] bsx5.dll, DllRun
8895. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
8896. Source=Paul Collins Startup list
8897.  
8898. [bxxs5]
8899. Number=1264
8900. Confirmed=X
8901. Filename=RunDLL32.EXE [path] bxxs5.dll, dllrun
8902. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
8903. Source=Paul Collins Startup list
8904.  
8905. [Bymer.Scanner]
8906. Number=1265
8907. Confirmed=X
8908. Filename=Wininit.exe
8909. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122012-3537-99" target="_blank">BYMER</a> WORM!
8910. Source=Paul Collins Startup list
8911.  
8912. [Bymer.Scanner]
8913. Number=1266
8914. Confirmed=X
8915. Filename=Msinit.exe
8916. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122012-3537-99" target="_blank">BYMER</a> WORM!
8917. Source=Paul Collins Startup list
8918.  
8919. [c]
8920. Number=1267
8921. Confirmed=X
8922. Filename=c:\archiv~1\win.com
8923. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100907-5516-99" target="_blank">CUYDOC</a> TROJAN!
8924. Source=Paul Collins Startup list
8925.  
8926. [C-Media Echo Control]
8927. Number=1268
8928. Confirmed=U
8929. Filename=EchoCtrl.exe
8930. Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
8931.  
8932. Source=Paul Collins Startup list
8933.  
8934. [C-Media Mixer]
8935. Number=1269
8936. Confirmed=N
8937. Filename=Mixer.exe
8938. Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
8939. Source=Paul Collins Startup list
8940.  
8941. [C2K]
8942. Number=1270
8943. Confirmed=U
8944. Filename=CYB2K.EXE
8945. Description=CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
8946. Source=Paul Collins Startup list
8947.  
8948. [c32cs2]
8949. Number=1271
8950. Confirmed=U
8951. Filename=c32cs2.exe
8952. Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
8953. Source=Paul Collins Startup list
8954.  
8955. [C7]
8956. Number=1272
8957. Confirmed=X
8958. Filename=[path to worm]
8959. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051016-4401-99" target= blank>MEDIAKILL.A</a> WORM!
8960. Source=Paul Collins Startup list
8961.  
8962. [C:\WINDOWS\IEXPLOR.EXE]
8963. Number=1273
8964. Confirmed=X
8965. Filename=IEXPLOR.EXE
8966. Description="Pop Marketing" adware
8967. Source=Paul Collins Startup list
8968.  
8969. [C:\WINDOWS\WinTask.exe]
8970. Number=1274
8971. Confirmed=X
8972. Filename=WinTask.exe
8973. Description="Pop Marketing" adware
8974. Source=Paul Collins Startup list
8975.  
8976. [CA-AMAgent]
8977. Number=1275
8978. Confirmed=U
8979. Filename=amagent.exe
8980. Description=<a href="http://www3.ca.com/Solutions/Product.asp?ID=194" target=_blank>Unicenter Asset Management</a> is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
8981. Source=Paul Collins Startup list
8982.  
8983. [CaAvTray]
8984. Number=1276
8985. Confirmed=Y
8986. Filename=CAVTray.exe
8987. Description=eTrustÖ <a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> system tray application from Computer Associates
8988. Source=Paul Collins Startup list
8989.  
8990. [Cabchk]
8991. Number=1277
8992. Confirmed=X
8993. Filename=Cabchk.exe
8994. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
8995. Source=Paul Collins Startup list
8996.  
8997. [Cabchk32]
8998. Number=1278
8999. Confirmed=X
9000. Filename=Cabchk32.exe
9001. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
9002. Source=Paul Collins Startup list
9003.  
9004. [CABCInstall]
9005. Number=1279
9006. Confirmed=X
9007. Filename=CABCInstall.exe
9008. Description=<a href="http://www.ignitetech.com/" target="_blank">Ignite Technologies</a> (was CABC) content delivery software
9009. Source=Paul Collins Startup list
9010.  
9011. [CacheBoost]
9012. Number=1280
9013. Confirmed=U
9014. Filename=trayicon.exe
9015. Description=<a href="http://www.systweak.com/cacheboost/" target="_blank">CacheBoost</a> "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
9016. Source=Paul Collins Startup list
9017.  
9018. [CacheLoader]
9019. Number=1281
9020. Confirmed=X
9021. Filename=[path to trojan]
9022. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadernz.html" target=_blank>DLOADER-NZ</a> TROJAN!
9023. Source=Paul Collins Startup list
9024.  
9025. [Cacheman]
9026. Number=1282
9027. Confirmed=N
9028. Filename=Cacheman.exe
9029. Description=Freeware disk cache tweaker from <a href="http://www.outertech.com/">Outer Technologies</a>. Should only be run once and not loaded at start-up
9030. Source=Paul Collins Startup list
9031.  
9032. [CacheMgr]
9033. Number=1283
9034. Confirmed=Y
9035. Filename=CacheMgr.exe
9036. Description=<a href="http://www.sophos.com/products/es/endpoint/sav-windows.html" target="_blank">Sophos Antivirus</a> Remote Update
9037. Source=Paul Collins Startup list
9038.  
9039. [CacheSentry Pro]
9040. Number=1284
9041. Confirmed=U
9042. Filename=CacheSentry Pro.exe
9043. Description="<a href="http://www.enigmaticsoftware.com/cachesentry_pro/index.html" target="_blank">CacheSentry Pro</a> is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
9044. Source=Paul Collins Startup list
9045.  
9046. [CacheSentry Pro]
9047. Number=1285
9048. Confirmed=U
9049. Filename=CacheSentry Pro.exe
9050. Description="<a href="http://www.enigmaticsoftware.com/cachesentry_pro/index.html" target="_blank">CacheSentry Pro</a> is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
9051. Source=Paul Collins Startup list
9052.  
9053. [CACStarter]
9054. Number=1286
9055. Confirmed=N
9056. Filename=cacstart.exe
9057. Description=Cash A Check - check writing software
9058. Source=Paul Collins Startup list
9059.  
9060. [Caddais BackupOnDemand]
9061. Number=1287
9062. Confirmed=U
9063. Filename=BODMon.exe
9064. Description=<a href="http://www.caddais.com/BackupOnDemand.shtml" target="_blank">Caddais BackupOnDemand</a> - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
9065. Source=Paul Collins Startup list
9066.  
9067. [Cadenza]
9068. Number=1288
9069. Confirmed=U
9070. Filename=CdzSvc.exe
9071. Description=Cadenza <a href="http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html" target=_blank>mNotes</a> for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
9072. Source=Paul Collins Startup list
9073.  
9074. [CADS]
9075. Number=1289
9076. Confirmed=U
9077. Filename=cads.exe
9078. Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
9079. Source=Paul Collins Startup list
9080.  
9081. [CafeStation]
9082. Number=1290
9083. Confirmed=U
9084. Filename=CafeStation.exe
9085. Description="<a href="http://cafesuite.net/" target=_blank>CafeSuite</a> is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"
9086.  
9087. Source=Paul Collins Startup list
9088.  
9089. [CAgent]
9090. Number=1291
9091. Confirmed=N
9092. Filename=CAgent.exe
9093. Description=<a href="http://www.fine-reader.com/" target="_blank">Abbyy Fine Reader</a> OCR (Optical Character Recognition) software for scanning and converting documents
9094. Source=Paul Collins Startup list
9095.  
9096. [cAgOu]
9097. Number=1292
9098. Confirmed=X
9099. Filename=[filename].hta
9100. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121908-3951-99" target="_blank">KAKWORM</a> WORM!
9101. Source=Paul Collins Startup list
9102.  
9103. [CahootWebcard]
9104. Number=1293
9105. Confirmed=N
9106. Filename=CahootWebcard.exe
9107. Description="The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
9108. Source=Paul Collins Startup list
9109.  
9110. [caidiysetup]
9111. Number=1294
9112. Confirmed=X
9113. Filename=diynetsetupuni.exe
9114. Description=<a href="http://www.sophos.com/virusinfo/analyses/diynet.html" target="_blank">DIYNet</a> adware
9115. Source=Paul Collins Startup list
9116.  
9117. [CAISafe]
9118. Number=1295
9119. Confirmed=Y
9120. Filename=isafe.exe
9121. Description=Part of Computer Associates <a href="http://www1.my-etrust.com/products/Antivirus.cfm?" target="_blank">eTrust EZ Antivirus</a>
9122. Source=Paul Collins Startup list
9123.  
9124. [CaISSDT]
9125. Number=1296
9126. Confirmed=U
9127. Filename=caissdt.exe
9128. Description=<a href="http://www.ca.com/" target=_blank>Computer Associates</a> Dashboard Tray applet
9129.  
9130. Source=Paul Collins Startup list
9131.  
9132. [Cal Reminder Shortcut]
9133. Number=1297
9134. Confirmed=N
9135. Filename=calrem.exe
9136. Description=Produces a pop-up reminder of events scheduled using the MS Office Calendar
9137. Source=Paul Collins Startup list
9138.  
9139. [Calc Microsoft Windows]
9140. Number=1298
9141. Confirmed=X
9142. Filename=wincalc.exe
9143. Description=Added by an unidentied WORM or TROJAN!
9144. Source=Paul Collins Startup list
9145.  
9146. [CALC32]
9147. Number=1299
9148. Confirmed=X
9149. Filename=CALC32.EXE
9150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotec.html" target=_blank>SPYBOT-EC</a> WORM!
9151. Source=Paul Collins Startup list
9152.  
9153. [Calendar 200X Reminder]
9154. Number=1300
9155. Confirmed=N
9156. Filename=calendar.exe
9157. Description=<a href="http://www.jgraff.addr.com/cal.htm" target="_blank">Calendar 200X</a> - shows holidays, reminders of various anniversaries,tasks etc
9158. Source=Paul Collins Startup list
9159.  
9160. [Calendarscope]
9161. Number=1301
9162. Confirmed=U
9163. Filename=cs.exe
9164. Description=<a href="http://www.calendarscope.com/" target=_blank>Calendarscope</a> calendar software
9165. Source=Paul Collins Startup list
9166.  
9167. [calk]
9168. Number=1302
9169. Confirmed=X
9170. Filename=calk.exe
9171. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafh.html" target= blank>STARTPA-FH</a> TROJAN!
9172. Source=Paul Collins Startup list
9173.  
9174. [Call32]
9175. Number=1303
9176. Confirmed=X
9177. Filename=Call32.exe
9178. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammith.html" target="_blank">SPAMMIT-H</a> TROJAN!
9179. Source=Paul Collins Startup list
9180.  
9181. [CallBumping]
9182. Number=1304
9183. Confirmed=Y
9184. Filename=cbpopw.exe
9185. Description=Related to the <a href="http://www.bewan.com/bewan/products/isdn/index.php" target="_blank">Gazel</a> 128 PCI ISDN adapter. Required if you use it
9186. Source=Paul Collins Startup list
9187.  
9188. [CallCenter Main Application]
9189. Number=1305
9190. Confirmed=U
9191. Filename=V3calmcp.exe
9192. Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
9193. Source=Paul Collins Startup list
9194.  
9195. [CallCenter Printer Interface]
9196. Number=1306
9197. Confirmed=U
9198. Filename=V3faxecp.exe
9199. Description="V3 Inc. <a href="http://www.v3inc.com/freecc.htm" target=_blank>CallCenter</a> is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
9200. Source=Paul Collins Startup list
9201.  
9202. [CallControl]
9203. Number=1307
9204. Confirmed=N
9205. Filename=ftctrl32.exe
9206. Description=FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
9207. Source=Paul Collins Startup list
9208.  
9209. [CamCheck]
9210. Number=1308
9211. Confirmed=N
9212. Filename=CamCheck.exe
9213. Description=<a href="http://www.nucam.com.tw/index1.htm" target="_blank">NuCam</a> camera software related
9214. Source=Paul Collins Startup list
9215.  
9216. [Cameno]
9217. Number=1309
9218. Confirmed=U
9219. Filename=Cameno.exe
9220. Description=<a href="http://www.spadeapps.com/cameno/" target=_blank>Cameno</a> is a program which brings tabbed windows to MSN Messenger 6.0 and above
9221. Source=Paul Collins Startup list
9222.  
9223. [Camera Detector]
9224. Number=1310
9225. Confirmed=U
9226. Filename=CAMDET~*.EXE
9227. Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
9228. Source=Paul Collins Startup list
9229.  
9230. [Camera Detector]
9231. Number=1311
9232. Confirmed=U
9233. Filename=Camdetect.exe
9234. Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
9235. Source=Paul Collins Startup list
9236.  
9237. [Camera Detector]
9238. Number=1312
9239. Confirmed=U
9240. Filename=DEVDET~*.EXE
9241. Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
9242. Source=Paul Collins Startup list
9243.  
9244. [Camio Viewer x]
9245. Number=1313
9246. Confirmed=N
9247. Filename=IXApplet.exe
9248. Description=Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
9249. Source=Paul Collins Startup list
9250.  
9251. [CamMonitor]
9252. Number=1314
9253. Confirmed=?
9254. Filename=hpqcmon.exe
9255. Description=<font color="#FF0000">From HP and related to digital imaging</font>
9256. Source=Paul Collins Startup list
9257.  
9258. [Canada]
9259. Number=1315
9260. Confirmed=N
9261. Filename=Canada.exe
9262. Description=<font color="#FF0000">Known to be a dialler - but is it maliscous or clean?</font>
9263. Source=Paul Collins Startup list
9264.  
9265. [Canary]
9266. Number=1316
9267. Confirmed=U
9268. Filename=canary-std.exe
9269. Description=Canary keystroke logger/monitoring program - remove unless you installed it yourself!
9270.  
9271. Source=Paul Collins Startup list
9272.  
9273. [candy]
9274. Number=1317
9275. Confirmed=X
9276. Filename=command32.exe
9277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlv.html" target="_blank">RBOT-LV</a> WORM!
9278. Source=Paul Collins Startup list
9279.  
9280. [candynet]
9281. Number=1318
9282. Confirmed=X
9283. Filename=Taskmsg.exe
9284. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotna.html" target=_blank>RBOT-NA</a> WORM!
9285. Source=Paul Collins Startup list
9286.  
9287. [Canon MultiPASS Status Monitor]
9288. Number=1319
9289. Confirmed=U
9290. Filename=monitr32.exe
9291. Description=Cannon Multi-Pass status monitor - your choice
9292. Source=Paul Collins Startup list
9293.  
9294. [Canon PC1200 iC D600 iR1200G Status Window]
9295. Number=1320
9296. Confirmed=?
9297. Filename=CAPM1LAK.EXE
9298. Description=Cannon printer related - <font color="#FF0000">is it required in startup?</font>
9299. Source=Paul Collins Startup list
9300.  
9301. [Canon Printer Monitor BJCxxx]
9302. Number=1321
9303. Confirmed=N
9304. Filename=Cjstlst.exe
9305. Description=Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs
9306. Source=Paul Collins Startup list
9307.  
9308. [CAP3ON]
9309. Number=1322
9310. Confirmed=?
9311. Filename=CAP3ONN.EXE
9312. Description=Canon driver, purpose unknown. <font color="#FF0000">Is it required in startup?</font>
9313. Source=Paul Collins Startup list
9314.  
9315. [Capfax]
9316. Number=1323
9317. Confirmed=N
9318. Filename=capfax.exe
9319. Description=<a  href="http://www.bvrp.com/ENG/products/home_fax_telephony.asp" target="_blank">PhoneTools</a> fax software
9320. Source=Paul Collins Startup list
9321.  
9322. [CAPing]
9323. Number=1324
9324. Confirmed=U
9325. Filename=CAPing.exe
9326. Description=Citibank Citianywhere software
9327. Source=Paul Collins Startup list
9328.  
9329. [Capon]
9330. Number=1325
9331. Confirmed=Y
9332. Filename=Capon.exe
9333. Description=Canon printer driver
9334. Source=Paul Collins Startup list
9335.  
9336. [Capon]
9337. Number=1326
9338. Confirmed=Y
9339. Filename=Caponn.exe
9340. Description=Canon printer driver
9341. Source=Paul Collins Startup list
9342.  
9343. [CaptionMgr32]
9344. Number=1327
9345. Confirmed=X
9346. Filename=crssr.exe
9347. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011814-5150-99" target=_blank>ZAR.A</a> WORM!
9348. Source=Paul Collins Startup list
9349.  
9350. [capture]
9351. Number=1328
9352. Confirmed=X
9353. Filename=capture.exe
9354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtheefb.html" target=_blank>THEEF-B</a> TROJAN!
9355. Source=Paul Collins Startup list
9356.  
9357. [Capture Express 2000]
9358. Number=1329
9359. Confirmed=N
9360. Filename=capexp.exe
9361. Description=<a href="http://www.captureexpress.com/" target="_blank">Capture Express</a> - screen capture utility
9362. Source=Paul Collins Startup list
9363.  
9364. [Card Monitor]
9365. Number=1330
9366. Confirmed=N
9367. Filename=REGCNT09.exe
9368. Description=For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs
9369. Source=Paul Collins Startup list
9370.  
9371. [Care20]
9372. Number=1331
9373. Confirmed=X
9374. Filename=Care20.exe
9375. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target=_blank>TopMoxie</a> adware
9376. Source=Paul Collins Startup list
9377.  
9378. [Care2GTU]
9379. Number=1332
9380. Confirmed=U
9381. Filename=Care2GTU.exe
9382. Description=Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it
9383. Source=Paul Collins Startup list
9384.  
9385. [carpserv]
9386. Number=1333
9387. Confirmed=U
9388. Filename=carpserv.exe
9389. Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
9390. Source=Paul Collins Startup list
9391.  
9392. [CARPserver]
9393. Number=1334
9394. Confirmed=X
9395. Filename=CARPserver.exe
9396. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
9397. Source=Paul Collins Startup list
9398.  
9399. [CARPservice]
9400. Number=1335
9401. Confirmed=U
9402. Filename=carpserv.exe
9403. Description=Associated with <a href="http://www.zoltrix.com/" target="_blank"> Zoltrix</a> and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
9404. Source=Paul Collins Startup list
9405.  
9406. [cartao]
9407. Number=1336
9408. Confirmed=X
9409. Filename=[path to file]
9410. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqd.html" target=_blank>DLOADER-QD</a> TROJAN!
9411. Source=Paul Collins Startup list
9412.  
9413. [cartao]
9414. Number=1337
9415. Confirmed=X
9416. Filename=conflicted.exe
9417. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobradv.html" target="_blank">DADOBRA-DV</a> TROJAN!
9418. Source=Paul Collins Startup list
9419.  
9420. [cartao]
9421. Number=1338
9422. Confirmed=X
9423. Filename=killing.exe
9424. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqn.html" target="_blank">DLOADER-QN</a> TROJAN!
9425. Source=Paul Collins Startup list
9426.  
9427. [CAS Client]
9428. Number=1339
9429. Confirmed=X
9430. Filename=casclient.exe
9431. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-2016-99" target=_blank>CasinoClient</a> adware
9432. Source=Paul Collins Startup list
9433.  
9434. [Cas2Stub]
9435. Number=1340
9436. Confirmed=X
9437. Filename=cas2stub.exe
9438. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-2016-99" target="_blank">CasinoClient</a> adware
9439. Source=Paul Collins Startup list
9440.  
9441. [CasAgnt]
9442. Number=1341
9443. Confirmed=U
9444. Filename=CasAgnt.exe
9445. Description=Program by Extended Systems which allows you to sync your Casio PDA with your PC
9446. Source=Paul Collins Startup list
9447.  
9448. [Casdvqwa]
9449. Number=1342
9450. Confirmed=X
9451. Filename=bmqnzkg.exe
9452. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121516-1116-99" target="_blank">RANDEX.BE</a> WORM!
9453. Source=Paul Collins Startup list
9454.  
9455. [caseyvideo]
9456. Number=1343
9457. Confirmed=X
9458. Filename=CaseyVideo.exe
9459. Description=Malware causing p0rn popups
9460. Source=Paul Collins Startup list
9461.  
9462. [caseyvideo]
9463. Number=1344
9464. Confirmed=X
9465. Filename=caseyvideo[*].exe [* = digit]
9466. Description=Malware causing p0rn popups
9467. Source=Paul Collins Startup list
9468.  
9469. [CashBack]
9470. Number=1345
9471. Confirmed=X
9472. Filename=cashback.exe
9473. Description=Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch
9474. Source=Paul Collins Startup list
9475.  
9476. [CashFiesta]
9477. Number=1346
9478. Confirmed=X
9479. Filename=Cashfiesta.exe
9480. Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_CASHFIESTA.A" target=_blank>CASHFIESTA.A</a> pay-per-surf adware
9481. Source=Paul Collins Startup list
9482.  
9483. [Cashsurfers Cashbar Navigator]
9484. Number=1347
9485. Confirmed=N
9486. Filename=Cashbar.Exe
9487. Description=Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
9488. Source=Paul Collins Startup list
9489.  
9490. [CashToolbar]
9491. Number=1348
9492. Confirmed=X
9493. Filename=CD_Load.exe
9494. Description=CashToolbar <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
9495. Source=Paul Collins Startup list
9496.  
9497. [CashToolbar]
9498. Number=1349
9499. Confirmed=X
9500. Filename=svchost.exe
9501. Description=CashToolbar <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
9502. Source=Paul Collins Startup list
9503.  
9504. [Casino Royale]
9505. Number=1350
9506. Confirmed=X
9507. Filename=jamesbond.exe
9508. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzo.html" target="_blank">RBOT-FZO</a> WORM!
9509. Source=Paul Collins Startup list
9510.  
9511. [Cassandra]
9512. Number=1351
9513. Confirmed=X
9514. Filename=[10 to 14 random char]THD.EXE
9515. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperai.html" target=_blank>KREPPER-AI</a> TROJAN!
9516. Source=Paul Collins Startup list
9517.  
9518. [Cassandra]
9519. Number=1352
9520. Confirmed=X
9521. Filename=cassandra.exe
9522. Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088106" target=_blank>KREPPER</a> TROJAN!
9523.  
9524. Source=Paul Collins Startup list
9525.  
9526. [CasStub]
9527. Number=1353
9528. Confirmed=X
9529. Filename=casstub.exe
9530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcassa.html" target=_blank>CASS-A</a> TROJAN!
9531. Source=Paul Collins Startup list
9532.  
9533. [Catalyst Control Centre]
9534. Number=1354
9535. Confirmed=X
9536. Filename=atixvdm.exe
9537. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47032" target="_blank">RBOT.DMW</a> TROJAN!
9538. Source=Paul Collins Startup list
9539.  
9540. [CAVRID]
9541. Number=1355
9542. Confirmed=Y
9543. Filename=CAVRID.exe
9544. Description=eTrustÖ <a href="http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788" target=_blank>EZ Antivirus</a> Real Time Infection Report from Computer Associates
9545. Source=Paul Collins Startup list
9546.  
9547. [CAVS]
9548. Number=1356
9549. Confirmed=Y
9550. Filename=CAVS.exe
9551. Description=Cheyenne (now <a href="http://ca.com/" target=_blank>eTrust</a>) antivirus
9552. Source=Paul Collins Startup list
9553.  
9554. [CAZNOVAS]
9555. Number=1357
9556. Confirmed=X
9557. Filename=CAZNOVAS.exe
9558. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031919-3602-99" target="_blank">CAZNO</a> TROJAN!
9559. Source=Paul Collins Startup list
9560.  
9561. [CBACK.EXE]
9562. Number=1358
9563. Confirmed=X
9564. Filename=CBACK.EXE
9565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
9566. Source=Paul Collins Startup list
9567.  
9568. [CBWAttn]
9569. Number=1359
9570. Confirmed=U
9571. Filename=CBWAttn.exe
9572. Description=Required for <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> to answer incoming faxes, can cause sleep mode problems
9573. Source=Paul Collins Startup list
9574.  
9575. [CBWHost]
9576. Number=1360
9577. Confirmed=U
9578. Filename=CBWHost.exe
9579. Description=Required for <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> to answer incoming faxes, can cause sleep mode problems
9580. Source=Paul Collins Startup list
9581.  
9582. [CBWUser]
9583. Number=1361
9584. Confirmed=?
9585. Filename=CBWDial.exe
9586. Description=Associated with <a href="http://www.spyfind.com/bitware.html" target="_blank">Bitware</a> that integrates fax, voice, pager, and data communications on your desktop
9587. Source=Paul Collins Startup list
9588.  
9589. [CC2KUI]
9590. Number=1362
9591. Confirmed=X
9592. Filename=comet.exe
9593. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
9594. Source=Paul Collins Startup list
9595.  
9596. [Ccao]
9597. Number=1363
9598. Confirmed=X
9599. Filename=regedit.exe
9600. Description=Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change
9601. Source=Paul Collins Startup list
9602.  
9603. [ccApp]
9604. Number=1364
9605. Confirmed=Y
9606. Filename=ccApp.exe
9607. Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank">Norton AntiVirus</a>. Auto-protect and E-mail check will not function without this
9608. Source=Paul Collins Startup list
9609.  
9610. [ccApp]
9611. Number=1365
9612. Confirmed=X
9613. Filename=[random filename]
9614. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102917-0924-99" target="_blank">OBSORB</a> TROJAN! Note the random filename compared to the valid Norton AntiVirus
9615. Source=Paul Collins Startup list
9616.  
9617. [ccApp]
9618. Number=1366
9619. Confirmed=X
9620. Filename=WMADZ.EXE
9621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlj.html" target="_blank">RBOT-LJ</a> WORM!
9622. Source=Paul Collins Startup list
9623.  
9624. [ccApp]
9625. Number=1367
9626. Confirmed=X
9627. Filename=.EXE
9628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlj.html" target= blank>RBOT-LJ</a> WORM!
9629. Source=Paul Collins Startup list
9630.  
9631. [ccApp]
9632. Number=1368
9633. Confirmed=X
9634. Filename=gcasServ.exe
9635. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name
9636. Source=Paul Collins Startup list
9637.  
9638. [ccAppr]
9639. Number=1369
9640. Confirmed=X
9641. Filename=svcrhost.exe
9642. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9643. Source=Paul Collins Startup list
9644.  
9645. [ccAppr]
9646. Number=1370
9647. Confirmed=X
9648. Filename=expIorer.exe
9649. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9650. Source=Paul Collins Startup list
9651.  
9652. [ccAppr]
9653. Number=1371
9654. Confirmed=X
9655. Filename=outIook.exe
9656. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9657. Source=Paul Collins Startup list
9658.  
9659. [ccAppr]
9660. Number=1372
9661. Confirmed=X
9662. Filename=svcshost.exe
9663. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9664. Source=Paul Collins Startup list
9665.  
9666. [ccApps]
9667. Number=1373
9668. Confirmed=X
9669. Filename=services.exe
9670. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
9671. Source=Paul Collins Startup list
9672.  
9673. [ccApps]
9674. Number=1374
9675. Confirmed=X
9676. Filename=winlogon.exe
9677. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
9678. Source=Paul Collins Startup list
9679.  
9680. [ccApps]
9681. Number=1375
9682. Confirmed=X
9683. Filename=N/A
9684. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
9685. Source=Paul Collins Startup list
9686.  
9687. [ccApps]
9688. Number=1376
9689. Confirmed=X
9690. Filename=ccApps.exe
9691. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangaroob.html" target=_blank>KANGAROO-B</a> WORM!
9692. Source=Paul Collins Startup list
9693.  
9694. [CCD Manager]
9695. Number=1377
9696. Confirmed=U
9697. Filename=DDS.EXE
9698. Description=Project Labs <a href="http://www.centurycdtech.com/" target="_blank">Century CD</a> manager for their CD/DVD storage device
9699. Source=Paul Collins Startup list
9700.  
9701. [Ccdecode]
9702. Number=1378
9703. Confirmed=N
9704. Filename=rundll32.exe streamci, StreamingDeviceSetup
9705. Description=Part of the closed caption decdoder/MS VBI codec. Should only run once
9706. Source=Paul Collins Startup list
9707.  
9708. [CCDoctorLogonTesting]
9709. Number=1379
9710. Confirmed=Y
9711. Filename=ccdoctor.exe
9712. Description=Checks your system to make sure it's configured properly for running <a href="http://www-306.ibm.com/software/awdtools/clearcase/index.html" target="_blank">IBM Rational ClearCase</a>, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
9713. Source=Paul Collins Startup list
9714.  
9715. [ccenter]
9716. Number=1380
9717. Confirmed=Y
9718. Filename=CCenter.exe
9719. Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus
9720.  
9721. Source=Paul Collins Startup list
9722.  
9723. [CcEvtMgr]
9724. Number=1381
9725. Confirmed=Y
9726. Filename=ccEvtMgr.exe
9727. Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>.<font color="#FF0000"> </font>Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
9728. Source=Paul Collins Startup list
9729.  
9730. [ccEvtMrg.exe]
9731. Number=1382
9732. Confirmed=X
9733. Filename=ccEvtMrg.exe
9734. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T" target=_blank>RBOT.GZ</a> WORM!
9735. Source=Paul Collins Startup list
9736.  
9737. [ccExecute]
9738. Number=1383
9739. Confirmed=X
9740. Filename=bootcfg1.exe
9741. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nemsib.html" target=_blank>NEMSI-B</a> VIRUS!
9742. Source=Paul Collins Startup list
9743.  
9744. [ccHelp]
9745. Number=1384
9746. Confirmed=X
9747. Filename=ccHelp.hta
9748. Description=<a href="http://sarc.com/avcenter/venc/data/adware.searchq.html" target= blank>"Searchq"</a> adware
9749. Source=Paul Collins Startup list
9750.  
9751. [ccleaner]
9752. Number=1385
9753. Confirmed=U
9754. Filename=ccleaner.exe
9755. Description=<a href="http://www.ccleaner.com/" target=_blank>CCleaner</a> - removes unused files from your system
9756.  
9757. Source=Paul Collins Startup list
9758.  
9759. [ccpApps]
9760. Number=1386
9761. Confirmed=X
9762. Filename=csrss.exe
9763. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
9764. Source=Paul Collins Startup list
9765.  
9766. [ccpApps]
9767. Number=1387
9768. Confirmed=X
9769. Filename=lsass.exe
9770. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
9771. Source=Paul Collins Startup list
9772.  
9773. [ccProxy]
9774. Number=1388
9775. Confirmed=U
9776. Filename=CCPROXY.EXE
9777. Description=Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
9778. Source=Paul Collins Startup list
9779.  
9780. [ccPrxy.exe]
9781. Number=1389
9782. Confirmed=X
9783. Filename=ccPrxy.exe
9784. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32shipuph.html" target="_blank">SHIPUP-H</a> WORM!
9785. Source=Paul Collins Startup list
9786.  
9787. [CcPxySvc]
9788. Number=1390
9789. Confirmed=Y
9790. Filename=CCPXYSVC.exe
9791. Description=Part of Norton's <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> AntiVirus 2003</a>, <a href="http://www.symantec.com/sabu/nis/nis_pe/" target="_blank"> Internet Security</a> and <a href="http://www.symantec.com/sabu/nis/npf/" target="_blank"> Firewall</a> products. E-mail proxy service - required for E-mail scanning and the firewall
9792. Source=Paul Collins Startup list
9793.  
9794. [ccreg]
9795. Number=1391
9796. Confirmed=X
9797. Filename=explorer.exe
9798. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021316-5131-99" target=_blank>ZCREW</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
9799. Source=Paul Collins Startup list
9800.  
9801. [CcRegVfy]
9802. Number=1392
9803. Confirmed=Y
9804. Filename=ccRegVfy.exe
9805. Description=Part of <a href="http://www.symantec.com/nav/nav_9xnt/" target="_blank"> Norton AntiVirus 2003</a>. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
9806. Source=Paul Collins Startup list
9807.  
9808. [ccRegVfY]
9809. Number=1393
9810. Confirmed=X
9811. Filename=expIorer.exe
9812. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9813. Source=Paul Collins Startup list
9814.  
9815. [ccRegVfY]
9816. Number=1394
9817. Confirmed=X
9818. Filename=svcrhost.exe
9819. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9820. Source=Paul Collins Startup list
9821.  
9822. [ccRegVfY]
9823. Number=1395
9824. Confirmed=X
9825. Filename=svcshost.exe
9826. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
9827. Source=Paul Collins Startup list
9828.  
9829. [ccRegVfY]
9830. Number=1396
9831. Confirmed=X
9832. Filename=outIook.exe
9833. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.A</a> TROJAN!
9834. Source=Paul Collins Startup list
9835.  
9836. [ccSetMgr]
9837. Number=1397
9838. Confirmed=Y
9839. Filename=ccSetMgr.exe
9840. Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
9841. Source=Paul Collins Startup list
9842.  
9843. [ccsvit.exe]
9844. Number=1398
9845. Confirmed=X
9846. Filename=ccsvit.exe
9847. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahp.html" target=_blank>STARTPA-HP</a> TROJAN!
9848. Source=Paul Collins Startup list
9849.  
9850. [cctray]
9851. Number=1399
9852. Confirmed=U
9853. Filename=cctray.exe
9854. Description=Part of <a href="http://www3.ca.com/Solutions/Product.aspx?ID=3243" target="_blank">CA Internet Security Suite</a>
9855. Source=Paul Collins Startup list
9856.  
9857. [ccUpdate]
9858. Number=1400
9859. Confirmed=X
9860. Filename=ccUpdate.exe
9861. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YS" target="_blank">AGOBOT.YS</a> WORM!
9862. Source=Paul Collins Startup list
9863.  
9864. [ccWasher]
9865. Number=1401
9866. Confirmed=U
9867. Filename=aolwasher.exe
9868. Description=Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
9869. Source=Paul Collins Startup list
9870.  
9871. [CCWC7a]
9872. Number=1402
9873. Confirmed=U
9874. Filename=ac.exe
9875. Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
9876. Source=Paul Collins Startup list
9877.  
9878. [CCWC7I]
9879. Number=1403
9880. Confirmed=U
9881. Filename=idxl.exe
9882. Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
9883. Source=Paul Collins Startup list
9884.  
9885. [CCWC7s]
9886. Number=1404
9887. Confirmed=U
9888. Filename=stealth.exe
9889. Description=<a href="http://hem.bredband.net/thokha/" target="_blank">Moleculesoft</a> Cache, Cookie & Windows Cleaner. No longer supported but available for free
9890. Source=Paul Collins Startup list
9891.  
9892. [CD Storage Master]
9893. Number=1405
9894. Confirmed=N
9895. Filename=cdstorager.exe
9896. Description=<a href="http://www.cdstorager.com/" target= blank>CD Storage Master</a> - a program designed to catalog CD information, boasts a number of handy features for organizing your collection
9897. Source=Paul Collins Startup list
9898.  
9899. [cd1]
9900. Number=1406
9901. Confirmed=X
9902. Filename=cd1.exe
9903. Description=Premium rate adult content dialler
9904. Source=Paul Collins Startup list
9905.  
9906. [CDANTSRV]
9907. Number=1407
9908. Confirmed=N
9909. Filename=CDANTSRV.exe
9910. Description=C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
9911. Source=Paul Collins Startup list
9912.  
9913. [Cdcompat]
9914. Number=1408
9915. Confirmed=X
9916. Filename=Cdcompat.exe
9917. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
9918. Source=Paul Collins Startup list
9919.  
9920. [cddrv32]
9921. Number=1409
9922. Confirmed=X
9923. Filename=cddrv32.exe
9924. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
9925. Source=Paul Collins Startup list
9926.  
9927. [CDInterceptor]
9928. Number=1410
9929. Confirmed=N
9930. Filename=cdi.exe
9931. Description=CD indexer for measuring the speed of CD players
9932. Source=Paul Collins Startup list
9933.  
9934. [CdnCtr]
9935. Number=1411
9936. Confirmed=X
9937. Filename=cdnup.exe
9938. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097703" target="_blank">CNNIC Update</a> pest
9939. Source=Paul Collins Startup list
9940.  
9941. [CDriver]
9942. Number=1412
9943. Confirmed=X
9944. Filename=windrv.exe
9945. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
9946. Source=Paul Collins Startup list
9947.  
9948. [Cdrom Controller]
9949. Number=1413
9950. Confirmed=X
9951. Filename=cdromcntrl.exe
9952. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbattrya.html" target=_blank>BATTRY-A</a> TROJAN!
9953. Source=Paul Collins Startup list
9954.  
9955. [cds]
9956. Number=1414
9957. Confirmed=X
9958. Filename=cds.exe
9959. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112514-4016-99" target=_blank>SPYMON</a> TROJAN!
9960. Source=Paul Collins Startup list
9961.  
9962. [CDTray]
9963. Number=1415
9964. Confirmed=N
9965. Filename=CDTray.exe
9966. Description=On HP PCs, this is the small CD icon next to the time
9967. Source=Paul Collins Startup list
9968.  
9969. [CeEKEY]
9970. Number=1416
9971. Confirmed=U
9972. Filename=CeEKey.exe
9973. Description=Hot Key utility included on Toshiba Satellite laptops
9974. Source=Paul Collins Startup list
9975.  
9976. [CeEPOWER]
9977. Number=1417
9978. Confirmed=U
9979. Filename=cepmtray.exe
9980. Description=Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
9981. Source=Paul Collins Startup list
9982.  
9983. [Ceic]
9984. Number=1418
9985. Confirmed=?
9986. Filename=Ceic.exe
9987. Description=<font color="#FF0000">??</font>
9988. Source=Paul Collins Startup list
9989.  
9990. [Cekirge]
9991. Number=1419
9992. Confirmed=X
9993. Filename=[path to worm]
9994. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080513-2747-99" target="_blank">KERGEZ.A</a> WORM!
9995. Source=Paul Collins Startup list
9996.  
9997. [center]
9998. Number=1420
9999. Confirmed=X
10000. Filename=[random name]32.exe
10001. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
10002. Source=Paul Collins Startup list
10003.  
10004. [CentralProcessor]
10005. Number=1421
10006. Confirmed=X
10007. Filename=taskimgr.exe
10008. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081711-5410-99" target="_blank">BANCOS.J</a> TROJAN!
10009. Source=Paul Collins Startup list
10010.  
10011. [CEPA]
10012. Number=1422
10013. Confirmed=?
10014. Filename=wsot.exe
10015. Description=<font color="#FF0000">??</font>
10016. Source=Paul Collins Startup list
10017.  
10018. [CertificateRegistration]
10019. Number=1423
10020. Confirmed=U
10021. Filename=SafeSignCertReg.exe
10022. Description=SafeSign Certificate Registration Utility for Microsoft Crypto applications
10023. Source=Paul Collins Startup list
10024.  
10025. [CertReg]
10026. Number=1424
10027. Confirmed=U
10028. Filename=certreg.exe
10029. Description=Related to <a href="http://www.gemplus.com/" target=_blank>Gemplus</a> Card Reader
10030.  
10031. Source=Paul Collins Startup list
10032.  
10033. [CertStoreInit]
10034. Number=1425
10035. Confirmed=Y
10036. Filename=CertStoreInit
10037. Description=<a href="http://www.aladdin.com/eToken/" target="_blank">Aladdin eToken</a> authentication and password management
10038. Source=Paul Collins Startup list
10039.  
10040. [CesarFTP FTP Server]
10041. Number=1426
10042. Confirmed=N
10043. Filename=server.exe
10044. Description=<a href="http://www.aclogic.com/" target="_blank">CesarFTPd</a> - FTP server
10045. Source=Paul Collins Startup list
10046.  
10047. [cesmain.dll]
10048. Number=1427
10049. Confirmed=X
10050. Filename=cmail.dll, Rundll32
10051. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
10052. Source=Paul Collins Startup list
10053.  
10054. [CEventMgr]
10055. Number=1428
10056. Confirmed=X
10057. Filename=Cell.exe
10058. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseak.html" target=_blank>BIFROSE-AK</a> TROJAN!
10059. Source=Paul Collins Startup list
10060.  
10061. [CFD]
10062. Number=1429
10063. Confirmed=N
10064. Filename=CFD.exe
10065. Description=<a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
10066. Source=Paul Collins Startup list
10067.  
10068. [CFDStart]
10069. Number=1430
10070. Confirmed=X
10071. Filename=WinMuschi.exe
10072. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092618-5651-99" target="_blank">WINMUSCHI</a> dialler
10073. Source=Paul Collins Startup list
10074.  
10075. [cfgboost]
10076. Number=1431
10077. Confirmed=X
10078. Filename=cfgboot.exe
10079. Description=Added by an unidentified WORM or TROJAN!
10080. Source=Paul Collins Startup list
10081.  
10082. [cfgintpr]
10083. Number=1432
10084. Confirmed=Y
10085. Filename=cfgintpr.exe
10086. Description=Configuration Interpreter - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
10087. Source=Paul Collins Startup list
10088.  
10089. [cfgmgr51]
10090. Number=1433
10091. Confirmed=X
10092. Filename=RunDLL32.EXE [path] cfgmgr51.dll, DllRun
10093. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
10094. Source=Paul Collins Startup list
10095.  
10096. [cfgmgr52]
10097. Number=1434
10098. Confirmed=X
10099. Filename=RunDLL32.EXE [path] cfgmgr52.dll, DllRun
10100. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
10101. Source=Paul Collins Startup list
10102.  
10103. [cfgwiz]
10104. Number=1435
10105. Confirmed=N
10106. Filename=cfgwiz.exe
10107. Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
10108. Source=Paul Collins Startup list
10109.  
10110. [cFosDNT]
10111. Number=1436
10112. Confirmed=?
10113. Filename=cFosDNT.exe
10114. Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
10115. Source=Paul Collins Startup list
10116.  
10117. [cFosInst_Check]
10118. Number=1437
10119. Confirmed=?
10120. Filename=cfosinst.exe
10121. Description=<a href="http://www.cfos.de/index2_e.htm" target="_blank">cFos</a> DSL Modem driver related. <font color="#FF0000">What does it do and is it required?</font>
10122. Source=Paul Collins Startup list
10123.  
10124. [cFosSpeed]
10125. Number=1438
10126. Confirmed=U
10127. Filename=cFosSpeed.exe
10128. Description=<a href="http://www.cfos.de/index2_e.htm" target=_blank>cFos Software</a> Internet acceleration program related. Note - may be necessary for the software to work properly
10129. Source=Paul Collins Startup list
10130.  
10131. [CFSServ.exe]
10132. Number=1439
10133. Confirmed=U
10134. Filename=CFSServ.exe
10135. Description=Belongs to Toshiba's configfree utility and searches for Wireless Devices
10136. Source=Paul Collins Startup list
10137.  
10138. [cftmon32]
10139. Number=1440
10140. Confirmed=X
10141. Filename=taskmgr*.exe [* = number]
10142. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080717-1526-99" target="_blank">SOWSAT.C</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082211-1053-99" target="_blank">SOWSAT.J</a> WORMS!
10143. Source=Paul Collins Startup list
10144.  
10145. [cfy]
10146. Number=1441
10147. Confirmed=X
10148. Filename=cfy.exe
10149. Description=Surfenhance.com <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111211-5006-99" target=_blank>SearchForIt</a> adware variant
10150. Source=Paul Collins Startup list
10151.  
10152. [CGI Firewall Script]
10153. Number=1442
10154. Confirmed=X
10155. Filename=CGIAGENT.EXE
10156. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bropiau.html" target=_blank>BROPIA-U</a> WORM!
10157. Source=Paul Collins Startup list
10158.  
10159. [CGServer]
10160. Number=1443
10161. Confirmed=U
10162. Filename=cgserver.exe
10163. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
10164. Source=Paul Collins Startup list
10165.  
10166. [Cgtask Services]
10167. Number=1444
10168. Confirmed=X
10169. Filename=cgtask.exe
10170. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072809-1932-99" target="_blank">LALA.B</a> TROJAN!
10171. Source=Paul Collins Startup list
10172.  
10173. [Cgywin]
10174. Number=1445
10175. Confirmed=X
10176. Filename=cgywin32.exe
10177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaei.html" target=_blank>RBOT-AEI</a> WORM!
10178. Source=Paul Collins Startup list
10179.  
10180. [ChamClock]
10181. Number=1446
10182. Confirmed=U
10183. Filename=ChamClock.exe
10184. Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
10185. Source=Paul Collins Startup list
10186.  
10187. [change-me-now]
10188. Number=1447
10189. Confirmed=X
10190. Filename=msgfix1.exe
10191. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
10192. Source=Paul Collins Startup list
10193.  
10194. [ChangeICON]
10195. Number=1448
10196. Confirmed=U
10197. Filename=SPMSMON.EXE
10198. Description=Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
10199. Source=Paul Collins Startup list
10200.  
10201. [ChangeLines]
10202. Number=1449
10203. Confirmed=?
10204. Filename=chngline.exe
10205. Description=<font color="#FF0000">??</font>
10206. Source=Paul Collins Startup list
10207.  
10208. [Chatango]
10209. Number=1450
10210. Confirmed=N
10211. Filename=Chatango.exe
10212. Description=<a href="http://www.chatango.com/" target=_blank>Chatango</a> - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
10213. Source=Paul Collins Startup list
10214.  
10215. [Chcenter]
10216. Number=1451
10217. Confirmed=N
10218. Filename=chcenter.exe
10219. Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
10220. Source=Paul Collins Startup list
10221.  
10222. [Chckup]
10223. Number=1452
10224. Confirmed=X
10225. Filename=Netverchk.exe
10226. Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=e7ee46377171http://fileinfo.prevx.com/fileinfo.asp?PXC=e7ee46377171" target="_blank">Covert Sys Exec</a> malware variant
10227. Source=Paul Collins Startup list
10228.  
10229. [che32]
10230. Number=1453
10231. Confirmed=X
10232. Filename=che.ocx.vbs
10233. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97adenub.html" target=_blank>ADENU-B</a> VIRUS!
10234. Source=Paul Collins Startup list
10235.  
10236. [Cheatle]
10237. Number=1454
10238. Confirmed=X
10239. Filename=GigaByte.exe
10240. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042012-2931-99" target="_blank">SHODI.B</a> VIRUS!
10241. Source=Paul Collins Startup list
10242.  
10243. [Check]
10244. Number=1455
10245. Confirmed=X
10246. Filename=Check.exe
10247. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdrn.html" target="_blank">VB-DRN</a> WORM!
10248. Source=Paul Collins Startup list
10249.  
10250. [Check for One Touch Update]
10251. Number=1456
10252. Confirmed=N
10253. Filename=wiseupdt.exe
10254. Description=Checks for updates for Visioneer OneTouch scanners
10255. Source=Paul Collins Startup list
10256.  
10257. [Check for TWS Updates]
10258. Number=1457
10259. Confirmed=N
10260. Filename=WiseUpdt.exe
10261. Description=Interactive Brokers - check for update to their standalone Java-based trading platform
10262. Source=Paul Collins Startup list
10263.  
10264. [Check Messenger]
10265. Number=1458
10266. Confirmed=U
10267. Filename=cmesseng.exe
10268. Description=Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness
10269. Source=Paul Collins Startup list
10270.  
10271. [CheckCustomWorksUpdate]
10272. Number=1459
10273. Confirmed=N
10274. Filename=CheckCWupdate.exe
10275. Description=Update checker, part of <a href="http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW" target=_blank>CustomWorks</a> - "customize any embroidery designs to design your own unique creations"
10276. Source=Paul Collins Startup list
10277.  
10278. [Checkdisk]
10279. Number=1460
10280. Confirmed=X
10281. Filename=mscas.exe
10282. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvagona.html" target=_blank>VAGON-A</a> TROJAN!
10283. Source=Paul Collins Startup list
10284.  
10285. [CheckFaultKernel]
10286. Number=1461
10287. Confirmed=X
10288. Filename=mswdm.exe
10289. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallcsk.html" target="_blank">SMALL-CSK</a> TROJAN!
10290. Source=Paul Collins Startup list
10291.  
10292. [CheckIt]
10293. Number=1462
10294. Confirmed=U
10295. Filename=ToolBox.exe
10296. Description=CheckIt Toolbox from <a href="http://cssvc.pcworld.compuserve.com/computing/cis/article/0,aid,15497,00.asp" target="_blank">WinCheckIt Diagnostic Software</a>. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
10297. Source=Paul Collins Startup list
10298.  
10299. [CheckIt 86]
10300. Number=1463
10301. Confirmed=U
10302. Filename=CheckIt86.exe
10303. Description=<a href="http://www.smithmicro.com/default.tpl?group=product_full&sku=C86WINEE" target=_blank>CheckIt 86</a> popup blocker
10304. Source=Paul Collins Startup list
10305.  
10306. [CheckMsgPlus]
10307. Number=1464
10308. Confirmed=Y
10309. Filename=MsgPlusH.dll, VerifyInstallation
10310. Description=Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see <a href="http://www.patchou.com/msgplus/faq.htm#stopconnect" target="_blank">here</a> for more info.
10311. Source=Paul Collins Startup list
10312.  
10313. [checkrun]
10314. Number=1465
10315. Confirmed=X
10316. Filename=elite***32.exe [* = random char]
10317. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
10318.  
10319. Source=Paul Collins Startup list
10320.  
10321. [checkrun]
10322. Number=1466
10323. Confirmed=X
10324. Filename=elitelsj32.exe
10325. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrer.html" target=_blank>MULTIDR-ER</a> TROJAN!
10326. Source=Paul Collins Startup list
10327.  
10328. [CheckScan32]
10329. Number=1467
10330. Confirmed=X
10331. Filename=regload16.exe
10332. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AEBOT.K&VSect=P" target=_blank>AEBOT.K</a> WORM!
10333. Source=Paul Collins Startup list
10334.  
10335. [checktime]
10336. Number=1468
10337. Confirmed=?
10338. Filename=ct.exe
10339. Description=<font color="#FF0000">Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?</font>
10340. Source=Paul Collins Startup list
10341.  
10342. [CheckVCR]
10343. Number=1469
10344. Confirmed=Y
10345. Filename=IOMagic.exe
10346. Description=Driver for the <a href="http://www.iomagic.com/" target=_blank>I/OMagic</a> Personal Video Recorder (DR-PCTV100)
10347. Source=Paul Collins Startup list
10348.  
10349. [CherryKeyMan]
10350. Number=1470
10351. Confirmed=U
10352. Filename=KeyMan.exe
10353. Description=Multimedia keyboard manager for the <a href="http://www.cherrycorp.com/index.htm" target="_blank">Cherry</a> keyboard series. Only required if you use any of the special keys
10354. Source=Paul Collins Startup list
10355.  
10356. [china11msn]
10357. Number=1471
10358. Confirmed=X
10359. Filename=CHINA11MSN.EXE
10360. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-2341-99" target=_blank>ENVID.O</a> WORM!
10361. Source=Paul Collins Startup list
10362.  
10363. [ChineseStar]
10364. Number=1472
10365. Confirmed=U
10366. Filename=cstar.exe
10367. Description=Chinese language support software
10368. Source=Paul Collins Startup list
10369.  
10370. [CHIPDRIVEPinManager]
10371. Number=1473
10372. Confirmed=U
10373. Filename=sokscmpn.exe
10374. Description=<a href="http://www.chipdrive.de/cgi-bin/edcstore.cgi" target=_blank>ChipDrive</a> Smartcard software
10375. Source=Paul Collins Startup list
10376.  
10377. [CHIPDRIVESmartcardManager]
10378. Number=1474
10379. Confirmed=U
10380. Filename=SCMgr.exe
10381. Description=<a href="http://www.chipdrive.de/cgi-bin/edcstore.cgi" target=_blank>ChipDrive</a> Smartcard software
10382. Source=Paul Collins Startup list
10383.  
10384. [CHKADMIN]
10385. Number=1475
10386. Confirmed=N
10387. Filename=CHKADMIN.EXE
10388. Description=Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
10389. Source=Paul Collins Startup list
10390.  
10391. [chkdsk]
10392. Number=1476
10393. Confirmed=X
10394. Filename=autoexec.bat
10395. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
10396. Source=Paul Collins Startup list
10397.  
10398. [Choke]
10399. Number=1477
10400. Confirmed=X
10401. Filename=Choke.exe-blahh
10402. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-060615-3930-99" target="_blank">CHOKE</a> WORM!
10403. Source=Paul Collins Startup list
10404.  
10405. [chope]
10406. Number=1478
10407. Confirmed=X
10408. Filename=runlli32.exe
10409. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
10410. Source=Paul Collins Startup list
10411.  
10412. [chostsv]
10413. Number=1479
10414. Confirmed=X
10415. Filename=chostsv.exe
10416. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030518-3634-99" target="_blank">BANPAES.C</a> TROJAN!
10417. Source=Paul Collins Startup list
10418.  
10419. [CHotKey]
10420. Number=1480
10421. Confirmed=U
10422. Filename=mhotkey.exe
10423. Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
10424. Source=Paul Collins Startup list
10425.  
10426. [CHotKey]
10427. Number=1481
10428. Confirmed=U
10429. Filename=MK9805.EXE
10430. Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
10431. Source=Paul Collins Startup list
10432.  
10433. [CHotKey]
10434. Number=1482
10435. Confirmed=U
10436. Filename=zHotkey.exe
10437. Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
10438. Source=Paul Collins Startup list
10439.  
10440. [Christmas Music Player]
10441. Number=1483
10442. Confirmed=N
10443. Filename=TTEST6.EXE
10444. Description=<I>"</I>Christmas Music Player<I> </I>brings the music of the Christmas Holiday to your desktop"
10445. Source=Paul Collins Startup list
10446.  
10447. [ChromeMark]
10448. Number=1484
10449. Confirmed=?
10450. Filename=keysh.exe
10451. Description=<font color="#FF0000">Related to <a href="http://chromium.com/chromemark.html" target="_blank">this</a>. Don't know what keysh.exe does though and if it's required</font>
10452. Source=Paul Collins Startup list
10453.  
10454. [ChronitelInitTV]
10455. Number=1485
10456. Confirmed=?
10457. Filename=CHTVINIT.EXE
10458. Description=<font color="#FF0000">??</font>
10459. Source=Paul Collins Startup list
10460.  
10461. [chrono]
10462. Number=1486
10463. Confirmed=U
10464. Filename=chrono.exe
10465. Description=<a href=http://www.altrixsoft.com/en/chrono/" target="_blank">Chronograph</a> is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over
10466. Source=Paul Collins Startup list
10467.  
10468. [CiaBackdoor]
10469. Number=1487
10470. Confirmed=X
10471. Filename=msldr.com
10472. Description=Added by a VIRUS!
10473. Source=Paul Collins Startup list
10474.  
10475. [cihost.exe]
10476. Number=1488
10477. Confirmed=X
10478. Filename=cihost.exe
10479. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3320-99" target="_blank">LINST</a> TROJAN!
10480. Source=Paul Collins Startup list
10481.  
10482. [CIJxP2PSERVER]
10483. Number=1489
10484. Confirmed=N
10485. Filename=CIJxP2PS.EXE
10486. Description=Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
10487. Source=Paul Collins Startup list
10488.  
10489. [Cisco Systems VPN Client]
10490. Number=1490
10491. Confirmed=U
10492. Filename=ipsecdialer.exe
10493. Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
10494. Source=Paul Collins Startup list
10495.  
10496. [Cisco Systems VPN Client]
10497. Number=1491
10498. Confirmed=N
10499. Filename=vpngui.exe
10500. Description=Sets up IPSec communications for Cisco's <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a>
10501. Source=Paul Collins Startup list
10502.  
10503. [CISrvr Program]
10504. Number=1492
10505. Confirmed=N
10506. Filename=CISRVR.EXE
10507. Description=Related to internet setup on Compaq PC's
10508. Source=Paul Collins Startup list
10509.  
10510. [Cissi]
10511. Number=1493
10512. Confirmed=X
10513. Filename=Cissi.exe
10514. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122215-2226-99" target="_blank">CISSI.A</a> WORM!
10515. Source=Paul Collins Startup list
10516.  
10517. [CitiUCS]
10518. Number=1494
10519. Confirmed=U
10520. Filename=CitiUCS.exe
10521. Description=Citibank <a href="http://www.citibank.com/us/cards/tour/cb/shp_van.htm" target=_blank>Virtual Account Numbers</a> - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"
10522. Source=Paul Collins Startup list
10523.  
10524. [CitiVAN]
10525. Number=1495
10526. Confirmed=N
10527. Filename=CitiVAN.exe
10528. Description=Option from <a href="http://www.citibank.com/us/d.htm" target="_blank">Citibank</a> to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
10529. Source=Paul Collins Startup list
10530.  
10531. [CJET]
10532. Number=1496
10533. Confirmed=X
10534. Filename=CJet.exe
10535. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
10536. Source=Paul Collins Startup list
10537.  
10538. [Cjstcom]
10539. Number=1497
10540. Confirmed=Y
10541. Filename=Cjstcom.exe
10542. Description=Canon printer BJ status language monitor
10543. Source=Paul Collins Startup list
10544.  
10545. [ClamWin]
10546. Number=1498
10547. Confirmed=Y
10548. Filename=ClamTray.exe
10549. Description=<a href="http://www.clamwin.com/" target=_blank>ClamWin</a> antivirus
10550. Source=Paul Collins Startup list
10551.  
10552. [Classes]
10553. Number=1499
10554. Confirmed=X
10555. Filename=int1.exe
10556. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10557. Source=Paul Collins Startup list
10558.  
10559. [Classes]
10560. Number=1500
10561. Confirmed=X
10562. Filename=intl.exe
10563. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10564. Source=Paul Collins Startup list
10565.  
10566. [Classes]
10567. Number=1501
10568. Confirmed=X
10569. Filename=run_21.exe
10570. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10571. Source=Paul Collins Startup list
10572.  
10573. [Classes]
10574. Number=1502
10575. Confirmed=X
10576. Filename=srv.exe
10577. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10578. Source=Paul Collins Startup list
10579.  
10580. [Classes]
10581. Number=1503
10582. Confirmed=X
10583. Filename=srv2.exe
10584. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10585. Source=Paul Collins Startup list
10586.  
10587. [Classes]
10588. Number=1504
10589. Confirmed=X
10590. Filename=MSTAR2.EXE
10591. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10592.  
10593. Source=Paul Collins Startup list
10594.  
10595. [Classes]
10596. Number=1505
10597. Confirmed=X
10598. Filename=mstart.exe
10599. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
10600.  
10601. Source=Paul Collins Startup list
10602.  
10603. [clcbt.exe]
10604. Number=1506
10605. Confirmed=X
10606. Filename=clcbt.exe
10607. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcba.html" target="_blank">AGENT.CBA</a> TROJAN!
10608. Source=Paul Collins Startup list
10609.  
10610. [CLCLSet]
10611. Number=1507
10612. Confirmed=U
10613. Filename=CLCL.exe
10614. Description=CLCL clipboard caching utility
10615. Source=Paul Collins Startup list
10616.  
10617. [CleanEasyImg]
10618. Number=1508
10619. Confirmed=?
10620. Filename=cleanall.exe
10621. Description=<font color="#FF0000">??</font>
10622. Source=Paul Collins Startup list
10623.  
10624. [CleanRegPath]
10625. Number=1509
10626. Confirmed=?
10627. Filename=CleanReg.exe
10628. Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
10629. Source=Paul Collins Startup list
10630.  
10631. [CleanSweep Smart Sweep- Internet Sweep]
10632. Number=1510
10633. Confirmed=U
10634. Filename=Csinsm32.exe
10635. Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
10636. Source=Paul Collins Startup list
10637.  
10638. [CleanSweep Useage Watch]
10639. Number=1511
10640. Confirmed=N
10641. Filename=CSUSEM32.EXE
10642. Description=Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
10643. Source=Paul Collins Startup list
10644.  
10645. [CleanTemp]
10646. Number=1512
10647. Confirmed=U
10648. Filename=CLEANT~1.EXEB
10649. Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
10650. Source=Paul Collins Startup list
10651.  
10652. [CleanTemp]
10653. Number=1513
10654. Confirmed=U
10655. Filename=CleanTemp.exe
10656. Description=<a href="http://www.html2exe.com/mnu/dl/dl.shtml#free" target="_blank">CleanTemp</a> - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
10657. Source=Paul Collins Startup list
10658.  
10659. [Cleanup]
10660. Number=1514
10661. Confirmed=N
10662. Filename=ONICTASK.EXE
10663. Description=<a href="http://www.allume.com/mac/cleanup/index.html" target="_blank">Internet Cleanup</a> from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
10664. Source=Paul Collins Startup list
10665.  
10666. [CleanUp]
10667. Number=1515
10668. Confirmed=Y
10669. Filename=mcappins.exe
10670. Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
10671. Source=Paul Collins Startup list
10672.  
10673. [CleanupProgram]
10674. Number=1516
10675. Confirmed=?
10676. Filename=cleanup.exe
10677. Description=<font color="#FF0000">In a C:\Sony\sys folder - Sony Vaio related?</font>
10678. Source=Paul Collins Startup list
10679.  
10680. [clean_service]
10681. Number=1517
10682. Confirmed=X
10683. Filename=clean_service.cmd
10684. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022711-2043-99" target=_blank>REFAZ</a> WORM!
10685. Source=Paul Collins Startup list
10686.  
10687. [clfmon]
10688. Number=1518
10689. Confirmed=X
10690. Filename=clfmon.exe
10691. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
10692. Source=Paul Collins Startup list
10693.  
10694. [clfmon]
10695. Number=1519
10696. Confirmed=X
10697. Filename=nvsvca32.exe
10698. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
10699. Source=Paul Collins Startup list
10700.  
10701. [clfmon.exe]
10702. Number=1520
10703. Confirmed=X
10704. Filename=clfmon.exe
10705. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbj.html" target=_blank>AGENT-BJ</a> TROJAN!
10706. Source=Paul Collins Startup list
10707.  
10708. [Click Radio Tuner]
10709. Number=1521
10710. Confirmed=N
10711. Filename=clickr~1.exe
10712. Description=<a href="http://www.clickmusic.com/radio/" target="_blank">ClickRadio</a> - subscription service playing radio music via the internet
10713. Source=Paul Collins Startup list
10714.  
10715. [Click Tray Calendar]
10716. Number=1522
10717. Confirmed=N
10718. Filename=ClickT~1.EXE
10719. Description=<a href="http://www.waseo.de/articles.php?lng=en&pg=34" target="_blank">ClickTray Calendar</a> - shows holidays, reminders of various anniversaries,tasks etc
10720. Source=Paul Collins Startup list
10721.  
10722. [ClickMe]
10723. Number=1523
10724. Confirmed=N
10725. Filename=ClickMe.exe
10726. Description=<a href="http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A" target=_blank>ClickM</a> "JOKE" program
10727. Source=Paul Collins Startup list
10728.  
10729. [Clickoff]
10730. Number=1524
10731. Confirmed=U
10732. Filename=Clickoff.exe
10733. Description=<a href="http://www.johanneshuebner.com/en/clickoff.shtml" target="_blank">Clickoff</a> automatically dismisses annoying dialog boxes
10734. Source=Paul Collins Startup list
10735.  
10736. [ClickTheButton]
10737. Number=1525
10738. Confirmed=X
10739. Filename=CTB.EXE
10740. Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
10741. Source=Paul Collins Startup list
10742.  
10743. [ClickTheButton]
10744. Number=1526
10745. Confirmed=X
10746. Filename=csrss.exe
10747. Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target=_blank>Downloader-MY</a> adware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which should not normally figure in Msconfig/Startup!
10748. Source=Paul Collins Startup list
10749.  
10750. [ClickTheButton]
10751. Number=1527
10752. Confirmed=X
10753. Filename=MSCStat.exe
10754. Description=ClickTheButton <a href="http://vil.nai.com/vil/content/v_126801.htm" target="_blank">Downloader-MY</a> adware
10755. Source=Paul Collins Startup list
10756.  
10757. [CLICONFG]
10758. Number=1528
10759. Confirmed=X
10760. Filename=CLICONFG.EXE
10761. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
10762. Source=Paul Collins Startup list
10763.  
10764. [Client Access API Daemon]
10765. Number=1529
10766. Confirmed=U
10767. Filename=cwbappcd.exe
10768. Description=IBM iSeries Client Access, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
10769. Source=Paul Collins Startup list
10770.  
10771. [Client Access Check Version]
10772. Number=1530
10773. Confirmed=N
10774. Filename=cwbckver.exe
10775. Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
10776. Source=Paul Collins Startup list
10777.  
10778. [Client Access Express Welcome]
10779. Number=1531
10780. Confirmed=?
10781. Filename=cwbwlwiz.exe
10782. Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
10783. Source=Paul Collins Startup list
10784.  
10785. [Client Access Help Update]
10786. Number=1532
10787. Confirmed=N
10788. Filename=cwbinhlp.exe
10789. Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
10790. Source=Paul Collins Startup list
10791.  
10792. [Client Access Service]
10793. Number=1533
10794. Confirmed=N
10795. Filename=CwbSvStr.Exe
10796. Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
10797. Source=Paul Collins Startup list
10798.  
10799. [Client Access Taskbar]
10800. Number=1534
10801. Confirmed=U
10802. Filename=cwbuitsk.exe
10803. Description=IBM iSeries Client Access taskbar, see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target=_blank>here</a>
10804. Source=Paul Collins Startup list
10805.  
10806. [Client Agent]
10807. Number=1535
10808. Confirmed=X
10809. Filename=ipxwping.exe
10810. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorn.html" target=_blank>PPDOOR-N</a> TROJAN!
10811. Source=Paul Collins Startup list
10812.  
10813. [Client Agent]
10814. Number=1536
10815. Confirmed=X
10816. Filename=photes.exe
10817. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorp.html" target=_blank>PPDOOR-P</a> TROJAN!
10818. Source=Paul Collins Startup list
10819.  
10820. [Client Agent]
10821. Number=1537
10822. Confirmed=X
10823. Filename=[path to file]
10824. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoorj.html" target="_blank">PPDOOR-J</a> TROJAN!
10825. Source=Paul Collins Startup list
10826.  
10827. [Client agent for ARCserve]
10828. Number=1538
10829. Confirmed=?
10830. Filename=W95AGENT.EXE
10831. Description=Part of <a href="http://www3.ca.com/Solutions/ProductFamily.asp?ID=115" target="_blank">Brightstor ARCserve Backup</a> from Computer Associates. <font color="#FF0000">What does it do and is it required?</font>
10832. Source=Paul Collins Startup list
10833.  
10834. [Client for Microsoft Networks]
10835. Number=1539
10836. Confirmed=X
10837. Filename=msclient32.exe
10838. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbxq.html" target=_blank>SDBOT-BXQ</a> WORM!
10839. Source=Paul Collins Startup list
10840.  
10841. [Client Server Control Process]
10842. Number=1540
10843. Confirmed=X
10844. Filename=[path to trojan]
10845. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthr.html" target=_blank>AGENT-HR</a> TROJAN! 
10846. Source=Paul Collins Startup list
10847.  
10848. [Client Server Run Time Proccess]
10849. Number=1541
10850. Confirmed=X
10851. Filename=csrsrv.exe
10852. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
10853. Source=Paul Collins Startup list
10854.  
10855. [Client Server Runtime]
10856. Number=1542
10857. Confirmed=X
10858. Filename=[path to worm]
10859. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotkr.html" target="_blank">POEBOT-KR</a> WORM!
10860. Source=Paul Collins Startup list
10861.  
10862. [Client Server Runtime Process]
10863. Number=1543
10864. Confirmed=X
10865. Filename=csrsss.exe
10866. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotld.html" target=_blank>SDBOT-LD</a> WORM!
10867. Source=Paul Collins Startup list
10868.  
10869. [Client Server Runtime Process]
10870. Number=1544
10871. Confirmed=X
10872. Filename=csrs.exe
10873. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
10874. Source=Paul Collins Startup list
10875.  
10876. [Client Server Runtime Process]
10877. Number=1545
10878. Confirmed=X
10879. Filename=smmss.exe
10880. Description=Backdoor TROJAN! Possible <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotgen.html" target=_blank>SDBOT-GEN</a> variant
10881. Source=Paul Collins Startup list
10882.  
10883. [Client Update]
10884. Number=1546
10885. Confirmed=X
10886. Filename=wup.exe
10887. Description=Added by a variant of the <a href="http://www.sophos.com.au/virusinfo/analyses/w32opankia.html" target=_blank>OPANKI-A</a> WORM!
10888. Source=Paul Collins Startup list
10889.  
10890. [ClientMan1]
10891. Number=1547
10892. Confirmed=X
10893. Filename=mscman.exe
10894. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
10895.  
10896. Source=Paul Collins Startup list
10897.  
10898. [Clik Status Monitor]
10899. Number=1548
10900. Confirmed=N
10901. Filename=toolsclickstat.exe
10902. Description=Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
10903. Source=Paul Collins Startup list
10904.  
10905. [clipboard.exe]
10906. Number=1549
10907. Confirmed=X
10908. Filename=clipboard.exe
10909. Description=Added by an unidentified WORM or TROJAN!
10910. Source=Paul Collins Startup list
10911.  
10912. [Clipbook Service]
10913. Number=1550
10914. Confirmed=N
10915. Filename=Clipsrv.exe
10916. Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
10917. Source=Paul Collins Startup list
10918.  
10919. [ClipMate5x]
10920. Number=1551
10921. Confirmed=N
10922. Filename=ClipMt5x.exe
10923. Description=<a href="http://www.thornsoft.com/ProductOverview.asp" target="_blank">Clip Mate 5.x</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
10924. Source=Paul Collins Startup list
10925.  
10926. [Clipmate6]
10927. Number=1552
10928. Confirmed=N
10929. Filename=CLIPMT60.EXE
10930. Description=<a href="http://www.thornsoft.com/new_60.htm" target="_blank">Clip Mate 6</a> by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
10931. Source=Paul Collins Startup list
10932.  
10933. [ClipMate7]
10934. Number=1553
10935. Confirmed=N
10936. Filename=ClipMate.exe
10937. Description=<a href="http://www.thornsoft.com/" target=_blank>Clip Mate 7</a> by Thornsoft - utility that allows you to store more than one item in the clipboard
10938.  
10939. Source=Paul Collins Startup list
10940.  
10941. [Clipomatic]
10942. Number=1554
10943. Confirmed=N
10944. Filename=Clipomatic.exe
10945. Description=Mike Lin's <a href="http://www.mlin.net/Clipomatic.shtml" target="_blank">Clipomatic</a> is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
10946. Source=Paul Collins Startup list
10947.  
10948. [Clipsrv]
10949. Number=1555
10950. Confirmed=N
10951. Filename=Clipsrv.exe
10952. Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
10953. Source=Paul Collins Startup list
10954.  
10955. [ClipSrv]
10956. Number=1556
10957. Confirmed=X
10958. Filename=clipserv.exe
10959. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaav.html" target=_blank>SDBOT-AAV</a> and <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html" target=_blank>SDBOT-AFE</a> WORMS!
10960. Source=Paul Collins Startup list
10961.  
10962. [ClipSrv]
10963. Number=1557
10964. Confirmed=X
10965. Filename=CLIPBRD3D.EXE
10966. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mofeid.html" target=_blank>MOFEI-D</a> WORM!
10967. Source=Paul Collins Startup list
10968.  
10969. [ClipTrak]
10970. Number=1558
10971. Confirmed=N
10972. Filename=ClipTrak.exe
10973. Description=<a href="http://www.pcmag.com/article2/0,4149,114185,00.asp" target="_blank">ClipTrak</a> - clipboard extender
10974. Source=Paul Collins Startup list
10975.  
10976. [ClipTrakker]
10977. Number=1559
10978. Confirmed=N
10979. Filename=ClipTrakker.exe
10980. Description=<a href="http://www.cliptrakker.com/" target="_blank">Cliptrakker</a> - clipboard extender
10981. Source=Paul Collins Startup list
10982.  
10983. [CLISTART]
10984. Number=1560
10985. Confirmed=N
10986. Filename=CLIStart.exe
10987. Description=Puts the ATI CatalystÖ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
10988. Source=Paul Collins Startup list
10989.  
10990. [CLMFrontPanel]
10991. Number=1561
10992. Confirmed=U
10993. Filename=clmpanel.exe
10994. Description=System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
10995. Source=Paul Collins Startup list
10996.  
10997. [clnwall]
10998. Number=1562
10999. Confirmed=?
11000. Filename=rundll.exe setupx.dll, InstallHinfSection ..delwall.inf
11001. Description=<font color="#FF0000">??</font>
11002. Source=Paul Collins Startup list
11003.  
11004. [clock]
11005. Number=1563
11006. Confirmed=X
11007. Filename=[various filenames]
11008. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111715-1438-99" target=_blank>LiveChat</a> Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe
11009. Source=Paul Collins Startup list
11010.  
11011. [Clock Manager]
11012. Number=1564
11013. Confirmed=X
11014. Filename=amsngr.exe
11015. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html" target= blank>SDBOT-XM</a> TROJAN!
11016. Source=Paul Collins Startup list
11017.  
11018. [ClockSync]
11019. Number=1565
11020. Confirmed=X
11021. Filename=Sync.exe
11022. Description=<a href="http://www.clock-sync.com/" target="_blank">ClockSync</a> - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
11023. Source=Paul Collins Startup list
11024.  
11025. [ClockWise]
11026. Number=1566
11027. Confirmed=U
11028. Filename=CLOCKWISE.EXE
11029. Description=<a href="http://www.rjsoftware.com/ClockWise/" target="_blank">ClockWise</a> - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
11030. Source=Paul Collins Startup list
11031.  
11032. [ClocX]
11033. Number=1567
11034. Confirmed=U
11035. Filename=ClocX.exe
11036. Description=<a href="http://clocx.php5.cz/" target="_blank">ClocX</a> - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etcà
11037. Source=Paul Collins Startup list
11038.  
11039. [CloneCD]
11040. Number=1568
11041. Confirmed=U
11042. Filename=CloneCDTray.exe
11043. Description=System tray for the now discontinued <a href="http://www.elby.org/products/clone_cd/index.html" target="_blank">CloneCD</a>. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
11044. Source=Paul Collins Startup list
11045.  
11046. [CloneCDElbyCDFL]
11047. Number=1569
11048. Confirmed=U
11049. Filename=ElbyCheck.exe
11050. Description=From <a href="http://www.elby.org/" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
11051. Source=Paul Collins Startup list
11052.  
11053. [CloneCDTray]
11054. Number=1570
11055. Confirmed=U
11056. Filename=CloneCDTray.exe
11057. Description=System tray for the now discontinued <a href="http://www.elby.org/products/clone_cd/index.html" target="_blank">CloneCD</a>. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
11058. Source=Paul Collins Startup list
11059.  
11060. [Clotusorgreg0]
11061. Number=1571
11062. Confirmed=?
11063. Filename=prtStart.exe Orgprt.exe
11064. Description=IBM Lotus <a href="http://www-142.ibm.com/software/sw-lotus/products/product2.nsf/wdocs/sshome" target="_blank">SmartSuite</a> related. In a LotusOrgReg folder. <font color="#FF0000"> Unclear what exactly it does?</font>
11065. Source=Paul Collins Startup list
11066.  
11067. [Clre]
11068. Number=1572
11069. Confirmed=X
11070. Filename=mmdc.exe
11071. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanai.html" target=_blank>PURSCAN-AI</a> TROJAN!
11072. Source=Paul Collins Startup list
11073.  
11074. [ClrSchLoader]
11075. Number=1573
11076. Confirmed=X
11077. Filename=[path to file]
11078. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
11079. Source=Paul Collins Startup list
11080.  
11081. [CLSID]
11082. Number=1574
11083. Confirmed=X
11084. Filename=com.exe
11085. Description=Adult content dialler
11086. Source=Paul Collins Startup list
11087.  
11088. [CLSID]
11089. Number=1575
11090. Confirmed=X
11091. Filename=dll.exe
11092. Description=Adult content dialler
11093. Source=Paul Collins Startup list
11094.  
11095. [CLSID]
11096. Number=1576
11097. Confirmed=X
11098. Filename=msgplus.exe
11099. Description=Adult content dialler
11100. Source=Paul Collins Startup list
11101.  
11102. [CLSID]
11103. Number=1577
11104. Confirmed=X
11105. Filename=plugin.exe
11106. Description=Adult content dialler
11107. Source=Paul Collins Startup list
11108.  
11109. [CLSID]
11110. Number=1578
11111. Confirmed=X
11112. Filename=sed.exe
11113. Description=Adult content dialler
11114. Source=Paul Collins Startup list
11115.  
11116. [CLSID]
11117. Number=1579
11118. Confirmed=X
11119. Filename=msgplus.exe
11120. Description=Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
11121.  
11122. Source=Paul Collins Startup list
11123.  
11124. [CLSRSS]
11125. Number=1580
11126. Confirmed=X
11127. Filename=LSACS.EXE
11128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcx.html" target="_blank">SILLYFDC-X</a> WORM!
11129. Source=Paul Collins Startup list
11130.  
11131. [CM-SmWizard]
11132. Number=1581
11133. Confirmed=?
11134. Filename=SmWizard.exe
11135. Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
11136. Source=Paul Collins Startup list
11137.  
11138. [cma]
11139. Number=1582
11140. Confirmed=U
11141. Filename=cma.exe
11142. Description=DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
11143. Source=Paul Collins Startup list
11144.  
11145. [CMAPP]
11146. Number=1583
11147. Confirmed=X
11148. Filename=cmappclient.exe
11149. Description=CasClient adware - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
11150. Source=Paul Collins Startup list
11151.  
11152. [Cmaudio]
11153. Number=1584
11154. Confirmed=N
11155. Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
11156. Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
11157. Source=Paul Collins Startup list
11158.  
11159. [Cmd]
11160. Number=1585
11161. Confirmed=X
11162. Filename=cmd32.exe
11163. Description=Added by the <a href="http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm" target="_blank">TANKED</a> WORM!
11164. Source=Paul Collins Startup list
11165.  
11166. [cmd32]
11167. Number=1586
11168. Confirmed=X
11169. Filename=configs.exe
11170. Description=Hijacker, also detected as the <a href="http://vil.nai.com/vil/content/v_126408.htm" target="_blank">QURL-2</a> TROJAN!
11171. Source=Paul Collins Startup list
11172.  
11173. [cmdbcs]
11174. Number=1587
11175. Confirmed=X
11176. Filename=cmdbcs.exe
11177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineaggkw.html" target="_blank">LINEAG-GKW</a> TROJAN!
11178. Source=Paul Collins Startup list
11179.  
11180. [cmdcon]
11181. Number=1588
11182. Confirmed=X
11183. Filename=cmdcon.exe
11184. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
11185. Source=Paul Collins Startup list
11186.  
11187. [CME]
11188. Number=1589
11189. Confirmed=X
11190. Filename=cme.exe
11191. Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
11192. Source=Paul Collins Startup list
11193.  
11194. [CmeSYS]
11195. Number=1590
11196. Confirmed=X
11197. Filename=CMEsys.exe
11198. Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
11199. Source=Paul Collins Startup list
11200.  
11201. [CmeUPD]
11202. Number=1591
11203. Confirmed=X
11204. Filename=CMEupd.exe
11205. Description=Part of <a href="http://www.thiefware.com/info/data.gator.shtml" target="_blank">Gator</a> advertising spyware - see <a href="http://www.pchell.com/support/gator.shtml" target="_blank">here</a> for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
11206. Source=Paul Collins Startup list
11207.  
11208. [CMFibula]
11209. Number=1592
11210. Confirmed=X
11211. Filename=CMFibula.exe
11212. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
11213. Source=Paul Collins Startup list
11214.  
11215. [CmFlywaveName]
11216. Number=1593
11217. Confirmed=N
11218. Filename=CmFlywav.exe
11219. Description=Driver for Linksys <a href="http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1137451822026&pagename=Linksys%2FCommon%2FVisitorWrapper" target=_blank>Wireless-G Music Bridge</a>
11220.  
11221. Source=Paul Collins Startup list
11222.  
11223. [CMGrdian]
11224. Number=1594
11225. Confirmed=?
11226. Filename=CMGrdian.exe
11227. Description=One of the McAfee shared components. <font color="#FF0000"> What does it do and is it required?</font>
11228. Source=Paul Collins Startup list
11229.  
11230. [CMMan]
11231. Number=1595
11232. Confirmed=X
11233. Filename=CMMan.exe
11234. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
11235. Source=Paul Collins Startup list
11236.  
11237. [Cmmon32Sys]
11238. Number=1596
11239. Confirmed=X
11240. Filename=cmmon32.exe
11241. Description=Added by the SMALL.CL TROJAN!
11242. Source=Paul Collins Startup list
11243.  
11244. [cmonitor]
11245. Number=1597
11246. Confirmed=N
11247. Filename=startupmon.exe
11248. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
11249. Source=Paul Collins Startup list
11250.  
11251. [CmPCIaudio]
11252. Number=1598
11253. Confirmed=U
11254. Filename=RunDll32 CMICNFG3.CPL, CMICtrlWnd
11255. Description=Registers the Control Panel applet for a C-Media PCI sound card
11256. Source=Paul Collins Startup list
11257.  
11258. [CMPDPSRV]
11259. Number=1599
11260. Confirmed=U
11261. Filename=CMPDPSRV.EXE
11262. Description=Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers
11263. Source=Paul Collins Startup list
11264.  
11265. [Cmpnt]
11266. Number=1600
11267. Confirmed=X
11268. Filename=Devices2.exe
11269. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaid.html" target=_blank>TOMPAI-D</a> TROJAN!
11270. Source=Paul Collins Startup list
11271.  
11272. [Cmpnt]
11273. Number=1601
11274. Confirmed=X
11275. Filename=mainsv.exe
11276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaic.html" target=_blank>TOMPAI-C</a> TROJAN!
11277. Source=Paul Collins Startup list
11278.  
11279. [cmrss]
11280. Number=1602
11281. Confirmed=X
11282. Filename=cmrss.exe
11283. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=TROJ_DELF.DU&highlight=cmrss" target=_blank>DELF.DU</a> TROJAN!
11284. Source=Paul Collins Startup list
11285.  
11286. [cmrss]
11287. Number=1603
11288. Confirmed=X
11289. Filename=crmss.exe
11290. Description=Added by the <a href="http://sophos.com.au/virusinfo/analyses/trojdloaderek.html" target= blank>DLOADER-EK</a> TROJAN!
11291. Source=Paul Collins Startup list
11292.  
11293. [cmrss]
11294. Number=1604
11295. Confirmed=X
11296. Filename=[path to trojan]
11297. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqq.html" target="_blank">DLOADER-QQ</a> TROJAN!
11298. Source=Paul Collins Startup list
11299.  
11300. [cmrst]
11301. Number=1605
11302. Confirmed=X
11303. Filename=cmrst.exe
11304. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032117-2614-99" target=_blank>BANCOS.S</a> TROJAN!
11305. Source=Paul Collins Startup list
11306.  
11307. [cmrst]
11308. Number=1606
11309. Confirmed=X
11310. Filename=cmrst.scr
11311. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfp.html" target=_blank>DLOADER-FP</a> TROJAN!
11312. Source=Paul Collins Startup list
11313.  
11314. [cms]
11315. Number=1607
11316. Confirmed=X
11317. Filename=iserver.exe
11318. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwk.html" target=_blank>DLOADER-WK</a> TROJAN!
11319. Source=Paul Collins Startup list
11320.  
11321. [CMSETTINGS]
11322. Number=1608
11323. Confirmed=U
11324. Filename=ctmn.exe
11325. Description=Part of NetNanny <a href="http://www.pcmag.com/article2/0,1759,1265307,00.asp" target="_blank">Chat Monitor</a>
11326. Source=Paul Collins Startup list
11327.  
11328. [cmsound]
11329. Number=1609
11330. Confirmed=X
11331. Filename=vcpdll.exe
11332. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
11333. Source=Paul Collins Startup list
11334.  
11335. [cmsound]
11336. Number=1610
11337. Confirmed=X
11338. Filename=vcsystem.exe
11339. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedid.html" target=_blank>TCXMEDI-D</a> downloader TROJAN!
11340. Source=Paul Collins Startup list
11341.  
11342. [cmss]
11343. Number=1611
11344. Confirmed=X
11345. Filename=system.exe
11346. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
11347. Source=Paul Collins Startup list
11348.  
11349. [cmssapp]
11350. Number=1612
11351. Confirmed=X
11352. Filename=iexplore_.exe
11353. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancq.html" target=_blank>BANCBAN-CQ</a> TROJAN!
11354. Source=Paul Collins Startup list
11355.  
11356. [cmssapp]
11357. Number=1613
11358. Confirmed=X
11359. Filename=iexplore.exe
11360. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangf.html" target=_blank>BANCBAN-GF</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
11361. Source=Paul Collins Startup list
11362.  
11363. [cmssSystemProcess]
11364. Number=1614
11365. Confirmed=X
11366. Filename=csmss.exe
11367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentco.html" target=_blank>AGENT-CO</a> TROJAN! 
11368.  
11369. Source=Paul Collins Startup list
11370.  
11371. [cmssSystemProcess]
11372. Number=1615
11373. Confirmed=X
11374. Filename=mcsmss.exe
11375. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.EI&VSect=T" target=_blank>AGENT.EI</a> TROJAN!
11376. Source=Paul Collins Startup list
11377.  
11378. [cmssSystemProcess]
11379. Number=1616
11380. Confirmed=X
11381. Filename=csms.exe
11382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenty.html" target= blank>AGENT-Y</a> TROJAN!
11383. Source=Paul Collins Startup list
11384.  
11385. [CMSystem]
11386. Number=1617
11387. Confirmed=X
11388. Filename=CMSystem.exe
11389. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
11390. Source=Paul Collins Startup list
11391.  
11392. [cmt101]
11393. Number=1618
11394. Confirmed=X
11395. Filename=cmt101.exe
11396. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
11397. Source=Paul Collins Startup list
11398.  
11399. [CmUCRRun]
11400. Number=1619
11401. Confirmed=?
11402. Filename=CmUCReye.exe
11403. Description=Related to <a href="http://www.medion.de/" target="_blank">Medion</a> Display Information. <font color="#FF0000">What does it do and is it required?</font>
11404. Source=Paul Collins Startup list
11405.  
11406. [cmx32]
11407. Number=1620
11408. Confirmed=X
11409. Filename=cmx32.exe
11410. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
11411. Source=Paul Collins Startup list
11412.  
11413. [Cn323]
11414. Number=1621
11415. Confirmed=X
11416. Filename=cnfrm33.exe
11417. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110414-0646-99" target=_blank>MIMAIL.G</a> WORM!
11418. Source=Paul Collins Startup list
11419.  
11420. [Cn911]
11421. Number=1622
11422. Confirmed=X
11423. Filename=ODBCJET.exe
11424. Description=Added by the <a href="http://www.sophos.com/security/analyses/trojbifrosepr.html" target="_blank">BIFROSE-PR</a> TROJAN!
11425. Source=Paul Collins Startup list
11426.  
11427. [CNBABE]
11428. Number=1623
11429. Confirmed=X
11430. Filename=CNBABE.EXE
11431. Description=Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
11432. Source=Paul Collins Startup list
11433.  
11434. [cnet]
11435. Number=1624
11436. Confirmed=N
11437. Filename=kontiki.exe
11438. Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
11439. Source=Paul Collins Startup list
11440.  
11441. [Cnfrm32]
11442. Number=1625
11443. Confirmed=X
11444. Filename=cnfrm.exe
11445. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110116-0904-99" target=_blank>MIMAIL.D</a> WORM!
11446. Source=Paul Collins Startup list
11447.  
11448. [CnsMax]
11449. Number=1626
11450. Confirmed=X
11451. Filename=Internat.exe
11452. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041814-0556-99" target="_blank">POINTEX</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
11453. Source=Paul Collins Startup list
11454.  
11455. [CnsMin]
11456. Number=1627
11457. Confirmed=X
11458. Filename=Rundll32.exe CNSMIN.DLL, Rundll32
11459. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
11460. Source=Paul Collins Startup list
11461.  
11462. [CnxAdslL]
11463. Number=1628
11464. Confirmed=Y
11465. Filename=CnxAdslL.exe
11466. Description=DLink, Zoom, or Conexant modem driver
11467. Source=Paul Collins Startup list
11468.  
11469. [CnxDslTaskBar]
11470. Number=1629
11471. Confirmed=N
11472. Filename=CnxDslTb.exe
11473. Description=Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
11474. Source=Paul Collins Startup list
11475.  
11476. [Cobian Backup 8 interface]
11477. Number=1630
11478. Confirmed=U
11479. Filename=cbInterface.exe
11480. Description="<a href="http://sourceforge.net/projects/cobianbackup" target="_blank">Cobian Backup</a> is a backup program that can be executed in 2 ways: as a normal application or as a Windows Service. The program can schedule automatic backups for files and directories locally or to FTP servers and can use compression and encryption"
11481. Source=Paul Collins Startup list
11482.  
11483. [Codename Dashboard]
11484. Number=1631
11485. Confirmed=U
11486. Filename=dashboard.exe
11487. Description=<a href="http://www.downlinx.com/proghtml/415/41557.htm" target="_blank">Codename: Dashboard</a> - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"
11488. Source=Paul Collins Startup list
11489.  
11490. [cof.updit]
11491. Number=1632
11492. Confirmed=X
11493. Filename=[random filename]
11494. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
11495. Source=Paul Collins Startup list
11496.  
11497. [CognizanceTS]
11498. Number=1633
11499. Confirmed=U
11500. Filename=rundll32.exe [path] AsTsVcc.dll, RegisterModule
11501. Description=Cognizance Corp <a href="http://www.cognizancesecurity.com/products/overview.html" target=_blank>Identity And Access Management</a> suite
11502.  
11503. Source=Paul Collins Startup list
11504.  
11505. [Coldlife -icmp]
11506. Number=1634
11507. Confirmed=X
11508. Filename=Systray.exe
11509. Description=Added by the <a href="http://vil.nai.com/vil/content/Print100363.htm" target="_blank">FLOOD.AV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
11510. Source=Paul Collins Startup list
11511.  
11512. [coloreal]
11513. Number=1635
11514. Confirmed=U
11515. Filename=coloreal.exe
11516. Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
11517. Source=Paul Collins Startup list
11518.  
11519. [Colorific Control Panel]
11520. Number=1636
11521. Confirmed=N
11522. Filename=Hgcctl95.exe
11523. Description=From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
11524. Source=Paul Collins Startup list
11525.  
11526. [COM Service]
11527. Number=1637
11528. Confirmed=X
11529. Filename=mscom32.com
11530. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081408-1248-99" target="_blank">BEASTY.H</a> TROJAN!
11531. Source=Paul Collins Startup list
11532.  
11533. [COM Service]
11534. Number=1638
11535. Confirmed=X
11536. Filename=msynvr.com
11537. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073114-1034-99" target="_blank">BEASTY.G</a> TROJAN!
11538. Source=Paul Collins Startup list
11539.  
11540. [COM Service]
11541. Number=1639
11542. Confirmed=X
11543. Filename=msjclh.com
11544. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030615-4253-99" target="_blank">BEASTY.E</a> TROJAN!
11545. Source=Paul Collins Startup list
11546.  
11547. [COM Service]
11548. Number=1640
11549. Confirmed=X
11550. Filename=msdrce.com
11551. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081110-1125-99" target="_blank">BEASTY.I</a> TROJAN!
11552. Source=Paul Collins Startup list
11553.  
11554. [COM Service]
11555. Number=1641
11556. Confirmed=X
11557. Filename=msflyx.com
11558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbeastdoo.html" target=_blank>BEASTDO-O</a> TROJAN!
11559. Source=Paul Collins Startup list
11560.  
11561. [COM+ Event System]
11562. Number=1642
11563. Confirmed=X
11564. Filename=DRWTSN16.EXE
11565. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
11566. Source=Paul Collins Startup list
11567.  
11568. [COM+ EventSystem Services]
11569. Number=1643
11570. Confirmed=X
11571. Filename=ECSERVER.EXE
11572. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
11573. Source=Paul Collins Startup list
11574.  
11575. [Com+ Sys]
11576. Number=1644
11577. Confirmed=X
11578. Filename=csrs.exe
11579. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbt.html" target=_blank>FORBOT-BT</a> WORM!
11580.  
11581. Source=Paul Collins Startup list
11582.  
11583. [COM+ System Applications]
11584. Number=1645
11585. Confirmed=X
11586. Filename=lsas.exe
11587. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE" target=_blank>AGOBOT.SE</a> WORM!
11588. Source=Paul Collins Startup list
11589.  
11590. [COM++ System]
11591. Number=1646
11592. Confirmed=X
11593. Filename=exploier.exe
11594. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
11595. Source=Paul Collins Startup list
11596.  
11597. [COM++ System]
11598. Number=1647
11599. Confirmed=X
11600. Filename=suchost.exe
11601. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
11602. Source=Paul Collins Startup list
11603.  
11604. [COM++ System]
11605. Number=1648
11606. Confirmed=X
11607. Filename=svchost.exe...
11608. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatef.html" target="_blank">LOVGATE</a> WORM!
11609. Source=Paul Collins Startup list
11610.  
11611. [COM-IP]
11612. Number=1649
11613. Confirmed=N
11614. Filename=COMIP.EXE
11615. Description=COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
11616. Source=Paul Collins Startup list
11617.  
11618. [ComAgent]
11619. Number=1650
11620. Confirmed=U
11621. Filename=ComAgent.exe
11622. Description=ComAgent - <a href="http://www.altn.com/products/default.asp?product_id=MDaemon" target=_blank>MDaemon's</a> instant messaging client
11623. Source=Paul Collins Startup list
11624.  
11625. [combo.exe]
11626. Number=1651
11627. Confirmed=X
11628. Filename=combo.exe
11629. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchimoc.html" target=_blank>CHIMO-C</a> TROJAN!
11630. Source=Paul Collins Startup list
11631.  
11632. [combop.exe]
11633. Number=1652
11634. Confirmed=X
11635. Filename=combop.exe
11636. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbowfeeda.html" target=_blank>BOWFEED-A</a> TROJAN!
11637. Source=Paul Collins Startup list
11638.  
11639. [Comcast Network]
11640. Number=1653
11641. Confirmed=X
11642. Filename=ribiva.exe
11643. Description=Added by an <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-3147-99" target= blank>IRC TROJAN</a> variant!
11644. Source=Paul Collins Startup list
11645.  
11646. [ComcastSUPPORT]
11647. Number=1654
11648. Confirmed=X
11649. Filename=tgkill.exe
11650. Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
11651. Source=Paul Collins Startup list
11652.  
11653. [COMCFG]
11654. Number=1655
11655. Confirmed=X
11656. Filename=comcfg.exe
11657. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A" target="_blank">TOADCOM.A</a> TROJAN!
11658. Source=Paul Collins Startup list
11659.  
11660. [comctl32]
11661. Number=1656
11662. Confirmed=X
11663. Filename=comctl32.exe
11664. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Win32.Agent.am
11665. Source=Paul Collins Startup list
11666.  
11667. [COMDRV32]
11668. Number=1657
11669. Confirmed=U
11670. Filename=svdhost.exe
11671. Description=<a href="http://www.protectcom.com/" target="_blank">Orvell Monitoring 2003</a> surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/
11672. Source=Paul Collins Startup list
11673.  
11674. [Comm Driver]
11675. Number=1658
11676. Confirmed=U
11677. Filename=commh32.exe
11678. Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
11679. Source=Paul Collins Startup list
11680.  
11681. [Command]
11682. Number=1659
11683. Confirmed=X
11684. Filename=system.exe
11685. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.A" target="_blank">GATECRASH.A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GATECRASH.B" target="_blank">GATECRASH.B</a> TROJANS!
11686.  
11687. Source=Paul Collins Startup list
11688.  
11689. [Command]
11690. Number=1660
11691. Confirmed=X
11692. Filename=Gotit.exe
11693. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121712-0428-99" target="_blank">TITOG</a> WORM!
11694. Source=Paul Collins Startup list
11695.  
11696. [COMMAND]
11697. Number=1661
11698. Confirmed=X
11699. Filename=command.exe
11700. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
11701. Source=Paul Collins Startup list
11702.  
11703. [command]
11704. Number=1662
11705. Confirmed=X
11706. Filename=javaw.exe
11707. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlg.html" target=_blank>AGOBOT-LG</a> WORM!
11708. Source=Paul Collins Startup list
11709.  
11710. [Command Prompt32]
11711. Number=1663
11712. Confirmed=X
11713. Filename=CmdPrompt32.pif
11714. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
11715. Source=Paul Collins Startup list
11716.  
11717. [command32]
11718. Number=1664
11719. Confirmed=X
11720. Filename=command32.exe
11721. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineadla.html" target=_blank>LINEADI-A</a> TROJAN!
11722. Source=Paul Collins Startup list
11723.  
11724. [CommCtr]
11725. Number=1665
11726. Confirmed=N
11727. Filename=commctr.exe
11728. Description="<a href="http://web.net2phone.com/consumer/commcenter/" target="_blank">Net2Phone CommCenter</a> is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
11729. Source=Paul Collins Startup list
11730.  
11731. [Comodo Firewall]
11732. Number=1666
11733. Confirmed=U
11734. Filename=CPF.exe
11735. Description=<a href="http://www.personalfirewall.comodo.com/" target="_blank">Comodo Firewall</a>
11736. Source=Paul Collins Startup list
11737.  
11738. [CompanionWizard]
11739. Number=1667
11740. Confirmed=N
11741. Filename=compwiz.exe
11742. Description=WinAntiVirus 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
11743. Source=Paul Collins Startup list
11744.  
11745. [Compaq Alerter]
11746. Number=1668
11747. Confirmed=U
11748. Filename=CPQAlert.exe
11749. Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://h18000.www1.hp.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
11750. Source=Paul Collins Startup list
11751.  
11752. [Compaq Computer Corp SCCenter Module]
11753. Number=1669
11754. Confirmed=N
11755. Filename=SCCENTER.EXE
11756. Description=For Compaq PC's. Part of Backweb
11757. Source=Paul Collins Startup list
11758.  
11759. [Compaq Computer Security]
11760. Number=1670
11761. Confirmed=?
11762. Filename=Rundll32.exe SECURE32.CPL, Service
11763. Description=<font color="#FF0000">??</font>
11764. Source=Paul Collins Startup list
11765.  
11766. [Compaq Connections]
11767. Number=1671
11768. Confirmed=N
11769. Filename=COMPAQ~1.EXE
11770. Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"
11771. Source=Paul Collins Startup list
11772.  
11773. [Compaq Connections]
11774. Number=1672
11775. Confirmed=N
11776. Filename=BackWeb-1940576.exe
11777. Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
11778. Source=Paul Collins Startup list
11779.  
11780. [Compaq DMI]
11781. Number=1673
11782. Confirmed=N
11783. Filename=cpqdmi.exe
11784. Description=Compaq version of the Desktop Management Interface
11785. Source=Paul Collins Startup list
11786.  
11787. [Compaq Drivers]
11788. Number=1674
11789. Confirmed=X
11790. Filename=F1rewalls.exe
11791. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html" target= blank>SDBOT-WD</a> WORM!
11792. Source=Paul Collins Startup list
11793.  
11794. [Compaq Internet Setup]
11795. Number=1675
11796. Confirmed=N
11797. Filename=inetwizard.exe
11798. Description=For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
11799. Source=Paul Collins Startup list
11800.  
11801. [Compaq Jes Drivers]
11802. Number=1676
11803. Confirmed=X
11804. Filename=winjes.exe
11805. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxr.html" target= blank>SDBOT-XR</a> WORM!
11806. Source=Paul Collins Startup list
11807.  
11808. [Compaq Knowledge Center]
11809. Number=1677
11810. Confirmed=U
11811. Filename=silent.exe & matcli.exe
11812. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide
11813. Source=Paul Collins Startup list
11814.  
11815. [Compaq Message Server]
11816. Number=1678
11817. Confirmed=N
11818. Filename=COMPAQ-RBA.EXE
11819. Description=Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
11820. Source=Paul Collins Startup list
11821.  
11822. [Compaq PK Daemon]
11823. Number=1679
11824. Confirmed=U
11825. Filename=cpqkl.exe
11826. Description=For Compaq laptops for programming user configurable keys. Not required unless you use them
11827. Source=Paul Collins Startup list
11828.  
11829. [Compaq Print Fax]
11830. Number=1680
11831. Confirmed=X
11832. Filename=cpqa1000.exe
11833. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCV&VSect=T" target=_blank>SDBOT.BCV</a> WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm
11834. Source=Paul Collins Startup list
11835.  
11836. [Compaq Service Drivers]
11837. Number=1681
11838. Confirmed=X
11839. Filename=systeminfos.exe
11840. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxc.html" target=_blank>SDBOT-XC</a> WORM!
11841. Source=Paul Collins Startup list
11842.  
11843. [Compaq Service Drivers]
11844. Number=1682
11845. Confirmed=X
11846. Filename=compq.exe
11847. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
11848. Source=Paul Collins Startup list
11849.  
11850. [Compaq Service Drivers]
11851. Number=1683
11852. Confirmed=X
11853. Filename=navapqwa.exe
11854. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BBQ&VSect=T" target=_blank>SDBOT.BBQ</a> WORM!
11855. Source=Paul Collins Startup list
11856.  
11857. [Compaq Service Drivers]
11858. Number=1684
11859. Confirmed=X
11860. Filename=amsn.exe
11861. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11862. Source=Paul Collins Startup list
11863.  
11864. [Compaq Service Drivers]
11865. Number=1685
11866. Confirmed=X
11867. Filename=compqs.exe
11868. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11869. Source=Paul Collins Startup list
11870.  
11871. [Compaq Service Drivers]
11872. Number=1686
11873. Confirmed=X
11874. Filename=msnt.exe
11875. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CQL&VSect=T" target=_blank>SDBOT.CQL</a> WORM!
11876. Source=Paul Collins Startup list
11877.  
11878. [Compaq Service Drivers]
11879. Number=1687
11880. Confirmed=X
11881. Filename=NtKernelSystem.exe
11882. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11883. Source=Paul Collins Startup list
11884.  
11885. [Compaq Service Drivers]
11886. Number=1688
11887. Confirmed=X
11888. Filename=wincmd.exe
11889. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATV&VSect=P" target=_blank>RBOT.ATV</a> WORM!
11890. Source=Paul Collins Startup list
11891.  
11892. [Compaq Service Drivers]
11893. Number=1689
11894. Confirmed=X
11895. Filename=wind32.exe
11896. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11897. Source=Paul Collins Startup list
11898.  
11899. [Compaq Service Drivers]
11900. Number=1690
11901. Confirmed=X
11902. Filename=winmsn.exe
11903. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11904. Source=Paul Collins Startup list
11905.  
11906. [Compaq Service Drivers]
11907. Number=1691
11908. Confirmed=X
11909. Filename=compaq.exe
11910. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafu.html" target=_blank>SDBOT-AFU</a> WORM!
11911. Source=Paul Collins Startup list
11912.  
11913. [Compaq Service Drivers]
11914. Number=1692
11915. Confirmed=X
11916. Filename=msnsvc.exe
11917. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKT&VSect=T" target=_blank>RBOT.BKT</a> WORM!
11918. Source=Paul Collins Startup list
11919.  
11920. [Compaq Service Drivers]
11921. Number=1693
11922. Confirmed=X
11923. Filename=ntsys32.exe
11924. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CIW&VSect=T" target=_blank>RBOT.CIW</a> WORM!
11925. Source=Paul Collins Startup list
11926.  
11927. [Compaq Service Drivers]
11928. Number=1694
11929. Confirmed=X
11930. Filename=winsvc.exe
11931. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotagd.html" target="_blank">SDBOT-AGD</a> WORM!
11932. Source=Paul Collins Startup list
11933.  
11934. [Compaq Service Drivers 32]
11935. Number=1695
11936. Confirmed=X
11937. Filename=compq32.exe
11938. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
11939. Source=Paul Collins Startup list
11940.  
11941. [Compaq Service Drivrs]
11942. Number=1696
11943. Confirmed=X
11944. Filename=copq.exe
11945. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
11946. Source=Paul Collins Startup list
11947.  
11948. [Compaq Services Drivers]
11949. Number=1697
11950. Confirmed=X
11951. Filename=ndt32.exe
11952. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CQZ&VSect=T" target=_blank>RBOT.CQZ</a> WORM!
11953. Source=Paul Collins Startup list
11954.  
11955. [Compaq Sound Drivers For WINDOWS]
11956. Number=1698
11957. Confirmed=X
11958. Filename=sounddr.exe
11959. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxg.html" target=_blank>SDBOT-XG</a> WORM!
11960. Source=Paul Collins Startup list
11961.  
11962. [Compaq Video CD Watcher]
11963. Number=1699
11964. Confirmed=N
11965. Filename=??
11966. Description=For Compaq PC's. MPEG viewer
11967. Source=Paul Collins Startup list
11968.  
11969. [Compaq32 Service Drivers]
11970. Number=1700
11971. Confirmed=X
11972. Filename=ms32.exe
11973. Description=Added by the <a href="http://bg.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_SDBOT.BWH" target=_blank>SDBOT.BWH</a> WORM!
11974. Source=Paul Collins Startup list
11975.  
11976. [Compaq32 Service Drivers]
11977. Number=1701
11978. Confirmed=X
11979. Filename=msconfig32.exe
11980. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadc.html" target=_blank>SDBOT-ADC</a> WORM!
11981. Source=Paul Collins Startup list
11982.  
11983. [Compaq32 Service Drivers]
11984. Number=1702
11985. Confirmed=X
11986. Filename=msnt32.exe
11987. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BVF&VSect=T" target=_blank>RBOT.BVF</a> WORM!
11988. Source=Paul Collins Startup list
11989.  
11990. [CompaqHW Comp Manager]
11991. Number=1703
11992. Confirmed=?
11993. Filename=cpqhcm.exe
11994. Description=<font color="#FF0000">Running on a Compaq laptop - any ideas?</font>
11995. Source=Paul Collins Startup list
11996.  
11997. [CompaqPrinTray]
11998. Number=1704
11999. Confirmed=N
12000. Filename=printray.exe
12001. Description=Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
12002. Source=Paul Collins Startup list
12003.  
12004. [Compaqs Service Driver]
12005. Number=1705
12006. Confirmed=X
12007. Filename=copypad32.exe
12008. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T" target=_blank>SDBOT.CSO</a> WORM!
12009. Source=Paul Collins Startup list
12010.  
12011. [Compaqs Service Drivers]
12012. Number=1706
12013. Confirmed=X
12014. Filename=compqs.exe
12015. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
12016. Source=Paul Collins Startup list
12017.  
12018. [CompaqSystray]
12019. Number=1707
12020. Confirmed=N
12021. Filename=cpqpscp.exe
12022. Description=Compaq System Tray icon
12023. Source=Paul Collins Startup list
12024.  
12025. [Compatibility Service Process]
12026. Number=1708
12027. Confirmed=X
12028. Filename=regsvs.exe
12029. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040817-5940-99" target="_blank">GAOBOT.YN</a> WORM!
12030. Source=Paul Collins Startup list
12031.  
12032. [Compd Service Drivrs]
12033. Number=1709
12034. Confirmed=X
12035. Filename=codq.exe
12036. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
12037. Source=Paul Collins Startup list
12038.  
12039. [ComproRemote]
12040. Number=1710
12041. Confirmed=U
12042. Filename=ComproRemote.exe
12043. Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card - remote control driver
12044.  
12045. Source=Paul Collins Startup list
12046.  
12047. [ComproSchedulerDTV]
12048. Number=1711
12049. Confirmed=U
12050. Filename=ComproSchedulerDTV.exe
12051. Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card - scheduler
12052.  
12053. Source=Paul Collins Startup list
12054.  
12055. [Computing Technologie Firewall]
12056. Number=1712
12057. Confirmed=X
12058. Filename=lsauth.exe
12059. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwx.html" target= blank>SDBOT-WX</a> WORM!
12060. Source=Paul Collins Startup list
12061.  
12062. [COMSMDEXE]
12063. Number=1713
12064. Confirmed=N
12065. Filename=comsmd.exe
12066. Description=3Com tray icon
12067. Source=Paul Collins Startup list
12068.  
12069. [ComStart]
12070. Number=1714
12071. Confirmed=N
12072. Filename=Trojan Guarder.exe
12073. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071914-2557-99" target="_blank">TrojanGuarder</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
12074. Source=Paul Collins Startup list
12075.  
12076. [ComTry Web Searcher]
12077. Number=1715
12078. Confirmed=X
12079. Filename=wstray.exe
12080. Description=Comtry MP3 Downloader related - spyware
12081. Source=Paul Collins Startup list
12082.  
12083. [comxt]
12084. Number=1716
12085. Confirmed=X
12086. Filename=comxt.exe
12087. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100710-2042-99" target="_blank">COMXT</a> TROJAN!
12088. Source=Paul Collins Startup list
12089.  
12090. [con]
12091. Number=1717
12092. Confirmed=X
12093. Filename=[path to trojan]
12094. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbravea.html" target=_blank>BRAVE-A</a> TROJAN!
12095.  
12096. Source=Paul Collins Startup list
12097.  
12098. [Config]
12099. Number=1718
12100. Confirmed=X
12101. Filename=service.exe
12102. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092311-3948-99" target="_blank">ISRAZ.B</a> WORM!
12103. Source=Paul Collins Startup list
12104.  
12105. [Config Loadation]
12106. Number=1719
12107. Confirmed=X
12108. Filename=iEEexplore.exe
12109. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041721-2428-99" target="_blank">SDBOT.H</a> TROJAN!
12110. Source=Paul Collins Startup list
12111.  
12112. [Config Loadatiorin]
12113. Number=1720
12114. Confirmed=X
12115. Filename=I3Explorer.exe
12116. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041721-2428-99" target="_blank">SDBOT.H</a> TROJAN!
12117. Source=Paul Collins Startup list
12118.  
12119. [Config Loader]
12120. Number=1721
12121. Confirmed=X
12122. Filename=svchosl.exe
12123. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040409-1043-99" target="_blank">GAOBOT.P</a> WORM!
12124. Source=Paul Collins Startup list
12125.  
12126. [Config Loader]
12127. Number=1722
12128. Confirmed=X
12129. Filename=sysldr32.exe
12130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102419-1801-99" target="_blank">GAOBOT</a> WORM!
12131. Source=Paul Collins Startup list
12132.  
12133. [Config Loader]
12134. Number=1723
12135. Confirmed=X
12136. Filename=scvhost.exe
12137. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091111-5223-99" target="_blank">GAOBOT.AE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORMS!
12138. Source=Paul Collins Startup list
12139.  
12140. [Config Loader]
12141. Number=1724
12142. Confirmed=X
12143. Filename=svhost.exe
12144. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
12145. Source=Paul Collins Startup list
12146.  
12147. [Config Loader for Microsoft Windows]
12148. Number=1725
12149. Confirmed=X
12150. Filename=mwincfg32.exe
12151. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD" target="_blank">AGOBOT.BD</a> WORM!
12152. Source=Paul Collins Startup list
12153.  
12154. [Config Loader2]
12155. Number=1726
12156. Confirmed=X
12157. Filename=explores.exe
12158. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103111-3854-99" target="_blank">GAOBOT.BT</a> WORM!
12159. Source=Paul Collins Startup list
12160.  
12161. [Config Loadr]
12162. Number=1727
12163. Confirmed=X
12164. Filename=winsys32.exe
12165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothn.html" target=_blank>AGOBOT-HN</a> WORM!
12166. Source=Paul Collins Startup list
12167.  
12168. [Config33.exe]
12169. Number=1728
12170. Confirmed=X
12171. Filename=Config33.exe
12172. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T" target=_blank>SDBOT.T</a> TROJAN!
12173.  
12174. Source=Paul Collins Startup list
12175.  
12176. [ConfiggLoader]
12177. Number=1729
12178. Confirmed=X
12179. Filename=cart322.exe
12180. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-5132-99" target="_blank">GAOBOT.DJ</a> WORM!
12181. Source=Paul Collins Startup list
12182.  
12183. [ConfigSafe]
12184. Number=1730
12185. Confirmed=U
12186. Filename=CFGSAFE.EXE
12187. Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
12188. Source=Paul Collins Startup list
12189.  
12190. [ConfigSafe]
12191. Number=1731
12192. Confirmed=U
12193. Filename=AUTOCHK.EXE
12194. Description=<a href="http://www.imaginelan.com/configsafe/index.html" target="_blank">ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
12195. Source=Paul Collins Startup list
12196.  
12197. [ConfigServices]
12198. Number=1732
12199. Confirmed=N
12200. Filename=Config.exe
12201. Description=Part of initial setup on a Compaq PC
12202. Source=Paul Collins Startup list
12203.  
12204. [configsetup]
12205. Number=1733
12206. Confirmed=X
12207. Filename=configsetup32.exe
12208. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotafp.html" target=_blank>AGOBOT-AFP</a> WORM!
12209. Source=Paul Collins Startup list
12210.  
12211. [Configuration]
12212. Number=1734
12213. Confirmed=X
12214. Filename=explorer32.exe
12215. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotml.html" target="_blank">SDBOT-ML</a> WORM!
12216. Source=Paul Collins Startup list
12217.  
12218. [Configuration]
12219. Number=1735
12220. Confirmed=X
12221. Filename=[filename]
12222. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotml.html" target=_blank>SDBOT-ML</a> WORM!
12223.  
12224. Source=Paul Collins Startup list
12225.  
12226. [configuration]
12227. Number=1736
12228. Confirmed=X
12229. Filename=apphost.exe
12230. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html" target= blank>SDBOT-VP</a> WORM!
12231. Source=Paul Collins Startup list
12232.  
12233. [Configuration]
12234. Number=1737
12235. Confirmed=X
12236. Filename=ntsys32.exe
12237. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotln.html" target= blank>SDBOT-LN</a> WORM!
12238. Source=Paul Collins Startup list
12239.  
12240. [Configuration Default]
12241. Number=1738
12242. Confirmed=X
12243. Filename=Wuxat.exe
12244. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotca.html" target=_blank>SPYBOT-CA</a> WORM!
12245.  
12246. Source=Paul Collins Startup list
12247.  
12248. [Configuration File]
12249. Number=1739
12250. Confirmed=X
12251. Filename=Winset32.exe
12252. Description=Added by the FLUX.101 TROJAN!
12253.  
12254. Source=Paul Collins Startup list
12255.  
12256. [Configuration Loaded]
12257. Number=1740
12258. Confirmed=X
12259. Filename=wupdated.exe
12260. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-3234-99" target="_blank">MOEGA</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021013-3329-99" target="_blank">MOEGA.AG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022818-2915-99" target="_blank">MOEGA.AP</a> WORMS!
12261. Source=Paul Collins Startup list
12262.  
12263. [Configuration Loaded]
12264. Number=1741
12265. Confirmed=X
12266. Filename=lssas.exe
12267. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
12268. Source=Paul Collins Startup list
12269.  
12270. [Configuration Loader]
12271. Number=1742
12272. Confirmed=X
12273. Filename=aim95.exe
12274. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
12275. Source=Paul Collins Startup list
12276.  
12277. [Configuration Loader]
12278. Number=1743
12279. Confirmed=X
12280. Filename=cmd32.exe
12281. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
12282. Source=Paul Collins Startup list
12283.  
12284. [Configuration Loader]
12285. Number=1744
12286. Confirmed=X
12287. Filename=service5.exe
12288. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091710-1153-99" target="_blank">GAOBOT.AF</a> WORM!
12289. Source=Paul Collins Startup list
12290.  
12291. [Configuration Loader]
12292. Number=1745
12293. Confirmed=?
12294. Filename=lfass.exe
12295. Description=<font color="#FF0000">??</font>
12296. Source=Paul Collins Startup list
12297.  
12298. [Configuration Loader]
12299. Number=1746
12300. Confirmed=X
12301. Filename=sycfg34.exe
12302. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092916-3339-99" target="_blank">GAOBOT.AN</a> WORM!
12303. Source=Paul Collins Startup list
12304.  
12305. [Configuration Loader]
12306. Number=1747
12307. Confirmed=X
12308. Filename=wincrt32.exe
12309. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-0859-99" target="_blank">GAOBOT.BF</a> WORM!
12310. Source=Paul Collins Startup list
12311.  
12312. [Configuration Loader]
12313. Number=1748
12314. Confirmed=X
12315. Filename=windex.exe
12316. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110115-4341-99" target="_blank">GAOBOT.BZ</a> WORM!
12317. Source=Paul Collins Startup list
12318.  
12319. [Configuration Loader]
12320. Number=1749
12321. Confirmed=X
12322. Filename=dosrun32.exe
12323. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
12324. Source=Paul Collins Startup list
12325.  
12326. [Configuration Loader]
12327. Number=1750
12328. Confirmed=X
12329. Filename=Service.exe
12330. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
12331. Source=Paul Collins Startup list
12332.  
12333. [Configuration Loader]
12334. Number=1751
12335. Confirmed=X
12336. Filename=Servicess.exe
12337. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
12338. Source=Paul Collins Startup list
12339.  
12340. [Configuration Loader]
12341. Number=1752
12342. Confirmed=X
12343. Filename=sw32.exe
12344. Description=Added by the <a href="http://es.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&VName=WORM_AGOBOT.BQ" target="_blank">AGOBOT.BQ</a> WORM!
12345. Source=Paul Collins Startup list
12346.  
12347. [Configuration Loader]
12348. Number=1753
12349. Confirmed=X
12350. Filename=System.exe
12351. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
12352. Source=Paul Collins Startup list
12353.  
12354. [Configuration Loader]
12355. Number=1754
12356. Confirmed=X
12357. Filename=Winreg.exe
12358. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
12359. Source=Paul Collins Startup list
12360.  
12361. [Configuration Loader]
12362. Number=1755
12363. Confirmed=X
12364. Filename=sysinfo.exe
12365. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011214-4249-99" target="_blank">GAOBOT.FQ</a> WORM!
12366.  
12367. Source=Paul Collins Startup list
12368.  
12369. [Configuration Loader]
12370. Number=1756
12371. Confirmed=X
12372. Filename=microsoft.exe
12373. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020416-5105-99" target="_blank">GAOBOT.JB</a> WORM!
12374. Source=Paul Collins Startup list
12375.  
12376. [Configuration Loader]
12377. Number=1757
12378. Confirmed=X
12379. Filename=confgldr.exe
12380. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
12381. Source=Paul Collins Startup list
12382.  
12383. [configuration loader]
12384. Number=1758
12385. Confirmed=X
12386. Filename=winicfg32.exe
12387. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032013-3449-99" target="_blank">GAOBOT.RQ</a> WORM!
12388. Source=Paul Collins Startup list
12389.  
12390. [Configuration Loader]
12391. Number=1759
12392. Confirmed=X
12393. Filename=svhst.exe
12394. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040717-1139-99" target="_blank">GAOBOT.YC</a> WORM!
12395. Source=Paul Collins Startup list
12396.  
12397. [Configuration Loader]
12398. Number=1760
12399. Confirmed=X
12400. Filename=msgfix.exe
12401. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062910-1433-99" target="_blank">GAOBOT.AUS</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqg.html" target=_blank>SDBOT-QG</a> WORMS!
12402. Source=Paul Collins Startup list
12403.  
12404. [Configuration Loader]
12405. Number=1761
12406. Confirmed=X
12407. Filename=msnss.exe
12408. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062910-1433-99" target="_blank">GAOBOT.AUS</a> WORM!
12409. Source=Paul Collins Startup list
12410.  
12411. [Configuration Loader]
12412. Number=1762
12413. Confirmed=X
12414. Filename=IEXPL0RE.EXE
12415. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
12416. Source=Paul Collins Startup list
12417.  
12418. [Configuration Loader]
12419. Number=1763
12420. Confirmed=X
12421. Filename=loadcfg32.exe
12422. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
12423. Source=Paul Collins Startup list
12424.  
12425. [Configuration Loader]
12426. Number=1764
12427. Confirmed=X
12428. Filename=MSTasks.exe
12429. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A" target="_blank"> LOADCFG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJANS!
12430. Source=Paul Collins Startup list
12431.  
12432. [Configuration Loader]
12433. Number=1765
12434. Confirmed=X
12435. Filename=systemry.exe
12436. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
12437. Source=Paul Collins Startup list
12438.  
12439. [Configuration Loader]
12440. Number=1766
12441. Confirmed=X
12442. Filename=ccSort.exe
12443. Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR" target=_blank>AGOBOT.SR</a> WORM!
12444. Source=Paul Collins Startup list
12445.  
12446. [Configuration Loader]
12447. Number=1767
12448. Confirmed=X
12449. Filename=smss32.exe
12450. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MB" target=_blank>AGOBOT.MB</a> WORM!
12451. Source=Paul Collins Startup list
12452.  
12453. [Configuration Loader]
12454. Number=1768
12455. Confirmed=X
12456. Filename=wincffg.exe
12457. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.A3&VSect=T" target=_blank>AGOBOT.A3</a> WORM!
12458. Source=Paul Collins Startup list
12459.  
12460. [Configuration Loader]
12461. Number=1769
12462. Confirmed=X
12463. Filename=seru32.exe
12464. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvr.html" target=_blank>SDBOT-VR</a> WORM!
12465. Source=Paul Collins Startup list
12466.  
12467. [Configuration Loader]
12468. Number=1770
12469. Confirmed=X
12470. Filename=botss.exe
12471. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html" target= blank>SDBOT-XS</a> WORM!
12472. Source=Paul Collins Startup list
12473.  
12474. [Configuration Loader]
12475. Number=1771
12476. Confirmed=X
12477. Filename=ldasp.exe
12478. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BH" target="_blank">AGOBOT.BH</a> WORM!
12479. Source=Paul Collins Startup list
12480.  
12481. [Configuration Loader]
12482. Number=1772
12483. Confirmed=X
12484. Filename=msgcfgsrv.exe
12485. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
12486. Source=Paul Collins Startup list
12487.  
12488. [Configuration Loader]
12489. Number=1773
12490. Confirmed=X
12491. Filename=smsai.exe
12492. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotye.html" target= blank>SDBOT-YE</a> WORM!
12493. Source=Paul Collins Startup list
12494.  
12495. [Configuration Loader]
12496. Number=1774
12497. Confirmed=X
12498. Filename=svupdate.exe
12499. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051410-0631-99" target= blank>RANDEX.DXP</a> WORM!
12500. Source=Paul Collins Startup list
12501.  
12502. [Configuration Loader]
12503. Number=1775
12504. Confirmed=X
12505. Filename=crcss.exe
12506. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ADG&VSect=T" target=_blank>AGOBOT.ADG</a> WORM!
12507. Source=Paul Collins Startup list
12508.  
12509. [Configuration Loader]
12510. Number=1776
12511. Confirmed=X
12512. Filename=lexplore.exe
12513. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagx.html" target=_blank>RBOT-AGX</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
12514. Source=Paul Collins Startup list
12515.  
12516. [Configuration Loader]
12517. Number=1777
12518. Confirmed=X
12519. Filename=scvhost.exe
12520. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaae.html" target=_blank>AGOBOT-AAE</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060816-2421-99" target=_blank>SDBOT.AR</a> WORMS!
12521. Source=Paul Collins Startup list
12522.  
12523. [Configuration Loader]
12524. Number=1778
12525. Confirmed=X
12526. Filename=svchost.exe
12527. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32paradropa.html" target=_blank>PARADROP-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
12528. Source=Paul Collins Startup list
12529.  
12530. [Configuration Loader]
12531. Number=1779
12532. Confirmed=X
12533. Filename=svchost2.exe
12534. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JR&VSect=P" target=_blank>AGOBOT.JR</a> WORM!
12535. Source=Paul Collins Startup list
12536.  
12537. [Configuration Loader]
12538. Number=1780
12539. Confirmed=X
12540. Filename=dezi.exe
12541. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotob.html" target=_blank>SDBOT-OB</a> WORM!
12542. Source=Paul Collins Startup list
12543.  
12544. [Configuration Loader]
12545. Number=1781
12546. Confirmed=X
12547. Filename=mouse.exe
12548. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
12549. Source=Paul Collins Startup list
12550.  
12551. [Configuration Loader]
12552. Number=1782
12553. Confirmed=X
12554. Filename=msg.exe
12555. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BT&VSect=P" target=_blank>SDBOT.BT</a> WORM!
12556. Source=Paul Collins Startup list
12557.  
12558. [Configuration Loader]
12559. Number=1783
12560. Confirmed=X
12561. Filename=WinHelper.exe
12562. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
12563. Source=Paul Collins Startup list
12564.  
12565. [Configuration Loader]
12566. Number=1784
12567. Confirmed=X
12568. Filename=extrac.exe
12569. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafp.html" target=_blank>SDBOT-AFP</a> WORM!
12570. Source=Paul Collins Startup list
12571.  
12572. [Configuration Loader]
12573. Number=1785
12574. Confirmed=X
12575. Filename=DVD-Player.exe
12576. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
12577. Source=Paul Collins Startup list
12578.  
12579. [Configuration Loader]
12580. Number=1786
12581. Confirmed=X
12582. Filename=IEXPLORE.EXE
12583. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkw.html" target=_blank>SDBOT-KW</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
12584. Source=Paul Collins Startup list
12585.  
12586. [Configuration Loader]
12587. Number=1787
12588. Confirmed=X
12589. Filename=svchost.exe
12590. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32paradropa.html" target=_blank>PARADROP-AI</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
12591. Source=Paul Collins Startup list
12592.  
12593. [Configuration Loader]
12594. Number=1788
12595. Confirmed=X
12596. Filename=wincore.exe
12597. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHE" target="_blank">SDBOT.BHE</a> WORM!
12598. Source=Paul Collins Startup list
12599.  
12600. [Configuration Loader]
12601. Number=1789
12602. Confirmed=X
12603. Filename=configldr.exe
12604. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpp.html" target="_blank">AGOBOT-PP</a> TROJAN!
12605. Source=Paul Collins Startup list
12606.  
12607. [Configuration Loader ]
12608. Number=1790
12609. Confirmed=X
12610. Filename=syscfg32.exe
12611. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102319-2939-99" target="_blank">SDBOT.B</a> TROJAN!
12612. Source=Paul Collins Startup list
12613.  
12614. [Configuration Loader Service]
12615. Number=1791
12616. Confirmed=X
12617. Filename=Winsys32.exe
12618. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyv.html" target=_blank>RBOT-YV</a> WORM!
12619. Source=Paul Collins Startup list
12620.  
12621. [Configuration Loader Service]
12622. Number=1792
12623. Confirmed=X
12624. Filename=devl32.exe
12625. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxy.html" target= blank>SDBOT-XY</a> WORM!
12626. Source=Paul Collins Startup list
12627.  
12628. [Configuration Loader10]
12629. Number=1793
12630. Confirmed=X
12631. Filename=ip7.exe
12632. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotanz.html" target=_blank>AGOBOT-ANZ</a> WORM!
12633. Source=Paul Collins Startup list
12634.  
12635. [Configuration Loading]
12636. Number=1794
12637. Confirmed=X
12638. Filename=svchos1.exe
12639. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120514-4926-99" target="_blank">GAOBOT.DK</a> WORM!
12640. Source=Paul Collins Startup list
12641.  
12642. [Configuration Loading]
12643. Number=1795
12644. Confirmed=X
12645. Filename=configldr.exe
12646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotec.html" target="_blank">AGOBOT-EC</a> WORM!
12647. Source=Paul Collins Startup list
12648.  
12649. [Configuration Loading Service]
12650. Number=1796
12651. Confirmed=X
12652. Filename=wscel.exe
12653. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwj.html" target= blank>SDBOT-WJ</a> WORM!
12654. Source=Paul Collins Startup list
12655.  
12656. [Configuration Loadr]
12657. Number=1797
12658. Confirmed=X
12659. Filename=iexplore.exee
12660. Description=Added by an unidentified WORM or TROJAN!
12661. Source=Paul Collins Startup list
12662.  
12663. [Configuration Manager]
12664. Number=1798
12665. Confirmed=X
12666. Filename=CNFGLD32.EXE
12667. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
12668. Source=Paul Collins Startup list
12669.  
12670. [Configuration Manager]
12671. Number=1799
12672. Confirmed=X
12673. Filename=Cnfgldr.exe
12674. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
12675. Source=Paul Collins Startup list
12676.  
12677. [Configuration Manager]
12678. Number=1800
12679. Confirmed=X
12680. Filename=cfg32.exe
12681. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
12682. Source=Paul Collins Startup list
12683.  
12684. [Configuration Servecie]
12685. Number=1801
12686. Confirmed=X
12687. Filename=sewins.exe
12688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcoh.html" target="_blank">SDBOT-COH</a> WORM!
12689. Source=Paul Collins Startup list
12690.  
12691. [Configuration Service]
12692. Number=1802
12693. Confirmed=X
12694. Filename=suchost.exe
12695. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081709-4000-99" target="_blank">TREB</a> TROJAN!
12696. Source=Paul Collins Startup list
12697.  
12698. [Configuration Services]
12699. Number=1803
12700. Confirmed=X
12701. Filename=mswords.exe
12702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotym.html" target=_blank>SDBOT-YM</a> WORM!
12703. Source=Paul Collins Startup list
12704.  
12705. [Configuration Utility]
12706. Number=1804
12707. Confirmed=N
12708. Filename=CONFIG.EXE
12709. Description=Controls linksys wireless connection. Available from the Desktop
12710. Source=Paul Collins Startup list
12711.  
12712. [Configuration Utility]
12713. Number=1805
12714. Confirmed=U
12715. Filename=wlanutil.exe
12716. Description=<a href="http://www.netgear.com/" target="_blank">NetGear</a> Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)
12717. Source=Paul Collins Startup list
12718.  
12719. [Configuration Wizard]
12720. Number=1806
12721. Confirmed=X
12722. Filename=Cfgwiz32.exe
12723. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C" target="_blank">HACKTACK</a> TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)
12724. Source=Paul Collins Startup list
12725.  
12726. [Configuration32 Loader32]
12727. Number=1807
12728. Confirmed=X
12729. Filename=winamp32.exe
12730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbic.html" target=_blank>SDBOT-BIC</a> WORM!
12731. Source=Paul Collins Startup list
12732.  
12733. [ConfLoader]
12734. Number=1808
12735. Confirmed=X
12736. Filename=sysconf16.exe
12737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotfb.html" target=_blank>SDBOT-FB</a> TROJAN!
12738. Source=Paul Collins Startup list
12739.  
12740. [Conmgr]
12741. Number=1809
12742. Confirmed=N
12743. Filename=conmgr.exe
12744. Description=Starts Winfax pro at startup
12745. Source=Paul Collins Startup list
12746.  
12747. [ConMgr.exe]
12748. Number=1810
12749. Confirmed=U
12750. Filename=conmgr.exe
12751. Description=Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut 
12752. Source=Paul Collins Startup list
12753.  
12754. [Connect2Party]
12755. Number=1811
12756. Confirmed=X
12757. Filename=connect2party.exe
12758. Description=Adult content dialler
12759. Source=Paul Collins Startup list
12760.  
12761. [Connection Keeper]
12762. Number=1812
12763. Confirmed=U
12764. Filename=ConKeepM.exe
12765. Description="<a href="http://www.gammadyne.com/conkeep.htm" target="_blank">Connection Keeper</a> is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"
12766. Source=Paul Collins Startup list
12767.  
12768. [Connection Manager]
12769. Number=1813
12770. Confirmed=N
12771. Filename=CManager.exe
12772. Description=SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
12773. Source=Paul Collins Startup list
12774.  
12775. [Connectivity Tool]
12776. Number=1814
12777. Confirmed=X
12778. Filename=[path to trojan]
12779. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebote.html" target=_blank>LITEBOT-E</a> TROJAN!
12780. Source=Paul Collins Startup list
12781.  
12782. [Connector]
12783. Number=1815
12784. Confirmed=X
12785. Filename=SYS.EXE
12786. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/dialer.nunci.html" target=_blank>dialer.Nunci</a> premium dialer
12787. Source=Paul Collins Startup list
12788.  
12789. [Connector]
12790. Number=1816
12791. Confirmed=X
12792. Filename=sms.EXE
12793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialexdialb.html" target=_blank>ExDial-B</a> premium rate adult content dialer
12794. Source=Paul Collins Startup list
12795.  
12796. [Cons]
12797. Number=1817
12798. Confirmed=X
12799. Filename=consol32.exe
12800. Description=Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
12801. Source=Paul Collins Startup list
12802.  
12803. [conscorr]
12804. Number=1818
12805. Confirmed=X
12806. Filename=conscorr.exe
12807. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
12808. Source=Paul Collins Startup list
12809.  
12810. [Console de Gerenciamento Microsoft]
12811. Number=1819
12812. Confirmed=X
12813. Filename=csrss.exe
12814. Description=Unidentified malware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a System\Level4 subfolder
12815.  
12816. Source=Paul Collins Startup list
12817.  
12818. [Console de Gerenciamento Microsoft]
12819. Number=1820
12820. Confirmed=X
12821. Filename=csrss.exe
12822. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanet.html" target=_blank>BANCBAN-ET</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Central de Seguranτa" subfolder
12823. Source=Paul Collins Startup list
12824.  
12825. [Consumer Input]
12826. Number=1821
12827. Confirmed=U
12828. Filename=ConsumerInput.exe
12829. Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
12830. Source=Paul Collins Startup list
12831.  
12832. [Consumer Input Rewarded with MyPoints, Consumer Input]
12833. Number=1822
12834. Confirmed=U
12835. Filename=ConsumerInputRewardedwithMyPoints, ConsumerInput.exe
12836. Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
12837. Source=Paul Collins Startup list
12838.  
12839. [Consumer Input Rewarded with MyPoints, Consumer Input Update]
12840. Number=1823
12841. Confirmed=U
12842. Filename=ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe
12843. Description=<a href="http://www.consumerinput.com/" target="_blank">Consumer Input</a> Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
12844. Source=Paul Collins Startup list
12845.  
12846. [Contacte]
12847. Number=1824
12848. Confirmed=?
12849. Filename=contacte.exe
12850. Description=<font color="#FF0000">Some kind of driver?</font>
12851. Source=Paul Collins Startup list
12852.  
12853. [Content connector]
12854. Number=1825
12855. Confirmed=X
12856. Filename=[random filename].exe
12857. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdialery.html" target="_blank">DIALER-Y</a> TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder
12858. Source=Paul Collins Startup list
12859.  
12860. [ContentDownload]
12861. Number=1826
12862. Confirmed=X
12863. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
12864. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
12865. Source=Paul Collins Startup list
12866.  
12867. [ContentService]
12868. Number=1827
12869. Confirmed=X
12870. Filename=winservn.exe
12871. Description=Homepage hijacker
12872. Source=Paul Collins Startup list
12873.  
12874. [ContinueInstall]
12875. Number=1828
12876. Confirmed=X
12877. Filename=bpsinstall.exe
12878. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
12879. Source=Paul Collins Startup list
12880.  
12881. [Control]
12882. Number=1829
12883. Confirmed=X
12884. Filename=rundll32.exe ctrlpan.dll, Restore ControlPanel
12885. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#msconfd" target=_blank>Msconfd</a> parasite variant
12886. Source=Paul Collins Startup list
12887.  
12888. [Control Center]
12889. Number=1830
12890. Confirmed=N
12891. Filename=Center.exe
12892. Description=Related to an <a href="http://www.asus.com/" target=_blank>Asus</a> WLAN card
12893. Source=Paul Collins Startup list
12894.  
12895. [Control handler]
12896. Number=1831
12897. Confirmed=X
12898. Filename=***********.exe [* = random char]
12899. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
12900. Source=Paul Collins Startup list
12901.  
12902. [Control handler]
12903. Number=1832
12904. Confirmed=X
12905. Filename=ahjinst.exe
12906. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
12907. Source=Paul Collins Startup list
12908.  
12909. [Control handler]
12910. Number=1833
12911. Confirmed=X
12912. Filename=[10 to 14 random char]THD.EXE
12913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperai.html" target=_blank>KREPPER-AI</a> TROJAN!
12914. Source=Paul Collins Startup list
12915.  
12916. [control panel]
12917. Number=1834
12918. Confirmed=N
12919. Filename=smctrlw.exe
12920. Description=System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card
12921. Source=Paul Collins Startup list
12922.  
12923. [Control Panel]
12924. Number=1835
12925. Confirmed=X
12926. Filename=System.exe
12927. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020515-1939-99" target="_blank">DANI</a> TROJAN!
12928. Source=Paul Collins Startup list
12929.  
12930. [control panel software service]
12931. Number=1836
12932. Confirmed=X
12933. Filename=cprs.exe
12934. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpi.html" target="_blank">RBOT-FPI</a> WORM!
12935. Source=Paul Collins Startup list
12936.  
12937. [Controladores]
12938. Number=1837
12939. Confirmed=X
12940. Filename=[path to trojan]
12941. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtelefoa.html" target=_blank>TELEFO-A</a> TROJAN!
12942. Source=Paul Collins Startup list
12943.  
12944. [ControlCenter2.0]
12945. Number=1838
12946. Confirmed=N
12947. Filename=brctrcen.exe
12948. Description=Brother scanner 'Control Center' application - can be started manually
12949.  
12950. Source=Paul Collins Startup list
12951.  
12952. [ControlCentreTray]
12953. Number=1839
12954. Confirmed=N
12955. Filename=XWCTray.exe
12956. Description=System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
12957. Source=Paul Collins Startup list
12958.  
12959. [Controlled Resource System Service]
12960. Number=1840
12961. Confirmed=X
12962. Filename=crss.exe
12963. Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/crss/" target=_blank>AGOBOT.GH</a> WORM!
12964. Source=Paul Collins Startup list
12965.  
12966. [Controller]
12967. Number=1841
12968. Confirmed=N
12969. Filename=WFXCTL32.EXE
12970. Description=From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
12971. Source=Paul Collins Startup list
12972.  
12973. [ControlPanel]
12974. Number=1842
12975. Confirmed=X
12976. Filename=rundll32 internat.dll, LoadKeyboardProfile
12977. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
12978. Source=Paul Collins Startup list
12979.  
12980. [ControlPanel]
12981. Number=1843
12982. Confirmed=X
12983. Filename=host32.exe internat.dll, LoadKeyboardProfile
12984. Description=Added by a vairant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.DW" target="_blank">DELF.DW</a> TROJAN!
12985. Source=Paul Collins Startup list
12986.  
12987. [ControlPanel]
12988. Number=1844
12989. Confirmed=X
12990. Filename=[path] cmd32.exe internat.dll, LoadKeyboardProfile
12991. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderhf.html" target="_blank">DLOADER-HF</a> TROJAN!
12992. Source=Paul Collins Startup list
12993.  
12994. [ControlPanel]
12995. Number=1845
12996. Confirmed=X
12997. Filename=systemctrl.exe internet.dll, LoadNetworkProfile
12998. Description=Browser hijacker, also detected as <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafx.html" target= blank>STARTPA-FX</a>
12999. Source=Paul Collins Startup list
13000.  
13001. [ControlPanel]
13002. Number=1846
13003. Confirmed=X
13004. Filename=internat.dll, LoadKeyboardProfile
13005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbizvesa.html" target=_blank>BIZVES-A</a> TROJAN!
13006. Source=Paul Collins Startup list
13007.  
13008. [ControlPanel]
13009. Number=1847
13010. Confirmed=X
13011. Filename=popcorn.exe internat.dll, LoadKeyboardProfile
13012. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbizvesb.html" target=_blank>BIZVES-B</a> TROJAN!
13013. Source=Paul Collins Startup list
13014.  
13015. [ControlPanel]
13016. Number=1848
13017. Confirmed=X
13018. Filename=popcorn64.exe
13019. Description=Browser hijacker, redirecting to loadcash.biz
13020. Source=Paul Collins Startup list
13021.  
13022. [ControlPanel]
13023. Number=1849
13024. Confirmed=X
13025. Filename=popcorn64.exe rundll.dll, LoadMouseProfile
13026. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderoi.html" target=_blank>DLOADER-OI</a> TROJAN!
13027. Source=Paul Collins Startup list
13028.  
13029. [ControlPanel]
13030. Number=1850
13031. Confirmed=X
13032. Filename=popcorn72.exe rundll.dll, LoadMouseProfile
13033. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderra.html" target=_blank>DLOADER-RA</a> TROJAN!
13034. Source=Paul Collins Startup list
13035.  
13036. [ControlPanel]
13037. Number=1851
13038. Confirmed=X
13039. Filename=svcc.exe
13040. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.worldsearch.html" target=_blank>WorldSearch</a> adware
13041. Source=Paul Collins Startup list
13042.  
13043. [ControlPanel]
13044. Number=1852
13045. Confirmed=X
13046. Filename=popcorn320.exe rundll.dll, LoadMouseProfile
13047. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderra.html" target=_blank>DLOADER-RA</a> TROJAN!
13048. Source=Paul Collins Startup list
13049.  
13050. [ControlPanel]
13051. Number=1853
13052. Confirmed=X
13053. Filename=[path] private.exe internat.dll, LoadMouseCarpetProfile
13054. Description=Reported by Norman Virus Control as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the C:\WINDOWS\SYSTEM32 directory creates the files d.exe, s.exe and r.exe
13055. Source=Paul Collins Startup list
13056.  
13057. [ControlServiceMgr]
13058. Number=1854
13059. Confirmed=X
13060. Filename=csmsv.exe
13061. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentxc.html" target=_blank>AGENT-XC</a> TROJAN!
13062. Source=Paul Collins Startup list
13063.  
13064. [Cookie Cop 2]
13065. Number=1855
13066. Confirmed=U
13067. Filename=CookieCop.exe
13068. Description=<a href="http://www.pcmag.com/article2/0,1895,6142,00.asp" target="_blank">Cookie Cop 2</a> from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
13069. Source=Paul Collins Startup list
13070.  
13071. [Cookie Pal]
13072. Number=1856
13073. Confirmed=U
13074. Filename=CPBRWTCH.EXE
13075. Description=Kookaburra Software's <a href="http://www.kburra.com/cpal.html" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
13076. Source=Paul Collins Startup list
13077.  
13078. [CookieJar]
13079. Number=1857
13080. Confirmed=U
13081. Filename=Cookiejar.exe
13082. Description=<a href="http://www.jasons-toolbox.com/?page_id=14" target="_blank">Cookie Jar</a> cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported
13083. Source=Paul Collins Startup list
13084.  
13085. [CookiePatrol]
13086. Number=1858
13087. Confirmed=U
13088. Filename=CookiePatrol.exe
13089. Description=CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's aquisition
13090. Source=Paul Collins Startup list
13091.  
13092. [CookieWall]
13093. Number=1859
13094. Confirmed=U
13095. Filename=cookie.exe
13096. Description=<a href="http://www.analogx.com/contents/download/network/cookie.htm" target="_blank">CookieWall</a> from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
13097. Source=Paul Collins Startup list
13098.  
13099. [Cool Desk]
13100. Number=1860
13101. Confirmed=U
13102. Filename=cdesk.exe
13103. Description=<a href="http://www.shelltoys.com/" target="_blank">Cool Desk</a> is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you
13104. Source=Paul Collins Startup list
13105.  
13106. [CoolDownloads]
13107. Number=1861
13108. Confirmed=X
13109. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
13110. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
13111. Source=Paul Collins Startup list
13112.  
13113. [CoolMP3]
13114. Number=1862
13115. Confirmed=X
13116. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
13117. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
13118. Source=Paul Collins Startup list
13119.  
13120. [CoolSwitch]
13121. Number=1863
13122. Confirmed=U
13123. Filename=taskswitch.exe
13124. Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
13125. Source=Paul Collins Startup list
13126.  
13127. [Coolwallpaper]
13128. Number=1864
13129. Confirmed=N
13130. Filename=cwm_tray.exe
13131. Description=<a href="http://coolwallpaper.com/download/index2.html" target=_blank>Cool Wallpaper</a> software allows you to manage high quality photos as desktop wallpaper and screen savers
13132. Source=Paul Collins Startup list
13133.  
13134. [coolwebprogram]
13135. Number=1865
13136. Confirmed=X
13137. Filename=clrssn.exe
13138. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
13139. Source=Paul Collins Startup list
13140.  
13141. [Copernic Desktop Search]
13142. Number=1866
13143. Confirmed=N
13144. Filename=DesktopSearch.exe
13145. Description=Copernic <a href="http://www.copernic.com/en/products/desktop-search/index.html" target=_blank>Desktop Search</a> - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"
13146. Source=Paul Collins Startup list
13147.  
13148. [Copernic Desktop Search 2]
13149. Number=1867
13150. Confirmed=U
13151. Filename=DesktopSearchService.exe
13152. Description=<a href="http://www.copernic.com/en/products/desktop-search/index.html" target="_blank">Copernic Desktop Search</a> - search agent
13153. Source=Paul Collins Startup list
13154.  
13155. [CopernicPerUserTaskMgr]
13156. Number=1868
13157. Confirmed=U
13158. Filename=CopernicPerUserTaskMgr.exe
13159. Description=Automatic tasking feature of Copernic Pro multi-search engine tool
13160. Source=Paul Collins Startup list
13161.  
13162. [Copy handler]
13163. Number=1869
13164. Confirmed=U
13165. Filename=Copy Handler.exe
13166. Description=<a href="http://copyhandler.com/" target= blank>Copy Handler</a> lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes
13167. Source=Paul Collins Startup list
13168.  
13169. [Copyright]
13170. Number=1870
13171. Confirmed=N
13172. Filename=mwcpyrt.exe
13173. Description=Displays copyright information on IBM ThinkPads
13174. Source=Paul Collins Startup list
13175.  
13176. [CoreCenter]
13177. Number=1871
13178. Confirmed=U
13179. Filename=CoreCenter.exe
13180. Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
13181. Source=Paul Collins Startup list
13182.  
13183. [CoreCenter]
13184. Number=1872
13185. Confirmed=U
13186. Filename=CORECE~1.EXE
13187. Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
13188. Source=Paul Collins Startup list
13189.  
13190. [Corel Colleagues & Contacts Reminders]
13191. Number=1873
13192. Confirmed=N
13193. Filename=cffrem.exe
13194. Description=Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office
13195. Source=Paul Collins Startup list
13196.  
13197. [Corel Desktop Application Director]
13198. Number=1874
13199. Confirmed=N
13200. Filename=dadx.exe
13201. Description=The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
13202. Source=Paul Collins Startup list
13203.  
13204. [Corel Family & Friends reminders]
13205. Number=1875
13206. Confirmed=N
13207. Filename=CFFREM.EXE
13208. Description=Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic
13209. Source=Paul Collins Startup list
13210.  
13211. [Corel Photo Downloader]
13212. Number=1876
13213. Confirmed=N
13214. Filename=MediaDetect.exe
13215. Description=Related to <a href="http://www.corel.com/servlet/Satellite?pagename=Corel3/Products/Display&pid=1047025470321" target=_blank>Corel Photo Album</a>
13216.  
13217. Source=Paul Collins Startup list
13218.  
13219. [Corel Registration]
13220. Number=1877
13221. Confirmed=N
13222. Filename=Remind32.exe
13223. Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
13224. Source=Paul Collins Startup list
13225.  
13226. [Corel Registration Reminder]
13227. Number=1878
13228. Confirmed=N
13229. Filename=Remind32.exe
13230. Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
13231. Source=Paul Collins Startup list
13232.  
13233. [Corel Reminder]
13234. Number=1879
13235. Confirmed=N
13236. Filename=NAVBROWSER.EXE
13237. Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it
13238. Source=Paul Collins Startup list
13239.  
13240. [Corel Reminder]
13241. Number=1880
13242. Confirmed=N
13243. Filename=NAVBrowser.exe
13244. Description=Registration reminder for CorelDRAW 10
13245. Source=Paul Collins Startup list
13246.  
13247. [CorelCENTRAL 10]
13248. Number=1881
13249. Confirmed=N
13250. Filename=I_26dadCC.exe
13251. Description=<a href="http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel/Product/Feature&fid=CC1ZX1WPOP4" target="_blank">CorelCENTRAL 10</a> - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
13252. Source=Paul Collins Startup list
13253.  
13254. [CorelDraw Toolbox]
13255. Number=1882
13256. Confirmed=X
13257. Filename=CorelDraw.exe
13258. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html" target= blank>SDBOT-VZ</a> WORM!
13259. Source=Paul Collins Startup list
13260.  
13261. [CorelMedia FoldersIndexer8]
13262. Number=1883
13263. Confirmed=N
13264. Filename=MFindexer.exe
13265. Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
13266. Source=Paul Collins Startup list
13267.  
13268. [CorelMedia FoldersIndexer8]
13269. Number=1884
13270. Confirmed=N
13271. Filename=MFINDE~1.EXE
13272. Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
13273. Source=Paul Collins Startup list
13274.  
13275. [CoreSrv]
13276. Number=1885
13277. Confirmed=X
13278. Filename=coresrv.exe
13279. Description=Some IRC trojans/worms use this - see <a href="http://lockdowncorp.com/bots/" target="_blank">here</a> for more information
13280. Source=Paul Collins Startup list
13281.  
13282. [CORESYS]
13283. Number=1886
13284. Confirmed=?
13285. Filename=coresys.exe
13286. Description=<font color="#FF0000">??</font>
13287. Source=Paul Collins Startup list
13288.  
13289. [CorrectConnect]
13290. Number=1887
13291. Confirmed=N
13292. Filename=CConnect.exe
13293. Description=Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
13294. Source=Paul Collins Startup list
13295.  
13296. [cosine]
13297. Number=1888
13298. Confirmed=X
13299. Filename=cosine.exe
13300. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsw.html" target=_blank>RBOT-SW</a> WORM!
13301. Source=Paul Collins Startup list
13302.  
13303. [CostAware]
13304. Number=1889
13305. Confirmed=U
13306. Filename=niIPCApp.exe
13307. Description=NetInternals <a href="http://www.netinternals.com/default.htm?products" target="_blank">CostAware</a> - download quota measuring tool
13308. Source=Paul Collins Startup list
13309.  
13310. [Country Select]
13311. Number=1890
13312. Confirmed=N
13313. Filename=pctptt.exe
13314. Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
13315. Source=Paul Collins Startup list
13316.  
13317. [CountrySelection]
13318. Number=1891
13319. Confirmed=N
13320. Filename=pctptt.exe
13321. Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
13322. Source=Paul Collins Startup list
13323.  
13324. [Coupon Offers]
13325. Number=1892
13326. Confirmed=?
13327. Filename=??
13328. Description=<font color="#FF0000">??</font>
13329. Source=Paul Collins Startup list
13330.  
13331. [couponica]
13332. Number=1893
13333. Confirmed=X
13334. Filename=couponica.exe
13335. Description=Adware - see <a href="http://vil.nai.com/vil/content/v_100077.htm#top" target="_blank">here</a>
13336. Source=Paul Collins Startup list
13337.  
13338. [CP]
13339. Number=1894
13340. Confirmed=?
13341. Filename=CopyProtectionNotifier.exe
13342. Description=Related to <a href="http://www.emuzed.com/application.html" target=_blank>Emuzed</a> Systems and Middleware. Comes included with Windows XP Media Edition
13343. Source=Paul Collins Startup list
13344.  
13345. [CP32NOT]
13346. Number=1895
13347. Confirmed=U
13348. Filename=CP32BTN.EXE
13349. Description=For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
13350. Source=Paul Collins Startup list
13351.  
13352. [CP4HPOT]
13353. Number=1896
13354. Confirmed=U
13355. Filename=OneTouch.EXE
13356. Description=One Touch keyboard driver. Required if you use the additional keys
13357. Source=Paul Collins Startup list
13358.  
13359. [CP888M1]
13360. Number=1897
13361. Confirmed=N
13362. Filename=CP888M1.EXE
13363. Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
13364. Source=Paul Collins Startup list
13365.  
13366. [CPA9P2PSERVER]
13367. Number=1898
13368. Confirmed=?
13369. Filename=CPA9P2PS.exe
13370. Description=<font color="#FF0000">Found on a Compaq Presario but what is it?</font>
13371. Source=Paul Collins Startup list
13372.  
13373. [cpanel]
13374. Number=1899
13375. Confirmed=X
13376. Filename=winlogin32.exe
13377. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfoy.html" target="_blank">RBOT-FOY</a> WORM!
13378. Source=Paul Collins Startup list
13379.  
13380. [CPATR10]
13381. Number=1900
13382. Confirmed=U
13383. Filename=CPATR10.EXE
13384. Description=Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
13385. Source=Paul Collins Startup list
13386.  
13387. [CPBrWtch]
13388. Number=1901
13389. Confirmed=U
13390. Filename=CPBrWtch.exe
13391. Description=Kookaburra Software's <a href="http://www.kburra.com/cpal.html" target="_blank">Cookie Pal</a> cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
13392. Source=Paul Collins Startup list
13393.  
13394. [CPD_EXE]
13395. Number=1902
13396. Confirmed=Y
13397. Filename=CPD.EXE
13398. Description=Firewall bundled with McAfee VirusScan 6.*
13399. Source=Paul Collins Startup list
13400.  
13401. [cpl]
13402. Number=1903
13403. Confirmed=X
13404. Filename=deamon.exe
13405. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
13406. Source=Paul Collins Startup list
13407.  
13408. [cpl]
13409. Number=1904
13410. Confirmed=X
13411. Filename=msgaol.exe
13412. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
13413. Source=Paul Collins Startup list
13414.  
13415. [cpl]
13416. Number=1905
13417. Confirmed=X
13418. Filename=s_menu.exe
13419. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
13420. Source=Paul Collins Startup list
13421.  
13422. [cpl]
13423. Number=1906
13424. Confirmed=X
13425. Filename=browse.exe
13426. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
13427. Source=Paul Collins Startup list
13428.  
13429. [cpl]
13430. Number=1907
13431. Confirmed=X
13432. Filename=msgaol.exe
13433. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
13434. Source=Paul Collins Startup list
13435.  
13436. [CplBTQ00]
13437. Number=1908
13438. Confirmed=N
13439. Filename=CplBTQ00.EXE
13440. Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
13441. Source=Paul Collins Startup list
13442.  
13443. [CPLDBL10]
13444. Number=1909
13445. Confirmed=N
13446. Filename=CPLDBL10.exe
13447. Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops
13448. Source=Paul Collins Startup list
13449.  
13450. [cpntmgc]
13451. Number=1910
13452. Confirmed=X
13453. Filename=wincomp.exe
13454. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINTRIM.A" target=_blank>WINTRIM_A</a> TROJAN!
13455. Source=Paul Collins Startup list
13456.  
13457. [cpntmgc]
13458. Number=1911
13459. Confirmed=X
13460. Filename=simcss.exe
13461. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MAGICON.A" target=_blank>MAGICON.A</a> TROJAN!
13462. Source=Paul Collins Startup list
13463.  
13464. [cpntmgc]
13465. Number=1912
13466. Confirmed=X
13467. Filename=navpmc.exe
13468. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112414-3016-99" target=_blank>SIMCSS</a> TROJAN!
13469. Source=Paul Collins Startup list
13470.  
13471. [cpntmgc]
13472. Number=1913
13473. Confirmed=X
13474. Filename=winmgts.exe
13475. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwintrimb.html" target=_blank>WINTRIM-B</a> TROJAN!
13476. Source=Paul Collins Startup list
13477.  
13478. [CPortPatch]
13479. Number=1914
13480. Confirmed=?
13481. Filename=cppatch.exe
13482. Description=<font color="#FF0000">CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?</font>
13483. Source=Paul Collins Startup list
13484.  
13485. [CPQAcDc]
13486. Number=1915
13487. Confirmed=Y
13488. Filename=CPQAcDc.exe
13489. Description=Compaq PowerCon power management software for laptops
13490. Source=Paul Collins Startup list
13491.  
13492. [CPQAlert]
13493. Number=1916
13494. Confirmed=U
13495. Filename=CPQAlert.exe
13496. Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See <a href="http://h18000.www1.hp.com/products/servers/management/cim-description.html" target="_blank">here</a> for more information
13497. Source=Paul Collins Startup list
13498.  
13499. [CPQBootPerfDB]
13500. Number=1917
13501. Confirmed=N
13502. Filename=CPQBootPerfDB.EXE
13503. Description=See the entry for Compaq Message Server
13504. Source=Paul Collins Startup list
13505.  
13506. [CPQCalib]
13507. Number=1918
13508. Confirmed=Y
13509. Filename=CPQCalib.exe
13510. Description=Compaq PowerCon power management software for laptops
13511. Source=Paul Collins Startup list
13512.  
13513. [CPQDFWAG]
13514. Number=1919
13515. Confirmed=N
13516. Filename=CpqDfwAg.exe
13517. Description=For Compaq PC's. Runs Compaq diagnostics on every boot
13518. Source=Paul Collins Startup list
13519.  
13520. [CPQEASYACC]
13521. Number=1920
13522. Confirmed=U
13523. Filename=cpqeadm.exe
13524. Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
13525. Source=Paul Collins Startup list
13526.  
13527. [CPQEASYACC]
13528. Number=1921
13529. Confirmed=U
13530. Filename=StartEAK.exe
13531. Description=<a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank">Easy Access</a> Button Support for Compaq PCs. Required if you use these
13532. Source=Paul Collins Startup list
13533.  
13534. [cpqeaui]
13535. Number=1922
13536. Confirmed=U
13537. Filename=cpqeaui.exe
13538. Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
13539. Source=Paul Collins Startup list
13540.  
13541. [cpqek]
13542. Number=1923
13543. Confirmed=U
13544. Filename=kcpqek.exe
13545. Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
13546. Source=Paul Collins Startup list
13547.  
13548. [CPQInet Runtime Service]
13549. Number=1924
13550. Confirmed=U
13551. Filename=CpqInet.exe
13552. Description=For Compaq PC's. Allows AOL and Compuserve to use the <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> buttons for the internet. Is not required if you don't use the ISP providers
13553. Source=Paul Collins Startup list
13554.  
13555. [CPQINKAGENT]
13556. Number=1925
13557. Confirmed=N
13558. Filename=cpqinkag.exe
13559. Description=That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
13560. Source=Paul Collins Startup list
13561.  
13562. [cpqns]
13563. Number=1926
13564. Confirmed=U
13565. Filename=cpqnpcss.exe
13566. Description=Related to Compaq.Net - not required if you don't use that
13567. Source=Paul Collins Startup list
13568.  
13569. [Cpqset]
13570. Number=1927
13571. Confirmed=N
13572. Filename=Cpqset.exe
13573. Description=Default settings software in Hewlett Packard notebook
13574. Source=Paul Collins Startup list
13575.  
13576. [CPQSTUTFIX]
13577. Number=1928
13578. Confirmed=Y
13579. Filename=stutfix.exe
13580. Description=For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it <a href="http://www.pacs-portal.co.uk/files/StutFix.exe">here</a>. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
13581. Source=Paul Collins Startup list
13582.  
13583. [cpr]
13584. Number=1929
13585. Confirmed=X
13586. Filename=cpr
13587. Description=Adroar.com adware downloader
13588. Source=Paul Collins Startup list
13589.  
13590. [cprocsvc]
13591. Number=1930
13592. Confirmed=X
13593. Filename=cproc.exe
13594. Description=Added by MSIL.AGENT.C TROJAN!
13595. Source=Paul Collins Startup list
13596.  
13597. [CPU Manager]
13598. Number=1931
13599. Confirmed=X
13600. Filename=cpumgr.exe
13601. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081913-3715-99" target="_blank">PANDEM.B</a> WORM!
13602. Source=Paul Collins Startup list
13603.  
13604. [CPU Temp Control]
13605. Number=1932
13606. Confirmed=X
13607. Filename=wuitgurd.exe
13608. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahv.html" target=_blank>RBOT-AHV</a> WORM!
13609. Source=Paul Collins Startup list
13610.  
13611. [CPU Watcher]
13612. Number=1933
13613. Confirmed=X
13614. Filename=rundll32.exe [path] cpu.dll,load
13615. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html" target=_blank>DLOADER-LO</a> TROJAN!
13616. Source=Paul Collins Startup list
13617.  
13618. [CPU Windows Status]
13619. Number=1934
13620. Confirmed=X
13621. Filename=cpustats.exe
13622. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
13623. Source=Paul Collins Startup list
13624.  
13625. [CPUcool]
13626. Number=1935
13627. Confirmed=U
13628. Filename=Cpucool.exe
13629. Description=Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
13630. Source=Paul Collins Startup list
13631.  
13632. [Cpusave]
13633. Number=1936
13634. Confirmed=X
13635. Filename=Cpusave.exe
13636. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
13637. Source=Paul Collins Startup list
13638.  
13639. [Cpusave32]
13640. Number=1937
13641. Confirmed=X
13642. Filename=Cpusave32.exe
13643. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
13644. Source=Paul Collins Startup list
13645.  
13646. [CPVHOST Settings]
13647. Number=1938
13648. Confirmed=X
13649. Filename=cpvhost.exe
13650. Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.HMW.htm" target="_blank">SDBOT.HMW</a> WORM!
13651. Source=Paul Collins Startup list
13652.  
13653. [cpyt]
13654. Number=1939
13655. Confirmed=X
13656. Filename=hidep.exe
13657. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmirjacka.html" target=_blank>MIRJACK-A</a> TROJAN!
13658. Source=Paul Collins Startup list
13659.  
13660. [cqlyg]
13661. Number=1940
13662. Confirmed=X
13663. Filename=world_cup_.bat
13664. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
13665. Source=Paul Collins Startup list
13666.  
13667. [CQSCP2P SERVER]
13668. Number=1941
13669. Confirmed=?
13670. Filename=??
13671. Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
13672. Source=Paul Collins Startup list
13673.  
13674. [CQSCP2PS]
13675. Number=1942
13676. Confirmed=?
13677. Filename=??
13678. Description=<font color="#FF0000">"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed</font>
13679. Source=Paul Collins Startup list
13680.  
13681. [Cr**.exe [* = random char]]
13682. Number=1943
13683. Confirmed=X
13684. Filename=Cr**.exe [* = random char]
13685. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
13686. Source=Paul Collins Startup list
13687.  
13688. [Cr**.exe [* = random char]]
13689. Number=1944
13690. Confirmed=X
13691. Filename=Cr**.exe [* = random char]
13692. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
13693. Source=Paul Collins Startup list
13694.  
13695. [Cr**32.exe [* = random char]]
13696. Number=1945
13697. Confirmed=X
13698. Filename=Cr**32.exe [* = random char]
13699. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
13700. Source=Paul Collins Startup list
13701.  
13702. [cracked_windows1]
13703. Number=1946
13704. Confirmed=U
13705. Filename=cracked_windows1.exe
13706. Description=<a href="http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html" target="_blank">Cracked Windows</a> popup killer
13707. Source=Paul Collins Startup list
13708.  
13709. [CrazyTalk Serve]
13710. Number=1947
13711. Confirmed=N
13712. Filename=rundll32.exe CrazyTalk.dll, DIIServeMediaFile
13713. Description=<a href="http://www.reallusion.com/crazytalk/default.asp" target="_blank">CrazyTalk</a> from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
13714. Source=Paul Collins Startup list
13715.  
13716. [CRBroadCasting]
13717. Number=1948
13718. Confirmed=U
13719. Filename=CRBroadCasting.exe
13720. Description=<a href="http://www.otiglobal.com/" target=_blank>CardReader2</a> from On Track Inovations Ltd. USB Card Reader
13721.  
13722. Source=Paul Collins Startup list
13723.  
13724. [CRC Value Verifier]
13725. Number=1949
13726. Confirmed=X
13727. Filename=crsss32.exe
13728. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
13729. Source=Paul Collins Startup list
13730.  
13731. [CRC Value Verifier]
13732. Number=1950
13733. Confirmed=X
13734. Filename=Crsss64.exe
13735. Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html" target=_blank>RBOT-NY</a> WORM!
13736.  
13737. Source=Paul Collins Startup list
13738.  
13739. [CRC Value Verifier]
13740. Number=1951
13741. Confirmed=X
13742. Filename=svchost32.exe
13743. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoa.html" target=_blank>RBOT-OA</a> WORM!
13744. Source=Paul Collins Startup list
13745.  
13746. [CRC Value Verifier]
13747. Number=1952
13748. Confirmed=X
13749. Filename=crsss.exe
13750. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.UK&VSect=P" target=_blank>SPYBOT.UK</a> WORM!
13751. Source=Paul Collins Startup list
13752.  
13753. [Crc32stats Dependencies]
13754. Number=1953
13755. Confirmed=X
13756. Filename=Crc32stats.exe
13757. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070615-3252-99" target=_blank>MYTOB.GT</a> WORM!
13758. Source=Paul Collins Startup list
13759.  
13760. [CRCSS]
13761. Number=1954
13762. Confirmed=X
13763. Filename=crcss.exe
13764. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotth.html" target="_blank">IRCBOT-TH</a> WORM!
13765. Source=Paul Collins Startup list
13766.  
13767. [Creata Mail]
13768. Number=1955
13769. Confirmed=U
13770. Filename=JMSrvr.exe
13771. Description=<a href="http://www.bluemountain.com/mail/index.pd" target=_blank>Creata_Mail</a>. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express
13772.  
13773. Source=Paul Collins Startup list
13774.  
13775. [Create A Monster]
13776. Number=1956
13777. Confirmed=X
13778. Filename=createAMonster.exe
13779. Description=Kudd.com CreateAMonster. Reportedly stealth installed and <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>Look2Me</a> adware related
13780.  
13781. Source=Paul Collins Startup list
13782.  
13783. [CreateCD]
13784. Number=1957
13785. Confirmed=N
13786. Filename=Createcd.exe
13787. Description=Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
13788. Source=Paul Collins Startup list
13789.  
13790. [CreateCD50]
13791. Number=1958
13792. Confirmed=N
13793. Filename=Createcd50.exe
13794. Description=Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
13795. Source=Paul Collins Startup list
13796.  
13797. [Creative AGP Wizard]
13798. Number=1959
13799. Confirmed=N
13800. Filename=agpwiz.exe
13801. Description=Part of Creative's BlasterControl
13802. Source=Paul Collins Startup list
13803.  
13804. [Creative Audio Drivers]
13805. Number=1960
13806. Confirmed=X
13807. Filename=creative.exe
13808. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkr.html" target="_blank">RBOT-FKR</a> WORM!
13809. Source=Paul Collins Startup list
13810.  
13811. [Creative Detector]
13812. Number=1961
13813. Confirmed=N
13814. Filename=CTDetect.exe
13815. Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
13816. Source=Paul Collins Startup list
13817.  
13818. [Creative Launcher]
13819. Number=1962
13820. Confirmed=N
13821. Filename=CTLauncher.exe
13822. Description=For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
13823. Source=Paul Collins Startup list
13824.  
13825. [Creative MediaSource Go]
13826. Number=1963
13827. Confirmed=N
13828. Filename=CTCMSGo.exe
13829. Description="Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank"> MediaSource</a> playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
13830. Source=Paul Collins Startup list
13831.  
13832. [Creative PCI Audio Configuration Utility]
13833. Number=1964
13834. Confirmed=N
13835. Filename=starter.exe
13836. Description=System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target="_blank">this</a> special page. Similar to EnsoniqMixer
13837. Source=Paul Collins Startup list
13838.  
13839. [Creative Service for CDROM Access]
13840. Number=1965
13841. Confirmed=N
13842. Filename=Ctsvccda.exe
13843. Description=Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
13844. Source=Paul Collins Startup list
13845.  
13846. [Creative WebCam Tray]
13847. Number=1966
13848. Confirmed=N
13849. Filename=Camtray.exe
13850. Description=Creative WebCam tray control - can be started manually
13851.  
13852. Source=Paul Collins Startup list
13853.  
13854. [Creative.exe]
13855. Number=1967
13856. Confirmed=X
13857. Filename=Creative.exe
13858. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122112-0126-99" target="_blank">PROLIN</a> WORM!
13859. Source=Paul Collins Startup list
13860.  
13861. [CreativeDiscNotifier]
13862. Number=1968
13863. Confirmed=N
13864. Filename=CTNOTIFY.EXE
13865. Description=For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel
13866. Source=Paul Collins Startup list
13867.  
13868. [CreativeMixer]
13869. Number=1969
13870. Confirmed=U
13871. Filename=CTMIX32.EXE
13872. Description=Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon
13873. Source=Paul Collins Startup list
13874.  
13875. [CreativeTaskScheduler]
13876. Number=1970
13877. Confirmed=?
13878. Filename=CTSched.exe
13879. Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Task Scheduler. <font color="#FF0000">What does it do and is it required?</font>
13880. Source=Paul Collins Startup list
13881.  
13882. [Critical Update Check]
13883. Number=1971
13884. Confirmed=X
13885. Filename=battlenet.exe
13886. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
13887. Source=Paul Collins Startup list
13888.  
13889. [CriticalUpdate]
13890. Number=1972
13891. Confirmed=N
13892. Filename=Wucrtupd.exe
13893. Description=MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site
13894. Source=Paul Collins Startup list
13895.  
13896. [CriticalUpdate]
13897. Number=1973
13898. Confirmed=X
13899. Filename=wucrtupd.exe
13900. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100790.htm" target=_blank>NOALA.B</a> WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wucrtupd/" target=_blank>here</a>
13901. Source=Paul Collins Startup list
13902.  
13903. [Crnsava]
13904. Number=1974
13905. Confirmed=X
13906. Filename=scrnsave.pif
13907. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzv.html" target=_blank>SDBOT-ZV</a> WORM!
13908. Source=Paul Collins Startup list
13909.  
13910. [cronos]
13911. Number=1975
13912. Confirmed=X
13913. Filename=MARCO!.SCR
13914. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G" target="_blank">OPASERV.G</a> WORM!
13915. Source=Paul Collins Startup list
13916.  
13917. [CrossMenu]
13918. Number=1976
13919. Confirmed=X
13920. Filename=CrossMenu
13921. Description=Toshiba CrossMenu Utility - allows the user to create their own menus
13922. Source=Paul Collins Startup list
13923.  
13924. [CRP386 Networking]
13925. Number=1977
13926. Confirmed=X
13927. Filename=crp386.exe
13928. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.IRCBot.n&threatid=10896" target="_blank">IRCBOT.N</a> TROJAN!
13929. Source=Paul Collins Startup list
13930.  
13931. [crs]
13932. Number=1978
13933. Confirmed=X
13934. Filename=crs.exe
13935. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottj.html" target=_blank>AGOBOT-TJ</a> WORM!
13936. Source=Paul Collins Startup list
13937.  
13938. [CRSSXP SysInfo]
13939. Number=1979
13940. Confirmed=X
13941. Filename=crssxp.exe
13942. Description=Added by the <a href="http://www.scanspyware.net/info/Sdbot.NHS.htm" target="_blank">SDBOT.NHS</a> WORM!
13943. Source=Paul Collins Startup list
13944.  
13945. [Crusty]
13946. Number=1980
13947. Confirmed=X
13948. Filename=dmcpl.exe
13949. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021517-4140-99" target="_blank">RUSTY</a> WORM!
13950. Source=Paul Collins Startup list
13951.  
13952. [cryptdlg]
13953. Number=1981
13954. Confirmed=X
13955. Filename=cryptdlg.exe
13956. Description=Added by an unidentified TROJAN!
13957. Source=Paul Collins Startup list
13958.  
13959. [cryptoexpert]
13960. Number=1982
13961. Confirmed=U
13962. Filename=cexpert.exe
13963. Description=<a href="http://www.secureaction.com/cryptoexpert/" target="_blank">CryptoExpert</a> from SecureAction Research. Advanced on the fly encryption system
13964. Source=Paul Collins Startup list
13965.  
13966. [Cryptographic Service]
13967. Number=1983
13968. Confirmed=X
13969. Filename=******.exe [* = random char]
13970. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070217-1202-99" target="_blank">KORGO.W</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080213-0953-99" target="_blank">KORGO.X</a> or <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39581" target="_blank">KORGO.AB</a> WORMS!
13971. Source=Paul Collins Startup list
13972.  
13973. [Crystal 3D Audio Control]
13974. Number=1984
13975. Confirmed=?
13976. Filename=CWD3DSND.EXE
13977. Description=Crystal 3D Audio sound driver. <font color="#FF0000">Is it required?</font>
13978. Source=Paul Collins Startup list
13979.  
13980. [csaRem]
13981. Number=1985
13982. Confirmed=N
13983. Filename=spqmdmui.exe
13984. Description=Compaq modem country selection 
13985. Source=Paul Collins Startup list
13986.  
13987. [CSAV_CheckViruses]
13988. Number=1986
13989. Confirmed=Y
13990. Filename=vchk.exe
13991. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
13992. Source=Paul Collins Startup list
13993.  
13994. [csc]
13995. Number=1987
13996. Confirmed=U
13997. Filename=csc.exe
13998. Description=Command line compiler for Microsoft C# it gets installed with the .NET SDK
13999. Source=Paul Collins Startup list
14000.  
14001. [CSCRS Value]
14002. Number=1988
14003. Confirmed=X
14004. Filename=cscrs.exe
14005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaa.html" target=_blank>RBOT-AAA</a> WORM!
14006. Source=Paul Collins Startup list
14007.  
14008. [CSCRS Value Check]
14009. Number=1989
14010. Confirmed=X
14011. Filename=MsPMSPSd.exe
14012. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
14013. Source=Paul Collins Startup list
14014.  
14015. [CSINJECT.EXE]
14016. Number=1990
14017. Confirmed=U
14018. Filename=CSINJECT.EXE
14019. Description=Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"
14020. Source=Paul Collins Startup list
14021.  
14022. [csm Win Updates]
14023. Number=1991
14024. Confirmed=X
14025. Filename=csm.exe
14026. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135435.htm" target=_blank>ZOTOB.B</a> WORM!
14027. Source=Paul Collins Startup list
14028.  
14029. [csoftok]
14030. Number=1992
14031. Confirmed=X
14032. Filename=softok.exe
14033. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050913-5746-99" target= blank>QQPASS.G</a> TROJAN!
14034. Source=Paul Collins Startup list
14035.  
14036. [csrs]
14037. Number=1993
14038. Confirmed=X
14039. Filename=csrs.exe
14040. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
14041. Source=Paul Collins Startup list
14042.  
14043. [csrsc]
14044. Number=1994
14045. Confirmed=X
14046. Filename=csrsc.exe
14047. Description=Added by an unidentified VIRUS, WORM or TROJAN!
14048. Source=Paul Collins Startup list
14049.  
14050. [CSRSS]
14051. Number=1995
14052. Confirmed=X
14053. Filename=CSRSS.EXE
14054. Description=Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
14055. Source=Paul Collins Startup list
14056.  
14057. [Csrss]
14058. Number=1996
14059. Confirmed=X
14060. Filename=csrss.exe
14061. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031323-3628-99" target="_blank">CHOD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup and the executeable resides in a random folder name
14062. Source=Paul Collins Startup list
14063.  
14064. [csrss]
14065. Number=1997
14066. Confirmed=X
14067. Filename=csrss.exe
14068. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogaq.html" target=_blank>KEYLOG-AQ</a> KEYLOGGER! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
14069. Source=Paul Collins Startup list
14070.  
14071. [csrss]
14072. Number=1998
14073. Confirmed=X
14074. Filename=csrss.exe
14075. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a random subfolder
14076. Source=Paul Collins Startup list
14077.  
14078. [csrss]
14079. Number=1999
14080. Confirmed=X
14081. Filename=msmsgs.exe
14082. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM!
14083. Source=Paul Collins Startup list
14084.  
14085. [csrss]
14086. Number=2000
14087. Confirmed=X
14088. Filename=nwiz.exe
14089. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodej.html" target=_blank>CHODE-J</a> WORM!
14090. Source=Paul Collins Startup list
14091.  
14092. [csrss]
14093. Number=2001
14094. Confirmed=U
14095. Filename=csrss.exe
14096. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.beyondkeylog.html" target="_blank">BeyondKeylog</a> surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Supremtec folder
14097. Source=Paul Collins Startup list
14098.  
14099. [CSRSS Loader]
14100. Number=2002
14101. Confirmed=X
14102. Filename=csrsss.exe
14103. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX" target=_blank>AGOBOT.TX</a> WORM!
14104. Source=Paul Collins Startup list
14105.  
14106. [csrss.exe]
14107. Number=2003
14108. Confirmed=X
14109. Filename=csrss.exe
14110. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070603-2351-99" target=_blank>DALBUG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
14111. Source=Paul Collins Startup list
14112.  
14113. [csrssLevel4]
14114. Number=2004
14115. Confirmed=X
14116. Filename=csrss.exe
14117. Description=Unidentified malware. Note - this file is placed in a C:\Windows\System\Level4 folder, and should NOT be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the Winnt\System32 or Windows\System32 folder and should NOT figure in Msconfig/Startup!
14118. Source=Paul Collins Startup list
14119.  
14120. [CSRSSU]
14121. Number=2005
14122. Confirmed=X
14123. Filename=CSRSSU.exe
14124. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - hijacking to Slawsearch.com. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
14125. Source=Paul Collins Startup list
14126.  
14127. [CSRSSW]
14128. Number=2006
14129. Confirmed=X
14130. Filename=CSRSSW.EXE
14131. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
14132. Source=Paul Collins Startup list
14133.  
14134. [CSRSWIN]
14135. Number=2007
14136. Confirmed=X
14137. Filename=[trojan filename]
14138. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080611-0047-99" target="_blank">WINSHELL.50</a> TROJAN!
14139. Source=Paul Collins Startup list
14140.  
14141. [CSRSX]
14142. Number=2008
14143. Confirmed=X
14144. Filename=[trojan filename]
14145. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081110-5211-99" target="_blank">WINSHELL.50.B</a> TROJAN!
14146. Source=Paul Collins Startup list
14147.  
14148. [CSS Server]
14149. Number=2009
14150. Confirmed=U
14151. Filename=CSSServer.exe
14152. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-5002-99" target="_blank">ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
14153. Source=Paul Collins Startup list
14154.  
14155. [cssauth]
14156. Number=2010
14157. Confirmed=U
14158. Filename=cssauth.exe
14159. Description=Related to IBM ThinkVantage Client Security Solution
14160.  
14161. Source=Paul Collins Startup list
14162.  
14163. [CSScheduleCheck]
14164. Number=2011
14165. Confirmed=Y
14166. Filename=SCHWIZEX.EXE
14167. Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
14168. Source=Paul Collins Startup list
14169.  
14170. [cssrs]
14171. Number=2012
14172. Confirmed=X
14173. Filename=cssrs.exe
14174. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandw.html" target="_blank">BANCBAN-DW</a> TROJAN!
14175. Source=Paul Collins Startup list
14176.  
14177. [csss]
14178. Number=2013
14179. Confirmed=X
14180. Filename=Csss.exe
14181. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112709-2857-99" target="_blank">BALICK</a> TROJAN!
14182. Source=Paul Collins Startup list
14183.  
14184. [CSS_Central]
14185. Number=2014
14186. Confirmed=U
14187. Filename=CSS_1631.EXE
14188. Description=CSS Communication Agent (95 Host) from Command Software Systems (now <a href="http://www.commandcom.com/" target="_blank">Authentium</a>). "CSS CentralÖ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"
14189. Source=Paul Collins Startup list
14190.  
14191. [CSV10P1]
14192. Number=2015
14193. Confirmed=X
14194. Filename=CSP001.exe
14195. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
14196. Source=Paul Collins Startup list
14197.  
14198. [CSV10P70]
14199. Number=2016
14200. Confirmed=X
14201. Filename=CSv10P070.exe
14202. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
14203. Source=Paul Collins Startup list
14204.  
14205. [CSV7P26]
14206. Number=2017
14207. Confirmed=X
14208. Filename=CSV7P26.exe
14209. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
14210. Source=Paul Collins Startup list
14211.  
14212. [CSV7P70]
14213. Number=2018
14214. Confirmed=X
14215. Filename=CSV7P070.exe
14216. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
14217. Source=Paul Collins Startup list
14218.  
14219. [CSV7P91]
14220. Number=2019
14221. Confirmed=X
14222. Filename=CSV7P91.exe
14223. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target=_blank>ClearSearch</a> adware
14224. Source=Paul Collins Startup list
14225.  
14226. [csvdea]
14227. Number=2020
14228. Confirmed=U
14229. Filename=csvdea.exe
14230. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072112-1717-99" target="_blank">SpyArsenalLog</a> surveillance software. Uninstall this software unless you put it there yourself
14231. Source=Paul Collins Startup list
14232.  
14233. [csvhost.exe]
14234. Number=2021
14235. Confirmed=X
14236. Filename=csvhost.exe
14237. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzbd.html" target="_blank">CIMUZ-BD</a> TROJAN!
14238. Source=Paul Collins Startup list
14239.  
14240. [ct]
14241. Number=2022
14242. Confirmed=Y
14243. Filename=ct.exe
14244. Description=ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it
14245. Source=Paul Collins Startup list
14246.  
14247. [CT Control Settings]
14248. Number=2023
14249. Confirmed=X
14250. Filename=CTSVCCD.EXE
14251. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotys.html" target=_blank>RBOT-YS</a> WORM!
14252. Source=Paul Collins Startup list
14253.  
14254. [CTAVTray]
14255. Number=2024
14256. Confirmed=N
14257. Filename=CTAvTray.exe
14258. Description=For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
14259. Source=Paul Collins Startup list
14260.  
14261. [CTCMonitor]
14262. Number=2025
14263. Confirmed=U
14264. Filename=CTCMonitor.exe
14265. Description=<a href="http://www.clicktoconvert.com/Features/features.html" target=_blank>Click-to-Convert</a> - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required
14266. Source=Paul Collins Startup list
14267.  
14268. [CTDVDDet]
14269. Number=2026
14270. Confirmed=N
14271. Filename=CTDVDDet.exe
14272. Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
14273. Source=Paul Collins Startup list
14274.  
14275. [CTDVDDet]
14276. Number=2027
14277. Confirmed=N
14278. Filename=CTDetect.exe
14279. Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
14280. Source=Paul Collins Startup list
14281.  
14282. [ctflog manager]
14283. Number=2028
14284. Confirmed=X
14285. Filename=ctflog.exe
14286. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
14287. Source=Paul Collins Startup list
14288.  
14289. [CTFM0N.exe]
14290. Number=2029
14291. Confirmed=X
14292. Filename=CTFM0N.exe
14293. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070512-2031-99" target=_blank>STARTPAGE.P</a> TROJAN!
14294. Source=Paul Collins Startup list
14295.  
14296. [ctfmon]
14297. Number=2030
14298. Confirmed=U
14299. Filename=ctfmon.exe
14300. Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target=_blank>here</a>. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see <a href="http://actualtools.com/forum/read.php?FID=9&TID=63" target=_blank>here</a> for such an example
14301. Source=Paul Collins Startup list
14302.  
14303. [ctfmon]
14304. Number=2031
14305. Confirmed=X
14306. Filename=taskmgr32*.exe [* = number]
14307. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080617-4010-99" target="_blank">SOWSAT.B</a> WORM!
14308. Source=Paul Collins Startup list
14309.  
14310. [ctfmon]
14311. Number=2032
14312. Confirmed=X
14313. Filename=cftmon.exe
14314. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelivea.html" target= blank>DELIVE-A</a> TROJAN! Note - this file is found in C:\Windows or C:\Winnt and is not the valid MS Office file of the same name (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target= blank>here</a>)
14315. Source=Paul Collins Startup list
14316.  
14317. [ctfmon]
14318. Number=2033
14319. Confirmed=X
14320. Filename=mIRC.dll
14321. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelbote.html" target=_blank>DELBOT-E</a> TROJAN!
14322. Source=Paul Collins Startup list
14323.  
14324. [ctfmon]
14325. Number=2034
14326. Confirmed=X
14327. Filename=WinConst.exe
14328. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasing.html" target=_blank>ASSASIN-G</a> TROJAN!
14329. Source=Paul Collins Startup list
14330.  
14331. [CTFMon]
14332. Number=2035
14333. Confirmed=U
14334. Filename=ctfmon.exe
14335. Description=<a href="http://www.spyarsenal.com/familykeylogger/" target=_blank>Family Keylogger</a> is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself! Found in the System\CTF (9x/Me) or System32\CTF (NT/2K/XP) folder
14336.  
14337. Source=Paul Collins Startup list
14338.  
14339. [ctfmon]
14340. Number=2036
14341. Confirmed=X
14342. Filename=msnmsgr.exe
14343. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjv.html" target=_blank>JV</a> TROJAN!
14344. Source=Paul Collins Startup list
14345.  
14346. [Ctfmon.exe]
14347. Number=2037
14348. Confirmed=X
14349. Filename=ctfmon32.exe
14350. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#ctfmon32" target=_blank>Ctfmon32</a> parasite variant
14351. Source=Paul Collins Startup list
14352.  
14353. [ctfmon.exe]
14354. Number=2038
14355. Confirmed=X
14356. Filename=ctfmon.exe
14357. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062417-1936-99" target=_blank>RAIDYS</a> TROJAN! Note - this should not be confused with the valid Office XP file, see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target=_blank>here</a>
14358. Source=Paul Collins Startup list
14359.  
14360. [ctfmon.exe]
14361. Number=2039
14362. Confirmed=X
14363. Filename=msupdate32.exe
14364. Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
14365. Source=Paul Collins Startup list
14366.  
14367. [ctfmon.exe]
14368. Number=2040
14369. Confirmed=U
14370. Filename=ctfmon.exe
14371. Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;282599" target="_blank">here</a>. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see <a href="http://actualtools.com/forum/read.php?FID=9&TID=63" target="_blank">here</a> for such an example
14372. Source=Paul Collins Startup list
14373.  
14374. [CTFMON32]
14375. Number=2041
14376. Confirmed=X
14377. Filename=CTFMON32.EXE
14378. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#ctfmon32" target=_blank>Ctfmon32</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojcwse.html" target= blank>CWS-E</a> TROJAN!
14379. Source=Paul Collins Startup list
14380.  
14381. [CTFMONSS]
14382. Number=2042
14383. Confirmed=X
14384. Filename=CTFMONSS.EXE
14385. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsf.html" target= blank>CWS-F</a> TROJAN!
14386. Source=Paul Collins Startup list
14387.  
14388. [ctfnom]
14389. Number=2043
14390. Confirmed=X
14391. Filename=rundIl32.exe
14392. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraw.html" target=_blank>LEGMIR-AW</a> TROJAN!
14393. Source=Paul Collins Startup list
14394.  
14395. [ctfnom.exe]
14396. Number=2044
14397. Confirmed=X
14398. Filename=SVOHOST.exe
14399. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdigidora.html" target=_blank>DIGIDOR-A</a> TROJAN!
14400. Source=Paul Collins Startup list
14401.  
14402. [ctfnom.exe]
14403. Number=2045
14404. Confirmed=X
14405. Filename=OSRSS.exe
14406. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderuq.html" target=_blank>DLOADER-UQ</a> TROJAN!
14407. Source=Paul Collins Startup list
14408.  
14409. [CTHELPER]
14410. Number=2046
14411. Confirmed=U
14412. Filename=CTHELPER.EXE
14413. Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
14414. Source=Paul Collins Startup list
14415.  
14416. [CTHelper]
14417. Number=2047
14418. Confirmed=X
14419. Filename=cthelper.exe
14420. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxb.html" target= blank>RBOT-XB</a> WORM! Note - do not confuse with the Creative application of the same name described <a href="http://www.sysinfo.org/startuplist.php?filter=cthelper.exe" target= blank>here</a>
14421. Source=Paul Collins Startup list
14422.  
14423. [CTime]
14424. Number=2048
14425. Confirmed=X
14426. Filename=[path to trojan]
14427. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012015-3226-99" target="_blank">HTTPDOS</a> TROJAN!
14428. Source=Paul Collins Startup list
14429.  
14430. [CTin10]
14431. Number=2049
14432. Confirmed=X
14433. Filename=CTin10.exe
14434. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022710-5851-99" target="_blank">BANCOS.E</a> TROJAN!
14435. Source=Paul Collins Startup list
14436.  
14437. [CtModule]
14438. Number=2050
14439. Confirmed=X
14440. Filename=CtModule.exe
14441. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickereg.html" target="_blank">CLICKER-EG</a> TROJAN!
14442. Source=Paul Collins Startup list
14443.  
14444. [CTNMRUN]
14445. Number=2051
14446. Confirmed=U
14447. Filename=ctnmrun.exe
14448. Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
14449. Source=Paul Collins Startup list
14450.  
14451. [CTPDPSRV]
14452. Number=2052
14453. Confirmed=?
14454. Filename=CTPDPSRV.EXE
14455. Description=Printer driver (in the WINDOWS\System32\spool\DRIVERS\W32\X86 folder).<font color="#FF0000"> Is it required?</font>
14456. Source=Paul Collins Startup list
14457.  
14458. [CTPerformanceUtility]
14459. Number=2053
14460. Confirmed=N
14461. Filename=CTPowUti.exe
14462. Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ctpowuti/" target="_blank">Creative PowerSysTrayApp</a>. This program is a non-essential process, but should not be terminated unless suspected to be causing problems
14463. Source=Paul Collins Startup list
14464.  
14465. [ctpmon]
14466. Number=2054
14467. Confirmed=X
14468. Filename=ctpmon.exe
14469. Description=System Registry Cleaner - stealth installed foistware from sysregistry.com
14470. Source=Paul Collins Startup list
14471.  
14472. [CTRegRun]
14473. Number=2055
14474. Confirmed=N
14475. Filename=CTRegRun.exe
14476. Description=For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
14477. Source=Paul Collins Startup list
14478.  
14479. [CtrlVol]
14480. Number=2056
14481. Confirmed=U
14482. Filename=CtrlVol.exe
14483. Description=Volume control key on Acer, Fujitsu and other laptops
14484. Source=Paul Collins Startup list
14485.  
14486. [CTSched]
14487. Number=2057
14488. Confirmed=?
14489. Filename=CTSched.exe
14490. Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Task Scheduler. <font color="#FF0000">What does it do and is it required?</font>
14491. Source=Paul Collins Startup list
14492.  
14493. [CTStartup]
14494. Number=2058
14495. Confirmed=N
14496. Filename=CTEaxSpl.exe
14497. Description=Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
14498. Source=Paul Collins Startup list
14499.  
14500. [CTSyncU.exe]
14501. Number=2059
14502. Confirmed=N
14503. Filename=CTSyncU.exe
14504. Description=<a href="http://www.creative.com/" target="_blank">Creative</a> Sync Manager</a> - synchronizes music tracks on your computer with your player
14505. Source=Paul Collins Startup list
14506.  
14507. [CTsysVol]
14508. Number=2060
14509. Confirmed=U
14510. Filename=CTSYSVOL.exe
14511. Description=Creative sound card volume controls
14512. Source=Paul Collins Startup list
14513.  
14514. [cttdpsrv]
14515. Number=2061
14516. Confirmed=?
14517. Filename=cttdpsrv.exe
14518. Description=<font color="#FF0000">??</font>
14519. Source=Paul Collins Startup list
14520.  
14521. [CTUpdate]
14522. Number=2062
14523. Confirmed=X
14524. Filename=ctupdclt.exe
14525. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabg.html" target= blank>RBOT-ABG</a> WORM!
14526. Source=Paul Collins Startup list
14527.  
14528. [CTxfiHlp]
14529. Number=2063
14530. Confirmed=N
14531. Filename=CTXFIHLP.EXE
14532. Description=Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card
14533.  
14534. Source=Paul Collins Startup list
14535.  
14536. [CTXFIREG]
14537. Number=2064
14538. Confirmed=N
14539. Filename=CTxfiReg.exe
14540. Description=Creative Labs sound card driver related. It appears that it isn't required and maybe registration related
14541. Source=Paul Collins Startup list
14542.  
14543. [Ctykd]
14544. Number=2065
14545. Confirmed=X
14546. Filename=[path to file]
14547. Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_SMALL.SN&VSect=Td" target=_blank>SMALL.SN</a> spyware
14548. Source=Paul Collins Startup list
14549.  
14550. [CU1]
14551. Number=2066
14552. Confirmed=X
14553. Filename=VCClient.exe
14554. Description=Associated with the Surf Sidekick adware and should be removed
14555. Source=Paul Collins Startup list
14556.  
14557. [CU2]
14558. Number=2067
14559. Confirmed=X
14560. Filename=VCMain.exe
14561. Description=Associated with the Surf Sidekick adware and should be removed
14562. Source=Paul Collins Startup list
14563.  
14564. [cuagentExe]
14565. Number=2068
14566. Confirmed=Y
14567. Filename=Cuagent.exe
14568. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
14569. Source=Paul Collins Startup list
14570.  
14571. [cuo]
14572. Number=2069
14573. Confirmed=X
14574. Filename=cuo.exe
14575. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A" target="_blank">BUGBEAR.A</a> WORM!
14576. Source=Paul Collins Startup list
14577.  
14578. [Current Security Config]
14579. Number=2070
14580. Confirmed=X
14581. Filename=csecure.exe
14582. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamo.html" target=_blank>RBOT-AMO</a> WORM!
14583. Source=Paul Collins Startup list
14584.  
14585. [cursor]
14586. Number=2071
14587. Confirmed=N
14588. Filename=Screendragon_VS_Taskbar.exe
14589. Description=<a href="http://www.screendragon.com/" target="_blank">ScreenDragon</a> video player
14590. Source=Paul Collins Startup list
14591.  
14592. [CursorXP]
14593. Number=2072
14594. Confirmed=N
14595. Filename=CursorXP.exe
14596. Description=<a href="http://www.stardock.com/products/cursorxp/" target="_blank">CursorXP</a> from Stardock - tool for creating mouse cursors
14597. Source=Paul Collins Startup list
14598.  
14599. [Customizer2000]
14600. Number=2073
14601. Confirmed=U
14602. Filename=logon.exe
14603. Description=Automatic logon feature of <a href="http://www.hot-shareware.com/utilities/customizer-2000/" target="_blank">Customizer 2000</a> - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
14604. Source=Paul Collins Startup list
14605.  
14606. [CuteMX]
14607. Number=2074
14608. Confirmed=N
14609. Filename=CuteMX.EXE
14610. Description=File sharing utility
14611. Source=Paul Collins Startup list
14612.  
14613. [cvmonitor.exe]
14614. Number=2075
14615. Confirmed=X
14616. Filename=cvmonitor.exe
14617. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV" target="_blank">SDBOT.BV</a> WORM!
14618. Source=Paul Collins Startup list
14619.  
14620. [CVPND]
14621. Number=2076
14622. Confirmed=Y
14623. Filename=cvpnd.exe
14624. Description=Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
14625. Source=Paul Collins Startup list
14626.  
14627. [CW]
14628. Number=2077
14629. Confirmed=U
14630. Filename=cw4.exe
14631. Description=<a href="http://www.zemericks.com/products/chatwatch/index.asp" target=_blank>Chat Watch</a> "is a monitoring and logging software for online chat and instant messaging programs"
14632. Source=Paul Collins Startup list
14633.  
14634. [CWatch]
14635. Number=2078
14636. Confirmed=U
14637. Filename=cw.exe
14638. Description=<a href="http://www.zemericks.com/products/chatwatch/index.asp" target="_blank">ChatWatch</a> - chat monitoring tool
14639. Source=Paul Collins Startup list
14640.  
14641. [cwbckver]
14642. Number=2079
14643. Confirmed=N
14644. Filename=cwbckver.exe
14645. Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
14646. Source=Paul Collins Startup list
14647.  
14648. [cwbinhlp]
14649. Number=2080
14650. Confirmed=N
14651. Filename=cwbinhlp.exe
14652. Description=Client Access Help Registry Update Function - part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
14653. Source=Paul Collins Startup list
14654.  
14655. [cwbsvstr]
14656. Number=2081
14657. Confirmed=N
14658. Filename=cwbsvstr.exe
14659. Description=Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
14660. Source=Paul Collins Startup list
14661.  
14662. [cwbwlwiz]
14663. Number=2082
14664. Confirmed=?
14665. Filename=cwbwlwiz.exe
14666. Description=Welcome wizard launcher - Part of IBM's <a href="http://www-1.ibm.com/servers/eserver/iseries/access/" target="_blank">iSeries</a> (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. <font color="#FF0000">What does it do and is it required?</font>
14667. Source=Paul Collins Startup list
14668.  
14669. [Cwcdschk.exe]
14670. Number=2083
14671. Confirmed=?
14672. Filename=Cwcdschk.exe
14673. Description=<font color="#FF0000">IBM Thinkpad related?</font>
14674. Source=Paul Collins Startup list
14675.  
14676. [cwcptray]
14677. Number=2084
14678. Confirmed=U
14679. Filename=cwcptray.exe
14680. Description=Related to <a href="http://www.contentwatch.com/" target=_blank>ContentWatch</a> Parental Control internet filter
14681. Source=Paul Collins Startup list
14682.  
14683. [cwingllib]
14684. Number=2085
14685. Confirmed=X
14686. Filename=atllsimm.exe
14687. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
14688. Source=Paul Collins Startup list
14689.  
14690. [cwupdate]
14691. Number=2086
14692. Confirmed=U
14693. Filename=cwupdate.exe
14694. Description=<a href="http://www.contentwatch.com/products/contentprotect.php" target=_blank>ContentProtect</a> from ContentWatch - internet filter
14695. Source=Paul Collins Startup list
14696.  
14697. [CXMon]
14698. Number=2087
14699. Confirmed=N
14700. Filename=Hpi_Monitor.exe
14701. Description=Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs
14702. Source=Paul Collins Startup list
14703.  
14704. [Cyber]
14705. Number=2088
14706. Confirmed=N
14707. Filename=cyberchk.exe
14708. Description=Part of Belkins "Multimedia Cleaning Kit" and is 
14709. automatically installed when you run their optical disk drive cleaning utility - to remind 
14710. you to clean your drive after "x" amount of time has passed
14711. Source=Paul Collins Startup list
14712.  
14713. [Cyber Trio]
14714. Number=2089
14715. Confirmed=U
14716. Filename=showmode.exe
14717. Description=From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
14718. Source=Paul Collins Startup list
14719.  
14720. [Cyber-Defender 2003]
14721. Number=2090
14722. Confirmed=U
14723. Filename=uwcdsvr.exe
14724. Description=<a href="http://www.pcworld.com/downloads/file/fid,24815-order,1-page,1-c,alldownloads/description.html" target="_blank">Cyber Defender 2003</a>
14725. Source=Paul Collins Startup list
14726.  
14727. [cyberfree.exe]
14728. Number=2091
14729. Confirmed=X
14730. Filename=****.dat [* = random char]
14731. Description=Unidentified adware
14732. Source=Paul Collins Startup list
14733.  
14734. [Cyberhawk]
14735. Number=2092
14736. Confirmed=U
14737. Filename=CHTray.exe
14738. Description=<a href="http://www.novatix.com/" target="_blank">Cyberhawk</a> from Novatix. Protects against viruses, spyware, identity theft
14739. Source=Paul Collins Startup list
14740.  
14741. [CyberLat Ram Cleaner]
14742. Number=2093
14743. Confirmed=U
14744. Filename=CLRamCleaner.exe
14745. Description=<a href="http://www.cyberlat.com/ramcleaner/" target="_blank">CyberLat RAM Cleaner</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
14746. Source=Paul Collins Startup list
14747.  
14748. [CyberMedia Agent]
14749. Number=2094
14750. Confirmed=N
14751. Filename=CMAGENT.EXE
14752. Description=Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
14753. Source=Paul Collins Startup list
14754.  
14755. [CyberPatrolNew]
14756. Number=2095
14757. Confirmed=U
14758. Filename=cphq.exe
14759. Description="<a href="http://www.cyberpatrol.com/Default.aspx?id=85&mnuid=2" target="_blank">CyberPatrol</a> is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"
14760. Source=Paul Collins Startup list
14761.  
14762. [CyberWolf]
14763. Number=2096
14764. Confirmed=X
14765. Filename=CyberWolf.exe
14766. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050515-4202-99" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
14767. Source=Paul Collins Startup list
14768.  
14769. [CyDoor]
14770. Number=2097
14771. Confirmed=X
14772. Filename=CD_Load.exe
14773. Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
14774. Source=Paul Collins Startup list
14775.  
14776. [CydoorUpdate]
14777. Number=2098
14778. Confirmed=X
14779. Filename=CD_Load.exe
14780. Description=Adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about Cy-Door and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
14781. Source=Paul Collins Startup list
14782.  
14783. [CYNHKey]
14784. Number=2099
14785. Confirmed=?
14786. Filename=CYNHKey.exe
14787. Description=<font color="#FF0000">??</font>
14788. Source=Paul Collins Startup list
14789.  
14790. [CyphTray]
14791. Number=2100
14792. Confirmed=N
14793. Filename=CyphTray.exe
14794. Description=<a href="http://www.cypherus.com/" target="_blank">Cypherus</a> - encryption software
14795. Source=Paul Collins Startup list
14796.  
14797. [CypressLinkMon]
14798. Number=2101
14799. Confirmed=U
14800. Filename=CypressLinkMon.exe
14801. Description=Related to <a href="http://cardiology.usa.siemens.com/products-and-it-systems/cardiology-products/ultrasound/acuson-cypress-cardiovascular-system/applications-and-software.aspx" target="_blank">CypressViewer</a> from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"
14802. Source=Paul Collins Startup list
14803.  
14804. [D SYSTEM]
14805. Number=2102
14806. Confirmed=X
14807. Filename=dd.exe
14808. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfn.html" target=_blank>MYTOB-FN</a> WORM!
14809. Source=Paul Collins Startup list
14810.  
14811. [D-Link Air USB Utility]
14812. Number=2103
14813. Confirmed=Y
14814. Filename=AirCFG.exe
14815. Description=D-Link wireless PCI adapter related
14816. Source=Paul Collins Startup list
14817.  
14818. [D-Link Air Utility]
14819. Number=2104
14820. Confirmed=Y
14821. Filename=AirCFG.exe
14822. Description=D-Link wireless PCI adapter related
14823. Source=Paul Collins Startup list
14824.  
14825. [D-Link AirPlus DWL-650+ Utility]
14826. Number=2105
14827. Confirmed=N
14828. Filename=WLANMON.exe
14829. Description=D-Link Air Plus Wireless PC modem connection monitor
14830. Source=Paul Collins Startup list
14831.  
14832. [D-Link AirPlus G]
14833. Number=2106
14834. Confirmed=Y
14835. Filename=AirGCFG.exe
14836. Description=D-Link Airplus Wireless Router driver
14837. Source=Paul Collins Startup list
14838.  
14839. [D-Link AirPlus G Wireless Utility]
14840. Number=2107
14841. Confirmed=Y
14842. Filename=AirPlus.exe
14843. Description=D-Link <a href="http://www.dlink.com/products/category.asp?cid=1&sec=0#cid_75" target="_blank">AirPlus G</a> wireless configuration and monitoring utility
14844. Source=Paul Collins Startup list
14845.  
14846. [D-Link AirPlus XtremeG]
14847. Number=2108
14848. Confirmed=U
14849. Filename=AirPlusCFG.exe
14850. Description=D-Link AirPlus XtremeG wireless configuration utility
14851. Source=Paul Collins Startup list
14852.  
14853. [D066UUtility]
14854. Number=2109
14855. Confirmed=N
14856. Filename=D066UUTY.EXE
14857. Description=TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
14858. Source=Paul Collins Startup list
14859.  
14860. [D3**.exe [* = random char]]
14861. Number=2110
14862. Confirmed=X
14863. Filename=D3**.exe [* = random char]
14864. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
14865. Source=Paul Collins Startup list
14866.  
14867. [D3**32.exe [* = random char]]
14868. Number=2111
14869. Confirmed=X
14870. Filename=D3**32.exe [* = random char]
14871. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
14872. Source=Paul Collins Startup list
14873.  
14874. [d3dupdate.exe]
14875. Number=2112
14876. Confirmed=X
14877. Filename=bbeagle.exe
14878. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011815-3332-99" target="_blank">BEAGLE.A</a> WORM!
14879. Source=Paul Collins Startup list
14880.  
14881. [D4]
14882. Number=2113
14883. Confirmed=U
14884. Filename=D4.exe
14885. Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
14886. Source=Paul Collins Startup list
14887.  
14888. [dabrun]
14889. Number=2114
14890. Confirmed=X
14891. Filename=rundll32.exe [path] dabapi.dll, Rundll32
14892. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=SinaUpdateCenter&threatid=91264" target="_blank">SinaUpdateCenter</a> adware
14893. Source=Paul Collins Startup list
14894.  
14895. [DACONFIGEXE]
14896. Number=2115
14897. Confirmed=N
14898. Filename=daconfig.exe
14899. Description=3Com NIC Diagnostics. Available via Start -> Programs
14900. Source=Paul Collins Startup list
14901.  
14902. [DadApp]
14903. Number=2116
14904. Confirmed=Y
14905. Filename=dadapp.exe
14906. Description="DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell
14907. Source=Paul Collins Startup list
14908.  
14909. [Daemon]
14910. Number=2117
14911. Confirmed=N
14912. Filename=DAEMON32.EXE
14913. Description=Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs
14914. Source=Paul Collins Startup list
14915.  
14916. [Daemon]
14917. Number=2118
14918. Confirmed=U
14919. Filename=Daemon.exe
14920. Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
14921. Source=Paul Collins Startup list
14922.  
14923. [Daemon]
14924. Number=2119
14925. Confirmed=X
14926. Filename=daemon.exe c daemon2.exe
14927. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031320-4753-99" target=_blank>SELOTIMA.A</a> WORM!
14928. Source=Paul Collins Startup list
14929.  
14930. [DAEMON Tools-1033]
14931. Number=2120
14932. Confirmed=U
14933. Filename=Daemon.exe
14934. Description=<a href="http://www.daemon-tools.net/main.htm" target="_blank">Daemon Tools</a> - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
14935. Source=Paul Collins Startup list
14936.  
14937. [Daily Planner]
14938. Number=2121
14939. Confirmed=N
14940. Filename=dayplan.exe
14941. Description=Daily Planner - discontinued, and now part of <a href="http://www.kmcsonline.com/index.html" target="_blank">KMCS Deluxe System Suite</a>. Tool to plan your days, and check activities off as you complete them
14942. Source=Paul Collins Startup list
14943.  
14944. [Daily Weather Forecast]
14945. Number=2122
14946. Confirmed=X
14947. Filename=weather.exe
14948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderip.html" target= blank>DLOADER-IP</a> TROJAN!
14949. Source=Paul Collins Startup list
14950.  
14951. [DamedWare Services]
14952. Number=2123
14953. Confirmed=X
14954. Filename=dwdrce.exe
14955. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoj.html" target=_blank>RBOT-AOJ</a> WORM!
14956. Source=Paul Collins Startup list
14957.  
14958. [Dancer]
14959. Number=2124
14960. Confirmed=U
14961. Filename=DncLE.exe
14962. Description=Part of Microsoft Plus! Digital Media Edition - see <a href="http://www.microsoft.com/windows/plus/dme_more/moreupdates.asp" target=_blank>here</a>
14963. Source=Paul Collins Startup list
14964.  
14965. [Danton*]
14966. Number=2125
14967. Confirmed=X
14968. Filename=[random filename]
14969. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032114-0525-99" target="_blank">DANTON</a> TROJAN! where * = random number
14970. Source=Paul Collins Startup list
14971.  
14972. [Dap]
14973. Number=2126
14974. Confirmed=N
14975. Filename=DAP.exe
14976. Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
14977. Source=Paul Collins Startup list
14978.  
14979. [dark]
14980. Number=2127
14981. Confirmed=X
14982. Filename=imgst.scr
14983. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-0214-99" target="_blank">BANCOS.U</a> TROJAN!
14984. Source=Paul Collins Startup list
14985.  
14986. [dark]
14987. Number=2128
14988. Confirmed=X
14989. Filename=imgrt.scr
14990. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfh.html" target=_blank>BANCBAN-FH</a> TROJAN!
14991. Source=Paul Collins Startup list
14992.  
14993. [dark]
14994. Number=2129
14995. Confirmed=X
14996. Filename=csrs.scr
14997. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangt.html" target=_blank>BANCBAN-GT</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbancbangu.html" target=_blank>BANCBAN-GU</a> TROJANS!
14998. Source=Paul Collins Startup list
14999.  
15000. [DarkDevil.Grasiele.BR]
15001. Number=2130
15002. Confirmed=X
15003. Filename=Grasiele.VBS
15004. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081314-3600-99" target="_blank">LEMBRA</a> WORM!
15005. Source=Paul Collins Startup list
15006.  
15007. [DarKNesS LsasS]
15008. Number=2131
15009. Confirmed=X
15010. Filename=LsasS23.exe
15011. Description=Added by an unidentified WORM or TROJAN!
15012. Source=Paul Collins Startup list
15013.  
15014. [DashIE]
15015. Number=2132
15016. Confirmed=?
15017. Filename=N/A
15018. Description=<font color="#FF0000">Could be related to "Dash Power Shopping" tool bar in IE?</font>
15019. Source=Paul Collins Startup list
15020.  
15021. [dasxdads]
15022. Number=2133
15023. Confirmed=X
15024. Filename=fsdqd.exe
15025. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090917-0113-99" target="_blank">GAOBOT.BIQ</a> WORM!
15026. Source=Paul Collins Startup list
15027.  
15028. [Data]
15029. Number=2134
15030. Confirmed=X
15031. Filename=System.dat.vbs
15032. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
15033. Source=Paul Collins Startup list
15034.  
15035. [data]
15036. Number=2135
15037. Confirmed=X
15038. Filename=msngs.exe
15039. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadq.html" target=_blank>RBOT-ADQ</a> WORM!
15040. Source=Paul Collins Startup list
15041.  
15042. [Data LifeGuard]
15043. Number=2136
15044. Confirmed=N
15045. Filename=BACKWE~1.EXE
15046. Description=Data LifeGuard diagnostic tools for Western Digital's series of hard drives
15047. Source=Paul Collins Startup list
15048.  
15049. [Data LifeGuard LifeLine Lite installer]
15050. Number=2137
15051. Confirmed=N
15052. Filename=DLGLI.EXE
15053. Description=Backweb installer - see <a href="http://www.cexx.org/dlgli.htm" target="_blank"> here</a>
15054. Source=Paul Collins Startup list
15055.  
15056. [Data Restore Service]
15057. Number=2138
15058. Confirmed=X
15059. Filename=prq8.exe
15060. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3749-99" target= blank>KELVIR.AI</a> WORM!
15061. Source=Paul Collins Startup list
15062.  
15063. [Data789]
15064. Number=2139
15065. Confirmed=X
15066. Filename=Regedit.exe ....data789.tmp
15067. Description=Homepage hijacker
15068. Source=Paul Collins Startup list
15069.  
15070. [DATABASE MySql]
15071. Number=2140
15072. Confirmed=X
15073. Filename=[path] repcale.exe [path] beird.exe
15074. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
15075. Source=Paul Collins Startup list
15076.  
15077. [DataCaching]
15078. Number=2141
15079. Confirmed=N
15080. Filename=FlashKsk.exe
15081. Description=<a href="http://www.smartdisk.com" target="_blank">SmartMedia Card</a> management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon
15082. Source=Paul Collins Startup list
15083.  
15084. [DataKeeper]
15085. Number=2142
15086. Confirmed=U
15087. Filename=DataKeeper.exe
15088. Description=PowerQuest DataKeeper (now owned by <a href="http://www.symantec.com/" target="_blank">Symantec</a>) backup software
15089. Source=Paul Collins Startup list
15090.  
15091. [DataLayer]
15092. Number=2143
15093. Confirmed=U
15094. Filename=DataLayer.exe
15095. Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
15096. Source=Paul Collins Startup list
15097.  
15098. [DataViz Inc Messenger]
15099. Number=2144
15100. Confirmed=X
15101. Filename=DvzIncMsgr.exe
15102. Description=Installed with <a href="http://www.dataviz.com/products/documentstogo/" target= blank>DataViz</a> "Documents to Go" software
15103. Source=Paul Collins Startup list
15104.  
15105. [DataViz Messenger]
15106. Number=2145
15107. Confirmed=N
15108. Filename=DvzMsgr.exe
15109. Description=<a href="http://www.dataviz.com/products/documentstogo/" target="_blank">DataViz Documents to Go</a> - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"
15110. Source=Paul Collins Startup list
15111.  
15112. [Datcheck]
15113. Number=2146
15114. Confirmed=X
15115. Filename=datcheck.exe
15116. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-010412-0842-99" target="_blank">KEYPANIC</a> TROJAN!
15117. Source=Paul Collins Startup list
15118.  
15119. [Date Manager]
15120. Number=2147
15121. Confirmed=X
15122. Filename=datemanager.exe
15123. Description=Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
15124. Source=Paul Collins Startup list
15125.  
15126. [Datechecker]
15127. Number=2148
15128. Confirmed=?
15129. Filename=N/A
15130. Description=<font color="#FF0000">Could be related to <a href="http://www.simtel.net/pub/pd/9379.html" target="_blank">this</a>?</font>
15131. Source=Paul Collins Startup list
15132.  
15133. [DateMakerIntl]
15134. Number=2149
15135. Confirmed=X
15136. Filename=DateMakerIntl.exe
15137. Description=Premium rate adult content dialler
15138. Source=Paul Collins Startup list
15139.  
15140. [DAupdate]
15141. Number=2150
15142. Confirmed=X
15143. Filename=DAupdate.exe
15144. Description=NavEnhance adware
15145. Source=Paul Collins Startup list
15146.  
15147. [DAW9532.exe]
15148. Number=2151
15149. Confirmed=?
15150. Filename=DAW9532.EXE
15151. Description=Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. <font color="#FF0000">Is it required?</font>
15152. Source=Paul Collins Startup list
15153.  
15154. [DayToday]
15155. Number=2152
15156. Confirmed=U
15157. Filename=DAYTODAY.EXE
15158. Description=<a href="http://www.locutuscodeware.com/daytoday.htm" target="_blank">DayToday</a> from RoboMagic Software Corp. Displays the date on the taskbar
15159. Source=Paul Collins Startup list
15160.  
15161. [DAZEL Delivery Agent]
15162. Number=2153
15163. Confirmed=U
15164. Filename=DcDaemon.exe
15165. Description=Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP
15166. Source=Paul Collins Startup list
15167.  
15168. [dbserv]
15169. Number=2154
15170. Confirmed=N
15171. Filename=dbserv.exe
15172. Description=Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
15173. Source=Paul Collins Startup list
15174.  
15175. [DC6_Check]
15176. Number=2155
15177. Confirmed=N
15178. Filename=uwasdc.exe
15179. Description=WinAntiSpyware 2006 spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
15180. Source=Paul Collins Startup list
15181.  
15182. [DC6_check]
15183. Number=2156
15184. Confirmed=N
15185. Filename=dc6_startupmon.exe
15186. Description=WinAntiVirus 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
15187. Source=Paul Collins Startup list
15188.  
15189. [dc6_check]
15190. Number=2157
15191. Confirmed=N
15192. Filename=dcmon.exe
15193. Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
15194. Source=Paul Collins Startup list
15195.  
15196. [DCE Manager]
15197. Number=2158
15198. Confirmed=X
15199. Filename=dcemgr.exe
15200. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032112-1138-99" target="_blank">TUMAG</a> TROJAN!
15201. Source=Paul Collins Startup list
15202.  
15203. [DCfssvc]
15204. Number=2159
15205. Confirmed=U
15206. Filename=dcfssvc.exe
15207. Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
15208. Source=Paul Collins Startup list
15209.  
15210. [dcfssve]
15211. Number=2160
15212. Confirmed=U
15213. Filename=dcfssvc.exe
15214. Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
15215. Source=Paul Collins Startup list
15216.  
15217. [Dcom System Patch]
15218. Number=2161
15219. Confirmed=X
15220. Filename=Microsoft.exe
15221. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.MS&VSect=P" target=_blank>RANDEX.MS</a> WORM!
15222. Source=Paul Collins Startup list
15223.  
15224. [dcsm]
15225. Number=2162
15226. Confirmed=N
15227. Filename=dcsm.exe
15228. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
15229. Source=Paul Collins Startup list
15230.  
15231. [DDCActiveMenu]
15232. Number=2163
15233. Confirmed=N
15234. Filename=DDCActiveMenu.exe
15235. Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
15236. Source=Paul Collins Startup list
15237.  
15238. [DDCM]
15239. Number=2164
15240. Confirmed=N
15241. Filename=DDCMan.exe
15242. Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
15243. Source=Paul Collins Startup list
15244.  
15245. [DDCMan]
15246. Number=2165
15247. Confirmed=N
15248. Filename=DDCMan.exe
15249. Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
15250. Source=Paul Collins Startup list
15251.  
15252. [ddeproc]
15253. Number=2166
15254. Confirmed=X
15255. Filename=ddeproc.exe
15256. Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
15257. Source=Paul Collins Startup list
15258.  
15259. [ddhelper]
15260. Number=2167
15261. Confirmed=U
15262. Filename=W815DM.EXE
15263. Description=Enuff Parental Control Software by <a href="http://www.akrontech.com/" target=_blank>Akrontech</a>
15264. Source=Paul Collins Startup list
15265.  
15266. [DDialler]
15267. Number=2168
15268. Confirmed=X
15269. Filename=DDialler.exe
15270. Description=Adult content dialler
15271. Source=Paul Collins Startup list
15272.  
15273. [DDriver]
15274. Number=2169
15275. Confirmed=X
15276. Filename=windrv.exe
15277. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
15278. Source=Paul Collins Startup list
15279.  
15280. [DDT]
15281. Number=2170
15282. Confirmed=?
15283. Filename=N/A
15284. Description=<font color="#FF0000">??</font>
15285. Source=Paul Collins Startup list
15286.  
15287. [de32gen]
15288. Number=2171
15289. Confirmed=X
15290. Filename=de32gen.exe
15291. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
15292. Source=Paul Collins Startup list
15293.  
15294. [DeadAIM]
15295. Number=2172
15296. Confirmed=N
15297. Filename=rundll32.exe DeadAIM.ocm, ExportedCheckODLs
15298. Description=<a href="http://www.jdennis.net/DeadAIM/about.php" target="_blank">DeadAIM</a> - feature enhancing product for AOL's Instant Messenger program
15299. Source=Paul Collins Startup list
15300.  
15301. [DealHelperBrwsr]
15302. Number=2173
15303. Confirmed=X
15304. Filename=dhbrwsr.exe
15305. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
15306. Source=Paul Collins Startup list
15307.  
15308. [DealHelperDown]
15309. Number=2174
15310. Confirmed=X
15311. Filename=download.exe
15312. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
15313. Source=Paul Collins Startup list
15314.  
15315. [DealHelperUpdate]
15316. Number=2175
15317. Confirmed=X
15318. Filename=DHUpdt.exe
15319. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target="_blank">DealHelper</a> adware
15320. Source=Paul Collins Startup list
15321.  
15322. [Death.exe]
15323. Number=2176
15324. Confirmed=X
15325. Filename=Death.exe
15326. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelferw.html" target="_blank">DELF-ERW</a> TROJAN!
15327. Source=Paul Collins Startup list
15328.  
15329. [Debug]
15330. Number=2177
15331. Confirmed=X
15332. Filename=DebugW32.exe
15333. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062416-3732-99" target=_blank>GUBED</a> TROJAN!
15334. Source=Paul Collins Startup list
15335.  
15336. [Debugger]
15337. Number=2178
15338. Confirmed=X
15339. Filename=dbg32.exe
15340. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfw.html" target=_blank>MYTOB-FW</a> WORM!
15341. Source=Paul Collins Startup list
15342.  
15343. [Debugger]
15344. Number=2179
15345. Confirmed=X
15346. Filename=explorer32dbg.exe
15347. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
15348. Source=Paul Collins Startup list
15349.  
15350. [Debugger]
15351. Number=2180
15352. Confirmed=X
15353. Filename=iexplore_dbg.exe
15354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
15355. Source=Paul Collins Startup list
15356.  
15357. [debugger]
15358. Number=2181
15359. Confirmed=X
15360. Filename=help.pif
15361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
15362. Source=Paul Collins Startup list
15363.  
15364. [DebugMonitor]
15365. Number=2182
15366. Confirmed=X
15367. Filename=debugmonitor.exe
15368. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031923-1433-99" target="_blank">MYDOOM.BG</a> WORM!
15369. Source=Paul Collins Startup list
15370.  
15371. [DeeEnEs]
15372. Number=2183
15373. Confirmed=U
15374. Filename=DeeEnEs.exe
15375. Description=<a href="http://www.palacio-cristal.com/products/DeeEnEs/" target=_blank>DeeEnEs</a> - automatically updates a dynamic IP address when it changes
15376. Source=Paul Collins Startup list
15377.  
15378. [deejay]
15379. Number=2184
15380. Confirmed=X
15381. Filename=forboo.exe
15382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotay.html" target="_blank">FORBOT-AY</a> WORM!
15383. Source=Paul Collins Startup list
15384.  
15385. [Default]
15386. Number=2185
15387. Confirmed=X
15388. Filename=explore.vbs
15389. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
15390. Source=Paul Collins Startup list
15391.  
15392. [Default]
15393. Number=2186
15394. Confirmed=X
15395. Filename=mtask.vbe
15396. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
15397. Source=Paul Collins Startup list
15398.  
15399. [default]
15400. Number=2187
15401. Confirmed=X
15402. Filename=shell32.exe
15403. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
15404. Source=Paul Collins Startup list
15405.  
15406. [Default System Research]
15407. Number=2188
15408. Confirmed=X
15409. Filename=vhchost.exe
15410. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090114-1936-99" target="_blank">TARNO.I</a> TROJAN!
15411. Source=Paul Collins Startup list
15412.  
15413. [Default web browser]
15414. Number=2189
15415. Confirmed=X
15416. Filename=IexpIore.exe
15417. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoblivionb.html" target="_blank">OBLIVION.B</a> TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"
15418. Source=Paul Collins Startup list
15419.  
15420. [Default_Page_URL]
15421. Number=2190
15422. Confirmed=X
15423. Filename=http://find.naupoint.com
15424. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
15425. Source=Paul Collins Startup list
15426.  
15427. [Default_Search_URL]
15428. Number=2191
15429. Confirmed=X
15430. Filename=http://find.naupoint.com
15431. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
15432. Source=Paul Collins Startup list
15433.  
15434. [defender]
15435. Number=2192
15436. Confirmed=X
15437. Filename=defender25.exe
15438. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097507" target="_blank">DollarRevenue</a> adware
15439. Source=Paul Collins Startup list
15440.  
15441. [defender]
15442. Number=2193
15443. Confirmed=X
15444. Filename=dfndref_7.exe
15445. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DollarRevenue&threatid=42948" target="_blank">DollarRevenue</a> adware
15446. Source=Paul Collins Startup list
15447.  
15448. [defergui]
15449. Number=2194
15450. Confirmed=?
15451. Filename=defergui.exe
15452. Description=Related to IBM Standard Software Installer.  <font color="#FF0000">What does it do and is it required?</font>
15453. Source=Paul Collins Startup list
15454.  
15455. [defragm_check]
15456. Number=2195
15457. Confirmed=X
15458. Filename=defragment.exe
15459. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
15460. Source=Paul Collins Startup list
15461.  
15462. [defragsys]
15463. Number=2196
15464. Confirmed=X
15465. Filename=svchost.exe
15466. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseth.html" target="_blank">BIFROSE-TH</a> TROJAN!  Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
15467. Source=Paul Collins Startup list
15468.  
15469. [defwatch]
15470. Number=2197
15471. Confirmed=U
15472. Filename=defwatch.exe
15473. Description=Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
15474. Source=Paul Collins Startup list
15475.  
15476. [Deko550]
15477. Number=2198
15478. Confirmed=U
15479. Filename=Deko550.exe
15480. Description=Associated with the <a href="http://www.avid.com/products/deko550/" target="_blank">Deko550</a> entry-level SD real-time graphics system from Avid Technology
15481. Source=Paul Collins Startup list
15482.  
15483. [Delay]
15484. Number=2199
15485. Confirmed=U
15486. Filename=delayrun.exe
15487. Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
15488. Source=Paul Collins Startup list
15489.  
15490. [Delayrun]
15491. Number=2200
15492. Confirmed=U
15493. Filename=delayrun.exe
15494. Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
15495. Source=Paul Collins Startup list
15496.  
15497. [delcab]
15498. Number=2201
15499. Confirmed=?
15500. Filename=deltreew.exe C:\cabs
15501. Description=<font color="#FF0000">??<font>
15502. Source=Paul Collins Startup list
15503.  
15504. [Delete Me]
15505. Number=2202
15506. Confirmed=X
15507. Filename=worm.exe
15508. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021218-1022-99" target="_blank">DOOMHUNTER</a> WORM!
15509. Source=Paul Collins Startup list
15510.  
15511. [DeleteHistoryFree]
15512. Number=2203
15513. Confirmed=U
15514. Filename=dhf.exe
15515. Description=<a href="http://www.deletehistoryfree.com/" target=_blank>Delete History Free</a> - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC"
15516.  
15517. Source=Paul Collins Startup list
15518.  
15519. [Dell AIO Printer A***]
15520. Number=2204
15521. Confirmed=N
15522. Filename=dlbabmgr.exe
15523. Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
15524. Source=Paul Collins Startup list
15525.  
15526. [Dell AIO Printer A***]
15527. Number=2205
15528. Confirmed=N
15529. Filename=dlbfbmgr.exe
15530. Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
15531. Source=Paul Collins Startup list
15532.  
15533. [Dell AIO Printer A***]
15534. Number=2206
15535. Confirmed=N
15536. Filename=dlbkbmgr.exe
15537. Description=Dell AIO Printer A*** related (*** = model). Not Required at Startup
15538. Source=Paul Collins Startup list
15539.  
15540. [Dell Alert]
15541. Number=2207
15542. Confirmed=N
15543. Filename=DAMon.exe
15544. Description="Dell Alert" utility, that's supposed to make interaction with Support easier
15545. Source=Paul Collins Startup list
15546.  
15547. [Dell Photo AIO Printer 922]
15548. Number=2208
15549. Confirmed=?
15550. Filename=dlbtbmgr.exe
15551. Description=Dell Photo AIO Printer 922 Device Monitor. <font color="#FF0000">Is it required?</font>
15552. Source=Paul Collins Startup list
15553.  
15554. [Dell Photo AIO Printer 942]
15555. Number=2209
15556. Confirmed=?
15557. Filename=dlbubmgr.exe
15558. Description=Dell Photo AIO Printer 942 Device Monitor. <font color="#FF0000">Is it required?</font>
15559. Source=Paul Collins Startup list
15560.  
15561. [Dell Photo AIO Printer 962]
15562. Number=2210
15563. Confirmed=?
15564. Filename=dlbxmon.exe
15565. Description=Dell Photo AIO Printer 962 Device Monitor. <font color="#FF0000">Is it required?</font>
15566. Source=Paul Collins Startup list
15567.  
15568. [Dell QuickSet]
15569. Number=2211
15570. Confirmed=N
15571. Filename=quickset.exe
15572. Description=Dell taskbar icon allowing you to quickly change settings
15573. Source=Paul Collins Startup list
15574.  
15575. [Dell Wireless Manager UI]
15576. Number=2212
15577. Confirmed=U
15578. Filename=WLTRAY
15579. Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
15580. Source=Paul Collins Startup list
15581.  
15582. [Dell Wireless Manager UI]
15583. Number=2213
15584. Confirmed=N
15585. Filename=wltray.exe
15586. Description=System tray access to wireless LAN card configuration options
15587.  
15588. Source=Paul Collins Startup list
15589.  
15590. [DellDMI]
15591. Number=2214
15592. Confirmed=?
15593. Filename=delldmi.exe
15594. Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?</font>
15595. Source=Paul Collins Startup list
15596.  
15597. [DELLMMKB]
15598. Number=2215
15599. Confirmed=U
15600. Filename=DELLMMKB.EXE
15601. Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
15602. Source=Paul Collins Startup list
15603.  
15604. [DellSC]
15605. Number=2216
15606. Confirmed=N
15607. Filename=dellsc.exe
15608. Description=Dell Solution Center - web-based troubleshooting tools and educational offerings
15609. Source=Paul Collins Startup list
15610.  
15611. [DellSupport]
15612. Number=2217
15613. Confirmed=U
15614. Filename=DSAgnt.exe
15615. Description=Dell Support Agent offers additional support and update features for your Dell computer or laptop
15616. Source=Paul Collins Startup list
15617.  
15618. [DellTouch]
15619. Number=2218
15620. Confirmed=U
15621. Filename=MMKeybd.exe
15622. Description=Dell multimedia keyboard manager. Required if you use the additional keys
15623. Source=Paul Collins Startup list
15624.  
15625. [DellTouch]
15626. Number=2219
15627. Confirmed=U
15628. Filename=DELLMMKB.EXE
15629. Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
15630. Source=Paul Collins Startup list
15631.  
15632. [delmsbb]
15633. Number=2220
15634. Confirmed=X
15635. Filename=delmsbb.exe
15636. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
15637. Source=Paul Collins Startup list
15638.  
15639. [delsaap]
15640. Number=2221
15641. Confirmed=X
15642. Filename=delsaap.exe
15643. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
15644. Source=Paul Collins Startup list
15645.  
15646. [delstart]
15647. Number=2222
15648. Confirmed=?
15649. Filename=delstart.exe
15650. Description=Reportedly part of BT ISP software - <font color="#FF0000">what does it do and is it required in startup?</font>
15651. Source=Paul Collins Startup list
15652.  
15653. [delsubmit]
15654. Number=2223
15655. Confirmed=X
15656. Filename=rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe
15657. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
15658. Source=Paul Collins Startup list
15659.  
15660. [DelTmp]
15661. Number=2224
15662. Confirmed=?
15663. Filename=DelTemp.exe
15664. Description=Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. <font color="#FF0000">Deletes temporary files once an installation is complete?</font>
15665. Source=Paul Collins Startup list
15666.  
15667. [DeltTray]
15668. Number=2225
15669. Confirmed=N
15670. Filename=deltray.exe
15671. Description=System Tray access to the control panel for the M-Audio <a href="http://www.m-audio.com/products/en_us/Delta44-main.html" target="_blank">Delta 44</a> PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
15672. Source=Paul Collins Startup list
15673.  
15674. [DeluxeCommunications]
15675. Number=2226
15676. Confirmed=X
15677. Filename=Dxc.exe
15678. Description=Deluxe Communications, a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112118-0309-99" target="_blank">SurfSideKick</a> adware variant
15679. Source=Paul Collins Startup list
15680.  
15681. [DELXP Protocol]
15682. Number=2227
15683. Confirmed=X
15684. Filename=delxp.exe
15685. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
15686. Source=Paul Collins Startup list
15687.  
15688. [demon]
15689. Number=2228
15690. Confirmed=?
15691. Filename=demon.exe
15692. Description=Part of the French Wanadoo ADSL extense pack. <font color="#FF0000"> What does it do and is it required?</font>
15693. Source=Paul Collins Startup list
15694.  
15695. [Deneca]
15696. Number=2229
15697. Confirmed=X
15698. Filename=Virus salvado
15699. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050909-4602-99" target= blank>DELUZ</a> VIRUS!
15700. Source=Paul Collins Startup list
15701.  
15702. [DepFrez]
15703. Number=2230
15704. Confirmed=U
15705. Filename=frzstate.exe
15706. Description=<a href="http://www.faronics.com/html/deepfreeze.asp" target="_blank">Deep Freeze</a> from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
15707. Source=Paul Collins Startup list
15708.  
15709. [Description of Shortcuts]
15710. Number=2231
15711. Confirmed=?
15712. Filename=*.exe
15713. Description=<font color="#FF0000">* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)</font>
15714. Source=Paul Collins Startup list
15715.  
15716. [Desire]
15717. Number=2232
15718. Confirmed=X
15719. Filename=desires.exe
15720. Description=Adult content dialler
15721. Source=Paul Collins Startup list
15722.  
15723. [desk-top-service]
15724. Number=2233
15725. Confirmed=?
15726. Filename=desk-top-service.exe
15727. Description=<font color="#FF0000">??</font>
15728. Source=Paul Collins Startup list
15729.  
15730. [DeskAd Service]
15731. Number=2234
15732. Confirmed=X
15733. Filename=DeskAdServ.exe
15734. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090749" target= blank>DeskAd.Service</a> adware
15735. Source=Paul Collins Startup list
15736.  
15737. [DeskColor]
15738. Number=2235
15739. Confirmed=N
15740. Filename=DESKCOLOR.EXE
15741. Description=Provides transparent icon text backgrounds and coloured icon text
15742. Source=Paul Collins Startup list
15743.  
15744. [Deskflag]
15745. Number=2236
15746. Confirmed=N
15747. Filename=Deskflag.exe
15748. Description=<a href="http://www.deskflag.com/" target="_blank">DeskFlag</a> - animated USA flag on the desktop
15749. Source=Paul Collins Startup list
15750.  
15751. [DeskMateAutoUpdate]
15752. Number=2237
15753. Confirmed=X
15754. Filename=DeskMateAutoUpdate.exe
15755. Description=DeskMates: Virtual scantily clad girls enhance your desktop. <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068324" target=_blank>BargainBuddy</a> adware related
15756. Source=Paul Collins Startup list
15757.  
15758. [Desksite CMA]
15759. Number=2238
15760. Confirmed=U
15761. Filename=cma.exe
15762. Description=DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
15763. Source=Paul Collins Startup list
15764.  
15765. [Desktop]
15766. Number=2239
15767. Confirmed=X
15768. Filename=rundll32.exe msconfd.dll, Restore ControlPanel
15769. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122014-1527-99" target="_blank">BOOKMARKER</a> TROJAN!
15770. Source=Paul Collins Startup list
15771.  
15772. [desktop]
15773. Number=2240
15774. Confirmed=X
15775. Filename=desktop.exe
15776. Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_md.shtml" target=_blank>SDBOT.MD</a> WORM!
15777. Source=Paul Collins Startup list
15778.  
15779. [Desktop]
15780. Number=2241
15781. Confirmed=X
15782. Filename=Desktop.com
15783. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdrn.html" target="_blank">VB-DRN</a> WORM!
15784. Source=Paul Collins Startup list
15785.  
15786. [Desktop Architect]
15787. Number=2242
15788. Confirmed=N
15789. Filename=DATRAY.EXE
15790. Description=Desktop theme manager available <a href="http://www.pcworld.com/downloads/file/fid,6503-order,1-page,1-c,alldownloads/description.html" target="_blank">here</a> - for managing the desktop appearance, fonts, sounds, etc
15791. Source=Paul Collins Startup list
15792.  
15793. [Desktop Plant]
15794. Number=2243
15795. Confirmed=N
15796. Filename=AZARE10S.PLT
15797. Description=Vritual plant from <a href="http://www.desksoft.com/DesktopPlant.htm" target="_blank">here</a> - this version is an Azalea, there are others so the filename may be different
15798. Source=Paul Collins Startup list
15799.  
15800. [Desktop Search]
15801. Number=2244
15802. Confirmed=X
15803. Filename=desktop.exe
15804. Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> "Desktop Search" hijacker
15805. Source=Paul Collins Startup list
15806.  
15807. [Desktop Service Centre]
15808. Number=2245
15809. Confirmed=?
15810. Filename=DSC.exe
15811. Description=OptusNet DSL or Dial-Up connection software - <font color="#FF0000">is it required?</font>
15812. Source=Paul Collins Startup list
15813.  
15814. [Desktop Weather]
15815. Number=2246
15816. Confirmed=N
15817. Filename=THE WEATHER CHANNEL.exe
15818. Description=<a href="http://www.weather.com/services/desktop.html?from=tutorial" target="_blank">Desktop Weather</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
15819. Source=Paul Collins Startup list
15820.  
15821. [Desktop Weather 3]
15822. Number=2247
15823. Confirmed=N
15824. Filename=THE WEATHER CHANNEL.exe
15825. Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
15826. Source=Paul Collins Startup list
15827.  
15828. [Desktop Weather 3]
15829. Number=2248
15830. Confirmed=N
15831. Filename=THEWEA~1.EXE
15832. Description=<a href="http://www.weather.com/services/desktop.html" target="_blank">Desktop Weather 3</a> by The Weather Channel - provides current temperature, conditions, alerts, etc
15833. Source=Paul Collins Startup list
15834.  
15835. [desktopmgr]
15836. Number=2249
15837. Confirmed=N
15838. Filename=desktopmgr.exe
15839. Description=Synchronisation manager for the cradles for the <a href="http://www.rim.net/products/index.shtml" target="_blank">Research In Motion</a> range of wireless handhelds, including the "Blackberry"
15840. Source=Paul Collins Startup list
15841.  
15842. [DesktopUpdate]
15843. Number=2250
15844. Confirmed=X
15845. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
15846. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
15847. Source=Paul Collins Startup list
15848.  
15849. [DesktopX]
15850. Number=2251
15851. Confirmed=U
15852. Filename=DESKTOPX.EXE
15853. Description=A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
15854. Source=Paul Collins Startup list
15855.  
15856. [deskup]
15857. Number=2252
15858. Confirmed=N
15859. Filename=deskup.exe
15860. Description=Adds Iomega Zip drive icons to the desktop
15861. Source=Paul Collins Startup list
15862.  
15863. [destroyb11]
15864. Number=2253
15865. Confirmed=X
15866. Filename=destroyb11.exe
15867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfko.html" target=_blank>DELF-KO</a> TROJAN!
15868. Source=Paul Collins Startup list
15869.  
15870. [detect]
15871. Number=2254
15872. Confirmed=U
15873. Filename=idetect.exe
15874. Description=<a href="http://www.clasys.com/internet_turbo.html" target="_blank">iNTERNET Turbo</a> from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled
15875. Source=Paul Collins Startup list
15876.  
15877. [detect]
15878. Number=2255
15879. Confirmed=?
15880. Filename=turbodetect.exe
15881. Description=<font color="#FF0000">??</font>
15882. Source=Paul Collins Startup list
15883.  
15884. [Detector]
15885. Number=2256
15886. Confirmed=N
15887. Filename=detector.exe
15888. Description=USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
15889. Source=Paul Collins Startup list
15890.  
15891. [Development Environment]
15892. Number=2257
15893. Confirmed=X
15894. Filename=devenv.exe
15895. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotah.html" target="_blank">DELBOT-AH</a> WORM!
15896. Source=Paul Collins Startup list
15897.  
15898. [DEventAgent]
15899. Number=2258
15900. Confirmed=U
15901. Filename=eventagt.exe
15902. Description=DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
15903. Source=Paul Collins Startup list
15904.  
15905. [Device Configuration Loader]
15906. Number=2259
15907. Confirmed=X
15908. Filename=msdvc32.exe
15909. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
15910.  
15911. Source=Paul Collins Startup list
15912.  
15913. [Device Detector]
15914. Number=2260
15915. Confirmed=U
15916. Filename=DevDetect.exe
15917. Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
15918. Source=Paul Collins Startup list
15919.  
15920. [Device Detector 2]
15921. Number=2261
15922. Confirmed=N
15923. Filename=DevDtct2.exe
15924. Description=Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources
15925. Source=Paul Collins Startup list
15926.  
15927. [Device Manager]
15928. Number=2262
15929. Confirmed=X
15930. Filename=wfxmgr.exe
15931. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.aju&threatid=48893" target="_blank">RBOT.AJU</a> WORM!
15932. Source=Paul Collins Startup list
15933.  
15934. [DeviceDiscovery]
15935. Number=2263
15936. Confirmed=U
15937. Filename=hpotdd01.exe
15938. Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
15939. Source=Paul Collins Startup list
15940.  
15941. [DevicePath]
15942. Number=2264
15943. Confirmed=X
15944. Filename=Proyecto1.exe
15945. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
15946. Source=Paul Collins Startup list
15947.  
15948. [DevicePath]
15949. Number=2265
15950. Confirmed=X
15951. Filename=Root.exe
15952. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
15953. Source=Paul Collins Startup list
15954.  
15955. [Devices]
15956. Number=2266
15957. Confirmed=U
15958. Filename=olesvr.exe
15959. Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
15960. Source=Paul Collins Startup list
15961.  
15962. [Devicewin]
15963. Number=2267
15964. Confirmed=X
15965. Filename=[path to trojan]
15966. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeraev.html" target=_blank>BANKER-AEV</a> TROJAN!
15967. Source=Paul Collins Startup list
15968.  
15969. [devldr16]
15970. Number=2268
15971. Confirmed=U
15972. Filename=devldr16.exe
15973. Description=Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
15974. Source=Paul Collins Startup list
15975.  
15976. [devldr16.exe]
15977. Number=2269
15978. Confirmed=U
15979. Filename=devldr16.exe
15980. Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
15981. Source=Paul Collins Startup list
15982.  
15983. [Devlog]
15984. Number=2270
15985. Confirmed=?
15986. Filename=??
15987. Description=<font color="#FF0000">??</font>
15988. Source=Paul Collins Startup list
15989.  
15990. [Devlog]
15991. Number=2271
15992. Confirmed=?
15993. Filename=devlog.exe
15994. Description=Apparently mainboard/chipset related, by a French company called AS Media - <font color="#FF0000"> what exactly is it, and is it required</font>
15995. Source=Paul Collins Startup list
15996.  
15997. [dfgfdgrergd]
15998. Number=2272
15999. Confirmed=X
16000. Filename=[path to trojan]
16001. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RANKY.CK" target="_blank">RANKY.CK</a> TROJAN!
16002. Source=Paul Collins Startup list
16003.  
16004. [DGJM]
16005. Number=2273
16006. Confirmed=?
16007. Filename=DGJM.exe
16008. Description=<font color="#FF0000">??</font>
16009. Source=Paul Collins Startup list
16010.  
16011. [dgtstart]
16012. Number=2274
16013. Confirmed=X
16014. Filename=dgtstart.exe
16015. Description=<a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=80885" target=_blank>DigitalNames.g</a> adware
16016. Source=Paul Collins Startup list
16017.  
16018. [dguard]
16019. Number=2275
16020. Confirmed=U
16021. Filename=dguard.exe
16022. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
16023. Source=Paul Collins Startup list
16024.  
16025. [DHCP Server]
16026. Number=2276
16027. Confirmed=X
16028. Filename=regsvr.exe
16029. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpr.html" target=_blank>RBOT-PR</a> WORM!
16030. Source=Paul Collins Startup list
16031.  
16032. [dhcpagnt]
16033. Number=2277
16034. Confirmed=Y
16035. Filename=dhcpagnt.exe
16036. Description=Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
16037. Source=Paul Collins Startup list
16038.  
16039. [DHNUXB]
16040. Number=2278
16041. Confirmed=?
16042. Filename=DHNUXB.exe
16043. Description=<font color="#FF0000">??</font>
16044. Source=Paul Collins Startup list
16045.  
16046. [diagent]
16047. Number=2279
16048. Confirmed=N
16049. Filename=diagent.exe
16050. Description=System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs
16051. Source=Paul Collins Startup list
16052.  
16053. [Diagnostic]
16054. Number=2280
16055. Confirmed=X
16056. Filename=diagnostic.exe
16057. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojalphac.html" target="_blank">ALPHA-C</a> TROJAN!
16058. Source=Paul Collins Startup list
16059.  
16060. [Dial22]
16061. Number=2281
16062. Confirmed=X
16063. Filename=dlm.exe
16064. Description=Adult content dialler
16065. Source=Paul Collins Startup list
16066.  
16067. [Dial33]
16068. Number=2282
16069. Confirmed=X
16070. Filename=dlm.exe
16071. Description=Adult content dialler
16072. Source=Paul Collins Startup list
16073.  
16074. [Dialer]
16075. Number=2283
16076. Confirmed=X
16077. Filename=rundll32.exe msa32chk.dll
16078. Description=Unidentfied malware
16079. Source=Paul Collins Startup list
16080.  
16081. [Dialer Control]
16082. Number=2284
16083. Confirmed=U
16084. Filename=dc.exe
16085. Description=<a href="http://www.dialer-control.de/" target="_blank">Dialer-Control</a>. Detects and protects from premium rate p0rn diallers
16086. Source=Paul Collins Startup list
16087.  
16088. [Dialer Detect]
16089. Number=2285
16090. Confirmed=U
16091. Filename=dd.exe
16092. Description=<a href="http://www.dialerdetect.nl/english/main.htm" target=_blank>DialerDetect</a> detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it
16093.  
16094. Source=Paul Collins Startup list
16095.  
16096. [Dialgo SDK]
16097. Number=2286
16098. Confirmed=U
16099. Filename=PhoneAnswer.exe
16100. Description=Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
16101. Source=Paul Collins Startup list
16102.  
16103. [DialNet]
16104. Number=2287
16105. Confirmed=X
16106. Filename=mxt32.exe
16107. Description=Adult content dialler
16108. Source=Paul Collins Startup list
16109.  
16110. [Dialog Box Assistant]
16111. Number=2288
16112. Confirmed=N
16113. Filename=OSDEx.exe
16114. Description=<a href="http://www.win-utilities.com/dba/" target="_blank">Dialog Box Assistant</a> from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
16115. Source=Paul Collins Startup list
16116.  
16117. [Dialog Helper]
16118. Number=2289
16119. Confirmed=N
16120. Filename=PDDLGHLP.EXE
16121. Description=Dialog Helper from PowerDesk Pro by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
16122. Source=Paul Collins Startup list
16123.  
16124. [DialUp Network Application]
16125. Number=2290
16126. Confirmed=X
16127. Filename=Rnaap.exe
16128. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
16129. Source=Paul Collins Startup list
16130.  
16131. [Diamondview]
16132. Number=2291
16133. Confirmed=?
16134. Filename=Diamondview.exe
16135. Description=Manulife Financial Insurance program. <font color="#FF0000">Is it required at startup?<font>
16136. Source=Paul Collins Startup list
16137.  
16138. [DIECOX]
16139. Number=2292
16140. Confirmed=X
16141. Filename=csrss.exe
16142. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100826.htm" target="_blank">ATM.GEN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
16143. Source=Paul Collins Startup list
16144.  
16145. [Diesel]
16146. Number=2293
16147. Confirmed=X
16148. Filename=Recalculate.exe
16149. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
16150. Source=Paul Collins Startup list
16151.  
16152. [DietK]
16153. Number=2294
16154. Confirmed=U
16155. Filename=DietK.exe
16156. Description=Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" 
16157. Source=Paul Collins Startup list
16158.  
16159. [DigiCell]
16160. Number=2295
16161. Confirmed=U
16162. Filename=DigiCell.exe
16163. Description=MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"
16164. Source=Paul Collins Startup list
16165.  
16166. [DigiD]
16167. Number=2296
16168. Confirmed=X
16169. Filename=DigitalSound.exe
16170. Description=Adware downloader
16171.  
16172. Source=Paul Collins Startup list
16173.  
16174. [DigiGuide]
16175. Number=2297
16176. Confirmed=N
16177. Filename=CLIENT.EXE
16178. Description=TV guide and reminder
16179. Source=Paul Collins Startup list
16180.  
16181. [DigiGuide]
16182. Number=2298
16183. Confirmed=N
16184. Filename=client01.exe
16185. Description=TV guide and reminder
16186. Source=Paul Collins Startup list
16187.  
16188. [Digisoft AntiDialer]
16189. Number=2299
16190. Confirmed=U
16191. Filename=AntiDialer.exe
16192. Description=Digisoft <a href="http://www.digisoft.cc/antidialer.asp" target="_blank">AntiDialer</a>
16193. Source=Paul Collins Startup list
16194.  
16195. [DigiSrv]
16196. Number=2300
16197. Confirmed=U
16198. Filename=DigiSrv.exe
16199. Description=Related to camera software from <a href="http://www.digitaldreamco.com/en/index.shtml" target=_blank>DigitalDreams</a>
16200. Source=Paul Collins Startup list
16201.  
16202. [Digital Dashboard]
16203. Number=2301
16204. Confirmed=N
16205. Filename=devgulp.exe
16206. Description=For Compaq PC's. Loads Digital Dashboard options
16207. Source=Paul Collins Startup list
16208.  
16209. [Digital Line Detect]
16210. Number=2302
16211. Confirmed=N
16212. Filename=DLG.exe
16213. Description=Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
16214. Source=Paul Collins Startup list
16215.  
16216. [Digital River eBot]
16217. Number=2303
16218. Confirmed=N
16219. Filename=downlo~1.exe
16220. Description=Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more <a href="http://groups.google.com/group/microsoft.public.win98.setup/browse_frm/thread/b93fc838492e3bba/b2c2f47bc1cc42ed?hl=en&rnum=3&prev=/groups%3Fq%3DDigital%2BRiver%2BeBot%26btnG%3DGoogle%2BSearch%26hl%3Den#b2c2f47bc1cc42ed" target="_blank">here</a>
16221. Source=Paul Collins Startup list
16222.  
16223. [DigitalNames]
16224. Number=2304
16225. Confirmed=X
16226. Filename=DigitalNamesStart.exe
16227. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101109-1008-99" target=_blank>DigitalNames</a> spyware variant
16228. Source=Paul Collins Startup list
16229.  
16230. [DigitalWizard]
16231. Number=2305
16232. Confirmed=N
16233. Filename=ISWizard.exe
16234. Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
16235. Source=Paul Collins Startup list
16236.  
16237. [DigitalWizard Monitor]
16238. Number=2306
16239. Confirmed=N
16240. Filename=dwMon.exe
16241. Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
16242. Source=Paul Collins Startup list
16243.  
16244. [DIGServices]
16245. Number=2307
16246. Confirmed=U
16247. Filename=DIGServices
16248. Description=Created by Disney but licensed to ESPN for watching videos
16249. Source=Paul Collins Startup list
16250.  
16251. [DIGStream]
16252. Number=2308
16253. Confirmed=N
16254. Filename=digstream.exe
16255. Description=DIGStream Cache Manager - part of <a href="http://espn.go.com/motion/download.html" target="_blank">ESPN Motion</a> and <a href="http://disney.go.com/guestservices/disneymotion/about.html" target="_blank"> Disney Motion</a> that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
16256. Source=Paul Collins Startup list
16257.  
16258. [Dimension]
16259. Number=2309
16260. Confirmed=U
16261. Filename=Dimension.exe
16262. Description=Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol
16263. Source=Paul Collins Startup list
16264.  
16265. [Dimension4]
16266. Number=2310
16267. Confirmed=U
16268. Filename=d4.exe
16269. Description=<a href="http://www.thinkman.com/dimension4/index.html" target="_blank">Dimension 4</a> - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
16270. Source=Paul Collins Startup list
16271.  
16272. [Dino3]
16273. Number=2311
16274. Confirmed=X
16275. Filename=dino3.exe
16276. Description=Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
16277. Source=Paul Collins Startup list
16278.  
16279. [Dinst]
16280. Number=2312
16281. Confirmed=X
16282. Filename=dinst.exe
16283. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080410-4405-99" target=_blank>IMIServer/IEPlugin</a> adware
16284. Source=Paul Collins Startup list
16285.  
16286. [Dir1]
16287. Number=2313
16288. Confirmed=X
16289. Filename=caKe
16290. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
16291. Source=Paul Collins Startup list
16292.  
16293. [Direct settings]
16294. Number=2314
16295. Confirmed=X
16296. Filename=sdchost.exe
16297. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonii.html" target=_blank>DAEMONI-I</a> TROJAN!
16298. Source=Paul Collins Startup list
16299.  
16300. [Direct Update]
16301. Number=2315
16302. Confirmed=U
16303. Filename=DUControl.exe
16304. Description=<a href="http://www.directupdate.net/" target="_blank">DirectUpdate</a> dynamic DNS updater
16305. Source=Paul Collins Startup list
16306.  
16307. [Direct X Direct3D]
16308. Number=2316
16309. Confirmed=X
16310. Filename=dxd3d.exe
16311. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
16312.  
16313. Source=Paul Collins Startup list
16314.  
16315. [Direct X Opengl]
16316. Number=2317
16317. Confirmed=X
16318. Filename=dxopengl.exe
16319. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcj.html" target=_blank>RBOT-CJ</a> WORM!
16320.  
16321. Source=Paul Collins Startup list
16322.  
16323. [direct3d.exe]
16324. Number=2318
16325. Confirmed=X
16326. Filename=direct3d.exe
16327. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertiff.html" target=_blank>CERTIF-F</a> TROJAN!
16328. Source=Paul Collins Startup list
16329.  
16330. [DirectCD]
16331. Number=2319
16332. Confirmed=N
16333. Filename=DirectCD.exe
16334. Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
16335. Source=Paul Collins Startup list
16336.  
16337. [directs.exe]
16338. Number=2320
16339. Confirmed=X
16340. Filename=directs.exe
16341. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031815-4737-99" target="_blank">BEAGLE.O</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031810-0304-99" target="_blank">BEAGLE.R</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031810-4223-99" target="_blank">BEAGLE.S</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031811-2858-99" target="_blank">BEAGLE.T</a> WORMS!
16342. Source=Paul Collins Startup list
16343.  
16344. [DIRECTVDSL]
16345. Number=2321
16346. Confirmed=U
16347. Filename=Directvdsl.exe
16348. Description=Starts DirectTV DSL modem at boot up. Can also be started manually
16349. Source=Paul Collins Startup list
16350.  
16351. [DirectX]
16352. Number=2322
16353. Confirmed=X
16354. Filename=ddhelp32.exe
16355. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN! Note - not the DirectX helper which is ddhelp.exe
16356. Source=Paul Collins Startup list
16357.  
16358. [directx]
16359. Number=2323
16360. Confirmed=X
16361. Filename=Directx.exe
16362. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
16363. Source=Paul Collins Startup list
16364.  
16365. [directx]
16366. Number=2324
16367. Confirmed=X
16368. Filename=Sqlexploit.exe
16369. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
16370. Source=Paul Collins Startup list
16371.  
16372. [DirectX]
16373. Number=2325
16374. Confirmed=X
16375. Filename=DirectX.exe
16376. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083018-2656-99" target="_blank">BLAXE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100815-2137-99" target="_blank"> LOGPOLE</a> WORMS!
16377. Source=Paul Collins Startup list
16378.  
16379. [directx]
16380. Number=2326
16381. Confirmed=X
16382. Filename=NTCmd.exe
16383. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
16384. Source=Paul Collins Startup list
16385.  
16386. [directx]
16387. Number=2327
16388. Confirmed=X
16389. Filename=PipeCmd.exe
16390. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020517-3752-99" target="_blank">SDBOT.D</a> TROJAN!
16391. Source=Paul Collins Startup list
16392.  
16393. [DirectX 32]
16394. Number=2328
16395. Confirmed=X
16396. Filename=directx32.exe
16397. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
16398. Source=Paul Collins Startup list
16399.  
16400. [DirectX For Microsoft Windows]
16401. Number=2329
16402. Confirmed=X
16403. Filename=dtxservice.exe
16404. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072515-4207-99" target="_blank">PROGENT</a> TROJAN!
16405. Source=Paul Collins Startup list
16406.  
16407. [DirectX for Microsoft Windows]
16408. Number=2330
16409. Confirmed=X
16410. Filename=Fservice.exe
16411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
16412. Source=Paul Collins Startup list
16413.  
16414. [DirectX for Microsoft Windows]
16415. Number=2331
16416. Confirmed=X
16417. Filename=Sservice.exe
16418. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
16419. Source=Paul Collins Startup list
16420.  
16421. [DirectX For Microsoft« Windows]
16422. Number=2332
16423. Confirmed=X
16424. Filename=fservice.exe
16425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratp.html" target=_blank>PRORAT-P</a> TROJAN!
16426. Source=Paul Collins Startup list
16427.  
16428. [DirectX shell driver]
16429. Number=2333
16430. Confirmed=X
16431. Filename=[path to trojan]
16432. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmarktmanb.html" target=_blank>MARKTMAN-B</a> TROJAN!
16433. Source=Paul Collins Startup list
16434.  
16435. [DirectX Video Driver]
16436. Number=2334
16437. Confirmed=X
16438. Filename=dxterm5.exe
16439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wilaba.html" target=_blank>WILAB-A</a> TROJAN!
16440.  
16441. Source=Paul Collins Startup list
16442.  
16443. [DirectX64]
16444. Number=2335
16445. Confirmed=X
16446. Filename=DirectXset.exe
16447. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100098.htm" target="_blank">BROWNEY.A</a> WORM!
16448. Source=Paul Collins Startup list
16449.  
16450. [DirectX9 Diag]
16451. Number=2336
16452. Confirmed=X
16453. Filename=dx9diag.exe
16454. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalt.html" target=_blank>RBOT-ALT</a> WORM!
16455. Source=Paul Collins Startup list
16456.  
16457. [Dirkey]
16458. Number=2337
16459. Confirmed=U
16460. Filename=Dirkey.exe
16461. Description=<a href="http://www.protonfx.com/dirkey/" target="_blank">Dirkey</a> - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders 
16462. Source=Paul Collins Startup list
16463.  
16464. [Disable EHCI]
16465. Number=2338
16466. Confirmed=?
16467. Filename=nousb20.exe
16468. Description=<font color="#FF0000">??</font>
16469. Source=Paul Collins Startup list
16470.  
16471. [Disc Detector]
16472. Number=2339
16473. Confirmed=N
16474. Filename=CtNotify.exe
16475. Description=For Creative sound cards. Detects when you insert a CD, DVD, etc
16476. Source=Paul Collins Startup list
16477.  
16478. [disc detector]
16479. Number=2340
16480. Confirmed=?
16481. Filename=qnetquestnotifty.exe
16482. Description=<font color="#FF0000">??</font>
16483. Source=Paul Collins Startup list
16484.  
16485. [discoveg]
16486. Number=2341
16487. Confirmed=?
16488. Filename=discoveg.exe
16489. Description=<font color="#FF0000">??</font>
16490. Source=Paul Collins Startup list
16491.  
16492. [DISCover]
16493. Number=2342
16494. Confirmed=?
16495. Filename=DISCover.exe
16496. Description=Related to <a href="http://www.discoverconsole.com/" target="_blank">DISCover Drop</a> from Digital Interactive Systems Corporation. <font color="#FF0000">What does it do and is it required?</font>
16497. Source=Paul Collins Startup list
16498.  
16499. [DiscoverDeskshop]
16500. Number=2343
16501. Confirmed=N
16502. Filename=Deskshop.exe
16503. Description=<a href="http://www2.discovercard.com/deskshop/main.shtml" target="_blank">Discover Deskshop</a> - single use "virtual" credit card
16504. Source=Paul Collins Startup list
16505.  
16506. [DiscUpdateManager]
16507. Number=2344
16508. Confirmed=U
16509. Filename=DiscUpdMgr.exe
16510. Description=Disc Update Manager for Digital interactive's <a href="http://www.discoverconsole.com/" target="_blank">DISCover Console</a>. Provider of on-demand video games
16511. Source=Paul Collins Startup list
16512.  
16513. [Disk Keeper]
16514. Number=2345
16515. Confirmed=X
16516. Filename=[path to trojan]
16517. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallve.html" target=_blank>SMALL-VE</a> TROJAN!
16518. Source=Paul Collins Startup list
16519.  
16520. [Disk Keeper]
16521. Number=2346
16522. Confirmed=X
16523. Filename=SECURITY.EXE
16524. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100409-0013-99" target=_blank>Daosearch</a> adware
16525. Source=Paul Collins Startup list
16526.  
16527. [Disk Manager]
16528. Number=2347
16529. Confirmed=X
16530. Filename=diskver.exe
16531. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQT" target=_blank>RBOT.AQT</a> WORM!
16532. Source=Paul Collins Startup list
16533.  
16534. [Disk Master]
16535. Number=2348
16536. Confirmed=X
16537. Filename=[trojan name]
16538. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111009-4018-99" target="_blank">DISTER</a> TROJAN! - a spam relayer
16539. Source=Paul Collins Startup list
16540.  
16541. [DiskCheck]
16542. Number=2349
16543. Confirmed=X
16544. Filename=msdarkend.exe
16545. Description=Added by an unidentified WORM or TROJAN!
16546. Source=Paul Collins Startup list
16547.  
16548. [DiskeeperSystray]
16549. Number=2350
16550. Confirmed=N
16551. Filename=DkIcon.exe
16552. Description=<a href="http://www.executive.com/defrag/defrag.asp" target=_blank>DisKeeper</a> defragmentation software - can be started manually
16553. Source=Paul Collins Startup list
16554.  
16555. [diskinf]
16556. Number=2351
16557. Confirmed=X
16558. Filename=diskinf.exe
16559. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
16560. Source=Paul Collins Startup list
16561.  
16562. [DISKMON.EXE]
16563. Number=2352
16564. Confirmed=?
16565. Filename=DISKMON.EXE
16566. Description=<font color="#FF0000">??</font>
16567. Source=Paul Collins Startup list
16568.  
16569. [Disknag]
16570. Number=2353
16571. Confirmed=N
16572. Filename=disknag.exe
16573. Description=Dell program that reminds you to make your  backup diskettes
16574. Source=Paul Collins Startup list
16575.  
16576. [Diskstart]
16577. Number=2354
16578. Confirmed=X
16579. Filename=Code.exe
16580. Description=Adult content dialler
16581. Source=Paul Collins Startup list
16582.  
16583. [Diskstart]
16584. Number=2355
16585. Confirmed=X
16586. Filename=cat.exe
16587. Description=MS-Connect dialler
16588. Source=Paul Collins Startup list
16589.  
16590. [Diskstart]
16591. Number=2356
16592. Confirmed=X
16593. Filename=hit.exe
16594. Description=Adult content dialler
16595. Source=Paul Collins Startup list
16596.  
16597. [Diskstart]
16598. Number=2357
16599. Confirmed=X
16600. Filename=Snt.exe
16601. Description=Adult content dialler
16602. Source=Paul Collins Startup list
16603.  
16604. [Disk_Monitor]
16605. Number=2358
16606. Confirmed=U
16607. Filename=Disk_Monitor.exe
16608. Description=Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
16609. Source=Paul Collins Startup list
16610.  
16611. [Dispatcher]
16612. Number=2359
16613. Confirmed=X
16614. Filename=dispatcher.exe
16615. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadras.html" target="_blank">DLOADR-AS</a> TROJAN!
16616. Source=Paul Collins Startup list
16617.  
16618. [display]
16619. Number=2360
16620. Confirmed=U
16621. Filename=The_Eye.exe
16622. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-5002-99" target="_blank">ComSpySysSvr</a> surveillance software. Uninstall this software unless you put it there yourself
16623. Source=Paul Collins Startup list
16624.  
16625. [Display Drivers]
16626. Number=2361
16627. Confirmed=X
16628. Filename=cssrs.exe
16629. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
16630. Source=Paul Collins Startup list
16631.  
16632. [Display Settings]
16633. Number=2362
16634. Confirmed=N
16635. Filename=hptasks.exe
16636. Description=Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers
16637. Source=Paul Collins Startup list
16638.  
16639. [DisplayTrayIcon]
16640. Number=2363
16641. Confirmed=N
16642. Filename=TrayIcon.exe
16643. Description=System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display
16644. Source=Paul Collins Startup list
16645.  
16646. [Disspy]
16647. Number=2364
16648. Confirmed=U
16649. Filename=disspy.exe
16650. Description=<a href="http://www.h-desk.com/new/Features.13.0.html" target= blank>Disspy</a> spyware detection and removal software
16651. Source=Paul Collins Startup list
16652.  
16653. [Distiller Assistant 3.01]
16654. Number=2365
16655. Confirmed=N
16656. Filename=DISTASST.EXE
16657. Description=From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs
16658. Source=Paul Collins Startup list
16659.  
16660. [Distributed File System]
16661. Number=2366
16662. Confirmed=X
16663. Filename=Dfsvc.exe
16664. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080412-0803-99" target=_blank>MYFIP.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112612-3710-99" target=_blank>MYFIP.K</a> WORMS!
16665. Source=Paul Collins Startup list
16666.  
16667. [Distributed File System]
16668. Number=2367
16669. Confirmed=X
16670. Filename=kernel32dll.exe
16671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32myfipc.html" target=_blank>MYFIP-C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112612-3710-99" target=_blank>MYFIP.K</a> WORMS!
16672. Source=Paul Collins Startup list
16673.  
16674. [Distributed File System]
16675. Number=2368
16676. Confirmed=X
16677. Filename=blade.exe
16678. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041509-5302-99" target=_blank>MYFIP.AC</a> WORM!
16679. Source=Paul Collins Startup list
16680.  
16681. [Distributed File System]
16682. Number=2369
16683. Confirmed=U
16684. Filename=win.exe
16685. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040810-5834-99" target=_blank>MYFIP.AB</a> WORM!
16686. Source=Paul Collins Startup list
16687.  
16688. [distributed.net client]
16689. Number=2370
16690. Confirmed=U
16691. Filename=DNETC.EXE
16692. Description=Dsitributed computing projects client from <a href="http://distributed.net/" target="_blank">Distributed.net</a> where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by <a href="http://www1.distributed.net/trojans.php.en" target="_blank">viruses</a>
16693. Source=Paul Collins Startup list
16694.  
16695. [Dit]
16696. Number=2371
16697. Confirmed=Y
16698. Filename=dit.exe
16699. Description="Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found
16700. Source=Paul Collins Startup list
16701.  
16702. [Dit]
16703. Number=2372
16704. Confirmed=X
16705. Filename=dit.exe
16706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder
16707. Source=Paul Collins Startup list
16708.  
16709. [DiTask.exe]
16710. Number=2373
16711. Confirmed=N
16712. Filename=DiTask.exe
16713. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs
16714. Source=Paul Collins Startup list
16715.  
16716. [Divamon.exe]
16717. Number=2374
16718. Confirmed=?
16719. Filename=Divamon.exe
16720. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target=_blank>Eicon Networks</a> Diva ISDN or ADSL modem - <font color="#FF0000">what does it do and is it required?</font>
16721. Source=Paul Collins Startup list
16722.  
16723. [divx]
16724. Number=2375
16725. Confirmed=X
16726. Filename=divxenc.exe
16727. Description=Added to the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042210-0112-99" target= blank>SPBOT.B</a> TROJAN!
16728. Source=Paul Collins Startup list
16729.  
16730. [Divx]
16731. Number=2376
16732. Confirmed=X
16733. Filename=codll.exe
16734. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgravebota.html" target=_blank>GRAVEBOT-A</a> TROJAN!
16735. Source=Paul Collins Startup list
16736.  
16737. [DivX MediaPlayer 7.0]
16738. Number=2377
16739. Confirmed=X
16740. Filename=Dr.DivX.exe
16741. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011518-3235-99" target="_blank">ALADINZ.G</a> TROJAN!
16742. Source=Paul Collins Startup list
16743.  
16744. [DivX Player]
16745. Number=2378
16746. Confirmed=X
16747. Filename=DivXPlayer.exe
16748. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
16749.  
16750. Source=Paul Collins Startup list
16751.  
16752. [DivX Updater]
16753. Number=2379
16754. Confirmed=X
16755. Filename=DivX.Exe
16756. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111114-5143-99" target="_blank">NALDEM</a> TROJAN or MASTAK VIRUS!
16757. Source=Paul Collins Startup list
16758.  
16759. [DIVX Video Player]
16760. Number=2380
16761. Confirmed=X
16762. Filename=DIVXPloyer.exe
16763. Description=Added by an unidentified WORM or TROJAN!
16764. Source=Paul Collins Startup list
16765.  
16766. [Divx4 codec]
16767. Number=2381
16768. Confirmed=X
16769. Filename=devldr32.exe
16770. Description=Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32" target="_blank">devldr32.exe</a> file
16771. Source=Paul Collins Startup list
16772.  
16773. [DJREGFIX]
16774. Number=2382
16775. Confirmed=N
16776. Filename=regedit /s c:\hpdjregfix.reg
16777. Description=DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
16778. Source=Paul Collins Startup list
16779.  
16780. [DJSNetCN]
16781. Number=2383
16782. Confirmed=?
16783. Filename=DJSNetCN.exe
16784. Description="Symantec Licensing Detect Internet Connection", part of Norton Antivirus. <font color="#FF0000">What does it do and is it required?</font>
16785. Source=Paul Collins Startup list
16786.  
16787. [djtopr1150.exe]
16788. Number=2384
16789. Confirmed=X
16790. Filename=djtopr1150.exe
16791. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
16792. Source=Paul Collins Startup list
16793.  
16794. [dKernel]
16795. Number=2385
16796. Confirmed=X
16797. Filename=dKernel.exe
16798. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32decoya.html" target=_blank>DECOY-A</a> WORM!
16799. Source=Paul Collins Startup list
16800.  
16801. [DkService]
16802. Number=2386
16803. Confirmed=Y
16804. Filename=DkService.exe
16805. Description=From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.
16806. Source=Paul Collins Startup list
16807.  
16808. [DKTime]
16809. Number=2387
16810. Confirmed=X
16811. Filename=dktime.exe
16812. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100414-1224-99" target="_blank">LUNII</a> TROJAN!
16813. Source=Paul Collins Startup list
16814.  
16815. [Dkware lptt01]
16816. Number=2388
16817. Confirmed=X
16818. Filename=dkware.exe
16819. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
16820. Source=Paul Collins Startup list
16821.  
16822. [Dkware ml097e]
16823. Number=2389
16824. Confirmed=X
16825. Filename=dkware.exe
16826. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
16827. Source=Paul Collins Startup list
16828.  
16829. [dkzzixm]
16830. Number=2390
16831. Confirmed=?
16832. Filename=dkzzixm.exe
16833. Description=<font color="#FF0000">??</font>
16834. Source=Paul Collins Startup list
16835.  
16836. [dla]
16837. Number=2391
16838. Confirmed=Y
16839. Filename=tfswctrl.exe
16840. Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
16841. Source=Paul Collins Startup list
16842.  
16843. [DLA]
16844. Number=2392
16845. Confirmed=U
16846. Filename=DLACTRLW.EXE
16847. Description=<a href="http://www.sonic.com/" target=_blank>Sonic</a> CD/DVD burning applications
16848.  
16849. Source=Paul Collins Startup list
16850.  
16851. [DlaTray]
16852. Number=2393
16853. Confirmed=N
16854. Filename=Dlatray.exe
16855. Description=System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
16856. Source=Paul Collins Startup list
16857.  
16858. [dlbcserv]
16859. Number=2394
16860. Confirmed=N
16861. Filename=dlbcserv.exe
16862. Description=Related to Dell Photo Printers and provides additional configuration options for these devices
16863. Source=Paul Collins Startup list
16864.  
16865. [DLBUCATS]
16866. Number=2395
16867. Confirmed=U
16868. Filename=DLBUtime.dll, _RunDLLEntry@16
16869. Description=Related to Dell Photo Printers - drivers
16870. Source=Paul Collins Startup list
16871.  
16872. [dlccmon.exe]
16873. Number=2396
16874. Confirmed=?
16875. Filename=dlccmon.exe
16876. Description=Dell Photo AIO Printer 924 Device Monitor. <font color="#FF0000">What does it do and is it required?</font>
16877. Source=Paul Collins Startup list
16878.  
16879. [DLCDCATS]
16880. Number=2397
16881. Confirmed=?
16882. Filename=rundll32 [path] DLCDtime.dll, _RunDLLEntry@16
16883. Description=Related to Dell Photo Printers - <font color="#FF0000">what does it do and is it required in startup?</font>
16884. Source=Paul Collins Startup list
16885.  
16886. [dlcdmon.exe]
16887. Number=2398
16888. Confirmed=N
16889. Filename=dlcdmon.exe
16890. Description=Related to Dell Photo Printers - required in order to use the scanner of the printer. If disabled, scanning cannot occur because the driver isn't running
16891. Source=Paul Collins Startup list
16892.  
16893. [dlcgmon.exe]
16894. Number=2399
16895. Confirmed=U
16896. Filename=dlcgmon.exe
16897. Description=Dell 810 AIO phot printer device monitor. <font color="#FF0000">Is it required?</font>
16898. Source=Paul Collins Startup list
16899.  
16900. [dlder]
16901. Number=2400
16902. Confirmed=X
16903. Filename=dlder.exe
16904. Description=Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080811-0118-99" target="_blank">here</a>). Reported in the past as a virus
16905. Source=Paul Collins Startup list
16906.  
16907. [DlDir1]
16908. Number=2401
16909. Confirmed=X
16910. Filename=caKe
16911. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
16912. Source=Paul Collins Startup list
16913.  
16914. [DLForcerExe]
16915. Number=2402
16916. Confirmed=?
16917. Filename=DLForcerEXE.exe
16918. Description=<font color="#FF0000">??</font>
16919. Source=Paul Collins Startup list
16920.  
16921. [DLF_00000B00]
16922. Number=2403
16923. Confirmed=N
16924. Filename=Vcdlf.exe
16925. Description=Known to cause problems with "Out of memory" errors (see <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q303045" target="_blank">here</a>).<font color="#FF0000"> Otherwise, it's purpose is unknown</font>
16926. Source=Paul Collins Startup list
16927.  
16928. [DLG]
16929. Number=2404
16930. Confirmed=N
16931. Filename=DLGCHBW.exe
16932. Description=Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
16933. Source=Paul Collins Startup list
16934.  
16935. [DLHelperEXE]
16936. Number=2405
16937. Confirmed=N
16938. Filename=WATCH.exe
16939. Description=Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
16940. Source=Paul Collins Startup list
16941.  
16942. [DLHelperEXE.exe]
16943. Number=2406
16944. Confirmed=X
16945. Filename=N/A
16946. Description=Downloader for Microgaming/Casino software - stealth installed
16947. Source=Paul Collins Startup list
16948.  
16949. [dlhost]
16950. Number=2407
16951. Confirmed=X
16952. Filename=dlhost.exe
16953. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojexphooka.html" target=_blank>EXPHOOK-A</a> TROJAN!
16954. Source=Paul Collins Startup list
16955.  
16956. [DLINK dfe drivers for Windows NT]
16957. Number=2408
16958. Confirmed=X
16959. Filename=windfe.exe
16960. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AK" target="_blank">RANDEX.AK</a> WORM!
16961. Source=Paul Collins Startup list
16962.  
16963. [DLink System Tray]
16964. Number=2409
16965. Confirmed=U
16966. Filename=dlnetst.exe
16967. Description=Related to <a href="http://www.dlink.com/products/?pid=284" target=_blank>D-Link</a> DGE-530T PCI card for servers and workstations
16968. Source=Paul Collins Startup list
16969.  
16970. [Dlite]
16971. Number=2410
16972. Confirmed=X
16973. Filename=dllmanager.exe
16974. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DN" target="_blank">WOOTBOT.DN</a> WORM!
16975. Source=Paul Collins Startup list
16976.  
16977. [Dll Boot Loader on Startup (do not remove this)]
16978. Number=2411
16979. Confirmed=X
16980. Filename=[various filenames]
16981. Description=Added by an unidentified TROJAN!
16982. Source=Paul Collins Startup list
16983.  
16984. [DLL Manager]
16985. Number=2412
16986. Confirmed=X
16987. Filename=dllmngr32.exe
16988. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
16989. Source=Paul Collins Startup list
16990.  
16991. [DLL Service Manager]
16992. Number=2413
16993. Confirmed=X
16994. Filename=[path to worm]
16995. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091611-3830-99" target="_blank">RPCBOT.F</a> TROJAN!
16996. Source=Paul Collins Startup list
16997.  
16998. [dll services]
16999. Number=2414
17000. Confirmed=X
17001. Filename=[random filename].exe
17002. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
17003. Source=Paul Collins Startup list
17004.  
17005. [DLL32]
17006. Number=2415
17007. Confirmed=X
17008. Filename=dllmem32.exe
17009. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032717-2015-99" target="_blank">KWBOT.E</a> WORM!
17010. Source=Paul Collins Startup list
17011.  
17012. [DLL32]
17013. Number=2416
17014. Confirmed=X
17015. Filename=dllhost.dll
17016. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092612-2130-99" target=_blank>SUCLOVE.A</a> WORM!
17017. Source=Paul Collins Startup list
17018.  
17019. [DllCacherv2]
17020. Number=2417
17021. Confirmed=X
17022. Filename=dllcachev2.exe
17023. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122016-1748-99" target=_blank>LATEDA</a> TROJAN!
17024. Source=Paul Collins Startup list
17025.  
17026. [dlldmt]
17027. Number=2418
17028. Confirmed=X
17029. Filename=dlldmt.exe
17030. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
17031. Source=Paul Collins Startup list
17032.  
17033. [DllExecutable]
17034. Number=2419
17035. Confirmed=X
17036. Filename=[path to file]
17037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbsp.html" target= blank>VB-SP</a> WORM!
17038. Source=Paul Collins Startup list
17039.  
17040. [dllhelp]
17041. Number=2420
17042. Confirmed=X
17043. Filename=dllhelp.exe
17044. Description=Added by the <a href="http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm" target="_blank">STARTPAGE.DQ</a> hijacker
17045. Source=Paul Collins Startup list
17046.  
17047. [dllhelp]
17048. Number=2421
17049. Confirmed=X
17050. Filename=dllhlp.exe
17051. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=123155" target=_blank>Downloader-HI</a> TROJAN!
17052.  
17053. Source=Paul Collins Startup list
17054.  
17055. [DLLHost]
17056. Number=2422
17057. Confirmed=X
17058. Filename=dllhst.exe
17059. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotac.html" target="_blank">DELBOT-AC</a> WORM!
17060. Source=Paul Collins Startup list
17061.  
17062. [dllhostxp.exe]
17063. Number=2423
17064. Confirmed=X
17065. Filename=dllhostxp.exe
17066. Description=Browser hijacker and adware downloader
17067. Source=Paul Collins Startup list
17068.  
17069. [DllLoader]
17070. Number=2424
17071. Confirmed=X
17072. Filename=lssas.exe
17073. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorje.html" target=_blank>JE</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
17074. Source=Paul Collins Startup list
17075.  
17076. [Dlload]
17077. Number=2425
17078. Confirmed=X
17079. Filename=killer.exe
17080. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillavfk.html" target=_blank>KILLAV-FK</a> TROJAN!
17081. Source=Paul Collins Startup list
17082.  
17083. [dllreg]
17084. Number=2426
17085. Confirmed=X
17086. Filename=dllreg.exe
17087. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
17088. Source=Paul Collins Startup list
17089.  
17090. [DLLService32]
17091. Number=2427
17092. Confirmed=X
17093. Filename=dllsvc32.exe
17094. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX" target=_blank>AGOBOT.VX</a> WORM!
17095. Source=Paul Collins Startup list
17096.  
17097. [DLM.exe]
17098. Number=2428
17099. Confirmed=N
17100. Filename=DLM.exe
17101. Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be has to be initialized through that browser
17102. Source=Paul Collins Startup list
17103.  
17104. [dlmMgr]
17105. Number=2429
17106. Confirmed=N
17107. Filename=AdobeDownloadManager.exe
17108. Description=<a href="http://www.adobe.com/products/acrobat/acrrmanager.html" target=_blank>Adobe Download Manager</a> - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible
17109. Source=Paul Collins Startup list
17110.  
17111. [DLPSP]
17112. Number=2430
17113. Confirmed=U
17114. Filename=DLPSP.EXE
17115. Description=Dell laser printer status monitor
17116. Source=Paul Collins Startup list
17117.  
17118. [dlsp2mx]
17119. Number=2431
17120. Confirmed=X
17121. Filename=dlsp2mx.exe
17122. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialmpbb.html" target=_blank>MPB-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"
17123. Source=Paul Collins Startup list
17124.  
17125. [DLT]
17126. Number=2432
17127. Confirmed=?
17128. Filename=dlt.exe
17129. Description=<font color="#FF0000">??</font>
17130. Source=Paul Collins Startup list
17131.  
17132. [dluca]
17133. Number=2433
17134. Confirmed=X
17135. Filename=dluca.exe
17136. Description=Adult content dialler - see <a href="http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=6465&st=15&" target="_blank"> here</a>
17137. Source=Paul Collins Startup list
17138.  
17139. [dluca]
17140. Number=2434
17141. Confirmed=X
17142. Filename=dluca.exe
17143. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100216-1500-99" target="_blank">DLUCA.C</a> TROJAN!
17144. Source=Paul Collins Startup list
17145.  
17146. [dluxde]
17147. Number=2435
17148. Confirmed=X
17149. Filename=dluxde.exe
17150. Description=All-In-One-Telcom (adult content dialler) variant
17151. Source=Paul Collins Startup list
17152.  
17153. [Dluxjp]
17154. Number=2436
17155. Confirmed=X
17156. Filename=cnfrm.exe
17157. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102909-5644-99" target="_blank">DLUCA.D</a> TROJAN!
17158. Source=Paul Collins Startup list
17159.  
17160. [Dm Hr]
17161. Number=2437
17162. Confirmed=X
17163. Filename=lpns.exe
17164. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7228" target="_blank">IRCBOT.WORM.61673</a> WORM!
17165. Source=Paul Collins Startup list
17166.  
17167. [DM mgr]
17168. Number=2438
17169. Confirmed=X
17170. Filename=dm_mgr.exe
17171. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100316-2418-99" target="_blank">JITTAR</a> TROJAN!
17172. Source=Paul Collins Startup list
17173.  
17174. [dm***.exe [* = random char]]
17175. Number=2439
17176. Confirmed=X
17177. Filename=dm***.exe [* = random char]
17178. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
17179. Source=Paul Collins Startup list
17180.  
17181. [DMAScheduler]
17182. Number=2440
17183. Confirmed=N
17184. Filename=DMAScheduler.exe
17185. Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dmascheduler/" target="_blank">DigitalMedia</a> Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
17186. Source=Paul Collins Startup list
17187.  
17188. [DMC]
17189. Number=2441
17190. Confirmed=X
17191. Filename=dmc.exe
17192. Description=Added by Trojan-Downloader.Win32.Dluca.bv TROJAN!
17193. Source=Paul Collins Startup list
17194.  
17195. [DMHotKey]
17196. Number=2442
17197. Confirmed=U
17198. Filename=DMLoader.exe
17199. Description=HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1
17200. Source=Paul Collins Startup list
17201.  
17202. [DMILDR]
17203. Number=2443
17204. Confirmed=N
17205. Filename=dmildr.exe
17206. Description=Part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
17207. Source=Paul Collins Startup list
17208.  
17209. [DMISL]
17210. Number=2444
17211. Confirmed=N
17212. Filename=DMISL.EXE
17213. Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://www.intel.com/support/tokenexpress/pro/sb/cs-016261.htm" target="_blank">here</a> for more information
17214. Source=Paul Collins Startup list
17215.  
17216. [DMISLAPP]
17217. Number=2445
17218. Confirmed=N
17219. Filename=DMISLAPP.exe
17220. Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See <a href="http://www.intel.com/support/tokenexpress/pro/sb/cs-016261.htm" target="_blank">here</a> for more information
17221. Source=Paul Collins Startup list
17222.  
17223. [dmjay]
17224. Number=2446
17225. Confirmed=?
17226. Filename=dmjay.exe
17227. Description=<font color="#FF0000">??</font>
17228. Source=Paul Collins Startup list
17229.  
17230. [dmloader]
17231. Number=2447
17232. Confirmed=X
17233. Filename=dmloader.exe
17234. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
17235. Source=Paul Collins Startup list
17236.  
17237. [Dmsvc32]
17238. Number=2448
17239. Confirmed=X
17240. Filename=Dmsvc32.exe
17241. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ABU" target="_blank">AGOBOT.ABU</a> WORM!
17242. Source=Paul Collins Startup list
17243.  
17244. [dmtdll]
17245. Number=2449
17246. Confirmed=X
17247. Filename=dmtdll.exe
17248. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
17249. Source=Paul Collins Startup list
17250.  
17251. [DMXLauncher]
17252. Number=2450
17253. Confirmed=U
17254. Filename=DMXLauncher.exe
17255. Description=Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files
17256. Source=Paul Collins Startup list
17257.  
17258. [dm[3 random letters].exe]
17259. Number=2451
17260. Confirmed=X
17261. Filename=dm[3 random letters].exe
17262. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120710-4752-99" target=_blank>RUINDEM</a> TROJAN!
17263. Source=Paul Collins Startup list
17264.  
17265. [DM_server]
17266. Number=2452
17267. Confirmed=X
17268. Filename=dmserver.exe
17269. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
17270. Source=Paul Collins Startup list
17271.  
17272. [dm_service]
17273. Number=2453
17274. Confirmed=X
17275. Filename=[path to file]
17276. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041811-4707-99" target=_blank>MITGLIEDER.P</a> TROJAN!
17277. Source=Paul Collins Startup list
17278.  
17279. [dnam]
17280. Number=2454
17281. Confirmed=X
17282. Filename=d140113.a.Stub.EXE
17283. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Downloader.Stub.A&threatid=42053" target=_blank>STUB_A</a> TROJAN!
17284. Source=Paul Collins Startup list
17285.  
17286. [Dnar]
17287. Number=2455
17288. Confirmed=X
17289. Filename=Dnar.exe
17290. Description=Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see <a href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=0" target="_blank">here</a>
17291. Source=Paul Collins Startup list
17292.  
17293. [DNE Binding Watchdog]
17294. Number=2456
17295. Confirmed=Y
17296. Filename=rundll dnes.dll, DnDneCheckBindings
17297. Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
17298. Source=Paul Collins Startup list
17299.  
17300. [DNE DUN Watchdog]
17301. Number=2457
17302. Confirmed=Y
17303. Filename=rundll dnes.dll, DnDneCheckDUN13
17304. Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
17305. Source=Paul Collins Startup list
17306.  
17307. [DNHelper32]
17308. Number=2458
17309. Confirmed=X
17310. Filename=DNHlp32.exe
17311. Description=Added by an unidentified WORM or TROJAN!
17312. Source=Paul Collins Startup list
17313.  
17314. [DNS]
17315. Number=2459
17316. Confirmed=X
17317. Filename=mc-58-12-0000080.exe
17318. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
17319. Source=Paul Collins Startup list
17320.  
17321. [DNS]
17322. Number=2460
17323. Confirmed=X
17324. Filename=mc-58-12-0000093.exe
17325. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
17326. Source=Paul Collins Startup list
17327.  
17328. [DNS]
17329. Number=2461
17330. Confirmed=X
17331. Filename=mc-110-12-0000079.exe
17332. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
17333. Source=Paul Collins Startup list
17334.  
17335. [DNS]
17336. Number=2462
17337. Confirmed=X
17338. Filename=mc-58-12-0000120.exe
17339. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
17340. Source=Paul Collins Startup list
17341.  
17342. [DNS]
17343. Number=2463
17344. Confirmed=X
17345. Filename=mc-58-12-0000140.exe
17346. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>Shorty</a> adware - also detected as the AGENT.FD TROJAN!
17347. Source=Paul Collins Startup list
17348.  
17349. [DNS]
17350. Number=2464
17351. Confirmed=X
17352. Filename=[worm filename]
17353. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bckdrcqg.html" target=_blank>CQG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Common Files folder
17354. Source=Paul Collins Startup list
17355.  
17356. [Dns Resolver]
17357. Number=2465
17358. Confirmed=X
17359. Filename=dnsrslve.exe
17360. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotws.html" target=_blank>RBOT-WS</a> WORM!
17361. Source=Paul Collins Startup list
17362.  
17363. [DNS Service]
17364. Number=2466
17365. Confirmed=X
17366. Filename=dnsresolver.exe
17367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpq.html" target=_blank>RBOT-PQ</a> WORM!
17368. Source=Paul Collins Startup list
17369.  
17370. [DNS Service]
17371. Number=2467
17372. Confirmed=X
17373. Filename=dnssvc.exe
17374. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotz.html" target="_blank">DELBOT-Z</a> WORM!
17375. Source=Paul Collins Startup list
17376.  
17377. [DNS2GoClient]
17378. Number=2468
17379. Confirmed=?
17380. Filename=dns2goclient.exe
17381. Description=<a href="http://dns2go.deerfield.com/" target="_blank">DNS2Go</a> is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. <font color="#FF0000">Is it required?</font>
17382. Source=Paul Collins Startup list
17383.  
17384. [DNSCacheBoost]
17385. Number=2469
17386. Confirmed=X
17387. Filename=dnsping.exe
17388. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdnsbusta.html" target= blank>DNSBUST-A</a> TROJAN!
17389. Source=Paul Collins Startup list
17390.  
17391. [dnscleaner]
17392. Number=2470
17393. Confirmed=X
17394. Filename=dnscleaner.exe
17395. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
17396. Source=Paul Collins Startup list
17397.  
17398. [DNXVC]
17399. Number=2471
17400. Confirmed=?
17401. Filename=dnxvc.exe
17402. Description=<font color="#FF0000">??</font>
17403. Source=Paul Collins Startup list
17404.  
17405. [DocTor]
17406. Number=2472
17407. Confirmed=X
17408. Filename=Doctor.exe
17409. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A" target="_blank">DOTOR.A</a> WORM!
17410. Source=Paul Collins Startup list
17411.  
17412. [DocuMagix Init]
17413. Number=2473
17414. Confirmed=N
17415. Filename=PWATCH.EXE
17416. Description=<a href="http://www.papermaster.net/pmpro/twa/page/home" target="_blank">PaperMaster</a> is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
17417. Source=Paul Collins Startup list
17418.  
17419. [Document Manager]
17420. Number=2474
17421. Confirmed=U
17422. Filename=docmgr.exe
17423. Description=Wave Systems Corp. <a href="http://www.wavesys.com/support/CSC/CustomerService/cssearch.asp" target="_blank">Document Manager</a> - "provides secure storage and management capabilities for file and folder level encryption"
17424. Source=Paul Collins Startup list
17425.  
17426. [Doggy Style]
17427. Number=2475
17428. Confirmed=X
17429. Filename=MsPMSPSd.exe
17430. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaap.html" target=_blank>SDBOT-AAP</a> WORM!
17431. Source=Paul Collins Startup list
17432.  
17433. [DOGStart]
17434. Number=2476
17435. Confirmed=X
17436. Filename=GSDOGST.EXE
17437. Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
17438. Source=Paul Collins Startup list
17439.  
17440. [Doing]
17441. Number=2477
17442. Confirmed=?
17443. Filename=doing.exe
17444. Description=<font color="#FF0000">??</font>
17445. Source=Paul Collins Startup list
17446.  
17447. [doit.exe]
17448. Number=2478
17449. Confirmed=X
17450. Filename=doit.exe
17451. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotek.html" target= blank>FORBOT-EK</a> WORM!
17452. Source=Paul Collins Startup list
17453.  
17454. [Domain Name Resolve Service]
17455. Number=2479
17456. Confirmed=X
17457. Filename=dnsresolver.exe
17458. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020213-5552-99" target=_blank>KIMAN.A</a> WORM!
17459. Source=Paul Collins Startup list
17460.  
17461. [Don't Panic]
17462. Number=2480
17463. Confirmed=U
17464. Filename=dontpanicdemodp.exe
17465. Description=30-day trial version of <a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic</a> privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."
17466. Source=Paul Collins Startup list
17467.  
17468. [Don't Panic Pop-Up Stopper]
17469. Number=2481
17470. Confirmed=U
17471. Filename=dpps2.exe
17472. Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
17473. Source=Paul Collins Startup list
17474.  
17475. [Don't Panic!]
17476. Number=2482
17477. Confirmed=U
17478. Filename=DP.EXE
17479. Description=<a href="http://www.panicware.com/product_dp.html" target="_blank">Don't Panic!</a> privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"
17480. Source=Paul Collins Startup list
17481.  
17482. [Dopus]
17483. Number=2483
17484. Confirmed=U
17485. Filename=dopus.exe
17486. Description=<a href="http://gpsoft.com.au/Intro.html" target="_blank">Directory Opus</a> - a file manager from GPSoft
17487. Source=Paul Collins Startup list
17488.  
17489. [dos]
17490. Number=2484
17491. Confirmed=X
17492. Filename=dos64.exe
17493. Description=Adware downloader trojan
17494. Source=Paul Collins Startup list
17495.  
17496. [Dos Prompt Loader]
17497. Number=2485
17498. Confirmed=X
17499. Filename=cygwin.exe
17500. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html" target= blank>SDBOT-VV</a> WORM!
17501. Source=Paul Collins Startup list
17502.  
17503. [Dosbat]
17504. Number=2486
17505. Confirmed=?
17506. Filename=??
17507. Description=<font color="#FF0000">??</font>
17508. Source=Paul Collins Startup list
17509.  
17510. [DoubleDesktop]
17511. Number=2487
17512. Confirmed=U
17513. Filename=dd.exe
17514. Description="<a href="http://www.fatfreesoft.com/2desk.php" target=_blank>DoubleDesktop</a> is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"
17515.  
17516. Source=Paul Collins Startup list
17517.  
17518. [DoUWantIt]
17519. Number=2488
17520. Confirmed=N
17521. Filename=duwi.exe
17522. Description=DoUWantIt - online shopping assistant. Start it manually
17523. Source=Paul Collins Startup list
17524.  
17525. [down]
17526. Number=2489
17527. Confirmed=X
17528. Filename=hlp32.exe
17529. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_DLOADER.BG" target=_blank>DLOADER.BG</a> TROJAN!
17530. Source=Paul Collins Startup list
17531.  
17532. [down]
17533. Number=2490
17534. Confirmed=X
17535. Filename=[trojan filename]
17536. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallqj.html" target=_blank>Small-QJ</a> TROJAN!
17537. Source=Paul Collins Startup list
17538.  
17539. [Down2Home]
17540. Number=2491
17541. Confirmed=U
17542. Filename=Down2Home.exe
17543. Description=<a href="http://jitserv.coolfreepage.com/" target=_blank>Down2Home</a> - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred"
17544.  
17545. Source=Paul Collins Startup list
17546.  
17547. [Download Accelerator Plus 5.0]
17548. Number=2492
17549. Confirmed=N
17550. Filename=DAP.exe
17551. Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
17552. Source=Paul Collins Startup list
17553.  
17554. [Download Plus]
17555. Number=2493
17556. Confirmed=X
17557. Filename=DownloadPlus.exe
17558. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadPlus&threatid=4618" target=_blank>DownloadPlus</a> adware
17559. Source=Paul Collins Startup list
17560.  
17561. [Download Wonder]
17562. Number=2494
17563. Confirmed=N
17564. Filename=DownloadWonder.exe
17565. Description=<a href="http://www.forty.com/" target="_blank">Download Wonder</a> from Forty Software. Download manager for resuming downloads, amongst other features
17566. Source=Paul Collins Startup list
17567.  
17568. [DownloadAccelerator]
17569. Number=2495
17570. Confirmed=N
17571. Filename=DAP.EXE
17572. Description=<a href="http://www.speedbit.com/" target="_blank">Download Accelerator Plus</a> from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
17573. Source=Paul Collins Startup list
17574.  
17575. [DownloadLegalMusic]
17576. Number=2496
17577. Confirmed=X
17578. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
17579. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
17580. Source=Paul Collins Startup list
17581.  
17582. [DownloadWare]
17583. Number=2497
17584. Confirmed=X
17585. Filename=dw.exe
17586. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
17587. Source=Paul Collins Startup list
17588.  
17589. [DownloadWare Engine]
17590. Number=2498
17591. Confirmed=X
17592. Filename=Dwe.exe
17593. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
17594. Source=Paul Collins Startup list
17595.  
17596. [Downxz]
17597. Number=2499
17598. Confirmed=X
17599. Filename=Downxz.bat
17600. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM
17601. Source=Paul Collins Startup list
17602.  
17603. [DPAgnt]
17604. Number=2500
17605. Confirmed=N
17606. Filename=DPAgnt.exe
17607. Description=<a href="http://www.digitalpersona.com/" target="_blank">digitalPersona</a> fingerprint scanner
17608. Source=Paul Collins Startup list
17609.  
17610. [DPAS]
17611. Number=2501
17612. Confirmed=U
17613. Filename=DPASNT.exe
17614. Description=DefenderPro AntiSpy - spyware remover
17615. Source=Paul Collins Startup list
17616.  
17617. [DPASUpdate]
17618. Number=2502
17619. Confirmed=U
17620. Filename=DPASAutUpdate.exe
17621. Description=Automatic updates for DefenderPro AntiSpy - spyware remover
17622. Source=Paul Collins Startup list
17623.  
17624. [Dpcnav]
17625. Number=2503
17626. Confirmed=Y
17627. Filename=dpcnav.exe
17628. Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
17629. Source=Paul Collins Startup list
17630.  
17631. [DPConfig]
17632. Number=2504
17633. Confirmed=N
17634. Filename=DPConfig.exe
17635. Description=Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed
17636. Source=Paul Collins Startup list
17637.  
17638. [dpcproxy]
17639. Number=2505
17640. Confirmed=X
17641. Filename=dpcproxy.exe
17642. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html" target="_blank">GOLDENP-A</a> TROJAN!
17643. Source=Paul Collins Startup list
17644.  
17645. [DPCProxyLoadOnStartup]
17646. Number=2506
17647. Confirmed=Y
17648. Filename=dpcstart.exe
17649. Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
17650. Source=Paul Collins Startup list
17651.  
17652. [Dpcstart]
17653. Number=2507
17654. Confirmed=Y
17655. Filename=dpcstart.exe
17656. Description=DirecWay from DirectTV (now <a href="http://go.gethughesnet.com/HUGHES/Rooms/DisplayPages/LayoutInitial?pageid=hughesnetc&Container=com.webridge.entity.Entity[OID[91908CBE85AD4C428CCD8D5CDB016B51]]" target="_blank">HughesNet</a>) - satellite based high-speed internet access
17657. Source=Paul Collins Startup list
17658.  
17659. [dpi]
17660. Number=2508
17661. Confirmed=X
17662. Filename=dpi.exe
17663. Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
17664. Source=Paul Collins Startup list
17665.  
17666. [dpnsvr32]
17667. Number=2509
17668. Confirmed=X
17669. Filename=dpnsvr32.exe
17670. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaolpassb.html" target=_blank>AOLPASS-B</a> TROJAN!
17671. Source=Paul Collins Startup list
17672.  
17673. [dpps2]
17674. Number=2510
17675. Confirmed=U
17676. Filename=dpps2.exe
17677. Description=<a href="http://www.panicware.com/product_companion.html" target="_blank">Pop-Up Stopper Companion</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
17678. Source=Paul Collins Startup list
17679.  
17680. [dps]
17681. Number=2511
17682. Confirmed=X
17683. Filename=dps.exe
17684. Description=<a href="http://allentech.net/parasite/SmartestSearch.html" target="_blank">SmartestSearch</a> parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover"
17685.  
17686. Source=Paul Collins Startup list
17687.  
17688. [dptracker]
17689. Number=2512
17690. Confirmed=N
17691. Filename=dptracker.exe
17692. Description=<a href="http://www.digitalpeers.com/" target=_blank>CamTrack</a> webcam software that enhances the way people video chat
17693.  
17694. Source=Paul Collins Startup list
17695.  
17696. [DpUtil]
17697. Number=2513
17698. Confirmed=U
17699. Filename=TEDTray.exe
17700. Description=Main executable for TOSHIBA <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/tedtray/" target="_blank">DualPoint Utility</a> Main Module. It is a system tray icon program that provides configuration options for dual pointing device
17701. Source=Paul Collins Startup list
17702.  
17703. [Drag'n'Drop_Autolaunch]
17704. Number=2514
17705. Confirmed=N
17706. Filename=Autolaunch.exe
17707. Description=<a href="http://www.iomega.com/hotburn/hotburn_main.html" target="_blank">Iomega HotBurn</a> - CD-RW burning software
17708. Source=Paul Collins Startup list
17709.  
17710. [DragDrop]
17711. Number=2515
17712. Confirmed=?
17713. Filename=DragDrop.exe
17714. Description=<font color="#FF0000">??</font>
17715. Source=Paul Collins Startup list
17716.  
17717. [DragnDrop_Autolaunch]
17718. Number=2516
17719. Confirmed=N
17720. Filename=Autolaunch.exe
17721. Description=<a href="http://www.iomega.com/hotburn/hotburn_main.html" target="_blank">Iomega HotBurn</a> - CD-RW burning software
17722. Source=Paul Collins Startup list
17723.  
17724. [DRam prmaessor]
17725. Number=2517
17726. Confirmed=X
17727. Filename=[random filename]
17728. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSG" target="_blank">RBOT.CSG</a> WORM!
17729. Source=Paul Collins Startup list
17730.  
17731. [DRam prosesor]
17732. Number=2518
17733. Confirmed=X
17734. Filename=[random filename]
17735. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EE" target="_blank">SPYBOT.EE</a> WORM!
17736. Source=Paul Collins Startup list
17737.  
17738. [DRam prosessor]
17739. Number=2519
17740. Confirmed=X
17741. Filename=[random filename]
17742. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSG" target="_blank">RBOT.CSG</a> WORM!
17743. Source=Paul Collins Startup list
17744.  
17745. [DRam prosessor]
17746. Number=2520
17747. Confirmed=X
17748. Filename=plscd.exe
17749. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CYA" target="_blank">RBOT.CYA</a> WORM!
17750. Source=Paul Collins Startup list
17751.  
17752. [DRam prosessor]
17753. Number=2521
17754. Confirmed=X
17755. Filename=HWAPI.exe
17756. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/hwapi/" target="_blank">McAfee HackerWatch</a> process which has the same filename
17757. Source=Paul Collins Startup list
17758.  
17759. [DRan posessor]
17760. Number=2522
17761. Confirmed=X
17762. Filename=DAP.exe
17763. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
17764. Source=Paul Collins Startup list
17765.  
17766. [DrCache]
17767. Number=2523
17768. Confirmed=X
17769. Filename=MSTDC.EXE
17770. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjm.html" target=_blank>JM</a> TROJAN!
17771. Source=Paul Collins Startup list
17772.  
17773. [dreams]
17774. Number=2524
17775. Confirmed=X
17776. Filename=server.exe
17777. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
17778. Source=Paul Collins Startup list
17779.  
17780. [DrefIW]
17781. Number=2525
17782. Confirmed=X
17783. Filename=SysDrefIWv2.exe
17784. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefc.html" target=_blank>DREF-C</a> WORM!
17785. Source=Paul Collins Startup list
17786.  
17787. [DrefIW]
17788. Number=2526
17789. Confirmed=X
17790. Filename=SysDref.exe
17791. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefd.html" target=_blank>DREF-D</a> WORM!
17792. Source=Paul Collins Startup list
17793.  
17794. [dregfix]
17795. Number=2527
17796. Confirmed=?
17797. Filename=ph_finder.exe
17798. Description=<font color="#FF0000">??</font>
17799. Source=Paul Collins Startup list
17800.  
17801. [DrgToDsc]
17802. Number=2528
17803. Confirmed=N
17804. Filename=DrgToDsc.exe
17805. Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
17806. Source=Paul Collins Startup list
17807.  
17808. [dried.exe]
17809. Number=2529
17810. Confirmed=?
17811. Filename=dried.exe
17812. Description=<font color="#FF0000">??</font>
17813. Source=Paul Collins Startup list
17814.  
17815. [DriveCleaner 2006 Free]
17816. Number=2530
17817. Confirmed=N
17818. Filename=UDC2006.exe
17819. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
17820. Source=Paul Collins Startup list
17821.  
17822. [DriveIcons]
17823. Number=2531
17824. Confirmed=U
17825. Filename=DriveIcon.exe
17826. Description=<a href="http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=15&PFid=25&Level=4&Conn=3" target="_blank">Drive Icons</a> from Realtek - shows a specific icon for each card type for their card reader controllers
17827. Source=Paul Collins Startup list
17828.  
17829. [DriveLED]
17830. Number=2532
17831. Confirmed=U
17832. Filename=OODLed.exe
17833. Description=<a href="http://www.oo-software.com/home/en/products/oodriveled/" target="_blank">O&O DriveLED</a> - hard disk monitoring and crash prevention
17834. Source=Paul Collins Startup list
17835.  
17836. [Driver]
17837. Number=2533
17838. Confirmed=X
17839. Filename=gbot.exe
17840. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
17841. Source=Paul Collins Startup list
17842.  
17843. [Driver32]
17844. Number=2534
17845. Confirmed=X
17846. Filename=Scam32.exe
17847. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-071720-1640-99" target="_blank"> SIRCAM</a> WORM!
17848. Source=Paul Collins Startup list
17849.  
17850. [DriverCheck]
17851. Number=2535
17852. Confirmed=X
17853. Filename=svchost.exe
17854. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
17855. Source=Paul Collins Startup list
17856.  
17857. [DriverDB]
17858. Number=2536
17859. Confirmed=X
17860. Filename=svcmdx32.exe
17861. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041722-3847-99" target=_blank>BERPI</a> TROJAN!
17862. Source=Paul Collins Startup list
17863.  
17864. [DriverLoad]
17865. Number=2537
17866. Confirmed=X
17867. Filename=svchost.exe
17868. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
17869. Source=Paul Collins Startup list
17870.  
17871. [DriverModule]
17872. Number=2538
17873. Confirmed=X
17874. Filename=csrnvrt.exe
17875. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013116-4032-99" target=_blank>IRCBOT.I</a> TROJAN!
17876. Source=Paul Collins Startup list
17877.  
17878. [DriverPath]
17879. Number=2539
17880. Confirmed=X
17881. Filename=system32.exe
17882. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorats.html" target=_blank>PRORAT-S</a> TROJAN!
17883. Source=Paul Collins Startup list
17884.  
17885. [Drivers for Internet Explorer]
17886. Number=2540
17887. Confirmed=X
17888. Filename=accesweb.exe
17889. Description=Added by freewebs.com hijacker!
17890. Source=Paul Collins Startup list
17891.  
17892. [DriveSelect]
17893. Number=2541
17894. Confirmed=N
17895. Filename=driveselect.exe
17896. Description=<a href="http://www.321studiosinc.com/" target=_blank>DVD X Copy XPress</a> by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs
17897.  
17898. Source=Paul Collins Startup list
17899.  
17900. [drkly16j]
17901. Number=2542
17902. Confirmed=U
17903. Filename=rundll32.exe drkly16j.dll, ServiceCheck
17904. Description=<a href="http://www.kidswatch.com/" target=_blank>KidsWatch Time Control</a> parental control software
17905. Source=Paul Collins Startup list
17906.  
17907. [dRMON SmartAgent]
17908. Number=2543
17909. Confirmed=U
17910. Filename=SmartAgt.exe
17911. Description=Part of the network monitoring program group for 3Com NIC cards. See <a href="http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm" target="_blank">here</a> for more info
17912. Source=Paul Collins Startup list
17913.  
17914. [drmu]
17915. Number=2544
17916. Confirmed=X
17917. Filename=W95Mm.exe
17918. Description=Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
17919. Source=Paul Collins Startup list
17920.  
17921. [drocher]
17922. Number=2545
17923. Confirmed=X
17924. Filename=d.exe
17925. Description=Adult content dialler
17926. Source=Paul Collins Startup list
17927.  
17928. [DropSpam Lifestyle]
17929. Number=2546
17930. Confirmed=X
17931. Filename=dslifestyle.exe
17932. Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_137582.htm" target="_blank">Dropspam</a> adware
17933. Source=Paul Collins Startup list
17934.  
17935. [drvddll.exe]
17936. Number=2547
17937. Confirmed=X
17938. Filename=drvddll.exe
17939. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081712-1706-99" target="_blank">BEAGLE.AP</a> WORM!
17940. Source=Paul Collins Startup list
17941.  
17942. [Drvddll_exe]
17943. Number=2548
17944. Confirmed=X
17945. Filename=drvddll.exe
17946. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042815-2313-99" target="_blank">BEAGLE.X</a> WORM!
17947. Source=Paul Collins Startup list
17948.  
17949. [DrvListnr]
17950. Number=2549
17951. Confirmed=?
17952. Filename=DrvListnr.exe
17953. Description=Analog Devices SoundMAX soundcard related.<font color="#FF0000"> What does it do and is it required?</font>
17954. Source=Paul Collins Startup list
17955.  
17956. [drvlsnr]
17957. Number=2550
17958. Confirmed=U
17959. Filename=drvlsnr.exe
17960. Description=Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
17961. Source=Paul Collins Startup list
17962.  
17963. [DrvMon.exe]
17964. Number=2551
17965. Confirmed=U
17966. Filename=DrvMon.exe
17967. Description=<a href="http://www.alcormicro.com/products.php" target="_blank">Alcor</a> drive monitor software
17968. Source=Paul Collins Startup list
17969.  
17970. [drvnetw]
17971. Number=2552
17972. Confirmed=X
17973. Filename=drvnetw.exe
17974. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerb.html" target=_blank>BROGGER-B</a> TROJAN!
17975. Source=Paul Collins Startup list
17976.  
17977. [drvr32h]
17978. Number=2553
17979. Confirmed=X
17980. Filename=drvr32h.exe
17981. Description=Added by an unidentified VIRUS, WORM or TROJAN!
17982. Source=Paul Collins Startup list
17983.  
17984. [drvrmanager]
17985. Number=2554
17986. Confirmed=X
17987. Filename=drvrquery32.exe
17988. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
17989. Source=Paul Collins Startup list
17990.  
17991. [drvsys.exe]
17992. Number=2555
17993. Confirmed=X
17994. Filename=drvsys.exe
17995. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-0238-99" target="_blank">BEAGLE.W</a> WORM!
17996. Source=Paul Collins Startup list
17997.  
17998. [drvsyskit]
17999. Number=2556
18000. Confirmed=X
18001. Filename=hidr.exe
18002. Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_bagle_hr.shtml" target="_blank">BAGLE.HR</a> WORM!
18003. Source=Paul Collins Startup list
18004.  
18005. [drvupd]
18006. Number=2557
18007. Confirmed=X
18008. Filename=rundll32 ..drvupd.inf
18009. Description=Hijacker - drvupd.inf file installs a "searchforge.com" hijack
18010. Source=Paul Collins Startup list
18011.  
18012. [drv_st_key]
18013. Number=2558
18014. Confirmed=X
18015. Filename=hidn.exe
18016. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062016-4555-99" target="_blank">BEAGLE.FF</a> WORM!
18017. Source=Paul Collins Startup list
18018.  
18019. [DrWatson]
18020. Number=2559
18021. Confirmed=X
18022. Filename=drwatson_.exe
18023. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavs.html" target=_blank>LOHAV-S</a> TROJAN!
18024. Source=Paul Collins Startup list
18025.  
18026. [DrWatson]
18027. Number=2560
18028. Confirmed=X
18029. Filename=drwatson_32.exe
18030. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavs.html" target=_blank>LOHAV-S</a> TROJAN!
18031. Source=Paul Collins Startup list
18032.  
18033. [DrWeb Antivirus]
18034. Number=2561
18035. Confirmed=X
18036. Filename=DRWEBAV.EXE
18037. Description=Added by an unidentified WORM or TROJAN!
18038. Source=Paul Collins Startup list
18039.  
18040. [Drwebscheduler]
18041. Number=2562
18042. Confirmed=Y
18043. Filename=Drwebscd.exe
18044. Description=<a href="http://www.drweb.com/" target="_blank">DrWeb</a> antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
18045. Source=Paul Collins Startup list
18046.  
18047. [DR_S]
18048. Number=2563
18049. Confirmed=X
18050. Filename=DR_S.exe
18051. Description=<a href="http://sarc.com/avcenter/venc/data/adware.adshooter.html" target="_blank">AdShooter</a> adware
18052. Source=Paul Collins Startup list
18053.  
18054. [ds]
18055. Number=2564
18056. Confirmed=X
18057. Filename=ds.exe
18058. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112514-4016-99" target=_blank>SPYMON</a> TROJAN!
18059. Source=Paul Collins Startup list
18060.  
18061. [DS Clock]
18062. Number=2565
18063. Confirmed=U
18064. Filename=dsclock.exe
18065. Description=Digital desktop clock including synchronization with atomic servers - see <a href="http://www.dualitysoft.com/dsclock/" target="_blank">here</a>
18066. Source=Paul Collins Startup list
18067.  
18068. [dsa]
18069. Number=2566
18070. Confirmed=X
18071. Filename=dsa.exe
18072. Description=Homepage hijacker - redirecting to downseek.com
18073. Source=Paul Collins Startup list
18074.  
18075. [DSAcass]
18076. Number=2567
18077. Confirmed=X
18078. Filename=[path to file]
18079. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112615-3900-99" target=_blank>RANKY.M</a> TROJAN!
18080. Source=Paul Collins Startup list
18081.  
18082. [DSB]
18083. Number=2568
18084. Confirmed=X
18085. Filename=DSB.exe
18086. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.energyplugin.html" target="_blank">EnergyPlugin</a> adware
18087. Source=Paul Collins Startup list
18088.  
18089. [dsd]
18090. Number=2569
18091. Confirmed=X
18092. Filename=zz.exe
18093. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfox.html" target="_blank">RBOT-FOX</a> WORM!
18094. Source=Paul Collins Startup list
18095.  
18096. [DSentry]
18097. Number=2570
18098. Confirmed=N
18099. Filename=DSentry.exe
18100. Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
18101. Source=Paul Collins Startup list
18102.  
18103. [Dsi]
18104. Number=2571
18105. Confirmed=X
18106. Filename=dp-******.exe
18107. Description=Added by an unidentified adware where ****** are random characters
18108. Source=Paul Collins Startup list
18109.  
18110. [Dsi]
18111. Number=2572
18112. Confirmed=X
18113. Filename=dp-him.exe
18114. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrah.html" target=_blank>MULTIDR-AH</a> TROJAN!
18115. Source=Paul Collins Startup list
18116.  
18117. [Dskcompat]
18118. Number=2573
18119. Confirmed=X
18120. Filename=Dskcompat.exe
18121. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
18122. Source=Paul Collins Startup list
18123.  
18124. [DSKEY]
18125. Number=2574
18126. Confirmed=U
18127. Filename=DsKey.exe
18128. Description=Part of <a href="http://www.pcphonehome.com/" target="_blank">PC PhoneHome</a> - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers
18129. Source=Paul Collins Startup list
18130.  
18131. [DSL Monitor]
18132. Number=2575
18133. Confirmed=N
18134. Filename=spdstrm.exe
18135. Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
18136. Source=Paul Collins Startup list
18137.  
18138. [DSLagentexe]
18139. Number=2576
18140. Confirmed=Y
18141. Filename=DSLagent.exe
18142. Description=Used in conjunction with USB connected ADSL modems from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection
18143. Source=Paul Collins Startup list
18144.  
18145. [dslmon]
18146. Number=2577
18147. Confirmed=Y
18148. Filename=dslmon.exe
18149. Description=Sagem DSL modem related. Apparently needed to detect the modem
18150.  
18151. Source=Paul Collins Startup list
18152.  
18153. [DSLSTATEXE]
18154. Number=2578
18155. Confirmed=U
18156. Filename=dslstat.exe
18157. Description=System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
18158. Source=Paul Collins Startup list
18159.  
18160. [DsmSer]
18161. Number=2579
18162. Confirmed=X
18163. Filename=dsm.exe
18164. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
18165. Source=Paul Collins Startup list
18166.  
18167. [DsmSer]
18168. Number=2580
18169. Confirmed=X
18170. Filename=msmpatch.exe
18171. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
18172. Source=Paul Collins Startup list
18173.  
18174. [DsmSer]
18175. Number=2581
18176. Confirmed=X
18177. Filename=svosm.exe
18178. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
18179. Source=Paul Collins Startup list
18180.  
18181. [DsmSer]
18182. Number=2582
18183. Confirmed=X
18184. Filename=sysup.exe
18185. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
18186. Source=Paul Collins Startup list
18187.  
18188. [DsplObjects]
18189. Number=2583
18190. Confirmed=X
18191. Filename=windspl.exe
18192. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020416-2130-99" target=_blank>BEAGLE.DN</a> WORM!
18193. Source=Paul Collins Startup list
18194.  
18195. [DSS]
18196. Number=2584
18197. Confirmed=X
18198. Filename=dssagent.exe
18199. Description=DSSAgent by Br°derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See <a href="http://cexx.org/dssagent.htm" target="_blank">here</a> for more info
18200. Source=Paul Collins Startup list
18201.  
18202. [DSS]
18203. Number=2585
18204. Confirmed=X
18205. Filename=[path to trojan]
18206. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdssdoorc.html" target=_blank>DSSDOOR-C</a> TROJAN!
18207. Source=Paul Collins Startup list
18208.  
18209. [DSService]
18210. Number=2586
18211. Confirmed=X
18212. Filename=dmrss.exe
18213. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotxx.html" target=_blank>AGOBOT-XX</a> WORM!
18214. Source=Paul Collins Startup list
18215.  
18216. [DSSSGENS]
18217. Number=2587
18218. Confirmed=?
18219. Filename=dssagens.exe
18220. Description=<font color="#FF0000">??</font>
18221. Source=Paul Collins Startup list
18222.  
18223. [DSystemDriver]
18224. Number=2588
18225. Confirmed=X
18226. Filename=windrv.exe
18227. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
18228. Source=Paul Collins Startup list
18229.  
18230. [DU Meter]
18231. Number=2589
18232. Confirmed=N
18233. Filename=DUMETER.EXE
18234. Description=<a href="http://www.dumeter.com/main.php" target="_blank">Hagel Technologies</a> internet bandwidth monitor
18235. Source=Paul Collins Startup list
18236.  
18237. [duck]
18238. Number=2590
18239. Confirmed=X
18240. Filename=duck.exe
18241. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotavg.html" target=_blank>AGOBOT-AVG</a> WORM!
18242. Source=Paul Collins Startup list
18243.  
18244. [Dumeter Services]
18245. Number=2591
18246. Confirmed=X
18247. Filename=dumeter.exe
18248. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaeq.html" target=_blank>SDBOT-AEQ</a> WORM!
18249. Source=Paul Collins Startup list
18250.  
18251. [dumprep 0 -k]
18252. Number=2592
18253. Confirmed=N
18254. Filename=dumprep 0 -k
18255. Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
18256. Source=Paul Collins Startup list
18257.  
18258. [dumprep 0 -u]
18259. Number=2593
18260. Confirmed=N
18261. Filename=dumprep 0 -u
18262. Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
18263. Source=Paul Collins Startup list
18264.  
18265. [DUN_SERVICES3]
18266. Number=2594
18267. Confirmed=X
18268. Filename=dun3.exe
18269. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062715-5302-99" target=_blank>SOKIRON</a> TROJAN!
18270. Source=Paul Collins Startup list
18271.  
18272. [Duweculey]
18273. Number=2595
18274. Confirmed=X
18275. Filename=yujixit.exe
18276. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRP&VSect=P" target=_blank>SDBOT.BRP</a> WORM!
18277. Source=Paul Collins Startup list
18278.  
18279. [dvd43]
18280. Number=2596
18281. Confirmed=N
18282. Filename=DVD43_Tray.exe
18283. Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a> is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"
18284. Source=Paul Collins Startup list
18285.  
18286. [DVD43]
18287. Number=2597
18288. Confirmed=U
18289. Filename=DVD43.exe
18290. Description=<a href="http://www.dvdidle.com/dvd43.htm" target="_blank">DVD43</a>  is a small tool that overrides CSS copy-protection found on DVD movies
18291. Source=Paul Collins Startup list
18292.  
18293. [dvd98]
18294. Number=2598
18295. Confirmed=X
18296. Filename=windvd98.exe
18297. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022917-5250-99" target="_blank">CULT.P</a> WORM!
18298. Source=Paul Collins Startup list
18299.  
18300. [DVDBitSet]
18301. Number=2599
18302. Confirmed=U
18303. Filename=DVDBitSet.exe
18304. Description=DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
18305. Source=Paul Collins Startup list
18306.  
18307. [DVDCheck]
18308. Number=2600
18309. Confirmed=?
18310. Filename=DVDCheck.exe
18311. Description=Related to an <a href="http://www.intervideo.com/jsp/Home.jsp" target=_blank>Intervideo</a> program. <font color="#FF0000">What does it do and is it required in startup?</font>
18312. Source=Paul Collins Startup list
18313.  
18314. [Dvdcompat]
18315. Number=2601
18316. Confirmed=X
18317. Filename=Dvdcompat.exe
18318. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
18319. Source=Paul Collins Startup list
18320.  
18321. [DVDLauncher]
18322. Number=2602
18323. Confirmed=N
18324. Filename=DVDLauncher.exe
18325. Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_12_ENU.html" target=_blank>Power Cinema</a> - allows you to play DVDs upon insertion
18326.  
18327. Source=Paul Collins Startup list
18328.  
18329. [DVDSentry]
18330. Number=2603
18331. Confirmed=N
18332. Filename=DSentry.exe
18333. Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
18334. Source=Paul Collins Startup list
18335.  
18336. [DVDTray]
18337. Number=2604
18338. Confirmed=N
18339. Filename=DVDTray.exe
18340. Description=HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware
18341. Source=Paul Collins Startup list
18342.  
18343. [DVDUpgrade]
18344. Number=2605
18345. Confirmed=N
18346. Filename=DVDUpgrd.exe
18347. Description=Microsoft program to upgrade your DVD decoder program - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en;306331" target=_blank>Q306331</a>. Available via Start -> Programs
18348. Source=Paul Collins Startup list
18349.  
18350. [DVDXGhost]
18351. Number=2606
18352. Confirmed=N
18353. Filename=DVDGhost.EXE
18354. Description=<a href="http://www.region-free-dvd.com/" target=_blank>DVD Ghost</a> - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk"
18355.  
18356. Source=Paul Collins Startup list
18357.  
18358. [Dvp95]
18359. Number=2607
18360. Confirmed=Y
18361. Filename=Dvp95.exe
18362. Description=Scan engine for <a href="http://www.f-secure.com/index.shtml" target="_blank">F-Secure</a> and Command antivirus software based on the <a href="http://www.f-prot.com" target="_blank">F-Prot AntiVirus</a> engine
18363. Source=Paul Collins Startup list
18364.  
18365. [dvpapi9x]
18366. Number=2608
18367. Confirmed=Y
18368. Filename=DVPAPI9X.exe
18369. Description=Command AntiVirus for Windows 95/98/Me
18370. Source=Paul Collins Startup list
18371.  
18372. [DvpInitExe]
18373. Number=2609
18374. Confirmed=Y
18375. Filename=Dvpinit.exe
18376. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
18377. Source=Paul Collins Startup list
18378.  
18379. [dvprpt]
18380. Number=2610
18381. Confirmed=Y
18382. Filename=Dvprpt.exe
18383. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
18384. Source=Paul Collins Startup list
18385.  
18386. [dvraudio]
18387. Number=2611
18388. Confirmed=X
18389. Filename=dvraudio.exe
18390. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
18391. Source=Paul Collins Startup list
18392.  
18393. [dvsfss]
18394. Number=2612
18395. Confirmed=X
18396. Filename=fbsfsdrs.exe
18397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html" target="_blank">SDBOT-QA</a> WORM!
18398. Source=Paul Collins Startup list
18399.  
18400. [DVSync]
18401. Number=2613
18402. Confirmed=U
18403. Filename=dvsync.exe
18404. Description=DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC
18405. Source=Paul Collins Startup list
18406.  
18407. [Dvx]
18408. Number=2614
18409. Confirmed=X
18410. Filename=wsxsvc.exe
18411. Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
18412. Source=Paul Collins Startup list
18413.  
18414. [dw]
18415. Number=2615
18416. Confirmed=X
18417. Filename=dw.exe
18418. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
18419. Source=Paul Collins Startup list
18420.  
18421. [DW4]
18422. Number=2616
18423. Confirmed=N
18424. Filename=Weather.exe
18425. Description=<a href="http://www.weather.com/services/desktop.html?from=dt_hugheader&refer=dt_hugheader" target=_blank>Desktop Weather</a>
18426. Source=Paul Collins Startup list
18427.  
18428. [DWHeartbeatMonitor]
18429. Number=2617
18430. Confirmed=U
18431. Filename=DWHeartbeatMonitor.exe
18432. Description=DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
18433. Source=Paul Collins Startup list
18434.  
18435. [DwlClient]
18436. Number=2618
18437. Confirmed=N
18438. Filename=support.exe
18439. Description=Download manager for Dell support alerts
18440. Source=Paul Collins Startup list
18441.  
18442. [dwStart]
18443. Number=2619
18444. Confirmed=Y
18445. Filename=FireWall.exe
18446. Description=<a href="http://www.pcsecurityshield.com/webApp/208.asp" target=_blank>The Shield</a> firewall
18447. Source=Paul Collins Startup list
18448.  
18449. [Dx]
18450. Number=2620
18451. Confirmed=X
18452. Filename=sys*.exe [* = random number]
18453. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEXTER.A" target="_blank">DEXTER.A</a> WORM!
18454. Source=Paul Collins Startup list
18455.  
18456. [Dx8compat]
18457. Number=2621
18458. Confirmed=X
18459. Filename=Dx8compat.exe
18460. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
18461. Source=Paul Collins Startup list
18462.  
18463. [dxdiags.exe]
18464. Number=2622
18465. Confirmed=X
18466. Filename=dxdiags.exe
18467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifg.html" target=_blank>CERTIF-G</a> TROJAN!
18468. Source=Paul Collins Startup list
18469.  
18470. [DxDialog]
18471. Number=2623
18472. Confirmed=X
18473. Filename=dxdlg32.exe
18474. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbcxt.html" target="_blank">VB-CXT</a> TROJAN!
18475. Source=Paul Collins Startup list
18476.  
18477. [dxdll32]
18478. Number=2624
18479. Confirmed=X
18480. Filename=ntxdll.exe
18481. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3820-99" target=_blank>GAOBOT.CPX</a> WORM!
18482. Source=Paul Collins Startup list
18483.  
18484. [DXDllRegExe]
18485. Number=2625
18486. Confirmed=N
18487. Filename=dxdllreg.exe
18488. Description=Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
18489. Source=Paul Collins Startup list
18490.  
18491. [DxLoad]
18492. Number=2626
18493. Confirmed=X
18494. Filename=DX3DRndr.exe
18495. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022511-4002-99" target="_blank">GIBE.B</a> WORM!
18496. Source=Paul Collins Startup list
18497.  
18498. [DXM6Patch_981116]
18499. Number=2627
18500. Confirmed=N
18501. Filename=p_981116.exe
18502. Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/group/microsoft.public.win98.performance/browse_frm/thread/1bb6d199cdad3c95/24366de20a10c5d6?hl=en&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN#24366de20a10c5d6" target="_blank">here</a>
18503. Source=Paul Collins Startup list
18504.  
18505. [dxmsrv]
18506. Number=2628
18507. Confirmed=X
18508. Filename=dxmsrv.exe
18509. Description=Added by an unidentified WORM or TROJAN!
18510. Source=Paul Collins Startup list
18511.  
18512. [Dxsty]
18513. Number=2629
18514. Confirmed=X
18515. Filename=Dxsty.exe
18516. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
18517. Source=Paul Collins Startup list
18518.  
18519. [Dxupdate.exe]
18520. Number=2630
18521. Confirmed=X
18522. Filename=Dxupdate.exe
18523. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102010-4632-99" target="_blank">MAFEG</a> WORM!
18524. Source=Paul Collins Startup list
18525.  
18526. [dxvid]
18527. Number=2631
18528. Confirmed=X
18529. Filename=dxvid.exe
18530. Description=Added by Trojan-Downloader.Win32.Dluca.by TROJAN!
18531. Source=Paul Collins Startup list
18532.  
18533. [DyFuCA]
18534. Number=2632
18535. Confirmed=X
18536. Filename=optimize.exe
18537. Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
18538. Source=Paul Collins Startup list
18539.  
18540. [DyFuCA Active Alert]
18541. Number=2633
18542. Confirmed=X
18543. Filename=actalert.exe
18544. Description=Adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html" target="_blank">here</a>
18545. Source=Paul Collins Startup list
18546.  
18547. [Dynamic DHCP]
18548. Number=2634
18549. Confirmed=X
18550. Filename=dydhcp.exe
18551. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_RINBOT.B" target="_blank">RINBOT.B</a> TROJAN!
18552. Source=Paul Collins Startup list
18553.  
18554. [Dynamic Dns Binary]
18555. Number=2635
18556. Confirmed=X
18557. Filename=dynitora.exe
18558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwt.html" target=_blank>RBOT-WT</a> WORM!
18559. Source=Paul Collins Startup list
18560.  
18561. [Dynamic Dns Binary]
18562. Number=2636
18563. Confirmed=X
18564. Filename=CMD16.EXE
18565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxm.html" target= blank>RBOT-XM</a> WORM!
18566. Source=Paul Collins Startup list
18567.  
18568. [Dynamic Dns Binary]
18569. Number=2637
18570. Confirmed=X
18571. Filename=winxp34.exe
18572. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
18573. Source=Paul Collins Startup list
18574.  
18575. [Dynamic Dns Binary]
18576. Number=2638
18577. Confirmed=X
18578. Filename=WinHelpcfn.exe
18579. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
18580. Source=Paul Collins Startup list
18581.  
18582. [Dynamic Link Library loader]
18583. Number=2639
18584. Confirmed=X
18585. Filename=Loader32.exe
18586. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031416-1509-99" target=_blank>KOL</a> TROJAN!
18587. Source=Paul Collins Startup list
18588.  
18589. [DynDNS Updater]
18590. Number=2640
18591. Confirmed=U
18592. Filename=DynDNS.exe
18593. Description=Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org
18594. Source=Paul Collins Startup list
18595.  
18596. [DynDNS-Updater Traytool]
18597. Number=2641
18598. Confirmed=N
18599. Filename=ddutray.exe
18600. Description=<a href="http://www.dyndns.com/services/dns/dyndns/" target="_blank">DynDNS</a> updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually
18601. Source=Paul Collins Startup list
18602.  
18603. [DynHttp Dns Binary]
18604. Number=2642
18605. Confirmed=X
18606. Filename=dynizari.exe
18607. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
18608. Source=Paul Collins Startup list
18609.  
18610. [DynSite]
18611. Number=2643
18612. Confirmed=U
18613. Filename=DynSite.exe
18614. Description=<a href="http://noeld.com/download.htm" target=_blank>DynSite</a> - dynamic DNS client, also called an automatic IP updater
18615. Source=Paul Collins Startup list
18616.  
18617. [Dynu Basic Client]
18618. Number=2644
18619. Confirmed=U
18620. Filename=dynubas.exe
18621. Description=<a href="http://www.dynu.com/" target=_blank>Dynu</a> online dynamic IP update client. Useful when using a dial up modem
18622.  
18623. Source=Paul Collins Startup list
18624.  
18625. [DZKillMe]
18626. Number=2645
18627. Confirmed=?
18628. Filename=DZSAVEME.EXE
18629. Description=<font color="#FF0000">??</font>
18630. Source=Paul Collins Startup list
18631.  
18632. [D_V_T]
18633. Number=2646
18634. Confirmed=U
18635. Filename=dvt.exe
18636. Description=<a href="http://www.medical.philips.com/main/company/connectivity/dvt-tool/DVT.html" target="_blank">DICOM Validation Tool</a> - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"
18637. Source=Paul Collins Startup list
18638.  
18639. [D_V_T]
18640. Number=2647
18641. Confirmed=?
18642. Filename=dvt.exe
18643. Description=Installation could be a crack/hack to NOD32 <a href="http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=bc156de4-638d-4d29-b49f-a9cb9e588a83&p=1" target="_blank">here</a>. Seen and removed in many logs. Investigate it further and if this file is present C:\d_v_t.reg then it should be fixed. Not to be confused with the DICOM entry <a href="http://www.sysinfo.org/startuplist.php?filter=DICOM" target="_blank">here</a>. Both files are located in the Windows/Windir directory
18644. Source=Paul Collins Startup list
18645.  
18646. [E-Card]
18647. Number=2648
18648. Confirmed=X
18649. Filename=ecard.exe
18650. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082217-3310-99" target="_blank">YODI</a> WORM!
18651. Source=Paul Collins Startup list
18652.  
18653. [E-color]
18654. Number=2649
18655. Confirmed=U
18656. Filename=IconMgr.Exe
18657. Description=Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
18658. Source=Paul Collins Startup list
18659.  
18660. [E-nrgyPlus]
18661. Number=2650
18662. Confirmed=X
18663. Filename=E-nrgyPlus.exe
18664. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-030816-3717-99" target=_blank>Energyplus</a> TRACKWARE! Tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site
18665. Source=Paul Collins Startup list
18666.  
18667. [e-Surveiller Station]
18668. Number=2651
18669. Confirmed=X
18670. Filename=estation.exe
18671. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022415-5224-99" target=_blank>ESurveiller</a> spyware. Note - ESurveiller is spyware that monitors and records keystrokes and mouse clicks, instant message conversations, Internet activity and applications used, must be manually installed
18672. Source=Paul Collins Startup list
18673.  
18674. [E06DXLRD_7604703]
18675. Number=2652
18676. Confirmed=U
18677. Filename=EDICT.EXE
18678. Description=Related to <a href="http://encarta.msn.com/" target=_blank>Microsoft Encarta</a> dictionary functions
18679. Source=Paul Collins Startup list
18680.  
18681. [E6TaskPanel]
18682. Number=2653
18683. Confirmed=N
18684. Filename=TaskPanl.exe
18685. Description=Earthlink Task Panel - part of <a href="http://www.earthlink.net/home/software/" target="_blank">Earthlink TotalAccess 2003</a> internet access software. Quick access to internet, E-mail and web-space
18686. Source=Paul Collins Startup list
18687.  
18688. [eabconfg.cpl]
18689. Number=2654
18690. Confirmed=U
18691. Filename=EabServr.exe
18692. Description=Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
18693. Source=Paul Collins Startup list
18694.  
18695. [Eac Download]
18696. Number=2655
18697. Confirmed=X
18698. Filename=download.exe
18699. Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18700. Source=Paul Collins Startup list
18701.  
18702. [EACLEAN]
18703. Number=2656
18704. Confirmed=U
18705. Filename=eaclean.exe
18706. Description=For Compaq PC's. <a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank"> Easy Access</a> button support for the keyboard
18707. Source=Paul Collins Startup list
18708.  
18709. [Eac_Cnry]
18710. Number=2657
18711. Confirmed=X
18712. Filename=canary.exe
18713. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcanary.html" target="_blank"> CANARY</a> TROJAN!
18714. Source=Paul Collins Startup list
18715.  
18716. [Eac_rnvdl]
18717. Number=2658
18718. Confirmed=?
18719. Filename=ANTIVIRUS_INSTALL.EXE
18720. Description=<font color="#FF0000">??</font>
18721. Source=Paul Collins Startup list
18722.  
18723. [EanthologyApp]
18724. Number=2659
18725. Confirmed=U
18726. Filename=EANTHO~1.EXE
18727. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18728. Source=Paul Collins Startup list
18729.  
18730. [EanthologyApp]
18731. Number=2660
18732. Confirmed=U
18733. Filename=eanthology.exe
18734. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18735. Source=Paul Collins Startup list
18736.  
18737. [eanthology_install.exe]
18738. Number=2661
18739. Confirmed=U
18740. Filename=eanthology_install.exe
18741. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18742. Source=Paul Collins Startup list
18743.  
18744. [eanth_critical_update_alert]
18745. Number=2662
18746. Confirmed=U
18747. Filename=sys_alert.exe
18748. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18749. Source=Paul Collins Startup list
18750.  
18751. [eanth_system_patcher]
18752. Number=2663
18753. Confirmed=U
18754. Filename=sys_alert.exe
18755. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
18756. Source=Paul Collins Startup list
18757.  
18758. [Eapcisetup]
18759. Number=2664
18760. Confirmed=N
18761. Filename=sbsetup.exe
18762. Description=Rockwell RipTide soundcard application software. Sound works without it
18763. Source=Paul Collins Startup list
18764.  
18765. [EAPCISETUP]
18766. Number=2665
18767. Confirmed=N
18768. Filename=wizard.exe
18769. Description=Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
18770. Source=Paul Collins Startup list
18771.  
18772. [Earthlink Protection Control Center]
18773. Number=2666
18774. Confirmed=Y
18775. Filename=elnk_pcc.exe
18776. Description=EarthLink <a href="http://www.earthlink.net/software/pcc/" target="_blank">Protection Control Center</a> - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"
18777. Source=Paul Collins Startup list
18778.  
18779. [EarthLink ToolBar 5.0]
18780. Number=2667
18781. Confirmed=N
18782. Filename=etoolbar.exe
18783. Description=EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
18784. Source=Paul Collins Startup list
18785.  
18786. [Easy Key]
18787. Number=2668
18788. Confirmed=U
18789. Filename=easykey.exe
18790. Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
18791. Source=Paul Collins Startup list
18792.  
18793. [Easy Start Button]
18794. Number=2669
18795. Confirmed=N
18796. Filename=esb.exe
18797. Description=Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
18798. Source=Paul Collins Startup list
18799.  
18800. [Easy-PrintToolBox]
18801. Number=2670
18802. Confirmed=U
18803. Filename=BJPSMAIN.EXE
18804. Description=A utility to launch the applications that are bundled with a Canon bubblejet printer
18805. Source=Paul Collins Startup list
18806.  
18807. [EasyAV]
18808. Number=2671
18809. Confirmed=X
18810. Filename=EasyAV.exe
18811. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040512-2436-99" target="_blank">NETSKY.S</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040616-1824-99" target="_blank">NETSKY.T</a> WORMS!
18812. Source=Paul Collins Startup list
18813.  
18814. [EasyDates]
18815. Number=2672
18816. Confirmed=X
18817. Filename=EasyDates.exe
18818. Description=Premium rate adult content dialler
18819.  
18820. Source=Paul Collins Startup list
18821.  
18822. [EasyDates_nl]
18823. Number=2673
18824. Confirmed=X
18825. Filename=EasyDates_nl.exe
18826. Description=Adult content dialler
18827. Source=Paul Collins Startup list
18828.  
18829. [EasyKey]
18830. Number=2674
18831. Confirmed=U
18832. Filename=easykey.exe
18833. Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
18834. Source=Paul Collins Startup list
18835.  
18836. [EasyKeyboardLogger]
18837. Number=2675
18838. Confirmed=U
18839. Filename=EasyKeyboardLogger.exe
18840. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042216-1324-99" target=_blank>EasyKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
18841.  
18842. Source=Paul Collins Startup list
18843.  
18844. [EasyMessage]
18845. Number=2676
18846. Confirmed=U
18847. Filename=em2.exe
18848. Description=Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See <a href="http://www.easymessage.net/" target="_blank">here</a>
18849. Source=Paul Collins Startup list
18850.  
18851. [EasySearchBar]
18852. Number=2677
18853. Confirmed=X
18854. Filename=ESBUpdate.exe
18855. Description=EasySearchBar adware downloader
18856. Source=Paul Collins Startup list
18857.  
18858. [easyServ]
18859. Number=2678
18860. Confirmed=X
18861. Filename=Server.exe
18862. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080619-3837-99" target="_blank">EASYSERV</a> TROJAN!
18863. Source=Paul Collins Startup list
18864.  
18865. [EasySync Pro]
18866. Number=2679
18867. Confirmed=U
18868. Filename=XCPCMenu.exe
18869. Description=<a href="http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/easysyncprohome" target="_blank">EasySync Pro</a> is a Lotus (now owned by IBM) program for synchronizing a PDA with Lotus Notes
18870. Source=Paul Collins Startup list
18871.  
18872. [EasyTuneIII]
18873. Number=2680
18874. Confirmed=U
18875. Filename=EasyTune.exe
18876. Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
18877. Source=Paul Collins Startup list
18878.  
18879. [EasyTuneIV]
18880. Number=2681
18881. Confirmed=U
18882. Filename=ET4Tray.exe
18883. Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
18884. Source=Paul Collins Startup list
18885.  
18886. [easywww]
18887. Number=2682
18888. Confirmed=X
18889. Filename=easywww2.exe
18890. Description=Added by an unidentified VIRUS, WORM or TROJAN!
18891. Source=Paul Collins Startup list
18892.  
18893. [EbatesMoeMoneyMaker]
18894. Number=2683
18895. Confirmed=N
18896. Filename=wjview ...Code
18897. Description=<a href="http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml" target="_blank">Ebates</a> adware
18898. Source=Paul Collins Startup list
18899.  
18900. [EbatesMoeMoneyMaker0]
18901. Number=2684
18902. Confirmed=X
18903. Filename=EbatesMoeMoneyMaker0.exe
18904. Description=<a href="http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml" target="_blank">Ebates</a> adware
18905. Source=Paul Collins Startup list
18906.  
18907. [eBay Toolbar]
18908. Number=2685
18909. Confirmed=X
18910. Filename=EBAYTBAR.EXE
18911. Description=<a href="http://pages.ebay.com/ebay_toolbar/" target="_blank">eBay Toolbar</a> - reportes as spyware as it "phones home"
18912. Source=Paul Collins Startup list
18913.  
18914. [eBayToolbar]
18915. Number=2686
18916. Confirmed=U
18917. Filename=eBayTBDaemon.exe
18918. Description=<a href="http://pages.ebay.com/ebay_toolbar/" target=_blank>eBay</a> toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites
18919. Source=Paul Collins Startup list
18920.  
18921. [eBoard]
18922. Number=2687
18923. Confirmed=U
18924. Filename=Eboard.exe
18925. Description=eMachines multimedia keyboard manager. Required if you use the extra keys
18926. Source=Paul Collins Startup list
18927.  
18928. [eBot]
18929. Number=2688
18930. Confirmed=N
18931. Filename=DownloadWizard.exe
18932. Description=eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
18933. Source=Paul Collins Startup list
18934.  
18935. [EC21]
18936. Number=2689
18937. Confirmed=U
18938. Filename=EZQ.EXE
18939. Description=Related to EC21. "<a href="http://www.ec21.com/" target="_blank">EC21</a> is the worldÆs largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"
18940. Source=Paul Collins Startup list
18941.  
18942. [ecko]
18943. Number=2690
18944. Confirmed=X
18945. Filename=claro.exe
18946. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqj.html" target="_blank">DLOADR-AQJ</a> TROJAN!
18947. Source=Paul Collins Startup list
18948.  
18949. [ecpe]
18950. Number=2691
18951. Confirmed=?
18952. Filename=ECPE.EXE
18953. Description=<font color="#FF0000">??</font>
18954. Source=Paul Collins Startup list
18955.  
18956. [eDataSecurity Loader]
18957. Number=2692
18958. Confirmed=U
18959. Filename=eDSloader.exe
18960. Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#1" target="_blank">Acer eDataSecurity Management</a> is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"
18961. Source=Paul Collins Startup list
18962.  
18963. [edexter]
18964. Number=2693
18965. Confirmed=N
18966. Filename=edexter.exe
18967. Description=<a href="http://www.pyrenean.com/edexter.php" target=_blank>eDexter</a> supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser
18968. Source=Paul Collins Startup list
18969.  
18970. [editpad]
18971. Number=2694
18972. Confirmed=X
18973. Filename=editpad.exe
18974. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojconsperb.html" target="_blank">CONSPER-B</a> TROJAN!
18975. Source=Paul Collins Startup list
18976.  
18977. [EDLoader]
18978. Number=2695
18979. Confirmed=N
18980. Filename=DTLoader.exe
18981. Description=Effective Desktop from MiniStars Software - desktop management software no longer being supported
18982. Source=Paul Collins Startup list
18983.  
18984. [eDonkey2000]
18985. Number=2696
18986. Confirmed=U
18987. Filename=edonkey2000.exe
18988. Description=File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools
18989. Source=Paul Collins Startup list
18990.  
18991. [EDRestore]
18992. Number=2697
18993. Confirmed=U
18994. Filename=??
18995. Description=<a href="http://www.easydesksoftware.com/spoint.htm" target="_blank">Set Point</a> from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
18996. Source=Paul Collins Startup list
18997.  
18998. [educational writer]
18999. Number=2698
19000. Confirmed=X
19001. Filename=[random filename]
19002. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlz.html" target="_blank">RBOT-LZ</a> WORM!
19003. Source=Paul Collins Startup list
19004.  
19005. [Edwizard]
19006. Number=2699
19007. Confirmed=U
19008. Filename=Edwizard.exe
19009. Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
19010. Source=Paul Collins Startup list
19011.  
19012. [EDxMC110]
19013. Number=2700
19014. Confirmed=X
19015. Filename=Isass.exe
19016. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbnia.html" target="_blank">VB-NIA</a> WORM!
19017. Source=Paul Collins Startup list
19018.  
19019. [EEventManager]
19020. Number=2701
19021. Confirmed=N
19022. Filename=EEventManager.exe
19023. Description=Part of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/eeventmanager/" target="_blank">Epson Creativity Suite</a> supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode
19024. Source=Paul Collins Startup list
19025.  
19026. [eFax DllCmd]
19027. Number=2702
19028. Confirmed=U
19029. Filename=J2GDllCmd.exe
19030. Description=<a href="http://www.efax.com/en/efax/twa/page/download?rqcp=1" target="_blank">eFax Messenger</a> fax software
19031. Source=Paul Collins Startup list
19032.  
19033. [eFax Tray Menu]
19034. Number=2703
19035. Confirmed=N
19036. Filename=HotTray.exe
19037. Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
19038. Source=Paul Collins Startup list
19039.  
19040. [eFax Tray Menu]
19041. Number=2704
19042. Confirmed=U
19043. Filename=J2GTray.exe
19044. Description=<a href="http://www.efax.com/en/efax/twa/page/download?rqcp=1" target="_blank">eFax Messenger</a> fax software tray menu
19045. Source=Paul Collins Startup list
19046.  
19047. [eFax.com Tray Menu]
19048. Number=2705
19049. Confirmed=N
19050. Filename=HotTray.exe
19051. Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
19052. Source=Paul Collins Startup list
19053.  
19054. [efaxs lptt01]
19055. Number=2706
19056. Confirmed=X
19057. Filename=efaxs.exe
19058. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
19059. Source=Paul Collins Startup list
19060.  
19061. [efaxs ml097e]
19062. Number=2707
19063. Confirmed=X
19064. Filename=efaxs.exe
19065. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
19066. Source=Paul Collins Startup list
19067.  
19068. [EFI Job Monitor]
19069. Number=2708
19070. Confirmed=U
19071. Filename=[path] efjm.dll,run
19072. Description=Ricoh Imagio Printer/Scanner driver status monitor
19073. Source=Paul Collins Startup list
19074.  
19075. [Efpap.exe]
19076. Number=2709
19077. Confirmed=U
19078. Filename=Efpap.exe
19079. Description=<a href="http://www.softstack.com/fileprotpro.html" target="_blank">Easy File & Folder Protector</a>. Deny access to certain files and folders, or to hide them securely from viewing and searching
19080. Source=Paul Collins Startup list
19081.  
19082. [ehTray]
19083. Number=2710
19084. Confirmed=U
19085. Filename=ehtray.exe
19086. Description=Enables the user to access Windows Messenger from within <a href="http://msdn.microsoft.com/library/en-us/MedctrSDK/htm/formoreinformation.asp" target="_blank">Windows Media Center Edition</a>
19087. Source=Paul Collins Startup list
19088.  
19089. [ei10.exe]
19090. Number=2711
19091. Confirmed=X
19092. Filename=ei10.exe
19093. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnk.html" target=_blank>AGOBOT-NK</a> WORM!
19094. Source=Paul Collins Startup list
19095.  
19096. [Eicon NetworksLAN_DAEMON]
19097. Number=2712
19098. Confirmed=U
19099. Filename=watch.exe
19100. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
19101. Source=Paul Collins Startup list
19102.  
19103. [Eicon TechnologyLAN_DAEMON]
19104. Number=2713
19105. Confirmed=U
19106. Filename=watch.exe
19107. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
19108. Source=Paul Collins Startup list
19109.  
19110. [eixfi]
19111. Number=2714
19112. Confirmed=X
19113. Filename=china.bat
19114. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A" target="_blank">WCUP.A</a> WORM!
19115. Source=Paul Collins Startup list
19116.  
19117. [Elbycheck]
19118. Number=2715
19119. Confirmed=U
19120. Filename=ElbyCheck.exe
19121. Description=From <a href="http://www.elby.org/" target="_blank">Elaborate Bytes</a> who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
19122. Source=Paul Collins Startup list
19123.  
19124. [Electron Microscope]
19125. Number=2716
19126. Confirmed=U
19127. Filename=EMIII.exe
19128. Description=Electron Microscope or <a href="http://www.em-dc.com/" target=_blank>EM</a> - is a program used to track Stanford's distributed computing program client called Folding at Home, <a href="http://folding.stanford.edu/" target=_blank>FAH</a>. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues
19129.  
19130. Source=Paul Collins Startup list
19131.  
19132. [Element]
19133. Number=2717
19134. Confirmed=X
19135. Filename=Element.txt
19136. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-112112-1947-99" target="_blank">ELEM</a> TROJAN!
19137. Source=Paul Collins Startup list
19138.  
19139. [element furth]
19140. Number=2718
19141. Confirmed=X
19142. Filename=[path] repcale.exe [path] palsp.exe
19143. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
19144. Source=Paul Collins Startup list
19145.  
19146. [elitemedia]
19147. Number=2719
19148. Confirmed=X
19149. Filename=elitemediapop.exe
19150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonebb.html" target=_blank>LOWZONE-BB</a> TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware
19151.  
19152. Source=Paul Collins Startup list
19153.  
19154. [elm]
19155. Number=2720
19156. Confirmed=N
19157. Filename=Elmenv.exe
19158. Description=ViaTech eLicense for securing, distributing and selling music online
19159. Source=Paul Collins Startup list
19160.  
19161. [ELNKProxy]
19162. Number=2721
19163. Confirmed=X
19164. Filename=smproxy.exe
19165. Description=<a href="http://www.spyany.com/program/article_spw_rm_Surfmonkey.html" target=_blank>Surfmonkey</a> adware
19166. Source=Paul Collins Startup list
19167.  
19168. [ELSA WINman Suite]
19169. Number=2722
19170. Confirmed=U
19171. Filename=Winmsuit.exe
19172. Description=Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
19173. Source=Paul Collins Startup list
19174.  
19175. [ElsaCapiCtl]
19176. Number=2723
19177. Confirmed=Y
19178. Filename=Rcapi.exe
19179. Description=Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
19180. Source=Paul Collins Startup list
19181.  
19182. [ELSAChipGuard]
19183. Number=2724
19184. Confirmed=U
19185. Filename=elsavect.exe
19186. Description=ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
19187. Source=Paul Collins Startup list
19188.  
19189. [ELSBLaunch]
19190. Number=2725
19191. Confirmed=U
19192. Filename=ELSBLaunch.exe
19193. Description=EarthLink <a href="http://www.earthlink.net/software/free/spamblocker/" target="_blank">SpamBlocker</a>
19194. Source=Paul Collins Startup list
19195.  
19196. [EMA.exe]
19197. Number=2726
19198. Confirmed=N
19199. Filename=EMA.EXE
19200. Description=Time management system which helps you to manage your time and appointments
19201. Source=Paul Collins Startup list
19202.  
19203. [eMachines eBoard]
19204. Number=2727
19205. Confirmed=U
19206. Filename=Eboard.exe
19207. Description=eMachines multimedia keyboard manager. Required if you use the extra keys
19208. Source=Paul Collins Startup list
19209.  
19210. [Email Protection]
19211. Number=2728
19212. Confirmed=Y
19213. Filename=emlproxy.exe
19214. Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - E-mail protection
19215. Source=Paul Collins Startup list
19216.  
19217. [EmailScan]
19218. Number=2729
19219. Confirmed=Y
19220. Filename=mcvsescn.exe
19221. Description=Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails
19222.  
19223. Source=Paul Collins Startup list
19224.  
19225. [eMakeSV]
19226. Number=2730
19227. Confirmed=X
19228. Filename=EMAKESV.EXE
19229. Description=<a href="http://www.spywareguide.com/product_show.php?id=1949" target=_blank>Switch</a> premium rate adult content dialler variant
19230. Source=Paul Collins Startup list
19231.  
19232. [eMakeSV]
19233. Number=2731
19234. Confirmed=X
19235. Filename=EMAKE2B.EXE
19236. Description=<a href="http://www.spywareguide.com/product_show.php?id=1949" target=_blank>Switch</a> premium rate adult content dialer variant
19237. Source=Paul Collins Startup list
19238.  
19239. [EMBASSY Trust Suite Secure Update]
19240. Number=2732
19241. Confirmed=U
19242. Filename=AutoUpdate.exe
19243. Description=Updates for Wave Systems Corp. <a href="http://www.wavesys.com/products/ets.html" target="_blank">Embassy Trust Suite</a> - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"
19244. Source=Paul Collins Startup list
19245.  
19246. [eMCryT Sh3ars Panagers]
19247. Number=2733
19248. Confirmed=X
19249. Filename=[path to worm]
19250. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawi.html" target=_blank>RBOT-AWI</a> WORM!
19251. Source=Paul Collins Startup list
19252.  
19253. [EMMeter]
19254. Number=2734
19255. Confirmed=U
19256. Filename=EMMeter.exe
19257. Description="<a href="http://www.expressmetrix.com/products/em.asp" target="_blank">Express Meter</a> provides detailed information about how your software assets are being used. With Express Meter you can monitor application usage, identify software usage patterns, and control application launchesùall of which can help you make better decisions about your IT investments"
19258. Source=Paul Collins Startup list
19259.  
19260. [emoc0re]
19261. Number=2735
19262. Confirmed=X
19263. Filename=emo.exe
19264. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotage.html" target= blank>AGOBOT-AGE</a> WORM!
19265. Source=Paul Collins Startup list
19266.  
19267. [empin]
19268. Number=2736
19269. Confirmed=X
19270. Filename=e121307.exe
19271. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
19272. Source=Paul Collins Startup list
19273.  
19274. [empin]
19275. Number=2737
19276. Confirmed=X
19277. Filename=e121307.Stub.exe
19278. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
19279. Source=Paul Collins Startup list
19280.  
19281. [emsw.exe]
19282. Number=2738
19283. Confirmed=X
19284. Filename=emsw.exe
19285. Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
19286. Source=Paul Collins Startup list
19287.  
19288. [emule]
19289. Number=2739
19290. Confirmed=X
19291. Filename=emule.exe
19292. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalz.html" target=_blank>RBOT-ALZ</a> WORM!
19293. Source=Paul Collins Startup list
19294.  
19295. [eMusicClient Systray]
19296. Number=2740
19297. Confirmed=N
19298. Filename=eMusicClient.exe
19299. Description=<a href="http://www.emusic.com/about/index.html" target=_blank>eMusic</a> MP3 download software
19300. Source=Paul Collins Startup list
19301.  
19302. [EM_EXEC]
19303. Number=2741
19304. Confirmed=U
19305. Filename=EM_EXEC.EXE
19306. Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
19307. Source=Paul Collins Startup list
19308.  
19309. [EN4060C Taskbar]
19310. Number=2742
19311. Confirmed=N
19312. Filename=en4060ct.exe
19313. Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
19314. Source=Paul Collins Startup list
19315.  
19316. [enBrowser]
19317. Number=2743
19318. Confirmed=X
19319. Filename=[name of file]
19320. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
19321. Source=Paul Collins Startup list
19322.  
19323. [encapsulated command tool]
19324. Number=2744
19325. Confirmed=?
19326. Filename=wintr.com
19327. Description=<font color="#FF0000">??</font>
19328. Source=Paul Collins Startup list
19329.  
19330. [Encarta Dictionary Quickshelf]
19331. Number=2745
19332. Confirmed=N
19333. Filename=QSHLFED.EXE
19334. Description=<font color="#FF0000">Provides quick access to Encarta's Dictionary features?</font>
19335. Source=Paul Collins Startup list
19336.  
19337. [ENCMONITOR]
19338. Number=2746
19339. Confirmed=N
19340. Filename=monitor.exe
19341. Description=The Encompass Monitor. This program is the Connect Direct Program.  It is more trouble than it is worth and few use it
19342. Source=Paul Collins Startup list
19343.  
19344. [Encoder Agent]
19345. Number=2747
19346. Confirmed=N
19347. Filename=WMENCAGT.EXE
19348. Description=MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed
19349. Source=Paul Collins Startup list
19350.  
19351. [Encompass_ENCMONTR]
19352. Number=2748
19353. Confirmed=U
19354. Filename=ENCMONTR.EXE
19355. Description=Optional simple browser from Yahoo (Encompass)
19356. Source=Paul Collins Startup list
19357.  
19358. [ENCSurf]
19359. Number=2749
19360. Confirmed=?
19361. Filename=surfboard.exe
19362. Description=<font color="#FF0000">??</font>
19363. Source=Paul Collins Startup list
19364.  
19365. [Energizer FileSaver]
19366. Number=2750
19367. Confirmed=N
19368. Filename=Energizer FileSaver.exe
19369. Description=<a href="http://www.energizerups.com/productline.asp" target="_blank">Energizer FileSaver</a> - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended
19370. Source=Paul Collins Startup list
19371.  
19372. [EnergyPlugIn]
19373. Number=2751
19374. Confirmed=X
19375. Filename=EnergyPlugin.exe
19376. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-061315-1440-99" target=_blank>EnergyPlugin</a> adware variant
19377. Source=Paul Collins Startup list
19378.  
19379. [enginecs2]
19380. Number=2752
19381. Confirmed=U
19382. Filename=enginecs2.exe
19383. Description=<a href="http://www.securitysoft.com/myspace_filtering.asp?pageid=82" target="_blank">Cyber Sentinel</a> - internet filtering software
19384. Source=Paul Collins Startup list
19385.  
19386. [EngUtil]
19387. Number=2753
19388. Confirmed=Y
19389. Filename=EngUtil.exe
19390. Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
19391. Source=Paul Collins Startup list
19392.  
19393. [Enh Win Updt]
19394. Number=2754
19395. Confirmed=X
19396. Filename=enhupdt.exe
19397. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h
19398. Source=Paul Collins Startup list
19399.  
19400. [enhance32]
19401. Number=2755
19402. Confirmed=X
19403. Filename=enhance32.exe
19404. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
19405. Source=Paul Collins Startup list
19406.  
19407. [EnigmaPopupStop]
19408. Number=2756
19409. Confirmed=N
19410. Filename=EnigmaPopupStop.exe
19411. Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
19412. Source=Paul Collins Startup list
19413.  
19414. [ENSApServer2_0]
19415. Number=2757
19416. Confirmed=?
19417. Filename=APSERVER.EXE
19418. Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> Wireless II Home Network related. Now discontinued. <font color="#FF0000">What does it do and is it required?</font>
19419. Source=Paul Collins Startup list
19420.  
19421. [ENSMIX32.EXE]
19422. Number=2758
19423. Confirmed=?
19424. Filename=ENSMIX32.EXE
19425. Description=Sound card driver. <font color="#FF0000"> Is it required?</font>
19426. Source=Paul Collins Startup list
19427.  
19428. [EnsoniqMixer]
19429. Number=2759
19430. Confirmed=U
19431. Filename=starter.exe
19432. Description=Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on <a href="http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm" target=_blank>this</a> special page. Similar to Creative PCI Audio Configuration Utility
19433. Source=Paul Collins Startup list
19434.  
19435. [Entbloess 2]
19436. Number=2760
19437. Confirmed=U
19438. Filename=Entbloess2.exe
19439. Description=Related to Window-Switcher (now <a href="http://www.reflexvision.net/" target=_blank>Reflex Vision</a>) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's ExposΘ, for Windows 2K/XP
19440. Source=Paul Collins Startup list
19441.  
19442. [Enterra Icon Keeper]
19443. Number=2761
19444. Confirmed=U
19445. Filename=IcnKeepr.exe
19446. Description=<a href="http://www.enterra-soft.com/" target=_blank>Icon Keeper</a> - "tool to save and restore icon positions on the desktop"
19447.  
19448. Source=Paul Collins Startup list
19449.  
19450. [Enumerate Service]
19451. Number=2762
19452. Confirmed=X
19453. Filename=wsys.exe
19454. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
19455. Source=Paul Collins Startup list
19456.  
19457. [EnvyHFCPL]
19458. Number=2763
19459. Confirmed=Y
19460. Filename=EnMixCPL.exe
19461. Description=VIA <a href="http://www.via.com.tw/en/products/audio/controllers/envy24/" target= blank>Envy24</a> PCI Audio Controller driver
19462. Source=Paul Collins Startup list
19463.  
19464. [eonemng]
19465. Number=2764
19466. Confirmed=U
19467. Filename=eOneMng.exe
19468. Description=eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
19469. Source=Paul Collins Startup list
19470.  
19471. [EOUApp]
19472. Number=2765
19473. Confirmed=U
19474. Filename=EOUWiz.exe
19475. Description=Intel ProSET Wireless related - provides additional configuration options for these devices
19476. Source=Paul Collins Startup list
19477.  
19478. [EOUWiz]
19479. Number=2766
19480. Confirmed=U
19481. Filename=EOUWiz.exe
19482. Description=Intel ProSET Wireless related - provides additional configuration options for these devices
19483. Source=Paul Collins Startup list
19484.  
19485. [ePower_DMC]
19486. Number=2767
19487. Confirmed=U
19488. Filename=ePower_DMC.exe
19489. Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
19490. Source=Paul Collins Startup list
19491.  
19492. [EPoXUSDM]
19493. Number=2768
19494. Confirmed=U
19495. Filename=USDM.EXE
19496. Description=<a href="http://www.epox.com.tw/eng/index.php" target=_blank>EPoX</a> Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc
19497. Source=Paul Collins Startup list
19498.  
19499. [ePrint 3.0 Service]
19500. Number=2769
19501. Confirmed=N
19502. Filename=EPRINT3.EXE
19503. Description=LEADTOOLS <a href="http://www.eprintdriver.com/" target=_blank>ePrint</a> file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
19504.  
19505. Source=Paul Collins Startup list
19506.  
19507. [ePrint 4.0 Service]
19508. Number=2770
19509. Confirmed=N
19510. Filename=EPRINT4.EXE
19511. Description=A component of the "LEADTOOLS <a href="http://www.eprintdriver.com/" target=_blank>ePrint</a> File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
19512. Source=Paul Collins Startup list
19513.  
19514. [ePrompter]
19515. Number=2771
19516. Confirmed=U
19517. Filename=ePrompter.exe
19518. Description=<a href="http://www.eprompter.com/" target="_blank">ePrompter</a> - E-mail notification software
19519. Source=Paul Collins Startup list
19520.  
19521. [EPS]
19522. Number=2772
19523. Confirmed=N
19524. Filename=e_srcv02.exe
19525. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19526. Source=Paul Collins Startup list
19527.  
19528. [EPS]
19529. Number=2773
19530. Confirmed=N
19531. Filename=e_srcv03.exe
19532. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19533. Source=Paul Collins Startup list
19534.  
19535. [EPSON Background Monitor]
19536. Number=2774
19537. Confirmed=N
19538. Filename=STMS.EXE
19539. Description=Supposed to keep an Epson printer ready for quick printing.  Users report little difference whether it is on or not
19540. Source=Paul Collins Startup list
19541.  
19542. [EPSON CardMonitor]
19543. Number=2775
19544. Confirmed=U
19545. Filename=EPSON CardMonitor1.0.exe
19546. Description=Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
19547. Source=Paul Collins Startup list
19548.  
19549. [EPSON Status Monitor 3 Environment Check]
19550. Number=2776
19551. Confirmed=N
19552. Filename=e_srcv03.exe
19553. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19554. Source=Paul Collins Startup list
19555.  
19556. [EPSON Status Monitor 3 Environment Check]
19557. Number=2777
19558. Confirmed=N
19559. Filename=e_srcv02.exe
19560. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19561. Source=Paul Collins Startup list
19562.  
19563. [EPSON Status Monitor 3 Environment Check 2]
19564. Number=2778
19565. Confirmed=N
19566. Filename=e_srcv03.exe
19567. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19568. Source=Paul Collins Startup list
19569.  
19570. [EPSON Status Monitor 3 Environment Check 2]
19571. Number=2779
19572. Confirmed=N
19573. Filename=e_srcv02.exe
19574. Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
19575. Source=Paul Collins Startup list
19576.  
19577. [EPSON Stylus C44 Series]
19578. Number=2780
19579. Confirmed=U
19580. Filename=E_S10IC2.EXE
19581. Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
19582. Source=Paul Collins Startup list
19583.  
19584. [EPSON Stylus C46 Series]
19585. Number=2781
19586. Confirmed=U
19587. Filename=E_S4I0T1.EXE
19588. Description=Epson Stylus C46 Series printer monitor - for checking ink levels, etc
19589. Source=Paul Collins Startup list
19590.  
19591. [Epson Stylus C62 Series]
19592. Number=2782
19593. Confirmed=U
19594. Filename=E-S0BIC1.EXE
19595. Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
19596. Source=Paul Collins Startup list
19597.  
19598. [Epson Stylus C82 Series]
19599. Number=2783
19600. Confirmed=U
19601. Filename=e_s0hic1.EXE
19602. Description=Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
19603. Source=Paul Collins Startup list
19604.  
19605. [EPSON Stylus DX4800 Series]
19606. Number=2784
19607. Confirmed=?
19608. Filename=E_FATIADE.EXE
19609. Description=Related to Epson Stylus DX4800 Series printer - <font color="#FF0000">what does it do and is it required in startup?</font>
19610. Source=Paul Collins Startup list
19611.  
19612. [EPSON Stylus Photo R300 Series]
19613. Number=2785
19614. Confirmed=U
19615. Filename=E_S4I2F1.EXE
19616. Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of ink levels, a print job spooled to that printer, etc
19617. Source=Paul Collins Startup list
19618.  
19619. [EPSON Stylus Photo RX420 Series]
19620. Number=2786
19621. Confirmed=U
19622. Filename=E_FATI9CE.EXE
19623. Description=Related to the EPSON Stylus Photo RX420 Series printer/scanner/copier
19624. Source=Paul Collins Startup list
19625.  
19626. [EpsonPhotoStarter]
19627. Number=2787
19628. Confirmed=U
19629. Filename=EPSON_PhotoStarter.exe
19630. Description=Only needed if you want to make full use of the capabilities of an Epson printer that included this 
19631. Source=Paul Collins Startup list
19632.  
19633. [Eptr]
19634. Number=2788
19635. Confirmed=X
19636. Filename=nopdb.exe
19637. Description=Added by an unidentified WORM or TROJAN!
19638. Source=Paul Collins Startup list
19639.  
19640. [EQAdvice]
19641. Number=2789
19642. Confirmed=X
19643. Filename=EQAdvice.exe
19644. Description=Added by <a href="http://www.superadblocker.com/definition/eqadvice/" target=_blank>NewAds1</a> ADAWARE!
19645.  
19646. Source=Paul Collins Startup list
19647.  
19648. [EQArticle]
19649. Number=2790
19650. Confirmed=U
19651. Filename=EQArticle.exe
19652. Description=<a href="http://www.spyany.com/program/article_adw_rm_EQArticle.html" target="_blank">EQArticle</a> adware
19653. Source=Paul Collins Startup list
19654.  
19655. [Equipmen]
19656. Number=2791
19657. Confirmed=?
19658. Filename=Equipmen.exe
19659. Description=<font color="#FF0000">??</font>
19660. Source=Paul Collins Startup list
19661.  
19662. [Eraser]
19663. Number=2792
19664. Confirmed=U
19665. Filename=eraser.exe
19666. Description=<a href="http://www.heidi.ie/eraser/" target=_blank>Eraser</a> allows for complete removal of data from your hard drive
19667. Source=Paul Collins Startup list
19668.  
19669. [eRecoveryService]
19670. Number=2793
19671. Confirmed=U
19672. Filename=check.exe
19673. Description=Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity
19674. Source=Paul Collins Startup list
19675.  
19676. [eRecoveryService]
19677. Number=2794
19678. Confirmed=U
19679. Filename=Monitor.exe
19680. Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#4" target="_blank">Acer eRecovery Management</a> is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"
19681. Source=Paul Collins Startup list
19682.  
19683. [EReg]
19684. Number=2795
19685. Confirmed=N
19686. Filename=reg32.exe
19687. Description=EReg is a software registration tool incorporated on products such as those by Br°derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
19688. Source=Paul Collins Startup list
19689.  
19690. [erfgddfk]
19691. Number=2796
19692. Confirmed=X
19693. Filename=wind2ll2.exe
19694. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112515-0448-99" target=_blank>BEAGLE.CQ</a> WORM!
19695. Source=Paul Collins Startup list
19696.  
19697. [erghgjhgdr]
19698. Number=2797
19699. Confirmed=X
19700. Filename=windlhhl.exe
19701. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030110-5115-99" target=_blank>BEAGLE.BG</a> WORM!
19702. Source=Paul Collins Startup list
19703.  
19704. [erghgjhjgdr]
19705. Number=2798
19706. Confirmed=X
19707. Filename=windlhhl.exe
19708. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030110-5115-99" target=_blank>BEAGLE.BG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030113-2829-99" target=_blank>BEAGLE.BH</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3932-99" target=_blank>BEAGLE.BI</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-4032-99" target=_blank>BEAGLE.BJ</a> WORMS!
19709. Source=Paul Collins Startup list
19710.  
19711. [erm]
19712. Number=2799
19713. Confirmed=?
19714. Filename=erm.exe
19715. Description=<font color="#FF0000">??</font>
19716. Source=Paul Collins Startup list
19717.  
19718. [eros.exe]
19719. Number=2800
19720. Confirmed=X
19721. Filename=eros.exe
19722. Description=Adult content dailler
19723. Source=Paul Collins Startup list
19724.  
19725. [Error Nuker]
19726. Number=2801
19727. Confirmed=N
19728. Filename=ErrorNuker.exe
19729. Description=<a href="http://www.errornuker.com/" target= blank>ErrorNuker</a> registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required
19730. Source=Paul Collins Startup list
19731.  
19732. [Error Safe]
19733. Number=2802
19734. Confirmed=N
19735. Filename=ers.exe
19736. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
19737. Source=Paul Collins Startup list
19738.  
19739. [ErrorGuard]
19740. Number=2803
19741. Confirmed=X
19742. Filename=ErrorGuard.exe
19743. Description=Spyware remover - not recommended, see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094197" target="_blank">here</a>
19744. Source=Paul Collins Startup list
19745.  
19746. [errorhandler]
19747. Number=2804
19748. Confirmed=X
19749. Filename=errorhandler.exe
19750. Description=Added by <a href="http://www.fileresearchcenter.com/E/ERRORHANDLER.EXE-7350.html" target=_blank>ErrorHandler</a> ADAWARE!
19751.  
19752. Source=Paul Collins Startup list
19753.  
19754. [ERS]
19755. Number=2805
19756. Confirmed=N
19757. Filename=ers_startupmon.exe
19758. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
19759. Source=Paul Collins Startup list
19760.  
19761. [erscw]
19762. Number=2806
19763. Confirmed=N
19764. Filename=erscw.exe
19765. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
19766. Source=Paul Collins Startup list
19767.  
19768. [ERS_check]
19769. Number=2807
19770. Confirmed=N
19771. Filename=ers_startupmon.exe
19772. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
19773. Source=Paul Collins Startup list
19774.  
19775. [erthegdr]
19776. Number=2808
19777. Confirmed=X
19778. Filename=windll2.exe
19779. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091216-4524-99" target=_blank>BEAGLE.CG</a> WORM!
19780. Source=Paul Collins Startup list
19781.  
19782. [erthgdr]
19783. Number=2809
19784. Confirmed=X
19785. Filename=windll.exe
19786. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080911-3251-99" target="_blank">BEAGLE.AO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083115-2542-99" target="_blank">BEAGLE.AQ</a> WORMS!
19787. Source=Paul Collins Startup list
19788.  
19789. [erthgdr]
19790. Number=2810
19791. Confirmed=X
19792. Filename=svc.exe
19793. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041600-0244-99" target= blank>BEAGLE.BN</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042115-2906-99" target= blank>BEAGLE.BP</a> WORM!
19794. Source=Paul Collins Startup list
19795.  
19796. [erthgdr2]
19797. Number=2811
19798. Confirmed=X
19799. Filename=svc23.exe
19800. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.CG&VSect=P" target=_blank>BAGLE.CG</a> WORM!
19801. Source=Paul Collins Startup list
19802.  
19803. [ERTS0749]
19804. Number=2812
19805. Confirmed=?
19806. Filename=ERTS0749.exe
19807. Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
19808. Source=Paul Collins Startup list
19809.  
19810. [ERUNT AutoBackup]
19811. Number=2813
19812. Confirmed=U
19813. Filename=AUTOBACK.EXE
19814. Description=<a href="http://www.larshederer.homepage.t-online.de/erunt/" target="_blank">ERUNT</a> backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored
19815. Source=Paul Collins Startup list
19816.  
19817. [eSafe Protect]
19818. Number=2814
19819. Confirmed=Y
19820. Filename=ESPWatch.exe
19821. Description=<a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> from Aladdin - internet security for gateway and E-mail servers
19822. Source=Paul Collins Startup list
19823.  
19824. [ESB]
19825. Number=2815
19826. Confirmed=U
19827. Filename=esb.exe
19828. Description=Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
19829. Source=Paul Collins Startup list
19830.  
19831. [eScan Monitor]
19832. Number=2816
19833. Confirmed=Y
19834. Filename=AVKWCTL9X.EXE
19835. Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus
19836. Source=Paul Collins Startup list
19837.  
19838. [eScan Scheduler]
19839. Number=2817
19840. Confirmed=U
19841. Filename=avkserv.exe
19842. Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus scheduler
19843. Source=Paul Collins Startup list
19844.  
19845. [eScan Updater]
19846. Number=2818
19847. Confirmed=U
19848. Filename=Trayicos.exe
19849. Description=MicroWorld <a href="http://www.mwti.net/products/escan/escan_antivirus/escanantivirus.asp" target="_blank">eScan</a> antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
19850. Source=Paul Collins Startup list
19851.  
19852. [EScorcher]
19853. Number=2819
19854. Confirmed=X
19855. Filename=escorcher.exe
19856. Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
19857. Source=Paul Collins Startup list
19858.  
19859. [ESFTP]
19860. Number=2820
19861. Confirmed=N
19862. Filename=esftp.exe
19863. Description=<a href="http://esftp.com/features.html" target="_blank">ESftp</a> - FTP client for transfering files between a local PC and another remote computer
19864. Source=Paul Collins Startup list
19865.  
19866. [Esoh]
19867. Number=2821
19868. Confirmed=X
19869. Filename=Esoh123.exe
19870. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF" target=_blank>AGOBOT.FF</a> WORM!
19871.  
19872. Source=Paul Collins Startup list
19873.  
19874. [Especial]
19875. Number=2822
19876. Confirmed=X
19877. Filename=Deneca.bat
19878. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050909-4602-99" target= blank>DELUZ</a> VIRUS!
19879. Source=Paul Collins Startup list
19880.  
19881. [ESPN BottomLine]
19882. Number=2823
19883. Confirmed=N
19884. Filename=bline.exe
19885. Description=ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
19886. Source=Paul Collins Startup list
19887.  
19888. [ESS Daemon]
19889. Number=2824
19890. Confirmed=?
19891. Filename=Essd.exe
19892. Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
19893. Source=Paul Collins Startup list
19894.  
19895. [essapm]
19896. Number=2825
19897. Confirmed=?
19898. Filename=essapm.exe
19899. Description=ESS Solo soundcard driver. <font color="#FF0000">Is it required?</font>
19900. Source=Paul Collins Startup list
19901.  
19902. [Essdc]
19903. Number=2826
19904. Confirmed=Y
19905. Filename=essdc.exe
19906. Description=Related to an ESS Solo soundcard. Seems as though it's required
19907. Source=Paul Collins Startup list
19908.  
19909. [ESSNDSYS]
19910. Number=2827
19911. Confirmed=?
19912. Filename=ESSNDSYS.EXE
19913. Description=Related to an ESS based soundacard. <font color="#FF0000">Is it required?</font>
19914. Source=Paul Collins Startup list
19915.  
19916. [ESSOLO]
19917. Number=2828
19918. Confirmed=Y
19919. Filename=ESSOLO.exe
19920. Description=Sound card driver that re-instates itself every time it's removed
19921. Source=Paul Collins Startup list
19922.  
19923. [esspk]
19924. Number=2829
19925. Confirmed=Y
19926. Filename=esspk.exe
19927. Description=ESS Technology modem speaker driver file. Required to get on-line with this modem
19928. Source=Paul Collins Startup list
19929.  
19930. [EssSpkPhone]
19931. Number=2830
19932. Confirmed=U
19933. Filename=essspk.exe
19934. Description=ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
19935. Source=Paul Collins Startup list
19936.  
19937. [eSupInit]
19938. Number=2831
19939. Confirmed=?
19940. Filename=eSupCmd.exe
19941. Description=Related to <a href="http://www.support.com/" target="_blank">SupportSoft</a> (aka Support.com) "Real-Time Service Management software". <font color="#FF0000">What does it do and is it required?</font>
19942. Source=Paul Collins Startup list
19943.  
19944. [ETB Tester]
19945. Number=2832
19946. Confirmed=X
19947. Filename=etbtest.exe
19948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabr.html" target= blank>RBOT-ABR</a> WORM!
19949. Source=Paul Collins Startup list
19950.  
19951. [etbrun]
19952. Number=2833
19953. Confirmed=X
19954. Filename=elit***32.exe [* = random char]
19955. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
19956. Source=Paul Collins Startup list
19957.  
19958. [Ethernet]
19959. Number=2834
19960. Confirmed=N
19961. Filename=tcaudiag.exe
19962. Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
19963. Source=Paul Collins Startup list
19964.  
19965. [ethernet]
19966. Number=2835
19967. Confirmed=X
19968. Filename=airftp.exe
19969. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
19970. Source=Paul Collins Startup list
19971.  
19972. [ethernet]
19973. Number=2836
19974. Confirmed=X
19975. Filename=msnger.exe
19976. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
19977. Source=Paul Collins Startup list
19978.  
19979. [ethernet]
19980. Number=2837
19981. Confirmed=X
19982. Filename=msftp.exe
19983. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXJ&VSect=P" target=_blank>SDBOT.BXJ</a> WORM!
19984. Source=Paul Collins Startup list
19985.  
19986. [Ethernet Drivers]
19987. Number=2838
19988. Confirmed=X
19989. Filename=smrrs.exe
19990. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaak.html" target=_blank>RBOT-AAK</a> WORM!
19991. Source=Paul Collins Startup list
19992.  
19993. [Ethernet Drivers]
19994. Number=2839
19995. Confirmed=X
19996. Filename=ethernet.exe
19997. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012609-1021-99" target= blank>GAOBOT.CEZ</a> WORM!
19998. Source=Paul Collins Startup list
19999.  
20000. [Etraffic]
20001. Number=2840
20002. Confirmed=X
20003. Filename=JavaRun.exe
20004. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target="_blank">TopMoxie</a> adware
20005. Source=Paul Collins Startup list
20006.  
20007. [eTrust EZ Firewall]
20008. Number=2841
20009. Confirmed=Y
20010. Filename=efpeadm.exe
20011. Description=<a href="http://www1.my-etrust.com/products/Firewall.cfm" target="_blank">eTrust EZ Firewall</a>
20012. Source=Paul Collins Startup list
20013.  
20014. [eTrust PestPatrol Active Protection]
20015. Number=2842
20016. Confirmed=U
20017. Filename=PPActiveDetection.exe
20018. Description=<a href="http://www.pestpatrol.com/" target=_blank>PestPatrol</a> real-time protection feature. "Stops spyware before it infects your system"
20019. Source=Paul Collins Startup list
20020.  
20021. [eTrust Realtime Monitor]
20022. Number=2843
20023. Confirmed=X
20024. Filename=realmon.exe
20025. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LAZAR.B" target="_blank">LAZAR.B</a> TROJAN!
20026. Source=Paul Collins Startup list
20027.  
20028. [eTrustCIPE]
20029. Number=2844
20030. Confirmed=Y
20031. Filename=ezdsmain.exe
20032. Description=eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
20033. Source=Paul Collins Startup list
20034.  
20035. [eTunnel]
20036. Number=2845
20037. Confirmed=X
20038. Filename=winfw.exe
20039. Description=Added by an unidentified TROJAN!
20040. Source=Paul Collins Startup list
20041.  
20042. [EUP Service]
20043. Number=2846
20044. Confirmed=X
20045. Filename=eupsvc.exe
20046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotq.html" target="_blank">DELBOT-Q</a> WORM!
20047. Source=Paul Collins Startup list
20048.  
20049. [EuroGlot]
20050. Number=2847
20051. Confirmed=U
20052. Filename=EuroGlot.exe
20053. Description=<a href="http://www.euroglot.nl/en/producten.html?category=over_euroglot" target="_blank">Euroglot</a> - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
20054. Source=Paul Collins Startup list
20055.  
20056. [Event Log]
20057. Number=2848
20058. Confirmed=?
20059. Filename=eventlog.exe
20060. Description=<font color="#FF0000">??</font>
20061. Source=Paul Collins Startup list
20062.  
20063. [Event Planner Reminders]
20064. Number=2849
20065. Confirmed=N
20066. Filename=PLNRnote.exe
20067. Description=Sierra Event Planner tray icon
20068. Source=Paul Collins Startup list
20069.  
20070. [Event Reminder]
20071. Number=2850
20072. Confirmed=N
20073. Filename=pmremind.exe
20074. Description=A calendar/alarm program that installs with Br°derbund Printmaster
20075. Source=Paul Collins Startup list
20076.  
20077. [EventApplicationCmd]
20078. Number=2851
20079. Confirmed=X
20080. Filename=smschk.exe
20081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotao.html" target=_blank>IRCBOT-AO</a> TROJAN!
20082. Source=Paul Collins Startup list
20083.  
20084. [EVENTLISTENER]
20085. Number=2852
20086. Confirmed=U
20087. Filename=EvLstnr.exe
20088. Description=Used with a Nikon digital camera to recognize when the camera is plugged in
20089. Source=Paul Collins Startup list
20090.  
20091. [eventmgr]
20092. Number=2853
20093. Confirmed=N
20094. Filename=eventmgr.exe
20095. Description=Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
20096. Source=Paul Collins Startup list
20097.  
20098. [eventwvr]
20099. Number=2854
20100. Confirmed=X
20101. Filename=eventwvr.exe
20102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamg.html" target=_blank>COSIAM_G</a> TROJAN!
20103.  
20104. Source=Paul Collins Startup list
20105.  
20106. [Evidence Cleaner]
20107. Number=2855
20108. Confirmed=U
20109. Filename=ecleaner.exe
20110. Description=<a href="http://www.evidence-cleaner.net/" target= blank>Evidence Cleaner</a> cleans up tracks left by your PC and Internet activities
20111. Source=Paul Collins Startup list
20112.  
20113. [Evidence Eliminator]
20114. Number=2856
20115. Confirmed=N
20116. Filename=ee.exe
20117. Description=<a href="http://www.evidence-eliminator.com/product.d2w" target="_blank">Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
20118. Source=Paul Collins Startup list
20119.  
20120. [Evil]
20121. Number=2857
20122. Confirmed=X
20123. Filename=Evil.exe
20124. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091514-0637-99" target=_blank>MYTOB.JM</a> WORM!
20125. Source=Paul Collins Startup list
20126.  
20127. [evntsvc]
20128. Number=2858
20129. Confirmed=N
20130. Filename=evntsc.exe
20131. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
20132. Source=Paul Collins Startup list
20133.  
20134. [EVOLOSTA]
20135. Number=2859
20136. Confirmed=U
20137. Filename=EVOLOSTA.EXE
20138. Description=Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
20139. Source=Paul Collins Startup list
20140.  
20141. [Evoluent Mouse Manager]
20142. Number=2860
20143. Confirmed=U
20144. Filename=EvoMouExec.exe
20145. Description=Mouse manager for Evoluent <a href="http://www.evoluent.com/vmouse2.html" target="_blank">VertcialMouse</a>
20146. Source=Paul Collins Startup list
20147.  
20148. [EvtHtm]
20149. Number=2861
20150. Confirmed=X
20151. Filename=evthtm.exe
20152. Description=Premium rate adult content dialler
20153. Source=Paul Collins Startup list
20154.  
20155. [EW Message Server]
20156. Number=2862
20157. Confirmed=U
20158. Filename=msg32.exe
20159. Description=Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
20160. Source=Paul Collins Startup list
20161.  
20162. [eWare Startup]
20163. Number=2863
20164. Confirmed=N
20165. Filename=iWareStart.exe
20166. Description=<a href="http://www.eware.com/about/index.asp" target="_blank">eWare</a> iWare task bar. Not required
20167. Source=Paul Collins Startup list
20168.  
20169. [ewupdater]
20170. Number=2864
20171. Confirmed=X
20172. Filename=ewupdater.exe
20173. Description=<a href="http://www.kephyr.com/spywarescanner/library/easywebsearch/index.phtml" target="_blank">EasyWebSearch</a> adware updater
20174. Source=Paul Collins Startup list
20175.  
20176. [example]
20177. Number=2865
20178. Confirmed=X
20179. Filename=[random filename].exe
20180. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112915-5158-99" target=_blank>NUCLEAR</a> TROJAN! Note - this trojan file is found in the Windows\NR or Winnt\NR folder
20181. Source=Paul Collins Startup list
20182.  
20183. [Excite Platform]
20184. Number=2866
20185. Confirmed=N
20186. Filename=Exlaunch.exe
20187. Description=Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
20188. Source=Paul Collins Startup list
20189.  
20190. [Excite Private Messenger Pipe]
20191. Number=2867
20192. Confirmed=?
20193. Filename=x8impipe.exe
20194. Description=<font color="#FF0000">??</font>
20195. Source=Paul Collins Startup list
20196.  
20197. [ExciteAssistantEXE]
20198. Number=2868
20199. Confirmed=N
20200. Filename=ASSISTANT.EXE
20201. Description=With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
20202. Source=Paul Collins Startup list
20203.  
20204. [exdl.exe]
20205. Number=2869
20206. Confirmed=X
20207. Filename=exdl.exe
20208. Description=<a href="http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html" target="_blank">BargainBuddy</a> foistware
20209. Source=Paul Collins Startup list
20210.  
20211. [exe lptt01]
20212. Number=2870
20213. Confirmed=X
20214. Filename=exe.exe
20215. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
20216. Source=Paul Collins Startup list
20217.  
20218. [exe ml097e]
20219. Number=2871
20220. Confirmed=X
20221. Filename=exe.exe
20222. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
20223. Source=Paul Collins Startup list
20224.  
20225. [execfg4]
20226. Number=2872
20227. Confirmed=X
20228. Filename=execfg4.exe
20229. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081509-0110-99" target="_blank">ELECTRON</a> WORM!
20230. Source=Paul Collins Startup list
20231.  
20232. [ExecUser]
20233. Number=2873
20234. Confirmed=X
20235. Filename=ExecUser.exe
20236. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
20237.  
20238. Source=Paul Collins Startup list
20239.  
20240. [Execute]
20241. Number=2874
20242. Confirmed=?
20243. Filename=delfolders.exe
20244. Description=<font color="#FF0000">??</font>
20245. Source=Paul Collins Startup list
20246.  
20247. [ExeName32]
20248. Number=2875
20249. Confirmed=X
20250. Filename=Warm.scr
20251. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121115-2525-99" target="_blank">SCOLD</a> WORM!
20252. Source=Paul Collins Startup list
20253.  
20254. [ExFilter]
20255. Number=2876
20256. Confirmed=X
20257. Filename=Rundll32.exe [path] cdnspie.dll, ExecFilter
20258. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097703" target="_blank">CNNIC Update</a> pest
20259. Source=Paul Collins Startup list
20260.  
20261. [exgiwsl]
20262. Number=2877
20263. Confirmed=?
20264. Filename=exgiwsl.exe
20265. Description=<font color="#FF0000">??</font>
20266. Source=Paul Collins Startup list
20267.  
20268. [Exif Launcher]
20269. Number=2878
20270. Confirmed=U
20271. Filename=Exiflaquickdcr.exe
20272. Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
20273. Source=Paul Collins Startup list
20274.  
20275. [Exif Launcher]
20276. Number=2879
20277. Confirmed=U
20278. Filename=QuickDCF.exe
20279. Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
20280. Source=Paul Collins Startup list
20281.  
20282. [ExitKiller]
20283. Number=2880
20284. Confirmed=U
20285. Filename=Ekiller.exe
20286. Description=<a href="http://www.exitkiller.net/" target="_blank">Exit Killer</a> - automatically closes pop-up windows in your browser
20287. Source=Paul Collins Startup list
20288.  
20289. [exmon]
20290. Number=2881
20291. Confirmed=?
20292. Filename=hpimoniter.exe
20293. Description=<font color="#FF0000">Some kind of hp digital camera maybe or a photo smart connection probe?</font>
20294. Source=Paul Collins Startup list
20295.  
20296. [Exn]
20297. Number=2882
20298. Confirmed=X
20299. Filename=exn.exe
20300. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.RJ" target="_blank">IRCBOT.RJ</a> WORM!
20301. Source=Paul Collins Startup list
20302.  
20303. [EXPL0RE.EXE]
20304. Number=2883
20305. Confirmed=X
20306. Filename=EXPL0RE.EXE
20307. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpopnoa.html" target=_blank>POPNO-A</a> TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"
20308. Source=Paul Collins Startup list
20309.  
20310. [Expl0rer soft]
20311. Number=2884
20312. Confirmed=X
20313. Filename=expl0rer.pif
20314. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqr.html" target=_blank>RBOT-AQR</a> WORM!
20315. Source=Paul Collins Startup list
20316.  
20317. [expler]
20318. Number=2885
20319. Confirmed=X
20320. Filename=Updadv.exe
20321. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
20322. Source=Paul Collins Startup list
20323.  
20324. [Explkw]
20325. Number=2886
20326. Confirmed=X
20327. Filename=expup.exe
20328. Description=Keywords hijacker
20329. Source=Paul Collins Startup list
20330.  
20331. [explore]
20332. Number=2887
20333. Confirmed=X
20334. Filename=explore.exe
20335. Description=Added by any number of VIRUSES, WORMS or TROJANS!
20336. Source=Paul Collins Startup list
20337.  
20338. [Explore]
20339. Number=2888
20340. Confirmed=X
20341. Filename=Explorer.exe
20342. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080713-1333-99" target=_blank>IRC.FLOOD.G</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
20343. Source=Paul Collins Startup list
20344.  
20345. [Explore]
20346. Number=2889
20347. Confirmed=X
20348. Filename=explore.exe
20349. Description=Adult content dialler
20350. Source=Paul Collins Startup list
20351.  
20352. [explore manager]
20353. Number=2890
20354. Confirmed=X
20355. Filename=explore.exe
20356. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
20357. Source=Paul Collins Startup list
20358.  
20359. [explore.exe]
20360. Number=2891
20361. Confirmed=X
20362. Filename=Explore.exe
20363. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091414-5731-99" target="_blank">GRAYBIRD.G</a> TROJAN!
20364. Source=Paul Collins Startup list
20365.  
20366. [exploreff.exe]
20367. Number=2892
20368. Confirmed=X
20369. Filename=exploreff.exe
20370. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102516-5127-99" target=_blank>FINFANSE</a> TROJAN!
20371. Source=Paul Collins Startup list
20372.  
20373. [explorer]
20374. Number=2893
20375. Confirmed=U
20376. Filename=explorer.exe
20377. Description=Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO" target="_blank">PE_BISTRO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012816-3647-99" target="_blank">MYDOOM.C</a>. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL
20378. Source=Paul Collins Startup list
20379.  
20380. [explorer]
20381. Number=2894
20382. Confirmed=X
20383. Filename=wscript.exe [filename]
20384. Description=Sneaky way to start any VBS script. Many viruses use VBS files
20385. Source=Paul Collins Startup list
20386.  
20387. [Explorer]
20388. Number=2895
20389. Confirmed=X
20390. Filename=shellexpl.exe
20391. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-1318-99" target="_blank">SHELDOR</a> TROJAN!
20392. Source=Paul Collins Startup list
20393.  
20394. [explorer]
20395. Number=2896
20396. Confirmed=X
20397. Filename=expl32.exe
20398. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050220-1346-99" target="_blank">RATSOU</a> TROJAN!
20399. Source=Paul Collins Startup list
20400.  
20401. [Explorer]
20402. Number=2897
20403. Confirmed=X
20404. Filename=[path to worm]
20405. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
20406. Source=Paul Collins Startup list
20407.  
20408. [Explorer]
20409. Number=2898
20410. Confirmed=X
20411. Filename=shellexp.exe
20412. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082915-1318-99" target=_blank>SHELDOR</a> TROJAN!
20413.  
20414. Source=Paul Collins Startup list
20415.  
20416. [EXPLORER]
20417. Number=2899
20418. Confirmed=X
20419. Filename=EXPL0RER.EXE
20420. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbeastdoy.html" target=_blank>BEASTDO-Y</a> TROJAN! Note the "0" in the filename rather than upper case "o"
20421. Source=Paul Collins Startup list
20422.  
20423. [EXPLORER]
20424. Number=2900
20425. Confirmed=X
20426. Filename=sys.exe
20427. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsillyfdca.html" target=_blank>SILLYFDC-A</a> TROJAN!
20428. Source=Paul Collins Startup list
20429.  
20430. [Explorer]
20431. Number=2901
20432. Confirmed=X
20433. Filename=config_.com
20434. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32floppyd.html" target=_blank>FLOPPY-D</a> WORM!
20435. Source=Paul Collins Startup list
20436.  
20437. [Explorer]
20438. Number=2902
20439. Confirmed=X
20440. Filename=drv.exe
20441. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallfd.html" target=_blank>SMALL-FD</a> TROJAN!
20442. Source=Paul Collins Startup list
20443.  
20444. [explorer]
20445. Number=2903
20446. Confirmed=X
20447. Filename=[path to trojan]
20448. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenteu.html" target=_blank>AGENT-EU</a> TROJAN!
20449. Source=Paul Collins Startup list
20450.  
20451. [explorer]
20452. Number=2904
20453. Confirmed=X
20454. Filename=explorer.exe
20455. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogak.html" target=_blank>KEYLOG-AK</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "service" subfolder of the System folder
20456. Source=Paul Collins Startup list
20457.  
20458. [EXPLORER]
20459. Number=2905
20460. Confirmed=X
20461. Filename=EXPLORER.exe
20462. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefp.html" target=_blank>NETHIEF-P</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "SHELLEXT" subfolder of the System folder
20463. Source=Paul Collins Startup list
20464.  
20465. [explorer]
20466. Number=2906
20467. Confirmed=X
20468. Filename=explorer.exe
20469. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojblockeya.html" target=_blank>BLOCKEY-A</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "config" subfolder of the System folder
20470. Source=Paul Collins Startup list
20471.  
20472. [explorer]
20473. Number=2907
20474. Confirmed=X
20475. Filename=Yinstall.exe
20476. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
20477. Source=Paul Collins Startup list
20478.  
20479. [Explorer]
20480. Number=2908
20481. Confirmed=X
20482. Filename=Windows Explorer.exe
20483. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdci.html" target="_blank">SILLYFDC-I</a> WORM!
20484. Source=Paul Collins Startup list
20485.  
20486. [Explorer Loader]
20487. Number=2909
20488. Confirmed=X
20489. Filename=explr32.exe
20490. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.N" target= blank>AGOBOT.N</a> WORM!
20491. Source=Paul Collins Startup list
20492.  
20493. [Explorer Loader]
20494. Number=2910
20495. Confirmed=X
20496. Filename=explorerl.exe
20497. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadi.html" target=_blank>SDBOT-ADI</a> WORM!
20498. Source=Paul Collins Startup list
20499.  
20500. [Explorer lptt01]
20501. Number=2911
20502. Confirmed=X
20503. Filename=explorer.exe
20504. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
20505. Source=Paul Collins Startup list
20506.  
20507. [EXPLORER MICROSOFT SYSTEM]
20508. Number=2912
20509. Confirmed=X
20510. Filename=explore.exe
20511. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
20512. Source=Paul Collins Startup list
20513.  
20514. [Explorer ml097e]
20515. Number=2913
20516. Confirmed=X
20517. Filename=explorer.exe
20518. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
20519. Source=Paul Collins Startup list
20520.  
20521. [Explorer soft]
20522. Number=2914
20523. Confirmed=X
20524. Filename=explorer.pif
20525. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapk.html" target=_blank>RBOT-APK</a> WORM!
20526. Source=Paul Collins Startup list
20527.  
20528. [Explorer soft]
20529. Number=2915
20530. Confirmed=X
20531. Filename=explorer.com
20532. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarm.html" target=_blank>RBOT-ARM</a> WORM!
20533. Source=Paul Collins Startup list
20534.  
20535. [Explorer Updater]
20536. Number=2916
20537. Confirmed=X
20538. Filename=IEXPLORE.exe
20539. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html" target=_blank>SDBOT-WO</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
20540. Source=Paul Collins Startup list
20541.  
20542. [explorer.exe]
20543. Number=2917
20544. Confirmed=X
20545. Filename=explorer.exe
20546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentew.html" target="_blank">AGENT-EW</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojpwscy.html" target="_blank">PWS-CY</a> TROJANS! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
20547. Source=Paul Collins Startup list
20548.  
20549. [explorer.exe]
20550. Number=2918
20551. Confirmed=X
20552. Filename=explorer.exe
20553. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfacl.html" target="_blank">DELF-ACL</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
20554. Source=Paul Collins Startup list
20555.  
20556. [Explorer32]
20557. Number=2919
20558. Confirmed=X
20559. Filename=Expl32.exe
20560. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B" target="_blank">HACKTACK.B</a> TROJAN!
20561. Source=Paul Collins Startup list
20562.  
20563. [Explorer32]
20564. Number=2920
20565. Confirmed=X
20566. Filename=explorer6s4.exe
20567. Description=Added by the Downloader.Win32.Small.biq TROJAN!
20568. Source=Paul Collins Startup list
20569.  
20570. [Explorer32]
20571. Number=2921
20572. Confirmed=X
20573. Filename=efsdfgxg.exe
20574. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickery.html" target=_blank>CLICKER-Y</a> TROJAN!
20575. Source=Paul Collins Startup list
20576.  
20577. [ExploreUpdSched]
20578. Number=2922
20579. Confirmed=X
20580. Filename=[random filename].exe
20581. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
20582. Source=Paul Collins Startup list
20583.  
20584. [exporet]
20585. Number=2923
20586. Confirmed=X
20587. Filename=winset.exe
20588. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassi.html" target=_blank>QQPASS-I</a> TROJAN!
20589. Source=Paul Collins Startup list
20590.  
20591. [Express ClickYes]
20592. Number=2924
20593. Confirmed=U
20594. Filename=ClickYes.exe
20595. Description="<a href="http://www.contextmagic.com/" target="_blank">Express ClickYes</a> is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications"
20596. Source=Paul Collins Startup list
20597.  
20598. [Exshow95]
20599. Number=2925
20600. Confirmed=U
20601. Filename=EXSHOW95.exe
20602. Description=Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
20603. Source=Paul Collins Startup list
20604.  
20605. [External Dependencies]
20606. Number=2926
20607. Confirmed=X
20608. Filename=External.exe
20609. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061101-2338-99" target=_blank>MYTOB.EC</a> WORM!
20610. Source=Paul Collins Startup list
20611.  
20612. [ExtraDNS]
20613. Number=2927
20614. Confirmed=U
20615. Filename=ExtraDNS.exe
20616. Description=<a href="http://www.extratools.com/" target="_blank">ExtraDNS</a> - DNS configuration tool
20617. Source=Paul Collins Startup list
20618.  
20619. [Extranet AutoDial]
20620. Number=2928
20621. Confirmed=?
20622. Filename=AutoExt.exe
20623. Description=Nortel Networks Contivity Extranet Switching Software
20624. Source=Paul Collins Startup list
20625.  
20626. [ExxtremeHelperDemon]
20627. Number=2929
20628. Confirmed=?
20629. Filename=exxdemon.exe
20630. Description=<font color="#FF0000">Creative Exxtreme graphics card related?</font>
20631. Source=Paul Collins Startup list
20632.  
20633. [Eye Tide Launcher]
20634. Number=2930
20635. Confirmed=N
20636. Filename=oneeyetideone.exe
20637. Description=Nascar wallpaper
20638. Source=Paul Collins Startup list
20639.  
20640. [EZ Firewall]
20641. Number=2931
20642. Confirmed=Y
20643. Filename=ca.exe
20644. Description=eTrust <a href="http://www3.ca.com/Solutions/Product.asp?ID=3243" target=_blank>EZ Armor</a> Internet Security
20645. Source=Paul Collins Startup list
20646.  
20647. [ezagent]
20648. Number=2932
20649. Confirmed=N
20650. Filename=ezagent.exe
20651. Description=<a href="http://www.asus.com/products/vga/tvfm/overview.htm" target="_blank">EzVCR</a> recording software for the ASUS TV FM card. Available via Start -> Programs
20652. Source=Paul Collins Startup list
20653.  
20654. [EzButton]
20655. Number=2933
20656. Confirmed=N
20657. Filename=EzButton.EXE
20658. Description=EZbutton is a quick launcher for the Media player app that comes with certain laptops
20659. Source=Paul Collins Startup list
20660.  
20661. [EZDesk]
20662. Number=2934
20663. Confirmed=N
20664. Filename=EZDESK.EXE
20665. Description=Utility that remembers icon locations for each user and resolution. Available <a href="http://www.ezwaretech.com/" target="_blank">here</a>
20666. Source=Paul Collins Startup list
20667.  
20668. [EzEjMnAp]
20669. Number=2935
20670. Confirmed=N
20671. Filename=EzEjMnAp.exe
20672. Description=For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
20673. Source=Paul Collins Startup list
20674.  
20675. [eZmmod]
20676. Number=2936
20677. Confirmed=X
20678. Filename=mmod.exe
20679. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
20680. Source=Paul Collins Startup list
20681.  
20682. [EZNORUN]
20683. Number=2937
20684. Confirmed=?
20685. Filename=EZNORUN.EXE
20686. Description=<font color="#FF0000">Easy Internet related?</font>
20687. Source=Paul Collins Startup list
20688.  
20689. [EzPrint]
20690. Number=2938
20691. Confirmed=N
20692. Filename=ezprint.exe
20693. Description=Configuration options for Lexmark printing devices
20694.  
20695. Source=Paul Collins Startup list
20696.  
20697. [ezPS_Px]
20698. Number=2939
20699. Confirmed=Y
20700. Filename=ezSP_PxEngine.exe
20701. Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
20702. Source=Paul Collins Startup list
20703.  
20704. [ezPS_Px]
20705. Number=2940
20706. Confirmed=Y
20707. Filename=ezSP_Px.exe
20708. Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
20709. Source=Paul Collins Startup list
20710.  
20711. [ezShieldProtector for Px]
20712. Number=2941
20713. Confirmed=Y
20714. Filename=ezSP_Px.exe
20715. Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
20716. Source=Paul Collins Startup list
20717.  
20718. [ezShieldProtector for Px]
20719. Number=2942
20720. Confirmed=Y
20721. Filename=ezSP_PxEngine.exe
20722. Description=Engine that allows PrimoDVD from Veritas (was Prassi) and <a href="http://www.easy.co.jp/dd2e/sony/cd/" target="_blank">Drag'n Drop CD</a> from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
20723. Source=Paul Collins Startup list
20724.  
20725. [EZSMART App]
20726. Number=2943
20727. Confirmed=U
20728. Filename=ezsmart.exe
20729. Description=EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported
20730. Source=Paul Collins Startup list
20731.  
20732. [ezula]
20733. Number=2944
20734. Confirmed=X
20735. Filename=eZmmod.exe
20736. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
20737. Source=Paul Collins Startup list
20738.  
20739. [eZulaMain]
20740. Number=2945
20741. Confirmed=X
20742. Filename=eZulaMain.exe
20743. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
20744. Source=Paul Collins Startup list
20745.  
20746. [eZuluMain]
20747. Number=2946
20748. Confirmed=X
20749. Filename=eZuluMain.exe
20750. Description=Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
20751. Source=Paul Collins Startup list
20752.  
20753. [eZWO]
20754. Number=2947
20755. Confirmed=X
20756. Filename=wo.exe
20757. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
20758. Source=Paul Collins Startup list
20759.  
20760. [E_S10IC2]
20761. Number=2948
20762. Confirmed=U
20763. Filename=E_S10IC2.exe
20764. Description=Epson Stylus C44 Series printer monitor - for checking ink levels, etc
20765. Source=Paul Collins Startup list
20766.  
20767. [E_S23]
20768. Number=2949
20769. Confirmed=U
20770. Filename=E_SICN03.exe
20771. Description=Epson printer status monitor - for checking ink levels, etc.
20772. Source=Paul Collins Startup list
20773.  
20774. [E_S4I2F1]
20775. Number=2950
20776. Confirmed=U
20777. Filename=E_S4I2F1.exe
20778. Description=Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of ink levels, a print job spooled to that printer, etc
20779. Source=Paul Collins Startup list
20780.  
20781. [E_S4I2G1]
20782. Number=2951
20783. Confirmed=N
20784. Filename=E_S4I2G1.EXE
20785. Description=Epson Status Monitor 3 for the Epson Stylus CX5400 printer/scanner/copier (and probably others) - monitors the status of ink levels, a print job spooled to that printer, etc
20786. Source=Paul Collins Startup list
20787.  
20788. [E_SOEIC1]
20789. Number=2952
20790. Confirmed=U
20791. Filename=E_SOEIC1.exe
20792. Description=Epson Stylus printer monitor - for checking ink levels, etc.
20793. Source=Paul Collins Startup list
20794.  
20795. [F-Secure 2005]
20796. Number=2953
20797. Confirmed=X
20798. Filename=svchost.exe
20799. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosech.html" target=_blank>BIFROSE-CH</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
20800. Source=Paul Collins Startup list
20801.  
20802. [F-Secure 2006]
20803. Number=2954
20804. Confirmed=Y
20805. Filename=fspex.exe
20806. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> Anti-Virus automatic updater
20807. Source=Paul Collins Startup list
20808.  
20809. [F-Secure Management Agent]
20810. Number=2955
20811. Confirmed=U
20812. Filename=FSMA32.EXE
20813. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products
20814. Source=Paul Collins Startup list
20815.  
20816. [F-Secure Manager]
20817. Number=2956
20818. Confirmed=Y
20819. Filename=FSM32.EXE
20820. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus - carry out scheduled virus scans automatically
20821. Source=Paul Collins Startup list
20822.  
20823. [F-Secure Startup Wizard]
20824. Number=2957
20825. Confirmed=Y
20826. Filename=FSSW.EXE
20827. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus
20828. Source=Paul Collins Startup list
20829.  
20830. [F-Secure TNB]
20831. Number=2958
20832. Confirmed=Y
20833. Filename=TNBUtil.exe
20834. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus
20835. Source=Paul Collins Startup list
20836.  
20837. [F-StopW]
20838. Number=2959
20839. Confirmed=Y
20840. Filename=F-StopW.exe
20841. Description=<a href="http://www.f-prot.com">F-Prot</a> anti-virus background scanner by F-Risk Software
20842. Source=Paul Collins Startup list
20843.  
20844. [f1Tray.exe]
20845. Number=2960
20846. Confirmed=U
20847. Filename=F1TRAY.EXE
20848. Description=System Tray icon for FusionOne's <a href="http://www.mightyphone.com/index.php" target="_blank">MightyPhone</a> software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"
20849. Source=Paul Collins Startup list
20850.  
20851. [f607]
20852. Number=2961
20853. Confirmed=X
20854. Filename=f607.exe
20855. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082712-0129-99" target="_blank">URAT.B</a> TROJAN!
20856. Source=Paul Collins Startup list
20857.  
20858. [f73cdc8ee94e]
20859. Number=2962
20860. Confirmed=X
20861. Filename=btsendto.exe
20862. Description=Associated with mysearchnow.com/searchbar.html 
20863. Source=Paul Collins Startup list
20864.  
20865. [FamilyKeyLogger]
20866. Number=2963
20867. Confirmed=U
20868. Filename=cisvc.exe
20869. Description=<a href="http://www.spyarsenal.com/familykeylogger/" target=_blank>Family Keylogger</a> is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself!
20870.  
20871. Source=Paul Collins Startup list
20872.  
20873. [Fantasia injector]
20874. Number=2964
20875. Confirmed=X
20876. Filename=wincfg.exe
20877. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.US&VSect=P" target=_blank>AGOBOT.US</a> WORM!
20878. Source=Paul Collins Startup list
20879.  
20880. [fapmon]
20881. Number=2965
20882. Confirmed=?
20883. Filename=fapmon.exe
20884. Description=<a href="http://www.copperhead.cc/fap.html" target="_blank">Fair Access Policy</a> monitor for DirecPC/DirecWay internet access
20885. Source=Paul Collins Startup list
20886.  
20887. [farmmext]
20888. Number=2966
20889. Confirmed=X
20890. Filename=farmmext.exe
20891. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
20892. Source=Paul Collins Startup list
20893.  
20894. [Fash]
20895. Number=2967
20896. Confirmed=X
20897. Filename=Fash.exe
20898. Description=Unidentified adware
20899. Source=Paul Collins Startup list
20900.  
20901. [fast]
20902. Number=2968
20903. Confirmed=N
20904. Filename=fast.exe
20905. Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
20906. Source=Paul Collins Startup list
20907.  
20908. [FAST Defrag]
20909. Number=2969
20910. Confirmed=N
20911. Filename=FAST2.EXE
20912. Description=<a href="http://www.amsn.ro/" target="_blank">FastDefrag</a> defragmenting software
20913. Source=Paul Collins Startup list
20914.  
20915. [Fast Home]
20916. Number=2970
20917. Confirmed=X
20918. Filename=svcnvt.exe
20919. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Delf.ks This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder
20920. Source=Paul Collins Startup list
20921.  
20922. [Fast Search]
20923. Number=2971
20924. Confirmed=X
20925. Filename=svcnv.exe
20926. Description=Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf
20927. Source=Paul Collins Startup list
20928.  
20929. [Fast start]
20930. Number=2972
20931. Confirmed=X
20932. Filename=Ntut.exe
20933. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.Favadd.I
20934. Source=Paul Collins Startup list
20935.  
20936. [Fast start]
20937. Number=2973
20938. Confirmed=X
20939. Filename=svcnt.exe
20940. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as a variant of the FAVADD TROJAN!
20941. Source=Paul Collins Startup list
20942.  
20943. [FastCache]
20944. Number=2974
20945. Confirmed=U
20946. Filename=fc.exe
20947. Description=<a href="http://www.analogx.com/contents/download/network/fc.htm" target="_blank">FastCache</a> from AnalogX - speeds up browsing by resolving DNS requests locally
20948. Source=Paul Collins Startup list
20949.  
20950. [FastStart]
20951. Number=2975
20952. Confirmed=X
20953. Filename=ntnut32.exe
20954. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
20955. Source=Paul Collins Startup list
20956.  
20957. [FastStart]
20958. Number=2976
20959. Confirmed=X
20960. Filename=svcnut.exe
20961. Description=Browser hijacker - a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
20962. Source=Paul Collins Startup list
20963.  
20964. [FastStart]
20965. Number=2977
20966. Confirmed=X
20967. Filename=svcnut32.exe
20968. Description=Browser hijacker - a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031511-4645-99" target=_blank>STARTPAGE.L</a> TROJAN!
20969. Source=Paul Collins Startup list
20970.  
20971. [FastTrack Accelerator]
20972. Number=2978
20973. Confirmed=N
20974. Filename=SPEED UP.EXE
20975. Description=<a href="http://www.speedup.tk/" target="_blank">FastTrack Accelerator</a> - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
20976. Source=Paul Collins Startup list
20977.  
20978. [FASTTRACKNETVISION]
20979. Number=2979
20980. Confirmed=X
20981. Filename=NETVISION.exe
20982. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialdialcarz.html" target="_blank">DialCar-Z</a> premium rate dialer
20983. Source=Paul Collins Startup list
20984.  
20985. [FastUser]
20986. Number=2980
20987. Confirmed=N
20988. Filename=fast.exe
20989. Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
20990. Source=Paul Collins Startup list
20991.  
20992. [FastUsr]
20993. Number=2981
20994. Confirmed=N
20995. Filename=fast.exe
20996. Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
20997. Source=Paul Collins Startup list
20998.  
20999. [FatPipe]
21000. Number=2982
21001. Confirmed=U
21002. Filename=DHCP
21003. Description=Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
21004. Source=Paul Collins Startup list
21005.  
21006. [Fatpipe Dialer]
21007. Number=2983
21008. Confirmed=U
21009. Filename=fpdialer.exe
21010. Description=Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
21011. Source=Paul Collins Startup list
21012.  
21013. [fatrecov]
21014. Number=2984
21015. Confirmed=U
21016. Filename=fatrecov.exe
21017. Description=SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!
21018.  
21019. Source=Paul Collins Startup list
21020.  
21021. [FaxCenterServer]
21022. Number=2985
21023. Confirmed=U
21024. Filename=fm3032.exe
21025. Description=<a href="http://www.data-tech.com/content/fax.aspx" target=_blank>FaxMan</a> integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others
21026. Source=Paul Collins Startup list
21027.  
21028. [FaxCtrl.exe]
21029. Number=2986
21030. Confirmed=U
21031. Filename=ASMediaProxyServer.exe
21032. Description=Part of Avaya's <a href="http://www.avaya.com/gcm/master-usa/en-us/products/offers/contactcenterexpress.htm" target="_blank">Contact Center Express</a> - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers"
21033. Source=Paul Collins Startup list
21034.  
21035. [FaxTalk CallControl 6.0]
21036. Number=2987
21037. Confirmed=N
21038. Filename=FTClCtrl.EXE
21039. Description=This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually
21040. Source=Paul Collins Startup list
21041.  
21042. [FBDirect]
21043. Number=2988
21044. Confirmed=U
21045. Filename=FBDirect.exe
21046. Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
21047. Source=Paul Collins Startup list
21048.  
21049. [FBI]
21050. Number=2989
21051. Confirmed=?
21052. Filename=FBISM.exe
21053. Description=<font color="#FF0000">Compaq related but what does it do?</font>
21054. Source=Paul Collins Startup list
21055.  
21056. [fc]
21057. Number=2990
21058. Confirmed=X
21059. Filename=runfc.exe
21060. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010216-2213-99" target="_blank">CAMPURF</a> WORM!
21061. Source=Paul Collins Startup list
21062.  
21063. [FCEngine]
21064. Number=2991
21065. Confirmed=X
21066. Filename=FCEngine.exe
21067. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ConsumerAlertSystem.CASClient&threatid=40038" target="_blank">CASClient</a> adware
21068. Source=Paul Collins Startup list
21069.  
21070. [FCHelp]
21071. Number=2992
21072. Confirmed=X
21073. Filename=FCHelp.exe
21074. Description=Added by either <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011109-4115-99" target=_blank>FCHelp</a> adware or a variant of it
21075. Source=Paul Collins Startup list
21076.  
21077. [FCMan]
21078. Number=2993
21079. Confirmed=X
21080. Filename=FCMan.exe
21081. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011109-4115-99" target="_blank">FCHelp</a> adware
21082. Source=Paul Collins Startup list
21083.  
21084. [FDD SYSTEM]
21085. Number=2994
21086. Confirmed=X
21087. Filename=Fdd.exe
21088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfo.html" target=_blank>MYTOB-FO</a> WORM!
21089. Source=Paul Collins Startup list
21090.  
21091. [Fdr Command Module]
21092. Number=2995
21093. Confirmed=X
21094. Filename=sp2.exe
21095. Description=Added by the <a href="http://www.virus-buster.com/en/viruslab/descriptions/sdbot.wp?VBSESSION=aa76c5b7d679e7a1eb5abe8b697fb08e" target=_blank>SDBOT.WP</a> WORM!
21096. Source=Paul Collins Startup list
21097.  
21098. [FDriver]
21099. Number=2996
21100. Confirmed=X
21101. Filename=windrv.exe
21102. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
21103. Source=Paul Collins Startup list
21104.  
21105. [FD_SAP]
21106. Number=2997
21107. Confirmed=U
21108. Filename=FD.exe
21109. Description=Reported to be the autopassword program from the Sony Microvault thumb drive
21110. Source=Paul Collins Startup list
21111.  
21112. [feelalright]
21113. Number=2998
21114. Confirmed=X
21115. Filename=mirc.exe
21116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircfloodm.html" target=_blank>IRCFLOOD-M</a> WORM!
21117. Source=Paul Collins Startup list
21118.  
21119. [FEELitDeviceManager]
21120. Number=2999
21121. Confirmed=U
21122. Filename=feelitdm.exe
21123. Description=Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
21124. Source=Paul Collins Startup list
21125.  
21126. [fegoze]
21127. Number=3000
21128. Confirmed=X
21129. Filename=SVCH0ST.EXE
21130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062811-4412-99" target=_blank>GRAYBIRD.D</a> VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"
21131. Source=Paul Collins Startup list
21132.  
21133. [Fellowes Proxy]
21134. Number=3001
21135. Confirmed=U
21136. Filename=R3proxy.exe
21137. Description=Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
21138. Source=Paul Collins Startup list
21139.  
21140. [Fen Startups]
21141. Number=3002
21142. Confirmed=X
21143. Filename=fensvc32.exe
21144. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122117-1029-99" target=_blank>RANDEX.CCF</a> WORM!
21145. Source=Paul Collins Startup list
21146.  
21147. [FerrariWallPaper]
21148. Number=3003
21149. Confirmed=U
21150. Filename=FerrariWP.exe
21151. Description=Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
21152. Source=Paul Collins Startup list
21153.  
21154. [ffis]
21155. Number=3004
21156. Confirmed=X
21157. Filename=ffisearch.exe
21158. Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> "Desktop Search" hijacker
21159. Source=Paul Collins Startup list
21160.  
21161. [FG1_00]
21162. Number=3005
21163. Confirmed=U
21164. Filename=frntgate.exe
21165. Description=<a href="http://www.presorium.com/en_au/products/fg/index.shtml" target="_blank">FrontGate MX</a> - e-mail spam blocker
21166. Source=Paul Collins Startup list
21167.  
21168. [fGQEGqHOME]
21169. Number=3006
21170. Confirmed=X
21171. Filename=gwwgtp.exe
21172. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102813-3829-99" target=_blank>RANKY.J</a> TROJAN!
21173. Source=Paul Collins Startup list
21174.  
21175. [FHPage]
21176. Number=3007
21177. Confirmed=X
21178. Filename=shdochp.exe
21179. Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
21180. Source=Paul Collins Startup list
21181.  
21182. [FHStart]
21183. Number=3008
21184. Confirmed=X
21185. Filename=shdocsvc.exe
21186. Description=Added by the <a href="http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/" target=_blank>DELF-Ks</a> TROJAN!
21187. Source=Paul Collins Startup list
21188.  
21189. [Fhtisxk]
21190. Number=3009
21191. Confirmed=U
21192. Filename=fhtisxk.exe
21193. Description=XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself!
21194.  
21195. Source=Paul Collins Startup list
21196.  
21197. [FieldForms Sync]
21198. Number=3010
21199. Confirmed=U
21200. Filename=SyncService.exe
21201. Description=Resco <a href="http://www.resco.net/pocketpc/fieldforms/default.asp" target="_blank">FieldForms</a>. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well
21202. Source=Paul Collins Startup list
21203.  
21204. [FiendlyType]
21205. Number=3011
21206. Confirmed=X
21207. Filename=csrss.exe
21208. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
21209. Source=Paul Collins Startup list
21210.  
21211. [FILE]
21212. Number=3012
21213. Confirmed=X
21214. Filename=abcdefg.exe
21215. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061416-3817-99" target=_blank>KELVIR.DD</a> WORM!
21216. Source=Paul Collins Startup list
21217.  
21218. [file indexing service]
21219. Number=3013
21220. Confirmed=?
21221. Filename=msfindfile.exe
21222. Description=<font color="#FF0000">New version of MS FindFast and still a resource hog?</font>
21223. Source=Paul Collins Startup list
21224.  
21225. [file laoder configuration]
21226. Number=3014
21227. Confirmed=X
21228. Filename=rnd32.exe
21229. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQJ&VSect=T" target=_blank>RBOT.BQJ</a> WORM!
21230. Source=Paul Collins Startup list
21231.  
21232. [File System]
21233. Number=3015
21234. Confirmed=X
21235. Filename=taskmqrs.exe
21236. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
21237. Source=Paul Collins Startup list
21238.  
21239. [File System]
21240. Number=3016
21241. Confirmed=X
21242. Filename=taskmqr.exe
21243. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BWQ" target="_blank">RBOT.BWQ</a> WORM!
21244. Source=Paul Collins Startup list
21245.  
21246. [File System Service]
21247. Number=3017
21248. Confirmed=X
21249. Filename=wmiprvsc.exe
21250. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobothz.html" target="_blank">AGOBOT-HZ</a> TROJAN!
21251. Source=Paul Collins Startup list
21252.  
21253. [File0_0]
21254. Number=3018
21255. Confirmed=X
21256. Filename=MD1.exe
21257. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
21258. Source=Paul Collins Startup list
21259.  
21260. [File1]
21261. Number=3019
21262. Confirmed=X
21263. Filename=Dia Claro.htm
21264. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderor.html" target=_blank>DLOADER-OR</a> TROJAN!
21265. Source=Paul Collins Startup list
21266.  
21267. [FileFreedom_Plugin]
21268. Number=3020
21269. Confirmed=X
21270. Filename=wtm.exe
21271. Description=<a href="http://www.filefreedom.com/" target="_blank">FileFreedom</a> peer-to-peer sharing program
21272. Source=Paul Collins Startup list
21273.  
21274. [FileManager32]
21275. Number=3021
21276. Confirmed=X
21277. Filename=Wscript.exe ..ChkMgr32.vbs
21278. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101510-3740-99" target="_blank">NOTUP.A</a> WORM!
21279. Source=Paul Collins Startup list
21280.  
21281. [FileSoft]
21282. Number=3022
21283. Confirmed=X
21284. Filename=Wscript.exe UpdataFiles.vbs
21285. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-033112-4827-99" target="_blank">SST.B</a> WORM!
21286. Source=Paul Collins Startup list
21287.  
21288. [FilmLoop]
21289. Number=3023
21290. Confirmed=U
21291. Filename=FilmLoopService.exe
21292. Description=Related to <a href="http://www.filmloop.com/" target=_blank>FilmLoop</a> - a photocasting network. Share your pictures with your family and friends
21293. Source=Paul Collins Startup list
21294.  
21295. [FilterGate]
21296. Number=3024
21297. Confirmed=U
21298. Filename=filtergate.exe
21299. Description=<a href="http://www.filtergate.com/" target="_blank">Filtergate</a> internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
21300. Source=Paul Collins Startup list
21301.  
21302. [Filterguard]
21303. Number=3025
21304. Confirmed=U
21305. Filename=Filtrgrd.exe
21306. Description=An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon
21307. Source=Paul Collins Startup list
21308.  
21309. [Find]
21310. Number=3026
21311. Confirmed=X
21312. Filename=find.exe
21313. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051810-1834-99" target=_blank>OPANKI</a> WORM!
21314. Source=Paul Collins Startup list
21315.  
21316. [Find Fast]
21317. Number=3027
21318. Confirmed=X
21319. Filename=Findfast.exe
21320. Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
21321. Source=Paul Collins Startup list
21322.  
21323. [Find Virus Launch Program]
21324. Number=3028
21325. Confirmed=Y
21326. Filename=fvlaunch.exe
21327. Description=Part of <a target="_blank" href="http://www.drsolomon.com/">Dr. Solomon's Antivirus</a>
21328. Source=Paul Collins Startup list
21329.  
21330. [FindHack]
21331. Number=3029
21332. Confirmed=X
21333. Filename=[path to trojan]
21334. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirba.html" target=_blank>KELVIR-BA</a> TROJAN!
21335. Source=Paul Collins Startup list
21336.  
21337. [FinePrint Dispatcher v4]
21338. Number=3030
21339. Confirmed=U
21340. Filename=fpdisp4a.exe
21341. Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
21342. Source=Paul Collins Startup list
21343.  
21344. [FinePrint Dispatcher v4]
21345. Number=3031
21346. Confirmed=U
21347. Filename=fpdisp4.exe
21348. Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
21349. Source=Paul Collins Startup list
21350.  
21351. [FinePrint Dispatcher v5]
21352. Number=3032
21353. Confirmed=U
21354. Filename=fpdisp5a.exe
21355. Description=<a href="http://www.fineprint.com/products/fineprint/index.html" target="_blank">FinePrint</a> Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
21356. Source=Paul Collins Startup list
21357.  
21358. [FineReader7NewsReaderPro]
21359. Number=3033
21360. Confirmed=N
21361. Filename=AbbyyNewsReader.exe
21362. Description=ABBYY <a href="http://www.abbyy.com/finereader8/?param=44890" target="_blank">FineReader</a> OCR software - version 7
21363. Source=Paul Collins Startup list
21364.  
21365. [Fire Wall services]
21366. Number=3034
21367. Confirmed=X
21368. Filename=[random filename]
21369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotqy.html" target="_blank">IRCBOT-QY</a> WORM!
21370. Source=Paul Collins Startup list
21371.  
21372. [FireFox]
21373. Number=3035
21374. Confirmed=X
21375. Filename=firefox.exe
21376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatp.html" target=_blank>RBOT-ATP</a> WORM! Note - this is not the popular <a href="http://www.mozilla.com/firefox/" target=_blank>FireFox</a> web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
21377. Source=Paul Collins Startup list
21378.  
21379. [FireFox Service Drivers]
21380. Number=3036
21381. Confirmed=X
21382. Filename=ssmss.exe
21383. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
21384. Source=Paul Collins Startup list
21385.  
21386. [FireFox Startup Drivers]
21387. Number=3037
21388. Confirmed=X
21389. Filename=wuaclt.exe
21390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BYX&VSect=T" target=_blank>RBOT.BYX</a> WORM!
21391. Source=Paul Collins Startup list
21392.  
21393. [firefox.exe]
21394. Number=3038
21395. Confirmed=X
21396. Filename=firefox.exe
21397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerebo.html" target="_blank">BANKER-EBO</a> TROJAN! Note - this is not the popular <a href="http://www.mozilla.com/firefox/" target="_blank">FireFox</a> web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
21398. Source=Paul Collins Startup list
21399.  
21400. [Firewall]
21401. Number=3039
21402. Confirmed=X
21403. Filename= wmlaunch .exe
21404. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
21405. Source=Paul Collins Startup list
21406.  
21407. [Firewall]
21408. Number=3040
21409. Confirmed=X
21410. Filename=wmlaunch .exe
21411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM!
21412. Source=Paul Collins Startup list
21413.  
21414. [Firewall]
21415. Number=3041
21416. Confirmed=X
21417. Filename=SP2 UPDATE.exe
21418. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
21419. Source=Paul Collins Startup list
21420.  
21421. [Firewall]
21422. Number=3042
21423. Confirmed=X
21424. Filename=Firewall.bat
21425. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061716-0240-99" target=_blank>YPSAN.G</a> WORM!
21426. Source=Paul Collins Startup list
21427.  
21428. [firewall]
21429. Number=3043
21430. Confirmed=X
21431. Filename=fw_304.exe
21432. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorjq.html" target=_blank>JQ</a> TROJAN!
21433. Source=Paul Collins Startup list
21434.  
21435. [Firewall auto setup]
21436. Number=3044
21437. Confirmed=X
21438. Filename=winlogon.exe
21439. Description=Added by a TROJAN - see <a href="http://sandbox.norman.no/live_2.html?logfile=1368956" target="_blank">here</a>. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
21440. Source=Paul Collins Startup list
21441.  
21442. [Firewall Policy]
21443. Number=3045
21444. Confirmed=X
21445. Filename=MidiDef32.exe
21446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpiebota.html" target=_blank>PIEBOT-A</a> TROJAN!
21447. Source=Paul Collins Startup list
21448.  
21449. [Firewall Sp2 system]
21450. Number=3046
21451. Confirmed=X
21452. Filename=sys32Conf.exe
21453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabt.html" target= blank>Rbot-ABT</a> WORM!
21454. Source=Paul Collins Startup list
21455.  
21456. [Firewall Update System1]
21457. Number=3047
21458. Confirmed=X
21459. Filename=WinedowsUpdater1.exe
21460. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaru.html" target=_blank>RBOT-ARU</a> WORM!
21461. Source=Paul Collins Startup list
21462.  
21463. [Firewall Updater]
21464. Number=3048
21465. Confirmed=X
21466. Filename=msnupdateit.exe
21467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaq.html" target=_blank>RBOT-AAQ</a> WORM!
21468. Source=Paul Collins Startup list
21469.  
21470. [Firewall.exe]
21471. Number=3049
21472. Confirmed=X
21473. Filename=Firewall.exe
21474. Description=Added by the AGENT.AGL WORM!
21475. Source=Paul Collins Startup list
21476.  
21477. [FirewallActivies]
21478. Number=3050
21479. Confirmed=X
21480. Filename=csrss.exe
21481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeraq.html" target=_blank>BANKER-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "3041" subfolder
21482. Source=Paul Collins Startup list
21483.  
21484. [FirewallStartup]
21485. Number=3051
21486. Confirmed=U
21487. Filename=Firewallstartup.exe
21488. Description=<a href="http://www.innovative-sol.com/products.htm#firewall" target=_blank>Innovative Startup Firewall</a> - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"
21489. Source=Paul Collins Startup list
21490.  
21491. [FirewallSvr]
21492. Number=3052
21493. Confirmed=X
21494. Filename=FirewallSvr.exe
21495. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042010-3056-99" target="_blank">NETSKY.X</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042011-2621-99" target="_blank">NETSKY.Y</a> WORMS!
21496. Source=Paul Collins Startup list
21497.  
21498. [firewall_anti]
21499. Number=3053
21500. Confirmed=X
21501. Filename=firewall_anti.exe
21502. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdenyb.html" target=_blank>NETDENY-B</a> TROJAN!
21503. Source=Paul Collins Startup list
21504.  
21505. [FireWire Driver]
21506. Number=3054
21507. Confirmed=X
21508. Filename=samx.exe
21509. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102512-0820-99" target=_blank>SDBOT.AE</a> WORM!
21510. Source=Paul Collins Startup list
21511.  
21512. [FireWire Service]
21513. Number=3055
21514. Confirmed=X
21515. Filename=nvscv32.exe
21516. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
21517. Source=Paul Collins Startup list
21518.  
21519. [FireWire Services]
21520. Number=3056
21521. Confirmed=X
21522. Filename=nvcsv32.exe
21523. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
21524. Source=Paul Collins Startup list
21525.  
21526. [First Home Page]
21527. Number=3057
21528. Confirmed=X
21529. Filename=http://find.naupoint.com
21530. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
21531. Source=Paul Collins Startup list
21532.  
21533. [FIX]
21534. Number=3058
21535. Confirmed=X
21536. Filename=WinFIX1.0.vbs
21537. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
21538. Source=Paul Collins Startup list
21539.  
21540. [Fix-it]
21541. Number=3059
21542. Confirmed=Y
21543. Filename=mxtask.exe
21544. Description=Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
21545. Source=Paul Collins Startup list
21546.  
21547. [Fix-it AV]
21548. Number=3060
21549. Confirmed=Y
21550. Filename=memcheck.exe
21551. Description=Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
21552. Source=Paul Collins Startup list
21553.  
21554. [FjMenu]
21555. Number=3061
21556. Confirmed=U
21557. Filename=FjMenu.exe
21558. Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
21559. Source=Paul Collins Startup list
21560.  
21561. [FJTWAIN Setup]
21562. Number=3062
21563. Confirmed=U
21564. Filename=FjtwSetup.exe
21565. Description=Fujitsu scanner utility
21566. Source=Paul Collins Startup list
21567.  
21568. [FKS v2.0]
21569. Number=3063
21570. Confirmed=X
21571. Filename=msngr.exe
21572. Description=Added by an unidentified WORM or TROJAN!
21573. Source=Paul Collins Startup list
21574.  
21575. [fkSysMon]
21576. Number=3064
21577. Confirmed=N
21578. Filename=fksysmon.exe
21579. Description=<a href="http://www.fkware.com/sysmon/index.html" target="_blank">fkWrae SysMon</a> - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
21580. Source=Paul Collins Startup list
21581.  
21582. [FlaCPY]
21583. Number=3065
21584. Confirmed=X
21585. Filename=flacpy.exe
21586. Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target=_blank>FlashEnhancer</a> adware variant
21587. Source=Paul Collins Startup list
21588.  
21589. [FLASH32]
21590. Number=3066
21591. Confirmed=?
21592. Filename=-flash32.exe
21593. Description=<font color="#FF0000">??</font>
21594. Source=Paul Collins Startup list
21595.  
21596. [FlashEnc]
21597. Number=3067
21598. Confirmed=U
21599. Filename=FlashEnc.exe
21600. Description=Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features
21601. Source=Paul Collins Startup list
21602.  
21603. [Flashget Download Manager]
21604. Number=3068
21605. Confirmed=X
21606. Filename=Flashget.exe
21607. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagz.html" target=_blank>RBOT-AGZ</a> WORM!
21608. Source=Paul Collins Startup list
21609.  
21610. [FlashPath Monitor]
21611. Number=3069
21612. Confirmed=N
21613. Filename=SDSTAT.EXE
21614. Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
21615. Source=Paul Collins Startup list
21616.  
21617. [FlashPath Monitor]
21618. Number=3070
21619. Confirmed=N
21620. Filename=FLSHSTAT.EXE
21621. Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
21622. Source=Paul Collins Startup list
21623.  
21624. [FlashPath Status]
21625. Number=3071
21626. Confirmed=N
21627. Filename=SDSTAT.EXE
21628. Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
21629. Source=Paul Collins Startup list
21630.  
21631. [FlashPath Status]
21632. Number=3072
21633. Confirmed=N
21634. Filename=FLSHSTAT.EXE
21635. Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
21636. Source=Paul Collins Startup list
21637.  
21638. [Flash_Player_Install]
21639. Number=3073
21640. Confirmed=X
21641. Filename=ying.exe
21642. Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
21643. Source=Paul Collins Startup list
21644.  
21645. [FlenCPY]
21646. Number=3074
21647. Confirmed=X
21648. Filename=flencpy.exe
21649. Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target=_blank>FlashEnhancer</a> adware variant
21650. Source=Paul Collins Startup list
21651.  
21652. [Flexicd]
21653. Number=3075
21654. Confirmed=U
21655. Filename=Flexicd.exe
21656. Description=CD player - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
21657. Source=Paul Collins Startup list
21658.  
21659. [FLMK08KB]
21660. Number=3076
21661. Confirmed=U
21662. Filename=MMKEYBD.EXE
21663. Description=Multimedia keyboard manager. Required if you use the additional keys
21664. Source=Paul Collins Startup list
21665.  
21666. [FLMOFFICE4DMOUSE]
21667. Number=3077
21668. Confirmed=U
21669. Filename=moffice.exe
21670. Description=<a href="http://www.mic-innovations.com/display.cfm?id=Mice" target="_blank">Micro Innovations</a> mouse management
21671. Source=Paul Collins Startup list
21672.  
21673. [FLMOFFICE4DMOUSE]
21674. Number=3078
21675. Confirmed=U
21676. Filename=mouse32a.exe
21677. Description=<a href="http://www.mic-innovations.com/display.cfm?id=Mice" target="_blank">Micro Innovations</a> mouse management
21678. Source=Paul Collins Startup list
21679.  
21680. [FLMTRUSTKB]
21681. Number=3079
21682. Confirmed=?
21683. Filename=KbdAp32A.exe
21684. Description=Keyboard utility for a Trust brand keyboard.<font color="#FF0000"> What does it do and is it required?</font>
21685. Source=Paul Collins Startup list
21686.  
21687. [FLMTRUSTMOUSE]
21688. Number=3080
21689. Confirmed=U
21690. Filename=mouse32a.exe
21691. Description=Mouse utility for a Trust brand mouse
21692. Source=Paul Collins Startup list
21693.  
21694. [FlnCPY]
21695. Number=3081
21696. Confirmed=X
21697. Filename=flncpy.exe
21698. Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target= blank>FlashEnhancer</a> adware variant
21699. Source=Paul Collins Startup list
21700.  
21701. [FLooDNeT]
21702. Number=3082
21703. Confirmed=X
21704. Filename=FLooDeR.exe
21705. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110116-4108-99" target="_blank">ENDOOL</a> TROJAN!
21706. Source=Paul Collins Startup list
21707.  
21708. [Floppy Master]
21709. Number=3083
21710. Confirmed=X
21711. Filename=[path to trojan]
21712. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzonitf.html" target=_blank>ZONIT-F</a> TROJAN!
21713. Source=Paul Collins Startup list
21714.  
21715. [Flow Go TV]
21716. Number=3084
21717. Confirmed=?
21718. Filename=flogotv.exe
21719. Description=<font color="#FF0000">??</font>
21720. Source=Paul Collins Startup list
21721.  
21722. [flps]
21723. Number=3085
21724. Confirmed=X
21725. Filename=flps.vbs
21726. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111314-3449-99" target="_blank">BYRON</a> WORM!
21727. Source=Paul Collins Startup list
21728.  
21729. [flpycntl]
21730. Number=3086
21731. Confirmed=X
21732. Filename=flpycntl.exe
21733. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
21734. Source=Paul Collins Startup list
21735.  
21736. [FLSVCI]
21737. Number=3087
21738. Confirmed=?
21739. Filename=FLSVCI.exe
21740. Description=<font color="#FF0000">??</font>
21741. Source=Paul Collins Startup list
21742.  
21743. [FltProcess]
21744. Number=3088
21745. Confirmed=Y
21746. Filename=msinet.exe
21747. Description=Part of <a href="http://www.cyberpatrol.com/">Cyber Patrol</a> internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
21748. Source=Paul Collins Startup list
21749.  
21750. [FlyswatDesktop]
21751. Number=3089
21752. Confirmed=X
21753. Filename=flydesk.exe
21754. Description=Advertising spyware
21755. Source=Paul Collins Startup list
21756.  
21757. [FmctrlTray]
21758. Number=3090
21759. Confirmed=U
21760. Filename=Fmctrl.EXE
21761. Description=Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)
21762. Source=Paul Collins Startup list
21763.  
21764. [fmnwebassist]
21765. Number=3091
21766. Confirmed=X
21767. Filename=fmnwebassist.exe
21768. Description=Adware popup generator
21769. Source=Paul Collins Startup list
21770.  
21771. [FMStart]
21772. Number=3092
21773. Confirmed=U
21774. Filename=Fmstart.exe
21775. Description=<a href="http://www.gfi.com/faxmaker/" target="_blank">GFI FAXmaker</a> - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
21776. Source=Paul Collins Startup list
21777.  
21778. [FMSZ]
21779. Number=3093
21780. Confirmed=X
21781. Filename=fmsz.exe
21782. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079140" target="_blank">FMSZ</a> TROJAN!
21783. Source=Paul Collins Startup list
21784.  
21785. [fnmwebassist]
21786. Number=3094
21787. Confirmed=X
21788. Filename=fnmwebassist.exe
21789. Description=<a href="http://allentech.net/parasite/WinPL.html" target="_blank">WinPL</a> adware
21790.  
21791. Source=Paul Collins Startup list
21792.  
21793. [Focus]
21794. Number=3095
21795. Confirmed=?
21796. Filename=Focus.exe
21797. Description=<font color="#FF0000">ISDN configuration wizard?</font>
21798. Source=Paul Collins Startup list
21799.  
21800. [Folder Service]
21801. Number=3096
21802. Confirmed=X
21803. Filename=wssdtu.exe
21804. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
21805. Source=Paul Collins Startup list
21806.  
21807. [Folder View]
21808. Number=3097
21809. Confirmed=U
21810. Filename=folderview.exe
21811. Description=<a href="http://www.folderview.com/folderview/" target=_blank>Folder View</a> enhances the Windows file Explorer by making all folders you need available in a single click
21812. Source=Paul Collins Startup list
21813.  
21814. [FolderClone v*.*.*]
21815. Number=3098
21816. Confirmed=U
21817. Filename=folderclone.exe
21818. Description=<a href="http://www.folderclone.com/fcinfo.htm" target=_blank>Folderclone</a> backup and synchronization software
21819. Source=Paul Collins Startup list
21820.  
21821. [Folding@home]
21822. Number=3099
21823. Confirmed=N
21824. Filename=WINFAH.EXE
21825. Description=Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
21826. Source=Paul Collins Startup list
21827.  
21828. [FoneSyncSystemTray]
21829. Number=3100
21830. Confirmed=N
21831. Filename=FoneSyncSystemTray.exe
21832. Description=System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
21833. Source=Paul Collins Startup list
21834.  
21835. [FontFix]
21836. Number=3101
21837. Confirmed=X
21838. Filename=fontfix.exe
21839. Description=Added by an unidentified VIRUS, WORM or TROJAN!
21840. Source=Paul Collins Startup list
21841.  
21842. [fontnav]
21843. Number=3102
21844. Confirmed=N
21845. Filename=FontNav.exe
21846. Description=Font Navigator from <a href="http://www.bitstream.com/" target=_blank>Bitstream Inc.</a> - a font management utility
21847. Source=Paul Collins Startup list
21848.  
21849. [FontsLoader]
21850. Number=3103
21851. Confirmed=X
21852. Filename=ldfnt32.hta
21853. Description=Unidentified malware
21854. Source=Paul Collins Startup list
21855.  
21856. [FONTVIEW]
21857. Number=3104
21858. Confirmed=X
21859. Filename=FONTVIEW.EXE
21860. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
21861. Source=Paul Collins Startup list
21862.  
21863. [FooBar 1.0]
21864. Number=3105
21865. Confirmed=U
21866. Filename=FooBar.exe
21867. Description=<a href="http://matrixsoftware.com/" target="_blank">FooBar</a> - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"
21868. Source=Paul Collins Startup list
21869.  
21870. [foobin lptt01]
21871. Number=3106
21872. Confirmed=X
21873. Filename=adaware.exe
21874. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
21875. Source=Paul Collins Startup list
21876.  
21877. [foobin ml097e]
21878. Number=3107
21879. Confirmed=X
21880. Filename=adaware.exe
21881. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
21882. Source=Paul Collins Startup list
21883.  
21884. [FoolProof]
21885. Number=3108
21886. Confirmed=Y
21887. Filename=fpwinldr.exe
21888. Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
21889. Source=Paul Collins Startup list
21890.  
21891. [FoolProofSweep]
21892. Number=3109
21893. Confirmed=Y
21894. Filename=??
21895. Description=Part of <a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> PC security software from SmartStuff
21896. Source=Paul Collins Startup list
21897.  
21898. [Forbes]
21899. Number=3110
21900. Confirmed=N
21901. Filename=ForbesAlerts.exe
21902. Description=Forbes Business News Alerts - displays business news headlines in a little window on the screen
21903. Source=Paul Collins Startup list
21904.  
21905. [ForceShow]
21906. Number=3111
21907. Confirmed=X
21908. Filename=rundll32.exe QaBar.dll, ForceShowBar
21909. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AdultLinks.QBar&threatid=10158" target=_blank>AdultLinks.QBar</a> parasite related
21910. Source=Paul Collins Startup list
21911.  
21912. [Forget Me Not]
21913. Number=3112
21914. Confirmed=N
21915. Filename=AGRemind.exe
21916. Description=Calendar reminder part of <a href="http://www.broderbund.com/SubCategory.asp?CID=107" target="_blank">Broderbund's</a> American Greetings« CreataCard«
21917. Source=Paul Collins Startup list
21918.  
21919. [FortiClient]
21920. Number=3113
21921. Confirmed=X
21922. Filename=FortiClient.exe
21923. Description=<a href="http://www.fortinet.com/" target="_blank">Fortinet</a> security systems are the new generation of real time network protection systems
21924. Source=Paul Collins Startup list
21925.  
21926. [Fortis Secure Layer Config]
21927. Number=3114
21928. Confirmed=U
21929. Filename=cseinst.exe
21930. Description=Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
21931. Source=Paul Collins Startup list
21932.  
21933. [FotoStation Easy AutoLaunch]
21934. Number=3115
21935. Confirmed=N
21936. Filename=FotoStation Easy AutoLaunch.exe
21937. Description=Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
21938. Source=Paul Collins Startup list
21939.  
21940. [Foul PX]
21941. Number=3116
21942. Confirmed=U
21943. Filename=FoulPX.exe
21944. Description=Foul PX, Optusnet usage stat checker
21945. Source=Paul Collins Startup list
21946.  
21947. [FourthDay]
21948. Number=3117
21949. Confirmed=U
21950. Filename=FourthDay.exe
21951. Description=<a href="http://www.starstonesoftware.com/fourthday.htm" target="_blank">The Fourth Day</a> - "astronomical clock and almanac for your system tray"
21952. Source=Paul Collins Startup list
21953.  
21954. [foxdh]
21955. Number=3118
21956. Confirmed=X
21957. Filename=foxdhend.exe
21958. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-063015-2354-99" target=_blank>MENGHUAN</a> TROJAN!
21959. Source=Paul Collins Startup list
21960.  
21961. [foxdh]
21962. Number=3119
21963. Confirmed=X
21964. Filename=foxdh.exe
21965. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostq.html" target=_blank>GWGHOST-Q</a> TROJAN!
21966. Source=Paul Collins Startup list
21967.  
21968. [foxrxjh]
21969. Number=3120
21970. Confirmed=X
21971. Filename=foxrxjh.exe
21972. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostt.html" target=_blank>GWGHOST-T</a> TROJAN!
21973. Source=Paul Collins Startup list
21974.  
21975. [foxwudy9912]
21976. Number=3121
21977. Confirmed=X
21978. Filename=service.exe
21979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbt.html" target= blank>BANCOS-BT</a> TROJAN!
21980. Source=Paul Collins Startup list
21981.  
21982. [FP Loader]
21983. Number=3122
21984. Confirmed=Y
21985. Filename=loadfp.exe
21986. Description=<a href="http://www.smartstuff.com/fps/fpsinfo.html" target="_blank">FoolProof Security</a> - PC security software from SmartStuff
21987. Source=Paul Collins Startup list
21988.  
21989. [FPWGMWZD]
21990. Number=3123
21991. Confirmed=?
21992. Filename=FPWGMWZD.exe
21993. Description=<font color="#FF0000">??</font>
21994. Source=Paul Collins Startup list
21995.  
21996. [Fpx]
21997. Number=3124
21998. Confirmed=N
21999. Filename=mnmsrvc.exe
22000. Description=Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
22001. Source=Paul Collins Startup list
22002.  
22003. [fqor]
22004. Number=3125
22005. Confirmed=X
22006. Filename=stub_113_4_0_4_0.exe
22007. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
22008.  
22009. Source=Paul Collins Startup list
22010.  
22011. [FrameWork 2.5]
22012. Number=3126
22013. Confirmed=X
22014. Filename=FrameWork.exe
22015. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmw.html" target="_blank">RBOT-FMW</a> WORM! Note - can terminate AV related processes
22016. Source=Paul Collins Startup list
22017.  
22018. [France]
22019. Number=3127
22020. Confirmed=X
22021. Filename=svchost.exe
22022. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120112-2230-99" target=_blank>MIMAIL.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
22023. Source=Paul Collins Startup list
22024.  
22025. [Fraps]
22026. Number=3128
22027. Confirmed=U
22028. Filename=fraps.exe
22029. Description=Fraps Real-Time Video Capture software
22030. Source=Paul Collins Startup list
22031.  
22032. [Free Download Manager]
22033. Number=3129
22034. Confirmed=N
22035. Filename=fdm.exe
22036. Description="Free Download Manager" - see <a href="http://www.freedownloadmanager.org/" target="_blank">here</a>
22037. Source=Paul Collins Startup list
22038.  
22039. [Free Downloads Monitor]
22040. Number=3130
22041. Confirmed=?
22042. Filename=fdcmon.exe
22043. Description=<font color="#FF0000">??</font>
22044. Source=Paul Collins Startup list
22045.  
22046. [Free Ram Optimizer]
22047. Number=3131
22048. Confirmed=U
22049. Filename=fro.exe
22050. Description=<a href="http://www.acelogix.com/freeware.html" target=_blank>Free Ram Optimizer</a> monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
22051. Source=Paul Collins Startup list
22052.  
22053. [Freedom]
22054. Number=3132
22055. Confirmed=Y
22056. Filename=Freedom.exe
22057. Description=<a href="http://www.freedom.net/" target="_blank">Freedom</a> Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
22058. Source=Paul Collins Startup list
22059.  
22060. [FreeMem Pro]
22061. Number=3133
22062. Confirmed=U
22063. Filename=FMEMPRO.EXE
22064. Description=FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
22065. Source=Paul Collins Startup list
22066.  
22067. [FreeMemVn2]
22068. Number=3134
22069. Confirmed=U
22070. Filename=FreeMem.exe
22071. Description=FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
22072. Source=Paul Collins Startup list
22073.  
22074. [FreeMP3download]
22075. Number=3135
22076. Confirmed=X
22077. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
22078. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
22079. Source=Paul Collins Startup list
22080.  
22081. [FreeRAM XP]
22082. Number=3136
22083. Confirmed=U
22084. Filename=FreeRAM XP Pro *.exe
22085. Description=<a href="http://www.yourwaresolutions.com/software.html#framxpro" target="_blank">FreeRAM XP Pro</a> - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
22086. Source=Paul Collins Startup list
22087.  
22088. [freestyle]
22089. Number=3137
22090. Confirmed=X
22091. Filename=lockx.exe
22092. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotath.html" target=_blank>RBOT-ATH</a> WORM!
22093. Source=Paul Collins Startup list
22094.  
22095. [freesurfer]
22096. Number=3138
22097. Confirmed=U
22098. Filename=fs20.exe
22099. Description=<a href="http://www.kolumbus.fi/eero.muhonen/FS/" target="_blank">EMS Free Surfer mk II</a> - pop-up stopper
22100. Source=Paul Collins Startup list
22101.  
22102. [freexstyle]
22103. Number=3139
22104. Confirmed=X
22105. Filename=lockbar.exe
22106. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010615-2712-99" target=_blank>LOXBOT.D</a> WORM!
22107. Source=Paul Collins Startup list
22108.  
22109. [freexstyle]
22110. Number=3140
22111. Confirmed=X
22112. Filename=lockbr.exe
22113. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010515-3159-99" target=_blank>LOXBOT.C</a> WORM!
22114. Source=Paul Collins Startup list
22115.  
22116. [Fresh Desktop]
22117. Number=3141
22118. Confirmed=U
22119. Filename=freshdesktop.exe
22120. Description=<a href="http://www.softcows.com/fresh_desktop.htm" target=_blank>Fresh Desktop</a> is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals
22121. Source=Paul Collins Startup list
22122.  
22123. [freshclam]
22124. Number=3142
22125. Confirmed=N
22126. Filename=freshclam.exe
22127. Description=Auto update agent of the open source <a href="http://www.clamwin.com/" target=_blank>Clamwin</a> virus scanner
22128.  
22129. Source=Paul Collins Startup list
22130.  
22131. [frguk]
22132. Number=3143
22133. Confirmed=?
22134. Filename=shdrkmck.exe
22135. Description=<font color="#FF0000">??</font>
22136. Source=Paul Collins Startup list
22137.  
22138. [FridaysInHellInstaller]
22139. Number=3144
22140. Confirmed=?
22141. Filename=FridaysInHellInstaller.exe
22142. Description=<font color="#FF0000">??</font>
22143. Source=Paul Collins Startup list
22144.  
22145. [FriendlyType]
22146. Number=3145
22147. Confirmed=X
22148. Filename=lsass.exe
22149. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
22150. Source=Paul Collins Startup list
22151.  
22152. [FriendlyTypeName]
22153. Number=3146
22154. Confirmed=X
22155. Filename=services.exe
22156. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
22157. Source=Paul Collins Startup list
22158.  
22159. [FriendlyTypeName]
22160. Number=3147
22161. Confirmed=X
22162. Filename=winlogon.exe
22163. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
22164. Source=Paul Collins Startup list
22165.  
22166. [FriendlyWebQuick-Launch]
22167. Number=3148
22168. Confirmed=N
22169. Filename=SELFCERT.EXE
22170. Description=selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
22171. Source=Paul Collins Startup list
22172.  
22173. [FRISK FP-Scheduler]
22174. Number=3149
22175. Confirmed=U
22176. Filename=F-Sched.exe
22177. Description=Scheduler for <a href="http://www.f-prot.com/" target="_blank"> F-Prot</a> anitvirus software. Leave enabled unless you scan manually on a regular basis
22178. Source=Paul Collins Startup list
22179.  
22180. [FRITZ!DSL Startcenter]
22181. Number=3150
22182. Confirmed=?
22183. Filename=StCenter.exe
22184. Description=FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - <font color="#FF0000">is it required?</font>
22185. Source=Paul Collins Startup list
22186.  
22187. [FRITZ!webProtect]
22188. Number=3151
22189. Confirmed=U
22190. Filename=FwebProt.exe
22191. Description=Firewall included in FRITZ! ISP DSL software
22192. Source=Paul Collins Startup list
22193.  
22194. [Fromine WinPopup]
22195. Number=3152
22196. Confirmed=N
22197. Filename=winpopup.exe
22198. Description=Instant Messenger program
22199. Source=Paul Collins Startup list
22200.  
22201. [Frsk]
22202. Number=3153
22203. Confirmed=X
22204. Filename=frsk.exe
22205. Description=Unidentified adware downloader trojan
22206. Source=Paul Collins Startup list
22207.  
22208. [FRW_EXE]
22209. Number=3154
22210. Confirmed=Y
22211. Filename=FRW.EXE
22212. Description=<a href="http://www.claymania.com/rate-conseal.html" target="_blank">ConSeal Signal9</a> firewall - now McAfee Personal firewall
22213. Source=Paul Collins Startup list
22214.  
22215. [frxmxins]
22216. Number=3155
22217. Confirmed=Y
22218. Filename=frxmxins.exe
22219. Description=ATI 3D Studio MAX/VIZ driver
22220. Source=Paul Collins Startup list
22221.  
22222. [FS Agent]
22223. Number=3156
22224. Confirmed=X
22225. Filename=fagent.exe
22226. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvolverb.html" target=_blank>VOLVER-B</a> TROJAN!
22227. Source=Paul Collins Startup list
22228.  
22229. [FS6519]
22230. Number=3157
22231. Confirmed=X
22232. Filename=FS6519.dll.vbs
22233. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-022116-1047-99" target="_blank">SOLOW.B</a> WORM!
22234. Source=Paul Collins Startup list
22235.  
22236. [fsaa]
22237. Number=3158
22238. Confirmed=Y
22239. Filename=fsaa.exe
22240. Description=<a href="http://www.f-secure.com/" target=_blank>F-Secure</a> antivirus Authentication Agent - creates and stores private keys used by a client to access servers
22241. Source=Paul Collins Startup list
22242.  
22243. [FSCBoss]
22244. Number=3159
22245. Confirmed=N
22246. Filename=FSCBoss.exe
22247. Description=Free Store Club shop online software
22248. Source=Paul Collins Startup list
22249.  
22250. [FSDPSRV]
22251. Number=3160
22252. Confirmed=?
22253. Filename=FSDPSRV.exe
22254. Description=<font color="#FF0000">??</font>
22255. Source=Paul Collins Startup list
22256.  
22257. [FSH]
22258. Number=3161
22259. Confirmed=X
22260. Filename=svcnva.exe
22261. Description=Malware, detected by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Delf.ks
22262. Source=Paul Collins Startup list
22263.  
22264. [fsp]
22265. Number=3162
22266. Confirmed=U
22267. Filename=fsp.exe
22268. Description=<a href="http://www.baxbex.com/foldershield.html" target="_blank">Folder Shield</a> - hide entire directories and thus prevent access by anyone else to your personal files and documents
22269. Source=Paul Collins Startup list
22270.  
22271. [fspr]
22272. Number=3163
22273. Confirmed=Y
22274. Filename=FolderShield.exe
22275. Description=<a href="http://www.baxbex.de/foldershield.html" target="_blank">Folder Shield</a> - hide personal files and folders
22276. Source=Paul Collins Startup list
22277.  
22278. [FSScrCtl]
22279. Number=3164
22280. Confirmed=N
22281. Filename=FSScrCtl.exe
22282. Description=Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"
22283. Source=Paul Collins Startup list
22284.  
22285. [fsserv]
22286. Number=3165
22287. Confirmed=U
22288. Filename=fserv.exe
22289. Description=<a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html">Farsighter Server</a> - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
22290. Source=Paul Collins Startup list
22291.  
22292. [FSW]
22293. Number=3166
22294. Confirmed=X
22295. Filename=FSW.exe
22296. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=FreeScratchAndWin&threatid=5475" target=_blank>FreeScratchAndWin</a> parasite
22297. Source=Paul Collins Startup list
22298.  
22299. [FSWebServer]
22300. Number=3167
22301. Confirmed=U
22302. Filename=fsws.exe
22303. Description=<a href="http://www.sharing-file.com/" target=_blank>Easy File Sharing Web Server</a> is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services
22304. Source=Paul Collins Startup list
22305.  
22306. [FtkCPY]
22307. Number=3168
22308. Confirmed=X
22309. Filename=ftkcpy.exe
22310. Description=<a href="http://sarc.com/avcenter/venc/data/adware.flashenhancer.html" target="_blank">FlashEnhancer</a> adware variant
22311. Source=Paul Collins Startup list
22312.  
22313. [FtLnSOP_setup]
22314. Number=3169
22315. Confirmed=U
22316. Filename=FtLnSOP.exe
22317. Description=Fujitsu scanner utility
22318. Source=Paul Collins Startup list
22319.  
22320. [FTMSFLT(USB)]
22321. Number=3170
22322. Confirmed=U
22323. Filename=FTMSFLTU.EXE
22324. Description=Fujitsu's Touch Panel Message Notifier
22325. Source=Paul Collins Startup list
22326.  
22327. [FTP FOR WINDOWS]
22328. Number=3171
22329. Confirmed=X
22330. Filename=ftpwin32.exe
22331. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
22332. Source=Paul Collins Startup list
22333.  
22334. [FTPGraber]
22335. Number=3172
22336. Confirmed=X
22337. Filename=FTPGraber.exe
22338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html" target=_blank>DLOADER-DT</a> TROJAN!
22339.  
22340. Source=Paul Collins Startup list
22341.  
22342. [FTPManager]
22343. Number=3173
22344. Confirmed=N
22345. Filename=FTPDM.exe
22346. Description="<a href="http://www.robust.ws/ftpdm.html" target=_blank>Robust FTP</a> is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually
22347. Source=Paul Collins Startup list
22348.  
22349. [Ftpqueue]
22350. Number=3174
22351. Confirmed=U
22352. Filename=Ftpsched.exe
22353. Description=Part of <a href="http://www.ipswitch.com/Products/WS_FTP/" target="_blank">WS_FTP Pro</a> from Ipswitch. Queueing facility for scheduling FTP transfers
22354. Source=Paul Collins Startup list
22355.  
22356. [ftutil2]
22357. Number=3175
22358. Confirmed=U
22359. Filename=rundll32.exe [path] ftutil2.dll, SetWriteCacheMode
22360. Description=Related to Promise Technology's <a href="http://www.promise.com/marketing/datasheet/file/2_FT%20SX4030_4060%20DS.pdf" target="_blank">FastTrak SX4030/4060</a> PCI ATA Raid 5 controller (and possibly others)
22361. Source=Paul Collins Startup list
22362.  
22363. [Fucker]
22364. Number=3176
22365. Confirmed=X
22366. Filename=fucker.vbs
22367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32catchera.html" target="_blank">CATCHER-A</a> WORM!
22368. Source=Paul Collins Startup list
22369.  
22370. [Fujitsu Menu]
22371. Number=3177
22372. Confirmed=U
22373. Filename=FjMnuIco.exe
22374. Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
22375. Source=Paul Collins Startup list
22376.  
22377. [fukerservice]
22378. Number=3178
22379. Confirmed=X
22380. Filename=fukerz.exe
22381. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
22382. Source=Paul Collins Startup list
22383.  
22384. [FUKLBAR]
22385. Number=3179
22386. Confirmed=X
22387. Filename=bar.exe
22388. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
22389. Source=Paul Collins Startup list
22390.  
22391. [FusionHdtvTray]
22392. Number=3180
22393. Confirmed=U
22394. Filename=FusionHdtvTray.exe
22395. Description=FusionTrayAgent - main executable for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a> software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
22396. Source=Paul Collins Startup list
22397.  
22398. [FusionRC]
22399. Number=3181
22400. Confirmed=U
22401. Filename=FusionRC.exe
22402. Description=Remote control manager for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a>
22403. Source=Paul Collins Startup list
22404.  
22405. [FusionRemote]
22406. Number=3182
22407. Confirmed=U
22408. Filename=FusionRc.exe
22409. Description=Remote control manager for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a>
22410. Source=Paul Collins Startup list
22411.  
22412. [FusionTrayAgent]
22413. Number=3183
22414. Confirmed=N
22415. Filename=FusionHdtvTray.exe
22416. Description=FusionTrayAgent - main executable for <a href="http://www.fusionhdtv.co.kr/eng/" target="_blank">DVICO FusionHDTV</a> software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
22417. Source=Paul Collins Startup list
22418.  
22419. [fvek]
22420. Number=3184
22421. Confirmed=X
22422. Filename=fvek.exe
22423. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrivola.html" target=_blank>DRIVOL-A</a> TROJAN!
22424. Source=Paul Collins Startup list
22425.  
22426. [FW Manager]
22427. Number=3185
22428. Confirmed=X
22429. Filename=fwcheck.exe
22430. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboth.html" target="_blank">DELBOT-H</a> WORM!
22431. Source=Paul Collins Startup list
22432.  
22433. [FWDMON.EXE]
22434. Number=3186
22435. Confirmed=X
22436. Filename=fwdmon.exe
22437. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxys.html" target=_blank>PROXY-S</a> TROJAN!
22438. Source=Paul Collins Startup list
22439.  
22440. [fwenc.exe]
22441. Number=3187
22442. Confirmed=Y
22443. Filename=fwenc.exe
22444. Description=<a href="http://www.checkpoint.com/" target="_blank">Check Point</a> SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
22445. Source=Paul Collins Startup list
22446.  
22447. [Fwr Command Module]
22448. Number=3188
22449. Confirmed=X
22450. Filename=fwr.exe
22451. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html" target="_blank">SDBOT-PP</a> WORM!
22452. Source=Paul Collins Startup list
22453.  
22454. [fwrastrc]
22455. Number=3189
22456. Confirmed=N
22457. Filename=fwrastrc.exe
22458. Description=Dial-up software for Friendly Technologies/1NationOnLine free ISP
22459. Source=Paul Collins Startup list
22460.  
22461. [fwservice]
22462. Number=3190
22463. Confirmed=U
22464. Filename=fwservice
22465. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
22466. Source=Paul Collins Startup list
22467.  
22468. [FX]
22469. Number=3191
22470. Confirmed=X
22471. Filename=ieloader.exe
22472. Description=Added by the SMALL.RR TROJAN!
22473. Source=Paul Collins Startup list
22474.  
22475. [fxredir]
22476. Number=3192
22477. Confirmed=U
22478. Filename=fxredir.exe
22479. Description=Canon MultiPASS fax redirector
22480. Source=Paul Collins Startup list
22481.  
22482. [fzg]
22483. Number=3193
22484. Confirmed=X
22485. Filename=svhost32.exe
22486. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.BDK" target="_blank">DLOADER.BDK</a> TROJAN!
22487. Source=Paul Collins Startup list
22488.  
22489. [f~a]
22490. Number=3194
22491. Confirmed=X
22492. Filename=ra32.exe
22493. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101037&affid=125" target=_blank>CAY</a> TROJAN!
22494. Source=Paul Collins Startup list
22495.  
22496. [g.exe]
22497. Number=3195
22498. Confirmed=X
22499. Filename=g.exe
22500. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091016-5719-99" target=_blank>GRAYBIRD.Q</a> TROJAN!
22501. Source=Paul Collins Startup list
22502.  
22503. [G00123]
22504. Number=3196
22505. Confirmed=X
22506. Filename=[worm filename]
22507. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010215-0626-99" target="_blank">BUGBROS</a> WORM!
22508. Source=Paul Collins Startup list
22509.  
22510. [G0mez]
22511. Number=3197
22512. Confirmed=X
22513. Filename=G0mez.vbs
22514. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
22515. Source=Paul Collins Startup list
22516.  
22517. [G3]
22518. Number=3198
22519. Confirmed=X
22520. Filename=GSMedia3.exe
22521. Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
22522. Source=Paul Collins Startup list
22523.  
22524. [g3dctl]
22525. Number=3199
22526. Confirmed=?
22527. Filename=g3dctl.exe
22528. Description=<font color="#FF0000">??</font>
22529. Source=Paul Collins Startup list
22530.  
22531. [Gadu-Gadu]
22532. Number=3200
22533. Confirmed=N
22534. Filename=gg.exe
22535. Description=Polish language Instant Messaging client
22536. Source=Paul Collins Startup list
22537.  
22538. [Gadwin PrintScreen]
22539. Number=3201
22540. Confirmed=N
22541. Filename=PrintScreen.exe
22542. Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
22543. Source=Paul Collins Startup list
22544.  
22545. [GAELICUM.EXE]
22546. Number=3202
22547. Confirmed=X
22548. Filename=GAELICUM.EXE
22549. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpentaa.html" target=_blank>PENTA-A</a> TROJAN!
22550. Source=Paul Collins Startup list
22551.  
22552. [gah95on6]
22553. Number=3203
22554. Confirmed=X
22555. Filename=gah95on6.exe
22556. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076082" target=_blank>ShopAtHome/SAHagent</a> adware
22557. Source=Paul Collins Startup list
22558.  
22559. [gaim]
22560. Number=3204
22561. Confirmed=U
22562. Filename=gaim.exe
22563. Description=<a href="http://gaim.sourceforge.net/" target=_blank>Gaim</a> is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks
22564. Source=Paul Collins Startup list
22565.  
22566. [Gainward]
22567. Number=3205
22568. Confirmed=U
22569. Filename=TBPanel.exe
22570. Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
22571. Source=Paul Collins Startup list
22572.  
22573. [game]
22574. Number=3206
22575. Confirmed=X
22576. Filename=shit.exe
22577. Description=Added by the Netclap Gold backdoor TROJAN!
22578. Source=Paul Collins Startup list
22579.  
22580. [Game Device]
22581. Number=3207
22582. Confirmed=N
22583. Filename=JOYUPDRV.EXE
22584. Description=Genius game controller profile activator
22585. Source=Paul Collins Startup list
22586.  
22587. [Game House]
22588. Number=3208
22589. Confirmed=X
22590. Filename=GameHouse.exe
22591. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
22592. Source=Paul Collins Startup list
22593.  
22594. [GameDrive]
22595. Number=3209
22596. Confirmed=N
22597. Filename=GDTask.exe
22598. Description=<a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> Virtual Driver from FarStone Technology, Inc. Run PC games without the disc
22599. Source=Paul Collins Startup list
22600.  
22601. [Games Acceleration]
22602. Number=3210
22603. Confirmed=X
22604. Filename=svshost.exe
22605. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
22606. Source=Paul Collins Startup list
22607.  
22608. [Games Acceleration]
22609. Number=3211
22610. Confirmed=X
22611. Filename=[path to trojan]
22612. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
22613. Source=Paul Collins Startup list
22614.  
22615. [Games Acceleration]
22616. Number=3212
22617. Confirmed=X
22618. Filename=svshost1.exe
22619. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
22620. Source=Paul Collins Startup list
22621.  
22622. [Games toolbar]
22623. Number=3213
22624. Confirmed=X
22625. Filename=rundll32.exe [path] tbGame.dll, DllShowTB
22626. Description=Topconverting.com\180Search "Games Toolbar" adware
22627.  
22628. Source=Paul Collins Startup list
22629.  
22630. [GameSpot]
22631. Number=3214
22632. Confirmed=N
22633. Filename=kontiki.exe
22634. Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
22635. Source=Paul Collins Startup list
22636.  
22637. [gameutil.exe]
22638. Number=3215
22639. Confirmed=U
22640. Filename=gameutil.exe
22641. Description=Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
22642. Source=Paul Collins Startup list
22643.  
22644. [GammaHotKeys]
22645. Number=3216
22646. Confirmed=U
22647. Filename=setgamma.exe
22648. Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
22649. Source=Paul Collins Startup list
22650.  
22651. [gaSrv]
22652. Number=3217
22653. Confirmed=X
22654. Filename=gaSrv.exe
22655. Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
22656. Source=Paul Collins Startup list
22657.  
22658. [gaSrve]
22659. Number=3218
22660. Confirmed=X
22661. Filename=gaSrve.exe
22662. Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
22663. Source=Paul Collins Startup list
22664.  
22665. [Gate Personal Firewall]
22666. Number=3219
22667. Confirmed=X
22668. Filename=Systpl.exe
22669. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADC&VSect=P" target=_blank>RBOT.ADC</a> WORM
22670. Source=Paul Collins Startup list
22671.  
22672. [Gateway Extended Warranty]
22673. Number=3220
22674. Confirmed=N
22675. Filename=GWCares.exe
22676. Description=Gateway Extended Warranty reminder
22677. Source=Paul Collins Startup list
22678.  
22679. [Gator]
22680. Number=3221
22681. Confirmed=X
22682. Filename=gator.exe
22683. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.Gator.eWallet&threatid=3722" target="_blank">Gator eWallet</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
22684. Source=Paul Collins Startup list
22685.  
22686. [Gator eWallet]
22687. Number=3222
22688. Confirmed=X
22689. Filename=gator.exe
22690. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.Gator.eWallet&threatid=3722" target="_blank">Gator eWallet</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
22691. Source=Paul Collins Startup list
22692.  
22693. [Gay_Sexy_**]
22694. Number=3223
22695. Confirmed=X
22696. Filename=Gay_Sexy_**.exe
22697. Description=Premium rate adult content dialler (where * is a random char)
22698. Source=Paul Collins Startup list
22699.  
22700. [GazelDisplay]
22701. Number=3224
22702. Confirmed=U
22703. Filename=gsyno.exe
22704. Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a> - Gazel ISDN installation System Tray icon
22705. Source=Paul Collins Startup list
22706.  
22707. [GBSpaceMan]
22708. Number=3225
22709. Confirmed=Y
22710. Filename=SpaceMan.exe
22711. Description=<a href="http://greenborder.com/" target="_blank">GreenBorder</a> - secure your browsing activities on the internet
22712. Source=Paul Collins Startup list
22713.  
22714. [GBTray]
22715. Number=3226
22716. Confirmed=U
22717. Filename=GBTray.exe
22718. Description=System Tray icon access to <a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
22719. Source=Paul Collins Startup list
22720.  
22721. [gCac]
22722. Number=3227
22723. Confirmed=X
22724. Filename=gcac.exe
22725. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
22726. Source=Paul Collins Startup list
22727.  
22728. [gcasDtServ]
22729. Number=3228
22730. Confirmed=X
22731. Filename=gcasDtServ.exe
22732. Description=Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup
22733. Source=Paul Collins Startup list
22734.  
22735. [gcasServ]
22736. Number=3229
22737. Confirmed=U
22738. Filename=gcasServ.exe
22739. Description=<a href="http://www.giantcompany.com/p_antiSpyware.htm" target=_blank>Giant Antipsyware</a> - now superseeded by <a href="http://www.microsoft.com/athome/security/spyware/software/default.mspx" target=_blank>Microsoft Windows AntiSpyware</a>
22740. Source=Paul Collins Startup list
22741.  
22742. [gcasServ]
22743. Number=3230
22744. Confirmed=X
22745. Filename=realsched.exe
22746. Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
22747. Source=Paul Collins Startup list
22748.  
22749. [GCC Reminder]
22750. Number=3231
22751. Confirmed=?
22752. Filename=gccrem.exe
22753. Description=Associated with AcraMax Greeting Card Creator. <font color="#FF0000">Is it a registration reminder?</font>
22754. Source=Paul Collins Startup list
22755.  
22756. [GCS]
22757. Number=3232
22758. Confirmed=N
22759. Filename=GrabClipSave.exe
22760. Description=<a href="http://www.boumchalak.net/Tools/GCS/gcs.html" target="_blank">GrabClipSave</a> screen capture tool
22761. Source=Paul Collins Startup list
22762.  
22763. [GDAX]
22764. Number=3233
22765. Confirmed=X
22766. Filename=[path to backdoor]
22767. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102814-0756-99" target=_blank>RANKY.K</a> TROJAN!
22768. Source=Paul Collins Startup list
22769.  
22770. [gdien32]
22771. Number=3234
22772. Confirmed=X
22773. Filename=gdien32.exe
22774. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingup.html" target=_blank>SINGU-P</a> TROJAN!
22775. Source=Paul Collins Startup list
22776.  
22777. [gdimx]
22778. Number=3235
22779. Confirmed=X
22780. Filename=gdimx.exe
22781. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialmpbd.html" target="_blank">MPB-D</a> dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx"
22782. Source=Paul Collins Startup list
22783.  
22784. [GDMgr.exe]
22785. Number=3236
22786. Confirmed=U
22787. Filename=gdmgr.exe
22788. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052615-2337-99" target="_blank">GuardMon</a> is a commercial surveillance software program designed to monitor all forms of user activity on a computer
22789. Source=Paul Collins Startup list
22790.  
22791. [GDrive]
22792. Number=3237
22793. Confirmed=N
22794. Filename=GDriver.exe
22795. Description=Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
22796. Source=Paul Collins Startup list
22797.  
22798. [Gearbox]
22799. Number=3238
22800. Confirmed=N
22801. Filename=confsvr.exe
22802. Description=NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available <a href="http://www.ntlworld.com/help/settings.htm" target="_blank">here</a>
22803. Source=Paul Collins Startup list
22804.  
22805. [GEARsec]
22806. Number=3239
22807. Confirmed=N
22808. Filename=gearsec.exe
22809. Description=Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
22810. Source=Paul Collins Startup list
22811.  
22812. [GEDZAC]
22813. Number=3240
22814. Confirmed=X
22815. Filename=GEDZAC.exe
22816. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020411-4428-99" target="_blank">GEMEL</a> WORM!
22817.  
22818. Source=Paul Collins Startup list
22819.  
22820. [GemStRmW]
22821. Number=3241
22822. Confirmed=N
22823. Filename=GemStRmW.exe
22824. Description=For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
22825. Source=Paul Collins Startup list
22826.  
22827. [Gene USB Monitor]
22828. Number=3242
22829. Confirmed=U
22830. Filename=USBMonit.exe
22831. Description=Monitors USB ports for insertion of Sandisk USB flashdrives
22832. Source=Paul Collins Startup list
22833.  
22834. [general lptt01]
22835. Number=3243
22836. Confirmed=X
22837. Filename=general.exe
22838. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
22839. Source=Paul Collins Startup list
22840.  
22841. [general ml097e]
22842. Number=3244
22843. Confirmed=X
22844. Filename=general.exe
22845. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
22846. Source=Paul Collins Startup list
22847.  
22848. [Generic host proccess for windows]
22849. Number=3245
22850. Confirmed=X
22851. Filename=SVCHOSTS.EXE
22852. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotgq.html" target= blank>SPYBOT-GQ</a> WORM!
22853. Source=Paul Collins Startup list
22854.  
22855. [Generic Host Process]
22856. Number=3246
22857. Confirmed=X
22858. Filename=SCHOST.EXE
22859. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnc.html" target=_blank>RBOT-NC</a> WORM!
22860.  
22861. Source=Paul Collins Startup list
22862.  
22863. [Generic Host Process]
22864. Number=3247
22865. Confirmed=X
22866. Filename=svchost.exe
22867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadernx.html" target=_blank>DLOADER-NX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
22868. Source=Paul Collins Startup list
22869.  
22870. [Generic Host Process for Win32 Service]
22871. Number=3248
22872. Confirmed=X
22873. Filename=svlhost.exe
22874. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.EX" target="_blank">WOOTBOT.EX</a> WORM!
22875. Source=Paul Collins Startup list
22876.  
22877. [Generic Host Process for Win32 Service]
22878. Number=3249
22879. Confirmed=X
22880. Filename=svchost.exe
22881. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.NC" target="_blank">SPYBOT.NC</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
22882. Source=Paul Collins Startup list
22883.  
22884. [Generic Host Process for Win32 Services]
22885. Number=3250
22886. Confirmed=X
22887. Filename=ntspcv.exe
22888. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010813-5603-99" target="_blank">SDBOT.S</a> TROJAN!
22889. Source=Paul Collins Startup list
22890.  
22891. [Generic Host Process for Win32 Services]
22892. Number=3251
22893. Confirmed=X
22894. Filename=intspvc.exe
22895. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031712-4905-99" target="_blank">DINFOR.D</a> WORM!
22896. Source=Paul Collins Startup list
22897.  
22898. [Generic Host Process for Win32 Services]
22899. Number=3252
22900. Confirmed=X
22901. Filename=winsvc.exe
22902. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdboto.html" target="_blank">SDBOT-O</a> WORM!
22903. Source=Paul Collins Startup list
22904.  
22905. [Generic Host Process for Win32 Services]
22906. Number=3253
22907. Confirmed=X
22908. Filename=bazzi.exe
22909. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022311-5800-99" target=_blank>AHKER.E</a> WORM!
22910. Source=Paul Collins Startup list
22911.  
22912. [Generic Host Process for Win32 Services]
22913. Number=3254
22914. Confirmed=X
22915. Filename=winsvc32.exe
22916. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotp.html" target= blank>SDBOT-P</a> WORM!
22917. Source=Paul Collins Startup list
22918.  
22919. [Generic Host Process for Win32 Services]
22920. Number=3255
22921. Confirmed=X
22922. Filename=lspsvc.exe
22923. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.C" target="_blank">MUMU.C</a> WORM!
22924. Source=Paul Collins Startup list
22925.  
22926. [Generic Host Process for Win32 Services]
22927. Number=3256
22928. Confirmed=X
22929. Filename=SPSVC.EXE
22930. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.DA" target="_blank">SDBOT.DA</a> WORM!
22931. Source=Paul Collins Startup list
22932.  
22933. [Generic Host Process for Win32 Services]
22934. Number=3257
22935. Confirmed=X
22936. Filename=svchost32.exe
22937. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALH" target="_blank">AGOBOT.ALH</a> WORM!
22938. Source=Paul Collins Startup list
22939.  
22940. [Generic Host Process for Win32 Services]
22941. Number=3258
22942. Confirmed=X
22943. Filename=sv±hεst.exe
22944. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.AK" target="_blank">DLOADER.AK</a> TROJAN!
22945. Source=Paul Collins Startup list
22946.  
22947. [Generic Host Process2 System Backup]
22948. Number=3259
22949. Confirmed=X
22950. Filename=scvhost2.exe
22951. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbah.html" target=_blank>RBOT-BAH</a> WORM!
22952. Source=Paul Collins Startup list
22953.  
22954. [Generic Host Process326a System Backup]
22955. Number=3260
22956. Confirmed=X
22957. Filename=scvhost326a.exe
22958. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
22959. Source=Paul Collins Startup list
22960.  
22961. [Generic Host Service]
22962. Number=3261
22963. Confirmed=X
22964. Filename=lshost.exe
22965. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T" target="_blank">RBOT.LU</a> WORM!
22966. Source=Paul Collins Startup list
22967.  
22968. [Generic Service Process]
22969. Number=3262
22970. Confirmed=X
22971. Filename=regsvc32.exe
22972. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040114-5626-99" target="_blank">GAOBOT.UJ</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040212-0834-99" target="_blank">GAOBOT.UL</a> WORMS!
22973. Source=Paul Collins Startup list
22974.  
22975. [Generic Service Process]
22976. Number=3263
22977. Confirmed=X
22978. Filename=serv1ces.exe
22979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjk.html" target=_blank>AGOBOT-JK</a> WORM!
22980. Source=Paul Collins Startup list
22981.  
22982. [Generic Service Process]
22983. Number=3264
22984. Confirmed=X
22985. Filename=nvsvc.exe
22986. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BY" target="_blank">AGOBOT.BY</a> WORM! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
22987. Source=Paul Collins Startup list
22988.  
22989. [Generic Services Process]
22990. Number=3265
22991. Confirmed=X
22992. Filename=regsvc32.exe
22993. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
22994. Source=Paul Collins Startup list
22995.  
22996. [GenericHostXP]
22997. Number=3266
22998. Confirmed=X
22999. Filename=WinLoaderXP.exe
23000. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooracx.html" target="_blank">BDOOR-ACX</a> TROJAN!
23001. Source=Paul Collins Startup list
23002.  
23003. [Genie USB Monitor]
23004. Number=3267
23005. Confirmed=Y
23006. Filename=USBmonitor.exe
23007. Description=Port monitor for an external USB hard drive. Required to enable access to the drive
23008. Source=Paul Collins Startup list
23009.  
23010. [Geography TX 1.0 NT]
23011. Number=3268
23012. Confirmed=X
23013. Filename=CompuSpeed.vbs
23014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsnewleya.html" target= blank>NEWLEY-A</a> WORM!
23015. Source=Paul Collins Startup list
23016.  
23017. [Gerenciamento de arquivos do Windows]
23018. Number=3269
23019. Confirmed=X
23020. Filename=Winmod32.exe
23021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwg.html" target=_blank>DLOADER-WG</a> TROJAN!
23022. Source=Paul Collins Startup list
23023.  
23024. [german.exe]
23025. Number=3270
23026. Confirmed=X
23027. Filename=winsystems.exe
23028. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlae.html" target=_blank>BAGLEDl-AE</a> TROJAN!
23029. Source=Paul Collins Startup list
23030.  
23031. [german.exe]
23032. Number=3271
23033. Confirmed=X
23034. Filename=wintems.exe
23035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagleas.html" target=_blank>BAGLE-AS</a> TROJAN!
23036. Source=Paul Collins Startup list
23037.  
23038. [Gestionnaire de disques universel]
23039. Number=3272
23040. Confirmed=X
23041. Filename=sysoobe.exe
23042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtoadera.html" target=_blank>TOADER-A</a> TROJAN!
23043. Source=Paul Collins Startup list
23044.  
23045. [Get Smile]
23046. Number=3273
23047. Confirmed=N
23048. Filename=getsmile.exe
23049. Description=Puts smilie faces in your E-mail. Run manually when required
23050. Source=Paul Collins Startup list
23051.  
23052. [GetRight Tray Icon]
23053. Number=3274
23054. Confirmed=N
23055. Filename=GETRIGHT.EXE
23056. Description=GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
23057. Source=Paul Collins Startup list
23058.  
23059. [GetTheMusic]
23060. Number=3275
23061. Confirmed=X
23062. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
23063. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
23064. Source=Paul Collins Startup list
23065.  
23066. [getwin]
23067. Number=3276
23068. Confirmed=X
23069. Filename=winB_.exe
23070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhs.html" target=_blank>BANKER-HS</a> TROJAN!
23071. Source=Paul Collins Startup list
23072.  
23073. [GhostSecuritySuite]
23074. Number=3277
23075. Confirmed=U
23076. Filename=gss.exe
23077. Description=<a href="http://www.ghostsecurity.com/" target=_blank>Ghost Security Suite</a> - protect the registry from unauthorized reading and modification and other tools
23078.  
23079. Source=Paul Collins Startup list
23080.  
23081. [GhostStartService]
23082. Number=3278
23083. Confirmed=N
23084. Filename=GhostStartService.exe
23085. Description=Required to run the Windows based wizard in <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version. Will start automatically when you run the wizard
23086. Source=Paul Collins Startup list
23087.  
23088. [GhostStartTrayApp]
23089. Number=3279
23090. Confirmed=N
23091. Filename=GhostStartTrayApp.exe
23092. Description=System Tray access to <a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target="_blank">Norton Ghost</a> - added from the 2003 version
23093. Source=Paul Collins Startup list
23094.  
23095. [GhostSurfDelSatellite]
23096. Number=3280
23097. Confirmed=?
23098. Filename=DeleteSatellite.exe
23099. Description=<a href="http://www.tenebril.com/products/ghostsurf/spycatcher.html" target=_blank>SpyCatcher</a> spyware remover related. <font color="#FF0000">What does it do and is it required?</font>
23100.  
23101. Source=Paul Collins Startup list
23102.  
23103. [GhostSurfDelSatellite]
23104. Number=3281
23105. Confirmed=Y
23106. Filename=DeleteSatellite.exe
23107. Description=Part of <a href="http://www.tenebril.com/consumer/spyware/spycatcher.php" target=_blank>SpyCatcher</a> spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place
23108.  
23109. Source=Paul Collins Startup list
23110.  
23111. [gigabit.exe]
23112. Number=3282
23113. Confirmed=X
23114. Filename=gigabit.exe
23115. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032609-0734-99" target="_blank">BEAGLE.U</a> WORM!
23116. Source=Paul Collins Startup list
23117.  
23118. [GigaByte]
23119. Number=3283
23120. Confirmed=X
23121. Filename=Cheatle.exe
23122. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042012-2931-99" target="_blank">SHODI.B</a> VIRUS!
23123. Source=Paul Collins Startup list
23124.  
23125. [Gilat SOM Enumerator]
23126. Number=3284
23127. Confirmed=Y
23128. Filename=dllhost.exe
23129. Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
23130. Source=Paul Collins Startup list
23131.  
23132. [GilatFTC]
23133. Number=3285
23134. Confirmed=Y
23135. Filename=ftc.exe
23136. Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
23137. Source=Paul Collins Startup list
23138.  
23139. [gimmygames]
23140. Number=3286
23141. Confirmed=X
23142. Filename=[path to trojan]
23143. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrln.html" target=_blank>DLOADR-LN</a> TROJAN!
23144. Source=Paul Collins Startup list
23145.  
23146. [gimmysmileys]
23147. Number=3287
23148. Confirmed=X
23149. Filename=gimmysmileys.exe
23150. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=GimmySmileys&threatid=44087" target="_blank">GimmySmileys</a> adware
23151. Source=Paul Collins Startup list
23152.  
23153. [GinaDll]
23154. Number=3288
23155. Confirmed=X
23156. Filename=ntgina.dll
23157. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ANIG.A" target="_blank">ANIG.A</a> WORM!
23158. Source=Paul Collins Startup list
23159.  
23160. [GisdnLog]
23161. Number=3289
23162. Confirmed=?
23163. Filename=gisdnlog.exe
23164. Description=<a href="http://www.bt.com/homehighway/more_info.htm">BT Digital Access USB</a>
23165. Source=Paul Collins Startup list
23166.  
23167. [Glass2k]
23168. Number=3290
23169. Confirmed=U
23170. Filename=Glass2k.exe
23171. Description="<a href="http://www.chime.tv/products/glass2k.shtml" target="_blank">Glass2k</a> is a small little program that allows Win2K/XP users to make any window transparent"
23172. Source=Paul Collins Startup list
23173.  
23174. [GLF Network Lan Monitor]
23175. Number=3291
23176. Confirmed=X
23177. Filename=NPFMNTOR.exe
23178. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagy.html" target=_blank>RBOT-AGY</a> WORM!
23179. Source=Paul Collins Startup list
23180.  
23181. [Glide]
23182. Number=3292
23183. Confirmed=Y
23184. Filename=Glidew32.exe
23185. Description=<a href="http://www.cirque.com/" target="_blank">Cirque</a> touchpad driver
23186. Source=Paul Collins Startup list
23187.  
23188. [Global Startup]
23189. Number=3293
23190. Confirmed=X
23191. Filename=WinDash.EXE
23192. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as IM-Worm.Win32.VB.q, may be related to the <a href="http://www.sophos.com/virusinfo/analyses/w32attechc.html" target="_blank">ATTECH-C</a> WORM
23193. Source=Paul Collins Startup list
23194.  
23195. [GlobalSCAPE]
23196. Number=3294
23197. Confirmed=X
23198. Filename=[random filename]
23199. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaym.html" target=_blank>RBOT-AYM</a> WORM!
23200. Source=Paul Collins Startup list
23201.  
23202. [GLSetIT32]
23203. Number=3295
23204. Confirmed=X
23205. Filename=msiexec16.exe
23206. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
23207. Source=Paul Collins Startup list
23208.  
23209. [GLSetIT32]
23210. Number=3296
23211. Confirmed=X
23212. Filename=isass.exe
23213. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39482" target="_blank">OPTIX PRO</a> TROJAN!
23214. Source=Paul Collins Startup list
23215.  
23216. [GLSetT32]
23217. Number=3297
23218. Confirmed=X
23219. Filename=smsiexec.exe
23220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixd.html" target=_blank>OPTIX-D</a> TROJAN!
23221. Source=Paul Collins Startup list
23222.  
23223. [gluon]
23224. Number=3298
23225. Confirmed=?
23226. Filename=gluon.exe
23227. Description=<font color="#FF0000">In a gluon/bin sub-directory</font>
23228. Source=Paul Collins Startup list
23229.  
23230. [glv]
23231. Number=3299
23232. Confirmed=X
23233. Filename=glv.exe
23234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderng.html" target= blank>DLOADER-NG</a> TROJAN!
23235. Source=Paul Collins Startup list
23236.  
23237. [GMedia2]
23238. Number=3300
23239. Confirmed=X
23240. Filename=GSM2.exe
23241. Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
23242. Source=Paul Collins Startup list
23243.  
23244. [GMedia2]
23245. Number=3301
23246. Confirmed=X
23247. Filename=GSMedia3.exe
23248. Description=Malware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.VB.ux
23249. Source=Paul Collins Startup list
23250.  
23251. [Gmouse]
23252. Number=3302
23253. Confirmed=Y
23254. Filename=Gmouse.exe
23255. Description=Amouse mouse driver - required if you use non-standard Windows driver features
23256. Source=Paul Collins Startup list
23257.  
23258. [Gnetmous]
23259. Number=3303
23260. Confirmed=U
23261. Filename=gnetmous.exe
23262. Description=<a href="http://www.geniusnet.com/" target="_blank">Genius</a> NetScroll+ mouse driver - required if you use non-standard Windows driver features
23263. Source=Paul Collins Startup list
23264.  
23265. [GNETMOUSE]
23266. Number=3304
23267. Confirmed=U
23268. Filename=gnetmouse.exe
23269. Description=Genius mouse driver - required if you use non-standard Windows driver features
23270.  
23271. Source=Paul Collins Startup list
23272.  
23273. [GNP Generic Host Process]
23274. Number=3305
23275. Confirmed=X
23276. Filename=svchost.exe
23277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasf.html" target= blank>ZAPCHAS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
23278. Source=Paul Collins Startup list
23279.  
23280. [GNP Generic Host Process]
23281. Number=3306
23282. Confirmed=X
23283. Filename=svchost.exe
23284. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasr.html" target=_blank>ZAPCHAS-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder
23285. Source=Paul Collins Startup list
23286.  
23287. [GNP Generic Host Process]
23288. Number=3307
23289. Confirmed=X
23290. Filename=svchost.exe
23291. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasaa.html" target=_blank>ZAPCHAS-AA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems
23292. Source=Paul Collins Startup list
23293.  
23294. [gnub]
23295. Number=3308
23296. Confirmed=?
23297. Filename=gnub.exe
23298. Description=<font color="#FF0000">??</font>
23299. Source=Paul Collins Startup list
23300.  
23301. [go]
23302. Number=3309
23303. Confirmed=X
23304. Filename=cvir.exe
23305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32silova.html" target="_blank">SILOV-A</a> WORM!
23306. Source=Paul Collins Startup list
23307.  
23308. [Go!Zilla]
23309. Number=3310
23310. Confirmed=X
23311. Filename=gozilla.exe
23312. Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
23313. Source=Paul Collins Startup list
23314.  
23315. [Go!Zilla Monster Downloads]
23316. Number=3311
23317. Confirmed=X
23318. Filename=Go.exe
23319. Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
23320. Source=Paul Collins Startup list
23321.  
23322. [GoBack]
23323. Number=3312
23324. Confirmed=U
23325. Filename=GBMenu.exe
23326. Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
23327. Source=Paul Collins Startup list
23328.  
23329. [GoBack]
23330. Number=3313
23331. Confirmed=U
23332. Filename=GBTray.exe
23333. Description=System Tray icon access to <a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
23334. Source=Paul Collins Startup list
23335.  
23336. [GoBack Polling Service]
23337. Number=3314
23338. Confirmed=U
23339. Filename=GBPoll.exe
23340. Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
23341. Source=Paul Collins Startup list
23342.  
23343. [GoBack Tray Icon]
23344. Number=3315
23345. Confirmed=U
23346. Filename=GBTray.exe
23347. Description=<a href="http://www.roxio.com/enu/default.html" target="_blank">Roxio's</a> (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
23348. Source=Paul Collins Startup list
23349.  
23350. [GOG]
23351. Number=3316
23352. Confirmed=X
23353. Filename=GOG.exe
23354. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040217-5954-99" target="_blank">PHILIS.B</a> VIRUS!
23355. Source=Paul Collins Startup list
23356.  
23357. [goidr]
23358. Number=3317
23359. Confirmed=X
23360. Filename=goidr.exe
23361. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081916-0353-99" target= blank>Goidr</a> adware
23362. Source=Paul Collins Startup list
23363.  
23364. [Goldensoft_MndlSvr]
23365. Number=3318
23366. Confirmed=U
23367. Filename=MndlSvr.exe
23368. Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
23369. Source=Paul Collins Startup list
23370.  
23371. [Golum]
23372. Number=3319
23373. Confirmed=X
23374. Filename=services.exe
23375. Description=Added by the GOLUM.A TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
23376. Source=Paul Collins Startup list
23377.  
23378. [golumm]
23379. Number=3320
23380. Confirmed=X
23381. Filename=services.exe
23382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderet.html" target=_blank>DLOADER-ET</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "golumm" subfolder
23383. Source=Paul Collins Startup list
23384.  
23385. [good]
23386. Number=3321
23387. Confirmed=X
23388. Filename=badvir.exe
23389. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32silovb.html" target="_blank">SILOV-B</a> WORM!
23390. Source=Paul Collins Startup list
23391.  
23392. [google]
23393. Number=3322
23394. Confirmed=X
23395. Filename=google.exe
23396. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamw.html" target=_blank>RBOT-AMW</a> WORM!
23397. Source=Paul Collins Startup list
23398.  
23399. [Google Desktop]
23400. Number=3323
23401. Confirmed=U
23402. Filename=GoogleDesktop.exe
23403. Description=<a href="http://desktop.google.com/about.html" target="_blank">Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
23404. Source=Paul Collins Startup list
23405.  
23406. [Google Desktop Search]
23407. Number=3324
23408. Confirmed=N
23409. Filename=GoogleDesktop.exe
23410. Description=<a href="http://desktop.google.com/about.html" target="_blank">Google Desktop Search</a> - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
23411. Source=Paul Collins Startup list
23412.  
23413. [Google Earth]
23414. Number=3325
23415. Confirmed=X
23416. Filename=[random filename]
23417. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html" target=_blank>RBOT-AXK</a> TROJAN!
23418. Source=Paul Collins Startup list
23419.  
23420. [Google Earth Viewer]
23421. Number=3326
23422. Confirmed=N
23423. Filename=GOOGLEMAPS.EXE
23424. Description=<a href="http://earth.google.com/" target=_blank>Google Earth</a> "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"
23425. Source=Paul Collins Startup list
23426.  
23427. [google Intrenet Explorer]
23428. Number=3327
23429. Confirmed=X
23430. Filename=google.pif
23431. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotara.html" target=_blank>RBOT-ARA</a> WORM!
23432. Source=Paul Collins Startup list
23433.  
23434. [Google service]
23435. Number=3328
23436. Confirmed=X
23437. Filename=Googlesetup.exe
23438. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotrj.html" target="_blank">IRCBOT-RJ</a> WORM!
23439. Source=Paul Collins Startup list
23440.  
23441. [google toolbar]
23442. Number=3329
23443. Confirmed=X
23444. Filename=ggtb32.exe
23445. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrr.html" target= blank>AGOBOT-RR</a> WORM!
23446. Source=Paul Collins Startup list
23447.  
23448. [Google Updater]
23449. Number=3330
23450. Confirmed=N
23451. Filename=GOOGLE~1.EXE
23452. Description=Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)
23453. Source=Paul Collins Startup list
23454.  
23455. [GoogleDCClient]
23456. Number=3331
23457. Confirmed=N
23458. Filename=GoogleDCC.exe
23459. Description=<a href="http://en.wikipedia.org/wiki/Google_Toolbar#Google_Compute" target="_blank">Google Compute Client</a> - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported
23460. Source=Paul Collins Startup list
23461.  
23462. [googletalk]
23463. Number=3332
23464. Confirmed=U
23465. Filename=googletalk.exe
23466. Description=<a href="http://www.google.com/talk/" target=_blank>Google Talk</a> "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually
23467. Source=Paul Collins Startup list
23468.  
23469. [GoToMyPC]
23470. Number=3333
23471. Confirmed=U
23472. Filename=g2svc.exe
23473. Description=<a href="https://www.gotomypc.com/en_US/entry.tmpl?_sid=143317649%3A2E0C1B936B629C7&Action=rgoto&_sf=2" target="_blank">ExpertCity GoToMyPc</a> logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
23474. Source=Paul Collins Startup list
23475.  
23476. [GotSmiley]
23477. Number=3334
23478. Confirmed=X
23479. Filename=GotSmiley.exe
23480. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GotSmiley&threatid=40046" target="_blank">GotSmiley</a> - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
23481. Source=Paul Collins Startup list
23482.  
23483. [gouday.exe]
23484. Number=3335
23485. Confirmed=X
23486. Filename=readme.exe
23487. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022715-1724-99" target="_blank">BEAGLE.C</a> WORM!
23488. Source=Paul Collins Startup list
23489.  
23490. [GRA]
23491. Number=3336
23492. Confirmed=N
23493. Filename=gra.exe
23494. Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
23495. Source=Paul Collins Startup list
23496.  
23497. [gramdate]
23498. Number=3337
23499. Confirmed=?
23500. Filename=2Stop.exe
23501. Description=<font color="#FF0000">??</font>
23502. Source=Paul Collins Startup list
23503.  
23504. [Graphic Driver]
23505. Number=3338
23506. Confirmed=X
23507. Filename=smss32.exe
23508. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
23509. Source=Paul Collins Startup list
23510.  
23511. [Graphic Loader]
23512. Number=3339
23513. Confirmed=X
23514. Filename=ntvdm32.exe
23515. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
23516. Source=Paul Collins Startup list
23517.  
23518. [Gravis Appawareloader]
23519. Number=3340
23520. Confirmed=U
23521. Filename=dbserver.exe
23522. Description=Looks like it's associated with <a href="http://www.gravis.com/" target="_blank"> Gravis</a> game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
23523. Source=Paul Collins Startup list
23524.  
23525. [Gravis Xperience Driver Support]
23526. Number=3341
23527. Confirmed=U
23528. Filename=Grxp4exe.exe
23529. Description=Driver for <a href="http://www.gravis.com/" target="_blank">Gravis</a> game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
23530. Source=Paul Collins Startup list
23531.  
23532. [GrdSys32]
23533. Number=3342
23534. Confirmed=?
23535. Filename=GrdSys32.exe
23536. Description=X-Stream ISP software. Offers free Net access funded by on-screen ads. <font color="#FF0000">Is it required or can you create your own dial-up networking connection to use on demand?</font>
23537. Source=Paul Collins Startup list
23538.  
23539. [Greetings Workshop]
23540. Number=3343
23541. Confirmed=N
23542. Filename=GWREMIND.EXE
23543. Description=You really want to be reminded about somebody's birthday at the expense of resources?
23544. Source=Paul Collins Startup list
23545.  
23546. [gremier]
23547. Number=3344
23548. Confirmed=X
23549. Filename=wscript.exe gpremier.vbs
23550. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020622-3859-99" target="_blank">GPREMIER</a> WORM!
23551. Source=Paul Collins Startup list
23552.  
23553. [Gremlin]
23554. Number=3345
23555. Confirmed=X
23556. Filename=intrenat.exe
23557. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020909-2916-99" target="_blank">DOOMJUICE</a> WORM!
23558. Source=Paul Collins Startup list
23559.  
23560. [Grokster]
23561. Number=3346
23562. Confirmed=N
23563. Filename=Grokster.exe
23564. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060425" target="_blank">Grokster</a> Peer-To-Peer File Sharing program
23565. Source=Paul Collins Startup list
23566.  
23567. [GrooveMonitor]
23568. Number=3347
23569. Confirmed=Y
23570. Filename=GrooveMonitor.exe
23571. Description=Microsoft Office <a href="http://office.microsoft.com/en-us/groove/HA101680011033.aspx" target="_blank">Groove 2007</a> - Groove Folder Sharing synchronization (GFS). If you kill it, your GFS workspaces may not synchronize properly (particularly around unread-marks), and you might experience some nagging discomfort
23572. Source=Paul Collins Startup list
23573.  
23574. [GrpConv]
23575. Number=3348
23576. Confirmed=N
23577. Filename=grpconv.exe
23578. Description=Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see <a href="http://support.microsoft.com/?kbid=119941" target= blank>this</a> MS Knowledge Base article
23579. Source=Paul Collins Startup list
23580.  
23581. [GsAds]
23582. Number=3349
23583. Confirmed=X
23584. Filename=gms2.exe
23585. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com</a> adware
23586. Source=Paul Collins Startup list
23587.  
23588. [Gscbc]
23589. Number=3350
23590. Confirmed=?
23591. Filename=Gscbc.exe
23592. Description=<font color="#FF0000">??</font>
23593. Source=Paul Collins Startup list
23594.  
23595. [gshp]
23596. Number=3351
23597. Confirmed=X
23598. Filename=zzgshp.vbs
23599. Description=Homepage hi-jacker
23600. Source=Paul Collins Startup list
23601.  
23602. [Gsiconexe]
23603. Number=3352
23604. Confirmed=N
23605. Filename=Gsicon.exe
23606. Description=ADSL modem monitor from <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
23607. Source=Paul Collins Startup list
23608.  
23609. [GsiFinal]
23610. Number=3353
23611. Confirmed=?
23612. Filename=rundll32 gspndll.dll, postInstall final
23613. Description=USB DSL modem related - [what does it do and is it required in startup?</font>
23614. Source=Paul Collins Startup list
23615.  
23616. [GSISETUP]
23617. Number=3354
23618. Confirmed=?
23619. Filename=[path] GsiInst.exe INSTALL [path] V205Res 13
23620. Description=BT Voyager ADSL modem related - <font color="#FF0000">what does it do and is it required?</font>
23621. Source=Paul Collins Startup list
23622.  
23623. [GSOrganizer]
23624. Number=3355
23625. Confirmed=N
23626. Filename=GSOrganizer.exe
23627. Description=<a href="http://www.tgslabs.com/en/winorganizer/" target="_blank">GoldenSection Organizer</a> (now WinOrganizer - personal information manager
23628. Source=Paul Collins Startup list
23629.  
23630. [gssomatic]
23631. Number=3356
23632. Confirmed=X
23633. Filename=gssomatic.exe
23634. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
23635. Source=Paul Collins Startup list
23636.  
23637. [GStartup]
23638. Number=3357
23639. Confirmed=X
23640. Filename=GMT.exe
23641. Description=Gator spyware component - see <a href="http://www.cexx.org/gator.htm" target="_blank">here</a>. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
23642. Source=Paul Collins Startup list
23643.  
23644. [gsv]
23645. Number=3358
23646. Confirmed=X
23647. Filename=gsv.exe
23648. Description=Added by the ROBAL 1.0 backdoor TROJAN!
23649. Source=Paul Collins Startup list
23650.  
23651. [GT]
23652. Number=3359
23653. Confirmed=X
23654. Filename=GT.EXE
23655. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaj.html" target="_blank">SDBOT-AJ</a> WORM!
23656. Source=Paul Collins Startup list
23657.  
23658. [GTVEpg]
23659. Number=3360
23660. Confirmed=U
23661. Filename=GTVEpg.exe
23662. Description=Part of <a href="http://www.gallm.com/" target="_blank">Got All Media</a> - control your TV tuner and other utilities from your PC
23663. Source=Paul Collins Startup list
23664.  
23665. [GTVRec]
23666. Number=3361
23667. Confirmed=X
23668. Filename=GTVRec.exe
23669. Description=Part of <a href="http://www.gallm.com/" target="_blank">Got All Media</a> - control your TV tuner and other utilities from your PC
23670. Source=Paul Collins Startup list
23671.  
23672. [Gtwatch]
23673. Number=3362
23674. Confirmed=N
23675. Filename=gtwatch.exe
23676. Description=Associated with a Mustec scanner and not required
23677. Source=Paul Collins Startup list
23678.  
23679. [gtydf]
23680. Number=3363
23681. Confirmed=X
23682. Filename=iisca.exe
23683. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerbb.html" target="_blank">CLAGGER-BB</a> TROJAN!
23684. Source=Paul Collins Startup list
23685.  
23686. [gtydf]
23687. Number=3364
23688. Confirmed=X
23689. Filename=iscca.exe
23690. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtk.html" target="_blank">DWNLDR-GTK</a> TROJAN!
23691. Source=Paul Collins Startup list
23692.  
23693. [Guard]
23694. Number=3365
23695. Confirmed=U
23696. Filename=Guard.exe
23697. Description=Related to <a href="http://www.phoenix.com/" target=_blank>Phoenix Technologies</a> Core Managed Environment (cME) Integration and Certification program
23698. Source=Paul Collins Startup list
23699.  
23700. [Guardian]
23701. Number=3366
23702. Confirmed=N
23703. Filename=CMGrdian.exe
23704. Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
23705. Source=Paul Collins Startup list
23706.  
23707. [Guardian PC Security Tools]
23708. Number=3367
23709. Confirmed=U
23710. Filename=Pfft.exe
23711. Description=Boomerang Software's Guardian PC Security Tools - now rebranded as the <a href="http://www.boomerangsoftware.com/Products/Security/eSecurity.htm" target=_blank>eXtendia Security Suite</a>
23712.  
23713. Source=Paul Collins Startup list
23714.  
23715. [guarnset]
23716. Number=3368
23717. Confirmed=X
23718. Filename=guarnset.exe
23719. Description=<a href="http://sarc.com/avcenter/venc/data/adware.adlogix.html" target="_blank">Adlogix</a> adware
23720. Source=Paul Collins Startup list
23721.  
23722. [GURL]
23723. Number=3369
23724. Confirmed=X
23725. Filename=gurl.exe
23726. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-063018-3752-99" target="_blank">GURLWatcher</a> spyware
23727. Source=Paul Collins Startup list
23728.  
23729. [GuruNet]
23730. Number=3370
23731. Confirmed=U
23732. Filename=GuruNet.exe
23733. Description=<a href="http://www.gurunet.com/what_tools.jsp" target=_blank>GuruNet</a> lets you click on any word on your screen to get the relevant information you want
23734. Source=Paul Collins Startup list
23735.  
23736. [GustavVED]
23737. Number=3371
23738. Confirmed=X
23739. Filename=[filename].exe
23740. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111119-3659-99" target="_blank">OPASERV.H</a> WORM!
23741. Source=Paul Collins Startup list
23742.  
23743. [gvagfxj]
23744. Number=3372
23745. Confirmed=X
23746. Filename=rundll32 ...gvagfxj.dll
23747. Description=Unidentified adware, spyware or virus
23748. Source=Paul Collins Startup list
23749.  
23750. [gw port controller]
23751. Number=3373
23752. Confirmed=Y
23753. Filename=PORTCT95.EXE
23754. Description=From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung
23755. Source=Paul Collins Startup list
23756.  
23757. [GWInkMonitor]
23758. Number=3374
23759. Confirmed=N
23760. Filename=GWInkMonitor.exe
23761. Description=Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
23762. Source=Paul Collins Startup list
23763.  
23764. [gwiz]
23765. Number=3375
23766. Confirmed=X
23767. Filename=ntsystem.exe
23768. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">NITWIZ.A</a> TROJAN!
23769. Source=Paul Collins Startup list
23770.  
23771. [GWMDMMSG]
23772. Number=3376
23773. Confirmed=N
23774. Filename=GWMDMMSG.exe
23775. Description=Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
23776. Source=Paul Collins Startup list
23777.  
23778. [GWMDMpi]
23779. Number=3377
23780. Confirmed=U
23781. Filename=GWMDMpi.exe
23782. Description=Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See <a href="http://support.gateway.com/support/drivers/moreinfo.asp?readmeURL=ftp%3A//ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/450sx4/7512994.txt" target="_blank">here</a> for more information
23783. Source=Paul Collins Startup list
23784.  
23785. [gwum]
23786. Number=3378
23787. Confirmed=U
23788. Filename=gwum.exe
23789. Description=Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"
23790. Source=Paul Collins Startup list
23791.  
23792. [gyy]
23793. Number=3379
23794. Confirmed=?
23795. Filename=gyy.exe
23796. Description=<font color="#FF0000">Possibly <a href="#Gator">Gator</a> (and therefore spyware) related?</font>
23797. Source=Paul Collins Startup list
23798.  
23799. [G_Server.exe]
23800. Number=3380
23801. Confirmed=X
23802. Filename=G_Server.exe
23803. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelc.html" target=_blank>FEUTEL-C</a> TROJAN!
23804. Source=Paul Collins Startup list
23805.  
23806. [G_Server1.2.exe]
23807. Number=3381
23808. Confirmed=X
23809. Filename=G_Server1.2.exe
23810. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybirdz.html" target=_blank>GRAYBIRD-Z</a> TROJAN!
23811. Source=Paul Collins Startup list
23812.  
23813. [H/PC Connection Agent]
23814. Number=3382
23815. Confirmed=U
23816. Filename=WCESCOMM.EXE
23817. Description=Active sync for use with Windows CE based palm PC
23818. Source=Paul Collins Startup list
23819.  
23820. [H2OWIBU]
23821. Number=3383
23822. Confirmed=U
23823. Filename=CXWibu.exe
23824. Description=Related to <a href="http://wibu.com/start.php?lang=en" target="_blank">CodeMeter</a> from WIBU-SYSTEMS AG. Software protection hardware
23825. Source=Paul Collins Startup list
23826.  
23827. [h4te Service Drivers]
23828. Number=3384
23829. Confirmed=X
23830. Filename=h4te.exe
23831. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
23832. Source=Paul Collins Startup list
23833.  
23834. [hachimitsu-lemon]
23835. Number=3385
23836. Confirmed=X
23837. Filename=hachimitsu-lemon.exe
23838. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070812-1520-99" target=_blank>HACHILEM</a> TROJAN!
23839. Source=Paul Collins Startup list
23840.  
23841. [hagent]
23842. Number=3386
23843. Confirmed=X
23844. Filename=avp.exe
23845. Description=Added by the "Herman Agent" remote access TROJAN!
23846. Source=Paul Collins Startup list
23847.  
23848. [HalifaxHowardCluster]
23849. Number=3387
23850. Confirmed=U
23851. Filename=skinkers.exe
23852. Description="Howard the Weatherman" desktop client from Halifax by <a href="http://www.skinkers.com/" target="_blank">Skinkers</a> - marketing/messaging tool. Leave enabled if you want to receive messages
23853. Source=Paul Collins Startup list
23854.  
23855. [HaMFrontPanel]
23856. Number=3388
23857. Confirmed=U
23858. Filename=hampanel.exe
23859. Description=Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
23860. Source=Paul Collins Startup list
23861.  
23862. [Handy Backup 3.9]
23863. Number=3389
23864. Confirmed=U
23865. Filename=hbagent.exe
23866. Description=<a href="http://www.handybackup.com/" target="_blank">Handy Backup</a> - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
23867. Source=Paul Collins Startup list
23868.  
23869. [HanUpdate]
23870. Number=3390
23871. Confirmed=X
23872. Filename=hanz.exe
23873. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglj.html" target="_blank">RBOT-GLJ</a> WORM!
23874. Source=Paul Collins Startup list
23875.  
23876. [Hard drive Controller]
23877. Number=3391
23878. Confirmed=X
23879. Filename=hdcontroller.exe
23880. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020812-4733-99" target=_blank>KIMAN.B</a> WORM!
23881. Source=Paul Collins Startup list
23882.  
23883. [Hardware Doctor]
23884. Number=3392
23885. Confirmed=U
23886. Filename=Hwdoctor.exe
23887. Description=Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems
23888. Source=Paul Collins Startup list
23889.  
23890. [Hardware Monitor Service]
23891. Number=3393
23892. Confirmed=X
23893. Filename=mshms.exe
23894. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwollfa.html" target=_blank>WOLLF-A</a> TROJAN!
23895. Source=Paul Collins Startup list
23896.  
23897. [Hardware Profile]
23898. Number=3394
23899. Confirmed=X
23900. Filename=hxdef.exe
23901. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
23902. Source=Paul Collins Startup list
23903.  
23904. [Hardware Profile]
23905. Number=3395
23906. Confirmed=X
23907. Filename=hxdef.exe...
23908. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
23909. Source=Paul Collins Startup list
23910.  
23911. [Hardware Sensors Monitor]
23912. Number=3396
23913. Confirmed=U
23914. Filename=hmonitor.exe
23915. Description=Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
23916. Source=Paul Collins Startup list
23917.  
23918. [Hardware Shell Detection]
23919. Number=3397
23920. Confirmed=X
23921. Filename=WinHSD.exe
23922. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
23923. Source=Paul Collins Startup list
23924.  
23925. [Hare]
23926. Number=3398
23927. Confirmed=U
23928. Filename=hare.exe
23929. Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm" target="_blank">Hare</a> - improve and optimize performance of desktop/laptop PCs
23930. Source=Paul Collins Startup list
23931.  
23932. [HATAPE]
23933. Number=3399
23934. Confirmed=X
23935. Filename=[path to trojan]
23936. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerqf.html" target=_blank>BANKER-QF</a> TROJAN!
23937. Source=Paul Collins Startup list
23938.  
23939. [HawkEye]
23940. Number=3400
23941. Confirmed=U
23942. Filename=HAWK_95.EXE
23943. Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
23944. Source=Paul Collins Startup list
23945.  
23946. [HawkEye IV Control Panel]
23947. Number=3401
23948. Confirmed=U
23949. Filename=HAWK_32.EXE
23950. Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
23951. Source=Paul Collins Startup list
23952.  
23953. [Hbinst]
23954. Number=3402
23955. Confirmed=X
23956. Filename=Hbinst.exe
23957. Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
23958. Source=Paul Collins Startup list
23959.  
23960. [HC Reminder]
23961. Number=3403
23962. Confirmed=N
23963. Filename=hc.exe
23964. Description=For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
23965. Source=Paul Collins Startup list
23966.  
23967. [HCDetect]
23968. Number=3404
23969. Confirmed=N
23970. Filename=HCDetect.exe
23971. Description=MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
23972. Source=Paul Collins Startup list
23973.  
23974. [hcenter]
23975. Number=3405
23976. Confirmed=U
23977. Filename=tgcmd.exe
23978. Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
23979. Source=Paul Collins Startup list
23980.  
23981. [hclean32.exe]
23982. Number=3406
23983. Confirmed=X
23984. Filename=hclean32.exe
23985. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
23986. Source=Paul Collins Startup list
23987.  
23988. [Hcontrol]
23989. Number=3407
23990. Confirmed=U
23991. Filename=hcontrol.exe
23992. Description=Hotkeys on an ASUS Notebook. Only required if you use the additional keys
23993. Source=Paul Collins Startup list
23994.  
23995. [hcsystray]
23996. Number=3408
23997. Confirmed=N
23998. Filename=hc_tray.exe
23999. Description=<a href="http://www.kumagames.com/help.html#shootout" target="_blank">Kuma Notifier</a> for the <a href="http://www.history.com/minisites/shootout/" target="_blank">Shootout!</a> game from the History Channel. "It lets you know whenever thereÆs a new episode thatÆs been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"
24000. Source=Paul Collins Startup list
24001.  
24002. [HDAShCut]
24003. Number=3409
24004. Confirmed=N
24005. Filename=HDAShCut.exe
24006. Description=High definition audio page shortcut - not required
24007. Source=Paul Collins Startup list
24008.  
24009. [HDAudio]
24010. Number=3410
24011. Confirmed=X
24012. Filename=hda.exe
24013. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
24014. Source=Paul Collins Startup list
24015.  
24016. [HDAudio Driver 1.0]
24017. Number=3411
24018. Confirmed=X
24019. Filename=[random filename].exe
24020. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoord.html" target=_blank>TEADOOR-D</a> TROJAN!
24021. Source=Paul Collins Startup list
24022.  
24023. [HDAudio Driver 2.0]
24024. Number=3412
24025. Confirmed=X
24026. Filename=[random filename].exe
24027. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoore.html" target=_blank>TEADOOR-E</a> TROJAN!
24028. Source=Paul Collins Startup list
24029.  
24030. [HDDHealth]
24031. Number=3413
24032. Confirmed=U
24033. Filename=hddhealth.exe
24034. Description=<a href="http://www.panterasoft.com/" target=_blank>HDD Health</a> is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" 
24035. Source=Paul Collins Startup list
24036.  
24037. [HDDlife]
24038. Number=3414
24039. Confirmed=U
24040. Filename=HDDlife.exe
24041. Description=<a href="http://www.hddlife.com/" target=_blank>HDDlife</a> checks the health of your hard drives at regular intervals and informs you about the results of these checks
24042. Source=Paul Collins Startup list
24043.  
24044. [HDhelp]
24045. Number=3415
24046. Confirmed=?
24047. Filename=tbhdhelp.exe
24048. Description=Associated with Philips Edge series soundcards. <font color="#FF0000">Is it required?</font>
24049. Source=Paul Collins Startup list
24050.  
24051. [hdlfoe df98ndf]
24052. Number=3416
24053. Confirmed=X
24054. Filename=svchots.exe
24055. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
24056. Source=Paul Collins Startup list
24057.  
24058. [hdlpscom]
24059. Number=3417
24060. Confirmed=X
24061. Filename=[8 random letters].exe
24062. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotful.html" target="_blank">RBOT-FUL</a> WORM!
24063. Source=Paul Collins Startup list
24064.  
24065. [HDtray]
24066. Number=3418
24067. Confirmed=N
24068. Filename=HDtray.exe
24069. Description=Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel
24070. Source=Paul Collins Startup list
24071.  
24072. [he3bbcff]
24073. Number=3419
24074. Confirmed=X
24075. Filename=rundll32.exe [path] he3bbcff.dll, EnableRunDLL32
24076. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
24077. Source=Paul Collins Startup list
24078.  
24079. [he3e3fc4]
24080. Number=3420
24081. Confirmed=X
24082. Filename=rundll32.exe [path] he3e3fc4.dll, EnableRunDLL32
24083. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
24084. Source=Paul Collins Startup list
24085.  
24086. [HELLBOT TEST]
24087. Number=3421
24088. Confirmed=X
24089. Filename=1hellbot.exe
24090. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050803-1959-99" target= blank>MYDOOM.BO</a> WORM!
24091. Source=Paul Collins Startup list
24092.  
24093. [HELLBOT3]
24094. Number=3422
24095. Confirmed=X
24096. Filename=coolbot.exe
24097. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.AB&VSect=T" target=_blank>MYTOB.AB</a> WORM!
24098. Source=Paul Collins Startup list
24099.  
24100. [hellodolly]
24101. Number=3423
24102. Confirmed=X
24103. Filename=shost.exe
24104. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082916-1108-99" target="_blank">YODO</a> WORM!
24105. Source=Paul Collins Startup list
24106.  
24107. [helloworld]
24108. Number=3424
24109. Confirmed=X
24110. Filename=nb32ext2.exe
24111. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135474.htm" target=_blank>MYDOOM.BV</a> WORM!
24112. Source=Paul Collins Startup list
24113.  
24114. [helloworld]
24115. Number=3425
24116. Confirmed=X
24117. Filename=nb32ext3.exe
24118. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JT&VSect=P" target=_blank>MYTOB.JT</a> WORM!
24119. Source=Paul Collins Startup list
24120.  
24121. [Help]
24122. Number=3426
24123. Confirmed=?
24124. Filename=helpext.exe
24125. Description=<font color="#FF0000">??</font>
24126. Source=Paul Collins Startup list
24127.  
24128. [help]
24129. Number=3427
24130. Confirmed=X
24131. Filename=help.scr
24132. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbbu.html" target="_blank">BANCOS-BBU</a> TROJAN!
24133. Source=Paul Collins Startup list
24134.  
24135. [Help Temp Files]
24136. Number=3428
24137. Confirmed=X
24138. Filename=netreg.exe
24139. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotem.html" target= blank>FORBOT-EM</a> WORM!
24140. Source=Paul Collins Startup list
24141.  
24142. [helpctl.exe]
24143. Number=3429
24144. Confirmed=X
24145. Filename=helpctl.exe
24146. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082609-2823-99" target="_blank">GASLIDE</a> TROJAN!
24147. Source=Paul Collins Startup list
24148.  
24149. [Helper]
24150. Number=3430
24151. Confirmed=X
24152. Filename=eschlp.exe
24153. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-1932-99" target="_blank">BLASTER.T</a> WORM!
24154. Source=Paul Collins Startup list
24155.  
24156. [HELPER]
24157. Number=3431
24158. Confirmed=X
24159. Filename=greece nm.exe
24160. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
24161.  
24162. Source=Paul Collins Startup list
24163.  
24164. [HELPER]
24165. Number=3432
24166. Confirmed=X
24167. Filename=Netherlands.exe
24168. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
24169. Source=Paul Collins Startup list
24170.  
24171. [HELPER]
24172. Number=3433
24173. Confirmed=X
24174. Filename=new zealand.exe
24175. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
24176. Source=Paul Collins Startup list
24177.  
24178. [HELPER]
24179. Number=3434
24180. Confirmed=X
24181. Filename=sweden.exe
24182. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
24183. Source=Paul Collins Startup list
24184.  
24185. [HELPER]
24186. Number=3435
24187. Confirmed=X
24188. Filename=canada.exe
24189. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
24190. Source=Paul Collins Startup list
24191.  
24192. [HELPER]
24193. Number=3436
24194. Confirmed=X
24195. Filename=france.exe
24196. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
24197. Source=Paul Collins Startup list
24198.  
24199. [HELPER]
24200. Number=3437
24201. Confirmed=X
24202. Filename=temp532.exe
24203. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialler variant
24204. Source=Paul Collins Startup list
24205.  
24206. [helper.dll]
24207. Number=3438
24208. Confirmed=X
24209. Filename=[path] rundll32.exe [path] helper.dll
24210. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=3721%20Chinese%20Keywords%20(CNSMin)&threatid=3678" target=_blank>CnsMin</a> (Chinese Keywords) hijacker related
24211. Source=Paul Collins Startup list
24212.  
24213. [HelpExp.exe]
24214. Number=3439
24215. Confirmed=X
24216. Filename=HelpExp.exe
24217. Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
24218. Source=Paul Collins Startup list
24219.  
24220. [helpmanager]
24221. Number=3440
24222. Confirmed=X
24223. Filename=spoler.exe
24224. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090510-4423-99" target="_blank">RANDEX.J</a> WORM!
24225. Source=Paul Collins Startup list
24226.  
24227. [helpw]
24228. Number=3441
24229. Confirmed=X
24230. Filename=helpw.exe
24231. Description=Adware downloader
24232.  
24233. Source=Paul Collins Startup list
24234.  
24235. [hen]
24236. Number=3442
24237. Confirmed=X
24238. Filename=[filename].exe
24239. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-4204-99" target="_blank">TARNO.G</a> TROJAN!
24240. Source=Paul Collins Startup list
24241.  
24242. [heomstool]
24243. Number=3443
24244. Confirmed=X
24245. Filename=heomstool.exe
24246. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-110911-5626-99" target=_blank>HEOMS</a> TROJAN!
24247. Source=Paul Collins Startup list
24248.  
24249. [hErcUnes]
24250. Number=3444
24251. Confirmed=X
24252. Filename=softhost.exe
24253. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112712-4629-99" target=_blank>GARROCH</a> WORM!
24254. Source=Paul Collins Startup list
24255.  
24256. [Hermes Messenger]
24257. Number=3445
24258. Confirmed=U
24259. Filename=DGDRHE~1.EXE
24260. Description=A LAN messenger alternative to WinPopUp - <a href="http://www.dgdr.com/" target="_blank">Digital Dreams Software</a>
24261. Source=Paul Collins Startup list
24262.  
24263. [Hewlett Packard Manager]
24264. Number=3446
24265. Confirmed=X
24266. Filename=hpmanager.exe
24267. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100711-1841-99" target=_blank>MYTOB.KE</a> WORM! Note - this is not a valid Hewlett-Packard program
24268. Source=Paul Collins Startup list
24269.  
24270. [Hewlett Packard Recorder]
24271. Number=3447
24272. Confirmed=N
24273. Filename=Remind32.exe
24274. Description=HP multifunction registration
24275. Source=Paul Collins Startup list
24276.  
24277. [Hf]
24278. Number=3448
24279. Confirmed=U
24280. Filename=Hf.exe
24281. Description=<a href="http://www.fspro.net/hide-folders/" target="_blank">Hide Folders</a> - hide your folders so only you can view them
24282. Source=Paul Collins Startup list
24283.  
24284. [HF Security]
24285. Number=3449
24286. Confirmed=X
24287. Filename=hfsecure.exe
24288. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotti.html" target=_blank>AGOBOT-TI</a> WORM!
24289. Source=Paul Collins Startup list
24290.  
24291. [hffsrv]
24292. Number=3450
24293. Confirmed=U
24294. Filename=hffsrv.exe
24295. Description=<a href="http://www.softstack.com/hff.html" target=_blank>Hide Files & Folders</a> is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching"
24296. Source=Paul Collins Startup list
24297.  
24298. [hfxp]
24299. Number=3451
24300. Confirmed=U
24301. Filename=hfxp.exe
24302. Description=<a href="http://www.fspro.net/hide-folders-xp/" target="_blank">Hide Folders XP</a> - hide your folders so only you can view them
24303. Source=Paul Collins Startup list
24304.  
24305. [hgqhp.exe]
24306. Number=3452
24307. Confirmed=X
24308. Filename=hgqhp.exe
24309. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091512-3355-99" target=_blank>FLUSH.F</a> TROJAN!
24310. Source=Paul Collins Startup list
24311.  
24312. [HGTXPEI]
24313. Number=3453
24314. Confirmed=N
24315. Filename=FirstReboot.exe
24316. Description=Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel
24317. Source=Paul Collins Startup list
24318.  
24319. [HiberMonitor]
24320. Number=3454
24321. Confirmed=?
24322. Filename=HCount.exe
24323. Description=<font color="#FF0000">??</font>
24324. Source=Paul Collins Startup list
24325.  
24326. [Hibernation]
24327. Number=3455
24328. Confirmed=U
24329. Filename=hib32.exe
24330. Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
24331. Source=Paul Collins Startup list
24332.  
24333. [Hid.exe]
24334. Number=3456
24335. Confirmed=X
24336. Filename=hid.exe
24337. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99" target="_blank">RATSOU.B</a> TROJAN!
24338. Source=Paul Collins Startup list
24339.  
24340. [HideOE]
24341. Number=3457
24342. Confirmed=U
24343. Filename=HideOE.exe
24344. Description=<a href="http://www.r2.com.au/software.php?page=2&show=hideoe&PHPSESSID=2256bb0c52a103fac2bd9a885f0ca787" target=_blank>HideOE</a> - allows you to 'hide' Outlook Express or minimize it to the System Tray
24345. Source=Paul Collins Startup list
24346.  
24347. [HideRun.exe]
24348. Number=3458
24349. Confirmed=X
24350. Filename=Hiderun.exe and svhost.exe and pro.gif
24351. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
24352. Source=Paul Collins Startup list
24353.  
24354. [HideStyle]
24355. Number=3459
24356. Confirmed=X
24357. Filename=Ante Browse Trust.exe
24358. Description=IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files
24359. Source=Paul Collins Startup list
24360.  
24361. [hidserv]
24362. Number=3460
24363. Confirmed=U
24364. Filename=hidserv.exe
24365. Description=This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/whdc/device/input/audctrl.mspx" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
24366. Source=Paul Collins Startup list
24367.  
24368. [High Definition Audio Property Page Shortcut]
24369. Number=3461
24370. Confirmed=N
24371. Filename=HDAudPropShortcut.exe
24372. Description=Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required
24373. Source=Paul Collins Startup list
24374.  
24375. [HighPoint ATA RAID Management Software]
24376. Number=3462
24377. Confirmed=Y
24378. Filename=raidman.exe
24379. Description=<a href="http://www.highpoint-tech.com/" target="_blank">HighPoint</a> RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on <a href="http://data-recovery.lsoft.net/concept_raid.html" target="_blank">RAID</a>
24380. Source=Paul Collins Startup list
24381.  
24382. [HijackThis startup scan]
24383. Number=3463
24384. Confirmed=U
24385. Filename=HijackThis.exe
24386. Description=<a href="http://www.spywareinfo.com/~merijn/downloads.html" target= blank>HijackThis</a> lists the contents of key areas of the Registry and hard drive areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything. Required if you'd like HijackThis to run a scan at startup, and show the results when new items are found (if so, check the appropriate box in the "Config" section")
24387. Source=Paul Collins Startup list
24388.  
24389. [HijSrv32]
24390. Number=3464
24391. Confirmed=X
24392. Filename=hijsrv.exe
24393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankgermd.html" target=_blank>BANKGERM-D</a> TROJAN!
24394. Source=Paul Collins Startup list
24395.  
24396. [HistoryKill]
24397. Number=3465
24398. Confirmed=N
24399. Filename=histkill.exe
24400. Description=HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs
24401. Source=Paul Collins Startup list
24402.  
24403. [Hitman Pro SurfRight Helper]
24404. Number=3466
24405. Confirmed=U
24406. Filename=srhelper.exe
24407. Description=<a href="http://process.networktechs.com/srhelper.exe.php" target=_blank>Hitman Pro</a> - a utility to start a number of Security Protection software. They can be started individualy
24408.  
24409. Source=Paul Collins Startup list
24410.  
24411. [HitQ]
24412. Number=3467
24413. Confirmed=X
24414. Filename=HitQ.exe
24415. Description=Hijacker, for more information see <a href="http://www.talkaboutshareware.com/group/alt.comp.freeware/messages/289755.html" target=_blank>here</a>
24416. Source=Paul Collins Startup list
24417.  
24418. [HitwarePKLite]
24419. Number=3468
24420. Confirmed=U
24421. Filename=HITWAR~1.EXE
24422. Description=<a href="http://www.rightutilities.com/products/hitwarelite/hitware_lite.htm" target="_blank">Hitware Popup Killer Lite</a>
24423. Source=Paul Collins Startup list
24424.  
24425. [HIV]
24426. Number=3469
24427. Confirmed=X
24428. Filename=HIV.exe
24429. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083114-4604-99" target="_blank">HIVA</a> TROJAN!
24430. Source=Paul Collins Startup list
24431.  
24432. [hk]
24433. Number=3470
24434. Confirmed=U
24435. Filename=hk.exe
24436. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050512-3309-99" target=blank>KeyLoggerExp</a> keystroke logger/monitoring program - remove unless you installed it yourself!
24437. Source=Paul Collins Startup list
24438.  
24439. [hkcmd]
24440. Number=3471
24441. Confirmed=U
24442. Filename=hkcmd.exe
24443. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
24444. Source=Paul Collins Startup list
24445.  
24446. [HKEYok]
24447. Number=3472
24448. Confirmed=X
24449. Filename=runlli32.exe
24450. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
24451. Source=Paul Collins Startup list
24452.  
24453. [HKLM\Run]
24454. Number=3473
24455. Confirmed=X
24456. Filename=windowsupdate.exe
24457. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbj.html" target=_blank>FORBOT-BJ</a> WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)
24458. Source=Paul Collins Startup list
24459.  
24460. [hkserv]
24461. Number=3474
24462. Confirmed=U
24463. Filename=HKserv.exe
24464. Description=Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
24465. Source=Paul Collins Startup list
24466.  
24467. [hkss]
24468. Number=3475
24469. Confirmed=U
24470. Filename=hkss.exe
24471. Description=Compaq HotKey Support - multimedia keyboard support
24472. Source=Paul Collins Startup list
24473.  
24474. [HLcleanup]
24475. Number=3476
24476. Confirmed=X
24477. Filename=hlsetup2.exe
24478. Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
24479. Source=Paul Collins Startup list
24480.  
24481. [hldrrr]
24482. Number=3477
24483. Confirmed=X
24484. Filename=hldrrr.exe
24485. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baglekf.html" target="_blank">BAGLE-KF</a> WORM!
24486. Source=Paul Collins Startup list
24487.  
24488. [hlhtxo.exe]
24489. Number=3478
24490. Confirmed=X
24491. Filename=hlhtxo.exe
24492. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135291.htm" target=_blank>QLOWZONES-27</a> TROJAN!
24493. Source=Paul Collins Startup list
24494.  
24495. [HLL Data Parameter]
24496. Number=3479
24497. Confirmed=X
24498. Filename=hllcxpa.exe
24499. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFG" target="_blank">RBOT.AFG</a> WORM!
24500. Source=Paul Collins Startup list
24501.  
24502. [HMI PowerSystem]
24503. Number=3480
24504. Confirmed=X
24505. Filename=hmisvc32.exe
24506. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031510-5713-99" target=_blank>RANDEX.CZZ</a> WORM!
24507. Source=Paul Collins Startup list
24508.  
24509. [HML PowerSource]
24510. Number=3481
24511. Confirmed=X
24512. Filename=hmlsvc32.exe
24513. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxl.html" target= blank>SDBOT-XL</a> WORM!
24514. Source=Paul Collins Startup list
24515.  
24516. [Hmonitor]
24517. Number=3482
24518. Confirmed=U
24519. Filename=Hmonitor.exe
24520. Description=Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
24521. Source=Paul Collins Startup list
24522.  
24523. [HMV PowerSource]
24524. Number=3483
24525. Confirmed=X
24526. Filename=hmusvc32.exe
24527. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html" target=_blank>SDBOT-YW</a> WORM!
24528. Source=Paul Collins Startup list
24529.  
24530. [ho2stdll.exe]
24531. Number=3484
24532. Confirmed=X
24533. Filename=ho2stdll.exe
24534. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerho.html" target=_blank>BANKER-HO</a> TROJAN!
24535. Source=Paul Collins Startup list
24536.  
24537. [HOI Services]
24538. Number=3485
24539. Confirmed=X
24540. Filename=holsvc32.exe
24541. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsf.html" target= blank>AGOBOT-SF</a> WORM!
24542. Source=Paul Collins Startup list
24543.  
24544. [Holiday Lights]
24545. Number=3486
24546. Confirmed=N
24547. Filename=Holiday Lights.exe
24548. Description=<a href="http://www.tigertech.com/hlights.html" target="_blank">Holiday Lights</a> from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs
24549. Source=Paul Collins Startup list
24550.  
24551. [Hollaback]
24552. Number=3487
24553. Confirmed=X
24554. Filename=slvhosts.exe
24555. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMO&VSect=P" target=_blank>SDBOT.BMO</a> WORM!
24556. Source=Paul Collins Startup list
24557.  
24558. [Home Theater SchSvr]
24559. Number=3488
24560. Confirmed=N
24561. Filename=SchSvr.exe
24562. Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
24563. Source=Paul Collins Startup list
24564.  
24565. [HomeAlarm]
24566. Number=3489
24567. Confirmed=U
24568. Filename=HomeAlarm.exe
24569. Description=<a href="http://www.softshape.com/cham/" target="_blank">Chameleon Clock</a> - system tray clock replacement
24570. Source=Paul Collins Startup list
24571.  
24572. [HomeCentre WakeUp]
24573. Number=3490
24574. Confirmed=?
24575. Filename=LGWAKEUP.EXE
24576. Description=<font color="#FF0000">Associated with the no longer supported Xerox HomeCentre printer/scanner</font>
24577. Source=Paul Collins Startup list
24578.  
24579. [Homeland Network]
24580. Number=3491
24581. Confirmed=X
24582. Filename=HomelandNetwork.exe
24583. Description=Homeland Network Notifier - pops ads
24584. Source=Paul Collins Startup list
24585.  
24586. [Honor]
24587. Number=3492
24588. Confirmed=?
24589. Filename=honor.exe
24590. Description=<font color="#FF0000">??</font>
24591. Source=Paul Collins Startup list
24592.  
24593. [Hook99startup]
24594. Number=3493
24595. Confirmed=U
24596. Filename=hk2re.exe
24597. Description="<a href="http://thunder.prohosting.com/~ladi/e_hook.html" target="_blank">Hook99</a> enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
24598. Source=Paul Collins Startup list
24599.  
24600. [HookSys]
24601. Number=3494
24602. Confirmed=U
24603. Filename=HookSys.exe
24604. Description=SurfinGuard Pro from <a href="http://www.finjan.com/" target="_blank">Finjan</a> - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
24605. Source=Paul Collins Startup list
24606.  
24607. [HornetMonitor]
24608. Number=3495
24609. Confirmed=U
24610. Filename=MntrHrnt.exe
24611. Description=<a href="http://www.bvsystems.com/Products/WLAN/Hornet/hornet.htm" target="_blank">Hornet Monitor</a> - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network
24612. Source=Paul Collins Startup list
24613.  
24614. [HorngTech4D]
24615. Number=3496
24616. Confirmed=Y
24617. Filename=bally4d.exe
24618. Description=HorngTech 4D mouse driver
24619. Source=Paul Collins Startup list
24620.  
24621. [Host]
24622. Number=3497
24623. Confirmed=X
24624. Filename=N/A
24625. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041016-4416-99" target="_blank">POPDIS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080815-4711-99" target="_blank">STARTPAGE.F</a> TROJANS!
24626. Source=Paul Collins Startup list
24627.  
24628. [host]
24629. Number=3498
24630. Confirmed=X
24631. Filename=help.exe
24632. Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
24633. Source=Paul Collins Startup list
24634.  
24635. [Host Process]
24636. Number=3499
24637. Confirmed=X
24638. Filename=mame.exe
24639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapo.html" target=_blank>RBOT-APO</a> WORM!
24640. Source=Paul Collins Startup list
24641.  
24642. [hostdll.exe]
24643. Number=3500
24644. Confirmed=X
24645. Filename=hostdll.exe
24646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
24647. Source=Paul Collins Startup list
24648.  
24649. [HostManager]
24650. Number=3501
24651. Confirmed=U
24652. Filename=AOLHostManager.exe
24653. Description=Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing lauching time
24654. Source=Paul Collins Startup list
24655.  
24656. [HostManager]
24657. Number=3502
24658. Confirmed=N
24659. Filename=AOLSoftware.exe
24660. Description=Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system".
24661. Source=Paul Collins Startup list
24662.  
24663. [Hostren.exe]
24664. Number=3503
24665. Confirmed=X
24666. Filename=Hostren.exe
24667. Description=Added by PWS.BANKER.F, a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbo.html" target=_blank>BANKER-BO</a> TROJAN!
24668. Source=Paul Collins Startup list
24669.  
24670. [hostserv]
24671. Number=3504
24672. Confirmed=X
24673. Filename=hostserv.exe
24674. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BPZ&VSect=P" target=_blank>RBOT.BPZ</a> WORM!
24675. Source=Paul Collins Startup list
24676.  
24677. [hostserv]
24678. Number=3505
24679. Confirmed=X
24680. Filename=wiz98.exe
24681. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
24682. Source=Paul Collins Startup list
24683.  
24684. [HostsMan]
24685. Number=3506
24686. Confirmed=U
24687. Filename=hm.exe
24688. Description="<a href="http://hostsman.abelhadigital.com/" target="_blank">HostsMan</a> is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file
24689. Source=Paul Collins Startup list
24690.  
24691. [HostSrv]
24692. Number=3507
24693. Confirmed=X
24694. Filename=sachostx.exe
24695. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011812-1823-99" target=_blank>LOOKSKY.H</a> WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders
24696. Source=Paul Collins Startup list
24697.  
24698. [HostSrv]
24699. Number=3508
24700. Confirmed=X
24701. Filename=sachostx.exe
24702. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOOKSKY.A&VSect=P" target=_blank>LOOKSKY.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010517-1744-99" target=_blank>LOOKSKY.F</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010815-3955-99" target=_blank>LOOKSKY.G</a> WORMS!
24703. Source=Paul Collins Startup list
24704.  
24705. [HostSrv]
24706. Number=3509
24707. Confirmed=X
24708. Filename=sachostx.exe...
24709. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120910-5842-99" target=_blank>LOOKSKY.E</a> WORM!
24710. Source=Paul Collins Startup list
24711.  
24712. [HostSVC syse]
24713. Number=3510
24714. Confirmed=X
24715. Filename=HostSVC.exe
24716. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanz.html" target=_blank>RBOT-ANZ</a> WORM!
24717. Source=Paul Collins Startup list
24718.  
24719. [Hot Corners]
24720. Number=3511
24721. Confirmed=U
24722. Filename=Hotc.exe
24723. Description=<a href="http://www.southbaypc.com/HotCorners/" target="_blank">Hot Corners</a> - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
24724. Source=Paul Collins Startup list
24725.  
24726. [Hot Key Kbd 2690 Daemon]
24727. Number=3512
24728. Confirmed=U
24729. Filename=SK9910DM.exe
24730. Description=Multimedia keyboard manager - required if you use any special keys
24731. Source=Paul Collins Startup list
24732.  
24733. [Hot Key Keybd 9910 Daemon]
24734. Number=3513
24735. Confirmed=U
24736. Filename=SK9910DM.exe
24737. Description=Multimedia keyboard manager - required if you use any special keys
24738. Source=Paul Collins Startup list
24739.  
24740. [Hot Party 22]
24741. Number=3514
24742. Confirmed=?
24743. Filename=hotpart22.exe
24744. Description=<font color="#FF0000">??</font>
24745. Source=Paul Collins Startup list
24746.  
24747. [HotAction_hr]
24748. Number=3515
24749. Confirmed=X
24750. Filename=hotaction_hr.exe
24751. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialsiteiconb.html" target=_blank>SITEICON-B</a> DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"
24752. Source=Paul Collins Startup list
24753.  
24754. [Hotbar]
24755. Number=3516
24756. Confirmed=X
24757. Filename=Hbinst.exe
24758. Description=<a href="http://www.hotbar.com/" target="_blank">Hotbar</a> enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see <a href="http://www.safersite.com/pestinfo/H/HotBar_Adware.asp" target="_blank">here</a>
24759. Source=Paul Collins Startup list
24760.  
24761. [Hotbar]
24762. Number=3517
24763. Confirmed=X
24764. Filename=HbOEAddOn.exe
24765. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar</a> adware
24766. Source=Paul Collins Startup list
24767.  
24768. [Hotfix Updat]
24769. Number=3518
24770. Confirmed=X
24771. Filename=svdhost32.exe
24772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041411-2703-99" target="_blank">GAOBOT.ZW</a> WORM!
24773. Source=Paul Collins Startup list
24774.  
24775. [HotIDE]
24776. Number=3519
24777. Confirmed=U
24778. Filename=hotide.exe
24779. Description=HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
24780. Source=Paul Collins Startup list
24781.  
24782. [HotkeyApp]
24783. Number=3520
24784. Confirmed=U
24785. Filename=HotkeyApp.exe
24786. Description=Programmable keys on Acer, Fujitsu and other laptops
24787. Source=Paul Collins Startup list
24788.  
24789. [HotKeysCmds]
24790. Number=3521
24791. Confirmed=U
24792. Filename=hkcmd.exe
24793. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
24794. Source=Paul Collins Startup list
24795.  
24796. [HotPix]
24797. Number=3522
24798. Confirmed=X
24799. Filename=hotpix.exe
24800. Description=Adult content dialler
24801. Source=Paul Collins Startup list
24802.  
24803. [hotplug]
24804. Number=3523
24805. Confirmed=X
24806. Filename=hotplug.exe
24807. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39574" target="_blank">SILLYDL</a> TROJAN!
24808. Source=Paul Collins Startup list
24809.  
24810. [Hotplug]
24811. Number=3524
24812. Confirmed=U
24813. Filename=hot_plug.exe
24814. Description=Related to the <a href="http://www.whatsrunning.net/whatsrunning/QueryProductID.aspx?Product=10086" target="_blank">SiS_Hot_Plug_Application</a>. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function
24815. Source=Paul Collins Startup list
24816.  
24817. [HotSync Manager]
24818. Number=3525
24819. Confirmed=N
24820. Filename=hotsync.exe
24821. Description=Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing.  Available via Start -> Programs
24822. Source=Paul Collins Startup list
24823.  
24824. [hotwetlove]
24825. Number=3526
24826. Confirmed=X
24827. Filename=hotwetlove.exe
24828. Description=Adult content dialler. Will not uninstall - components have to be manually deleted
24829. Source=Paul Collins Startup list
24830.  
24831. [Hot_Kiss]
24832. Number=3527
24833. Confirmed=X
24834. Filename=Hot_Kiss.exe
24835. Description=Adult content dialler
24836. Source=Paul Collins Startup list
24837.  
24838. [Hot_Tarts]
24839. Number=3528
24840. Confirmed=X
24841. Filename=Hot_Tarts.exe
24842. Description=Adult content dialler
24843. Source=Paul Collins Startup list
24844.  
24845. [Hot_Tarts_**]
24846. Number=3529
24847. Confirmed=X
24848. Filename=Hot_Tarts_**.exe
24849. Description=Premium rate adult content dialer (where * is a random char)
24850. Source=Paul Collins Startup list
24851.  
24852. [Hot_Tarts_Au]
24853. Number=3530
24854. Confirmed=X
24855. Filename=Hot_Tarts_Au.exe
24856. Description=Premium rate adult content dialler
24857. Source=Paul Collins Startup list
24858.  
24859. [Hot_Tarts_mc]
24860. Number=3531
24861. Confirmed=X
24862. Filename=Hot_Tarts_mc.exe
24863. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068396" target=_blank>HotTarts</a> adult content dialer
24864.  
24865. Source=Paul Collins Startup list
24866.  
24867. [HoverDesk]
24868. Number=3532
24869. Confirmed=U
24870. Filename=HoverDesk.exe
24871. Description=<a href="http://www.hoverdesk.net/" target="_blank">HoverDesk</a> - desktop replacement software
24872. Source=Paul Collins Startup list
24873.  
24874. [hp 1000 firmware]
24875. Number=3533
24876. Confirmed=?
24877. Filename=fwdl.exe
24878. Description=HP LaserJet 1000 related. <font color="#FF0000">Is it a driver or automatic firmware update (based upon the filename)?</font>
24879. Source=Paul Collins Startup list
24880.  
24881. [HP AutoIndexer]
24882. Number=3534
24883. Confirmed=U
24884. Filename=hppautoindexer.exe
24885. Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
24886. Source=Paul Collins Startup list
24887.  
24888. [HP CD Writer]
24889. Number=3535
24890. Confirmed=N
24891. Filename=hpcdtray.exe
24892. Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
24893. Source=Paul Collins Startup list
24894.  
24895. [HP CD-DVD]
24896. Number=3536
24897. Confirmed=N
24898. Filename=hpcdtray.exe
24899. Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
24900. Source=Paul Collins Startup list
24901.  
24902. [HP CD-Writer]
24903. Number=3537
24904. Confirmed=N
24905. Filename=hpcdtray.exe
24906. Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
24907. Source=Paul Collins Startup list
24908.  
24909. [hp center]
24910. Number=3538
24911. Confirmed=X
24912. Filename=BACKWEB-*****.exe
24913. Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit
24914. Source=Paul Collins Startup list
24915.  
24916. [hp center UI]
24917. Number=3539
24918. Confirmed=N
24919. Filename=ShadowBar.exe
24920. Description=User Interface for HP Center - see <a href="http://www.sysinfo.org/startuplist.php?filter=BACKWEB-******.exe" target="_blank">here</a>
24921. Source=Paul Collins Startup list
24922.  
24923. [HP Component Manager]
24924. Number=3540
24925. Confirmed=N
24926. Filename=hpcmpmgr.exe
24927. Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
24928. Source=Paul Collins Startup list
24929.  
24930. [HP Deskjet]
24931. Number=3541
24932. Confirmed=X
24933. Filename=HP_DeskJet_500.exe
24934. Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html" target=_blank>FORBOT-DA</a> WORM!
24935. Source=Paul Collins Startup list
24936.  
24937. [HP Digital Imaging Monitor]
24938. Number=3542
24939. Confirmed=U
24940. Filename=hpqtra08.exe
24941. Description=System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example
24942. Source=Paul Collins Startup list
24943.  
24944. [HP Display Settings]
24945. Number=3543
24946. Confirmed=U
24947. Filename=hpdisply.exe
24948. Description=Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
24949. Source=Paul Collins Startup list
24950.  
24951. [HP IDScheduler]
24952. Number=3544
24953. Confirmed=?
24954. Filename=HPIDSCHD.exe
24955. Description=<font color="#FF0000">HP Instant Delivery Scheduler</font>
24956. Source=Paul Collins Startup list
24957.  
24958. [HP Image Zone Fast Start]
24959. Number=3545
24960. Confirmed=N
24961. Filename=hpqthb08.exe
24962. Description=Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time
24963. Source=Paul Collins Startup list
24964.  
24965. [HP Info Express]
24966. Number=3546
24967. Confirmed=N
24968. Filename=??
24969. Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
24970. Source=Paul Collins Startup list
24971.  
24972. [HP Instant Support]
24973. Number=3547
24974. Confirmed=U
24975. Filename=matcli.exe
24976. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
24977. Source=Paul Collins Startup list
24978.  
24979. [HP Internet Center]
24980. Number=3548
24981. Confirmed=N
24982. Filename=SURFBRD.EXE
24983. Description=Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
24984. Source=Paul Collins Startup list
24985.  
24986. [HP JetDiscovery]
24987. Number=3549
24988. Confirmed=N
24989. Filename=HPJETDSC.EXE
24990. Description=HP JetAdmin software which monitors printing jobs on a network environment
24991. Source=Paul Collins Startup list
24992.  
24993. [HP JetSpeed Autostart]
24994. Number=3550
24995. Confirmed=N
24996. Filename=AUTOSTART.EXE
24997. Description=Autostart executable for the old multiplayer game HP Jetspeed
24998. Source=Paul Collins Startup list
24999.  
25000. [HP Laser Jet Director]
25001. Number=3551
25002. Confirmed=U
25003. Filename=hppdirector.exe
25004. Description=System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
25005. Source=Paul Collins Startup list
25006.  
25007. [HP Network Registry Agent]
25008. Number=3552
25009. Confirmed=?
25010. Filename=hpnra.exe
25011. Description=<font color="#FF0000">??</font>
25012. Source=Paul Collins Startup list
25013.  
25014. [HP OfficeJet Series xxx Startup]
25015. Number=3553
25016. Confirmed=?
25017. Filename=HPOSTR03.EXE
25018. Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
25019. Source=Paul Collins Startup list
25020.  
25021. [HP OfficeJet Series xxx Startup]
25022. Number=3554
25023. Confirmed=?
25024. Filename=HPOstr05.exe
25025. Description=xxx represents the series number - such as 700. <font color="#FF0000">What does it do and it it required?</font>
25026. Source=Paul Collins Startup list
25027.  
25028. [HP Parallel Port Test]
25029. Number=3555
25030. Confirmed=N
25031. Filename=hppt.exe
25032. Description=Associated with a HP ScanJet scanner
25033. Source=Paul Collins Startup list
25034.  
25035. [HP Photo Manager]
25036. Number=3556
25037. Confirmed=X
25038. Filename=HPPhotoManager.exe
25039. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXU&VSect=T" target=_blank>SDBOT.AXU</a> WORM!
25040. Source=Paul Collins Startup list
25041.  
25042. [HP Port Resolver]
25043. Number=3557
25044. Confirmed=?
25045. Filename=hpbpro.exe
25046. Description=<font color="#FF0000">??</font>
25047. Source=Paul Collins Startup list
25048.  
25049. [HP Precision Scan]
25050. Number=3558
25051. Confirmed=N
25052. Filename=hpmdlbwx.exe
25053. Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
25054. Source=Paul Collins Startup list
25055.  
25056. [HP Presentation Ready]
25057. Number=3559
25058. Confirmed=N
25059. Filename=PresRdy.exe
25060. Description=HP Omnibook related:  "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
25061. Source=Paul Collins Startup list
25062.  
25063. [hp psc 2000 Series]
25064. Number=3560
25065. Confirmed=U
25066. Filename=hpobnz08.exe
25067. Description=System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
25068. Source=Paul Collins Startup list
25069.  
25070. [HP RecordNow]
25071. Number=3561
25072. Confirmed=U
25073. Filename=??
25074. Description=From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."
25075. Source=Paul Collins Startup list
25076.  
25077. [HP ScanPatch]
25078. Number=3562
25079. Confirmed=U
25080. Filename=HPScanFix.exe
25081. Description=Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
25082. Source=Paul Collins Startup list
25083.  
25084. [HP ScanPicture]
25085. Number=3563
25086. Confirmed=N
25087. Filename=hpsplmwa.exe
25088. Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
25089. Source=Paul Collins Startup list
25090.  
25091. [HP SchedIndexer]
25092. Number=3564
25093. Confirmed=U
25094. Filename=hppschedindexer.exe
25095. Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
25096. Source=Paul Collins Startup list
25097.  
25098. [HP Service Drivers]
25099. Number=3565
25100. Confirmed=X
25101. Filename=hdsys.exe
25102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotze.html" target=_blank>SDBOT-ZE</a> WORM!
25103. Source=Paul Collins Startup list
25104.  
25105. [hp Silent Service]
25106. Number=3566
25107. Confirmed=?
25108. Filename=HpSrvUI.exe
25109. Description=<font color="#FF0000">HP related</font>
25110. Source=Paul Collins Startup list
25111.  
25112. [HP Simple Trax]
25113. Number=3567
25114. Confirmed=N
25115. Filename=Hpcron.exe
25116. Description=Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon
25117. Source=Paul Collins Startup list
25118.  
25119. [HP software update]
25120. Number=3568
25121. Confirmed=N
25122. Filename=HPWuSchd2.exe
25123. Description=HP software updates. If a shortcut doesn't exist create your own and run it manually
25124. Source=Paul Collins Startup list
25125.  
25126. [HP software update]
25127. Number=3569
25128. Confirmed=N
25129. Filename=HPWuSchd.exe
25130. Description=HP software updates. If a shortcut doesn't exist, create your own and run it manually
25131. Source=Paul Collins Startup list
25132.  
25133. [HP Status]
25134. Number=3570
25135. Confirmed=N
25136. Filename=hpstatus.exe
25137. Description=HP Printer Status and Alerts
25138. Source=Paul Collins Startup list
25139.  
25140. [HP Status Server]
25141. Number=3571
25142. Confirmed=?
25143. Filename=hpboid.exe
25144. Description=Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. <font color="#FF0000">What does it do and is it required?</font>
25145. Source=Paul Collins Startup list
25146.  
25147. [HP TV Now]
25148. Number=3572
25149. Confirmed=U
25150. Filename=HpTvNow.exe
25151. Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
25152. Source=Paul Collins Startup list
25153.  
25154. [HP Updates]
25155. Number=3573
25156. Confirmed=N
25157. Filename=??
25158. Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
25159. Source=Paul Collins Startup list
25160.  
25161. [HP Visualize Init]
25162. Number=3574
25163. Confirmed=?
25164. Filename=HpVisIni.exe
25165. Description=HP Visualize software related. <font color="#FF0000">What does it do and is it required?</font>
25166. Source=Paul Collins Startup list
25167.  
25168. [HP-Aio Flight]
25169. Number=3575
25170. Confirmed=N
25171. Filename=Remind32.exe
25172. Description=HP multifunction registration
25173. Source=Paul Collins Startup list
25174.  
25175. [hpaiodevice]
25176. Number=3576
25177. Confirmed=N
25178. Filename=hpodev07.exe
25179. Description=Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
25180. Source=Paul Collins Startup list
25181.  
25182. [HPAiODevice(hp officejet g series)]
25183. Number=3577
25184. Confirmed=?
25185. Filename=hpoavn07.exe
25186. Description=HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. <font color="#FF0000">Is it required?</font>
25187. Source=Paul Collins Startup list
25188.  
25189. [HPAiODevice(hp psc 900 series) -1]
25190. Number=3578
25191. Confirmed=N
25192. Filename=hpobrt07.exe
25193. Description=Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
25194. Source=Paul Collins Startup list
25195.  
25196. [HPAIO_PrintFolderMgr]
25197. Number=3579
25198. Confirmed=N
25199. Filename=hpoopm07.exe
25200. Description=Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
25201. Source=Paul Collins Startup list
25202.  
25203. [HPBootOp]
25204. Number=3580
25205. Confirmed=U
25206. Filename=HPBootOp.exe
25207. Description="<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/hpbootop/" target="_blank">HP Boot Optimizer</a> intelligently and dynamically launches software during startup, based on available resources, to improve startup performance"
25208. Source=Paul Collins Startup list
25209.  
25210. [hpcmd]
25211. Number=3581
25212. Confirmed=X
25213. Filename=cmd.exe
25214. Description=Added by the <a href="http://www.sophos.com/security/analyses/trojadclickds.html" target="_blank">ADCLICK-DS</a> TROJAN!
25215. Source=Paul Collins Startup list
25216.  
25217. [hpcmpmgr]
25218. Number=3582
25219. Confirmed=N
25220. Filename=hpcmpmgr.exe
25221. Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
25222. Source=Paul Collins Startup list
25223.  
25224. [HPDJ Taskbar Utility]
25225. Number=3583
25226. Confirmed=U
25227. Filename=hpztsbol.exe
25228. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25229. Source=Paul Collins Startup list
25230.  
25231. [HPDJ Taskbar Utility]
25232. Number=3584
25233. Confirmed=U
25234. Filename=hpztsd02.exe
25235. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25236. Source=Paul Collins Startup list
25237.  
25238. [HPDJ Taskbar Utility]
25239. Number=3585
25240. Confirmed=U
25241. Filename=hpztsb04.exe
25242. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25243. Source=Paul Collins Startup list
25244.  
25245. [HPDJ Taskbar Utility]
25246. Number=3586
25247. Confirmed=U
25248. Filename=hpztsb05.exe
25249. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25250. Source=Paul Collins Startup list
25251.  
25252. [HPDJ Taskbar Utility]
25253. Number=3587
25254. Confirmed=U
25255. Filename=hpztsb07.exe
25256. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25257. Source=Paul Collins Startup list
25258.  
25259. [HPDJ Taskbar Utility]
25260. Number=3588
25261. Confirmed=U
25262. Filename=hpztsb09.exe
25263. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25264. Source=Paul Collins Startup list
25265.  
25266. [hpfsched]
25267. Number=3589
25268. Confirmed=N
25269. Filename=hpfsched.exe
25270. Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
25271. Source=Paul Collins Startup list
25272.  
25273. [HPGamesActiveMenu]
25274. Number=3590
25275. Confirmed=U
25276. Filename=ActiveMenu.exe
25277. Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
25278. Source=Paul Collins Startup list
25279.  
25280. [hpgs2wnd]
25281. Number=3591
25282. Confirmed=N
25283. Filename=hpgs2wnd.exe
25284. Description="HP's exclusive <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?docname=bps05210&cc=us&dlc=en&lc=en&jumpid=reg_R1002_USEN" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites".<font color="#FF0000"> </font>Available via Start -> Programs
25285. Source=Paul Collins Startup list
25286.  
25287. [Hpha1mon]
25288. Number=3592
25289. Confirmed=U
25290. Filename=Hpha1mon.exe
25291. Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
25292. Source=Paul Collins Startup list
25293.  
25294. [HPHAxMON]
25295. Number=3593
25296. Confirmed=U
25297. Filename=HPHAxMON.EXE
25298. Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards
25299. Source=Paul Collins Startup list
25300.  
25301. [HPHmon**]
25302. Number=3594
25303. Confirmed=U
25304. Filename=HPHMON**.EXE
25305. Description=Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader
25306. Source=Paul Collins Startup list
25307.  
25308. [HPHmon03]
25309. Number=3595
25310. Confirmed=U
25311. Filename=hphmon03.exe
25312. Description=Related to the Hewlett-Packard Photosmart's configuration and diagnostics module
25313. Source=Paul Collins Startup list
25314.  
25315. [HPHmon04]
25316. Number=3596
25317. Confirmed=U
25318. Filename=hphmon04.exe
25319. Description=Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
25320. Source=Paul Collins Startup list
25321.  
25322. [HPHmon05]
25323. Number=3597
25324. Confirmed=?
25325. Filename=hphmon05.exe
25326. Description=<font color="#FF0000">??</font>
25327. Source=Paul Collins Startup list
25328.  
25329. [HPHmon06]
25330. Number=3598
25331. Confirmed=U
25332. Filename=hphmon06.exe
25333. Description=Related to the Hewlett Packard software HP Photosmart printer, it provides easy access to flash card reading functions. This program is not essential to the running of the system. Your choice
25334. Source=Paul Collins Startup list
25335.  
25336. [Hphome]
25337. Number=3599
25338. Confirmed=X
25339. Filename=hphome.js
25340. Description=Homepage hijacker
25341. Source=Paul Collins Startup list
25342.  
25343. [HPHUPD**]
25344. Number=3600
25345. Confirmed=N
25346. Filename=hphupd**.exe
25347. Description=HP software update checker and wizard launcher. ** represents the version number. Available via Start -> Programs
25348. Source=Paul Collins Startup list
25349.  
25350. [hpjsiroute]
25351. Number=3601
25352. Confirmed=?
25353. Filename=hpjsira.exe
25354. Description=<font color="#FF0000">Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"</font>
25355. Source=Paul Collins Startup list
25356.  
25357. [HPl Services]
25358. Number=3602
25359. Confirmed=X
25360. Filename=hmlsvc32.exe
25361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsi.html" target=_blank>AGOBOT-SI</a> WORM and variants!
25362. Source=Paul Collins Startup list
25363.  
25364. [HpLamp]
25365. Number=3603
25366. Confirmed=Y
25367. Filename=HPLAMP.EXE
25368. Description=HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on
25369. Source=Paul Collins Startup list
25370.  
25371. [hplampc]
25372. Number=3604
25373. Confirmed=U
25374. Filename=hplampc.exe
25375. Description=HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off
25376. Source=Paul Collins Startup list
25377.  
25378. [HPLaptopGamesActiveMenu]
25379. Number=3605
25380. Confirmed=U
25381. Filename=ActiveMenu.exe
25382. Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
25383. Source=Paul Collins Startup list
25384.  
25385. [HPLJ Config]
25386. Number=3606
25387. Confirmed=Y
25388. Filename=SetConfig.exe
25389. Description=Connects system to networked HP printer.
25390. Source=Paul Collins Startup list
25391.  
25392. [HPLogiFinder]
25393. Number=3607
25394. Confirmed=U
25395. Filename=hp_finder.exe
25396. Description=HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
25397. Source=Paul Collins Startup list
25398.  
25399. [HpMmKbd]
25400. Number=3608
25401. Confirmed=U
25402. Filename=HpMmKbd.exe
25403. Description=HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
25404. Source=Paul Collins Startup list
25405.  
25406. [HPMVTray]
25407. Number=3609
25408. Confirmed=U
25409. Filename=HPMVTray.exe
25410. Description=<a href="http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00809011&lc=en&cc=id&dlc=en&product=3193065" target="_blank">HP Media Vault</a> Networked Storage Device - System Tray management utility
25411. Source=Paul Collins Startup list
25412.  
25413. [HPNT]
25414. Number=3610
25415. Confirmed=X
25416. Filename=hpdll.exe
25417. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.VB.ku
25418. Source=Paul Collins Startup list
25419.  
25420. [hpodblia]
25421. Number=3611
25422. Confirmed=N
25423. Filename=hpodblia.exe
25424. Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
25425. Source=Paul Collins Startup list
25426.  
25427. [hpoddt01.exe]
25428. Number=3612
25429. Confirmed=N
25430. Filename=N/A
25431. Description=Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started
25432. Source=Paul Collins Startup list
25433.  
25434. [hpodlb08]
25435. Number=3613
25436. Confirmed=N
25437. Filename=hpodlb08.exe
25438. Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
25439. Source=Paul Collins Startup list
25440.  
25441. [hpotdd01.exe]
25442. Number=3614
25443. Confirmed=Y
25444. Filename=hpotdd01.exe
25445. Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
25446. Source=Paul Collins Startup list
25447.  
25448. [hpppta]
25449. Number=3615
25450. Confirmed=Y
25451. Filename=HPPPTA.exe
25452. Description=HP parallel port driver for certain hardware
25453. Source=Paul Collins Startup list
25454.  
25455. [HpPrinter]
25456. Number=3616
25457. Confirmed=X
25458. Filename=hpserver.exe
25459. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcmjspyw.html" target=_blank>CMJSPY-W</a> TROJAN!
25460. Source=Paul Collins Startup list
25461.  
25462. [HPPROPTY]
25463. Number=3617
25464. Confirmed=N
25465. Filename=HPPROPTY.EXE
25466. Description=<a href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpl05860&locale=en_US&docId=35185" target="_blank">HP LaserJet Toolbox</a>
25467. Source=Paul Collins Startup list
25468.  
25469. [HPPWRSAV]
25470. Number=3618
25471. Confirmed=U
25472. Filename=HPPWRSAV.EXE
25473. Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try <a href="http://www.hp.com">www.hp.com</a>, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch
25474. Source=Paul Collins Startup list
25475.  
25476. [hpqcmon]
25477. Number=3619
25478. Confirmed=?
25479. Filename=hpqcmon.exe
25480. Description=<font color="#FF0000">From HP and related to digital imaging</font>
25481. Source=Paul Collins Startup list
25482.  
25483. [HPSCANMonitor]
25484. Number=3620
25485. Confirmed=U
25486. Filename=hpsjvxd.exe
25487. Description=HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
25488. Source=Paul Collins Startup list
25489.  
25490. [hpScannerFirstBoot]
25491. Number=3621
25492. Confirmed=?
25493. Filename=scannerfb.exe
25494. Description=<font color="#FF0000">HP scanner related</font>
25495. Source=Paul Collins Startup list
25496.  
25497. [hpsjbmgr]
25498. Number=3622
25499. Confirmed=N
25500. Filename=hpsjbmgr.exe
25501. Description=HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
25502. Source=Paul Collins Startup list
25503.  
25504. [HPStart]
25505. Number=3623
25506. Confirmed=N
25507. Filename=hpstart.wsf
25508. Description=This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
25509. Source=Paul Collins Startup list
25510.  
25511. [hpsysconf1]
25512. Number=3624
25513. Confirmed=X
25514. Filename=[random filename]
25515. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VIVIA.A" target="_blank">VIVIA.A</a> TROJAN!
25516. Source=Paul Collins Startup list
25517.  
25518. [hpsysdrv]
25519. Number=3625
25520. Confirmed=U
25521. Filename=hpsysdrv.exe
25522. Description=This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
25523. Source=Paul Collins Startup list
25524.  
25525. [hptools]
25526. Number=3626
25527. Confirmed=X
25528. Filename=hptools.exe
25529. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
25530. Source=Paul Collins Startup list
25531.  
25532. [hptools]
25533. Number=3627
25534. Confirmed=X
25535. Filename=microsoft.exe
25536. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
25537. Source=Paul Collins Startup list
25538.  
25539. [HPU]
25540. Number=3628
25541. Confirmed=N
25542. Filename=ProvenTactics.exe
25543. Description=<a href="http://www.proventactics.com/" target="_blank">Proven Internet Marketing</a> software
25544. Source=Paul Collins Startup list
25545.  
25546. [hpWirelessAssistant]
25547. Number=3629
25548. Confirmed=U
25549. Filename=HP Wireless Assistant.exe
25550. Description=The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices
25551. Source=Paul Collins Startup list
25552.  
25553. [HPZTS04]
25554. Number=3630
25555. Confirmed=N
25556. Filename=hpzts04.exe
25557. Description=Hewlett Packard printer toolbox shortcut that resides in the system tray
25558. Source=Paul Collins Startup list
25559.  
25560. [hpztsb02]
25561. Number=3631
25562. Confirmed=U
25563. Filename=hpztsb02.exe
25564. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25565. Source=Paul Collins Startup list
25566.  
25567. [hpztsb04]
25568. Number=3632
25569. Confirmed=U
25570. Filename=hpztsb04.exe
25571. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25572. Source=Paul Collins Startup list
25573.  
25574. [hpztsb05]
25575. Number=3633
25576. Confirmed=U
25577. Filename=hpztsb05.exe
25578. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25579. Source=Paul Collins Startup list
25580.  
25581. [hpztsb07]
25582. Number=3634
25583. Confirmed=U
25584. Filename=hpztsb07.exe
25585. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25586.  
25587. Source=Paul Collins Startup list
25588.  
25589. [hpztsb09]
25590. Number=3635
25591. Confirmed=U
25592. Filename=hpztsb09.exe
25593. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25594. Source=Paul Collins Startup list
25595.  
25596. [hpztsbol]
25597. Number=3636
25598. Confirmed=U
25599. Filename=hpztsbol.exe
25600. Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
25601. Source=Paul Collins Startup list
25602.  
25603. [HP_dla]
25604. Number=3637
25605. Confirmed=N
25606. Filename=dlatray.exe
25607. Description=On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
25608. Source=Paul Collins Startup list
25609.  
25610. [HQI Services]
25611. Number=3638
25612. Confirmed=X
25613. Filename=hqisvc32.exe
25614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotro.html" target= blank>AGOBOT-RO</a> WORM!
25615. Source=Paul Collins Startup list
25616.  
25617. [HQI Services]
25618. Number=3639
25619. Confirmed=X
25620. Filename=hqlsvc32.exe
25621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrp.html" target= blank>AGOBOT-RP</a> WORM!
25622. Source=Paul Collins Startup list
25623.  
25624. [HR]
25625. Number=3640
25626. Confirmed=U
25627. Filename=Hr.exe
25628. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hiddenrecorder.html" target=_blank>HiddenRecorder</a> periodically takes screenshots of the computer. If you didn't install this yourself remove it
25629. Source=Paul Collins Startup list
25630.  
25631. [HREF.OCX]
25632. Number=3641
25633. Confirmed=U
25634. Filename=regsvr32.exe ....HREF.OCX
25635. Description=HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as <a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a>
25636. Source=Paul Collins Startup list
25637.  
25638. [Hrn_qtv]
25639. Number=3642
25640. Confirmed=X
25641. Filename=hrnsvc32.exe
25642. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaet.html" target=_blank>SDBOT-AET</a> WORM!
25643. Source=Paul Collins Startup list
25644.  
25645. [hsim]
25646. Number=3643
25647. Confirmed=X
25648. Filename=isearch.exe
25649. Description=Unidentified malware
25650. Source=Paul Collins Startup list
25651.  
25652. [hsim]
25653. Number=3644
25654. Confirmed=X
25655. Filename=sexgame.exe
25656. Description=Unidentified malware
25657. Source=Paul Collins Startup list
25658.  
25659. [hsim]
25660. Number=3645
25661. Confirmed=X
25662. Filename=toolbar.exe
25663. Description=Unidentified malware
25664. Source=Paul Collins Startup list
25665.  
25666. [HSLAB Logger]
25667. Number=3646
25668. Confirmed=U
25669. Filename=logger.exe
25670. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.hslablogger.html" target=_blank>HSLABLogger</a> logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it
25671. Source=Paul Collins Startup list
25672.  
25673. [HSTrans]
25674. Number=3647
25675. Confirmed=U
25676. Filename=hstrans.exe
25677. Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
25678. Source=Paul Collins Startup list
25679.  
25680. [HsuGuiControl]
25681. Number=3648
25682. Confirmed=?
25683. Filename=HsuGuiControl.exe
25684. Description=Part of the Starband Internet satellite client. <font color="#FF0000">What does it do and is it required?</font>
25685. Source=Paul Collins Startup list
25686.  
25687. [Hti]
25688. Number=3649
25689. Confirmed=U
25690. Filename=npdor.exe
25691. Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
25692. Source=Paul Collins Startup list
25693.  
25694. [HTML Help System]
25695. Number=3650
25696. Confirmed=X
25697. Filename=hhs.pif
25698. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatb.html" target=_blank>RBOT-ATB</a> WORM!
25699. Source=Paul Collins Startup list
25700.  
25701. [HTML32 Help System]
25702. Number=3651
25703. Confirmed=X
25704. Filename=hhs32.pif
25705. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotate.html" target=_blank>RBOT-ATE</a> WORM!
25706. Source=Paul Collins Startup list
25707.  
25708. [HTpatch]
25709. Number=3652
25710. Confirmed=U
25711. Filename=htpatch.exe
25712. Description=HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
25713. Source=Paul Collins Startup list
25714.  
25715. [HtProtect]
25716. Number=3653
25717. Confirmed=X
25718. Filename=AVprotect.exe
25719. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030913-1913-99" target="_blank">NETSKY.L</a> WORM!
25720. Source=Paul Collins Startup list
25721.  
25722. [HTTP Tunneling Server]
25723. Number=3654
25724. Confirmed=X
25725. Filename=mstunnel.exe
25726. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=49612" target="_blank">RBOT.EDL</a> WORM!
25727. Source=Paul Collins Startup list
25728.  
25729. [http://www.lienvandekelder.be]
25730. Number=3655
25731. Confirmed=X
25732. Filename=LienVandeKelder.exe
25733. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaz.html" target= blank>MYTOB-AZ</a> WORM!
25734. Source=Paul Collins Startup list
25735.  
25736. [http://www.lienvandekelder.be]
25737. Number=3656
25738. Confirmed=X
25739. Filename=Lien Van de Kelder.exe
25740. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobap.html" target=_blank>MYTOB-AP</a> WORM and variants!
25741. Source=Paul Collins Startup list
25742.  
25743. [http://www.lienvandekelder.be]
25744. Number=3657
25745. Confirmed=X
25746. Filename=Lien Vande Kelder.exe
25747. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaq.html" target=_blank>MYTOB-AQ</a> WORM!
25748. Source=Paul Collins Startup list
25749.  
25750. [http://www.lienvandekelder.be]
25751. Number=3658
25752. Confirmed=X
25753. Filename=Lien vd Kelder.exe
25754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobm.html" target=_blank>MYTOB-M</a> WORM!
25755. Source=Paul Collins Startup list
25756.  
25757. [http://www.lienvandekelder.be]
25758. Number=3659
25759. Confirmed=X
25760. Filename=Lien.exe
25761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcz.html" target=_blank>MYTOB-CZ</a> WORM!
25762. Source=Paul Collins Startup list
25763.  
25764. [http://www.lienvandekelder.be]
25765. Number=3660
25766. Confirmed=X
25767. Filename=Lientjeuh.exe
25768. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobp.html" target=_blank>MYTOB-P</a> WORM!
25769. Source=Paul Collins Startup list
25770.  
25771. [http://www.lienvandekelder.be]
25772. Number=3661
25773. Confirmed=X
25774. Filename=LienVdK.exe
25775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobu.html" target=_blank>MYTOB-U</a> WORM!
25776. Source=Paul Collins Startup list
25777.  
25778. [http://www.lienvandekelder.be]
25779. Number=3662
25780. Confirmed=X
25781. Filename=Van de Kelder Lien.exe
25782. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbf.html" target=_blank>MYTOB-BF</a> WORM!
25783. Source=Paul Collins Startup list
25784.  
25785. [http://www.lienvandekelder.be]
25786. Number=3663
25787. Confirmed=X
25788. Filename=We Love Lien Van de Kelder.exe
25789. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcv.html" target=_blank>MYTOB-CV</a> WORM!
25790. Source=Paul Collins Startup list
25791.  
25792. [http://www.lienvandekelder.com]
25793. Number=3664
25794. Confirmed=X
25795. Filename=Lien Van de Kelder.exe
25796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeq.html" target=_blank>MYTOB-EQ</a> WORM!
25797. Source=Paul Collins Startup list
25798.  
25799. [http://www.lienvandekelder.com/]
25800. Number=3665
25801. Confirmed=X
25802. Filename=LienVandeKelder.exe
25803. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeo.html" target=_blank>MYTOB-EO</a> WORM!
25804. Source=Paul Collins Startup list
25805.  
25806. [httpd]
25807. Number=3666
25808. Confirmed=X
25809. Filename=c_pan.exe
25810. Description=Added by a variant of the DELF-A TROJAN!
25811. Source=Paul Collins Startup list
25812.  
25813. [httpd]
25814. Number=3667
25815. Confirmed=X
25816. Filename=deamon.exe
25817. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
25818. Source=Paul Collins Startup list
25819.  
25820. [httpd]
25821. Number=3668
25822. Confirmed=X
25823. Filename=msgaol.exe
25824. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
25825. Source=Paul Collins Startup list
25826.  
25827. [httpd]
25828. Number=3669
25829. Confirmed=X
25830. Filename=s_menu.exe
25831. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
25832. Source=Paul Collins Startup list
25833.  
25834. [httpd]
25835. Number=3670
25836. Confirmed=X
25837. Filename=browse.exe
25838. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
25839. Source=Paul Collins Startup list
25840.  
25841. [httpd]
25842. Number=3671
25843. Confirmed=X
25844. Filename=deamon.exe
25845. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
25846. Source=Paul Collins Startup list
25847.  
25848. [https-ssl]
25849. Number=3672
25850. Confirmed=X
25851. Filename=https.exe
25852. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-0303-99" target="_blank">MOEGA.D</a> WORM!
25853. Source=Paul Collins Startup list
25854.  
25855. [huhdir]
25856. Number=3673
25857. Confirmed=?
25858. Filename=huhdir.exe
25859. Description=<font color="#FF0000">??</font>
25860. Source=Paul Collins Startup list
25861.  
25862. [huigezi]
25863. Number=3674
25864. Confirmed=X
25865. Filename=HgzServer.exe
25866. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-5125-99" target="_blank">GRAYBIRD.C</a> TROJAN!
25867. Source=Paul Collins Startup list
25868.  
25869. [Hvid]
25870. Number=3675
25871. Confirmed=X
25872. Filename=Hvid.exe
25873. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
25874. Source=Paul Collins Startup list
25875.  
25876. [HWINFO*]
25877. Number=3676
25878. Confirmed=X
25879. Filename=HWINFO*
25880. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041115-4727-99" target="_blank"> PUROL</a> WORM! where * is a random character
25881. Source=Paul Collins Startup list
25882.  
25883. [HWinst]
25884. Number=3677
25885. Confirmed=Y
25886. Filename=N/A
25887. Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
25888. Source=Paul Collins Startup list
25889.  
25890. [Hwp]
25891. Number=3678
25892. Confirmed=X
25893. Filename=system_wc.exe
25894. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
25895. Source=Paul Collins Startup list
25896.  
25897. [hws]
25898. Number=3679
25899. Confirmed=X
25900. Filename=hws.exe
25901. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpact.html" target=_blank>STARTPA-CT</a> TROJAN!
25902. Source=Paul Collins Startup list
25903.  
25904. [HWSetup]
25905. Number=3680
25906. Confirmed=U
25907. Filename=HWSetup.exe hwSetUP
25908. Description="Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings
25909. Source=Paul Collins Startup list
25910.  
25911. [hxadsec]
25912. Number=3681
25913. Confirmed=X
25914. Filename=[path to trojan]
25915. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickap.html" target=_blank>ADCLICK-AP</a> TROJAN!
25916. Source=Paul Collins Startup list
25917.  
25918. [HXDL.EXE]
25919. Number=3682
25920. Confirmed=X
25921. Filename=HXDL.EXE
25922. Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
25923. Source=Paul Collins Startup list
25924.  
25925. [HXIUL.EXE]
25926. Number=3683
25927. Confirmed=X
25928. Filename=HXIUL.EXE
25929. Description=Attune HelpExpress - spyware. Disable and uninstall - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075079" target="_blank">here</a>
25930. Source=Paul Collins Startup list
25931.  
25932. [HydarVisionDesktopManager]
25933. Number=3684
25934. Confirmed=U
25935. Filename=desk95.exe
25936. Description=ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as <a href="http://support.microsoft.com/?id=810937" target=_blank>this one</a>. HydraVision can be uninstalled through Add/Remove Programs
25937. Source=Paul Collins Startup list
25938.  
25939. [HydraVisionDesktopManager]
25940. Number=3685
25941. Confirmed=U
25942. Filename=desk98.exe
25943. Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
25944. Source=Paul Collins Startup list
25945.  
25946. [HydraVisionViewport]
25947. Number=3686
25948. Confirmed=U
25949. Filename=viewport.exe
25950. Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
25951. Source=Paul Collins Startup list
25952.  
25953. [Hyper Start]
25954. Number=3687
25955. Confirmed=X
25956. Filename=instantmsgrs.exe
25957. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnh.html" target=_blank>RBOT-NH</a> WORM!
25958.  
25959. Source=Paul Collins Startup list
25960.  
25961. [I am not Ranky. I am eTunnel!]
25962. Number=3688
25963. Confirmed=X
25964. Filename=msyervice.exe
25965. Description=Added by an unidentified WORM or TROJAN!
25966. Source=Paul Collins Startup list
25967.  
25968. [I am not Ranky. I am eTunnel!]
25969. Number=3689
25970. Confirmed=X
25971. Filename=winsys.exe
25972. Description=Added by an unidentified WORM or TROJAN!
25973. Source=Paul Collins Startup list
25974.  
25975. [I am not Ranky. I am eTunnel!]
25976. Number=3690
25977. Confirmed=X
25978. Filename=disney.exe
25979. Description=Added by an unidentified WORM or TROJAN!
25980. Source=Paul Collins Startup list
25981.  
25982. [I-Worm.GiGu]
25983. Number=3691
25984. Confirmed=X
25985. Filename=uGiG.eXe
25986. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-083016-1736-99" target="_blank">GINK</a> WORM!
25987. Source=Paul Collins Startup list
25988.  
25989. [I/O Controllers]
25990. Number=3692
25991. Confirmed=X
25992. Filename=svcnet.exe
25993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibikb.html" target=_blank>TIBIK-B</a> TROJAN!
25994. Source=Paul Collins Startup list
25995.  
25996. [I386]
25997. Number=3693
25998. Confirmed=X
25999. Filename=I386.exe
26000. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062412-1734-99" target="_blank"> MYPOWER</a> WORM!
26001. Source=Paul Collins Startup list
26002.  
26003. [I81SHELL]
26004. Number=3694
26005. Confirmed=?
26006. Filename=I81SHELL.exe
26007. Description=<font color="#FF0000">Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard</font>
26008. Source=Paul Collins Startup list
26009.  
26010. [i8kfangui]
26011. Number=3695
26012. Confirmed=U
26013. Filename=i8kfangui.exe
26014. Description=Graphical interface for fan speed control
26015. Source=Paul Collins Startup list
26016.  
26017. [IAAnotif]
26018. Number=3696
26019. Confirmed=U
26020. Filename=iaanotif.exe
26021. Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank">Intel« Application Accelerator</a> - "a performance software package for desktop PCs using select Intel« chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
26022. Source=Paul Collins Startup list
26023.  
26024. [iamapp]
26025. Number=3697
26026. Confirmed=Y
26027. Filename=iamapp.exe
26028. Description=AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
26029. Source=Paul Collins Startup list
26030.  
26031. [Iamnacho On Irc.MusIrc.com Is a Homosexual!]
26032. Number=3698
26033. Confirmed=X
26034. Filename=XBox64.exe
26035. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110515-2026-99" target="_blank">RANDEX.Y</a> WORM!
26036. Source=Paul Collins Startup list
26037.  
26038. [Iap]
26039. Number=3699
26040. Confirmed=?
26041. Filename=iap.exe
26042. Description=<font color="#FF0000">Possibly part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?</font>
26043. Source=Paul Collins Startup list
26044.  
26045. [ias]
26046. Number=3700
26047. Confirmed=U
26048. Filename=ias.exe
26049. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120115-5305-99" target= blank>InvisibleASpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
26050. Source=Paul Collins Startup list
26051.  
26052. [IASHLPR]
26053. Number=3701
26054. Confirmed=X
26055. Filename=IASHLPR.EXE
26056. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
26057. Source=Paul Collins Startup list
26058.  
26059. [ibin]
26060. Number=3702
26061. Confirmed=X
26062. Filename=[path to trojan]
26063. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdac.html" target=_blank>PERDA-C</a> TROJAN!
26064. Source=Paul Collins Startup list
26065.  
26066. [ibm]
26067. Number=3703
26068. Confirmed=X
26069. Filename=ibm.exe
26070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirah.html" target=_blank>LEGMIR-AH</a> TROJAN!
26071. Source=Paul Collins Startup list
26072.  
26073. [IBM Warranty Notification]
26074. Number=3704
26075. Confirmed=?
26076. Filename=ERTS0749.exe
26077. Description=IBM Warranty Notification - <font color="#FF0000">presumably it's a reminder to either register or that warranty is about to expire?</font>
26078. Source=Paul Collins Startup list
26079.  
26080. [ibmmessages]
26081. Number=3705
26082. Confirmed=N
26083. Filename=ibmmessages.exe
26084. Description=Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
26085. Source=Paul Collins Startup list
26086.  
26087. [Ibmmon.exe]
26088. Number=3706
26089. Confirmed=?
26090. Filename=Ibmmon.exe
26091. Description=<font color="#FF0000">??</font>
26092. Source=Paul Collins Startup list
26093.  
26094. [Ibmpmsvc]
26095. Number=3707
26096. Confirmed=U
26097. Filename=ibmpmsvc.exe
26098. Description=Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
26099. Source=Paul Collins Startup list
26100.  
26101. [IBMPRC]
26102. Number=3708
26103. Confirmed=?
26104. Filename=ibmprc.exe
26105. Description=IBM application - <font color=#FF0000>what does it do and is it required?</font>
26106. Source=Paul Collins Startup list
26107.  
26108. [IBMUltraBayHotSwapCPLLoader]
26109. Number=3709
26110. Confirmed=U
26111. Filename=IBMBAY2N.EXE
26112. Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
26113. Source=Paul Collins Startup list
26114.  
26115. [IBMUltraBayHotSwapSound]
26116. Number=3710
26117. Confirmed=?
26118. Filename=IBMBAYSN.EXE
26119. Description=<font color="#FF0000">Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?</font>
26120. Source=Paul Collins Startup list
26121.  
26122. [IBM_PWMGR]
26123. Number=3711
26124. Confirmed=Y
26125. Filename=pwmgr.exe
26126. Description=IBM Password Manager
26127.  
26128. Source=Paul Collins Startup list
26129.  
26130. [IBWin Background process]
26131. Number=3712
26132. Confirmed=U
26133. Filename=IBackground.exe
26134. Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
26135. Source=Paul Collins Startup list
26136.  
26137. [IBWin Monitor]
26138. Number=3713
26139. Confirmed=U
26140. Filename=IBMonitor.exe
26141. Description=<a href="http://www.ibackup.com/ibwin_new.htm" target=_blank>IBackup</a> for Windows
26142. Source=Paul Collins Startup list
26143.  
26144. [IcaBar]
26145. Number=3714
26146. Confirmed=Y
26147. Filename=icabar.exe
26148. Description=Related to Citrix MetaFrame
26149. Source=Paul Collins Startup list
26150.  
26151. [icasServ]
26152. Number=3715
26153. Confirmed=X
26154. Filename=icasServ.exe
26155. Description=Browser hijacker, redirecting to Searchforfree.info. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojicaserva.html" target= blank>ICASERV-A</a> TROJAN!
26156. Source=Paul Collins Startup list
26157.  
26158. [ICcontrol]
26159. Number=3716
26160. Confirmed=X
26161. Filename=iccontrol.exe
26162. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-0643-99" target=_blank>ICcontrol</a> premium rate adult content dialer
26163. Source=Paul Collins Startup list
26164.  
26165. [icdd7ee6]
26166. Number=3717
26167. Confirmed=X
26168. Filename=rundll32.exe [path] icdd7ee6.dll, EnableRunDLL32
26169. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
26170. Source=Paul Collins Startup list
26171.  
26172. [icddefff]
26173. Number=3718
26174. Confirmed=X
26175. Filename=rundll32.exe [path] icddefff.dll, EnableRunDLL32
26176. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
26177. Source=Paul Collins Startup list
26178.  
26179. [ICH Synth]
26180. Number=3719
26181. Confirmed=N
26182. Filename=eusexe.exe
26183. Description=Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. <font color="#FF0000">May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices</font>
26184. Source=Paul Collins Startup list
26185.  
26186. [icifati]
26187. Number=3720
26188. Confirmed=X
26189. Filename=yujixit.exe
26190. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZZH&VSect=P" target=_blank>SDBOT.ZZH</a> WORM!
26191. Source=Paul Collins Startup list
26192.  
26193. [iClean]
26194. Number=3721
26195. Confirmed=U
26196. Filename=iClean.exe
26197. Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
26198. Source=Paul Collins Startup list
26199.  
26200. [ICM]
26201. Number=3722
26202. Confirmed=U
26203. Filename=ICM.EXE
26204. Description=Starts <a href="http://www.infointeractive.com/" target="_blank">Internet Call Manager</a> dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
26205. Source=Paul Collins Startup list
26206.  
26207. [iCn]
26208. Number=3723
26209. Confirmed=N
26210. Filename=NAG.EXE
26211. Description=iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name
26212. Source=Paul Collins Startup list
26213.  
26214. [ICO]
26215. Number=3724
26216. Confirmed=N
26217. Filename=ICO.EXE
26218. Description=Found on Sony Vaio and IBM Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
26219. Source=Paul Collins Startup list
26220.  
26221. [Icon Animation]
26222. Number=3725
26223. Confirmed=N
26224. Filename=HDE.EXE
26225. Description=Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
26226. Source=Paul Collins Startup list
26227.  
26228. [Icon Hearit 95]
26229. Number=3726
26230. Confirmed=N
26231. Filename=hearit95.exe
26232. Description=Audio desktop customization utility from Moon Valley Software. Resource hog
26233. Source=Paul Collins Startup list
26234.  
26235. [Icon Hearit 98]
26236. Number=3727
26237. Confirmed=N
26238. Filename=hearit98.exe
26239. Description=Audio desktop customization utility from Moon Valley Software. Resource hog
26240. Source=Paul Collins Startup list
26241.  
26242. [Icon lptt01]
26243. Number=3728
26244. Confirmed=X
26245. Filename=icon.exe
26246. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
26247. Source=Paul Collins Startup list
26248.  
26249. [Icon ml097e]
26250. Number=3729
26251. Confirmed=X
26252. Filename=icon.exe
26253. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
26254. Source=Paul Collins Startup list
26255.  
26256. [ICONCLNT]
26257. Number=3730
26258. Confirmed=Y
26259. Filename=iconclnt.exe
26260. Description=APC PowerChute Tray Icon. Associated with the <a href="#UPS"> UPS</a> listing
26261. Source=Paul Collins Startup list
26262.  
26263. [ICONDESK]
26264. Number=3731
26265. Confirmed=U
26266. Filename=ICONDESK.EXE
26267. Description=Small utility which will allow you the option of hiding or showing your desktop icons
26268. Source=Paul Collins Startup list
26269.  
26270. [Iconfig.exe]
26271. Number=3732
26272. Confirmed=N
26273. Filename=Iconfig.exe
26274. Description=Icon for LS-120 "Superdisk"
26275. Source=Paul Collins Startup list
26276.  
26277. [iConfigLoader]
26278. Number=3733
26279. Confirmed=X
26280. Filename=DIIhost.exe
26281. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
26282. Source=Paul Collins Startup list
26283.  
26284. [Iconoid]
26285. Number=3734
26286. Confirmed=N
26287. Filename=Iconoid.exe
26288. Description=<a href="http://www.sillysot.com/index.html" target="_blank">Iconoid</a> is a desktop icon manager
26289. Source=Paul Collins Startup list
26290.  
26291. [Iconsaver]
26292. Number=3735
26293. Confirmed=N
26294. Filename=Iconsaver.exe
26295. Description=<a href="http://www.iconsaver.com/index.html" target="_blank">IconSaver</a> is a desktop icon manager
26296. Source=Paul Collins Startup list
26297.  
26298. [ICQ]
26299. Number=3736
26300. Confirmed=X
26301. Filename=ICQNET.vbs
26302. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
26303. Source=Paul Collins Startup list
26304.  
26305. [ICQ Center]
26306. Number=3737
26307. Confirmed=X
26308. Filename=[path to worm]
26309. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092114-2153-99" target="_blank">RANDIN</a> WORM!
26310. Source=Paul Collins Startup list
26311.  
26312. [ICQ Chat Service]
26313. Number=3738
26314. Confirmed=X
26315. Filename=icqjdhs.exe
26316. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
26317. Source=Paul Collins Startup list
26318.  
26319. [ICQ Hacking Pro]
26320. Number=3739
26321. Confirmed=X
26322. Filename=ICQpro.exe
26323. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
26324. Source=Paul Collins Startup list
26325.  
26326. [ICQ Lite]
26327. Number=3740
26328. Confirmed=N
26329. Filename=ICQLite.exe
26330. Description=<a target="_blank" href="http://www.icq.com/download/">ICQ Lite</a> - compact version of the popular messaging program
26331. Source=Paul Collins Startup list
26332.  
26333. [icq lite]
26334. Number=3741
26335. Confirmed=X
26336. Filename=scvhost.exe
26337. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
26338. Source=Paul Collins Startup list
26339.  
26340. [icq lite]
26341. Number=3742
26342. Confirmed=X
26343. Filename=winlog.exe
26344. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
26345. Source=Paul Collins Startup list
26346.  
26347. [ICQ Lite Messenger]
26348. Number=3743
26349. Confirmed=X
26350. Filename=[random filename]
26351. Description=Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory
26352. Source=Paul Collins Startup list
26353.  
26354. [ICQ Messenger 2002]
26355. Number=3744
26356. Confirmed=X
26357. Filename=ICQ2002.exe
26358. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabl.html" target=_blank>SDBOT-ABL</a> WORM!
26359. Source=Paul Collins Startup list
26360.  
26361. [ICQ Net]
26362. Number=3745
26363. Confirmed=X
26364. Filename=winlogon.exe
26365. Description=Added by variants of the NETSKY WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process which should not appear in Msconfig/Startup!
26366. Source=Paul Collins Startup list
26367.  
26368. [ICQ Plus]
26369. Number=3746
26370. Confirmed=N
26371. Filename=vplus.exe
26372. Description=<a href="http://www.freedownloadscenter.com/Business/Application_Add-ins/ICQ_Plus.html" target="_blank">ICQ Plus</a> is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
26373. Source=Paul Collins Startup list
26374.  
26375. [IcqBeta]
26376. Number=3747
26377. Confirmed=X
26378. Filename=webcamupdate.exe
26379. Description=Added by an unidentified TROJAN!
26380. Source=Paul Collins Startup list
26381.  
26382. [ICQNet]
26383. Number=3748
26384. Confirmed=X
26385. Filename=winlogon.exe
26386. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32netskyc.html" target=_blank>NETSKY-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
26387. Source=Paul Collins Startup list
26388.  
26389. [icrosof Avps32 Control]
26390. Number=3749
26391. Confirmed=X
26392. Filename=av32.pif
26393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavc.html" target=_blank>RBOT-AVC</a> WORM!
26394. Source=Paul Collins Startup list
26395.  
26396. [icrosoft Visual]
26397. Number=3750
26398. Confirmed=X
26399. Filename=plscx.exe
26400. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayo.html" target=_blank>RBOT-AYO</a> WORM!
26401. Source=Paul Collins Startup list
26402.  
26403. [icrosoft Visual InterDevc]
26404. Number=3751
26405. Confirmed=X
26406. Filename=zvslmqb.exe
26407. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayp.html" target=_blank>RBOT-AYP</a> WORM!
26408. Source=Paul Collins Startup list
26409.  
26410. [icrosoft Windows DLL Services Configuration]
26411. Number=3752
26412. Confirmed=X
26413. Filename=poker3.exe
26414. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaer.html" target=_blank>SDBOT-AER</a> WORM!
26415. Source=Paul Collins Startup list
26416.  
26417. [icrosoftf Avpx Control]
26418. Number=3753
26419. Confirmed=X
26420. Filename=avpx.exe
26421. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayn.html" target=_blank>RBOT-AYN</a> WORM!
26422. Source=Paul Collins Startup list
26423.  
26424. [ICSDCLT]
26425. Number=3754
26426. Confirmed=U
26427. Filename=rundll32.exe Icsdclt.dll, ICSClient
26428. Description=Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
26429. Source=Paul Collins Startup list
26430.  
26431. [ICServer]
26432. Number=3755
26433. Confirmed=N
26434. Filename=Icserver.exe
26435. Description=Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
26436. Source=Paul Collins Startup list
26437.  
26438. [ICSMGR]
26439. Number=3756
26440. Confirmed=Y
26441. Filename=ICSMGR.EXE
26442. Description=Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers
26443. Source=Paul Collins Startup list
26444.  
26445. [IC_KEY_3]
26446. Number=3757
26447. Confirmed=N
26448. Filename=spvic.exe
26449. Description=<a href="http://www.instantchess.com/?SN=Z4dMzyutgpE9Pspv&ABT=3" target="_blank">Instant Chess</a> related
26450. Source=Paul Collins Startup list
26451.  
26452. [ID Commander]
26453. Number=3758
26454. Confirmed=N
26455. Filename=IDCom.exe
26456. Description=Caller ID utility for identifying incoming telephone numbers
26457. Source=Paul Collins Startup list
26458.  
26459. [ID8525]
26460. Number=3759
26461. Confirmed=X
26462. Filename=ID8525.exe
26463. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
26464. Source=Paul Collins Startup list
26465.  
26466. [ID8525]
26467. Number=3760
26468. Confirmed=X
26469. Filename=id85255.exe
26470. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A" target="_blank">ID8525.A</a> TROJAN!
26471. Source=Paul Collins Startup list
26472.  
26473. [IDA]
26474. Number=3761
26475. Confirmed=?
26476. Filename=IDA.EXE
26477. Description=<font color="#FF0000">HP related - in a Program FilesHewlett-PackardPC COE folder</font>
26478. Source=Paul Collins Startup list
26479.  
26480. [IDE]
26481. Number=3762
26482. Confirmed=X
26483. Filename=ide.exe
26484. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042919-4416-99" target="_blank">ASSASIN.F</a> TROJAN!
26485. Source=Paul Collins Startup list
26486.  
26487. [IDE Loader]
26488. Number=3763
26489. Confirmed=X
26490. Filename=IDElibr32.exe
26491. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121812-2137-99" target="_blank">XILON</a> TROJAN! Related to the game "Diablo II"
26492. Source=Paul Collins Startup list
26493.  
26494. [idecntl]
26495. Number=3764
26496. Confirmed=X
26497. Filename=idecntl.exe
26498. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
26499. Source=Paul Collins Startup list
26500.  
26501. [iDesktop]
26502. Number=3765
26503. Confirmed=U
26504. Filename=idesktop.exe
26505. Description=<a href="http://www.immersion.com/products/ce/generaldownloads.shtml" target="_blank">Immersion TouchWare Desktop</a> software for devices such as the Logitech iFeel Mouse
26506. Source=Paul Collins Startup list
26507.  
26508. [IDMan]
26509. Number=3766
26510. Confirmed=N
26511. Filename=IDMan.exe
26512. Description=<a href="http://www.internetdownloadmanager.com/" target="_blank">Internet Download Manager</a> - download files faster, schedule and resume
26513. Source=Paul Collins Startup list
26514.  
26515. [IDTemplates]
26516. Number=3767
26517. Confirmed=X
26518. Filename=IDTemplate.exe
26519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokh.html" target=_blank>BRONTOK-H</a> WORM!
26520. Source=Paul Collins Startup list
26521.  
26522. [IDW Logging Tool]
26523. Number=3768
26524. Confirmed=N
26525. Filename=idwlog.exe
26526. Description=Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
26527. Source=Paul Collins Startup list
26528.  
26529. [IE configure]
26530. Number=3769
26531. Confirmed=X
26532. Filename=explorer.exe
26533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target="_blank">LINEAGE-C</a> TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
26534. Source=Paul Collins Startup list
26535.  
26536. [IE Doctor]
26537. Number=3770
26538. Confirmed=U
26539. Filename=IEDoctor.exe
26540. Description=IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
26541. Source=Paul Collins Startup list
26542.  
26543. [IE Java Update]
26544. Number=3771
26545. Confirmed=X
26546. Filename=iejava.exe
26547. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenthd.html" target=_blank>AGENT-HD</a> TROJAN!
26548. Source=Paul Collins Startup list
26549.  
26550. [IE Menu Extension toolbar]
26551. Number=3772
26552. Confirmed=X
26553. Filename=rundll32.exe [path] tbextn.dll DllShowTB
26554. Description=Topconverting.com\180Search "IEMenuExtension" toolbar
26555.  
26556. Source=Paul Collins Startup list
26557.  
26558. [IE New Window Maximizer]
26559. Number=3773
26560. Confirmed=U
26561. Filename=iemaximizer.exe
26562. Description=<a href="http://www.jiisoft.com/iemaximizer/" target=_blank>IE New Window Maximizer</a> - automatically maximize new Internet Explorer and Outlook Express windows
26563. Source=Paul Collins Startup list
26564.  
26565. [IE Runtime]
26566. Number=3774
26567. Confirmed=X
26568. Filename=wini.exe
26569. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041813-3041-99" target=_blank>PICRATE.B</a> WORM!
26570. Source=Paul Collins Startup list
26571.  
26572. [IE Runtimes]
26573. Number=3775
26574. Confirmed=X
26575. Filename=winis.exe
26576. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadz.html" target="_blank">RBOT-ADZ</a> TROJAN!
26577. Source=Paul Collins Startup list
26578.  
26579. [IE**.exe [* = random char]]
26580. Number=3776
26581. Confirmed=X
26582. Filename=IE**.exe [* = random char]
26583. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
26584. Source=Paul Collins Startup list
26585.  
26586. [IE**32.exe [* = random char]]
26587. Number=3777
26588. Confirmed=X
26589. Filename=IE**32.exe [* = random char]
26590. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
26591. Source=Paul Collins Startup list
26592.  
26593. [IE-Bar]
26594. Number=3778
26595. Confirmed=X
26596. Filename=iebar.exe
26597. Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453099723" target="_blank">DesktopMedia</a> adware
26598. Source=Paul Collins Startup list
26599.  
26600. [IE6]
26601. Number=3779
26602. Confirmed=X
26603. Filename=wkstmg.exe
26604. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
26605. Source=Paul Collins Startup list
26606.  
26607. [IE6]
26608. Number=3780
26609. Confirmed=X
26610. Filename=ssmss.exe
26611. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082217-1116-99" target=_blank>GAOBOT.DXO</a> WORM!
26612. Source=Paul Collins Startup list
26613.  
26614. [IE6]
26615. Number=3781
26616. Confirmed=X
26617. Filename=porn.pif
26618. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatf.html" target=_blank>RBOT-ATF</a> WORM!
26619. Source=Paul Collins Startup list
26620.  
26621. [IEACCESS]
26622. Number=3782
26623. Confirmed=X
26624. Filename=temp532.exe
26625. Description=<a href="http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html" target=_blank>AsdPlug</a> premium rate adult content dialer variant
26626. Source=Paul Collins Startup list
26627.  
26628. [IEACCESS]
26629. Number=3783
26630. Confirmed=X
26631. Filename=surfya.exe
26632. Description=<a href="http://www.extremetech.com/article2/0,1697,1125674,00.asp" target=_blank>IEAccess</a> premium rate adult content dialer variant
26633. Source=Paul Collins Startup list
26634.  
26635. [IEAgent update check]
26636. Number=3784
26637. Confirmed=X
26638. Filename=iewatch.exe
26639. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012514-0250-99" target=_blank>BOMKA</a> TROJAN!
26640. Source=Paul Collins Startup list
26641.  
26642. [iecheck]
26643. Number=3785
26644. Confirmed=N
26645. Filename=iecheck.exe
26646. Description=Integrity checker for <a href="http://www.iconedit2.com/" target="_blank">IconEdit2</a> icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2
26647. Source=Paul Collins Startup list
26648.  
26649. [IECheck]
26650. Number=3786
26651. Confirmed=X
26652. Filename=MSDTCs.exe
26653. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotd.html" target=_blank>TIRBOT-D</a> WORM!
26654. Source=Paul Collins Startup list
26655.  
26656. [IECheck]
26657. Number=3787
26658. Confirmed=X
26659. Filename=xpssl.exe
26660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbote.html" target= blank>TIRBOT-E</a> WORM!
26661. Source=Paul Collins Startup list
26662.  
26663. [IECheck]
26664. Number=3788
26665. Confirmed=X
26666. Filename=mssvp.exe
26667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotg.html" target=_blank>TIRBOT-G</a> WORM!
26668. Source=Paul Collins Startup list
26669.  
26670. [IECleanAux]
26671. Number=3789
26672. Confirmed=U
26673. Filename=Ieboot6.exe
26674. Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
26675. Source=Paul Collins Startup list
26676.  
26677. [iedll]
26678. Number=3790
26679. Confirmed=X
26680. Filename=iedll.exe
26681. Description=Homepage hijacker, redirecting to coolwwwsearch.com
26682. Source=Paul Collins Startup list
26683.  
26684. [IEDriver]
26685. Number=3791
26686. Confirmed=X
26687. Filename=IEDriver.exe
26688. Description=Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
26689. Source=Paul Collins Startup list
26690.  
26691. [IEDriver]
26692. Number=3792
26693. Confirmed=X
26694. Filename=xplore.exe
26695. Description=<a href="http://sarc.com/avcenter/venc/data/adware.iedriver.html" target=_blank>IEDriver</a> adware variant
26696. Source=Paul Collins Startup list
26697.  
26698. [IEDriver]
26699. Number=3793
26700. Confirmed=X
26701. Filename=TD.exe
26702. Description=<a href="http://sarc.com/avcenter/venc/data/adware.iedriver.html" target=_blank>IEDriver</a> adware variant
26703. Source=Paul Collins Startup list
26704.  
26705. [IEengine]
26706. Number=3794
26707. Confirmed=X
26708. Filename=IEeng.exe
26709. Description=<a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STARTPAG.AI" target="_blank">STARTPAG.AI</a> hijacker
26710. Source=Paul Collins Startup list
26711.  
26712. [IEFeatures]
26713. Number=3795
26714. Confirmed=X
26715. Filename=IEFeatures.exe
26716. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
26717. Source=Paul Collins Startup list
26718.  
26719. [IEFeatures]
26720. Number=3796
26721. Confirmed=X
26722. Filename=Internetfeatures.exe
26723. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
26724. Source=Paul Collins Startup list
26725.  
26726. [IefxTray]
26727. Number=3797
26728. Confirmed=X
26729. Filename=IefxTray.exe
26730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrilerh.html" target=_blank>RILER-H</a> TROJAN!
26731. Source=Paul Collins Startup list
26732.  
26733. [ieharv.exe]
26734. Number=3798
26735. Confirmed=X
26736. Filename=ieharv.exe
26737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhh.html" target=_blank>BANKER-HH</a> TROJAN!
26738. Source=Paul Collins Startup list
26739.  
26740. [Iehelper]
26741. Number=3799
26742. Confirmed=X
26743. Filename=syslaunch.exe
26744. Description=Outwar adware downloader
26745. Source=Paul Collins Startup list
26746.  
26747. [iel2cde8]
26748. Number=3800
26749. Confirmed=X
26750. Filename=rundll32.exe [path] iel2cde8.dll, EnableRunDLL32
26751. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
26752. Source=Paul Collins Startup list
26753.  
26754. [ielcaabe]
26755. Number=3801
26756. Confirmed=X
26757. Filename=rundll32.exe [path] ielcaabe.dll, EnableRunDLL32
26758. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
26759. Source=Paul Collins Startup list
26760.  
26761. [IELoader32]
26762. Number=3802
26763. Confirmed=X
26764. Filename=iexplore32.exe
26765. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070417-1048-99" target="_blank"> SPEX</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112617-3418-99" target="_blank"> SPEX.B</a> WORMS!
26766. Source=Paul Collins Startup list
26767.  
26768. [Iesar]
26769. Number=3803
26770. Confirmed=X
26771. Filename=Iesar.exe
26772. Description=Browser hijacker - redirecting to an adult web page
26773. Source=Paul Collins Startup list
26774.  
26775. [Iesearch.exe]
26776. Number=3804
26777. Confirmed=X
26778. Filename=Iesearch.exe
26779. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.looknsearch.html" target="_blank">LookNSearch</a> adware
26780. Source=Paul Collins Startup list
26781.  
26782. [IESet]
26783. Number=3805
26784. Confirmed=X
26785. Filename=IExplorer.dll
26786. Description=Added by the <a href="http://vil.nai.com/vil/content/v_132935.htm" target="_blank">PWS-BLUEDIT</a> TROJAN!
26787. Source=Paul Collins Startup list
26788.  
26789. [iestart]
26790. Number=3806
26791. Confirmed=X
26792. Filename=iexp1orer.exe
26793. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091023-5351-99" target="_blank">NEMOG.C</a> TROJAN!
26794. Source=Paul Collins Startup list
26795.  
26796. [ietsr]
26797. Number=3807
26798. Confirmed=N
26799. Filename=ietsr.exe
26800. Description=<a href="http://www.nsclean.com/ieclean.html" target="_blank">IEClean</a> by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
26801. Source=Paul Collins Startup list
26802.  
26803. [ieupdate]
26804. Number=3808
26805. Confirmed=X
26806. Filename=MCP****.exe [**** = random char]
26807. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112617-0033-99" target="_blank">ASOXY</a> TROJAN!
26808. Source=Paul Collins Startup list
26809.  
26810. [ieupdate]
26811. Number=3809
26812. Confirmed=X
26813. Filename=mcpdll32.exe
26814. Description=Adware downloader trojan
26815. Source=Paul Collins Startup list
26816.  
26817. [IEXPL0RER]
26818. Number=3810
26819. Confirmed=X
26820. Filename=IEXPL0RER.EXE
26821. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotql.html" target= blank>AGOBOT-QL</a> WORM!
26822.  Note the filename has a "0" rather than an upper case "o"
26823. Source=Paul Collins Startup list
26824.  
26825. [iexpl0res]
26826. Number=3811
26827. Confirmed=X
26828. Filename=iexpl0res.exe
26829. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEX&VSect=T" target=_blank>RBOT.AEX</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot
26830. Source=Paul Collins Startup list
26831.  
26832. [IExploer]
26833. Number=3812
26834. Confirmed=X
26835. Filename=svshosts.exe
26836. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCBOT.BT" target="_blank">IRCBOT.BT</a> TROJAN!
26837. Source=Paul Collins Startup list
26838.  
26839. [Iexploit]
26840. Number=3813
26841. Confirmed=X
26842. Filename=Iexploit.html
26843. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-3836-99" target=_blank>INKER.B</a> WORM!
26844. Source=Paul Collins Startup list
26845.  
26846. [Iexplore]
26847. Number=3814
26848. Confirmed=X
26849. Filename=iexplore.exe
26850. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091117-1653-99" target=_blank>BOXER</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
26851. Source=Paul Collins Startup list
26852.  
26853. [IEXPLORE]
26854. Number=3815
26855. Confirmed=X
26856. Filename=iexplore.exe
26857. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012817-3358-99" target=_blank>APHEXDOOR</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
26858. Source=Paul Collins Startup list
26859.  
26860. [IExplore]
26861. Number=3816
26862. Confirmed=X
26863. Filename=IEXPLORE.EXE
26864. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyz.html" target=_blank>DLOADER-YZ</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Custom" subfolder
26865. Source=Paul Collins Startup list
26866.  
26867. [IExplore]
26868. Number=3817
26869. Confirmed=X
26870. Filename=IEXPLORE.exe
26871. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraam.html" target=_blank>DLOADR-AAM</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the "Arquivos de programas\Internet Explorer\Custom" folder
26872. Source=Paul Collins Startup list
26873.  
26874. [IEXPLORE]
26875. Number=3818
26876. Confirmed=X
26877. Filename=IEXPLORE.EXE
26878. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbwe.html" target="_blank">BANKER-BWE</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
26879. Source=Paul Collins Startup list
26880.  
26881. [Iexplore Services]
26882. Number=3819
26883. Confirmed=X
26884. Filename=iexplore.exe
26885. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup!
26886. Source=Paul Collins Startup list
26887.  
26888. [IEXPLORE.EXE]
26889. Number=3820
26890. Confirmed=X
26891. Filename=[path to trojan]
26892. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscj.html" target=_blank>BANCOS-CJ</a> TROJAN!
26893. Source=Paul Collins Startup list
26894.  
26895. [IEXPLORE.EXE]
26896. Number=3821
26897. Confirmed=X
26898. Filename=goot.exe
26899. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosec.html" target=_blank>BIFROSE-C</a> TROJAN!
26900. Source=Paul Collins Startup list
26901.  
26902. [IExplorer]
26903. Number=3822
26904. Confirmed=X
26905. Filename=Iexplor32.exe
26906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorby.html" target=_blank>BDOOR-BY</a> TROJAN!
26907. Source=Paul Collins Startup list
26908.  
26909. [IExplorer]
26910. Number=3823
26911. Confirmed=X
26912. Filename=IExplorer.EXE
26913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosch.html" target=_blank>BANCOS-CH</a> TROJAN!
26914. Source=Paul Collins Startup list
26915.  
26916. [IEXPLORER]
26917. Number=3824
26918. Confirmed=X
26919. Filename=msiecfg.exe
26920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorju.html" target=_blank>JU</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanip.html" target=_blank>BANCBAN-IP</a> TROJANS!
26921. Source=Paul Collins Startup list
26922.  
26923. [Iexplorer]
26924. Number=3825
26925. Confirmed=X
26926. Filename=explorer.exe
26927. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasac.html" target=_blank>ZAPCHAS-AC</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
26928. Source=Paul Collins Startup list
26929.  
26930. [iexplorer lptt01]
26931. Number=3826
26932. Confirmed=X
26933. Filename=iexplorer.exe
26934. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
26935. Source=Paul Collins Startup list
26936.  
26937. [iexplorer ml097e]
26938. Number=3827
26939. Confirmed=X
26940. Filename=iexplorer.exe
26941. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
26942. Source=Paul Collins Startup list
26943.  
26944. [Iexplorer.exe]
26945. Number=3828
26946. Confirmed=X
26947. Filename=Iexplorer.exe
26948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanen.html" target=_blank>BANCBAN-EN</a> TROJAN!
26949. Source=Paul Collins Startup list
26950.  
26951. [IExplorer32 Java Scripting]
26952. Number=3829
26953. Confirmed=X
26954. Filename=IExplore32b.exe
26955. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABO&VSect=P" target=_blank>RBOT.ABO</a> WORM!
26956. Source=Paul Collins Startup list
26957.  
26958. [IExplorer32c Java Scripting]
26959. Number=3830
26960. Confirmed=X
26961. Filename=IExplore32cb.exe
26962. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABN" target="_blank">RBOT.ABN</a> WORM!
26963. Source=Paul Collins Startup list
26964.  
26965. [IExplorer6 Java Scripting]
26966. Number=3831
26967. Confirmed=X
26968. Filename=IExplore326.exe
26969. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
26970. Source=Paul Collins Startup list
26971.  
26972. [IExplorer7 Java Scripting]
26973. Number=3832
26974. Confirmed=X
26975. Filename=IExplore327.exe
26976. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
26977. Source=Paul Collins Startup list
26978.  
26979. [ifp]
26980. Number=3833
26981. Confirmed=X
26982. Filename=ipf.exe
26983. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerag.html" target="_blank">CLAGGER-AG</a> TROJAN!
26984. Source=Paul Collins Startup list
26985.  
26986. [IFSplash.exe]
26987. Number=3834
26988. Confirmed=U
26989. Filename=IFSplash.exe
26990. Description=I-FORCE driver for force feedback steering wheel
26991. Source=Paul Collins Startup list
26992.  
26993. [igamatu]
26994. Number=3835
26995. Confirmed=X
26996. Filename=ekor.exe
26997. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051316-2854-99" target= blank>SDBOT.AQ</a> TROJAN!
26998. Source=Paul Collins Startup list
26999.  
27000. [igamatu]
27001. Number=3836
27002. Confirmed=X
27003. Filename=atecaca.exe
27004. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.R&VSect=P" target=_blank>IRCBOT.R</a> WORM!
27005. Source=Paul Collins Startup list
27006.  
27007. [igfxtray]
27008. Number=3837
27009. Confirmed=U
27010. Filename=igfxtray.exe
27011. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
27012. Source=Paul Collins Startup list
27013.  
27014. [Iglpbv]
27015. Number=3838
27016. Confirmed=?
27017. Filename=Iglpbv.exe
27018. Description=<font color="#FF0000">??</font>
27019. Source=Paul Collins Startup list
27020.  
27021. [igndlm.exe]
27022. Number=3839
27023. Confirmed=N
27024. Filename=DLM.exe
27025. Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser
27026. Source=Paul Collins Startup list
27027.  
27028. [igsex2x]
27029. Number=3840
27030. Confirmed=X
27031. Filename=igsex2x.exe
27032. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102813-2445-99" target=_blank>NewDial</a> premium rate adult content dialler
27033. Source=Paul Collins Startup list
27034.  
27035. [iHP-100]
27036. Number=3841
27037. Confirmed=?
27038. Filename=iHPDetect.exe
27039. Description=Drive Letter Searcher, <a href="http://www.redchairsoftware.com/irivium/" target=_blank>iRiver</a> iHP-100 iHP and H Series player related - <font color="#FF0000">does it need to start with Windows every time?</font>
27040. Source=Paul Collins Startup list
27041.  
27042. [iilc]
27043. Number=3842
27044. Confirmed=X
27045. Filename=IILC.EXE
27046. Description=Homepage hijacker
27047. Source=Paul Collins Startup list
27048.  
27049. [Iinl]
27050. Number=3843
27051. Confirmed=X
27052. Filename=iptl.exe
27053. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
27054. Source=Paul Collins Startup list
27055.  
27056. [iisvers]
27057. Number=3844
27058. Confirmed=X
27059. Filename=iisvers.exe
27060. Description=Added by an unidentified TROJAN or adware
27061. Source=Paul Collins Startup list
27062.  
27063. [iIWiper]
27064. Number=3845
27065. Confirmed=N
27066. Filename=Systemwiper.exe
27067. Description=<a href="http://iisoftware.net/index.php?clean.html" target="_blank">System Wiper</a> from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
27068. Source=Paul Collins Startup list
27069.  
27070. [IJ75P2PSERVER]
27071. Number=3846
27072. Confirmed=Y
27073. Filename=IJ75P2PS.EXE
27074. Description=Printer utility which is required in order to make the printer work correctly
27075. Source=Paul Collins Startup list
27076.  
27077. [IKE Service 95]
27078. Number=3847
27079. Confirmed=Y
27080. Filename=IKEService.exe
27081. Description=Associated with <a href="http://www.pgpi.org/" target="_blank">PGP</a>. The PGP Tray can be
27082. disabled, but without IKESERVICE you won't be able to de- or encrypt anything
27083. Source=Paul Collins Startup list
27084.  
27085. [iKeyWorks]
27086. Number=3848
27087. Confirmed=U
27088. Filename=IKEYMAIN.EXE
27089. Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless keyboard driver and utility
27090. Source=Paul Collins Startup list
27091.  
27092. [iLLeGaL]
27093. Number=3849
27094. Confirmed=X
27095. Filename=Mplayer.exe
27096. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120413-1702-99" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
27097. Source=Paul Collins Startup list
27098.  
27099. [iLLeGaL.exe]
27100. Number=3850
27101. Confirmed=X
27102. Filename=Mplayer.exe
27103. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C" target="_blank">HOLAR.C</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120413-1702-99" target="_blank">GALIL</a>) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
27104. Source=Paul Collins Startup list
27105.  
27106. [ILO_Office_Manager]
27107. Number=3851
27108. Confirmed=?
27109. Filename=IntEdReg.exe /OFFMAN
27110. Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
27111. Source=Paul Collins Startup list
27112.  
27113. [iLyric]
27114. Number=3852
27115. Confirmed=U
27116. Filename=iLyric.exe
27117. Description=<a href="http://www.ilyric.net/winamp.html" target=_blank>iLyric</a> plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button
27118.  
27119. Source=Paul Collins Startup list
27120.  
27121. [iM Start Center]
27122. Number=3853
27123. Confirmed=N
27124. Filename=iM_Tray.exe
27125. Description=Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner
27126. Source=Paul Collins Startup list
27127.  
27128. [Image]
27129. Number=3854
27130. Confirmed=X
27131. Filename=rundll32 image.dll, Install
27132. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
27133. Source=Paul Collins Startup list
27134.  
27135. [Image & Restore]
27136. Number=3855
27137. Confirmed=Y
27138. Filename=IMAGE32.exe
27139. Description=Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
27140. Source=Paul Collins Startup list
27141.  
27142. [Image Transfer]
27143. Number=3856
27144. Confirmed=N
27145. Filename=SonyTray.exe
27146. Description=Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually
27147. Source=Paul Collins Startup list
27148.  
27149. [ImageDrive-{hex numbers}]
27150. Number=3857
27151. Confirmed=U
27152. Filename=ImageDrive.exe
27153. Description=<a href="http://www.nero.com/en/631910958042754.html" target="_blank">Nero ImageDrive</a> from Ahead - virtual CD/DVD drive software
27154. Source=Paul Collins Startup list
27155.  
27156. [Imagefox]
27157. Number=3858
27158. Confirmed=U
27159. Filename=imagefox.exe
27160. Description=ImageFox 2.0 (formerly available from <a href="http://www.acdsee.com/" target="_blank">ACDSee</a>) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
27161. Source=Paul Collins Startup list
27162.  
27163. [Imagemgt32]
27164. Number=3859
27165. Confirmed=X
27166. Filename=Imagemgt32.exe
27167. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
27168. Source=Paul Collins Startup list
27169.  
27170. [ImagePath]
27171. Number=3860
27172. Confirmed=X
27173. Filename=taskbarmngr.exe
27174. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxb.html" target=_blank>SDBOT-XB</a> WORM!
27175. Source=Paul Collins Startup list
27176.  
27177. [IMAPI]
27178. Number=3861
27179. Confirmed=X
27180. Filename=load.exe
27181. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdowndela.html" target=_blank>DOWNDEL-A</a> TROJAN!
27182. Source=Paul Collins Startup list
27183.  
27184. [iMarkup Client]
27185. Number=3862
27186. Confirmed=N
27187. Filename=iUtil.exe
27188. Description=Enables the <a href="http://www.imarkup.com/products/imarkup_client.asp" target=blank>iMarkup Client</a> web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs
27189. Source=Paul Collins Startup list
27190.  
27191. [Imatio]
27192. Number=3863
27193. Confirmed=U
27194. Filename=imation.exe
27195. Description=<a href="http://www.imation.com/products/flash_devices/downloads.html" target="_blank">Imation Disk Manager</a> - enables you to create a password protected area on your Imation USB flash drive
27196. Source=Paul Collins Startup list
27197.  
27198. [IMClass]
27199. Number=3864
27200. Confirmed=X
27201. Filename=Svhosl.exe
27202. Description=Added by an unidentified WORM or TROJAN!
27203. Source=Paul Collins Startup list
27204.  
27205. [imekrig]
27206. Number=3865
27207. Confirmed=N
27208. Filename=imekrig.exe
27209. Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
27210. Source=Paul Collins Startup list
27211.  
27212. [IMEKRMIG6.1]
27213. Number=3866
27214. Confirmed=N
27215. Filename=IMEKRMIG.EXE
27216. Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
27217. Source=Paul Collins Startup list
27218.  
27219. [Imesh]
27220. Number=3867
27221. Confirmed=N
27222. Filename=??
27223. Description=<a href="http://www.imesh.com" target="_blank">Imesh</a> is a file sharing system
27224. Source=Paul Collins Startup list
27225.  
27226. [Imesh Auto Update]
27227. Number=3868
27228. Confirmed=N
27229. Filename=??
27230. Description=Update check for the <a href="http://www.imesh.com" target=_blank>Imesh</a> file sharing system. Turn the update off under "options"
27231. Source=Paul Collins Startup list
27232.  
27233. [IMEvtMgr.exe]
27234. Number=3869
27235. Confirmed=X
27236. Filename=IMEvtMgr.exe
27237. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogar.html" target=_blank>KEYLOG-AR</a> TROJAN!
27238. Source=Paul Collins Startup list
27239.  
27240. [ImgIcon]
27241. Number=3870
27242. Confirmed=U
27243. Filename=ImgIcon.exe
27244. Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
27245. Source=Paul Collins Startup list
27246.  
27247. [imgit]
27248. Number=3871
27249. Confirmed=X
27250. Filename=[path to file]
27251. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerem.html" target=_blank>BANKER-EM</a> TROJAN!
27252. Source=Paul Collins Startup list
27253.  
27254. [ImgStart]
27255. Number=3872
27256. Confirmed=N
27257. Filename=ImgStart.exe
27258. Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
27259. Source=Paul Collins Startup list
27260.  
27261. [Imjpmig*.*]
27262. Number=3873
27263. Confirmed=N
27264. Filename=IMJPMIG.EXE
27265. Description=Part of MS <a href="http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp" target="_blank">Input Method Editor</a> which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). *.* represents the version number
27266. Source=Paul Collins Startup list
27267.  
27268. [immcheck.exe]
27269. Number=3874
27270. Confirmed=?
27271. Filename=immcheck.exe
27272. Description=<font color="#FF0000">Related to I-FORCE driver for force feedback steering wheel?</font>
27273. Source=Paul Collins Startup list
27274.  
27275. [ImMsn]
27276. Number=3875
27277. Confirmed=X
27278. Filename=timed.exe
27279. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=BKDR_WEBDOR.AK" target="_blank">WEBDOR.AK</a> TROJAN!
27280. Source=Paul Collins Startup list
27281.  
27282. [IMOL]
27283. Number=3876
27284. Confirmed=U
27285. Filename=IMOLApp.exe
27286. Description=<a href="http://www.incredimail.com/" target=_blank>IncrediMail</a> for Office Outlook Add-On
27287. Source=Paul Collins Startup list
27288.  
27289. [Imonitor]
27290. Number=3877
27291. Confirmed=N
27292. Filename=Plguni.exe
27293. Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
27294. Source=Paul Collins Startup list
27295.  
27296. [imonitor]
27297. Number=3878
27298. Confirmed=X
27299. Filename=[path to trojan]
27300. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojimonia.html" target="_blank">IMONI-A</a> TROJAN!
27301. Source=Paul Collins Startup list
27302.  
27303. [IMONTRAY]
27304. Number=3879
27305. Confirmed=U
27306. Filename=imontray.exe
27307. Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
27308. Source=Paul Collins Startup list
27309.  
27310. [IMprocess]
27311. Number=3880
27312. Confirmed=X
27313. Filename=IM-svr.EXE
27314. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-041214-2538-99" target="_blank">IMNames</a> adware
27315. Source=Paul Collins Startup list
27316.  
27317. [IMStart]
27318. Number=3881
27319. Confirmed=U
27320. Filename=IMStart.exe
27321. Description=<a href="http://www.intermute.com/products/index.html" target=_blank>InterMute</a> security software related
27322. Source=Paul Collins Startup list
27323.  
27324. [imwinsrvc]
27325. Number=3882
27326. Confirmed=X
27327. Filename=acpmonsrv.exe
27328. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Win32.Slaper.e&threatid=76053" target="_blank">SLAPER.E</a> TROJAN!
27329. Source=Paul Collins Startup list
27330.  
27331. [IMwire]
27332. Number=3883
27333. Confirmed=X
27334. Filename=imwireup.exe
27335. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant
27336.  
27337. Source=Paul Collins Startup list
27338.  
27339. [im_autorn]
27340. Number=3884
27341. Confirmed=X
27342. Filename=im_1.exe
27343. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012610-4055-99" target=_blank>IMAV.A</a> WORM!
27344. Source=Paul Collins Startup list
27345.  
27346. [im_autorn]
27347. Number=3885
27348. Confirmed=X
27349. Filename=im_2.exe
27350. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlbo.html" target=_blank>BAGLEDL-BO</a> TROJAN!
27351. Source=Paul Collins Startup list
27352.  
27353. [InCD]
27354. Number=3886
27355. Confirmed=Y
27356. Filename=incd.exe
27357. Description=Ahead <a href="http://www.nero.com/" target=_blank>InCD</a> packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows
27358. Source=Paul Collins Startup list
27359.  
27360. [IncMail]
27361. Number=3887
27362. Confirmed=N
27363. Filename=IncMail.exe
27364. Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
27365. Source=Paul Collins Startup list
27366.  
27367. [InControl Desktop Manager]
27368. Number=3888
27369. Confirmed=N
27370. Filename=DMHKEY.EXE
27371. Description=For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs
27372. Source=Paul Collins Startup list
27373.  
27374. [Incredimail]
27375. Number=3889
27376. Confirmed=N
27377. Filename=incredimail.exe
27378. Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
27379. Source=Paul Collins Startup list
27380.  
27381. [Incredimail]
27382. Number=3890
27383. Confirmed=N
27384. Filename=IncMail.exe
27385. Description="<a href="http://www.incredimail.com/english/index.html" target="_blank">IncrediMail</a> is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
27386. Source=Paul Collins Startup list
27387.  
27388. [Index Service]
27389. Number=3891
27390. Confirmed=X
27391. Filename=dllhost32.exe
27392. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CH&VSect=P" target=_blank>AGOBOT.CH</a> WORM!
27393. Source=Paul Collins Startup list
27394.  
27395. [Index Washer]
27396. Number=3892
27397. Confirmed=U
27398. Filename=WashIdx.exe
27399. Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
27400. Source=Paul Collins Startup list
27401.  
27402. [Indexindicator]
27403. Number=3893
27404. Confirmed=X
27405. Filename=Indexindicator.exe
27406. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
27407. Source=Paul Collins Startup list
27408.  
27409. [IndexSearch]
27410. Number=3894
27411. Confirmed=N
27412. Filename=IndexSearch.exe
27413. Description=Associated with PaperPort scanner software from ScanSoft
27414. Source=Paul Collins Startup list
27415.  
27416. [IndexTray]
27417. Number=3895
27418. Confirmed=U
27419. Filename=IndexTray.exe
27420. Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
27421. Source=Paul Collins Startup list
27422.  
27423. [ine]
27424. Number=3896
27425. Confirmed=X
27426. Filename=svchosts.exe
27427. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41546" target= blank>RBOT.BNL</a> WORM!
27428. Source=Paul Collins Startup list
27429.  
27430. [Inet DataBase]
27431. Number=3897
27432. Confirmed=X
27433. Filename=Inetdbs.exe
27434. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121309-1750-99" target=_blank>QEDS</a> WORM!
27435. Source=Paul Collins Startup list
27436.  
27437. [Inet Delivery]
27438. Number=3898
27439. Confirmed=X
27440. Filename=inetdl.exe
27441. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.intdel.html" target=_blank>Inet Delivery</a> adware
27442. Source=Paul Collins Startup list
27443.  
27444. [Inet Delivery]
27445. Number=3899
27446. Confirmed=X
27447. Filename=inetdl_2.exe
27448. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.intdel.html" target=_blank>Inet Delivery</a> adware
27449. Source=Paul Collins Startup list
27450.  
27451. [Inetapi]
27452. Number=3900
27453. Confirmed=X
27454. Filename=Netapi.exe
27455. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
27456. Source=Paul Collins Startup list
27457.  
27458. [inetcntrl]
27459. Number=3901
27460. Confirmed=U
27461. Filename=inetcntrl.exe
27462. Description=Bsafe Online - internet filter
27463. Source=Paul Collins Startup list
27464.  
27465. [InetConf]
27466. Number=3902
27467. Confirmed=?
27468. Filename=inetconf.exe
27469. Description=<font color="#FF0000">??</font>
27470. Source=Paul Collins Startup list
27471.  
27472. [Inetd]
27473. Number=3903
27474. Confirmed=U
27475. Filename=INETD32.EXE
27476. Description=<a href="http://www.hummingbird.com/products/nc/inetd/index.html?cks=y" target="_blank">Windows Inet Daemon</a> from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
27477. Source=Paul Collins Startup list
27478.  
27479. [inetinfo.exe]
27480. Number=3904
27481. Confirmed=U
27482. Filename=inetinfo.exe
27483. Description=Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)
27484. Source=Paul Collins Startup list
27485.  
27486. [inetinfomon manager]
27487. Number=3905
27488. Confirmed=X
27489. Filename=inetinfomon.exe
27490. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
27491. Source=Paul Collins Startup list
27492.  
27493. [inetmgr]
27494. Number=3906
27495. Confirmed=X
27496. Filename=inetmgr.exe
27497. Description=Actual Names <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075255" target="_blank">(AdvSearch)</a> Internet Keywords parasite
27498. Source=Paul Collins Startup list
27499.  
27500. [InetMSN]
27501. Number=3907
27502. Confirmed=X
27503. Filename=msnet.exe
27504. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
27505. Source=Paul Collins Startup list
27506.  
27507. [InetServices]
27508. Number=3908
27509. Confirmed=X
27510. Filename=wsock32.exe
27511. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwock32a.html" target="_blank">WOCK32-A</a> TROJAN!
27512. Source=Paul Collins Startup list
27513.  
27514. [infamous.exe]
27515. Number=3909
27516. Confirmed=X
27517. Filename=wmplayer.exe
27518. Description=Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup. Infamous.exe is identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trj/Briss.A
27519. Source=Paul Collins Startup list
27520.  
27521. [Info Select]
27522. Number=3910
27523. Confirmed=U
27524. Filename=is.exe
27525. Description=<a href="http://www.miclog.com/isover.htm" target="_blank">Info Select</a> from Micro Logic - personal information manager
27526. Source=Paul Collins Startup list
27527.  
27528. [Info32x]
27529. Number=3911
27530. Confirmed=X
27531. Filename=Info32x.exe
27532. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
27533. Source=Paul Collins Startup list
27534.  
27535. [InfoPenMSN]
27536. Number=3912
27537. Confirmed=U
27538. Filename=InfoPenIM.exe
27539. Description=<a href="http://www.infopen.com.tw/english/es/" target=_blank>InfoPenMSN</a> is a MSN Messenger plugin that allows you to send data written/drawn by hand 
27540. Source=Paul Collins Startup list
27541.  
27542. [Infoplay.exe]
27543. Number=3913
27544. Confirmed=?
27545. Filename=Infoplay.exe
27546. Description=<font color="#FF0000">Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine <a href="http://www.allyoursearch.com/" target="_blank">websites</a> (which I chose not to). What does it do and is it needed?</font>
27547. Source=Paul Collins Startup list
27548.  
27549. [Information Update]
27550. Number=3914
27551. Confirmed=X
27552. Filename=iu.exe
27553. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Downloader.Win32.Centim.ch TROJAN! Note - the file associated with this is located in the Program Files\Information Update folder
27554. Source=Paul Collins Startup list
27555.  
27556. [Infra-red Monitor]
27557. Number=3915
27558. Confirmed=U
27559. Filename=IRMON.EXE
27560. Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
27561. Source=Paul Collins Startup list
27562.  
27563. [infus]
27564. Number=3916
27565. Confirmed=X
27566. Filename=infus.exe
27567. Description=Adult content dialler
27568. Source=Paul Collins Startup list
27569.  
27570. [Infuzer]
27571. Number=3917
27572. Confirmed=U
27573. Filename=Infuzer.exe
27574. Description=<a href="http://www.infuzer.com/IDC/features/" target="_blank">Infuzer</a> - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
27575. Source=Paul Collins Startup list
27576.  
27577. [infwin]
27578. Number=3918
27579. Confirmed=X
27580. Filename=infwin.exe
27581. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
27582. Source=Paul Collins Startup list
27583.  
27584. [Init32]
27585. Number=3919
27586. Confirmed=X
27587. Filename=Init32.exe
27588. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101615-2959-99" target=_blank>WINEX.A</a> TROJAN!
27589. Source=Paul Collins Startup list
27590.  
27591. [Initial Page]
27592. Number=3920
27593. Confirmed=X
27594. Filename=install.exe
27595. Description=EasySearch browser hijack installer
27596.  
27597. Source=Paul Collins Startup list
27598.  
27599. [Initialize8x8]
27600. Number=3921
27601. Confirmed=Y
27602. Filename=8x8_init.exe
27603. Description=Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
27604. Source=Paul Collins Startup list
27605.  
27606. [injob]
27607. Number=3922
27608. Confirmed=X
27609. Filename=injobs.exe
27610. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062609-4017-99" target=_blank>BINJO</a> TROJAN!
27611. Source=Paul Collins Startup list
27612.  
27613. [Ink Monitor]
27614. Number=3923
27615. Confirmed=N
27616. Filename=InkMonitor.exe
27617. Description=Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
27618. Source=Paul Collins Startup list
27619.  
27620. [InkWatch]
27621. Number=3924
27622. Confirmed=N
27623. Filename=InkWatch.exe
27624. Description=Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
27625. Source=Paul Collins Startup list
27626.  
27627. [InoRPC]
27628. Number=3925
27629. Confirmed=Y
27630. Filename=InoRpc.exe
27631. Description=Associated with <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a>
27632. Source=Paul Collins Startup list
27633.  
27634. [InoRT]
27635. Number=3926
27636. Confirmed=Y
27637. Filename=InoRT9x.exe
27638. Description=Associated with the Realtime Monitor of <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage
27639. Source=Paul Collins Startup list
27640.  
27641. [InoTask]
27642. Number=3927
27643. Confirmed=U
27644. Filename=InoTask.exe
27645. Description=Scheduled scans and signature updates for <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates
27646. Source=Paul Collins Startup list
27647.  
27648. [insCOA5]
27649. Number=3928
27650. Confirmed=?
27651. Filename=insCOA5.exe
27652. Description=<font color="#FF0000">??</font>
27653. Source=Paul Collins Startup list
27654.  
27655. [InstaAlert]
27656. Number=3929
27657. Confirmed=U
27658. Filename=InstaAlert.exe
27659. Description="Kayako <a href="http://www.kayako.com/instaalert.php" target="_blank">InstaAlert</a> allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"
27660. Source=Paul Collins Startup list
27661.  
27662. [InstaFinderK]
27663. Number=3930
27664. Confirmed=X
27665. Filename=InstaFinderK inst.exe
27666. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040516-0442-99" target=_blank>InstaFinder</a> adware
27667. Source=Paul Collins Startup list
27668.  
27669. [Install]
27670. Number=3931
27671. Confirmed=X
27672. Filename=Install.exe
27673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhg.html" target=_blank>BANCBAN-HG</a> TROJAN!
27674. Source=Paul Collins Startup list
27675.  
27676. [Install Pending Files]
27677. Number=3932
27678. Confirmed=?
27679. Filename=sifxinst.exe
27680. Description=Uninstall program for <a href="http://www.lanovation.com/" target="_blank">Lanovation's</a> Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see <font color="#FF0000"><a href="http://www.lanovation.com/support/docs/General/rollbackfiles_prism.htm" target="_blank">here</a>. Is it required?</font>
27681. Source=Paul Collins Startup list
27682.  
27683. [InstallAurealDemos]
27684. Number=3933
27685. Confirmed=N
27686. Filename=InstallAurealDemos.js
27687. Description=Used to initialize the Aureal A3D demos InstallShield wizard
27688. Source=Paul Collins Startup list
27689.  
27690. [InstallBuddy]
27691. Number=3934
27692. Confirmed=U
27693. Filename=Ibtna.exe
27694. Description=<a href="http://www.bluenomad.com/ib/prod_installbuddy_details.html" target="_blank">InstallBuddy</a> - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
27695. Source=Paul Collins Startup list
27696.  
27697. [Installed shell32.dll]
27698. Number=3935
27699. Confirmed=X
27700. Filename=Office.exe...
27701. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
27702. Source=Paul Collins Startup list
27703.  
27704. [Installer]
27705. Number=3936
27706. Confirmed=X
27707. Filename=dial.exe
27708. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the AGENT.MM TROJAN!
27709. Source=Paul Collins Startup list
27710.  
27711. [InstallNAIProduct]
27712. Number=3937
27713. Confirmed=?
27714. Filename=SETUP.EXE
27715. Description=<font color="#FF0000">Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?</font>
27716. Source=Paul Collins Startup list
27717.  
27718. [Installs SP2]
27719. Number=3938
27720. Confirmed=X
27721. Filename=[path] repcale.exe [path] palsp.exe
27722. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
27723. Source=Paul Collins Startup list
27724.  
27725. [Installstub]
27726. Number=3939
27727. Confirmed=U
27728. Filename=installstub.exe
27729. Description=Tool for Outlook and Outlook Express from <a href="http://www.plaxo.com/" target="_blank">Plaxo</a> for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone
27730. Source=Paul Collins Startup list
27731.  
27732. [Instance 001]
27733. Number=3940
27734. Confirmed=X
27735. Filename=[path to worm]
27736. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alasroua.html" target=_blank>Alasrou-A</a> WORM!
27737. Source=Paul Collins Startup list
27738.  
27739. [Instant Access]
27740. Number=3941
27741. Confirmed=X
27742. Filename=rundll32.exe EGDHTML_1023.dll, InstantAccess
27743. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27744. Source=Paul Collins Startup list
27745.  
27746. [Instant Access]
27747. Number=3942
27748. Confirmed=X
27749. Filename=rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits]
27750. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27751. Source=Paul Collins Startup list
27752.  
27753. [Instant Access]
27754. Number=3943
27755. Confirmed=X
27756. Filename=rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits]
27757. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27758. Source=Paul Collins Startup list
27759.  
27760. [Instant Access]
27761. Number=3944
27762. Confirmed=X
27763. Filename=rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits]
27764. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27765. Source=Paul Collins Startup list
27766.  
27767. [Instant Access]
27768. Number=3945
27769. Confirmed=X
27770. Filename=rundll32.exe EGDACCESS_****.dll, InstantAccess [**** = digits]
27771. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27772. Source=Paul Collins Startup list
27773.  
27774. [Instant Access]
27775. Number=3946
27776. Confirmed=X
27777. Filename=rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits]
27778. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target=_blank>Electronic_Group/InstantAccess</a> premium rate adult content dialer variant
27779. Source=Paul Collins Startup list
27780.  
27781. [Instant Access]
27782. Number=3947
27783. Confirmed=X
27784. Filename=mwsrvacc.exe
27785. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target="_blank">InstantAccess</a> premium rate adult content dialer
27786. Source=Paul Collins Startup list
27787.  
27788. [Instant Access]
27789. Number=3948
27790. Confirmed=X
27791. Filename=linewsrv.exe
27792. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010517-1801-99" target="_blank">InstantAccess</a> premium rate adult content dialer variant
27793. Source=Paul Collins Startup list
27794.  
27795. [Instant Buzz Daemon]
27796. Number=3949
27797. Confirmed=X
27798. Filename=IBDaemon.exe
27799. Description=<a href="http://www.publishingcentral.com/news.php?story=72" target="_blank">Instant Buzz</a> adware
27800. Source=Paul Collins Startup list
27801.  
27802. [Instant Update Center]
27803. Number=3950
27804. Confirmed=N
27805. Filename=reminder.exe
27806. Description=From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG.  PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
27807. Source=Paul Collins Startup list
27808.  
27809. [Instant Wireless Configuration Utility]
27810. Number=3951
27811. Confirmed=U
27812. Filename=WUSB11cfg.exe
27813. Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
27814. Source=Paul Collins Startup list
27815.  
27816. [Instant Wireless Configuration Utility]
27817. Number=3952
27818. Confirmed=U
27819. Filename=WPC11Cfg.exe
27820. Description=Utility used by the <a href="http://www.linksys.com/default.asp" target=_blank>LINKSYS</a> wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
27821. Source=Paul Collins Startup list
27822.  
27823. [InstantAccess]
27824. Number=3953
27825. Confirmed=N
27826. Filename=INSTAN~1.EXE
27827. Description=From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
27828. Source=Paul Collins Startup list
27829.  
27830. [InstantDrive]
27831. Number=3954
27832. Confirmed=U
27833. Filename=InstantDrive.exe
27834. Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
27835. Source=Paul Collins Startup list
27836.  
27837. [InstantPleasure]
27838. Number=3955
27839. Confirmed=X
27840. Filename=instantpleasure.exe
27841. Description=Adult content dialler
27842. Source=Paul Collins Startup list
27843.  
27844. [InstantPleasureXXX]
27845. Number=3956
27846. Confirmed=X
27847. Filename=instantpleasurexxx.exe
27848. Description=Adult content dialler
27849. Source=Paul Collins Startup list
27850.  
27851. [InstantTray]
27852. Number=3957
27853. Confirmed=N
27854. Filename=PCLETray.exe
27855. Description=<a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=7" target=_blank>Pinnacle InstantCD/DVD</a> disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually
27856. Source=Paul Collins Startup list
27857.  
27858. [instit]
27859. Number=3958
27860. Confirmed=X
27861. Filename=instit.bat
27862. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111119-3659-99" target="_blank">OPASERV.H</a> WORM!
27863. Source=Paul Collins Startup list
27864.  
27865. [instit]
27866. Number=3959
27867. Confirmed=X
27868. Filename=INSTIT.BAT
27869. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.K" target="_blank">OPASERV.K</a> WORM!
27870. Source=Paul Collins Startup list
27871.  
27872. [InstUtlR.exe]
27873. Number=3960
27874. Confirmed=?
27875. Filename=InstUtlR.exe
27876. Description=<font color="#FF0000">??</font>
27877. Source=Paul Collins Startup list
27878.  
27879. [intdctrr]
27880. Number=3961
27881. Confirmed=X
27882. Filename=idctup20.exe
27883. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant
27884.  
27885. Source=Paul Collins Startup list
27886.  
27887. [Intec Service Drivers]
27888. Number=3962
27889. Confirmed=X
27890. Filename=msmsgrs.exe
27891. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadn.html" target=_blank>SDBOT-ADN</a> WORM!
27892. Source=Paul Collins Startup list
27893.  
27894. [Intec Service Drivers]
27895. Number=3963
27896. Confirmed=X
27897. Filename=[path to worm]
27898. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglu.html" target="_blank">RBOT-GLU</a> WORM!
27899. Source=Paul Collins Startup list
27900.  
27901. [Intec Services Driverrs]
27902. Number=3964
27903. Confirmed=X
27904. Filename=winrvc.exe
27905. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
27906. Source=Paul Collins Startup list
27907.  
27908. [Intel Active Monitor]
27909. Number=3965
27910. Confirmed=U
27911. Filename=imontray.exe
27912. Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
27913. Source=Paul Collins Startup list
27914.  
27915. [Intel Driver]
27916. Number=3966
27917. Confirmed=X
27918. Filename=csrs.exe
27919. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
27920. Source=Paul Collins Startup list
27921.  
27922. [Intel File Transfer]
27923. Number=3967
27924. Confirmed=U
27925. Filename=xfr.exe
27926. Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
27927. Source=Paul Collins Startup list
27928.  
27929. [Intel PDS]
27930. Number=3968
27931. Confirmed=U
27932. Filename=pds.exe
27933. Description=Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
27934. Source=Paul Collins Startup list
27935.  
27936. [Intel Product Number Utility]
27937. Number=3969
27938. Confirmed=U
27939. Filename=IntelProcNumUtility.exe
27940. Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/sb/cs-007578.htm" target="_blank">here</a>
27941. Source=Paul Collins Startup list
27942.  
27943. [Intel PROSet Tray Icon]
27944. Number=3970
27945. Confirmed=N
27946. Filename=promon.exe
27947. Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
27948. Source=Paul Collins Startup list
27949.  
27950. [Intel Service Drivers]
27951. Number=3971
27952. Confirmed=X
27953. Filename=msconfig16.exe
27954. Description=Added by the <a href="http://www.superadblocker.com/M/MSCONFIG16.EXE-6417.html" target=_blank>MSCONFIG16</a> TROJAN!
27955. Source=Paul Collins Startup list
27956.  
27957. [Intel system tool]
27958. Number=3972
27959. Confirmed=X
27960. Filename=hookdump.exe
27961. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreh.html" target=_blank>SPYRE-H</a> TROJAN!
27962. Source=Paul Collins Startup list
27963.  
27964. [Intel system tool]
27965. Number=3973
27966. Confirmed=X
27967. Filename=winnook.exe
27968. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyrec.html" target=_blank>SPYRE-C</a> TROJAN!
27969. Source=Paul Collins Startup list
27970.  
27971. [Intel system tool]
27972. Number=3974
27973. Confirmed=X
27974. Filename=svehost.exe
27975. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentebt.html" target="_blank">AGENT-EBT</a> TROJAN!
27976. Source=Paul Collins Startup list
27977.  
27978. [Intel system works]
27979. Number=3975
27980. Confirmed=X
27981. Filename=iis.exe
27982. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QGA" target="_blank">RBOT.QGA</a> WORM!
27983. Source=Paul Collins Startup list
27984.  
27985. [Intel(R) Common User Interface]
27986. Number=3976
27987. Confirmed=U
27988. Filename=hkcmd.exe
27989. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
27990. Source=Paul Collins Startup list
27991.  
27992. [Intel(R) Common User Interface]
27993. Number=3977
27994. Confirmed=N
27995. Filename=igfxpers.exe
27996. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
27997. Source=Paul Collins Startup list
27998.  
27999. [intel32.exe]
28000. Number=3978
28001. Confirmed=X
28002. Filename=intel32.exe
28003. Description=Added by the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojspyjackb.html" target="_blank">SPYJACK-B</a> TROJAN!
28004. Source=Paul Collins Startup list
28005.  
28006. [IntelAPMClient]
28007. Number=3979
28008. Confirmed=U
28009. Filename=amclient.exe
28010. Description=LANDesk <a href="http://www.landesk.com/Products/LDMS/" target=_blank>Management Suite</a> software component
28011. Source=Paul Collins Startup list
28012.  
28013. [IntelAudioStudio]
28014. Number=3980
28015. Confirmed=N
28016. Filename=IntelAudioStudio.exe
28017. Description="<a href="http://www.intel.com/design/motherbd/software/ias/index.htm" target="_blank">Intel Audio Studio</a> combines Intel« High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with Intel motherboards
28018. Source=Paul Collins Startup list
28019.  
28020. [InteliSys]
28021. Number=3981
28022. Confirmed=X
28023. Filename=smss.exe
28024. Description=Advertisingvision adware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
28025. Source=Paul Collins Startup list
28026.  
28027. [intell32.exe]
28028. Number=3982
28029. Confirmed=X
28030. Filename=intell32.exe
28031. Description=Added by the SmitFraud alias <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072415-2405-99" target="_blank">Desktophijack.C</a> TROJAN!
28032. Source=Paul Collins Startup list
28033.  
28034. [intell321.exe]
28035. Number=3983
28036. Confirmed=X
28037. Filename=intell321.exe
28038. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>SPYJACK-B</a> TROJAN! 
28039.  
28040. Source=Paul Collins Startup list
28041.  
28042. [Intelliflag_be.exe]
28043. Number=3984
28044. Confirmed=X
28045. Filename=Intelliflag_be.exe
28046. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012616-2554-99" target=_blank>Intelliflag</a> SPYWARE!
28047. Source=Paul Collins Startup list
28048.  
28049. [IntelliPoint]
28050. Number=3985
28051. Confirmed=U
28052. Filename=point32.exe
28053. Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
28054. Source=Paul Collins Startup list
28055.  
28056. [Intellitype]
28057. Number=3986
28058. Confirmed=U
28059. Filename=type32.exe
28060. Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
28061. Source=Paul Collins Startup list
28062.  
28063. [IntelMEM]
28064. Number=3987
28065. Confirmed=U
28066. Filename=IntelMEM.exe
28067. Description=Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
28068. Source=Paul Collins Startup list
28069.  
28070. [IntelProcNumUtility]
28071. Number=3988
28072. Confirmed=U
28073. Filename=cpunumber.exe
28074. Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information <a href="http://www.intel.com/support/processors/pentiumiii/sb/cs-007578.htm" target="_blank">here</a>
28075. Source=Paul Collins Startup list
28076.  
28077. [IntelWireless]
28078. Number=3989
28079. Confirmed=Y
28080. Filename=ifrmewrk.exe
28081. Description=Associated with the Intel PRO/Set Wireless software
28082. Source=Paul Collins Startup list
28083.  
28084. [IntelZeroConfig]
28085. Number=3990
28086. Confirmed=U
28087. Filename=ZCfgSvc.exe
28088. Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
28089. Source=Paul Collins Startup list
28090.  
28091. [Intel« Common User Interface]
28092. Number=3991
28093. Confirmed=U
28094. Filename=igfxtray.exe
28095. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
28096. Source=Paul Collins Startup list
28097.  
28098. [Intense Registry Service]
28099. Number=3992
28100. Confirmed=?
28101. Filename=IntEdReg.exe /CHECK
28102. Description=<a href="http://www.intense.co.uk/" target="_blank">Intense Educational Ltd</a> - Language Office Software. <font color="#FF0000">Is it required?</font>
28103. Source=Paul Collins Startup list
28104.  
28105. [InterceptedSystem]
28106. Number=3993
28107. Confirmed=X
28108. Filename=[path to worm]
28109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
28110. Source=Paul Collins Startup list
28111.  
28112. [InterCheck Monitor]
28113. Number=3994
28114. Confirmed=Y
28115. Filename=Icmon.exe
28116. Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
28117. Source=Paul Collins Startup list
28118.  
28119. [InterCheckMonitor]
28120. Number=3995
28121. Confirmed=Y
28122. Filename=ICMON.EXE
28123. Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> anti-virus sofware
28124. Source=Paul Collins Startup list
28125.  
28126. [Interdll]
28127. Number=3996
28128. Confirmed=X
28129. Filename=Interdll.exe
28130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
28131. Source=Paul Collins Startup list
28132.  
28133. [Internal]
28134. Number=3997
28135. Confirmed=X
28136. Filename=[trojan filename]
28137. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092310-2135-99" target="_blank">SMOTHER</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092413-3334-99" target="_blank">TRANSLAT</a> TROJANS!
28138. Source=Paul Collins Startup list
28139.  
28140. [Internal]
28141. Number=3998
28142. Confirmed=X
28143. Filename=regedit.exe /s %windir%c:\[month number]
28144. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-1446-99" target="_blank">FORTNIGHT.D</a> TROJAN!
28145. Source=Paul Collins Startup list
28146.  
28147. [Internal Memory File]
28148. Number=3999
28149. Confirmed=X
28150. Filename=sysintmemory.exe
28151. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkt.html" target="_blank">RBOT-GKT</a> WORM!
28152. Source=Paul Collins Startup list
28153.  
28154. [InternalSystray]
28155. Number=4000
28156. Confirmed=X
28157. Filename=Kazza.exe
28158. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)
28159. Source=Paul Collins Startup list
28160.  
28161. [internat]
28162. Number=4001
28163. Confirmed=X
28164. Filename=internat.exe
28165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
28166. Source=Paul Collins Startup list
28167.  
28168. [Internat]
28169. Number=4002
28170. Confirmed=X
28171. Filename=systray.exe
28172. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target=_blank>systray.exe</a> process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
28173. Source=Paul Collins Startup list
28174.  
28175. [Internat]
28176. Number=4003
28177. Confirmed=X
28178. Filename=msgsrv32.exe
28179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnyrubota.html" target= blank>NYRUBOT-A</a> WORM!
28180. Source=Paul Collins Startup list
28181.  
28182. [Internat]
28183. Number=4004
28184. Confirmed=X
28185. Filename=[trojan filename]
28186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcmjspyy.html" target=_blank>CMJSPY-Y</a> TROJAN!
28187. Source=Paul Collins Startup list
28188.  
28189. [Internat Conf]
28190. Number=4005
28191. Confirmed=X
28192. Filename=bootconf.exe
28193. Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
28194. Source=Paul Collins Startup list
28195.  
28196. [internat.exe]
28197. Number=4006
28198. Confirmed=N
28199. Filename=internat.exe
28200. Description=Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder
28201. Source=Paul Collins Startup list
28202.  
28203. [Internat.exe]
28204. Number=4007
28205. Confirmed=X
28206. Filename=internat.exe
28207. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081216-0215-99" target="_blank">NETSNAKE</a> TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:Windows or C:Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
28208. Source=Paul Collins Startup list
28209.  
28210. [internct]
28211. Number=4008
28212. Confirmed=X
28213. Filename=WinSocks5.exe
28214. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090308-0128-99" target="_blank">GRAYBIRD.F</a> TROJAN!
28215. Source=Paul Collins Startup list
28216.  
28217. [internet]
28218. Number=4009
28219. Confirmed=X
28220. Filename=smss.exe
28221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifengk.html" target=_blank>MIFENG-K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
28222. Source=Paul Collins Startup list
28223.  
28224. [Internet]
28225. Number=4010
28226. Confirmed=X
28227. Filename=Internet.exe
28228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwscs.html" target=_blank>PWS-CS</a> TROJAN!
28229. Source=Paul Collins Startup list
28230.  
28231. [Internet]
28232. Number=4011
28233. Confirmed=X
28234. Filename=recruit.exe
28235. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajg.html" target=_blank>RBOT-AJG</a> WORM!
28236. Source=Paul Collins Startup list
28237.  
28238. [internet]
28239. Number=4012
28240. Confirmed=X
28241. Filename=[trojan filename].exe
28242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifengd.html" target=_blank>MIFENG-D</a> TROJAN!
28243. Source=Paul Collins Startup list
28244.  
28245. [Internet]
28246. Number=4013
28247. Confirmed=X
28248. Filename=winlogom.exe
28249. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
28250. Source=Paul Collins Startup list
28251.  
28252. [Internet]
28253. Number=4014
28254. Confirmed=X
28255. Filename=nteusodp.exe
28256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfj.html" target="_blank">RBOT-GFJ</a> WORM!
28257. Source=Paul Collins Startup list
28258.  
28259. [internet]
28260. Number=4015
28261. Confirmed=X
28262. Filename=winsas32.exe
28263. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
28264. Source=Paul Collins Startup list
28265.  
28266. [Internet Answering Machine]
28267. Number=4016
28268. Confirmed=U
28269. Filename=IAMNET~1.EXE
28270. Description=From <a href="http://www.callwave.com/" target="_blank">Callwave</a>. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
28271. Source=Paul Collins Startup list
28272.  
28273. [Internet Answering Machine]
28274. Number=4017
28275. Confirmed=U
28276. Filename=IAM.exe
28277. Description=From <a href="http://www.callwave.com/" target=_blank>Callwave</a> - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
28278. Source=Paul Collins Startup list
28279.  
28280. [Internet Call Manager]
28281. Number=4018
28282. Confirmed=U
28283. Filename=ICM.EXE
28284. Description=Starts <a href="http://www.infointeractive.com/" target="_blank">Internet Call Manager</a> dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
28285. Source=Paul Collins Startup list
28286.  
28287. [Internet Config]
28288. Number=4019
28289. Confirmed=X
28290. Filename=svchosts.exe
28291. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
28292. Source=Paul Collins Startup list
28293.  
28294. [Internet Connection Wizard]
28295. Number=4020
28296. Confirmed=X
28297. Filename=stisvsq.exe
28298. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
28299. Source=Paul Collins Startup list
28300.  
28301. [Internet Connection Wizard]
28302. Number=4021
28303. Confirmed=X
28304. Filename=[path to trojan]
28305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
28306. Source=Paul Collins Startup list
28307.  
28308. [Internet Connection Wizard]
28309. Number=4022
28310. Confirmed=X
28311. Filename=stisvsq1.exe
28312. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
28313. Source=Paul Collins Startup list
28314.  
28315. [Internet Content Publisher]
28316. Number=4023
28317. Confirmed=X
28318. Filename=ICP.EXE
28319. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotud.html" target=_blank>RBOT-UD</a> WORM!
28320. Source=Paul Collins Startup list
28321.  
28322. [Internet Download Accelerator]
28323. Number=4024
28324. Confirmed=U
28325. Filename=ida.exe
28326. Description=<a href="http://www.westbyte.com/ida/" target=_blank>Internet Download Accelerator</a> download manager 
28327.  
28328. Source=Paul Collins Startup list
28329.  
28330. [Internet download manager service]
28331. Number=4025
28332. Confirmed=X
28333. Filename=idman.exe
28334. Description=Added by the <a href="http://www.quickheal.co.in/public/alerts/rbot_bms.asp" target="_blank">RBOT-BMS</a> WORM!
28335. Source=Paul Collins Startup list
28336.  
28337. [Internet Exploere Services]
28338. Number=4026
28339. Confirmed=X
28340. Filename=urlmon32.dll.exe
28341. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022814-1723-99" target="_blank">EVIAN.C</a> WORM!
28342. Source=Paul Collins Startup list
28343.  
28344. [Internet Explore Microsoft]
28345. Number=4027
28346. Confirmed=X
28347. Filename=lEXPLORE.EXE
28348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaof.html" target=_blank>RBOT-AOF</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
28349. Source=Paul Collins Startup list
28350.  
28351. [Internet Explorer]
28352. Number=4028
28353. Confirmed=X
28354. Filename=iexplorer.exe
28355. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1840-99" target="_blank">LORSIS</a> WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key
28356. Source=Paul Collins Startup list
28357.  
28358. [Internet Explorer]
28359. Number=4029
28360. Confirmed=X
28361. Filename=IEXPLORE.EXE
28362. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotey.html" target=_blank>RBOT-EY</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
28363. Source=Paul Collins Startup list
28364.  
28365. [Internet Explorer]
28366. Number=4030
28367. Confirmed=X
28368. Filename=IExplorer.exe
28369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefo.html" target=_blank>NETHIEF-O</a> TROJAN!
28370. Source=Paul Collins Startup list
28371.  
28372. [Internet Explorer]
28373. Number=4031
28374. Confirmed=X
28375. Filename=http.exe
28376. Description=Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed
28377. Source=Paul Collins Startup list
28378.  
28379. [Internet Explorer]
28380. Number=4032
28381. Confirmed=X
28382. Filename=iexpiore.exe
28383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazc.html" target=_blank>RBOT-AZC</a> WORM!
28384. Source=Paul Collins Startup list
28385.  
28386. [Internet Explorer Configuration]
28387. Number=4033
28388. Confirmed=X
28389. Filename=IEXPLORE.EXE
28390. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotul.html" target=_blank>SDBOT-UL</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
28391. Source=Paul Collins Startup list
28392.  
28393. [Internet Explorer Security]
28394. Number=4034
28395. Confirmed=X
28396. Filename=iexplore.pif
28397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalq.html" target=_blank>RBOT-ALQ</a> WORM!
28398. Source=Paul Collins Startup list
28399.  
28400. [Internet Explorer Updater]
28401. Number=4035
28402. Confirmed=X
28403. Filename=lexbac.exe
28404. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99" target="_blank">DOWNLOAD</a> TROJAN!
28405. Source=Paul Collins Startup list
28406.  
28407. [Internet Explorer Updater]
28408. Number=4036
28409. Confirmed=X
28410. Filename=iexplorer.exe
28411. Description=Added by the  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030517-5811-99" target="_blank">REUR.B</a> WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)
28412. Source=Paul Collins Startup list
28413.  
28414. [Internet History Eraser]
28415. Number=4037
28416. Confirmed=U
28417. Filename=HERASER.exe
28418. Description=<a href="http://www.internet-history-eraser.com/index.html" target="_blank">Internet History Eraser</a> - deletes your browsing tracks
28419. Source=Paul Collins Startup list
28420.  
28421. [Internet Loader1]
28422. Number=4038
28423. Confirmed=X
28424. Filename=MSInstall61.exe
28425. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010214-5039-99" target="_blank">KWBOT.B</a> WORM!
28426. Source=Paul Collins Startup list
28427.  
28428. [Internet Mail and News]
28429. Number=4039
28430. Confirmed=X
28431. Filename=msqdevl.exe
28432. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
28433. Source=Paul Collins Startup list
28434.  
28435. [Internet Mail and News]
28436. Number=4040
28437. Confirmed=X
28438. Filename=[path to trojan]
28439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
28440. Source=Paul Collins Startup list
28441.  
28442. [Internet Mail and News]
28443. Number=4041
28444. Confirmed=X
28445. Filename=msqdevl1.exe
28446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
28447. Source=Paul Collins Startup list
28448.  
28449. [Internet Optimizer]
28450. Number=4042
28451. Confirmed=U
28452. Filename=optimize.exe
28453. Description=Internet connection optimizer. Leave this enabled if you find it improves your connection
28454. Source=Paul Collins Startup list
28455.  
28456. [Internet Optimizer]
28457. Number=4043
28458. Confirmed=X
28459. Filename=optimize.exe
28460. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076206" target="_blank">Internet Optimizer</a> parasite, MoneyTree variant - ActiveX control used to download premium-rate dialers
28461.  
28462. Source=Paul Collins Startup list
28463.  
28464. [Internet Security Service]
28465. Number=4044
28466. Confirmed=X
28467. Filename=msq32.exe
28468. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfp.html" target="_blank">RBOT-GFP</a> WORM!
28469. Source=Paul Collins Startup list
28470.  
28471. [Internet Send]
28472. Number=4045
28473. Confirmed=X
28474. Filename=More log.exe
28475. Description=Unidentfied adware
28476. Source=Paul Collins Startup list
28477.  
28478. [Internet Server]
28479. Number=4046
28480. Confirmed=X
28481. Filename=inetsrv.exe
28482. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpaem.html" target=_blank>STARTPA-EM</a> TROJAN!
28483. Source=Paul Collins Startup list
28484.  
28485. [Internet Service]
28486. Number=4047
28487. Confirmed=X
28488. Filename=intersvc.exe
28489. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotde.html" target=_blank>SPYBOT-DE</a> WORM!
28490. Source=Paul Collins Startup list
28491.  
28492. [internet service]
28493. Number=4048
28494. Confirmed=X
28495. Filename=syscfg32.exe
28496. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqs.html" target=_blank>RBOT-QS</a> WORM!
28497. Source=Paul Collins Startup list
28498.  
28499. [internet service]
28500. Number=4049
28501. Confirmed=X
28502. Filename=ssvhost.exe
28503. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
28504. Source=Paul Collins Startup list
28505.  
28506. [internet service]
28507. Number=4050
28508. Confirmed=X
28509. Filename=svho0st98.exe
28510. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EAT" target="_blank">RBOT.EAT</a> WORM!
28511. Source=Paul Collins Startup list
28512.  
28513. [Internet Services]
28514. Number=4051
28515. Confirmed=X
28516. Filename=systemdev.exe
28517. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpw.html" target="_blank">SDBOT-PW</a> WORM!
28518. Source=Paul Collins Startup list
28519.  
28520. [Internet Services]
28521. Number=4052
28522. Confirmed=X
28523. Filename=internet.exe
28524. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050315-2441-99" target= blank>MYTOB.BT</a> WORM!
28525. Source=Paul Collins Startup list
28526.  
28527. [Internet Services]
28528. Number=4053
28529. Confirmed=X
28530. Filename=interserv.exe
28531. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BNT&VSect=P" target=_blank>RBOT.BNT</a> WORM!
28532. Source=Paul Collins Startup list
28533.  
28534. [Internet Services]
28535. Number=4054
28536. Confirmed=X
28537. Filename=Netsvc.exe
28538. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120611-4253-99" target=_blank>MYTOB.MN</a> WORM!
28539. Source=Paul Collins Startup list
28540.  
28541. [INTERNET SERVISES]
28542. Number=4055
28543. Confirmed=X
28544. Filename=winz32.exe
28545. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103014-5627-99" target="_blank">KWBOT.Z</a> WORM!
28546. Source=Paul Collins Startup list
28547.  
28548. [Internet Sharing Server]
28549. Number=4056
28550. Confirmed=Y
28551. Filename=iss_srvr.exe
28552. Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> internet sharing software. Now discontinued
28553. Source=Paul Collins Startup list
28554.  
28555. [Internet Suspention]
28556. Number=4057
28557. Confirmed=X
28558. Filename=story.exe
28559. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HV&VSect=T" target=_blank>WOOTBOT.HV</a> WORM!
28560. Source=Paul Collins Startup list
28561.  
28562. [Internet Sweeper]
28563. Number=4058
28564. Confirmed=N
28565. Filename=Sweeper.exe
28566. Description=<a href="http://www.bmesite.com/" target="_blank">Internet Sweeper</a> - removes unnecessart left over files after browsing the internet
28567. Source=Paul Collins Startup list
28568.  
28569. [Internet Timer]
28570. Number=4059
28571. Confirmed=U
28572. Filename=ITIMER.exe
28573. Description=Shareware dial-up connection call cost calculator from <a href="http://www.rat-software.com/" target="_blank">Ratsoft</a>
28574. Source=Paul Collins Startup list
28575.  
28576. [Internet Washer Pro]
28577. Number=4060
28578. Confirmed=X
28579. Filename=iw.exe
28580. Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
28581. Source=Paul Collins Startup list
28582.  
28583. [Internet.exe]
28584. Number=4061
28585. Confirmed=X
28586. Filename=Internet.exe
28587. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090216-3906-99" target="_blank">MAGICCALL</a> VIRUS!
28588. Source=Paul Collins Startup list
28589.  
28590. [internet.exe]
28591. Number=4062
28592. Confirmed=X
28593. Filename=yinyin3345.vbs
28594. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040611-5356-99" target=_blank>YINI</a> MACRO!
28595. Source=Paul Collins Startup list
28596.  
28597. [Internet2 Optimizer]
28598. Number=4063
28599. Confirmed=X
28600. Filename=wkfix.exe
28601. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
28602. Source=Paul Collins Startup list
28603.  
28604. [InternetExplorer2]
28605. Number=4064
28606. Confirmed=X
28607. Filename=windows.exe
28608. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczp.html" target="_blank">SDBOT-CZP</a> WORM!
28609. Source=Paul Collins Startup list
28610.  
28611. [InternetSpy]
28612. Number=4065
28613. Confirmed=U
28614. Filename=InternetSpy.exe
28615. Description=<a href="http://www.spyarsenal.com/internet-spy/" target="_blank">Internet Spy</a> - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!
28616. Source=Paul Collins Startup list
28617.  
28618. [InternetWasherPro]
28619. Number=4066
28620. Confirmed=X
28621. Filename=iw.exe
28622. Description=<a href="http://www.internetwasher.com/" target="_blank">Internet Washer</a> manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
28623. Source=Paul Collins Startup list
28624.  
28625. [INTERNET_SERVISES]
28626. Number=4067
28627. Confirmed=X
28628. Filename=winz32.exe
28629. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100716-1337-99" target="_blank">SDBOT.Q</a> TROJAN!
28630. Source=Paul Collins Startup list
28631.  
28632. [InternodeUsage]
28633. Number=4068
28634. Confirmed=U
28635. Filename=mum.exe
28636. Description=Australian ISP's free monthly download meter
28637. Source=Paul Collins Startup list
28638.  
28639. [Internt]
28640. Number=4069
28641. Confirmed=X
28642. Filename=Internt.exe
28643. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-3229-99" target="_blank">PEEPER</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041911-4812-99" target="_blank">CARUFAX.A</a> TROJANS!
28644. Source=Paul Collins Startup list
28645.  
28646. [Intersoft Msngr]
28647. Number=4070
28648. Confirmed=X
28649. Filename=intersoftmsngr.exe
28650. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnw.html" target=_blank>AGOBOT-NW</a> WORM!
28651. Source=Paul Collins Startup list
28652.  
28653. [InterTrust Quick Start]
28654. Number=4071
28655. Confirmed=N
28656. Filename=it_cpq~1.exe
28657. Description=<a href="http://www.intertrust.com/index.html" target="_blank">InterTrust</a> offers something known as Digital Rights Management to control legal software download and other E-commerce related business
28658. Source=Paul Collins Startup list
28659.  
28660. [InterU]
28661. Number=4072
28662. Confirmed=X
28663. Filename=WINDRV.EXE
28664. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCINTER.A" target="_blank">IRCINTER.A</a> TROJAN!
28665. Source=Paul Collins Startup list
28666.  
28667. [Intervideo Win Cinema Manager]
28668. Number=4073
28669. Confirmed=N
28670. Filename=WinCinemaMgr.exe
28671. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
28672. Source=Paul Collins Startup list
28673.  
28674. [Intervideo Win Cinema Manager]
28675. Number=4074
28676. Confirmed=N
28677. Filename=WINCIN~1.EXE
28678. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
28679. Source=Paul Collins Startup list
28680.  
28681. [Intervideo WinCinema Manager]
28682. Number=4075
28683. Confirmed=N
28684. Filename=WinCinemaMgr.exe
28685. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
28686. Source=Paul Collins Startup list
28687.  
28688. [Intervideo WinCinema Manager]
28689. Number=4076
28690. Confirmed=N
28691. Filename=WINCIN~1.EXE
28692. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target="_blank">WinCinema Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
28693. Source=Paul Collins Startup list
28694.  
28695. [Intervideo WinScheduler]
28696. Number=4077
28697. Confirmed=N
28698. Filename=WinScheduler.exe
28699. Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
28700. Source=Paul Collins Startup list
28701.  
28702. [Intervideo WinScheduler]
28703. Number=4078
28704. Confirmed=N
28705. Filename=SchSvr.exe
28706. Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
28707. Source=Paul Collins Startup list
28708.  
28709. [InterWARN]
28710. Number=4079
28711. Confirmed=U
28712. Filename=interwarn.exe
28713. Description=<a href="http://www.interwarn.com/interwarn.html" target="_blank">InterWARN</a> by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs
28714. Source=Paul Collins Startup list
28715.  
28716. [Intespention]
28717. Number=4080
28718. Confirmed=X
28719. Filename=IEXPLORE.exe
28720. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfl.html" target=_blank>FORBOT-FL</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
28721. Source=Paul Collins Startup list
28722.  
28723. [Intmgr]
28724. Number=4081
28725. Confirmed=X
28726. Filename=Intmgr.exe
28727. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
28728. Source=Paul Collins Startup list
28729.  
28730. [intranet]
28731. Number=4082
28732. Confirmed=X
28733. Filename=SYS32CFG.EXE
28734. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdw.html" target=_blank>SPYBOT-DW</a> WORM!
28735. Source=Paul Collins Startup list
28736.  
28737. [Intranet]
28738. Number=4083
28739. Confirmed=X
28740. Filename=intranet.exe
28741. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CHIMOZ.AC" target="_blank">CHIMOZ.AC</a> TROJAN!
28742. Source=Paul Collins Startup list
28743.  
28744. [Intrenat]
28745. Number=4084
28746. Confirmed=X
28747. Filename=Intrenat.exe
28748. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-1348-99" target="_blank">LEMIR.E</a> TROJAN!
28749. Source=Paul Collins Startup list
28750.  
28751. [Introducing Media Manager]
28752. Number=4085
28753. Confirmed=N
28754. Filename=SPLASHA.EXE
28755. Description=<a href="http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm" target="_blank">MS Media Manager</a> tour. Not required
28756. Source=Paul Collins Startup list
28757.  
28758. [Introduction-Registration]
28759. Number=4086
28760. Confirmed=N
28761. Filename=??
28762. Description=For Compaq PC's. Should only run first time, PC Introduction & Compaq registration
28763. Source=Paul Collins Startup list
28764.  
28765. [IntruderAlert]
28766. Number=4087
28767. Confirmed=X
28768. Filename=ia99.exe
28769. Description=<a href="http://www.safersite.com/PestInfo/db/i/internetalert.asp" target="_blank">Intruder Alert '99</a> from Bonzi - spyware
28770. Source=Paul Collins Startup list
28771.  
28772. [IntSys1]
28773. Number=4088
28774. Confirmed=X
28775. Filename=[path to trojan]
28776. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaase.html" target="_blank">BANLOA-ASE</a> TROJAN!
28777. Source=Paul Collins Startup list
28778.  
28779. [Inventory Scan]
28780. Number=4089
28781. Confirmed=U
28782. Filename=LDISCN32.EXE
28783. Description=LANDesk <a href="http://www.landesk.com/Products/LDMS/" target=_blank>Management_Suite</a> software component
28784. Source=Paul Collins Startup list
28785.  
28786. [Ioadqm]
28787. Number=4090
28788. Confirmed=X
28789. Filename=Media Player.exe
28790. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031911-0624-99" target="_blank">HAWAWI</a> WORM!
28791. Source=Paul Collins Startup list
28792.  
28793. [iobi]
28794. Number=4091
28795. Confirmed=N
28796. Filename=iobiClient.exe
28797. Description=<a href="https://www22.verizon.com/iobihome/" target=_blank>iobi Home</a> - a mail/voice service by Verizon
28798. Source=Paul Collins Startup list
28799.  
28800. [Iolo Task Agent]
28801. Number=4092
28802. Confirmed=U
28803. Filename=Task_Agent.exe
28804. Description=Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> Task Agent. Scheduled maintenance
28805. Source=Paul Collins Startup list
28806.  
28807. [iolo Utility Bar]
28808. Number=4093
28809. Confirmed=N
28810. Filename=SMUtilityBar.exe
28811. Description=Iolo System Mechanic <a href="http://www.iolo.com/sm/4/tool.cfm?tool=66&collection=SM" target="_blank">Utility Bar</a> - can be launched manually
28812. Source=Paul Collins Startup list
28813.  
28814. [ioloDelayModule]
28815. Number=4094
28816. Confirmed=U
28817. Filename=delay.exe
28818. Description=Part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a>. Used to delay the start of an application which loads automatically as Windows loads
28819. Source=Paul Collins Startup list
28820.  
28821. [Iomega Automatic Backup]
28822. Number=4095
28823. Confirmed=U
28824. Filename=ibackup.exe
28825. Description=<a href="http://www.iomega.com/global/index.jsp" target="_blank">Iomega</a> Automatic Backup - automatic backups for use with Iomega portable HDD
28826. Source=Paul Collins Startup list
28827.  
28828. [Iomega Automatic Backup 1.0.1]
28829. Number=4096
28830. Confirmed=U
28831. Filename=ibackup.exe
28832. Description=<a href="http://www.iomega.com/global/index.jsp" target="_blank">Iomega</a> Automatic Backup - automatic backups for use with Iomega portable HDD
28833. Source=Paul Collins Startup list
28834.  
28835. [Iomega Backup Scheduler]
28836. Number=4097
28837. Confirmed=N
28838. Filename=dtiom98.exe
28839. Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
28840. Source=Paul Collins Startup list
28841.  
28842. [Iomega Disk Icons]
28843. Number=4098
28844. Confirmed=U
28845. Filename=IMGICON.EXE
28846. Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
28847. Source=Paul Collins Startup list
28848.  
28849. [Iomega Drive Icons]
28850. Number=4099
28851. Confirmed=U
28852. Filename=IMGICON.EXE
28853. Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
28854. Source=Paul Collins Startup list
28855.  
28856. [Iomega ImIconXP]
28857. Number=4100
28858. Confirmed=U
28859. Filename=imiconxp.exe
28860. Description=Iomega <a href="http://iomega-na-en.custhelp.com/cgi-bin/iomega_na_en.cfg/php/enduser/std_adp.php?p_faqid=16454" target="_blank">REV System</a> Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks
28861. Source=Paul Collins Startup list
28862.  
28863. [Iomega QuickSync]
28864. Number=4101
28865. Confirmed=?
28866. Filename=Quicksync.exe
28867. Description=<font color="#FF0000">??</font>
28868. Source=Paul Collins Startup list
28869.  
28870. [Iomega Startup Options]
28871. Number=4102
28872. Confirmed=N
28873. Filename=IMGSTART.EXE
28874. Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
28875. Source=Paul Collins Startup list
28876.  
28877. [Iomega Watch]
28878. Number=4103
28879. Confirmed=N
28880. Filename=IOWATCH.EXE
28881. Description=Used by Iomega drives. Available via Start -> Programs
28882. Source=Paul Collins Startup list
28883.  
28884. [IomegaWare]
28885. Number=4104
28886. Confirmed=N
28887. Filename=COMMANDER.EXE
28888. Description=Used by Iomega drives. Details of its purpose can be found <a href="http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup" target="_blank">here</a>. Available via Start -> Programs
28889. Source=Paul Collins Startup list
28890.  
28891. [Iomon98.exe]
28892. Number=4105
28893. Confirmed=U
28894. Filename=Iomon98.exe
28895. Description=PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
28896. Source=Paul Collins Startup list
28897.  
28898. [IP Stack]
28899. Number=4106
28900. Confirmed=X
28901. Filename=ipstack.exe
28902. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW" target="_blank">AGOBOT.CW</a> WORM!
28903. Source=Paul Collins Startup list
28904.  
28905. [IP**.exe [* = random char]]
28906. Number=4107
28907. Confirmed=X
28908. Filename=IP**.exe [* = random char]
28909. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
28910. Source=Paul Collins Startup list
28911.  
28912. [IP**32.exe [* = random char]]
28913. Number=4108
28914. Confirmed=X
28915. Filename=IP**32.exe [* = random char]
28916. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
28917. Source=Paul Collins Startup list
28918.  
28919. [iPalm]
28920. Number=4109
28921. Confirmed=N
28922. Filename=mon.exe
28923. Description=Installed with a Panasonic <a href="http://www.steves-digicams.com/dc3000.html" target="_blank">iPalm</a> digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
28924. Source=Paul Collins Startup list
28925.  
28926. [IPC Connection]
28927. Number=4110
28928. Confirmed=X
28929. Filename=ipcconn.exe
28930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html" target=_blank>RBOT-AEG</a> WORM!
28931. Source=Paul Collins Startup list
28932.  
28933. [IPC Spool Manager]
28934. Number=4111
28935. Confirmed=X
28936. Filename=wnmgre.exe
28937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzc.html" target= blank>SDBOT-ZC</a> WORM!
28938. Source=Paul Collins Startup list
28939.  
28940. [IPC Spool Manager]
28941. Number=4112
28942. Confirmed=X
28943. Filename=winspec.exe
28944. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotblu.html" target=_blank>SDBOT-BLU</a> WORM!
28945. Source=Paul Collins Startup list
28946.  
28947. [ipcfg.exe]
28948. Number=4113
28949. Confirmed=X
28950. Filename=ipcfg.exe
28951. Description=Adware - recognized by McAfee antivirus as a variant of the <a href="http://vil.mcafeesecurity.com/vil/content/v_130215.htm" target=_blank>AdClicker-BM</a> trojan
28952. Source=Paul Collins Startup list
28953.  
28954. [IPConfig]
28955. Number=4114
28956. Confirmed=X
28957. Filename=svcxnv32.exe
28958. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101417-2331-99" target=_blank>HACARMY.E</a> TROJAN!
28959. Source=Paul Collins Startup list
28960.  
28961. [IPConfig]
28962. Number=4115
28963. Confirmed=X
28964. Filename=svcxnw32.exe
28965. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101417-2331-99" target=_blank>HACARMY.E</a> TROJAN!
28966. Source=Paul Collins Startup list
28967.  
28968. [IpCtrl]
28969. Number=4116
28970. Confirmed=X
28971. Filename=ipcon32.exe
28972. Description=Added by an unidentified VIRUS, WORM or TROJAN!
28973.  
28974. Source=Paul Collins Startup list
28975.  
28976. [IPFW]
28977. Number=4117
28978. Confirmed=X
28979. Filename=ipwf.exe
28980. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyf.html" target=_blank>DLOADER-YF</a> TROJAN!
28981. Source=Paul Collins Startup list
28982.  
28983. [IPHSend]
28984. Number=4118
28985. Confirmed=?
28986. Filename=IPHSend.exe
28987. Description=AOL related. <font color="#FF0000">What does it do and is it required?</font>
28988. Source=Paul Collins Startup list
28989.  
28990. [IPInSightLAN 0*]
28991. Number=4119
28992. Confirmed=X
28993. Filename=ipclient.exe
28994. Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target=_blank>here</a> for more information. This one constantly "phones home" and wastes resources. * represents 1 or 2
28995.  
28996. Source=Paul Collins Startup list
28997.  
28998. [IPInSightMonitor  0*]
28999. Number=4120
29000. Confirmed=N
29001. Filename=ipmon32.exe
29002. Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see <a href="http://www.dslreports.com/faq/1247" target=_blank>here</a> for more information. * represents 1 or 2
29003.  
29004. Source=Paul Collins Startup list
29005.  
29006. [IPinst]
29007. Number=4121
29008. Confirmed=Y
29009. Filename=N/A
29010. Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
29011. Source=Paul Collins Startup list
29012.  
29013. [iPlusAgent2]
29014. Number=4122
29015. Confirmed=?
29016. Filename=iAgent2.exe
29017. Description=Related to <a href="http://www.iriver.com/" target="_blank">iriver</a> portable media products. <font color="#FF0000">What does it do and is it required?</font>
29018. Source=Paul Collins Startup list
29019.  
29020. [ipmon.exe]
29021. Number=4123
29022. Confirmed=X
29023. Filename=ipmon.exe
29024. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042813-0206-99" target="_blank">RECERV</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032316-3538-99" target="_blank">R3C.B</a> TROJANS!
29025. Source=Paul Collins Startup list
29026.  
29027. [IpNetwork]
29028. Number=4124
29029. Confirmed=X
29030. Filename=ipnetwork.exe
29031. Description=Maxifiles adware
29032. Source=Paul Collins Startup list
29033.  
29034. [Ipnuker]
29035. Number=4125
29036. Confirmed=X
29037. Filename=Ipnuker.vbs
29038. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091412-3836-99" target=_blank>INKER.B</a> WORM!
29039. Source=Paul Collins Startup list
29040.  
29041. [iPOD USB Driver]
29042. Number=4126
29043. Confirmed=X
29044. Filename=IPODUSB.EXE
29045. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
29046. Source=Paul Collins Startup list
29047.  
29048. [iPod USB Service]
29049. Number=4127
29050. Confirmed=X
29051. Filename=iPODService.exe
29052. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program Files\iPod\bin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup!
29053. Source=Paul Collins Startup list
29054.  
29055. [iPodManager]
29056. Number=4128
29057. Confirmed=U
29058. Filename=iPodManager.exe
29059. Description=Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
29060. Source=Paul Collins Startup list
29061.  
29062. [iPodWatcher]
29063. Number=4129
29064. Confirmed=?
29065. Filename=iPodWatcher.exe
29066. Description=Associated with Apple's iPod MP3 player. <font color="#FF0000">Detects when the iPod is connected?</font>
29067. Source=Paul Collins Startup list
29068.  
29069. [IPOT Service Drivers]
29070. Number=4130
29071. Confirmed=X
29072. Filename=compaq.exe
29073. Description=Added by a variant of the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127131" target=_blank>FUROOTKIT</a> TROJAN!
29074. Source=Paul Collins Startup list
29075.  
29076. [IPOT Service Drivers]
29077. Number=4131
29078. Confirmed=X
29079. Filename=compaq.exe
29080. Description=Added by a variant of the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127131" target=_blank>FUROOTKIT</a> TROJAN!
29081. Source=Paul Collins Startup list
29082.  
29083. [IPOT USB Service DRIVER]
29084. Number=4132
29085. Confirmed=X
29086. Filename=hpsebc087.exe
29087. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwa.html" target= blank>SDBOT-WA</a> WORM!
29088. Source=Paul Collins Startup list
29089.  
29090. [IPOT USB Service DRV32]
29091. Number=4133
29092. Confirmed=X
29093. Filename=hpsebc08.exe
29094. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwh.html" target=_blank>SDBOT-WH</a> WORM!
29095. Source=Paul Collins Startup list
29096.  
29097. [IPPDetect]
29098. Number=4134
29099. Confirmed=N
29100. Filename=IPP4Detect.exe
29101. Description=Part of Presto! <a href="http://www.newsoftinc.com/" target=_blank>Mr.Photo</a> - "an ideal program for creating, sharing, and manag-ing digital images and videos"
29102.  
29103. Source=Paul Collins Startup list
29104.  
29105. [ipreg]
29106. Number=4135
29107. Confirmed=X
29108. Filename=ipreg.exe
29109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzagabanh.html" target=_blank>ZAGABAN-H</a> TROJAN!
29110. Source=Paul Collins Startup list
29111.  
29112. [iPrint Tray]
29113. Number=4136
29114. Confirmed=N
29115. Filename=iprntctl.exe
29116. Description=Novell« <a href="http://www.novell.com/products/netware/printing/quicklook.html" target=_blank>iPrint</a> - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net
29117. Source=Paul Collins Startup list
29118.  
29119. [iProtectYou]
29120. Number=4137
29121. Confirmed=U
29122. Filename=ip.exe
29123. Description=<a href="http://www.softforyou.com/ip-index.html" target="_blank">iProtectYou</a> - internet filtering/parental control and network monitoring software
29124. Source=Paul Collins Startup list
29125.  
29126. [iprun]
29127. Number=4138
29128. Confirmed=X
29129. Filename=iPY.exe
29130. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080315-2028-99" target=_blank>iProtectYou</a> spyware
29131. Source=Paul Collins Startup list
29132.  
29133. [ipsecdialer]
29134. Number=4139
29135. Confirmed=U
29136. Filename=IPSECD~1.EXE
29137. Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
29138. Source=Paul Collins Startup list
29139.  
29140. [ipsecdialer]
29141. Number=4140
29142. Confirmed=U
29143. Filename=ipsecdialer.exe
29144. Description=Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/" target=_blank>VPN Client</a> - lets local users gain Administrator privileges on the operating system
29145. Source=Paul Collins Startup list
29146.  
29147. [IPSecMon]
29148. Number=4141
29149. Confirmed=Y
29150. Filename=IPSecMon.exe
29151. Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
29152. Source=Paul Collins Startup list
29153.  
29154. [IPTable Configuration]
29155. Number=4142
29156. Confirmed=X
29157. Filename=Winipcfgs.exe
29158. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
29159. Source=Paul Collins Startup list
29160.  
29161. [iptray]
29162. Number=4143
29163. Confirmed=N
29164. Filename=iptray.exe
29165. Description=System Tray access to <a href="http://www.intel.com/design/motherbd/software/idu/" target="_blank">Intel Desktop Utilities</a> - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"
29166. Source=Paul Collins Startup list
29167.  
29168. [IPv6 Helper Driver]
29169. Number=4144
29170. Confirmed=X
29171. Filename=csass.exe
29172. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC" target=_blank>AGOBOT.TC</a> WORM!
29173. Source=Paul Collins Startup list
29174.  
29175. [IPv6 STUN Service]
29176. Number=4145
29177. Confirmed=X
29178. Filename=netstun.exe
29179. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
29180. Source=Paul Collins Startup list
29181.  
29182. [IPW]
29183. Number=4146
29184. Confirmed=N
29185. Filename=IPW.exe
29186. Description=<a href="http://www.actiontec.com/index.php" target=_blank>Internet Phone Wizard</a> from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"
29187. Source=Paul Collins Startup list
29188.  
29189. [ipwf]
29190. Number=4147
29191. Confirmed=X
29192. Filename=ipwf.exe
29193. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091217-1451-99" target=_blank>SCHOEBERL</a> TROJAN!
29194. Source=Paul Collins Startup list
29195.  
29196. [IpWins]
29197. Number=4148
29198. Confirmed=X
29199. Filename=ipwins.exe
29200. Description=Added by <a href="http://fileinfo.prevx.com/QQe40518491950-IPWI14714762/IPWINS.EXE.html" target=_blank>Maxfiles</a> adware
29201.  
29202. Source=Paul Collins Startup list
29203.  
29204. [ipxwshel]
29205. Number=4149
29206. Confirmed=X
29207. Filename=ipxwshel.exe
29208. Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_dg.shtml" target="_blank">WAREZOV.DG</a> WORM!
29209. Source=Paul Collins Startup list
29210.  
29211. [IQES.exe]
29212. Number=4150
29213. Confirmed=?
29214. Filename=iqes.exe
29215. Description=<font color="#FF0000">??</font>
29216. Source=Paul Collins Startup list
29217.  
29218. [Ir41_32.ax]
29219. Number=4151
29220. Confirmed=U
29221. Filename=regsvr32.exe [path] Ir41_32.ax
29222. Description=Intel« Indeo« video 4.4 Decompression Filter related
29223.  
29224. Source=Paul Collins Startup list
29225.  
29226. [irassync]
29227. Number=4152
29228. Confirmed=X
29229. Filename=irasyncd.exe
29230. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Adw.NewAds.IRASSync&threatid=42624" target="_blank">IRASSync</a> adware
29231. Source=Paul Collins Startup list
29232.  
29233. [irc session]
29234. Number=4153
29235. Confirmed=X
29236. Filename=sessionmgr.exe
29237. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotace.html" target=_blank>SDBOT-ACE</a> WORM!
29238. Source=Paul Collins Startup list
29239.  
29240. [IREIKE]
29241. Number=4154
29242. Confirmed=Y
29243. Filename=IreIKE.exe
29244. Description=<a href="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" target="_blank">Microsoft L2TP/IPSec VPN Client</a> for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
29245. Source=Paul Collins Startup list
29246.  
29247. [iRis Active Monitor]
29248. Number=4155
29249. Confirmed=N
29250. Filename=winmon32.exe
29251. Description=Iris Antivirus - discontinued, replace with good alternative
29252. Source=Paul Collins Startup list
29253.  
29254. [iRiS AntiVirus Active Monitor]
29255. Number=4156
29256. Confirmed=N
29257. Filename=WIMMUN32.exe
29258. Description=Iris Antivirus - discontinued, replace with good alternative
29259. Source=Paul Collins Startup list
29260.  
29261. [iRiver AutoDB]
29262. Number=4157
29263. Confirmed=U
29264. Filename=MLService.exe
29265. Description=Associated with the <a href="http://www.iriver.com/" target=_blank>iRiver</a> Music Manager
29266. Source=Paul Collins Startup list
29267.  
29268. [iRiver Updater]
29269. Number=4158
29270. Confirmed=N
29271. Filename=Updater.exe
29272. Description=Updates for the <a href="http://www.iriver.com/" target="_blank">iRiver Music Manager</a> - used with their digital music players
29273. Source=Paul Collins Startup list
29274.  
29275. [IrMon]
29276. Number=4159
29277. Confirmed=U
29278. Filename=IRMON.EXE
29279. Description=System Tray access to infra-red devices. Not required unless you use infra-red devices
29280. Source=Paul Collins Startup list
29281.  
29282. [IRPMonitor]
29283. Number=4160
29284. Confirmed=?
29285. Filename=itcnmon.exe
29286. Description=<font color="#FF0000">??</font>
29287. Source=Paul Collins Startup list
29288.  
29289. [irssyncd]
29290. Number=4161
29291. Confirmed=X
29292. Filename=irssyncd.exe
29293. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant
29294. Source=Paul Collins Startup list
29295.  
29296. [Irwftp]
29297. Number=4162
29298. Confirmed=X
29299. Filename=[path to trojan]
29300. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosap.html" target=_blank>BANCOS-AP</a> TROJAN!
29301.  
29302. Source=Paul Collins Startup list
29303.  
29304. [irwftp]
29305. Number=4163
29306. Confirmed=X
29307. Filename=iexplorer.exe
29308. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeran.html" target=_blank>BANKER-AN</a> TROJAN!
29309. Source=Paul Collins Startup list
29310.  
29311. [irwftp]
29312. Number=4164
29313. Confirmed=X
29314. Filename=ftpmon.exe
29315. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbo.html" target= blank>BANCBAN-BO</a> TROJAN!
29316. Source=Paul Collins Startup list
29317.  
29318. [IrXfer]
29319. Number=4165
29320. Confirmed=U
29321. Filename=IrXfer.exe
29322. Description=Microsoft Infrared Transfer application
29323. Source=Paul Collins Startup list
29324.  
29325. [ir_ftp]
29326. Number=4166
29327. Confirmed=X
29328. Filename=ir_ftp.exe
29329. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031212-3211-99" target="_blank">IRFTP</a> TROJAN!
29330. Source=Paul Collins Startup list
29331.  
29332. [ir_ftp]
29333. Number=4167
29334. Confirmed=X
29335. Filename=irwftp.exe
29336. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-2418-99" target="_blank">BANCOS.H</a> TROJAN!
29337. Source=Paul Collins Startup list
29338.  
29339. [IS CfgWiz]
29340. Number=4168
29341. Confirmed=N
29342. Filename=cfgwiz.exe
29343. Description=Norton Internet Security configuration wizard
29344. Source=Paul Collins Startup list
29345.  
29346. [Isass]
29347. Number=4169
29348. Confirmed=X
29349. Filename=Isass.exe
29350. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102709-3103-99" target=_blank>FUTRO</a> TROJAN!
29351. Source=Paul Collins Startup list
29352.  
29353. [ISBMgr.exe]
29354. Number=4170
29355. Confirmed=U
29356. Filename=ISBMgr.exe
29357. Description=Related to Sony ISB Utility. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
29358. Source=Paul Collins Startup list
29359.  
29360. [iscch]
29361. Number=4171
29362. Confirmed=X
29363. Filename=iscch.exe
29364. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lcpranka.html" target="_blank">LCPRANK-A</a> WORM!
29365. Source=Paul Collins Startup list
29366.  
29367. [isdbdc]
29368. Number=4172
29369. Confirmed=N
29370. Filename=isdbdc.exe
29371. Description=For Compaq PC's. May install properties in dial-up networking when you register with an ISP
29372. Source=Paul Collins Startup list
29373.  
29374. [isDeleteMe]
29375. Number=4173
29376. Confirmed=U
29377. Filename=isDel.bat
29378. Description=Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
29379. Source=Paul Collins Startup list
29380.  
29381. [ISDN Monitor]
29382. Number=4174
29383. Confirmed=N
29384. Filename=Linksts.exe
29385. Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
29386. Source=Paul Collins Startup list
29387.  
29388. [ISDNwatch]
29389. Number=4175
29390. Confirmed=U
29391. Filename=IWatch.exe
29392. Description=<a href="http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php3" target="_blank">FRITZ!X ISDNWatch</a> - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
29393. Source=Paul Collins Startup list
29394.  
29395. [ISHelp]
29396. Number=4176
29397. Confirmed=U
29398. Filename=help.exe
29399. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.ispy.html" target=_blank>ISpy</a> is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it
29400. Source=Paul Collins Startup list
29401.  
29402. [iShield]
29403. Number=4177
29404. Confirmed=U
29405. Filename=iShield.exe
29406. Description="GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> blocks pornographic images when you surf the Internet on your computer using a web browser"
29407. Source=Paul Collins Startup list
29408.  
29409. [ISLP2STA]
29410. Number=4178
29411. Confirmed=Y
29412. Filename=ISLP2STA.EXE
29413. Description=A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers
29414. Source=Paul Collins Startup list
29415.  
29416. [ISP.COM High Speed]
29417. Number=4179
29418. Confirmed=Y
29419. Filename=slipgui.exe
29420. Description=User interface for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
29421. Source=Paul Collins Startup list
29422.  
29423. [ISPSERVICE]
29424. Number=4180
29425. Confirmed=X
29426. Filename=psycho.exe
29427. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircfloodo.html" target="_blank">IRCFLOOD-O</a> TROJAN!
29428. Source=Paul Collins Startup list
29429.  
29430. [iSpyNOW]
29431. Number=4181
29432. Confirmed=U
29433. Filename=ispynow.exe
29434. Description=<a href="http://www.ispynow.com/" target="_blank">iSpyNOW</a> - remote monitoring and surveillance software
29435. Source=Paul Collins Startup list
29436.  
29437. [Israfel]
29438. Number=4182
29439. Confirmed=X
29440. Filename=Israfel.vbs
29441. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-5555-99" target="_blank">GAGGLE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target="_blank">GAGGLE.E</a> WORMS!
29442. Source=Paul Collins Startup list
29443.  
29444. [IsReminder]
29445. Number=4183
29446. Confirmed=N
29447. Filename=ISPopup.exe
29448. Description=Related to GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> - this is the registration reminder for the trial version, so not required in startup
29449. Source=Paul Collins Startup list
29450.  
29451. [issEnc32Svr]
29452. Number=4184
29453. Confirmed=X
29454. Filename=issEnc32.exe
29455. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
29456. Source=Paul Collins Startup list
29457.  
29458. [ISSI EZUpdate Service]
29459. Number=4185
29460. Confirmed=N
29461. Filename=issimsvc.exe
29462. Description=Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
29463. Source=Paul Collins Startup list
29464.  
29465. [ISStart]
29466. Number=4186
29467. Confirmed=U
29468. Filename=ISStart.exe
29469. Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
29470. Source=Paul Collins Startup list
29471.  
29472. [ISSVC]
29473. Number=4187
29474. Confirmed=Y
29475. Filename=ISSVC.exe
29476. Description=Part of Norton Internet Security Suite
29477. Source=Paul Collins Startup list
29478.  
29479. [ISS_Certtool]
29480. Number=4188
29481. Confirmed=Y
29482. Filename=certtool.exe
29483. Description=<a href="http://www.fileresearchcenter.com/C/CERTTOOL.EXE-3761.html" target=_blank>IBM Client Security</a> Certification Tool
29484.  
29485. Source=Paul Collins Startup list
29486.  
29487. [IST Service]
29488. Number=4189
29489. Confirmed=X
29490. Filename=istsvc.exe
29491. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
29492. Source=Paul Collins Startup list
29493.  
29494. [ist service uninstall]
29495. Number=4190
29496. Confirmed=X
29497. Filename=[random filename]
29498. Description=<a href="http://sarc.com/avcenter/venc/data/adware.istbar.html" target="_blank">ISTBar</a> parasite related
29499. Source=Paul Collins Startup list
29500.  
29501. [istinstall zazzer.exe]
29502. Number=4191
29503. Confirmed=X
29504. Filename=istinstall zazzer.exe
29505. Description=Unidentified adware downloader/installer
29506. Source=Paul Collins Startup list
29507.  
29508. [ISUSPM Startup]
29509. Number=4192
29510. Confirmed=N
29511. Filename=ISUSPM.exe
29512. Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
29513. Source=Paul Collins Startup list
29514.  
29515. [ISUSScheduler]
29516. Number=4193
29517. Confirmed=N
29518. Filename=issch.exe
29519. Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
29520. Source=Paul Collins Startup list
29521.  
29522. [isxa]
29523. Number=4194
29524. Confirmed=X
29525. Filename=isxa.exe
29526. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalleiv.html" target="_blank">SMALL-EIV</a> TROJAN!
29527. Source=Paul Collins Startup list
29528.  
29529. [isystem]
29530. Number=4195
29531. Confirmed=X
29532. Filename=isystem.exe
29533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
29534. Source=Paul Collins Startup list
29535.  
29536. [ItalU]
29537. Number=4196
29538. Confirmed=X
29539. Filename=italfds.exe
29540. Description=Added by a TROJAN! See <a href="http://www.fileresearchcenter.com/I/ITALFDS.EXE-9030.html" target="_blank">here</a> TROJAN!
29541. Source=Paul Collins Startup list
29542.  
29543. [Itk]
29544. Number=4197
29545. Confirmed=U
29546. Filename=Itk.exe
29547. Description=<a href="http://www.itksoft.com/index.asp" target="_blank">In The Know</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
29548. Source=Paul Collins Startup list
29549.  
29550. [itk.exe]
29551. Number=4198
29552. Confirmed=U
29553. Filename=itk.exe
29554. Description=<a href="http://www.mlin.net/other.shtml" target="_blank">Insert ToggleKey</a> by Mike Lin. ITK sounds a tone whenever you press Insert
29555. Source=Paul Collins Startup list
29556.  
29557. [iTouch]
29558. Number=4199
29559. Confirmed=U
29560. Filename=iTouch.exe
29561. Description=iTouch loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
29562. Source=Paul Collins Startup list
29563.  
29564. [ItsDeductiblePopUp]
29565. Number=4200
29566. Confirmed=N
29567. Filename=ItsDeductible.exe
29568. Description=<a href="http://www.itsdeductible2.com/" target="_blank">ItsDeductible</a> from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
29569. Source=Paul Collins Startup list
29570.  
29571. [ITUNES]
29572. Number=4201
29573. Confirmed=X
29574. Filename=itune.exe
29575. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzu.html" target= blank>RBOT-ZU</a> WORM!
29576. Source=Paul Collins Startup list
29577.  
29578. [ITUNES]
29579. Number=4202
29580. Confirmed=X
29581. Filename=itunes.exe
29582. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotl.html" target="_blank">OSCABOT-L</a> WORM! Note - this file will be placed in the Windows\System32 or Winnt\System32 folder, and should not be confused with the (legitimate) Apple iTunes process, always located in the Program Files\iTunes folder
29583. Source=Paul Collins Startup list
29584.  
29585. [Itunes]
29586. Number=4203
29587. Confirmed=X
29588. Filename=dials.exe
29589. Description=Detected as Trojan-Dropper.Win32.Agent.mm by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> Anti-Virus
29590. Source=Paul Collins Startup list
29591.  
29592. [iTunes Helper]
29593. Number=4204
29594. Confirmed=Y
29595. Filename=iTunesHelper.exe
29596. Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
29597. Source=Paul Collins Startup list
29598.  
29599. [iTunes Music]
29600. Number=4205
29601. Confirmed=X
29602. Filename=iTunesHelper32.exe
29603. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
29604. Source=Paul Collins Startup list
29605.  
29606. [iTunesAgent]
29607. Number=4206
29608. Confirmed=X
29609. Filename=ita.exe
29610. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.U</a> TROJAN!
29611. Source=Paul Collins Startup list
29612.  
29613. [itunesff]
29614. Number=4207
29615. Confirmed=X
29616. Filename=itunesff.exe
29617. Description=Added by the <a href="http://www.bleepingcomputer.com/startups/itunesff.exe-14014.html" target="_blank">EB</a> adult premium dialer
29618. Source=Paul Collins Startup list
29619.  
29620. [iTunesHelper]
29621. Number=4208
29622. Confirmed=Y
29623. Filename=iTunesHelper.exe
29624. Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
29625. Source=Paul Collins Startup list
29626.  
29627. [itype]
29628. Number=4209
29629. Confirmed=?
29630. Filename=itype.exe
29631. Description=<a href="http://www.microsoft.com/downloads/details.aspx?familyid=3D0BA152-5D92-4772-A2FD-5AB35C750685&displaylang=en" target=_blank>Microsoft IntelliType Pro</a> keyboard related - <font color=#FF0000>what does it do and is it required?</font>
29632.  
29633. Source=Paul Collins Startup list
29634.  
29635. [Iusage]
29636. Number=4210
29637. Confirmed=N
29638. Filename=netdet.exe
29639. Description=<a href="http://members.tripod.com/gauravdhup0/iumos.html" target="_blank">Internet Usage Monitor</a> - utility to calculate the cost and time on the internet via dial-up
29640. Source=Paul Collins Startup list
29641.  
29642. [iut75]
29643. Number=4211
29644. Confirmed=X
29645. Filename=uzcx.exe
29646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraxv.html" target="_blank">DLOADER-AXV</a> TROJAN!
29647. Source=Paul Collins Startup list
29648.  
29649. [IVPServiceMgr]
29650. Number=4212
29651. Confirmed=N
29652. Filename=ivpsvmgr.exe
29653. Description=Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates
29654. Source=Paul Collins Startup list
29655.  
29656. [ivy.exe]
29657. Number=4213
29658. Confirmed=X
29659. Filename=ivy.exe
29660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentenz.html" target="_blank">AGENT-ENZ</a> TROJAN!
29661. Source=Paul Collins Startup list
29662.  
29663. [IW ControlCenter]
29664. Number=4214
29665. Confirmed=N
29666. Filename=iwctrl.exe
29667. Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
29668. Source=Paul Collins Startup list
29669.  
29670. [iwctrl]
29671. Number=4215
29672. Confirmed=U
29673. Filename=iwctrl.exe
29674. Description=<a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
29675. Source=Paul Collins Startup list
29676.  
29677. [ixplore]
29678. Number=4216
29679. Confirmed=X
29680. Filename=ixplore.exe
29681. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
29682. Source=Paul Collins Startup list
29683.  
29684. [ixproxy]
29685. Number=4217
29686. Confirmed=X
29687. Filename=[path to trojan]
29688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojxorpixa.html" target=_blank>XORPIX-A</a> TROJAN!
29689. Source=Paul Collins Startup list
29690.  
29691. [iyelejiv]
29692. Number=4218
29693. Confirmed=X
29694. Filename=yujixit.exe
29695. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BJK&VSect=P" target=_blank>SDBOT.BJK</a> WORM!
29696. Source=Paul Collins Startup list
29697.  
29698. [IZE]
29699. Number=4219
29700. Confirmed=?
29701. Filename=N/A
29702. Description=<font color="#FF0000">??</font>
29703. Source=Paul Collins Startup list
29704.  
29705. [j2 Tray Menu]
29706. Number=4220
29707. Confirmed=N
29708. Filename=HotTray.exe
29709. Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
29710. Source=Paul Collins Startup list
29711.  
29712. [JA Cfg Util v2]
29713. Number=4221
29714. Confirmed=X
29715. Filename=jacfg2.exe
29716. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotal.html" target=_blank>RBOT-AL</a> WORM!
29717. Source=Paul Collins Startup list
29718.  
29719. [JA Config 32]
29720. Number=4222
29721. Confirmed=X
29722. Filename=Awesome32.exe
29723. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
29724. Source=Paul Collins Startup list
29725.  
29726. [Jammer]
29727. Number=4223
29728. Confirmed=U
29729. Filename=jammer.exe
29730. Description=Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
29731. Source=Paul Collins Startup list
29732.  
29733. [Jammer2nd]
29734. Number=4224
29735. Confirmed=X
29736. Filename=Jammer2nd.exe
29737. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042110-2302-99" target="_blank">NETSKY.Z</a> WORM!
29738. Source=Paul Collins Startup list
29739.  
29740. [Java applet]
29741. Number=4225
29742. Confirmed=X
29743. Filename=javaup.exe
29744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacf.html" target=_blank>SDBOT-ACF</a> WORM!
29745. Source=Paul Collins Startup list
29746.  
29747. [Java Auto Update]
29748. Number=4226
29749. Confirmed=X
29750. Filename=ujm.exe
29751. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadh.html" target=_blank>SDBOT-ADH</a> WORM!
29752. Source=Paul Collins Startup list
29753.  
29754. [Java Runtime Environment]
29755. Number=4227
29756. Confirmed=X
29757. Filename=jbuild.exe
29758. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotj.html" target="_blank">DELBOT-J</a> WORM!
29759. Source=Paul Collins Startup list
29760.  
29761. [Java Runtime Value]
29762. Number=4228
29763. Confirmed=X
29764. Filename=runjava.exe
29765. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotddj.html" target="_blank">RBOT-DDJ</a> WORM!
29766. Source=Paul Collins Startup list
29767.  
29768. [Java Runtimes]
29769. Number=4229
29770. Confirmed=X
29771. Filename=iexplore.exe
29772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090717-4224-99" target=_blank>KILLAV.B</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a Winnt\Java\Java folder
29773. Source=Paul Collins Startup list
29774.  
29775. [Java Virtual Machine]
29776. Number=4230
29777. Confirmed=X
29778. Filename=javaw.exe
29779. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
29780. Source=Paul Collins Startup list
29781.  
29782. [Java**.exe [* = random char]]
29783. Number=4231
29784. Confirmed=X
29785. Filename=Java**.exe [* = random char]
29786. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
29787. Source=Paul Collins Startup list
29788.  
29789. [Java**32.exe [* = random char]]
29790. Number=4232
29791. Confirmed=X
29792. Filename=Java**32.exe [* = random char]
29793. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
29794. Source=Paul Collins Startup list
29795.  
29796. [java-plugin]
29797. Number=4233
29798. Confirmed=X
29799. Filename=javasctp.exe
29800. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.VB.amx&threatid=55378" target="_blank">VB.AMX</a> TROJAN!
29801. Source=Paul Collins Startup list
29802.  
29803. [Javascript]
29804. Number=4234
29805. Confirmed=X
29806. Filename=jscript.exe
29807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotad.html" target="_blank">DELBOT-AD</a> WORM!
29808. Source=Paul Collins Startup list
29809.  
29810. [JavaScript Debugging Service]
29811. Number=4235
29812. Confirmed=X
29813. Filename=JsDbgMan.exe
29814. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022416-1432-99" target=_blank>DERDEO.E</a> WORM!
29815. Source=Paul Collins Startup list
29816.  
29817. [JavaUpdate0.07]
29818. Number=4236
29819. Confirmed=X
29820. Filename=[filename]
29821. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112120-2343-99" target=_blank>JUPDATE</a> TROJAN!
29822. Source=Paul Collins Startup list
29823.  
29824. [JavaUpdateSched]
29825. Number=4237
29826. Confirmed=X
29827. Filename=jusched32.exe
29828. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrckb.html" target=_blank>CKB</a> TROJAN!
29829. Source=Paul Collins Startup list
29830.  
29831. [JavaVM]
29832. Number=4238
29833. Confirmed=X
29834. Filename=java.exe
29835. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072615-3527-99" target="_blank">MYDOOM.M</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072915-1153-99" target="_blank">MYDOOM.N</a> or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
29836. Source=Paul Collins Startup list
29837.  
29838. [jawa32]
29839. Number=4239
29840. Confirmed=X
29841. Filename=jawa32.exe
29842. Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/" target="_blank">AGENT.BG</a> WORM!
29843. Source=Paul Collins Startup list
29844.  
29845. [Jawa322]
29846. Number=4240
29847. Confirmed=X
29848. Filename=jawa32.exe
29849. Description=Added by a variant of the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/" target=_blank>AGENT.BG</a> trojan
29850.  
29851. Source=Paul Collins Startup list
29852.  
29853. [JB]
29854. Number=4241
29855. Confirmed=N
29856. Filename=Jiffybar.exe
29857. Description="Get Paid As You surf" application
29858. Source=Paul Collins Startup list
29859.  
29860. [Jet Detection]
29861. Number=4242
29862. Confirmed=N
29863. Filename=ADGJDet.exe
29864. Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
29865. Source=Paul Collins Startup list
29866.  
29867. [JetAdmin Discovery Indicator]
29868. Number=4243
29869. Confirmed=Y
29870. Filename=HPJETDSC.EXE
29871. Description=HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
29872. Source=Paul Collins Startup list
29873.  
29874. [jete]
29875. Number=4244
29876. Confirmed=X
29877. Filename=yujixit.exe
29878. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRT&VSect=P" target=_blank>SDBOT.BRT</a> WORM!
29879. Source=Paul Collins Startup list
29880.  
29881. [jiahus]
29882. Number=4245
29883. Confirmed=X
29884. Filename=svchqs.exe
29885. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwowpwsal.html" target="_blank">WOWPWS-AL</a> TROJAN!
29886. Source=Paul Collins Startup list
29887.  
29888. [jijbl]
29889. Number=4246
29890. Confirmed=X
29891. Filename=ezlwy.bat
29892. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031609-5722-99" target="_blank">REDDW</a> WORM!
29893. Source=Paul Collins Startup list
29894.  
29895. [JMB36X Configure]
29896. Number=4247
29897. Confirmed=U
29898. Filename=JMRaidTool.exe
29899. Description=<a href="http://www.jmicron.com/Product_JMB363.htm" target="_blank">JMB36x</a> series Raid configuration utility from JMicron Technology
29900. Source=Paul Collins Startup list
29901.  
29902. [Job-oversigt]
29903. Number=4248
29904. Confirmed=U
29905. Filename=taskmon.exe
29906. Description=Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
29907. Source=Paul Collins Startup list
29908.  
29909. [JobHisInit]
29910. Number=4249
29911. Confirmed=U
29912. Filename=JobHisInit.exe
29913. Description=Used by Ricoh network printers to enable network printing from the client
29914. Source=Paul Collins Startup list
29915.  
29916. [Jog Serve]
29917. Number=4250
29918. Confirmed=U
29919. Filename=JogServ2.exe
29920. Description="Jog Dial" on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features
29921. Source=Paul Collins Startup list
29922.  
29923. [JogServ2]
29924. Number=4251
29925. Confirmed=U
29926. Filename=JogServ2.exe
29927. Description="Jog Dial" on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features
29928. Source=Paul Collins Startup list
29929.  
29930. [john315]
29931. Number=4252
29932. Confirmed=X
29933. Filename=srrvc.exe
29934. Description=Added by an unidentified WORM or TROJAN!
29935. Source=Paul Collins Startup list
29936.  
29937. [jon315]
29938. Number=4253
29939. Confirmed=X
29940. Filename=[path to trojan]
29941. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotbi.html" target="_blank">MAILBOT-BI</a> TROJAN!
29942. Source=Paul Collins Startup list
29943.  
29944. [jotl]
29945. Number=4254
29946. Confirmed=?
29947. Filename=millenzje.exe
29948. Description=<font color="#FF0000">??</font>
29949. Source=Paul Collins Startup list
29950.  
29951. [JOYTECH USB Neo S Controller]
29952. Number=4255
29953. Confirmed=U
29954. Filename=JoytechNeoSTrayIcon.exe
29955. Description=System Tray access to Joytech <a href="http://www.joytech.net/products.php?section=viewprod&productID=74&lang=1&catID=8" target="_blank">Neo S</a> PC gamepad controller software
29956. Source=Paul Collins Startup list
29957.  
29958. [Jreg]
29959. Number=4256
29960. Confirmed=X
29961. Filename=Jreg2b.exe
29962. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
29963. Source=Paul Collins Startup list
29964.  
29965. [Jufualt]
29966. Number=4257
29967. Confirmed=X
29968. Filename=winxp2.exe
29969. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaab.html" target=_blank>SDBOT-AAB</a> WORM!
29970. Source=Paul Collins Startup list
29971.  
29972. [Jufualt]
29973. Number=4258
29974. Confirmed=X
29975. Filename=svhost.exe
29976. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadj.html" target=_blank>SDBOT-ADJ</a> WORM!
29977. Source=Paul Collins Startup list
29978.  
29979. [Juno_uoltray]
29980. Number=4259
29981. Confirmed=N
29982. Filename=exec.exe
29983. Description=Juno ISP software - not required
29984. Source=Paul Collins Startup list
29985.  
29986. [jusched]
29987. Number=4260
29988. Confirmed=N
29989. Filename=jusched.exe
29990. Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
29991. Source=Paul Collins Startup list
29992.  
29993. [jusched]
29994. Number=4261
29995. Confirmed=X
29996. Filename=[path to trojan]
29997. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbwr.html" target="_blank">BANKER-BWR</a> TROJAN!
29998. Source=Paul Collins Startup list
29999.  
30000. [jushed32.exe]
30001. Number=4262
30002. Confirmed=X
30003. Filename=jushed32.exe
30004. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojbiztenl.html" target= blank>BIZTEN-L</a> TROJAN!
30005. Source=Paul Collins Startup list
30006.  
30007. [jusodl]
30008. Number=4263
30009. Confirmed=X
30010. Filename=severe.exe
30011. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=6907" target="_blank">QQPASS.48436</a> TROJAN!
30012. Source=Paul Collins Startup list
30013.  
30014. [JussDropUtility]
30015. Number=4264
30016. Confirmed=U
30017. Filename=JussDrop.exe
30018. Description=Related to <a href="http://www.dropshots.com/" target=_blank>DropShots</a> Inc. A subscription based service for family to connect, converse and share photos and videos
30019. Source=Paul Collins Startup list
30020.  
30021. [jutsu]
30022. Number=4265
30023. Confirmed=X
30024. Filename=jutsu.exe
30025. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotls.html" target=_blank>RBOT-LS</a> WORM!
30026. Source=Paul Collins Startup list
30027.  
30028. [jv16 PT TempFileTool]
30029. Number=4266
30030. Confirmed=U
30031. Filename=TempTool.exe
30032. Description=jv16 PowerTools <a href="http://www.macecraft.com/pt2006/file_cleaner/" target="_blank">File Cleaner</a> - "allows you to find obsolete and left-over temporary files"
30033. Source=Paul Collins Startup list
30034.  
30035. [jv16PT - Privacy Protector]
30036. Number=4267
30037. Confirmed=U
30038. Filename=Task.jvb
30039. Description=jv16 PowerTools <a href="http://www.macecraft.com/pt2006/privacy_protector/" target= blank>Privacy Protector</a> - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer"
30040. Source=Paul Collins Startup list
30041.  
30042. [Jv16pt Network Resident]
30043. Number=4268
30044. Confirmed=U
30045. Filename=jv16pt_network.exe
30046. Description=<a href="http://www.macecraft.com/jv16powertools2006/" target="_blank">jv16 PowerTools</a> network resident program. Only needed if you are using the program's network features
30047. Source=Paul Collins Startup list
30048.  
30049. [jvdnlssn]
30050. Number=4269
30051. Confirmed=X
30052. Filename=fljzsshc.exe
30053. Description=Flingstone.com adware - and its Golden Palace Casino program
30054. Source=Paul Collins Startup list
30055.  
30056. [JVM0]
30057. Number=4270
30058. Confirmed=X
30059. Filename=JVM0.exe
30060. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaax.html" target="_blank">BANLOA-AX</a> TROJAN!
30061. Source=Paul Collins Startup list
30062.  
30063. [JVM0.12]
30064. Number=4271
30065. Confirmed=X
30066. Filename=[random filename]
30067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoora.html" target= blank>TEADOOR-A</a> TROJAN!
30068. Source=Paul Collins Startup list
30069.  
30070. [JVM0.14]
30071. Number=4272
30072. Confirmed=X
30073. Filename=[random filename]
30074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojteadoorb.html" target=_blank>TEADOOR-B</a> TROJAN!
30075. Source=Paul Collins Startup list
30076.  
30077. [JW Manager]
30078. Number=4273
30079. Confirmed=X
30080. Filename=jwmngr.exe
30081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotg.html" target="_blank">DELBOT-G</a> WORM!
30082. Source=Paul Collins Startup list
30083.  
30084. [jxef1104]
30085. Number=4274
30086. Confirmed=X
30087. Filename=jxef1104.exe
30088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32xipia.html" target=_blank>XIPI-A</a> WORM!
30089. Source=Paul Collins Startup list
30090.  
30091. [JXL Radio]
30092. Number=4275
30093. Confirmed=X
30094. Filename=jxl.exe
30095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotebe.html" target="_blank">RBOT-EBE</a> WORM!
30096. Source=Paul Collins Startup list
30097.  
30098. [Jzi16]
30099. Number=4276
30100. Confirmed=?
30101. Filename=jzi16.exe
30102. Description=<font color="#FF0000">??</font>
30103. Source=Paul Collins Startup list
30104.  
30105. [K2ps_full.task]
30106. Number=4277
30107. Confirmed=X
30108. Filename=K2ps_full.exe
30109. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN!
30110. Source=Paul Collins Startup list
30111.  
30112. [K6CPU.EXE]
30113. Number=4278
30114. Confirmed=N
30115. Filename=K6CPU.EXE
30116. Description=Authenticates CPU as K6 in system properties
30117. Source=Paul Collins Startup list
30118.  
30119. [Kadoc]
30120. Number=4279
30121. Confirmed=X
30122. Filename=[random filename].exe
30123. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030918-0821-99" target=_blank>STAPREW</a> TROJAN!
30124. Source=Paul Collins Startup list
30125.  
30126. [kak]
30127. Number=4280
30128. Confirmed=X
30129. Filename=kak.hta
30130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121908-3951-99" target="_blank">KAKWORM</a> WORM!
30131. Source=Paul Collins Startup list
30132.  
30133. [Kalibump]
30134. Number=4281
30135. Confirmed=U
30136. Filename=Kalibump.exe
30137. Description=Used with the now unsupported <a href="http://www.kali.net/" target="_blank">Kali</a> software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
30138. Source=Paul Collins Startup list
30139.  
30140. [kalvsys]
30141. Number=4282
30142. Confirmed=X
30143. Filename=kalv****.exe [* = random char]
30144. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
30145. Source=Paul Collins Startup list
30146.  
30147. [kalvsys]
30148. Number=4283
30149. Confirmed=X
30150. Filename=kalv***32.exe [* = random char]
30151. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
30152. Source=Paul Collins Startup list
30153.  
30154. [Kana Reminder]
30155. Number=4284
30156. Confirmed=N
30157. Filename=Reminder.exe
30158. Description=<a href="http://kanasolution.com/index.php?i=55" target="_blank">Kana Reminder</a> is a program which can be used to set a reminder to be triggered at a specified time
30159. Source=Paul Collins Startup list
30160.  
30161. [Karen's Once-A-Day II]
30162. Number=4285
30163. Confirmed=U
30164. Filename=PTOAD.exe
30165. Description="Have a job that should be run exactly once each day? <a href="http://www.karenware.com/powertools/ptoad.asp" target=_blank>Karen's Once-A-Day II</a> is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time
30166. Source=Paul Collins Startup list
30167.  
30168. [KASP]
30169. Number=4286
30170. Confirmed=U
30171. Filename=OESpamTest.exe
30172. Description=Kaspersky <a href="http://www.kaspersky.com/antispamenterprise" target=_blank>Anti-Spam</a>
30173. Source=Paul Collins Startup list
30174.  
30175. [Kasper Antivirus]
30176. Number=4287
30177. Confirmed=X
30178. Filename=KASPERANTIVIRUS.EXE
30179. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
30180. Source=Paul Collins Startup list
30181.  
30182. [Kaspersky Anti-Hacker]
30183. Number=4288
30184. Confirmed=Y
30185. Filename=KAVPF.exe
30186. Description=Kaspersky <a href="http://www.kaspersky.com/productupdates?chapter=146244114" target="_blank">Anti-Hacker</a> firewall
30187. Source=Paul Collins Startup list
30188.  
30189. [Kaspersky Antivirus]
30190. Number=4289
30191. Confirmed=X
30192. Filename=KasperskyAV.exe
30193. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
30194.  
30195. Source=Paul Collins Startup list
30196.  
30197. [KasperskyAv]
30198. Number=4290
30199. Confirmed=X
30200. Filename=kaspersky.exe
30201. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020510-3255-99" target="_blank">MIMAIL.T</a> WORM! Note - this has nothing to do with the real Kaspersky AntiVirus
30202. Source=Paul Collins Startup list
30203.  
30204. [KasperskyAVEng]
30205. Number=4291
30206. Confirmed=X
30207. Filename=Kasperskyaveng.exe
30208. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041509-2004-99" target="_blank">NETSKY.V</a> WORM!
30209. Source=Paul Collins Startup list
30210.  
30211. [KAT]
30212. Number=4292
30213. Confirmed=X
30214. Filename=KAT.vbs
30215. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbssoadd.html" target="_blank">SOAD-D</a> WORM!
30216. Source=Paul Collins Startup list
30217.  
30218. [kav]
30219. Number=4293
30220. Confirmed=Y
30221. Filename=avp.exe
30222. Description=AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a>
30223. Source=Paul Collins Startup list
30224.  
30225. [KAVFOX]
30226. Number=4294
30227. Confirmed=X
30228. Filename=win1ogoin.exe
30229. Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojgwghostm.html" target=_blank>GWGHOST-M</a> TROJAN!
30230. Source=Paul Collins Startup list
30231.  
30232. [KAVPersonal]
30233. Number=4295
30234. Confirmed=X
30235. Filename=svchost.exe
30236. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagev.html" target=_blank>LINEAGE-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
30237. Source=Paul Collins Startup list
30238.  
30239. [KAVPersonal50]
30240. Number=4296
30241. Confirmed=Y
30242. Filename=Kav.exe
30243. Description=<a href="http://www.kaspersky.com/personal" target="_blank">Kaspersky</a> Anti-Virus Personal 5.0
30244. Source=Paul Collins Startup list
30245.  
30246. [KAVPersonal90]
30247. Number=4297
30248. Confirmed=X
30249. Filename=wscntfy.exe
30250. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfz.html" target=_blank>BANKER-FZ</a> TROJAN!
30251. Source=Paul Collins Startup list
30252.  
30253. [KavPFW]
30254. Number=4298
30255. Confirmed=Y
30256. Filename=KavPFW.exe
30257. Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
30258. Source=Paul Collins Startup list
30259.  
30260. [KavRuns]
30261. Number=4299
30262. Confirmed=X
30263. Filename=Windll.exe
30264. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-4618-99" target="_blank">TRYNOMA</a> TROJAN!
30265. Source=Paul Collins Startup list
30266.  
30267. [KavStart]
30268. Number=4300
30269. Confirmed=Y
30270. Filename=KAVStart.exe
30271. Description=<a href="http://www.kingsoft.com/en/" target=_blank>KingSoft</a> Personal Firewall
30272. Source=Paul Collins Startup list
30273.  
30274. [kavsvc]
30275. Number=4301
30276. Confirmed=Y
30277. Filename=kavsvc.exe
30278. Description=<a href="http://www.kaspersky.com/personal" target=_blank>Kaspersky</a> antivirus
30279. Source=Paul Collins Startup list
30280.  
30281. [kavsvc]
30282. Number=4302
30283. Confirmed=X
30284. Filename=[random 6 char filename]
30285. Description=Qoologic downloader trojan variant using random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) - do not confuse with the Kaspersky antivirus startup item, as described <a href="http://www.sysinfo.org/startuplist.php?filter=kavsvc.exe" target="_blank">here</a>
30286. Source=Paul Collins Startup list
30287.  
30288. [KavSvc]
30289. Number=4303
30290. Confirmed=X
30291. Filename=******.exe reg_run [* = random char]
30292. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
30293. Source=Paul Collins Startup list
30294.  
30295. [kavsvc]
30296. Number=4304
30297. Confirmed=X
30298. Filename=[random 6 char filename]
30299. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)
30300. Source=Paul Collins Startup list
30301.  
30302. [KAVutil]
30303. Number=4305
30304. Confirmed=X
30305. Filename=[worm filename]
30306. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102417-3925-99" target="_blank">WINTOO.B</a> WORM!
30307. Source=Paul Collins Startup list
30308.  
30309. [KAZAA]
30310. Number=4306
30311. Confirmed=N
30312. Filename=kazaa.exe
30313. Description=KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check <a href="http://www.cexx.org/cydoor.htm" target="_blank">here</a> for information about "Cy-door" and <a href="http://www.lavasoft.de/software/adaware/" target="_blank">here</a> for a program that can remove it
30314. Source=Paul Collins Startup list
30315.  
30316. [Kazaa Download Accelerator Updater (required)]
30317. Number=4307
30318. Confirmed=X
30319. Filename=regsvr32 [path] kdp****.dll [* = random char]
30320. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
30321.  
30322. Source=Paul Collins Startup list
30323.  
30324. [Kazaa lptt01]
30325. Number=4308
30326. Confirmed=X
30327. Filename=kazaa.exe
30328. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
30329. Source=Paul Collins Startup list
30330.  
30331. [Kazaa ml097e]
30332. Number=4309
30333. Confirmed=X
30334. Filename=kazaa.exe
30335. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid KaZaA file sharing program which has the same executable name
30336. Source=Paul Collins Startup list
30337.  
30338. [KAZAACuf]
30339. Number=4310
30340. Confirmed=X
30341. Filename=9
30342. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
30343.  
30344. Source=Paul Collins Startup list
30345.  
30346. [kazaalite]
30347. Number=4311
30348. Confirmed=N
30349. Filename=kazaalite.exe
30350. Description=<a href="http://www.webattack.com/get/kazaalite.shtml" target="_blank">Kazaalite</a> is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
30351. Source=Paul Collins Startup list
30352.  
30353. [KaZooM]
30354. Number=4312
30355. Confirmed=N
30356. Filename=KaZooM.Exe
30357. Description=KaZoom from <a href="http://www.bluehavenmedia.com/" target="_blank"> Blue Haven Media</a> - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
30358. Source=Paul Collins Startup list
30359.  
30360. [KB891711]
30361. Number=4313
30362. Confirmed=Y
30363. Filename=KB891711.exe
30364. Description=Installed by the Windows KB891711 critical update, see <a href="http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx" target=_blank>this</a> security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup
30365. Source=Paul Collins Startup list
30366.  
30367. [KB918547]
30368. Number=4314
30369. Confirmed=Y
30370. Filename=KB918547.EXE
30371. Description=Bug-fix for a Microsoft graphics rendering engine vulnerability - see <a href="http://support.microsoft.com/kb/918547" target="_blank">here</a>. Windows 98/Me only
30372. Source=Paul Collins Startup list
30373.  
30374. [KB926239]
30375. Number=4315
30376. Confirmed=Y
30377. Filename=rundll32.exe [path] apphelp.dll, ShimFlushCache
30378. Description=Microsoft <a href="http://support.microsoft.com/kb/926239" target="_blank">KB926239</a> fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer
30379. Source=Paul Collins Startup list
30380.  
30381. [KBD]
30382. Number=4316
30383. Confirmed=U
30384. Filename=KBD.EXE
30385. Description=Multimedia keyboard manager. Required if you use the multimedia keys
30386. Source=Paul Collins Startup list
30387.  
30388. [KBD MediaCenter]
30389. Number=4317
30390. Confirmed=U
30391. Filename=MEDIACTR.EXE
30392. Description=Multimedia keyboard manager. Required if you use the multimedia keys
30393. Source=Paul Collins Startup list
30394.  
30395. [kbddrv32]
30396. Number=4318
30397. Confirmed=X
30398. Filename=kbddrv32.exe
30399. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
30400. Source=Paul Collins Startup list
30401.  
30402. [kbddrvinf]
30403. Number=4319
30404. Confirmed=X
30405. Filename=kbddrvinf.exe
30406. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
30407. Source=Paul Collins Startup list
30408.  
30409. [KCeasy]
30410. Number=4320
30411. Confirmed=N
30412. Filename=KCeasy.exe
30413. Description=<a href="http://kceasy.com/about/" target=_blank>KCeasy</a> - a Windows peer-to-peer filesharing application which uses <a href="http://www.encyclopedia-online.info/GiFT_P2P" target=_blank>giFT</a> as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella
30414. Source=Paul Collins Startup list
30415.  
30416. [KClient]
30417. Number=4321
30418. Confirmed=U
30419. Filename=kstatus.exe
30420. Description=KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
30421. Source=Paul Collins Startup list
30422.  
30423. [kdx]
30424. Number=4322
30425. Confirmed=N
30426. Filename=KHost.exe
30427. Description=KonTiki <a href="http://help.kontiki.com/enduser/group.jsp?node=11761" target="_blank">Secure Delivery Plug In</a> related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"
30428. Source=Paul Collins Startup list
30429.  
30430. [KE9801]
30431. Number=4323
30432. Confirmed=U
30433. Filename=DriBat32.exe
30434. Description=KE9801 multimedia keyboard driver - required if you use the multimedia keys
30435. Source=Paul Collins Startup list
30436.  
30437. [Keenvalue]
30438. Number=4324
30439. Confirmed=X
30440. Filename=Keenvalue.exe
30441. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
30442. Source=Paul Collins Startup list
30443.  
30444. [KEMailKb]
30445. Number=4325
30446. Confirmed=U
30447. Filename=KEMailKb.EXE
30448. Description=Controls the buttons at the top of the <a href="http://www.mic-innovations.com/details.cfm?id=KB650I" target="_blank"> Micro Innovations 650i Internet Access Keyboard</a>. If you disable it you cannot use the buttons - like volume control or shut down
30449. Source=Paul Collins Startup list
30450.  
30451. [Kemet]
30452. Number=4326
30453. Confirmed=?
30454. Filename=kemet.exe
30455. Description=<font color="#FF0000">??</font>
30456. Source=Paul Collins Startup list
30457.  
30458. [Kerio VPN Client]
30459. Number=4327
30460. Confirmed=U
30461. Filename=kvpnclient.exe
30462. Description=<a href="http://www.kerio.com/kwf_vpn.html" target=_blank>Kerio</a> VPN Client
30463. Source=Paul Collins Startup list
30464.  
30465. [kern64dll]
30466. Number=4328
30467. Confirmed=X
30468. Filename=[random filename]
30469. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092913-1837-99" target="_blank">TARNO.J</a> TROJAN!
30470. Source=Paul Collins Startup list
30471.  
30472. [Kernal Fault Check]
30473. Number=4329
30474. Confirmed=X
30475. Filename=ntosrkl.exe
30476. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
30477. Source=Paul Collins Startup list
30478.  
30479. [kernctl32]
30480. Number=4330
30481. Confirmed=X
30482. Filename=rundll32 kctl32.dll, initialize
30483. Description=Added by the AGENT.AT TROJAN!
30484. Source=Paul Collins Startup list
30485.  
30486. [Kerne0223]
30487. Number=4331
30488. Confirmed=X
30489. Filename=Kerne0223.exe
30490. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirza.html" target="_blank">LEGMIR-ZA</a> TROJAN!
30491. Source=Paul Collins Startup list
30492.  
30493. [Kernel]
30494. Number=4332
30495. Confirmed=X
30496. Filename=bboy.exe
30497. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B" target="_blank">MUMU.B</a> WORM!
30498. Source=Paul Collins Startup list
30499.  
30500. [Kernel]
30501. Number=4333
30502. Confirmed=X
30503. Filename=services.exe
30504. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfooza.html" target=_blank>FOOZ-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
30505. Source=Paul Collins Startup list
30506.  
30507. [KERNEL 32]
30508. Number=4334
30509. Confirmed=X
30510. Filename=SKERNEL32.com
30511. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM
30512. Source=Paul Collins Startup list
30513.  
30514. [Kernel and Hardware Abstraction Layer]
30515. Number=4335
30516. Confirmed=U
30517. Filename=KHALMNPR.EXE
30518. Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
30519. Source=Paul Collins Startup list
30520.  
30521. [Kernel Faults]
30522. Number=4336
30523. Confirmed=X
30524. Filename=ftphost.exe
30525. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHU&VSect=P" target=_blank>RBOT.BHU</a> WORM!
30526. Source=Paul Collins Startup list
30527.  
30528. [Kernel Loader]
30529. Number=4337
30530. Confirmed=X
30531. Filename=ntkrnl.exe
30532. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-032215-5106-99" target="_blank">CERVIVEC.A</a> WORM!
30533. Source=Paul Collins Startup list
30534.  
30535. [Kernel Manager]
30536. Number=4338
30537. Confirmed=X
30538. Filename=krnlmgr.exe
30539. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNY.A&VSect=P" target=_blank>JUNY.A</a> TROJAN!
30540. Source=Paul Collins Startup list
30541.  
30542. [Kernel Services]
30543. Number=4339
30544. Confirmed=X
30545. Filename=service32.exe
30546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprxb.html" target="_blank">PRX-B</a> TROJAN!
30547. Source=Paul Collins Startup list
30548.  
30549. [kernel system daemon]
30550. Number=4340
30551. Confirmed=X
30552. Filename=ACTIVAT0R.exe
30553. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112412-4515-99" target="_blank">RANDEX.AW</a> WORM!
30554. Source=Paul Collins Startup list
30555.  
30556. [kernel12.exe]
30557. Number=4341
30558. Confirmed=X
30559. Filename=kernel12.exe
30560. Description=Added by an unidentified WORM or TROJAN!
30561. Source=Paul Collins Startup list
30562.  
30563. [kernel32]
30564. Number=4342
30565. Confirmed=X
30566. Filename=kern32.exe
30567. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A" target="_blank">BADTRANS.A</a> WORM!
30568. Source=Paul Collins Startup list
30569.  
30570. [Kernel32]
30571. Number=4343
30572. Confirmed=X
30573. Filename=Kernel32.exe
30574. Description=Added by a number of VIRUSES, WORMS and TROJANS!
30575. Source=Paul Collins Startup list
30576.  
30577. [kernel32]
30578. Number=4344
30579. Confirmed=X
30580. Filename=kernel.dli
30581. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122712-0302-99" target="_blank">NETDEVIL.B</a> TROJAN!
30582. Source=Paul Collins Startup list
30583.  
30584. [Kernel32]
30585. Number=4345
30586. Confirmed=X
30587. Filename=Kernel.dll
30588. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99476" target="_blank">REDLOF.M</a> VIRUS!
30589. Source=Paul Collins Startup list
30590.  
30591. [kernel32]
30592. Number=4346
30593. Confirmed=X
30594. Filename=kernel32.dlI
30595. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072012-2102-99" target="_blank">NETDEVIL.15</a> TROJAN!
30596. Source=Paul Collins Startup list
30597.  
30598. [Kernel32]
30599. Number=4347
30600. Confirmed=X
30601. Filename=krnl32.exe
30602. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120213-3044-99" target="_blank">EPON</a> WORM!
30603. Source=Paul Collins Startup list
30604.  
30605. [Kernel32]
30606. Number=4348
30607. Confirmed=X
30608. Filename=Kernel32.win
30609. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-5555-99" target="_blank">GAGGLE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target="_blank">GAGGLE.E</a> WORMS!
30610. Source=Paul Collins Startup list
30611.  
30612. [Kernel32]
30613. Number=4349
30614. Confirmed=X
30615. Filename=kernel32s.exe
30616. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html" target=_blank>SDBOT-PU</a> TROJAN!
30617.  
30618. Source=Paul Collins Startup list
30619.  
30620. [kernel32]
30621. Number=4350
30622. Confirmed=X
30623. Filename=kernel32.dll.vbs
30624. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wekodea.html" target="_blank">WEKODE-A</a> WORM!
30625. Source=Paul Collins Startup list
30626.  
30627. [Kernel32]
30628. Number=4351
30629. Confirmed=X
30630. Filename=svchosts.exe
30631. Description=Added by an unidentified WORM or TROJAN!
30632. Source=Paul Collins Startup list
30633.  
30634. [kernel32dll]
30635. Number=4352
30636. Confirmed=X
30637. Filename=guardpc.exe
30638. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcu.html" target=_blank>FORBOT-CU</a> WORM!
30639. Source=Paul Collins Startup list
30640.  
30641. [KernelCheck]
30642. Number=4353
30643. Confirmed=X
30644. Filename=sys****.exe [* = digit]
30645. Description=Added by an unidentified TROJAN!
30646. Source=Paul Collins Startup list
30647.  
30648. [KernelCheck]
30649. Number=4354
30650. Confirmed=X
30651. Filename=winser.exe
30652. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FLMIR%2ESL" target="_blank">TSPY_LMIR.SL</a> TROJAN!
30653. Source=Paul Collins Startup list
30654.  
30655. [kernelfaultcheck]
30656. Number=4355
30657. Confirmed=N
30658. Filename=dumprep 0 -k
30659. Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
30660. Source=Paul Collins Startup list
30661.  
30662. [kernelfaultcheck]
30663. Number=4356
30664. Confirmed=N
30665. Filename=dumprep 0 -u
30666. Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
30667. Source=Paul Collins Startup list
30668.  
30669. [KernelFaultCheck]
30670. Number=4357
30671. Confirmed=X
30672. Filename=ptool32.exe
30673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbn.html" target=_blank>LEGMIR-BN</a> TROJAN!
30674. Source=Paul Collins Startup list
30675.  
30676. [KernelFaultChk]
30677. Number=4358
30678. Confirmed=X
30679. Filename=sms.exe
30680. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020619-0805-99" target="_blank">DEADHAT</a> WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
30681. Source=Paul Collins Startup list
30682.  
30683. [Kernell]
30684. Number=4359
30685. Confirmed=X
30686. Filename=systems.exe
30687. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-1636-99" target="_blank">TARNO.C</a> TROJAN!
30688. Source=Paul Collins Startup list
30689.  
30690. [Kernell32]
30691. Number=4360
30692. Confirmed=X
30693. Filename=Kernell.dll
30694. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A" target="_blank">DESTINY.A</a> TROJAN!
30695. Source=Paul Collins Startup list
30696.  
30697. [KernellApps]
30698. Number=4361
30699. Confirmed=X
30700. Filename=csrss.exe
30701. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanac.html" target=_blank>BANCBAN-AC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
30702.  
30703. Source=Paul Collins Startup list
30704.  
30705. [KernellApps]
30706. Number=4362
30707. Confirmed=X
30708. Filename=lexplore.exe
30709. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbs.html" target= blank>BANCBAN-BS</a> TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
30710. Source=Paul Collins Startup list
30711.  
30712. [KernellApps32]
30713. Number=4363
30714. Confirmed=X
30715. Filename=smss.exe
30716. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanan.html" target=_blank>BANCBAN-AN</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!
30717. Source=Paul Collins Startup list
30718.  
30719. [Kernelw]
30720. Number=4364
30721. Confirmed=X
30722. Filename=Kernelw32.exe
30723. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071618-2746-99" target="_blank">INDOR.E</a> WORM!
30724. Source=Paul Collins Startup list
30725.  
30726. [Kernel_check]
30727. Number=4365
30728. Confirmed=X
30729. Filename=wmiprvse.exe
30730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sonebotb.html" target=_blank>SONEBOT-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wmiprvse/" target=_blank>wmiprvse.exe</a> process which is always located in the System32\wbem folder and should not normally figure in Msconfig/Startup!
30731. Source=Paul Collins Startup list
30732.  
30733. [key]
30734. Number=4366
30735. Confirmed=X
30736. Filename=sysxp.exe
30737. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071514-3909-99" target="_blank">BEAGLE.AB</a> WORM!
30738. Source=Paul Collins Startup list
30739.  
30740. [key]
30741. Number=4367
30742. Confirmed=X
30743. Filename=sys_xp.exe
30744. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071713-1933-99" target="_blank">BEAGLE.AC</a> WORM!
30745. Source=Paul Collins Startup list
30746.  
30747. [key]
30748. Number=4368
30749. Confirmed=X
30750. Filename=winxp.exe
30751. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071912-1847-99" target="_blank">BEAGLE.AG</a> WORM!
30752. Source=Paul Collins Startup list
30753.  
30754. [Key Logger]
30755. Number=4369
30756. Confirmed=X
30757. Filename=csrss.exe
30758. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102211-4845-99" target=_blank>BUCHON.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder - normally C:
30759. Source=Paul Collins Startup list
30760.  
30761. [Key Text]
30762. Number=4370
30763. Confirmed=N
30764. Filename=KeyText.exe
30765. Description=<a href="http://www.mjmsoft.com/keytext.htm" target="_blank">Key Text 2000</a> from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
30766. Source=Paul Collins Startup list
30767.  
30768. [Key1]
30769. Number=4371
30770. Confirmed=X
30771. Filename=Rlid.exe
30772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100816-5051-99" target="_blank">LIXY</a> TROJAN!
30773. Source=Paul Collins Startup list
30774.  
30775. [Key2]
30776. Number=4372
30777. Confirmed=?
30778. Filename=serve.exe
30779. Description=<font color="#FF0000">??</font>
30780. Source=Paul Collins Startup list
30781.  
30782. [key2]
30783. Number=4373
30784. Confirmed=X
30785. Filename=winlog.exe
30786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlal.html" target=_blank>BAGLEDI-AL</a> TROJAN!
30787. Source=Paul Collins Startup list
30788.  
30789. [KeyAccess]
30790. Number=4374
30791. Confirmed=Y
30792. Filename=keyacc32.exe
30793. Description=KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
30794. Source=Paul Collins Startup list
30795.  
30796. [Keybdcntl]
30797. Number=4375
30798. Confirmed=X
30799. Filename=keybdcntl.exe
30800. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
30801. Source=Paul Collins Startup list
30802.  
30803. [KeyBoard]
30804. Number=4376
30805. Confirmed=U
30806. Filename=Keyboard.exe
30807. Description=<a href="http://www.labtec.com/index.cfm/gear/listing/AMR/EN,crid=28" target=_blank>Labtec</a> keyboard utility
30808.  
30809. Source=Paul Collins Startup list
30810.  
30811. [keyboard]
30812. Number=4377
30813. Confirmed=X
30814. Filename=keyboard*.exe [* = number]
30815. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.VB.zg
30816. Source=Paul Collins Startup list
30817.  
30818. [keyboard]
30819. Number=4378
30820. Confirmed=X
30821. Filename=kybrdef_7.exe
30822. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DollarRevenue&threatid=42948" target="_blank">DollarRevenue</a> adware
30823. Source=Paul Collins Startup list
30824.  
30825. [keyboard]
30826. Number=4379
30827. Confirmed=X
30828. Filename=[path to trojan]
30829. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraoz.html" target="_blank">DLOADR-AOZ</a> TROJAN!
30830. Source=Paul Collins Startup list
30831.  
30832. [Keyboard Manager]
30833. Number=4380
30834. Confirmed=U
30835. Filename=MMKeybd.exe
30836. Description=Multimedia keyboard manager. Required if you use the additional keys
30837. Source=Paul Collins Startup list
30838.  
30839. [Keyboard Preload Check]
30840. Number=4381
30841. Confirmed=Y
30842. Filename=Preload.exe
30843. Description=Millenium Multi-Function Keyboard driver
30844. Source=Paul Collins Startup list
30845.  
30846. [keyboard_enum]
30847. Number=4382
30848. Confirmed=X
30849. Filename=keyboard_enum.exe
30850. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html" target= blank>GP</a> TROJAN!
30851. Source=Paul Collins Startup list
30852.  
30853. [KeyMaestro]
30854. Number=4383
30855. Confirmed=U
30856. Filename=kmaestro.exe
30857. Description=Multimedia keyboard manager. Required if you use the multimedia keys
30858. Source=Paul Collins Startup list
30859.  
30860. [keymap]
30861. Number=4384
30862. Confirmed=U
30863. Filename=keymap.exe
30864. Description=System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
30865. Source=Paul Collins Startup list
30866.  
30867. [keymgrldr]
30868. Number=4385
30869. Confirmed=X
30870. Filename=rundll32 setupapi, InstallHinfSection... keymgr3.inf
30871. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#oemsyspnp" target=_blank>Oemsyspnp</a> parasite variant
30872. Source=Paul Collins Startup list
30873.  
30874. [KeyPatrol]
30875. Number=4386
30876. Confirmed=U
30877. Filename=KeyPatrol.exe
30878. Description=KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's aquisition
30879. Source=Paul Collins Startup list
30880.  
30881. [keyserv]
30882. Number=4387
30883. Confirmed=X
30884. Filename=keyserv.exe
30885. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080311-0918-99" target=_blank>KeyThief</a> spyware
30886. Source=Paul Collins Startup list
30887.  
30888. [Keyspan Digital Media Remote]
30889. Number=4388
30890. Confirmed=U
30891. Filename=KDMRdmn.exe
30892. Description=Remote control driver for <a href="http://www.keyspan.com/products/homepage.2.productList.Remotes.spml" target="_blank">Keyspan Digital Media Remote</a> devices
30893. Source=Paul Collins Startup list
30894.  
30895. [keystroke]
30896. Number=4389
30897. Confirmed=U
30898. Filename=keystroke.exe
30899. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.quicklaunch.html" target="_blank">QuickLaunch</a>  surveillance software. Uninstall this software unless you put it there yourself
30900. Source=Paul Collins Startup list
30901.  
30902. [KeyWallet]
30903. Number=4390
30904. Confirmed=U
30905. Filename=KWallet.exe
30906. Description="<a href="http://www.keywallet.com/index.php" target="_blank">KeyWallet</a> is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"
30907. Source=Paul Collins Startup list
30908.  
30909. [kfienq]
30910. Number=4391
30911. Confirmed=X
30912. Filename=masbl.bat
30913. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021012-5330-99" target="_blank">KIFER</a> TROJAN!
30914. Source=Paul Collins Startup list
30915.  
30916. [Kgjg]
30917. Number=4392
30918. Confirmed=X
30919. Filename=rnnypbw.exe
30920. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=QuickLinks/Forethought&threatid=44217" target="_blank">QuickLinks/Forethought</a> adware
30921. Source=Paul Collins Startup list
30922.  
30923. [khooker]
30924. Number=4393
30925. Confirmed=N
30926. Filename=khooker.exe
30927. Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
30928. Source=Paul Collins Startup list
30929.  
30930. [KICKMON.EXE]
30931. Number=4394
30932. Confirmed=U
30933. Filename=KICKMON.EXE
30934. Description=KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
30935. Source=Paul Collins Startup list
30936.  
30937. [Kill Popup]
30938. Number=4395
30939. Confirmed=U
30940. Filename=KillPopup.exe
30941. Description=<a href="http://www.killpopup.shareware-rating.com/" target="_blank">KillPopup</a> - pop-up stopper
30942. Source=Paul Collins Startup list
30943.  
30944. [KillAndClean]
30945. Number=4396
30946. Confirmed=N
30947. Filename=KillAndClean.exe
30948. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
30949. Source=Paul Collins Startup list
30950.  
30951. [kimochiz.exe]
30952. Number=4397
30953. Confirmed=X
30954. Filename=kimochiz.exe
30955. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmdropbb.html" target=_blank>MDROP-BB</a> TROJAN!
30956. Source=Paul Collins Startup list
30957.  
30958. [Kinberlink]
30959. Number=4398
30960. Confirmed=N
30961. Filename=Kinberlink.exe
30962. Description=<a href="http://www.kinberlin.com/kinberlink/index.asp" target="_blank">Kinberlink</a> network messaging. Available via Start -> Programs
30963. Source=Paul Collins Startup list
30964.  
30965. [KIT3]
30966. Number=4399
30967. Confirmed=X
30968. Filename=hpprintqueue.exe
30969. Description=Added by the <a href="http://www.sophos.com/security/analyses/trojadclickds.html" target="_blank">ADCLICK-DS</a> TROJAN!
30970. Source=Paul Collins Startup list
30971.  
30972. [KK Loader]
30973. Number=4400
30974. Confirmed=U
30975. Filename=loadkk.exe
30976. Description=<a href="http://www.keykey.com/index1.html" target="_blank">KeyKey XP Professional</a> from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."
30977. Source=Paul Collins Startup list
30978.  
30979. [KKM Service]
30980. Number=4401
30981. Confirmed=X
30982. Filename=kkm.exe
30983. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpyi.html" target=_blank>NANPY-I</a> WORM!
30984. Source=Paul Collins Startup list
30985.  
30986. [KL AntiFunLove]
30987. Number=4402
30988. Confirmed=X
30989. Filename=flcss.exe
30990. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2651-99" target=_blank>FUNLOVE.4099</a> WORM!
30991. Source=Paul Collins Startup list
30992.  
30993. [KLog]
30994. Number=4403
30995. Confirmed=U
30996. Filename=Keyspy.exe
30997. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080313-1109-99" target=blank>KeyLoggPro.B</a> keystroke logger/monitoring program - remove unless you installed it yourself!
30998.  
30999. Source=Paul Collins Startup list
31000.  
31001. [klop]
31002. Number=4404
31003. Confirmed=X
31004. Filename=[path to file]
31005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentwq.html" target=_blank>AGENT-WQ</a> TROJAN!
31006. Source=Paul Collins Startup list
31007.  
31008. [klop]
31009. Number=4405
31010. Confirmed=X
31011. Filename=[random].tmp
31012. Description=Found with Trojan.Win32.StartPage.aw. Possibly a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentwq.html" target=_blank>AGENT-WQ</a> TROJAN! 
31013. Source=Paul Collins Startup list
31014.  
31015. [klp]
31016. Number=4406
31017. Confirmed=U
31018. Filename=run32dll.exe
31019. Description=<a href="http://www.newfreeware.com/internet/480/" target="_blank">PAL PC Spy</a> - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
31020. Source=Paul Collins Startup list
31021.  
31022. [klp]
31023. Number=4407
31024. Confirmed=U
31025. Filename=explorer.exe
31026. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051014-3610-99" target=blank>ComSurveilSys</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is found in a System\PAL\CSS subfolder
31027. Source=Paul Collins Startup list
31028.  
31029. [KM9801U]
31030. Number=4408
31031. Confirmed=U
31032. Filename=MMHotKey.exe
31033. Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
31034. Source=Paul Collins Startup list
31035.  
31036. [kmw_run.exe]
31037. Number=4409
31038. Confirmed=U
31039. Filename=kmw_run.exe
31040. Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
31041. Source=Paul Collins Startup list
31042.  
31043. [kmw_show.exe]
31044. Number=4410
31045. Confirmed=U
31046. Filename=kmw_show.exe
31047. Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
31048. Source=Paul Collins Startup list
31049.  
31050. [KN_PanelApp]
31051. Number=4411
31052. Confirmed=U
31053. Filename=PanelApp.exe
31054. Description=<a href="http://www.knowledgenetworks.com/knpanel/index.html" target="_blank">KnowledgePanel</a> online survey software
31055. Source=Paul Collins Startup list
31056.  
31057. [Kodak Batch Transfer]
31058. Number=4412
31059. Confirmed=N
31060. Filename=pezdow1.exe
31061. Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
31062. Source=Paul Collins Startup list
31063.  
31064. [Kodak EasyShare software]
31065. Number=4413
31066. Confirmed=U
31067. Filename=EasyShare.exe
31068. Description=Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually
31069. Source=Paul Collins Startup list
31070.  
31071. [Kodak Picture Easy *.* Batch Transfer]
31072. Number=4414
31073. Confirmed=N
31074. Filename=PezDownload.exe
31075. Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version
31076. Source=Paul Collins Startup list
31077.  
31078. [Kodak Picture Transfer Software]
31079. Number=4415
31080. Confirmed=N
31081. Filename=pts.exe
31082. Description=Looks for Kodak camera connection and media insertion. Available via Start -> Programs
31083. Source=Paul Collins Startup list
31084.  
31085. [Kodak Software Updater]
31086. Number=4416
31087. Confirmed=N
31088. Filename=backweb*****.exe
31089. Description=Software updater for <a href="http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml" target="_blank">Kodak Easyshare</a> digital cameras
31090. Source=Paul Collins Startup list
31091.  
31092. [KodakCCS]
31093. Number=4417
31094. Confirmed=Y
31095. Filename=KodakCCS.exe
31096. Description=Kodak DC File System Driver
31097. Source=Paul Collins Startup list
31098.  
31099. [Komunikator]
31100. Number=4418
31101. Confirmed=U
31102. Filename=tlen.exe
31103. Description=<a href="http://tlen.pl/" target=_blank>Tlen</a> - a Polish language instant messaging client
31104. Source=Paul Collins Startup list
31105.  
31106. [KONICA MINOLTA magicolor 2400W STD]
31107. Number=4419
31108. Confirmed=U
31109. Filename=MSTMON_S.EXE
31110. Description=Konica Minolta Magicolor 2400W colour printer monitor
31111. Source=Paul Collins Startup list
31112.  
31113. [Konni Symbol Autostart]
31114. Number=4420
31115. Confirmed=N
31116. Filename=KonniSymbol.exe
31117. Description=Gives configuration access to <a href="http://www.besoftware.com/index.html" target="_blank">RagTime Solo</a> professional business publishing software. RagTime Solo is the private user version of RagTime 5
31118. Source=Paul Collins Startup list
31119.  
31120. [kontiki]
31121. Number=4421
31122. Confirmed=N
31123. Filename=kontiki.exe
31124. Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
31125. Source=Paul Collins Startup list
31126.  
31127. [KPDrv4XP]
31128. Number=4422
31129. Confirmed=Y
31130. Filename=KPDrv4XP.exe
31131. Description=MediaKey USB Keypad Driver
31132. Source=Paul Collins Startup list
31133.  
31134. [KPFW32.EXE]
31135. Number=4423
31136. Confirmed=Y
31137. Filename=KPFW32.EXE
31138. Description=<a href="http://www.kingsoft.com/en/" target="_blank">KingSoft</a> Personal Firewall
31139. Source=Paul Collins Startup list
31140.  
31141. [KPFWSvc.EXE]
31142. Number=4424
31143. Confirmed=Y
31144. Filename=KPFWSvc.EXE
31145. Description=<a href="http://www.kingsoft.com/en/" target="_blank">KingSoft</a> Personal Firewall
31146. Source=Paul Collins Startup list
31147.  
31148. [Kraidman]
31149. Number=4425
31150. Confirmed=U
31151. Filename=Kraidman.exe
31152. Description="Toshiba RAID Support is a <a href="http://eu.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/workshop.jsp?service=EU&WORKSHOP_ID=EXP-Toshiba-RAID-Support-EN" target="_blank">Toshiba EasyGuard</a> feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops
31153. Source=Paul Collins Startup list
31154.  
31155. [KREC32]
31156. Number=4426
31157. Confirmed=U
31158. Filename=krec32.exe
31159. Description=StarrCommander Pro Keystroke logging software
31160. Source=Paul Collins Startup list
31161.  
31162. [KRNL]
31163. Number=4427
31164. Confirmed=X
31165. Filename=Kernl32.exe
31166. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=47767" target="_blank">ZOMBY.B</a> TROJAN!
31167. Source=Paul Collins Startup list
31168.  
31169. [Krnlcheck]
31170. Number=4428
31171. Confirmed=X
31172. Filename=csrss.exe
31173. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032920-0830-99" target=_blank>BOTNACHALA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
31174. Source=Paul Collins Startup list
31175.  
31176. [Krnlmod]
31177. Number=4429
31178. Confirmed=U
31179. Filename=Krnlmod.exe
31180. Description=Keystroke logger/monitoring program - remove unless you installed it yourself!
31181.  
31182. Source=Paul Collins Startup list
31183.  
31184. [Kryptel Component Start]
31185. Number=4430
31186. Confirmed=U
31187. Filename=Kicker.exe
31188. Description=<a href="http://www.kryptel.com/products/kryptel/" target="_blank">Kryptel</a> encryption software
31189. Source=Paul Collins Startup list
31190.  
31191. [ksrlnhm]
31192. Number=4431
31193. Confirmed=X
31194. Filename=zxatgso.exe
31195. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderli.html" target=_blank>DLOADER-LI</a> TROJAN!
31196. Source=Paul Collins Startup list
31197.  
31198. [Ksrv32]
31199. Number=4432
31200. Confirmed=X
31201. Filename=Ksrv32.exe
31202. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpi.html" target=_blank>AGOBOT-PI</a> WORM!
31203. Source=Paul Collins Startup list
31204.  
31205. [KTAX Auto Loader]
31206. Number=4433
31207. Confirmed=X
31208. Filename=ktax.exe
31209. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotmz.html" target=_blank>SDBOT-MZ</a> WORM!
31210. Source=Paul Collins Startup list
31211.  
31212. [ktchnsnk]
31213. Number=4434
31214. Confirmed=U
31215. Filename=ktchnsnk.exe
31216. Description=HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
31217. Source=Paul Collins Startup list
31218.  
31219. [KV2005]
31220. Number=4435
31221. Confirmed=X
31222. Filename=word.EXE
31223. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbiw.html" target=_blank>IW</a> TROJAN!
31224. Source=Paul Collins Startup list
31225.  
31226. [kv3000]
31227. Number=4436
31228. Confirmed=X
31229. Filename=lover.vbe
31230. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011918-3314-99" target="_blank">ZSYANG.B</a> WORM!
31231. Source=Paul Collins Startup list
31232.  
31233. [kvern16.dll]
31234. Number=4437
31235. Confirmed=X
31236. Filename=regsvr32.exe [path] kvern16.dll
31237. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware
31238.  
31239. Source=Paul Collins Startup list
31240.  
31241. [KV_HOST]
31242. Number=4438
31243. Confirmed=X
31244. Filename=cxjx.exe
31245. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbb.html" target=_blank>LEGMIR-BB</a> TROJAN!
31246. Source=Paul Collins Startup list
31247.  
31248. [kw3eef76]
31249. Number=4439
31250. Confirmed=X
31251. Filename=rundll32.exe [path] kw3eef76.dll, EnableRunDLL32
31252. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
31253. Source=Paul Collins Startup list
31254.  
31255. [kX Mixer]
31256. Number=4440
31257. Confirmed=N
31258. Filename=kxmixer.exe
31259. Description=Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards
31260. Source=Paul Collins Startup list
31261.  
31262. [KX509]
31263. Number=4441
31264. Confirmed=U
31265. Filename=kx509_kfwk5.exe
31266. Description=<a href="http://web.mit.edu/Kerberos/" target="_blank">Kerberos</a> Secure Authentication for Windows
31267. Source=Paul Collins Startup list
31268.  
31269. [KYE_Showicon]
31270. Number=4442
31271. Confirmed=?
31272. Filename=shwicon.exe
31273. Description=Card reader for memory cards from digital cameras.<font color="#FF0000"> Is it required? </font>
31274. Source=Paul Collins Startup list
31275.  
31276. [KYK Control Settings]
31277. Number=4443
31278. Confirmed=X
31279. Filename=KYSVCXD.EXE
31280. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
31281. Source=Paul Collins Startup list
31282.  
31283. [KYM Control Settings]
31284. Number=4444
31285. Confirmed=X
31286. Filename=phqghum.exe
31287. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQD&VSect=P" target=_blank>RBOT.BQD</a> WORM!
31288. Source=Paul Collins Startup list
31289.  
31290. [L4r1$$a]
31291. Number=4445
31292. Confirmed=X
31293. Filename=L4r1$$a.pif
31294. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
31295. Source=Paul Collins Startup list
31296.  
31297. [laltin]
31298. Number=4446
31299. Confirmed=X
31300. Filename=L90112201.Stub.exe
31301. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
31302. Source=Paul Collins Startup list
31303.  
31304. [LAN Driver]
31305. Number=4447
31306. Confirmed=X
31307. Filename=landriver32.exe
31308. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BT&VSect=P" target=_blank>RBOT.BT</a> WORM!
31309. Source=Paul Collins Startup list
31310.  
31311. [lanbrup]
31312. Number=4448
31313. Confirmed=X
31314. Filename=lanbrup.exe
31315. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
31316. Source=Paul Collins Startup list
31317.  
31318. [LanguageMonitor]
31319. Number=4449
31320. Confirmed=U
31321. Filename=Oplmsb01.exe
31322. Description=OKI Printer language support monitor
31323. Source=Paul Collins Startup list
31324.  
31325. [LanGuard]
31326. Number=4450
31327. Confirmed=X
31328. Filename=languard.exe
31329. Description=Adware downloader - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojsecondtc.html" target=_blank>SECONDT-C</a> TROJAN!
31330. Source=Paul Collins Startup list
31331.  
31332. [LanGuard]
31333. Number=4451
31334. Confirmed=X
31335. Filename=[path to trojan]
31336. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadervo.html" target=_blank>DLOADER-VO</a> TROJAN!
31337. Source=Paul Collins Startup list
31338.  
31339. [LANMessage Pro]
31340. Number=4452
31341. Confirmed=U
31342. Filename=LANMES~1.exe
31343. Description=<a href="http://www.dimaware.com/lanmessage/lanmessage.html" target="_blank">LANMessage Pro</a> - "a powerful tool for communicating with other people on your office/home network"
31344. Source=Paul Collins Startup list
31345.  
31346. [LanSpeed2]
31347. Number=4453
31348. Confirmed=U
31349. Filename=LanSpeed2.exe
31350. Description=Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
31351. Source=Paul Collins Startup list
31352.  
31353. [LaoKey]
31354. Number=4454
31355. Confirmed=U
31356. Filename=LaoKey.exe
31357. Description=Lao Script for Windows <a href="http://www.laoscript.net/" target="_blank">(LSWin)</a> is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications
31358. Source=Paul Collins Startup list
31359.  
31360. [LapLink scheduler]
31361. Number=4455
31362. Confirmed=U
31363. Filename=Llsched.exe
31364. Description=Utility that automatically performs file transfers as unattended background operations
31365. Source=Paul Collins Startup list
31366.  
31367. [Lar]
31368. Number=4456
31369. Confirmed=X
31370. Filename=Llass.exe
31371. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojinora.html" target="_blank">INOR-A</a> TROJAN!
31372. Source=Paul Collins Startup list
31373.  
31374. [lar]
31375. Number=4457
31376. Confirmed=X
31377. Filename=[trojan filename]
31378. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121018-2721-99" target="_blank">ROXY.C</a> TROJAN!
31379. Source=Paul Collins Startup list
31380.  
31381. [LARISSA ANTI VIRUS]
31382. Number=4458
31383. Confirmed=X
31384. Filename=LARISSA_ANTI_VIRUS.exe
31385. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030223-4952-99" target=_blank>KLASSIR</a> TROJAN!
31386. Source=Paul Collins Startup list
31387.  
31388. [Lasb]
31389. Number=4459
31390. Confirmed=?
31391. Filename=ewat.exe
31392. Description=<font color="#FF0000">??</font>
31393. Source=Paul Collins Startup list
31394.  
31395. [LasErma]
31396. Number=4460
31397. Confirmed=X
31398. Filename=Ermasys32.exe
31399. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lermaa.html" target=_blank>LERMA-A</a> WORM!
31400. Source=Paul Collins Startup list
31401.  
31402. [LAsIAf32]
31403. Number=4461
31404. Confirmed=X
31405. Filename=RePEAtLD.exe
31406. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101919-5717-99" target="_blank">REPEATLD</a> WORM!
31407. Source=Paul Collins Startup list
31408.  
31409. [LASTinst]
31410. Number=4462
31411. Confirmed=Y
31412. Filename=N/A
31413. Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
31414. Source=Paul Collins Startup list
31415.  
31416. [Later]
31417. Number=4463
31418. Confirmed=?
31419. Filename=later.exe
31420. Description=<font color="#FF0000">??</font>
31421. Source=Paul Collins Startup list
31422.  
31423. [LaunApp]
31424. Number=4464
31425. Confirmed=U
31426. Filename=LaunApp.exe
31427. Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
31428. Source=Paul Collins Startup list
31429.  
31430. [Launcg]
31431. Number=4465
31432. Confirmed=?
31433. Filename=launcg.exe
31434. Description=<font color="#FF0000">??</font>
31435. Source=Paul Collins Startup list
31436.  
31437. [Launch Ai Booster]
31438. Number=4466
31439. Confirmed=U
31440. Filename=OverClk.exe
31441. Description=ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup
31442. Source=Paul Collins Startup list
31443.  
31444. [Launch Context 5.0]
31445. Number=4467
31446. Confirmed=N
31447. Filename=Launch.exe
31448. Description=<a href="http://www.informatic.ru/" target="_blank">Context</a> - electronic dictionary
31449. Source=Paul Collins Startup list
31450.  
31451. [Launch LCDMon]
31452. Number=4468
31453. Confirmed=U
31454. Filename=LCDMon.exe
31455. Description=<a href="http://www.logitech.com/index.cfm/downloads/software/US/EN,CRID=322,CONTENTID=10824" target=_blank>Logitech</a> LCD G-Series software driver
31456.  
31457. Source=Paul Collins Startup list
31458.  
31459. [Launch LCDMon]
31460. Number=4469
31461. Confirmed=N
31462. Filename=LCDMon.exe
31463. Description=Driver/utility for Logitech G-Series gaming keyboards and mice
31464. Source=Paul Collins Startup list
31465.  
31466. [Launch LGDCore]
31467. Number=4470
31468. Confirmed=U
31469. Filename=LGDCore.exe
31470. Description=Driver/utility for Logitech G-Series gaming keyboards and mice
31471. Source=Paul Collins Startup list
31472.  
31473. [Launch Norton AntiVirus 2000]
31474. Number=4471
31475. Confirmed=X
31476. Filename=jorgf.exe
31477. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaui.html" target=_blank>RBOT-AUI</a> WORM!
31478. Source=Paul Collins Startup list
31479.  
31480. [Launch YahooPOPs! at Windows startup]
31481. Number=4472
31482. Confirmed=N
31483. Filename=YAHOOPOPS.EXE
31484. Description=<a href="http://yahoopops.sourceforge.net/" target="_blank">YahooPOPs</a> - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs
31485. Source=Paul Collins Startup list
31486.  
31487. [LaunchAp]
31488. Number=4473
31489. Confirmed=U
31490. Filename=LaunchAp.exe
31491. Description=Programmable keys on Acer, Fujitsu and other laptops
31492. Source=Paul Collins Startup list
31493.  
31494. [LaunchApp]
31495. Number=4474
31496. Confirmed=U
31497. Filename=Alaunch.exe
31498. Description=<a href="http://global.acer.com/" target="_blank">Acer</a> Launch tool utility on laptops
31499. Source=Paul Collins Startup list
31500.  
31501. [Launchboard]
31502. Number=4475
31503. Confirmed=U
31504. Filename=lnchbrd.exe
31505. Description="LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
31506. Source=Paul Collins Startup list
31507.  
31508. [Launcher]
31509. Number=4476
31510. Confirmed=X
31511. Filename=launcher.exe
31512. Description=Spyware component related to DownloadWare and found in Program FilesKFH
31513. Source=Paul Collins Startup list
31514.  
31515. [Launcher]
31516. Number=4477
31517. Confirmed=N
31518. Filename=relaunch.exe
31519. Description=Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
31520. Source=Paul Collins Startup list
31521.  
31522. [Lavasoft Ad-Aware]
31523. Number=4478
31524. Confirmed=X
31525. Filename=Ad-Aware.exe
31526. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotso.html" target=_blank>RBOT-SO</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool
31527. Source=Paul Collins Startup list
31528.  
31529. [Lavasoft Adwatch]
31530. Number=4479
31531. Confirmed=U
31532. Filename=Ad-watch.exe
31533. Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
31534. Source=Paul Collins Startup list
31535.  
31536. [laxmsp32.exe]
31537. Number=4480
31538. Confirmed=Y
31539. Filename=laxmsp32.exe
31540. Description=Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work 
31541. Source=Paul Collins Startup list
31542.  
31543. [layersldm]
31544. Number=4481
31545. Confirmed=X
31546. Filename=hostplsrvc.exe
31547. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
31548. Source=Paul Collins Startup list
31549.  
31550. [Laz]
31551. Number=4482
31552. Confirmed=X
31553. Filename=Kernn.exe
31554. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosln.html" target= blank>BANCOS-LN</a> WORM!
31555. Source=Paul Collins Startup list
31556.  
31557. [Lcass]
31558. Number=4483
31559. Confirmed=X
31560. Filename=Lcass.exe
31561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcw.html" target="_blank">SILLYFDC-W</a> WORM!
31562. Source=Paul Collins Startup list
31563.  
31564. [LCDC]
31565. Number=4484
31566. Confirmed=U
31567. Filename=LCDC.exe
31568. Description=<a href="http://www.lcdc.cc/about.htm" target="_blank">LCDC</a> is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
31569. Source=Paul Collins Startup list
31570.  
31571. [LCDMon]
31572. Number=4485
31573. Confirmed=Y
31574. Filename=LCDMon.exe
31575. Description=Driver/utility for Logitech G-Series gaming keyboards and mice
31576. Source=Paul Collins Startup list
31577.  
31578. [LCDPlayer]
31579. Number=4486
31580. Confirmed=Y
31581. Filename=LCDPlyer.exe
31582. Description=Related to <a href="http://www.superadblocker.com/" target=_blank>SuperAdBlocker</a>
31583. Source=Paul Collins Startup list
31584.  
31585. [lcfep]
31586. Number=4487
31587. Confirmed=N
31588. Filename=lcfep.exe
31589. Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
31590. Source=Paul Collins Startup list
31591.  
31592. [LCIDConfig]
31593. Number=4488
31594. Confirmed=?
31595. Filename=lcidchng.exe
31596. Description=<font color="#FF0000">??</font>
31597. Source=Paul Collins Startup list
31598.  
31599. [LClock]
31600. Number=4489
31601. Confirmed=U
31602. Filename=lclock.exe
31603. Description=<a href="http://www.softpedia.com/get/Desktop-Enhancements/Clocks-Time-Management/LClock.shtml" target=_blank>LClock</a> is a program that makes the Windows' clock look like a Windows Longhorn Clock
31604. Source=Paul Collins Startup list
31605.  
31606. [lcvga]
31607. Number=4490
31608. Confirmed=X
31609. Filename=lcvga.exe
31610. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostola.html" target=_blank>HOSTOL-A</a> TROJAN!
31611.  
31612. Source=Paul Collins Startup list
31613.  
31614. [ld]
31615. Number=4491
31616. Confirmed=X
31617. Filename=ld.exe
31618. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tooncomics" target=_blank>Tooncomics</a> parasite affiliate variant - redirects to fastwebfinder.com
31619. Source=Paul Collins Startup list
31620.  
31621. [LDM]
31622. Number=4492
31623. Confirmed=N
31624. Filename=backweb-8876480.exe
31625. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
31626. Source=Paul Collins Startup list
31627.  
31628. [LDM]
31629. Number=4493
31630. Confirmed=N
31631. Filename=ldmconf.exe
31632. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
31633. Source=Paul Collins Startup list
31634.  
31635. [LDM]
31636. Number=4494
31637. Confirmed=N
31638. Filename=LogitechDesktopMessenger.exe
31639. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
31640. Source=Paul Collins Startup list
31641.  
31642. [ldriver]
31643. Number=4495
31644. Confirmed=X
31645. Filename=ldriver.exe
31646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchorusa.html" target=_blank>CHORUS-A</a> TROJAN! Searchforfree browser hijacker
31647. Source=Paul Collins Startup list
31648.  
31649. [LED TRAY]
31650. Number=4496
31651. Confirmed=U
31652. Filename=LEDTRAY.EXE
31653. Description=Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
31654. Source=Paul Collins Startup list
31655.  
31656. [ledpointer]
31657. Number=4497
31658. Confirmed=U
31659. Filename=CNYHKey.exe
31660. Description=Chicony Electronics Multimedia Keyboard Hotkey Driver
31661. Source=Paul Collins Startup list
31662.  
31663. [LeechGet]
31664. Number=4498
31665. Confirmed=N
31666. Filename=LeechGet.exe
31667. Description=<a href="http://www.leechget.de/">LeechGet</a> download manager
31668. Source=Paul Collins Startup list
31669.  
31670. [leeman]
31671. Number=4499
31672. Confirmed=X
31673. Filename=leeman.exe
31674. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamd.html" target=_blank>COSIAM-D</a> TROJAN!
31675. Source=Paul Collins Startup list
31676.  
31677. [LEMSRV]
31678. Number=4500
31679. Confirmed=X
31680. Filename=lemsrv.exe
31681. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottc.html" target="_blank">IRCBOT-TC</a> TROJAN!
31682. Source=Paul Collins Startup list
31683.  
31684. [LetsSearch]
31685. Number=4501
31686. Confirmed=X
31687. Filename=LetsSearch.exe
31688. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
31689. Source=Paul Collins Startup list
31690.  
31691. [Letum]
31692. Number=4502
31693. Confirmed=X
31694. Filename=[path to worm]
31695. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LETUM.A" target="_blank">LETUM.A</a> WORM!
31696. Source=Paul Collins Startup list
31697.  
31698. [Lexmark **** Series]
31699. Number=4503
31700. Confirmed=U
31701. Filename=lxbabmgr.exe
31702. Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
31703. Source=Paul Collins Startup list
31704.  
31705. [Lexmark **** Series]
31706. Number=4504
31707. Confirmed=U
31708. Filename=lxbkbmgr.exe
31709. Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
31710. Source=Paul Collins Startup list
31711.  
31712. [Lexmark **** series]
31713. Number=4505
31714. Confirmed=U
31715. Filename=lxbtbmgr.exe
31716. Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
31717. Source=Paul Collins Startup list
31718.  
31719. [Lexmark **** Series]
31720. Number=4506
31721. Confirmed=U
31722. Filename=lxbmbmgr.exe
31723. Description=Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
31724. Source=Paul Collins Startup list
31725.  
31726. [Lexmark 2200 Series Button Manager]
31727. Number=4507
31728. Confirmed=Y
31729. Filename=lxbvbmgr.exe
31730. Description=Lexmark printer button manager. Required for correct operation
31731. Source=Paul Collins Startup list
31732.  
31733. [Lexmark 3100 Series]
31734. Number=4508
31735. Confirmed=Y
31736. Filename=lxbrbmgr.exe
31737. Description=Lexmark printer button manager. Required for correct operation
31738.  
31739. Source=Paul Collins Startup list
31740.  
31741. [Lexmark X6100 Series]
31742. Number=4509
31743. Confirmed=Y
31744. Filename=lxbfbmgr.exe
31745. Description=Lexmark X6100 printer button manager - required for correct operation
31746. Source=Paul Collins Startup list
31747.  
31748. [Lexmark Xxx Button Manager]
31749. Number=4510
31750. Confirmed=Y
31751. Filename=AcBtnMgr_Xxx.exe
31752. Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
31753. Source=Paul Collins Startup list
31754.  
31755. [Lexmark Xxx Button Monitor]
31756. Number=4511
31757. Confirmed=Y
31758. Filename=ACMonitor_Xxx.exe
31759. Description=Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
31760. Source=Paul Collins Startup list
31761.  
31762. [LexmarkPrinTray]
31763. Number=4512
31764. Confirmed=N
31765. Filename=printray.exe
31766. Description=Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
31767. Source=Paul Collins Startup list
31768.  
31769. [Lexmark_X79-55]
31770. Number=4513
31771. Confirmed=X
31772. Filename=lsasss.exe
31773. Description=Added by the <a href="http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-091612-5500-99" target="_blank">ZONEBAC</a> TROJAN!
31774. Source=Paul Collins Startup list
31775.  
31776. [lexplore]
31777. Number=4514
31778. Confirmed=X
31779. Filename=lexplore.exe
31780. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012013-2855-99" target=_blank>BROPIA</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
31781. Source=Paul Collins Startup list
31782.  
31783. [lexpps]
31784. Number=4515
31785. Confirmed=N
31786. Filename=lexpps.exe
31787. Description=For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges
31788. Source=Paul Collins Startup list
31789.  
31790. [LexStart]
31791. Number=4516
31792. Confirmed=U
31793. Filename=lexstart.exe
31794. Description=Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
31795. Source=Paul Collins Startup list
31796.  
31797. [Lfh]
31798. Number=4517
31799. Confirmed=X
31800. Filename=Lfh.exe
31801. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzaurgaa.html" target= blank>ZAURGA-A</a> TROJAN!
31802. Source=Paul Collins Startup list
31803.  
31804. [Lfsndmng]
31805. Number=4518
31806. Confirmed=U
31807. Filename=lfsndmng.exe
31808. Description=<a href="http://www.lightningfax.com/" target="_blank">LightningFAX</a> Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
31809. Source=Paul Collins Startup list
31810.  
31811. [LGDCore]
31812. Number=4519
31813. Confirmed=U
31814. Filename=LGDCore.exe
31815. Description=Driver/utility for Logitech G-Series gaming keyboards and mice
31816. Source=Paul Collins Startup list
31817.  
31818. [lgm]
31819. Number=4520
31820. Confirmed=X
31821. Filename=lgm.exe
31822. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32acidf.html" target="_blank">ACID-F</a> WORM!
31823. Source=Paul Collins Startup list
31824.  
31825. [LGODDFU]
31826. Number=4521
31827. Confirmed=U
31828. Filename=fwupdate.exe
31829. Description=Auto firmware update program for LG Electronics CD-ROM/DVD writer
31830. Source=Paul Collins Startup list
31831.  
31832. [LgWDskTp]
31833. Number=4522
31834. Confirmed=U
31835. Filename=LgWDskTp.exe
31836. Description=Logitech <a href="http://www.logitech.com/" target="_blank">Wireless Desktop</a> mouse and keyboard software. There is an icon for this program on the taskbar next to the clock
31837. Source=Paul Collins Startup list
31838.  
31839. [lhttseng]
31840. Number=4523
31841. Confirmed=N
31842. Filename=rundll32.exe ..lhttseng.inf, RemoveCabinet
31843. Description=Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine
31844. Source=Paul Collins Startup list
31845.  
31846. [li-multi****]
31847. Number=4524
31848. Confirmed=X
31849. Filename=li-multi****.exe
31850. Description=Adult web-dialler - **** is random
31851. Source=Paul Collins Startup list
31852.  
31853. [li-rcash00001]
31854. Number=4525
31855. Confirmed=X
31856. Filename=vldial.exe
31857. Description=Added by the <a href="http://www.actualresearch.fr/arunlist-306.html" target=_blank>Vl</a> TROJAN! 
31858. Source=Paul Collins Startup list
31859.  
31860. [li-speed****]
31861. Number=4526
31862. Confirmed=X
31863. Filename=dlres.exe
31864. Description=Adult web-dialler - **** is random
31865. Source=Paul Collins Startup list
31866.  
31867. [li-thund****]
31868. Number=4527
31869. Confirmed=X
31870. Filename=li-thund****.exe
31871. Description=Adult web-dialler - **** is random
31872. Source=Paul Collins Startup list
31873.  
31874. [li-vita****]
31875. Number=4528
31876. Confirmed=X
31877. Filename=li-vita****.exe
31878. Description=Adult web-dialler - **** is random
31879. Source=Paul Collins Startup list
31880.  
31881. [li01f948]
31882. Number=4529
31883. Confirmed=X
31884. Filename=rundll32.exe [path] li01f948.dll, EnableRunDLL32
31885. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
31886. Source=Paul Collins Startup list
31887.  
31888. [LicCrtl]
31889. Number=4530
31890. Confirmed=N
31891. Filename=runservice.exe
31892. Description=Part of the <a href="http://www.elicense.com/" target=_blank>eLicense</a> Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
31893. Source=Paul Collins Startup list
31894.  
31895. [LicCtrl]
31896. Number=4531
31897. Confirmed=U
31898. Filename=rundll32.exe [path] MMFS.DLL, Service
31899. Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
31900.  
31901. Source=Paul Collins Startup list
31902.  
31903. [License Manager]
31904. Number=4532
31905. Confirmed=X
31906. Filename=license_manager.exe
31907. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097812" target=_blank>MediaPipe</a> peer-to-peer file swapping program also <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaPipe/MovieLand&threatid=44525" target=_blank>reported</a> as a hijacker
31908. Source=Paul Collins Startup list
31909.  
31910. [lich]
31911. Number=4533
31912. Confirmed=X
31913. Filename=lich.exe
31914. Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojqlowzonbn.html" target=_blank>QLOWZON-BN</a> TROJAN!
31915. Source=Paul Collins Startup list
31916.  
31917. [LidPolicy]
31918. Number=4534
31919. Confirmed=U
31920. Filename=pwrschem.exe
31921. Description=A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery
31922. Source=Paul Collins Startup list
31923.  
31924. [Life FireWall Update1]
31925. Number=4535
31926. Confirmed=X
31927. Filename=FireWall-Update1.exe
31928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotars.html" target=_blank>RBOT-ARS</a> WORM!
31929. Source=Paul Collins Startup list
31930.  
31931. [LifeCam]
31932. Number=4536
31933. Confirmed=?
31934. Filename=LifeExp.exe
31935. Description=Related to Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">LifeCam</a> series of webcams. <font color="#FF0000">What does it do and is it required?</font>
31936. Source=Paul Collins Startup list
31937.  
31938. [LifeDrive Manager]
31939. Number=4537
31940. Confirmed=N
31941. Filename=LifeDriveMgr.exe
31942. Description=Keeps the Palm <a href="http://www.palm.com/us/products/mobilemanagers/lifedrive/" target=blank>LifeDrive Manager</a> utility in the systray. Shortcut available via Start -> Programs
31943. Source=Paul Collins Startup list
31944.  
31945. [LifeDriveÖ Manager]
31946. Number=4538
31947. Confirmed=U
31948. Filename=LifeDriveMgrTray.exe
31949. Description=System Tray utility for the Palm <a href="http://www.palm.com/us/products/mobilemanagers/lifedrive/" target="_blank">LifeDrive</a> Mobile Manager
31950. Source=Paul Collins Startup list
31951.  
31952. [LifeScape Media Detector]
31953. Number=4539
31954. Confirmed=N
31955. Filename=PicasaMediaDetector.exe
31956. Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
31957. Source=Paul Collins Startup list
31958.  
31959. [lify]
31960. Number=4540
31961. Confirmed=X
31962. Filename=yujixit.exe
31963. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
31964. Source=Paul Collins Startup list
31965.  
31966. [Lightning Download]
31967. Number=4541
31968. Confirmed=U
31969. Filename=Lightning.exe
31970. Description=<a href="http://www.lightningdownload.com/index.shtml" target=_blank>Lightning Download</a> download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer
31971.  
31972. Source=Paul Collins Startup list
31973.  
31974. [Limewire]
31975. Number=4542
31976. Confirmed=X
31977. Filename=LimeWire.exe
31978. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagh.html" target=_blank>RBOT-AGH</a> WORM!
31979. Source=Paul Collins Startup list
31980.  
31981. [LimeWire x.x]
31982. Number=4543
31983. Confirmed=N
31984. Filename=LimeWire.exe
31985. Description=<a href="http://www.limewire.com/" target="_blank">LimeWire</a> - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
31986. Source=Paul Collins Startup list
31987.  
31988. [Limpet]
31989. Number=4544
31990. Confirmed=X
31991. Filename=explorer16.exe
31992. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajd.html" target=_blank>RBOT-AJD</a> WORM!
31993. Source=Paul Collins Startup list
31994.  
31995. [Line Speed Meter V3.0]
31996. Number=4545
31997. Confirmed=N
31998. Filename=LineSpeedMeter.exe
31999. Description=<a href="http://www.tcpiq.com/tcpiq/linespeed/Default.asp" target="_blank">LineSpeedMeter</a> - detect the download and upload speed of your internet connection
32000. Source=Paul Collins Startup list
32001.  
32002. [Lingvo Launcher]
32003. Number=4546
32004. Confirmed=U
32005. Filename=Lvagent.exe
32006. Description=<a href="http://www.abbyy.com/lingvo/" target="_blank">ABBYY Lingvo</a> Electronic Dictionaries
32007. Source=Paul Collins Startup list
32008.  
32009. [LingvoTraining]
32010. Number=4547
32011. Confirmed=U
32012. Filename=Tutor.exe
32013. Description=<a href="http://www.abbyy.com/lingvo/" target="_blank">ABBYY Lingvo</a> Electronic Dictionaries
32014. Source=Paul Collins Startup list
32015.  
32016. [Linker]
32017. Number=4548
32018. Confirmed=X
32019. Filename=LinkMaker.exe
32020. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112515-1837-99" target=_blank>Links</a> adware
32021. Source=Paul Collins Startup list
32022.  
32023. [links]
32024. Number=4549
32025. Confirmed=X
32026. Filename=links.exe
32027. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonebi.html" target=_blank>LOWZONE-BI</a> TROJAN!
32028. Source=Paul Collins Startup list
32029.  
32030. [Linksts]
32031. Number=4550
32032. Confirmed=N
32033. Filename=linksts.exe
32034. Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
32035. Source=Paul Collins Startup list
32036.  
32037. [Linksts]
32038. Number=4551
32039. Confirmed=X
32040. Filename=linksts.exe
32041. Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
32042. Source=Paul Collins Startup list
32043.  
32044. [Linksys Modem Drivers]
32045. Number=4552
32046. Confirmed=X
32047. Filename=linksys.exe
32048. Description=Added by the IRCBOT.VD WORM!
32049. Source=Paul Collins Startup list
32050.  
32051. [linkyuu]
32052. Number=4553
32053. Confirmed=X
32054. Filename=linkuyy.exe
32055. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.MC" target="_blank">DLOADER.MC</a> TROJAN!
32056. Source=Paul Collins Startup list
32057.  
32058. [Linux]
32059. Number=4554
32060. Confirmed=X
32061. Filename=Linux.vbs
32062. Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
32063. Source=Paul Collins Startup list
32064.  
32065. [LiquidView]
32066. Number=4555
32067. Confirmed=U
32068. Filename=lviewj.exe
32069. Description="Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"
32070. Source=Paul Collins Startup list
32071.  
32072. [Lisa]
32073. Number=4556
32074. Confirmed=X
32075. Filename=Lisa.exe
32076. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialscomd.html" target= blank>SCOM-D</a> premium rate adult content dialler
32077. Source=Paul Collins Startup list
32078.  
32079. [List checker 32 BIT]
32080. Number=4557
32081. Confirmed=X
32082. Filename=list32.exe
32083. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaho.html" target=_blank>RBOT-AHO</a> WORM!
32084. Source=Paul Collins Startup list
32085.  
32086. [Litebot]
32087. Number=4558
32088. Confirmed=X
32089. Filename=[path to trojan]
32090. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitebota.html" target=_blank>LITEBOT-A</a> TROJAN!
32091. Source=Paul Collins Startup list
32092.  
32093. [LIU]
32094. Number=4559
32095. Confirmed=N
32096. Filename=LIU.exe
32097. Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
32098. Source=Paul Collins Startup list
32099.  
32100. [LIU]
32101. Number=4560
32102. Confirmed=N
32103. Filename=Rubicon.exe
32104. Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
32105. Source=Paul Collins Startup list
32106.  
32107. [Live Menu]
32108. Number=4561
32109. Confirmed=N
32110. Filename=Dllcmd32.exe
32111. Description=eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available <a href="http://home.efax.com/I18N/FAQ/faq_uk.html" target="_blank">here</a>
32112. Source=Paul Collins Startup list
32113.  
32114. [Live-Help]
32115. Number=4562
32116. Confirmed=X
32117. Filename=lmns.exe
32118. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotghe.html" target="_blank">RBOT-GHE</a> WORM!
32119. Source=Paul Collins Startup list
32120.  
32121. [LiveMonitor]
32122. Number=4563
32123. Confirmed=N
32124. Filename=LMonitor.exe
32125. Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
32126. Source=Paul Collins Startup list
32127.  
32128. [LiveNote]
32129. Number=4564
32130. Confirmed=N
32131. Filename=Livenote.exe
32132. Description=Asus graphics card driver live update feature
32133. Source=Paul Collins Startup list
32134.  
32135. [LiveSexCams]
32136. Number=4565
32137. Confirmed=X
32138. Filename=LiveSexCams.exe
32139. Description=Premium rate adult content dialler
32140. Source=Paul Collins Startup list
32141.  
32142. [LiveUpdate]
32143. Number=4566
32144. Confirmed=U
32145. Filename=LiveUpdate.exe
32146. Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
32147. Source=Paul Collins Startup list
32148.  
32149. [LiveUpdate]
32150. Number=4567
32151. Confirmed=X
32152. Filename=[Windows username]05.exe
32153. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011211-3355-99" target=_blank>LINEAGE</a> TROJAN!
32154. Source=Paul Collins Startup list
32155.  
32156. [Livre]
32157. Number=4568
32158. Confirmed=X
32159. Filename=Dibane.bat
32160. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122111-3421-99" target=_blank>BANEDI</a> VIRUS!
32161. Source=Paul Collins Startup list
32162.  
32163. [Ljx]
32164. Number=4569
32165. Confirmed=X
32166. Filename=rundll32.exe
32167. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagabd.html" target="_blank">LINEAG-ABD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target="_blank">rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the "inf" sub-folder
32168. Source=Paul Collins Startup list
32169.  
32170. [lk3h1]
32171. Number=4570
32172. Confirmed=X
32173. Filename=[path to file]
32174. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckg.html" target=_blank>MOSUCK-G</a> TROJAN!
32175. Source=Paul Collins Startup list
32176.  
32177. [LLMODCL2]
32178. Number=4571
32179. Confirmed=?
32180. Filename=rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF
32181. Description=<font color="#FF0000">??</font>
32182. Source=Paul Collins Startup list
32183.  
32184. [llsass]
32185. Number=4572
32186. Confirmed=X
32187. Filename=llsass.exe
32188. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
32189. Source=Paul Collins Startup list
32190.  
32191. [LM Status]
32192. Number=4573
32193. Confirmed=N
32194. Filename=LMSTATUS.EXE
32195. Description=Xerox WorkCenter XE - language monitor status application
32196. Source=Paul Collins Startup list
32197.  
32198. [LMA Manager]
32199. Number=4574
32200. Confirmed=X
32201. Filename=lmamanager.exe
32202. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tilebotad.html" target=_blank>TILEBOT-AD</a> WORM!
32203. Source=Paul Collins Startup list
32204.  
32205. [LManager]
32206. Number=4575
32207. Confirmed=U
32208. Filename=QtZgAcer.EXE
32209. Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
32210. Source=Paul Collins Startup list
32211.  
32212. [LManager]
32213. Number=4576
32214. Confirmed=U
32215. Filename=QtZpAcer.exe
32216. Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
32217.  
32218. Source=Paul Collins Startup list
32219.  
32220. [LManager]
32221. Number=4577
32222. Confirmed=U
32223. Filename=HotkeyApp.exe
32224. Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
32225. Source=Paul Collins Startup list
32226.  
32227. [LManager]
32228. Number=4578
32229. Confirmed=U
32230. Filename=QtaET2S.EXE
32231. Description=Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards
32232.  
32233. Source=Paul Collins Startup list
32234.  
32235. [lMAPl]
32236. Number=4579
32237. Confirmed=X
32238. Filename=lMAPl.exe
32239. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotre.html" target= blank>AGOBOT-RE</a> WORM!
32240. Source=Paul Collins Startup list
32241.  
32242. [LMgrOSD]
32243. Number=4580
32244. Confirmed=U
32245. Filename=OSDCtrl.exe
32246. Description=OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language
32247. Source=Paul Collins Startup list
32248.  
32249. [LMonitor]
32250. Number=4581
32251. Confirmed=N
32252. Filename=LMonitor.exe
32253. Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
32254. Source=Paul Collins Startup list
32255.  
32256. [lmpdpsrv]
32257. Number=4582
32258. Confirmed=?
32259. Filename=lmpdpsrv.exe
32260. Description=<font color="#FF0000">Related to a Lexmark printer/scanner. Printer sharing server? Is it required?</font>
32261. Source=Paul Collins Startup list
32262.  
32263. [lmrt]
32264. Number=4583
32265. Confirmed=X
32266. Filename=lmrt.exe
32267. Description=Unidentified adware
32268. Source=Paul Collins Startup list
32269.  
32270. [LMSTATUS]
32271. Number=4584
32272. Confirmed=N
32273. Filename=LMSTATUS.EXE
32274. Description=Xerox WorkCenter XE - language monitor status application
32275. Source=Paul Collins Startup list
32276.  
32277. [LMSXXD]
32278. Number=4585
32279. Confirmed=Y
32280. Filename=LMSXXD.exe
32281. Description=Driver for Xerox XD series printer/copiers
32282.  
32283. Source=Paul Collins Startup list
32284.  
32285. [lmu]
32286. Number=4586
32287. Confirmed=X
32288. Filename=LMU.exe
32289. Description=Downloader trojan, recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Agent.bg
32290. Source=Paul Collins Startup list
32291.  
32292. [lnternet Explorer]
32293. Number=4587
32294. Confirmed=X
32295. Filename=AMSNDMGR.EXE
32296. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102417-3931-99" target="_blank">KWBOT.R</a> WORM! Note that the "l" is a lower case "L" and not an upper case "I"
32297. Source=Paul Collins Startup list
32298.  
32299. [lnwin.exe]
32300. Number=4588
32301. Confirmed=X
32302. Filename=lnwin.exe
32303. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadratc.html" target="_blank">DLOADR-ATC</a> TROJAN!
32304. Source=Paul Collins Startup list
32305.  
32306. [load]
32307. Number=4589
32308. Confirmed=X
32309. Filename=mdm.exe
32310. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
32311. Source=Paul Collins Startup list
32312.  
32313. [load]
32314. Number=4590
32315. Confirmed=X
32316. Filename=msgsr32.exe
32317. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqr.html" target=_blank>SDBOT-QR</a> WORM!
32318. Source=Paul Collins Startup list
32319.  
32320. [load]
32321. Number=4591
32322. Confirmed=X
32323. Filename=[path to worm]
32324. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3749-99" target= blank>KELVIR.AI</a> WORM!
32325. Source=Paul Collins Startup list
32326.  
32327. [Load]
32328. Number=4592
32329. Confirmed=X
32330. Filename=MyGame.exe
32331. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lameyeara.html" target=_blank>LAMEYEAR-A</a> WORM!
32332. Source=Paul Collins Startup list
32333.  
32334. [load]
32335. Number=4593
32336. Confirmed=X
32337. Filename=_Kerne1.exe
32338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagean.html" target=_blank>LINEAGE-AN</a> TROJAN!
32339. Source=Paul Collins Startup list
32340.  
32341. [load]
32342. Number=4594
32343. Confirmed=X
32344. Filename=Internat.exe
32345. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
32346. Source=Paul Collins Startup list
32347.  
32348. [load]
32349. Number=4595
32350. Confirmed=X
32351. Filename=rundll32.exe
32352. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
32353. Source=Paul Collins Startup list
32354.  
32355. [load]
32356. Number=4596
32357. Confirmed=X
32358. Filename=svhost32.exe
32359. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99" target=_blank>WOWCRAFT</a> TROJAN!
32360. Source=Paul Collins Startup list
32361.  
32362. [load]
32363. Number=4597
32364. Confirmed=X
32365. Filename=svchsot.exe
32366. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgwghosto.html" target=_blank>GWGHOST-O</a> TROJAN!
32367. Source=Paul Collins Startup list
32368.  
32369. [load]
32370. Number=4598
32371. Confirmed=X
32372. Filename=explorer.exe
32373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageoz.html" target="_blank">LINEAGE-OZ</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
32374. Source=Paul Collins Startup list
32375.  
32376. [load]
32377. Number=4599
32378. Confirmed=X
32379. Filename=Kerne121.exe
32380. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageon.html" target=_blank>LINEAGE-ON</a> TROJAN!
32381. Source=Paul Collins Startup list
32382.  
32383. [load]
32384. Number=4600
32385. Confirmed=X
32386. Filename=Kerne1211.exe
32387. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagedy.html" target="_blank">LINEAGE-DY</a> TROJAN!
32388. Source=Paul Collins Startup list
32389.  
32390. [load]
32391. Number=4601
32392. Confirmed=X
32393. Filename=rundl132.exe
32394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lookedck.html" target="_blank">LOOKED-CK</a> WORM!
32395. Source=Paul Collins Startup list
32396.  
32397. [Load Service]
32398. Number=4602
32399. Confirmed=X
32400. Filename=SvHost.exe
32401. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pesind.html" target=_blank>PESIN-D</a> WORM!
32402. Source=Paul Collins Startup list
32403.  
32404. [LOAD WB]
32405. Number=4603
32406. Confirmed=U
32407. Filename=LOADWB.EXE
32408. Description=Part of Stardock's <a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it
32409. Source=Paul Collins Startup list
32410.  
32411. [Load-Guard]
32412. Number=4604
32413. Confirmed=X
32414. Filename=Wscript.exe LGuarg.exe.vbs
32415. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110112-5735-99" target=_blank>YENO.B</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110113-0557-99" target=_blank>YENO.C</a> WORMS!
32416. Source=Paul Collins Startup list
32417.  
32418. [LOAD32]
32419. Number=4605
32420. Confirmed=X
32421. Filename=Lorena.exe
32422. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070111-2336-99" target="_blank">MAPSON.C</a> WORM!
32423. Source=Paul Collins Startup list
32424.  
32425. [load32]
32426. Number=4606
32427. Confirmed=X
32428. Filename=load32.exe
32429. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073018-0732-99" target="_blank">NIBU</a>, <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070217-3754-99" target="_blank">BAMBO</a> TROJANS and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081610-1957-99" target="_blank">DUMARU</a> WORM!
32430. Source=Paul Collins Startup list
32431.  
32432. [load32]
32433. Number=4607
32434. Confirmed=X
32435. Filename=l32x.exe
32436. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012516-4421-99" target="_blank">DUMARU.Z</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012316-2557-99" target="_blank">DUMARU.Y</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020314-4015-99" target="_blank">DUMARU.AD</a> WORM!
32437. Source=Paul Collins Startup list
32438.  
32439. [load32]
32440. Number=4608
32441. Confirmed=X
32442. Filename=1111a.exe
32443. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021016-2312-99" target="_blank">DUMARU.AH</a> WORM!
32444. Source=Paul Collins Startup list
32445.  
32446. [load32]
32447. Number=4609
32448. Confirmed=X
32449. Filename=swchost.exe
32450. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_TURTA.A" target="_blank">TURTA.A</a> WORM!
32451. Source=Paul Collins Startup list
32452.  
32453. [load32]
32454. Number=4610
32455. Confirmed=X
32456. Filename=netda.exe
32457. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051115-0917-99" target=_blank>NIBU.E</a> TROJAN!
32458. Source=Paul Collins Startup list
32459.  
32460. [load32]
32461. Number=4611
32462. Confirmed=X
32463. Filename=winldra.exe
32464. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032410-4542-99" target=_blank>BACKDOOR.NIBU.J</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdumarubi.html" target=_blank>DUMARU-BI</a> TROJANS! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a <a href="http://research.sunbelt-software.com/ssaclean.cfm" target=_blank>free removal tool</a> for this keylogger
32465. Source=Paul Collins Startup list
32466.  
32467. [load=]
32468. Number=4612
32469. Confirmed=N
32470. Filename=adw30.exe
32471. Description=After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
32472. Source=Paul Collins Startup list
32473.  
32474. [load=]
32475. Number=4613
32476. Confirmed=U
32477. Filename=asistat.exe
32478. Description=Status monitor for an NEC SuperScript printer
32479. Source=Paul Collins Startup list
32480.  
32481. [load=]
32482. Number=4614
32483. Confirmed=?
32484. Filename=cfgsys32.exe
32485. Description=<font color="#FF0000">??</font>
32486. Source=Paul Collins Startup list
32487.  
32488. [load=]
32489. Number=4615
32490. Confirmed=U
32491. Filename=esspk.exe
32492. Description=Speakerphone capability through a soundcard for an <a href="http://www.esstech.com/" target="_blank">ESS</a> modem
32493. Source=Paul Collins Startup list
32494.  
32495. [load=]
32496. Number=4616
32497. Confirmed=Y
32498. Filename=hotkey.exe
32499. Description=Solo 5300 display driver for Win2K on some Gateway laptops
32500. Source=Paul Collins Startup list
32501.  
32502. [load=]
32503. Number=4617
32504. Confirmed=N
32505. Filename=HPWHRC.EXE
32506. Description=Loads the Status Window software for the HP Laserjet printers
32507. Source=Paul Collins Startup list
32508.  
32509. [load=]
32510. Number=4618
32511. Confirmed=?
32512. Filename=WPSLOAD.EXE
32513. Description=<font color="#FF0000">Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk</font>
32514. Source=Paul Collins Startup list
32515.  
32516. [load=]
32517. Number=4619
32518. Confirmed=N
32519. Filename=vi_grm.exe
32520. Description=Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
32521. Source=Paul Collins Startup list
32522.  
32523. [load=]
32524. Number=4620
32525. Confirmed=?
32526. Filename=WINOSCFG.EXE
32527. Description=<font color="#FF0000">Could it be something to do with configuring Windows on a new PC from an OEM supplier?</font>
32528. Source=Paul Collins Startup list
32529.  
32530. [load=]
32531. Number=4621
32532. Confirmed=Y
32533. Filename=wpshrc.exe
32534. Description=Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)
32535. Source=Paul Collins Startup list
32536.  
32537. [load=]
32538. Number=4622
32539. Confirmed=Y
32540. Filename=Bfrecv.exe
32541. Description=Bitware modem driver
32542. Source=Paul Collins Startup list
32543.  
32544. [load=]
32545. Number=4623
32546. Confirmed=X
32547. Filename=msater.exe
32548. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
32549. Source=Paul Collins Startup list
32550.  
32551. [load=]
32552. Number=4624
32553. Confirmed=X
32554. Filename=shambl3r.exe
32555. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM!
32556. Source=Paul Collins Startup list
32557.  
32558. [load=]
32559. Number=4625
32560. Confirmed=X
32561. Filename=Spoolsv.exe
32562. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112315-1255-99" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
32563. Source=Paul Collins Startup list
32564.  
32565. [Load=]
32566. Number=4626
32567. Confirmed=?
32568. Filename=wtfeat.exe
32569. Description=<font color="#FF0000">Associated with the Wintab Digitizer</font>
32570. Source=Paul Collins Startup list
32571.  
32572. [load=]
32573. Number=4627
32574. Confirmed=Y
32575. Filename=AICLIENT.EXE
32576. Description=Asset Insight from <a href="http://www.tangram.com/index.htm" target="_blank">Tangram</a> - asset managing software. Required if an organisation is running a centrally administered asset management system
32577. Source=Paul Collins Startup list
32578.  
32579. [load=]
32580. Number=4628
32581. Confirmed=X
32582. Filename=hint.exe
32583. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071411-2649-99" target="_blank">ATAK</a> WORM!
32584. Source=Paul Collins Startup list
32585.  
32586. [load=]
32587. Number=4629
32588. Confirmed=X
32589. Filename=win32exec.exe
32590. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101313-3332-99" target=_blank>BITTER</a> WORM!
32591. Source=Paul Collins Startup list
32592.  
32593. [load=]
32594. Number=4630
32595. Confirmed=X
32596. Filename=a1g.exe
32597. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120309-3312-99" target=_blank>ATAK.B</a> WORM!
32598. Source=Paul Collins Startup list
32599.  
32600. [load=]
32601. Number=4631
32602. Confirmed=X
32603. Filename=dapdll.exe
32604. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120709-3922-99" target=_blank>ATAK.E</a> WORM!
32605. Source=Paul Collins Startup list
32606.  
32607. [load=]
32608. Number=4632
32609. Confirmed=X
32610. Filename=svhost32.exe
32611. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageab.html" target=_blank>LINEAGE-AB</a> TROJAN!
32612. Source=Paul Collins Startup list
32613.  
32614. [load=]
32615. Number=4633
32616. Confirmed=Y
32617. Filename=01comm32.exe
32618. Description=Related to <a href="http://www.elsa.com/EN/" target=_blank>Elsa</a> CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those
32619. Source=Paul Collins Startup list
32620.  
32621. [load=]
32622. Number=4634
32623. Confirmed=X
32624. Filename=inetinfo.exe
32625. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
32626. Source=Paul Collins Startup list
32627.  
32628. [load=]
32629. Number=4635
32630. Confirmed=X
32631. Filename=Kerne14.exe
32632. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageba.html" target=_blank>LINEAGE-BA</a> TROJAN!
32633. Source=Paul Collins Startup list
32634.  
32635. [Loadab1]
32636. Number=4636
32637. Confirmed=X
32638. Filename=explorer.exe
32639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageaj.html" target="_blank">LINEAGE-AJ</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
32640. Source=Paul Collins Startup list
32641.  
32642. [LoadBlackD]
32643. Number=4637
32644. Confirmed=Y
32645. Filename=blackd.exe
32646. Description=This is the "intrusion detection system" of the <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)
32647. Source=Paul Collins Startup list
32648.  
32649. [LoadBtnHnd]
32650. Number=4638
32651. Confirmed=?
32652. Filename=BtnHnd.exe
32653. Description=<font color="#FF0000">Fujitsu LifeBook related</font>
32654. Source=Paul Collins Startup list
32655.  
32656. [LoadDBackUp]
32657. Number=4639
32658. Confirmed=X
32659. Filename=BcTool.exe
32660. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM!
32661.  
32662. Source=Paul Collins Startup list
32663.  
32664. [loaddll]
32665. Number=4640
32666. Confirmed=X
32667. Filename=loaddll.exe
32668. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062413-4700-99" target=_blank>Winvest</a> spyware
32669. Source=Paul Collins Startup list
32670.  
32671. [LoadDvpApi9x]
32672. Number=4641
32673. Confirmed=?
32674. Filename=DVPAPI9X.exe
32675. Description=<font color="#FF0000">Part of Command AntiVirus for Windows 95/98/Me. Is it needed?</font>
32676. Source=Paul Collins Startup list
32677.  
32678. [loader]
32679. Number=4642
32680. Confirmed=X
32681. Filename=loader.exe
32682. Description=Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe
32683. Source=Paul Collins Startup list
32684.  
32685. [loader]
32686. Number=4643
32687. Confirmed=X
32688. Filename=WMPLAYER.EXE
32689. Description=Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
32690. Source=Paul Collins Startup list
32691.  
32692. [loader32]
32693. Number=4644
32694. Confirmed=X
32695. Filename=Loader32.exe
32696. Description=Added by an unidentified TROJAN!
32697. Source=Paul Collins Startup list
32698.  
32699. [loader32 ]
32700. Number=4645
32701. Confirmed=X
32702. Filename=sys*****.exe [***** = random digit]
32703. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031711-1511-99" target=_blank>DOMCOM</a> TROJAN!
32704. Source=Paul Collins Startup list
32705.  
32706. [Loaders]
32707. Number=4646
32708. Confirmed=X
32709. Filename=HeIp.exe
32710. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadb.html" target=_blank>SDBOT-ADB</a> WORM!
32711. Source=Paul Collins Startup list
32712.  
32713. [loadfax]
32714. Number=4647
32715. Confirmed=X
32716. Filename=loadfax.exe
32717. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwinfluxc.html" target=_blank>WINFLUX-C</a> TROJAN!
32718. Source=Paul Collins Startup list
32719.  
32720. [LoadFonts]
32721. Number=4648
32722. Confirmed=X
32723. Filename=LoadFonts.vbs
32724. Description=Homepage hijacker that changes your homepage to an adult content site
32725. Source=Paul Collins Startup list
32726.  
32727. [LoadFonts]
32728. Number=4649
32729. Confirmed=X
32730. Filename=Tahoma.vbs
32731. Description=Homepage hijacker that changes your homepage to an adult content site
32732. Source=Paul Collins Startup list
32733.  
32734. [LoadGolfCourses]
32735. Number=4650
32736. Confirmed=X
32737. Filename=LoadGolfCourses.exe
32738. Description=PlayMiniGolf.com foistware - stealth installed!
32739. Source=Paul Collins Startup list
32740.  
32741. [LoadHTML]
32742. Number=4651
32743. Confirmed=X
32744. Filename=rundll32.exe mshtmpre.dll, MShtmpre
32745. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032111-1154-99" target=_blank>Mshtmpre</a> adware
32746. Source=Paul Collins Startup list
32747.  
32748. [LoadingAgent]
32749. Number=4652
32750. Confirmed=X
32751. Filename=ZipLoader32.exe
32752. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
32753. Source=Paul Collins Startup list
32754.  
32755. [LoadingAgent]
32756. Number=4653
32757. Confirmed=X
32758. Filename=msload32.exe
32759. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
32760. Source=Paul Collins Startup list
32761.  
32762. [LoadManager]
32763. Number=4654
32764. Confirmed=X
32765. Filename=msload.exe
32766. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
32767. Source=Paul Collins Startup list
32768.  
32769. [loadMecq0]
32770. Number=4655
32771. Confirmed=X
32772. Filename=explorer.exe
32773. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022809-5525-99" target="_blank">MUMUBOY.C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
32774. Source=Paul Collins Startup list
32775.  
32776. [loadMecq3]
32777. Number=4656
32778. Confirmed=X
32779. Filename=rundll32.exe
32780. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiras.html" target=_blank>LEGMIR-AS</a> TROJAN!
32781. Source=Paul Collins Startup list
32782.  
32783. [loadMect1]
32784. Number=4657
32785. Confirmed=X
32786. Filename=explorer.exe
32787. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagel.html" target="_blank">LINEAGE-L</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
32788. Source=Paul Collins Startup list
32789.  
32790. [loadMefs]
32791. Number=4658
32792. Confirmed=X
32793. Filename=rundll32.exe
32794. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirjb.html" target=_blank>LEGMIR-JB</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the Windows\inf or Winnt\inf folder
32795. Source=Paul Collins Startup list
32796.  
32797. [loadMefs]
32798. Number=4659
32799. Confirmed=X
32800. Filename=smss32.exe
32801. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodel.html" target= blank>FLOOD-EL</a> TROJAN!
32802. Source=Paul Collins Startup list
32803.  
32804. [LoadMSvcmm]
32805. Number=4660
32806. Confirmed=N
32807. Filename=msvcmm32.exe
32808. Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
32809. Source=Paul Collins Startup list
32810.  
32811. [LoadOrderVerification]
32812. Number=4661
32813. Confirmed=X
32814. Filename=[random filename]
32815. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A" target="_blank">TRON.A</a> TROJAN!
32816. Source=Paul Collins Startup list
32817.  
32818. [Loadout Manager]
32819. Number=4662
32820. Confirmed=U
32821. Filename=nost_LM.exe
32822. Description=Manager for the Belkin Nostromo n50 SpeedPad game controller - see <a href="http://www.lanparty.com/articles/belkinn50/belkinn50.shtml" target="_blank"> here</a>
32823. Source=Paul Collins Startup list
32824.  
32825. [LoadPFW]
32826. Number=4663
32827. Confirmed=X
32828. Filename=wmimgr.exe
32829. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32qedsb.html" target=_blank>QEDS-B</a> WORM!
32830. Source=Paul Collins Startup list
32831.  
32832. [LoadPowerProfile]
32833. Number=4664
32834. Confirmed=X
32835. Filename=ASDAPI.EXE
32836. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081913-0507-99" target="_blank">CABRO</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
32837. Source=Paul Collins Startup list
32838.  
32839. [LoadPowerProfile]
32840. Number=4665
32841. Confirmed=U
32842. Filename=Rundll32.exe powrprof.dll
32843. Description=Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;187611" target="_blank">here</a>. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
32844. Source=Paul Collins Startup list
32845.  
32846. [LoadPowerProfile]
32847. Number=4666
32848. Confirmed=X
32849. Filename=Rundll.exe powerprof.dll
32850. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112217-2953-99" target=_blank>LOXOSCAM</a> TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
32851. Source=Paul Collins Startup list
32852.  
32853. [LoadPowerProfile]
32854. Number=4667
32855. Confirmed=X
32856. Filename=rundl.exe
32857. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101610-3648-99" target="_blank">TOFAZZOL</a> TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
32858. Source=Paul Collins Startup list
32859.  
32860. [LoadPowerProfile]
32861. Number=4668
32862. Confirmed=X
32863. Filename=Rundll32.exe
32864. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010314-0257-99" target="_blank">MIROOT</a> WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
32865. Source=Paul Collins Startup list
32866.  
32867. [LoadPowerScheme]
32868. Number=4669
32869. Confirmed=X
32870. Filename=rundll32.exe powerprof.dll CheckPowerProfile
32871. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
32872. Source=Paul Collins Startup list
32873.  
32874. [LoadQM]
32875. Number=4670
32876. Confirmed=U
32877. Filename=loadqm.exe
32878. Description=Installed with MSN Explorer and loads the <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;q309418" target="_blank"> MSN Queue Manager</a>. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
32879. Source=Paul Collins Startup list
32880.  
32881. [loads.exe]
32882. Number=4671
32883. Confirmed=X
32884. Filename=loads.exe
32885. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
32886. Source=Paul Collins Startup list
32887.  
32888. [loads.exe]
32889. Number=4672
32890. Confirmed=X
32891. Filename=medload.exe
32892. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
32893. Source=Paul Collins Startup list
32894.  
32895. [loads.exe]
32896. Number=4673
32897. Confirmed=X
32898. Filename=suploads.exe
32899. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbz.html" target=_blank>AGENT-BZ</a> TROJAN!
32900.  
32901. Source=Paul Collins Startup list
32902.  
32903. [LoadService]
32904. Number=4674
32905. Confirmed=X
32906. Filename=Rest In Peace
32907. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> WORM!
32908. Source=Paul Collins Startup list
32909.  
32910. [LoadService]
32911. Number=4675
32912. Confirmed=X
32913. Filename=Maaf, tempatmu bukan di sin
32914. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkagena.html" target=_blank>KAGEN-A</a> TROJAN!
32915. Source=Paul Collins Startup list
32916.  
32917. [LoadService]
32918. Number=4676
32919. Confirmed=X
32920. Filename=Virus
32921. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
32922. Source=Paul Collins Startup list
32923.  
32924. [LoadSIPS]
32925. Number=4677
32926. Confirmed=X
32927. Filename=rundll32.exe [path] SIPSPI32.dll, SIPSPI32
32928. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=123Mania&threatid=14915" target=_blank>123Mania</a> adware
32929. Source=Paul Collins Startup list
32930.  
32931. [LoadWatcher]
32932. Number=4678
32933. Confirmed=?
32934. Filename=Test.exe
32935. Description=<font color="#FF0000">Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?</font>
32936. Source=Paul Collins Startup list
32937.  
32938. [LoadWatcher]
32939. Number=4679
32940. Confirmed=X
32941. Filename=watcher.exe
32942. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010615-4526-99" target=_blank>Watcher</a> spyware
32943. Source=Paul Collins Startup list
32944.  
32945. [loadwin]
32946. Number=4680
32947. Confirmed=X
32948. Filename=winset.exe
32949. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassi.html" target=_blank>QQPASS-I</a> TROJAN!
32950. Source=Paul Collins Startup list
32951.  
32952. [loadwin]
32953. Number=4681
32954. Confirmed=X
32955. Filename=winsys.exe
32956. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassj.html" target=_blank>QQPASS-J</a> TROJAN!
32957. Source=Paul Collins Startup list
32958.  
32959. [LoadWindowsFile]
32960. Number=4682
32961. Confirmed=X
32962. Filename=[filename]
32963. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080812-2923-99" target="_blank">DELF.B</a> TROJAN! where [filename] is the infected file
32964. Source=Paul Collins Startup list
32965.  
32966. [Local Area Network]
32967. Number=4683
32968. Confirmed=X
32969. Filename=OpenGL.exe
32970. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
32971. Source=Paul Collins Startup list
32972.  
32973. [Local Authority Service]
32974. Number=4684
32975. Confirmed=X
32976. Filename=lsass.exe
32977. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmarktmanc.html" target=_blank>AMRKTMAN-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
32978. Source=Paul Collins Startup list
32979.  
32980. [Local Internet Connection]
32981. Number=4685
32982. Confirmed=X
32983. Filename=LIC.exe
32984. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotya.html" target= blank>SDBOT-YA</a> WORM!
32985. Source=Paul Collins Startup list
32986.  
32987. [LOCAL INTERNET WEB DRIVERS FOR WIN32]
32988. Number=4686
32989. Confirmed=X
32990. Filename=phqghume.exe
32991. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
32992. Source=Paul Collins Startup list
32993.  
32994. [Local Page]
32995. Number=4687
32996. Confirmed=X
32997. Filename=http://find.naupoint.com
32998. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
32999. Source=Paul Collins Startup list
33000.  
33001. [Local runole service]
33002. Number=4688
33003. Confirmed=X
33004. Filename=srvc32.exe
33005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldp.html" target= blank>SMALL-DP</a> TROJAN!
33006. Source=Paul Collins Startup list
33007.  
33008. [Local Security Authority Servce]
33009. Number=4689
33010. Confirmed=X
33011. Filename=lssas.exe
33012. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebott.html" target=_blank>POEBOT-T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
33013. Source=Paul Collins Startup list
33014.  
33015. [Local Security Authority Service]
33016. Number=4690
33017. Confirmed=X
33018. Filename=lssas.exe
33019. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
33020. Source=Paul Collins Startup list
33021.  
33022. [Local Security Authority Service]
33023. Number=4691
33024. Confirmed=X
33025. Filename=Isass.exe
33026. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
33027. Source=Paul Collins Startup list
33028.  
33029. [Local Service]
33030. Number=4692
33031. Confirmed=X
33032. Filename=Intenat.exe
33033. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnuclearj.html" target=_blank>NUCLEAR-J</a> TROJAN!
33034. Source=Paul Collins Startup list
33035.  
33036. [Local Service]
33037. Number=4693
33038. Confirmed=X
33039. Filename=services.exe
33040. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32p2pwormt.html" target="_blank">P2PWORM-T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Cursors" subfolder of the Windows or Winnt folder
33041. Source=Paul Collins Startup list
33042.  
33043. [Local-Settings-of-[User Name]]
33044. Number=4694
33045. Confirmed=X
33046. Filename=[User Name].exe
33047. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072109-3404-99" target="_blank">GAVGENT.A</a> WORM!
33048. Source=Paul Collins Startup list
33049.  
33050. [LocalProxy]
33051. Number=4695
33052. Confirmed=U
33053. Filename=proxy4free.exe
33054. Description="<a href="http://proxytools.sourceforge.net/" target=_blank>ProxyTools</a> is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules"
33055.  
33056. Source=Paul Collins Startup list
33057.  
33058. [LocalSystem]
33059. Number=4696
33060. Confirmed=X
33061. Filename=svchost.exe
33062. Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
33063. Source=Paul Collins Startup list
33064.  
33065. [Locator Service]
33066. Number=4697
33067. Confirmed=X
33068. Filename=[filename]
33069. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotky.html" target=_blank>AGOBOT-KY</a> TROJAN!
33070. Source=Paul Collins Startup list
33071.  
33072. [Lock My PC]
33073. Number=4698
33074. Confirmed=U
33075. Filename=lockpc.exe
33076. Description=<a href="http://www.fspro.net/lock-my-pc/" target="_blank">Lock My PC</a> - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse
33077. Source=Paul Collins Startup list
33078.  
33079. [logg]
33080. Number=4699
33081. Confirmed=X
33082. Filename=logo_1.exe
33083. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pwfuzza.html" target="_blank">PWFUZZ-A</a> WORM!
33084. Source=Paul Collins Startup list
33085.  
33086. [Login]
33087. Number=4700
33088. Confirmed=U
33089. Filename=winlog.exe
33090. Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
33091. Source=Paul Collins Startup list
33092.  
33093. [login]
33094. Number=4701
33095. Confirmed=X
33096. Filename=[path to trojan]
33097. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhotworda.html" target=_blank>HOTWORD-A</a> TROJAN!
33098. Source=Paul Collins Startup list
33099.  
33100. [Login]
33101. Number=4702
33102. Confirmed=X
33103. Filename=Login.exe
33104. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanah.html" target=_blank>BANCBAN-AH</a> TROJAN!
33105. Source=Paul Collins Startup list
33106.  
33107. [Login]
33108. Number=4703
33109. Confirmed=X
33110. Filename=lala.exe
33111. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbugspra.html" target="_blank">BUGSPR-A</a> TROJAN!
33112. Source=Paul Collins Startup list
33113.  
33114. [Login Screen Saver]
33115. Number=4704
33116. Confirmed=X
33117. Filename=login.scr
33118. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavn.html" target=_blank>RBOT-AVN</a> WORM!
33119. Source=Paul Collins Startup list
33120.  
33121. [Login Service]
33122. Number=4705
33123. Confirmed=X
33124. Filename=[path to file]
33125. Description=Added by the <a href="http://www.f-secure.com/v-descs/migmaf.shtml" target="_blank">MIGMAF</a> TROJAN!
33126. Source=Paul Collins Startup list
33127.  
33128. [LoginPassport]
33129. Number=4706
33130. Confirmed=X
33131. Filename=Lgnpsp32.exe
33132. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071009-5318-99" target="_blank">REDIST.C</a> WORM!
33133. Source=Paul Collins Startup list
33134.  
33135. [Logitech]
33136. Number=4707
33137. Confirmed=X
33138. Filename=Logitech.exe
33139. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJH&VSect=P" target=_blank>RBOT.BJH</a> WORM!
33140. Source=Paul Collins Startup list
33141.  
33142. [Logitech Camera]
33143. Number=4708
33144. Confirmed=X
33145. Filename=Soundcane.exe
33146. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MUC&VSect=T" target=_blank>SDBOT.MUC</a> WORM!
33147. Source=Paul Collins Startup list
33148.  
33149. [Logitech Desktop]
33150. Number=4709
33151. Confirmed=X
33152. Filename=ApPache.exe
33153. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyp.html" target= blank>RBOT-YP</a> WORM!
33154. Source=Paul Collins Startup list
33155.  
33156. [Logitech Desktop]
33157. Number=4710
33158. Confirmed=X
33159. Filename=IPCONN.EXE
33160. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwe.html" target= blank>SDBOT-WE</a> WORM!
33161. Source=Paul Collins Startup list
33162.  
33163. [Logitech Desktop Controller]
33164. Number=4711
33165. Confirmed=X
33166. Filename=wrcam.exe
33167. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
33168. Source=Paul Collins Startup list
33169.  
33170. [Logitech Desktop Messenger]
33171. Number=4712
33172. Confirmed=N
33173. Filename=backweb-8876480.exe
33174. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
33175. Source=Paul Collins Startup list
33176.  
33177. [Logitech Desktop Messenger]
33178. Number=4713
33179. Confirmed=N
33180. Filename=ldmconf.exe
33181. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
33182. Source=Paul Collins Startup list
33183.  
33184. [Logitech Hardware Abstraction Layer]
33185. Number=4714
33186. Confirmed=U
33187. Filename=Khalmnpr.exe
33188. Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
33189. Source=Paul Collins Startup list
33190.  
33191. [Logitech SetPoint]
33192. Number=4715
33193. Confirmed=U
33194. Filename=KEM.exe
33195. Description=Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
33196. Source=Paul Collins Startup list
33197.  
33198. [Logitech SetPoint]
33199. Number=4716
33200. Confirmed=U
33201. Filename=KHALMNPR.EXE
33202. Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
33203. Source=Paul Collins Startup list
33204.  
33205. [Logitech SetPoint]
33206. Number=4717
33207. Confirmed=U
33208. Filename=Setpoint.exe
33209. Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files
33210. Source=Paul Collins Startup list
33211.  
33212. [Logitech Utility]
33213. Number=4718
33214. Confirmed=U
33215. Filename=Logi_MwX.exe
33216. Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
33217. Source=Paul Collins Startup list
33218.  
33219. [Logitech Wakeup]
33220. Number=4719
33221. Confirmed=N
33222. Filename=lgwakeup.exe
33223. Description=Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
33224. Source=Paul Collins Startup list
33225.  
33226. [Logitech Wireless]
33227. Number=4720
33228. Confirmed=X
33229. Filename=logitechwls.exe
33230. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbs.html" target=_blank>MYTOB-BS</a> WORM!
33231. Source=Paul Collins Startup list
33232.  
33233. [LogitechCameraAssistant]
33234. Number=4721
33235. Confirmed=U
33236. Filename=CameraAssistant.exe
33237. Description=Related to Logitech QuickCams and provides additional configuration options for these devices
33238.  
33239. Source=Paul Collins Startup list
33240.  
33241. [LogitechCameraService(E)]
33242. Number=4722
33243. Confirmed=U
33244. Filename=ElkCtrl.exe
33245. Description=Related to Logitech Camera Service and provides additional configuration options for these devices
33246.  
33247. Source=Paul Collins Startup list
33248.  
33249. [LogitechCommunicationsManager]
33250. Number=4723
33251. Confirmed=Y
33252. Filename=communications_helper.exe
33253. Description=Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode
33254. Source=Paul Collins Startup list
33255.  
33256. [LogitechDesktopMessenger]
33257. Number=4724
33258. Confirmed=N
33259. Filename=LogitechDesktopMessenger.exe
33260. Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
33261. Source=Paul Collins Startup list
33262.  
33263. [LogitechGalleryRepair]
33264. Number=4725
33265. Confirmed=U
33266. Filename=ISStart.exe
33267. Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
33268. Source=Paul Collins Startup list
33269.  
33270. [LogitechImageStudioTray]
33271. Number=4726
33272. Confirmed=N
33273. Filename=LogiTray.exe
33274. Description=Logitech Image Studio - installed with Logitech QuickCams
33275. Source=Paul Collins Startup list
33276.  
33277. [LogitechQuickCamRibbon]
33278. Number=4727
33279. Confirmed=N
33280. Filename=quickcam10.exe
33281. Description=Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc
33282. Source=Paul Collins Startup list
33283.  
33284. [Logitechs]
33285. Number=4728
33286. Confirmed=X
33287. Filename=Logitechs.exe
33288. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BWE" target=_blank>SDBOT.BWE</a> WORM!
33289. Source=Paul Collins Startup list
33290.  
33291. [LogitechSoftwareUpdate]
33292. Number=4729
33293. Confirmed=N
33294. Filename=ManifestEngine.exe
33295. Description=Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras
33296.  
33297. Source=Paul Collins Startup list
33298.  
33299. [LogitechVideoRepair]
33300. Number=4730
33301. Confirmed=U
33302. Filename=ISStart.exe
33303. Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
33304. Source=Paul Collins Startup list
33305.  
33306. [LogitechVideoTray]
33307. Number=4731
33308. Confirmed=N
33309. Filename=LogiTray.exe
33310. Description=Logitech Image Studio - installed with Logitech QuickCams
33311. Source=Paul Collins Startup list
33312.  
33313. [LogitechVideo[inspector]]
33314. Number=4732
33315. Confirmed=N
33316. Filename=InstallHelper.exe
33317. Description=Logitech QuickCam software installation helper
33318. Source=Paul Collins Startup list
33319.  
33320. [LogiTray]
33321. Number=4733
33322. Confirmed=N
33323. Filename=LogiTray.exe
33324. Description=Logitech Image Studio - installed with Logitech QuickCams
33325. Source=Paul Collins Startup list
33326.  
33327. [Logi_Mwx]
33328. Number=4734
33329. Confirmed=U
33330. Filename=Logi_MwX.exe
33331. Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
33332. Source=Paul Collins Startup list
33333.  
33334. [LogMeIn GUI]
33335. Number=4735
33336. Confirmed=U
33337. Filename=LogMeInSystray.exe
33338. Description=<a href="http://www.remotelyanywhere.com/" target=_blank>RemotelyAnywhere</a> is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
33339. Source=Paul Collins Startup list
33340.  
33341. [LogMeIn GUI]
33342. Number=4736
33343. Confirmed=U
33344. Filename=ragui.exe
33345. Description=<a href="http://www.remotelyanywhere.com/" target=_blank>RemotelyAnywhere</a> is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
33346. Source=Paul Collins Startup list
33347.  
33348. [Logo]
33349. Number=4737
33350. Confirmed=X
33351. Filename=[path to trojan]
33352. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderrh.html" target=_blank>DLOADER-RH</a> TROJAN!
33353. Source=Paul Collins Startup list
33354.  
33355. [Logon Loader]
33356. Number=4738
33357. Confirmed=U
33358. Filename=LogonLoader.exe
33359. Description=<a href="http://logonloader.danielmilner.com/" target=_blank>Logon Loader</a> - customize boot & login screens
33360. Source=Paul Collins Startup list
33361.  
33362. [Logon Loader Random]
33363. Number=4739
33364. Confirmed=U
33365. Filename=LogonLoader.exe
33366. Description=<a href="http://logonloader.danielmilner.com/" target=_blank>Logon Loader</a> - customize boot & login screens
33367. Source=Paul Collins Startup list
33368.  
33369. [Logon.exe]
33370. Number=4740
33371. Confirmed=X
33372. Filename=logon.exe
33373. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_ZINS.A" target="_blank">ZINS.A</a> TROJAN!
33374. Source=Paul Collins Startup list
33375.  
33376. [LogonStudio]
33377. Number=4741
33378. Confirmed=U
33379. Filename=logonstudio.exe
33380. Description=WinCustomize <a href="http://www.stardock.com/products/logonstudio/" target="_blank">LogonStudio</a> - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"
33381. Source=Paul Collins Startup list
33382.  
33383. [LogService]
33384. Number=4742
33385. Confirmed=X
33386. Filename=wincalc.exe
33387. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051916-3739-99" target=_blank>PAPROXY</a> TROJAN!
33388. Source=Paul Collins Startup list
33389.  
33390. [LogService]
33391. Number=4743
33392. Confirmed=X
33393. Filename=lsass.exe
33394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooriu.html" target=_blank>IU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
33395. Source=Paul Collins Startup list
33396.  
33397. [LogService]
33398. Number=4744
33399. Confirmed=X
33400. Filename=lsrss.exe
33401. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpaproxyd.html" target="_blank">PAPROXY-D</a> TROJAN!
33402. Source=Paul Collins Startup list
33403.  
33404. [LogWatch]
33405. Number=4745
33406. Confirmed=U
33407. Filename=logwat95.exe
33408. Description=Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
33409. Source=Paul Collins Startup list
33410.  
33411. [longos]
33412. Number=4746
33413. Confirmed=X
33414. Filename=WIWT.EXE
33415. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercd.html" target=_blank>BANKER-CD</a> TROJAN!
33416. Source=Paul Collins Startup list
33417.  
33418. [Look 'n' Stop]
33419. Number=4747
33420. Confirmed=Y
33421. Filename=looknstop.exe
33422. Description=<a href="http://www.looknstop.com/En/index2.htm">Look 'n' Stop</a> personal firewall
33423. Source=Paul Collins Startup list
33424.  
33425. [LookNMeet]
33426. Number=4748
33427. Confirmed=N
33428. Filename=Agent.exe
33429. Description=<a href="http://217.22.55.178/rdl/lnm_v4.3/nl/index.html" target=_blank>LooknMeet</a> dating service
33430. Source=Paul Collins Startup list
33431.  
33432. [Lookup_Sys]
33433. Number=4749
33434. Confirmed=X
33435. Filename=lookupsys.exe
33436. Description=P04n trojan
33437. Source=Paul Collins Startup list
33438.  
33439. [Lotus Organizer EasyClip]
33440. Number=4750
33441. Confirmed=N
33442. Filename=easyclip.exe
33443. Description="The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs
33444. Source=Paul Collins Startup list
33445.  
33446. [Lotus QuickStart]
33447. Number=4751
33448. Confirmed=N
33449. Filename=smartctr.exe
33450. Description=Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
33451. Source=Paul Collins Startup list
33452.  
33453. [Lotus SuiteStart]
33454. Number=4752
33455. Confirmed=U
33456. Filename=suitest.exe
33457. Description=Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
33458. Source=Paul Collins Startup list
33459.  
33460. [LowVersionSupport]
33461. Number=4753
33462. Confirmed=X
33463. Filename=[filename]
33464. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082111-4035-99" target="_blank">LASTRAS</a> TROJAN!
33465. Source=Paul Collins Startup list
33466.  
33467. [LPManager]
33468. Number=4754
33469. Confirmed=U
33470. Filename=LPMGR.exe
33471. Description=Part of Lenovo's IBM <a href="http://www.pc.ibm.com/ca/think/thinkvantagetech/productivitycenter.html" target="_blank">ThinkVantage Productivity Center</a> for - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad« notebook or ThinkCentre« desktop"
33472. Source=Paul Collins Startup list
33473.  
33474. [Lpr]
33475. Number=4755
33476. Confirmed=X
33477. Filename=Lpr123.exe
33478. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080616-5258-99" target=_blank>REMPSTEAL</a> password stealer TROJAN!
33479. Source=Paul Collins Startup list
33480.  
33481. [Lpr123]
33482. Number=4756
33483. Confirmed=X
33484. Filename=Lpr123.exe
33485. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080616-5258-99" target=_blank>REMPSTEAL</a> password stealer TROJAN!
33486. Source=Paul Collins Startup list
33487.  
33488. [LPS]
33489. Number=4757
33490. Confirmed=U
33491. Filename=Lps.exe
33492. Description=Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
33493. Source=Paul Collins Startup list
33494.  
33495. [LPtask]
33496. Number=4758
33497. Confirmed=U
33498. Filename=lptask.exe
33499. Description=<a href="http://www.sanegroup.com/sanegroup/lppro.html" target="_blank">Program Lock It And Protect Pro</a> - lock and protect your folders from being opened, moved or deleted
33500. Source=Paul Collins Startup list
33501.  
33502. [LRBZ Utility 32]
33503. Number=4759
33504. Confirmed=X
33505. Filename=lrbz32.exe
33506. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjq.html" target=_blank>AGOBOT-JQ</a> WORM!
33507. Source=Paul Collins Startup list
33508.  
33509. [LS120 Superdisk]
33510. Number=4760
33511. Confirmed=N
33512. Filename=??
33513. Description=Supposed to accelerate transfer rate on LS-120, contributes to system lockups
33514. Source=Paul Collins Startup list
33515.  
33516. [LSA]
33517. Number=4761
33518. Confirmed=X
33519. Filename=wfdmgr.exe
33520. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022816-2838-99" target=_blank>MYTOB.C</a> WORM!
33521. Source=Paul Collins Startup list
33522.  
33523. [LSA]
33524. Number=4762
33525. Confirmed=X
33526. Filename=lsa.exe
33527. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyv.html" target=_blank>SDBOT-YV</a> WORM!
33528. Source=Paul Collins Startup list
33529.  
33530. [LSA Service]
33531. Number=4763
33532. Confirmed=X
33533. Filename=LSASS.exe
33534. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042116-5517-99" target= blank>AHKER.G</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
33535. Source=Paul Collins Startup list
33536.  
33537. [lsa Services]
33538. Number=4764
33539. Confirmed=X
33540. Filename=lsa2srv.exe
33541. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
33542. Source=Paul Collins Startup list
33543.  
33544. [LSA Shell (Export Version)]
33545. Number=4765
33546. Confirmed=X
33547. Filename=LSASS.exe
33548. Description=Added by several variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.K&VSect=P" target=_blank>AHKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
33549. Source=Paul Collins Startup list
33550.  
33551. [LsaManager]
33552. Number=4766
33553. Confirmed=X
33554. Filename=lsamgr.exe
33555. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021313-2753-99" target=_blank>BEAGLE.DR</a> WORM!
33556. Source=Paul Collins Startup list
33557.  
33558. [lsass]
33559. Number=4767
33560. Confirmed=X
33561. Filename=lsass.exe
33562. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99" target=_blank>RATSOU.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Debug\UserMode subfolder of the Winnt or Windows folder
33563. Source=Paul Collins Startup list
33564.  
33565. [lsass]
33566. Number=4768
33567. Confirmed=X
33568. Filename=start.bat
33569. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
33570. Source=Paul Collins Startup list
33571.  
33572. [lsass]
33573. Number=4769
33574. Confirmed=X
33575. Filename=[path to lsass.exe]
33576. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-3236-99" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lasss.exe</a> process which should NOT appear in Msconfig/Startup!
33577. Source=Paul Collins Startup list
33578.  
33579. [lsass]
33580. Number=4770
33581. Confirmed=X
33582. Filename=lsasrv.exe
33583. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-1249-99" target=_blank>MYDOOM.AG</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021013-2446-99" target=_blank>MYDOOM.AS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021013-5936-99" target=_blank>MYDOOM.AU</a> WORMS!
33584. Source=Paul Collins Startup list
33585.  
33586. [Lsass]
33587. Number=4771
33588. Confirmed=X
33589. Filename=woekd.exe
33590. Description=Added by an unidentified WORM or TROJAN!
33591. Source=Paul Collins Startup list
33592.  
33593. [lsass]
33594. Number=4772
33595. Confirmed=X
33596. Filename=elite***32.exe
33597. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
33598. Source=Paul Collins Startup list
33599.  
33600. [Lsass]
33601. Number=4773
33602. Confirmed=X
33603. Filename=Lsass.exe
33604. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alcopb.html" target=_blank>ALCOP-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
33605. Source=Paul Collins Startup list
33606.  
33607. [Lsass]
33608. Number=4774
33609. Confirmed=X
33610. Filename=Lsass.exe
33611. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
33612. Source=Paul Collins Startup list
33613.  
33614. [LsasS]
33615. Number=4775
33616. Confirmed=X
33617. Filename=Sygate.exe
33618. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCA" target="_blank">SDBOT.BCA</a> WORM!
33619. Source=Paul Collins Startup list
33620.  
33621. [Lsass]
33622. Number=4776
33623. Confirmed=X
33624. Filename=kavmm.exe
33625. Description=Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described <a href="http://www.processlibrary.com/directory/files/kavmm/" target="_blank">here</a>. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files
33626. Source=Paul Collins Startup list
33627.  
33628. [LSASS 32]
33629. Number=4777
33630. Confirmed=X
33631. Filename=ISASS32.pif
33632. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
33633. Source=Paul Collins Startup list
33634.  
33635. [LSASS Authority]
33636. Number=4778
33637. Confirmed=X
33638. Filename=lshosts32.exe
33639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html" target= blank>SDBOT-UY</a> TROJAN!
33640. Source=Paul Collins Startup list
33641.  
33642. [LSASS Authority]
33643. Number=4779
33644. Confirmed=X
33645. Filename=lsvhosts.exe
33646. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCE" target="_blank">SDBOT.BCE</a> WORM!
33647. Source=Paul Collins Startup list
33648.  
33649. [LSASS Daemon]
33650. Number=4780
33651. Confirmed=X
33652. Filename=LSASSd.exe
33653. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
33654. Source=Paul Collins Startup list
33655.  
33656. [lsass service]
33657. Number=4781
33658. Confirmed=X
33659. Filename=lsass2.exe
33660. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
33661. Source=Paul Collins Startup list
33662.  
33663. [lsass16]
33664. Number=4782
33665. Confirmed=X
33666. Filename=lsass16.exe
33667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbxx.html" target="_blank">BANKER-BXX</a> TROJAN!
33668. Source=Paul Collins Startup list
33669.  
33670. [lsass2k Update]
33671. Number=4783
33672. Confirmed=X
33673. Filename=lsass2k.exe
33674. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
33675. Source=Paul Collins Startup list
33676.  
33677. [LSASS32]
33678. Number=4784
33679. Confirmed=X
33680. Filename=Isass32.exe
33681. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040417-3944-99" target=_blank>KELVIR.M</a> WORM!
33682. Source=Paul Collins Startup list
33683.  
33684. [lsass32]
33685. Number=4785
33686. Confirmed=X
33687. Filename=lsass32.exe
33688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydrab.html" target=_blank>LYDRA-B</a> TROJAN!
33689. Source=Paul Collins Startup list
33690.  
33691. [lsass64BiT.exe]
33692. Number=4786
33693. Confirmed=X
33694. Filename=lsass64BiT.exe
33695. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotck.html" target=_blank>FORBOT-CK</a> WORM!
33696. Source=Paul Collins Startup list
33697.  
33698. [lsassig]
33699. Number=4787
33700. Confirmed=X
33701. Filename=lsassig.exe
33702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosec.html" target=_blank>BANCOS-EC</a> TROJAN!
33703. Source=Paul Collins Startup list
33704.  
33705. [lsasss]
33706. Number=4788
33707. Confirmed=X
33708. Filename=lsasss.exe
33709. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgeekmya.html" target=_blank>GEEKMY-A</a> TROJAN!
33710. Source=Paul Collins Startup list
33711.  
33712. [lsasss.exe]
33713. Number=4789
33714. Confirmed=X
33715. Filename=lsasss.exe
33716. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.E" target="_blank">SASSER.E</a> WORM!
33717. Source=Paul Collins Startup list
33718.  
33719. [lsburnwatcher]
33720. Number=4790
33721. Confirmed=N
33722. Filename=lsburnwatcher.exe
33723. Description=Used for automatically updating HP programs
33724. Source=Paul Collins Startup list
33725.  
33726. [lsess]
33727. Number=4791
33728. Confirmed=X
33729. Filename=lsess.exe
33730. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041601-3725-99" target=_blank>SINNAKA.A</a> WORM!
33731. Source=Paul Collins Startup list
33732.  
33733. [lsmass]
33734. Number=4792
33735. Confirmed=X
33736. Filename=lsmass.exe
33737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwallopb.html" target=_blank>WALLOP-B</a> TROJAN!
33738. Source=Paul Collins Startup list
33739.  
33740. [lsmss.exe]
33741. Number=4793
33742. Confirmed=X
33743. Filename=lsmss.exe
33744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
33745. Source=Paul Collins Startup list
33746.  
33747. [LSPFix]
33748. Number=4794
33749. Confirmed=U
33750. Filename=LSPmonitor.exe
33751. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
33752. Source=Paul Collins Startup list
33753.  
33754. [lspins]
33755. Number=4795
33756. Confirmed=X
33757. Filename=igps.exe
33758. Description=Reported as the VB.KC TROJAN by Kapersky Anti-Virus
33759. Source=Paul Collins Startup list
33760.  
33761. [LSPmonitor]
33762. Number=4796
33763. Confirmed=U
33764. Filename=LSPmonitor.exe
33765. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
33766. Source=Paul Collins Startup list
33767.  
33768. [lssass]
33769. Number=4797
33770. Confirmed=X
33771. Filename=lssas.exe
33772. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL" target=_blank>AGOBOT.RL</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
33773. Source=Paul Collins Startup list
33774.  
33775. [LSvr]
33776. Number=4798
33777. Confirmed=X
33778. Filename=LSvr.exe
33779. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
33780. Source=Paul Collins Startup list
33781.  
33782. [LT DAEMON]
33783. Number=4799
33784. Confirmed=Y
33785. Filename=ltdaemon.exe
33786. Description=Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used
33787. Source=Paul Collins Startup list
33788.  
33789. [LTDMgr]
33790. Number=4800
33791. Confirmed=X
33792. Filename=LTDMgr.exe
33793. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
33794. Source=Paul Collins Startup list
33795.  
33796. [LTM2]
33797. Number=4801
33798. Confirmed=X
33799. Filename=MSGSRV32.EXE
33800. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.A&VSect=T" target="_blank">LITMUS.A</a> TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System
33801. Source=Paul Collins Startup list
33802.  
33803. [LTM2]
33804. Number=4802
33805. Confirmed=X
33806. Filename=MPGSRV32.EXE
33807. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.201" target="_blank">LITMUS.201</a> TROJAN!
33808. Source=Paul Collins Startup list
33809.  
33810. [LTM2]
33811. Number=4803
33812. Confirmed=X
33813. Filename=MSGSRV320.EXE
33814. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C" target="_blank">LITMUS.C</a> TROJAN!
33815. Source=Paul Collins Startup list
33816.  
33817. [LTM2]
33818. Number=4804
33819. Confirmed=X
33820. Filename=winupdate.exe
33821. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!
33822. Source=Paul Collins Startup list
33823.  
33824. [LTM2]
33825. Number=4805
33826. Confirmed=X
33827. Filename=bible.exe
33828. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203">LITMUS.203</a> TROJAN!
33829.  
33830. Source=Paul Collins Startup list
33831.  
33832. [LTM2]
33833. Number=4806
33834. Confirmed=X
33835. Filename=winscan.exe
33836. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlitmusb.html" target= blank>LITMUS-B</a> TROJAN!
33837. Source=Paul Collins Startup list
33838.  
33839. [LTM2]
33840. Number=4807
33841. Confirmed=X
33842. Filename=lssas.exe
33843. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203" target="_blank">LITMUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process
33844. Source=Paul Collins Startup list
33845.  
33846. [LTM2]
33847. Number=4808
33848. Confirmed=X
33849. Filename=MSGSSV32.EXE
33850. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FC.C" target="_blank">FC.C</a> TROJAN!
33851. Source=Paul Collins Startup list
33852.  
33853. [LTM2]
33854. Number=4809
33855. Confirmed=X
33856. Filename=msns6
33857. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C" target="_blank">LITMUS.C</a> TROJAN!
33858. Source=Paul Collins Startup list
33859.  
33860. [LTM2]
33861. Number=4810
33862. Confirmed=X
33863. Filename=RundlI.exe
33864. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MULTIDRP.BG" target="_blank">MULTIDRP.BG</a> TROJAN!
33865. Source=Paul Collins Startup list
33866.  
33867. [LTM2]
33868. Number=4811
33869. Confirmed=X
33870. Filename=SVCHOST32.exe
33871. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.203B" target="_blank">LITMUS.203B</a> TROJAN!
33872. Source=Paul Collins Startup list
33873.  
33874. [LTM2]
33875. Number=4812
33876. Confirmed=X
33877. Filename=SVCHOST .exe
33878. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPERFL.A" target="_blank">DROPPERFL.A</a> TROJAN!
33879. Source=Paul Collins Startup list
33880.  
33881. [LTM2]
33882. Number=4813
33883. Confirmed=X
33884. Filename=winvers16.exe
33885. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.ND" target="_blank">SMALL.ND</a> TROJAN!
33886. Source=Paul Collins Startup list
33887.  
33888. [LtMoh]
33889. Number=4814
33890. Confirmed=U
33891. Filename=Ltmoh.exe
33892. Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
33893. Source=Paul Collins Startup list
33894.  
33895. [LTMSG]
33896. Number=4815
33897. Confirmed=Y
33898. Filename=ltmsg.exe
33899. Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
33900. Source=Paul Collins Startup list
33901.  
33902. [Lto Manager]
33903. Number=4816
33904. Confirmed=Y
33905. Filename=DesktopLtoManager.exe
33906. Description=Related to <a href="http://www.globallocate.com/" target=_blank>Global Positioning System</a> (GPS) found on HP iPAQ hw6500 unit and others
33907.  
33908. Source=Paul Collins Startup list
33909.  
33910. [LTSMMSG]
33911. Number=4817
33912. Confirmed=N
33913. Filename=LTSMMSG.exe
33914. Description=Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
33915. Source=Paul Collins Startup list
33916.  
33917. [LTSMSG]
33918. Number=4818
33919. Confirmed=X
33920. Filename=Shell32.exe
33921. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-1612-99" target="_blank">LEMIR.B</a> TROJAN!
33922. Source=Paul Collins Startup list
33923.  
33924. [LTT2]
33925. Number=4819
33926. Confirmed=X
33927. Filename=rundll32.exe
33928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagebi.html" target=_blank>LINEAGE-BI</a> TROJAN!
33929. Source=Paul Collins Startup list
33930.  
33931. [LTWinModem1]
33932. Number=4820
33933. Confirmed=Y
33934. Filename=ltmsg.exe
33935. Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
33936. Source=Paul Collins Startup list
33937.  
33938. [ltwob]
33939. Number=4821
33940. Confirmed=X
33941. Filename=formatsys.exe
33942. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
33943. Source=Paul Collins Startup list
33944.  
33945. [ltwob]
33946. Number=4822
33947. Confirmed=X
33948. Filename=msmbw.exe
33949. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
33950. Source=Paul Collins Startup list
33951.  
33952. [ltwob]
33953. Number=4823
33954. Confirmed=X
33955. Filename=serbw.exe
33956. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
33957. Source=Paul Collins Startup list
33958.  
33959. [LUGuard]
33960. Number=4824
33961. Confirmed=U
33962. Filename=LUGuard.exe
33963. Description=PC-Duo <a href="http://www.vector-networks.com/pc-duo-enterprise/remote-control.php" target=_blank>Remote Control</a> enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet
33964. Source=Paul Collins Startup list
33965.  
33966. [lup]
33967. Number=4825
33968. Confirmed=X
33969. Filename=lup.exe
33970. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=361b20416169" target=_blank>IRCBOT_GEN</a> WORM!
33971.  
33972. Source=Paul Collins Startup list
33973.  
33974. [Lusetup]
33975. Number=4826
33976. Confirmed=Y
33977. Filename=LUSetup.exe
33978. Description=Symantec <a href="http://service1.symantec.com/support/sharedtech.nsf/docid/1999051911110813" target=_blank>LiveUpdate installer</a> - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot
33979. Source=Paul Collins Startup list
33980.  
33981. [LVComs]
33982. Number=4827
33983. Confirmed=U
33984. Filename=lvcoms.exe
33985. Description=Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
33986. Source=Paul Collins Startup list
33987.  
33988. [LVCOMSX]
33989. Number=4828
33990. Confirmed=N
33991. Filename=LVCOMSX.EXE
33992. Description=It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky
33993. Source=Paul Collins Startup list
33994.  
33995. [LWBMOUSE]
33996. Number=4829
33997. Confirmed=U
33998. Filename=lwbwheel.exe
33999. Description=Mouse driver - required if you use non-standard Windows driver features
34000. Source=Paul Collins Startup list
34001.  
34002. [LWBMOUSE]
34003. Number=4830
34004. Confirmed=U
34005. Filename=MOUSE32A.EXE
34006. Description=Mouse driver - required if you use non-standard Windows driver features
34007. Source=Paul Collins Startup list
34008.  
34009. [Lwinst Run Profiler]
34010. Number=4831
34011. Confirmed=N
34012. Filename=lwtest.exe
34013. Description=Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
34014. Source=Paul Collins Startup list
34015.  
34016. [lwjcjuti.exe]
34017. Number=4832
34018. Confirmed=X
34019. Filename=lwjcjuti.exe
34020. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtq.html" target="_blank">DWNLDR-GTQ</a> TROJAN!
34021. Source=Paul Collins Startup list
34022.  
34023. [lxamsp32]
34024. Number=4833
34025. Confirmed=?
34026. Filename=lxamsp32.exe
34027. Description=<font color="#FF0000">Associated with a Lexmark Printer - is it required?</font>
34028. Source=Paul Collins Startup list
34029.  
34030. [LXbbmgr]
34031. Number=4834
34032. Confirmed=?
34033. Filename=LXbbmgr.exe
34034. Description=<font color="#FF0000">Lexmark printer button manager? Is it required?</font>
34035. Source=Paul Collins Startup list
34036.  
34037. [LXBLKsk]
34038. Number=4835
34039. Confirmed=?
34040. Filename=LXBLKsk.exe
34041. Description=Lexmark related. <font color="#FF0000">What does it do, and is it required?</font>
34042. Source=Paul Collins Startup list
34043.  
34044. [lxbrbmgr]
34045. Number=4836
34046. Confirmed=Y
34047. Filename=lxbrbmgr.exe
34048. Description=Lexmark printer button manager. Required for correct operation
34049.  
34050. Source=Paul Collins Startup list
34051.  
34052. [LXBRKsk]
34053. Number=4837
34054. Confirmed=?
34055. Filename=LXBRKsk.exe
34056. Description=Lexmark printer related. <font color="#FF0000">What does it do and is it required?</font>
34057.  
34058. Source=Paul Collins Startup list
34059.  
34060. [LXBSCATS]
34061. Number=4838
34062. Confirmed=?
34063. Filename=rundll32 [path] LXBStime.dll, _RunDLLEntry@16
34064. Description=Related to the <a href="http://www.dltlibraries.com/dlt_libraryxpress_lxb.html" target=_blank>DLT LibraryXpressLXB</a> tape backup storage device - <font color=#FF0000>what does it do and is it required?</font>
34065.  
34066. Source=Paul Collins Startup list
34067.  
34068. [LXBTCATS]
34069. Number=4839
34070. Confirmed=?
34071. Filename=rundll32 [path] LXBTtime.dll, _RunDLLEntry@16
34072. Description=Lexmark printer related - <font color="#FF0000">what does it do and is it required?</font>
34073. Source=Paul Collins Startup list
34074.  
34075. [lxbxmon.exe]
34076. Number=4840
34077. Confirmed=?
34078. Filename=lxbxmon.exe
34079. Description=Lexmark 7100 series device monitor. <font color="#FF0000">Is it required?</font>
34080. Source=Paul Collins Startup list
34081.  
34082. [LXCCCATS]
34083. Number=4841
34084. Confirmed=?
34085. Filename=rundll32 [path] LXCCtime.dll, _RunDLLEntry@16
34086. Description=Lexmark printer related - <font color=#FF0000>what does it do and is it required?</font>
34087.  
34088. Source=Paul Collins Startup list
34089.  
34090. [lxccmon.exe]
34091. Number=4842
34092. Confirmed=U
34093. Filename=lxccmon.exe
34094. Description=Lexmark 3300 series printers/scanners
34095.  
34096. Source=Paul Collins Startup list
34097.  
34098. [LXCGCATS]
34099. Number=4843
34100. Confirmed=U
34101. Filename=LXCGtime.dll
34102. Description=Lexmark printing software - reports back on printer and cartridge useage
34103.  
34104. Source=Paul Collins Startup list
34105.  
34106. [lxcgmon.exe]
34107. Number=4844
34108. Confirmed=?
34109. Filename=lxcgmon.exe
34110. Description=Lexmark printer related - <font color=#FF0000>what does it do and is it required?</font>
34111.  
34112. Source=Paul Collins Startup list
34113.  
34114. [lxcrmon.exe]
34115. Number=4845
34116. Confirmed=?
34117. Filename=lxcrmon.exe
34118. Description=Lexmark 2400 series printer monitor - <font color="#FF0000">what does it do and is it required?</font>
34119. Source=Paul Collins Startup list
34120.  
34121. [lxctmon.exe]
34122. Number=4846
34123. Confirmed=?
34124. Filename=lxctmon.exe
34125. Description=Lexmark 5400 series device monitor. <font color="#FF0000">Is it required?</font>
34126. Source=Paul Collins Startup list
34127.  
34128. [LXSUPMON]
34129. Number=4847
34130. Confirmed=N
34131. Filename=LXSUPMON.EXE
34132. Description=Lexmark Printer. The printer should work fine without it
34133. Source=Paul Collins Startup list
34134.  
34135. [lycosInside]
34136. Number=4848
34137. Confirmed=?
34138. Filename=Lyc_SysTray.exe
34139. Description=<a href="http://email.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=email&zu=http://mail.lycos.com/" target=_blank>Lycos eMail</a> related - <font color="#FF0000">what does it do and is it required?</font>
34140. Source=Paul Collins Startup list
34141.  
34142. [LyraHD2TrayApp]
34143. Number=4849
34144. Confirmed=U
34145. Filename=LYRAHD2TrayApp.exe
34146. Description=Related to RCA Lyra MP3 Player
34147. Source=Paul Collins Startup list
34148.  
34149. [LzioMediaUpdater]
34150. Number=4850
34151. Confirmed=X
34152. Filename=LzioMediaUpdater.exe
34153. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
34154. Source=Paul Collins Startup list
34155.  
34156. [M Player Post Installer]
34157. Number=4851
34158. Confirmed=?
34159. Filename=postinstallm.exe
34160. Description=<font color="#FF0000">??</font>
34161. Source=Paul Collins Startup list
34162.  
34163. [M S DVD DirectX Dll Drivers]
34164. Number=4852
34165. Confirmed=X
34166. Filename=msxdl.exe
34167. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbjn.html" target= blank>SDBOT-BJN</a> WORM!
34168. Source=Paul Collins Startup list
34169.  
34170. [M-Audio Delta Taskbar Icon]
34171. Number=4853
34172. Confirmed=N
34173. Filename=DeltTray.exe
34174. Description=M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel
34175.  
34176. Source=Paul Collins Startup list
34177.  
34178. [M-soft Office]
34179. Number=4854
34180. Confirmed=X
34181. Filename=M-soft Office.hta
34182. Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
34183. Source=Paul Collins Startup list
34184.  
34185. [M1cr0s0ft S3rcurity]
34186. Number=4855
34187. Confirmed=X
34188. Filename=systemconfig.exe
34189. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKB" target="_blank">RBOT.BKB</a> WORM!
34190. Source=Paul Collins Startup list
34191.  
34192. [M1cr0s0ft Upd4t4zS]
34193. Number=4856
34194. Confirmed=X
34195. Filename=update32.exe
34196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmi.html" target=_blank>RBOT-MI</a> WORM!
34197.  
34198. Source=Paul Collins Startup list
34199.  
34200. [m32info]
34201. Number=4857
34202. Confirmed=X
34203. Filename=m32info.exe
34204. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
34205. Source=Paul Collins Startup list
34206.  
34207. [M3Tray]
34208. Number=4858
34209. Confirmed=N
34210. Filename=m3tray.exe
34211. Description=<a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
34212. Source=Paul Collins Startup list
34213.  
34214. [Macfee Security Patch]
34215. Number=4859
34216. Confirmed=X
34217. Filename=Mpfsheild.exe
34218. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnp.html" target=_blank>RBOT-NP</a> WORM!
34219.  
34220. Source=Paul Collins Startup list
34221.  
34222. [Machine Debug Manager]
34223. Number=4860
34224. Confirmed=U
34225. Filename=mdm.exe
34226. Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
34227. Source=Paul Collins Startup list
34228.  
34229. [Machine Debug Manager]
34230. Number=4861
34231. Confirmed=X
34232. Filename=msdn.exe
34233. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34234. Source=Paul Collins Startup list
34235.  
34236. [Machine Update Soft]
34237. Number=4862
34238. Confirmed=X
34239. Filename=wusas.exe
34240. Description=Added by an unidfentified WORM! 
34241. Source=Paul Collins Startup list
34242.  
34243. [MacLic]
34244. Number=4863
34245. Confirmed=N
34246. Filename=MacLic.exe
34247. Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
34248. Source=Paul Collins Startup list
34249.  
34250. [MacName]
34251. Number=4864
34252. Confirmed=N
34253. Filename=MacName.exe
34254. Description=Part of <a href="http://www.dataviz.com/products/conversionsplus/index.html" target="_blank">Conversions Plus</a> from DataViz - allowing PC and MAC owners to share disks
34255. Source=Paul Collins Startup list
34256.  
34257. [Macromedia 8]
34258. Number=4865
34259. Confirmed=X
34260. Filename=Flash Player.exe
34261. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jambua.html" target="_blank">JAMBU-A</a> WORM!
34262. Source=Paul Collins Startup list
34263.  
34264. [Macromedia Critical Updater]
34265. Number=4866
34266. Confirmed=X
34267. Filename=rarww.exe
34268. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34269. Source=Paul Collins Startup list
34270.  
34271. [Macromedia Dreamweaver XM]
34272. Number=4867
34273. Confirmed=X
34274. Filename=macdwXM.exe
34275. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotri.html" target=_blank>AGOBOT-RI</a> WORM!
34276. Source=Paul Collins Startup list
34277.  
34278. [Macromedia Drive]
34279. Number=4868
34280. Confirmed=X
34281. Filename=Iexplor32.exe
34282. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34283. Source=Paul Collins Startup list
34284.  
34285. [Macromedia Flash Update]
34286. Number=4869
34287. Confirmed=X
34288. Filename=scvhost.exe
34289. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
34290. Source=Paul Collins Startup list
34291.  
34292. [MAD.EXE]
34293. Number=4870
34294. Confirmed=Y
34295. Filename=MAD.EXE
34296. Description=MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
34297. Source=Paul Collins Startup list
34298.  
34299. [MadExe]
34300. Number=4871
34301. Confirmed=N
34302. Filename=LaunchRA.exe
34303. Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
34304. Source=Paul Collins Startup list
34305.  
34306. [MAFWTaskbarApp]
34307. Number=4872
34308. Confirmed=U
34309. Filename=MAFWTray.exe
34310. Description=Drivers for the M-Audio Firewire Audiophile - Interface
34311. Source=Paul Collins Startup list
34312.  
34313. [MagicDsk]
34314. Number=4873
34315. Confirmed=U
34316. Filename=MAGICDSK.EXE
34317. Description=Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
34318. Source=Paul Collins Startup list
34319.  
34320. [MagicKeyboard]
34321. Number=4874
34322. Confirmed=U
34323. Filename=PreMKBD.exe
34324. Description=Related to <a href="http://www.samsung.com/" target=_blank>Samsung</a> laptops. Provides ability to program keys to perform specific functions
34325. Source=Paul Collins Startup list
34326.  
34327. [MagicLinker3]
34328. Number=4875
34329. Confirmed=U
34330. Filename=MagicLnk.exe
34331. Description=<a href="http://www.bangkokbest.com/So-Dictionary.htm" target="_blank">ThaiSoftware</a> Thai Dictionary
34332. Source=Paul Collins Startup list
34333.  
34334. [Magitime]
34335. Number=4876
34336. Confirmed=N
34337. Filename=Magitime.exe
34338. Description=<a href="http://www.magistonesystems.com/magitime.htm" target="_blank">Magitime</a> - connection tracking utility which monitors online time, expense, data transfer
34339. Source=Paul Collins Startup list
34340.  
34341. [Mail.com]
34342. Number=4877
34343. Confirmed=?
34344. Filename=mcalert.exe
34345. Description=<a href="http://mail01.mail.com/" target="_blank">Mail.com</a> - free web-mail service. <font color="#FF0000">Does mcalert.exe notify you when new mail has arrived?</font>
34346. Source=Paul Collins Startup list
34347.  
34348. [MailBell]
34349. Number=4878
34350. Confirmed=U
34351. Filename=mailbell.exe
34352. Description=<a href="http://www.emtec.com/mailbell/" target="_blank">MailBell</a> e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
34353. Source=Paul Collins Startup list
34354.  
34355. [Mailbox Verifier]
34356. Number=4879
34357. Confirmed=U
34358. Filename=mboxvrfy.exe
34359. Description=<a href="http://www.mailutilities.com/mv/" target="_blank">Mailbox Verifier (MV)</a> is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
34360. Source=Paul Collins Startup list
34361.  
34362. [MailCleaner]
34363. Number=4880
34364. Confirmed=U
34365. Filename=MAILCLEANER.EXE
34366. Description=<a href="http://www.mailcleaner.com/main.htm" target=_blank>MailCleaner</a> "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
34367. Source=Paul Collins Startup list
34368.  
34369. [mailman.exe]
34370. Number=4881
34371. Confirmed=X
34372. Filename=mailman.exe
34373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertife.html" target=_blank>CERTIF-E</a> TROJAN!
34374. Source=Paul Collins Startup list
34375.  
34376. [MailScan Dispatcher]
34377. Number=4882
34378. Confirmed=Y
34379. Filename=Launch.exe
34380. Description=MicroWorld <a href="http://www.mspl.net/" target="_blank">MailScan</a> Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
34381. Source=Paul Collins Startup list
34382.  
34383. [Mail_Check]
34384. Number=4883
34385. Confirmed=X
34386. Filename=Mail_Check.exe
34387. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C" target="_blank">PANOIL.C</a> WORM!
34388. Source=Paul Collins Startup list
34389.  
34390. [MAIN]
34391. Number=4884
34392. Confirmed=U
34393. Filename=main.exe
34394. Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
34395. Source=Paul Collins Startup list
34396.  
34397. [Main Executable (HP)]
34398. Number=4885
34399. Confirmed=?
34400. Filename=HP05T0R5.exe
34401. Description=<font color="#FF0000">HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?</font>
34402. Source=Paul Collins Startup list
34403.  
34404. [main16]
34405. Number=4886
34406. Confirmed=X
34407. Filename=main16.exe
34408. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
34409. Source=Paul Collins Startup list
34410.  
34411. [main32]
34412. Number=4887
34413. Confirmed=X
34414. Filename=main32.exe
34415. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
34416. Source=Paul Collins Startup list
34417.  
34418. [MainStart]
34419. Number=4888
34420. Confirmed=X
34421. Filename=svcmfte32.exe
34422. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxa.html" target=_blank>STINX-A</a> TROJAN!
34423. Source=Paul Collins Startup list
34424.  
34425. [mainviewex]
34426. Number=4889
34427. Confirmed=X
34428. Filename=mainviewex.exe
34429. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
34430. Source=Paul Collins Startup list
34431.  
34432. [Major Microsoft Windows Driver Boot loader]
34433. Number=4890
34434. Confirmed=X
34435. Filename=bpool.exe
34436. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041019-4940-99" target=_blank>MYTOB.AJ</a> WORM!
34437. Source=Paul Collins Startup list
34438.  
34439. [Malware Sweeper]
34440. Number=4891
34441. Confirmed=U
34442. Filename=MalSwep.exe
34443. Description=<a href="http://www.malwaresweeper.com/" target=_blank>Malware Sweeper</a> - "Protects the user from malicious malware and monitors the sanity of the running programs"
34444.  
34445. Source=Paul Collins Startup list
34446.  
34447. [Malware-Wipe]
34448. Number=4892
34449. Confirmed=N
34450. Filename=Malware-Wipe.exe
34451. Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34452. Source=Paul Collins Startup list
34453.  
34454. [Malware-Wiped]
34455. Number=4893
34456. Confirmed=N
34457. Filename=Malware-Wiped.exe
34458. Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34459. Source=Paul Collins Startup list
34460.  
34461. [MalwareWipe]
34462. Number=4894
34463. Confirmed=N
34464. Filename=MalwareWipe.exe
34465. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34466. Source=Paul Collins Startup list
34467.  
34468. [MalwareWiped]
34469. Number=4895
34470. Confirmed=N
34471. Filename=MalwareWiped.exe
34472. Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34473. Source=Paul Collins Startup list
34474.  
34475. [MalwareWiper]
34476. Number=4896
34477. Confirmed=N
34478. Filename=MalwareWiper.exe
34479. Description=Malware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34480. Source=Paul Collins Startup list
34481.  
34482. [ManageDesk Lite]
34483. Number=4897
34484. Confirmed=U
34485. Filename=ManageDesk Lite.exe
34486. Description=<a href="http://www.managebytes.com/" target="_blank">ManageDesk Lite</a> from Managebytes Desktop management software. Each desktop is a separate working space for you to use
34487. Source=Paul Collins Startup list
34488.  
34489. [ManageProtocolCtrl]
34490. Number=4898
34491. Confirmed=X
34492. Filename=csmsv.exe
34493. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102510-4121-99" target=_blank>LOOKSKY.B</a> TROJAN!
34494. Source=Paul Collins Startup list
34495.  
34496. [Manager Monitor]
34497. Number=4899
34498. Confirmed=U
34499. Filename=monitor.exe
34500. Description=<a href="http://www.securesa.com" target=_blank>MindStorm AnalyzerPro</a> from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"
34501.  
34502. Source=Paul Collins Startup list
34503.  
34504. [Managment Service]
34505. Number=4900
34506. Confirmed=X
34507. Filename=[random filename]
34508. Description=Added by the RBOT.BIS TROJAN!
34509. Source=Paul Collins Startup list
34510.  
34511. [Mania Win Restore]
34512. Number=4901
34513. Confirmed=N
34514. Filename=RESWIN.EXE
34515. Description=Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
34516. Source=Paul Collins Startup list
34517.  
34518. [Mantis]
34519. Number=4902
34520. Confirmed=X
34521. Filename=[filename]
34522. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082212-1032-99" target="_blank">MANTIBE</a> VIRUS!
34523. Source=Paul Collins Startup list
34524.  
34525. [MapiDrv]
34526. Number=4903
34527. Confirmed=X
34528. Filename=mpisvc.exe
34529. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042717-2702-99" target="_blank">MIPSIV</a> TROJAN!
34530. Source=Paul Collins Startup list
34531.  
34532. [mapisvc32]
34533. Number=4904
34534. Confirmed=X
34535. Filename=mapisvc32.exe
34536. Description=Added by the KX VIRUS and also recognised by Symantec as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101506-0320-99" target="_blank"> FPAI</a> adware
34537. Source=Paul Collins Startup list
34538.  
34539. [mark the service]
34540. Number=4905
34541. Confirmed=X
34542. Filename=xxtra32.exe
34543. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.APP&VSect=T" target=_blank>SDBOT.APP</a> WORM!
34544. Source=Paul Collins Startup list
34545.  
34546. [Martini]
34547. Number=4906
34548. Confirmed=X
34549. Filename=pinmart.exe
34550. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
34551. Source=Paul Collins Startup list
34552.  
34553. [Mascro soft SDK updates2]
34554. Number=4907
34555. Confirmed=X
34556. Filename=SDKrepair2.exe
34557. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXM&VSect=P" target=_blank>SDBOT.BXM</a> WORM!
34558. Source=Paul Collins Startup list
34559.  
34560. [masqform.exe]
34561. Number=4908
34562. Confirmed=N
34563. Filename=masqform.exe
34564. Description=PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
34565. Source=Paul Collins Startup list
34566.  
34567. [masqform.exe]
34568. Number=4909
34569. Confirmed=U
34570. Filename=masqform.exe
34571. Description=PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see <a href="http://www-306.ibm.com/software/swnews/swnews.nsf/n/nhan6eerne?OpenDocument&Site=lotus" target=_blank>here</a>) and the product became <a href="http://www-128.ibm.com/developerworks/workplace/products/forms/" target=_blank>Workplace Forms</a>
34572.  
34573. Source=Paul Collins Startup list
34574.  
34575. [Mass storage check registry]
34576. Number=4910
34577. Confirmed=N
34578. Filename=rundll32.exe MSDServ.dll, check registry
34579. Description=Used with a USB based smartmedia card reader
34580. Source=Paul Collins Startup list
34581.  
34582. [Master Card Updaate 32]
34583. Number=4911
34584. Confirmed=X
34585. Filename=Mastercard32.exe
34586. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
34587. Source=Paul Collins Startup list
34588.  
34589. [Master Volume Spy]
34590. Number=4912
34591. Confirmed=U
34592. Filename=MASTERVOLUMESPY.EXE
34593. Description=Volume control for the Gateway Destination "DestiVu" media interface
34594. Source=Paul Collins Startup list
34595.  
34596. [Matador]
34597. Number=4913
34598. Confirmed=U
34599. Filename=mlfbuddy.exe
34600. Description=<a href="http://www.mailfrontier.com/products_matador.html" target="_blank">MailFrontier</a> - anti-spam application
34601. Source=Paul Collins Startup list
34602.  
34603. [Matador]
34604. Number=4914
34605. Confirmed=U
34606. Filename=mantispm.exe
34607. Description=<a href="http://www.mailfrontier.com/products_matador.html" target=_blank>MailFrontier Desktop</a> (Matador) email spam blocker software
34608. Source=Paul Collins Startup list
34609.  
34610. [MatrixScreen]
34611. Number=4915
34612. Confirmed=X
34613. Filename=[filename]
34614. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113009-1726-99" target=_blank>MATRIXSCREEN</a> TROJAN!
34615. Source=Paul Collins Startup list
34616.  
34617. [MatrixScreenSaver]
34618. Number=4916
34619. Confirmed=X
34620. Filename=mss.exe
34621. Description=Malware, see <a href="http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=7278" target="_blank"> here</a>
34622. Source=Paul Collins Startup list
34623.  
34624. [Matrox Color Control]
34625. Number=4917
34626. Confirmed=N
34627. Filename=hgcctl95.exe
34628. Description=For Matrox video cards. Quick access to changing colors
34629. Source=Paul Collins Startup list
34630.  
34631. [Matrox Control Center]
34632. Number=4918
34633. Confirmed=N
34634. Filename=mgactrl.exe
34635. Description=For Matrox video cards. Quick access to settings
34636. Source=Paul Collins Startup list
34637.  
34638. [Matrox Diagnostic]
34639. Number=4919
34640. Confirmed=N
34641. Filename=mgadiag.exe
34642. Description=For Matrox video cards. Quick access to diagnostics
34643. Source=Paul Collins Startup list
34644.  
34645. [Matrox Powerdesk]
34646. Number=4920
34647. Confirmed=N
34648. Filename=PDesk.exe
34649. Description=For Matrox video cards. Quick access to tweak your card to your liking
34650. Source=Paul Collins Startup list
34651.  
34652. [Matrox PowerDesk 8]
34653. Number=4921
34654. Confirmed=N
34655. Filename=Matrox.PowerDesk.exe /silent
34656. Description=For Matrox video cards. Quick access to tweak your card to your liking
34657. Source=Paul Collins Startup list
34658.  
34659. [Matrox QuickDesk]
34660. Number=4922
34661. Confirmed=N
34662. Filename=mgaqdesk.exe
34663. Description=For Matrox video cards. Quick access to tweak your card to your liking
34664. Source=Paul Collins Startup list
34665.  
34666. [MAV_check]
34667. Number=4923
34668. Confirmed=N
34669. Filename=mav_startupmon.exe
34670. Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
34671. Source=Paul Collins Startup list
34672.  
34673. [MaxAlerts]
34674. Number=4924
34675. Confirmed=X
34676. Filename=max.exe
34677. Description=Bonzi MaxALERT - spyware
34678. Source=Paul Collins Startup list
34679.  
34680. [MaxtorCombo]
34681. Number=4925
34682. Confirmed=Y
34683. Filename=ComboButton.exe
34684. Description=Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
34685. Source=Paul Collins Startup list
34686.  
34687. [MaxtorOneTouch]
34688. Number=4926
34689. Confirmed=U
34690. Filename=OneTouch.exe
34691. Description=Maxtor <a href="http://www.maxtor.com/portal/site/Maxtor/menuitem.6adb6b8313633595062e6be791346068/?channelpath=/en_us/Products/External" target="_blank">OneTouch</a> Hard Drives/OneTouch Family hard disk backup software
34692. Source=Paul Collins Startup list
34693.  
34694. [MaxtorReg]
34695. Number=4927
34696. Confirmed=U
34697. Filename=AUTOREG.EXE
34698. Description=Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
34699. Source=Paul Collins Startup list
34700.  
34701. [MayaPan]
34702. Number=4928
34703. Confirmed=Y
34704. Filename=MayaPan.Exe
34705. Description=Audiotrak <a href="http://www.soundcard-drivers.com/drivers/50/50137.htm" target=_blank>Maya</a> soundcard driver
34706. Source=Paul Collins Startup list
34707.  
34708. [mb2np]
34709. Number=4929
34710. Confirmed=X
34711. Filename=[random filename]
34712. Description=Added by the IRCBOT.TJ  WORM!
34713. Source=Paul Collins Startup list
34714.  
34715. [MBM 4]
34716. Number=4930
34717. Confirmed=U
34718. Filename=MBM4.exe
34719. Description=Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
34720. Source=Paul Collins Startup list
34721.  
34722. [MBM 5]
34723. Number=4931
34724. Confirmed=U
34725. Filename=MBM5.exe
34726. Description=<a href="http://www.softpedia.com/get/System/System-Info/Motherboard-Monitor.shtml" target=_blank>Motherboard Monitor 5</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
34727. Source=Paul Collins Startup list
34728.  
34729. [MBMon]
34730. Number=4932
34731. Confirmed=?
34732. Filename=Rundll32 CTMBHA.DLL, MBMon
34733. Description=<a href="http://www.greatis.com/appdata/a/c/ctmbha.dll.htm" target=_blank>Creative Filter AudioControlMB Module</a> - related to the Creative Audigy line of sound cards. <font color=#FF0000>What does it do and is it required?</font>
34734.  
34735. Source=Paul Collins Startup list
34736.  
34737. [MBNet]
34738. Number=4933
34739. Confirmed=U
34740. Filename=mbnet.exe
34741. Description=MBNet (Portugal) Credit Card Processing software
34742. Source=Paul Collins Startup list
34743.  
34744. [MBProbe]
34745. Number=4934
34746. Confirmed=U
34747. Filename=mbrpobe.exe
34748. Description=<a href="http://www.majorgeeks.com/download283.html" target="_blank">MBProbe</a> - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
34749. Source=Paul Collins Startup list
34750.  
34751. [mbssm32]
34752. Number=4935
34753. Confirmed=U
34754. Filename=mbssm32.exe
34755. Description=Reported as <a href="http://sophos.com/security/analyses/microbillsystems.html" target="_blank">Micro Bill Systems</a> foistware - but not according to the company themselves, see <a href="http://www.microbillsys.com/pagecontrol.php?pgidx=CH1SEC0" target="_blank">here</a>
34756. Source=Paul Collins Startup list
34757.  
34758. [MC]
34759. Number=4936
34760. Confirmed=X
34761. Filename=wintrims.exe
34762. Description=Added by the <a href="http://www.f-secure.com/v-descs/wintrim.shtml" target="_blank">WINTRIM</a> TROJAN!
34763. Source=Paul Collins Startup list
34764.  
34765. [MC]
34766. Number=4937
34767. Confirmed=X
34768. Filename=MAGICON.EXE
34769. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MAGICON.A" target=_blank>MAGICON.A</a> TROJAN!
34770. Source=Paul Collins Startup list
34771.  
34772. [MC]
34773. Number=4938
34774. Confirmed=X
34775. Filename=N/A
34776. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112414-3016-99" target=_blank>SIMCSS</a> TROJAN!
34777. Source=Paul Collins Startup list
34778.  
34779. [MC]
34780. Number=4939
34781. Confirmed=X
34782. Filename=WINTRIM.EXE
34783. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINTRIM.A" target=_blank>WINTRIM_A</a> TROJAN!
34784. Source=Paul Collins Startup list
34785.  
34786. [McAfee]
34787. Number=4940
34788. Confirmed=X
34789. Filename=McAffeAv.exe
34790. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.AL&VSect=P" target=_blank>NETSKY.AL</a> WORM!
34791. Source=Paul Collins Startup list
34792.  
34793. [mcafee]
34794. Number=4941
34795. Confirmed=X
34796. Filename=Win32.dll.vbs
34797. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32catcherb.html" target="_blank">CATCHER-B</a> WORM!
34798. Source=Paul Collins Startup list
34799.  
34800. [Mcafee Anti Scan]
34801. Number=4942
34802. Confirmed=X
34803. Filename=NortonScn.exe
34804. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
34805. Source=Paul Collins Startup list
34806.  
34807. [McAfee Antivirus]
34808. Number=4943
34809. Confirmed=X
34810. Filename=McAfeeAV.exe
34811. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34812. Source=Paul Collins Startup list
34813.  
34814. [Mcafee Antivirus Monitoring System326]
34815. Number=4944
34816. Confirmed=X
34817. Filename=VSStatmn326.exe
34818. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
34819. Source=Paul Collins Startup list
34820.  
34821. [Mcafee Antivirus Monitoring System32mn]
34822. Number=4945
34823. Confirmed=X
34824. Filename=VSStatmn32.exe
34825. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34826. Source=Paul Collins Startup list
34827.  
34828. [McAfee Antivirus Protection]
34829. Number=4946
34830. Confirmed=X
34831. Filename=mcafeeAV.exe
34832. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
34833. Source=Paul Collins Startup list
34834.  
34835. [Mcafee Auto Protect]
34836. Number=4947
34837. Confirmed=X
34838. Filename=mcafeshield.exe
34839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuh.html" target=_blank>RBOT-UH</a> WORM!
34840. Source=Paul Collins Startup list
34841.  
34842. [McAfee Desktop Firewall Tray]
34843. Number=4948
34844. Confirmed=Y
34845. Filename=FireTray.exe
34846. Description=<a href="http://www.mcafee.com/us/" target="_blank">McAfee</a> Desktop Firewall
34847. Source=Paul Collins Startup list
34848.  
34849. [McAfee Firewall]
34850. Number=4949
34851. Confirmed=Y
34852. Filename=CPD.EXE
34853. Description=Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
34854. Source=Paul Collins Startup list
34855.  
34856. [McAfee Guardian]
34857. Number=4950
34858. Confirmed=N
34859. Filename=CMGRDIAN.EXE
34860. Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
34861. Source=Paul Collins Startup list
34862.  
34863. [McAfee Online virus Scanner]
34864. Number=4951
34865. Confirmed=X
34866. Filename=avp.exe
34867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcv.html" target="_blank">RBOT-GCV</a> WORM! Not to be confused with AOL's <a href="http://www.securitycadets.com/2006/08/aols-active-virus-shield-in-a-nutshell/" target="_blank">Active Virus Shield</a> (by Kaspersky)
34868. Source=Paul Collins Startup list
34869.  
34870. [McAfee QuickClean Imonitor]
34871. Number=4952
34872. Confirmed=N
34873. Filename=Plguni.exe
34874. Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target=_blank>McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
34875. Source=Paul Collins Startup list
34876.  
34877. [mcafee Software Intrenet]
34878. Number=4953
34879. Confirmed=X
34880. Filename=mcafee.exe
34881. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatr.html" target=_blank>RBOT-ATR</a> WORM! Note - this is not a valid McAfee program
34882. Source=Paul Collins Startup list
34883.  
34884. [McAfee Windows Protection]
34885. Number=4954
34886. Confirmed=X
34887. Filename=mcafee32.exe
34888. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
34889. Source=Paul Collins Startup list
34890.  
34891. [McAfee Winguage]
34892. Number=4955
34893. Confirmed=N
34894. Filename=??
34895. Description=Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
34896. Source=Paul Collins Startup list
34897.  
34898. [McAfee.InstantUpdate.Monitor]
34899. Number=4956
34900. Confirmed=U
34901. Filename=RuLaunch.exe
34902. Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
34903. Source=Paul Collins Startup list
34904.  
34905. [McAfeeFireTray]
34906. Number=4957
34907. Confirmed=Y
34908. Filename=Firetray.exe
34909. Description=<a href="http://www.mcafee.com/us/" target="_blank">McAfee</a> Desktop Firewall
34910. Source=Paul Collins Startup list
34911.  
34912. [McAfeeScanPlus]
34913. Number=4958
34914. Confirmed=X
34915. Filename=McAfeeScanPlus.exe
34916. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082411-2427-99" target=_blank>MEPCOD</a> TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder
34917. Source=Paul Collins Startup list
34918.  
34919. [McAfeeUpdaterUI]
34920. Number=4959
34921. Confirmed=Y
34922. Filename=UpdaterUI.exe
34923. Description=Associated with McAfee Enterprise 7.0.0. - background process
34924. Source=Paul Collins Startup list
34925.  
34926. [McAfeeVirusScanService]
34927. Number=4960
34928. Confirmed=Y
34929. Filename=Avsynmgr.exe
34930. Description=From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
34931. Source=Paul Collins Startup list
34932.  
34933. [McAfeeWebscanX]
34934. Number=4961
34935. Confirmed=Y
34936. Filename=WebScanX.exe
34937. Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
34938. Source=Paul Collins Startup list
34939.  
34940. [Mcaffe Antivirus]
34941. Number=4962
34942. Confirmed=X
34943. Filename=Mcafeescn.exe
34944. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
34945. Source=Paul Collins Startup list
34946.  
34947. [McAgentExe]
34948. Number=4963
34949. Confirmed=U
34950. Filename=mcagent.exe
34951. Description=From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
34952. Source=Paul Collins Startup list
34953.  
34954. [Mcappins.exe]
34955. Number=4964
34956. Confirmed=Y
34957. Filename=mcappins.exe
34958. Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
34959. Source=Paul Collins Startup list
34960.  
34961. [MChanger]
34962. Number=4965
34963. Confirmed=N
34964. Filename=MChanger.exe
34965. Description=Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
34966. Source=Paul Collins Startup list
34967.  
34968. [McLogLch_exe]
34969. Number=4966
34970. Confirmed=N
34971. Filename=McLogLch.exe
34972. Description=Related to <a href="http://www.spyany.com/files/McLogLch_exe.html" target="_blank">McAfee</a> security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems
34973. Source=Paul Collins Startup list
34974.  
34975. [MCM3]
34976. Number=4967
34977. Confirmed=X
34978. Filename=mcm3.exe
34979. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076082" target= blank>ShopAtHome/SAHagent</a> adware variant
34980. Source=Paul Collins Startup list
34981.  
34982. [McRegWiz]
34983. Number=4968
34984. Confirmed=?
34985. Filename=mcregwiz.exe
34986. Description=McAfee antivirus related. <font color="#FF0000">What does it do and is it required?</font>
34987. Source=Paul Collins Startup list
34988.  
34989. [Mcrosoftr Update]
34990. Number=4969
34991. Confirmed=X
34992. Filename=Mcrosoftr.exe
34993. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
34994. Source=Paul Collins Startup list
34995.  
34996. [McShld9x]
34997. Number=4970
34998. Confirmed=Y
34999. Filename=mcshld9x.exe
35000. Description=Part of McAfee's Virusscan Online. Must be enabled for scanning to work
35001.  
35002. Source=Paul Collins Startup list
35003.  
35004. [MCTskShd]
35005. Number=4971
35006. Confirmed=Y
35007. Filename=mctskshd.exe
35008. Description=Part of <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mctskshd/" target=_blank>McAfee SecurityCenter</a>. Runs in the background controlling critcal updates and control antivirus related actions. This program is important for the stable and secure running of your computer
35009.  
35010. Source=Paul Collins Startup list
35011.  
35012. [McUpdateExe]
35013. Number=4972
35014. Confirmed=U
35015. Filename=mcupdate.exe
35016. Description=From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
35017. Source=Paul Collins Startup list
35018.  
35019. [McVsRte]
35020. Number=4973
35021. Confirmed=Y
35022. Filename=mcvsrte.exe
35023. Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank">SecurityCenter</a>. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
35024. Source=Paul Collins Startup list
35025.  
35026. [mcvsshld]
35027. Number=4974
35028. Confirmed=Y
35029. Filename=mcvsshld.exe
35030. Description=McAfee VirusScan On-line. See also the McAgentExe entry
35031. Source=Paul Collins Startup list
35032.  
35033. [MCX Update]
35034. Number=4975
35035. Confirmed=X
35036. Filename=wisp.exe
35037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqh.html" target=_blank>RBOT-AQH</a> WORM!
35038. Source=Paul Collins Startup list
35039.  
35040. [MCX Updte]
35041. Number=4976
35042. Confirmed=X
35043. Filename=scorti.exe
35044. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarp.html" target=_blank>RBOT-ARP</a> WORM!
35045. Source=Paul Collins Startup list
35046.  
35047. [MD IE Plugin]
35048. Number=4977
35049. Confirmed=X
35050. Filename=md.exe
35051. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-3336-99" target= blank>Marketdart</a> spyware
35052. Source=Paul Collins Startup list
35053.  
35054. [MD IE Plugin]
35055. Number=4978
35056. Confirmed=X
35057. Filename=winy.exe
35058. Description=Adware
35059. Source=Paul Collins Startup list
35060.  
35061. [mdac_runonce]
35062. Number=4979
35063. Confirmed=N
35064. Filename=runonce.exe
35065. Description=Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". 
35066. Source=Paul Collins Startup list
35067.  
35068. [MDDiskProtect.exe]
35069. Number=4980
35070. Confirmed=N
35071. Filename=MDDiskProtect.exe
35072. Description=MediaFour <a href="http://www.mediafour.com/products/macdrive6/" target= blank>MacDrive</a> for Windows - easily open, edit and save files from Mac-formatted disks, format Mac disks and burn Mac CDs and DVDs!
35073. Source=Paul Collins Startup list
35074.  
35075. [mdetect]
35076. Number=4981
35077. Confirmed=X
35078. Filename=[path to trojan]
35079. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070410-2002-99" target="_blank">SPABOT</a> TROJAN!
35080. Source=Paul Collins Startup list
35081.  
35082. [Mdm]
35083. Number=4982
35084. Confirmed=X
35085. Filename=Mdm.vbs
35086. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-090709-3833-99" target="_blank">TRAPPY</a> WORM!
35087. Source=Paul Collins Startup list
35088.  
35089. [mdm]
35090. Number=4983
35091. Confirmed=X
35092. Filename=mdm.exe
35093. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlydraf.html" target=_blank>LYDRA-F</a> TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename
35094. Source=Paul Collins Startup list
35095.  
35096. [MDM7]
35097. Number=4984
35098. Confirmed=U
35099. Filename=mdm.exe
35100. Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;321410" target="_blank"> here</a> to disable
35101. Source=Paul Collins Startup list
35102.  
35103. [Mdmdll]
35104. Number=4985
35105. Confirmed=X
35106. Filename=mdmdll.exe
35107. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078028" target="_blank">CRYPTER</a> TROJAN!
35108. Source=Paul Collins Startup list
35109.  
35110. [Mdmdll32]
35111. Number=4986
35112. Confirmed=X
35113. Filename=mdmdll32.exe
35114. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
35115. Source=Paul Collins Startup list
35116.  
35117. [MDN]
35118. Number=4987
35119. Confirmed=X
35120. Filename=MDNS.exe
35121. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021517-1533-99" target=_blank>SPYBOT.JPB</a> WORM!
35122. Source=Paul Collins Startup list
35123.  
35124. [MDN]
35125. Number=4988
35126. Confirmed=X
35127. Filename=MDNZ.exe
35128. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQD" target=_blank>RBOT.AQD</a> WORM!
35129. Source=Paul Collins Startup list
35130.  
35131. [MDN]
35132. Number=4989
35133. Confirmed=X
35134. Filename=MDN.exe
35135. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOA" target="_blank">RBOT.AOA</a> WORM!
35136. Source=Paul Collins Startup list
35137.  
35138. [mds.exe]
35139. Number=4990
35140. Confirmed=X
35141. Filename=mds.exe
35142. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmadsa.html" target= blank>MADS-A</a> TROJAN!
35143. Source=Paul Collins Startup list
35144.  
35145. [MDSA Sentinel X]
35146. Number=4991
35147. Confirmed=X
35148. Filename=smss.exe
35149. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021716-5932-99" target=_blank>SentinelX</a> spyware. Note - SentinelX is spyware that logs keystrokes. It also monitors and records Web sites visited and applications used. The risk can capture periodic screen shots and may be configured so as to block access to specific Web sites and chat rooms, must be manually installed. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "MDSA Software" subfolder of the Program Files folder
35150. Source=Paul Collins Startup list
35151.  
35152. [mdwmdmsp]
35153. Number=4992
35154. Confirmed=X
35155. Filename=mdwmdmsp.exe
35156. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Win32.Agent.am
35157. Source=Paul Collins Startup list
35158.  
35159. [MECA]
35160. Number=4993
35161. Confirmed=N
35162. Filename=Meca.exe
35163. Description=<a href="http://www.meca.com/website/controller.php" target="_blank">Meca</a> cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users
35164. Source=Paul Collins Startup list
35165.  
35166. [MedGS]
35167. Number=4994
35168. Confirmed=X
35169. Filename=MEDGS1.exe
35170. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com</a> adware
35171. Source=Paul Collins Startup list
35172.  
35173. [Media Access]
35174. Number=4995
35175. Confirmed=X
35176. Filename=MediaAccK.exe
35177. Description=Windupdates <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FMEDIAPAS%2EA" target="_blank">MEDIAPAS.A</a> adware
35178. Source=Paul Collins Startup list
35179.  
35180. [Media Access]
35181. Number=4996
35182. Confirmed=X
35183. Filename=MediaAccK.exe
35184. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpodropc.html" target=_blank>PODROP-C</a> TROJAN!
35185. Source=Paul Collins Startup list
35186.  
35187. [Media Gateway]
35188. Number=4997
35189. Confirmed=X
35190. Filename=MediaGateway.exe
35191. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
35192. Source=Paul Collins Startup list
35193.  
35194. [Media Load]
35195. Number=4998
35196. Confirmed=X
35197. Filename=msn32.exe
35198. Description=Added by a unidentified WORM or TROJAN!
35199. Source=Paul Collins Startup list
35200.  
35201. [Media Manager Indexer]
35202. Number=4999
35203. Confirmed=U
35204. Filename=AIRSVCU.EXE
35205. Description=Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database
35206. Source=Paul Collins Startup list
35207.  
35208. [Media Pass]
35209. Number=5000
35210. Confirmed=X
35211. Filename=MediaPassK.exe
35212. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042012-0135-99" target=_blank>MediaPass</a> adware
35213. Source=Paul Collins Startup list
35214.  
35215. [Media Pass]
35216. Number=5001
35217. Confirmed=X
35218. Filename=MediaPass.exe
35219. Description=WindUpdates <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042012-0135-99" target= blank>MediaPass</a> adware
35220. Source=Paul Collins Startup list
35221.  
35222. [Media Player]
35223. Number=5002
35224. Confirmed=X
35225. Filename=media.exe
35226. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfldmediaa.html" target="_blank">FLDMEDIA-A</a> TROJAN!
35227. Source=Paul Collins Startup list
35228.  
35229. [Media Player]
35230. Number=5003
35231. Confirmed=X
35232. Filename=wmplayer.exe
35233. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbm.html" target="_blank">AGOBOT-BM</a> WORM!
35234. Source=Paul Collins Startup list
35235.  
35236. [Media Player]
35237. Number=5004
35238. Confirmed=X
35239. Filename=Sysdll.exe
35240. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbr.html" target= blank>BANKER-BR</a> TROJAN!
35241. Source=Paul Collins Startup list
35242.  
35243. [Media Player]
35244. Number=5005
35245. Confirmed=X
35246. Filename=Sysnet.exe
35247. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=TSPY%5FBANKER%2EMW" target="_blank">BANKER.MW</a> WORM!
35248. Source=Paul Collins Startup list
35249.  
35250. [Media Player Update]
35251. Number=5006
35252. Confirmed=X
35253. Filename=xpsp1mfh.exe
35254. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
35255. Source=Paul Collins Startup list
35256.  
35257. [Media Plug x.1.2]
35258. Number=5007
35259. Confirmed=X
35260. Filename=msdm.exe
35261. Description=Added by the MULDROP.352 VIRUS!
35262. Source=Paul Collins Startup list
35263.  
35264. [Media Service]
35265. Number=5008
35266. Confirmed=X
35267. Filename=msn64.exe
35268. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EV" target="_blank">SPYBOT.EV</a> WORM!
35269. Source=Paul Collins Startup list
35270.  
35271. [Media service]
35272. Number=5009
35273. Confirmed=X
35274. Filename=msnmsgxr.exe
35275. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TF" target="_blank">SDBOT.TF</a> WORM!
35276. Source=Paul Collins Startup list
35277.  
35278. [Media service]
35279. Number=5010
35280. Confirmed=X
35281. Filename=SYSTEM64.EXE
35282. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QV" target="_blank">RBOT.QV</a> WORM!
35283. Source=Paul Collins Startup list
35284.  
35285. [Media service]
35286. Number=5011
35287. Confirmed=X
35288. Filename=notpad.exe
35289. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
35290. Source=Paul Collins Startup list
35291.  
35292. [Media Software UPdater]
35293. Number=5012
35294. Confirmed=X
35295. Filename=sscs.exe
35296. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabe.html" target= blank>RBOT-ABE</a> WORM!
35297. Source=Paul Collins Startup list
35298.  
35299. [Media X Services]
35300. Number=5013
35301. Confirmed=X
35302. Filename=MSNGRx.exe
35303. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUL" target="_blank">RBOT.AUL</a> WORM!
35304. Source=Paul Collins Startup list
35305.  
35306. [Media-XP-Service-Pack3]
35307. Number=5014
35308. Confirmed=X
35309. Filename=msnzx.exe
35310. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacw.html" target=_blank>SDBOT-ACW</a> WORM!
35311. Source=Paul Collins Startup list
35312.  
35313. [MEDIA32]
35314. Number=5015
35315. Confirmed=X
35316. Filename=[path to trojan]
35317. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpurscanz.html" target=_blank>PURSCAN-Z</a> TROJAN!
35318. Source=Paul Collins Startup list
35319.  
35320. [MediaFace Integration]
35321. Number=5016
35322. Confirmed=N
35323. Filename=Sethook.exe
35324. Description=Fellowes NeatoÖ cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
35325. Source=Paul Collins Startup list
35326.  
35327. [Mediafour Mac Volume Notifications]
35328. Number=5017
35329. Confirmed=U
35330. Filename=Macvntfy.exe
35331. Description=<a href="http://www.mediafour.com/products/xplay/" target="_blank">Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
35332. Source=Paul Collins Startup list
35333.  
35334. [Mediafour XPlay Tray Notification Icon]
35335. Number=5018
35336. Confirmed=U
35337. Filename=Xptryicn.exe
35338. Description=<a href="http://www.mediafour.com/products/xplay/" target=_blank>Mediafour Xplay</a> - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
35339. Source=Paul Collins Startup list
35340.  
35341. [MediaKey]
35342. Number=5019
35343. Confirmed=U
35344. Filename=MediaKey.exe
35345. Description=<a href="http://www.futurepowerusa.com/support/kb_911/help/overview.htm" target="_blank">Multimedia keyboard</a> manager. Required if you use the multimedia keys
35346. Source=Paul Collins Startup list
35347.  
35348. [MediaLifeService]
35349. Number=5020
35350. Confirmed=U
35351. Filename=MediaLifeService.exe
35352. Description=Related to <a href="http://www.logitech.com/index.cfm/products/details/US/EN,CRID=2135,CONTENTID=9340" target="_blank">MediaPlay Cordless Mouse</a> from Logitech
35353. Source=Paul Collins Startup list
35354.  
35355. [MediaLoads]
35356. Number=5021
35357. Confirmed=X
35358. Filename=dw.exe
35359. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare.MediaLoads&threatid=8419" target=_blank>Medialoads</a> adware
35360. Source=Paul Collins Startup list
35361.  
35362. [MediaLoads Installer]
35363. Number=5022
35364. Confirmed=X
35365. Filename=dw.exe
35366. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare.MediaLoads&threatid=8419" target=_blank>Medialoads</a> adware
35367. Source=Paul Collins Startup list
35368.  
35369. [MediaMonitor]
35370. Number=5023
35371. Confirmed=N
35372. Filename=Mediam~1.exe
35373. Description=Installed by Smartdisk MVP CD burning software. Software will work fine without it
35374. Source=Paul Collins Startup list
35375.  
35376. [mediamotor.exe]
35377. Number=5024
35378. Confirmed=X
35379. Filename=mmups.exe
35380. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentby.html" target=_blank>AGENT-BY</a> TROJAN!
35381.  
35382. Source=Paul Collins Startup list
35383.  
35384. [MediaPath]
35385. Number=5025
35386. Confirmed=X
35387. Filename=Proyecto1.exe
35388. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
35389. Source=Paul Collins Startup list
35390.  
35391. [MediaPath]
35392. Number=5026
35393. Confirmed=X
35394. Filename=Root.exe
35395. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
35396. Source=Paul Collins Startup list
35397.  
35398. [MediaPipe P2P Loader]
35399. Number=5027
35400. Confirmed=X
35401. Filename=mpp2pl.exe
35402. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097812" target=_blank>MediaPipe</a> peer-to-peer file swapping program also <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaPipe/MovieLand&threatid=44525" target=_blank>reported</a> as a hijacker
35403. Source=Paul Collins Startup list
35404.  
35405. [mediapluscash.exe]
35406. Number=5028
35407. Confirmed=X
35408. Filename=mediapluscash.exe
35409. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WindUpdates.MediaGateway&threatid=40218" target="_blank">MediaGateway</a> adware
35410. Source=Paul Collins Startup list
35411.  
35412. [MediaRing Talk]
35413. Number=5029
35414. Confirmed=N
35415. Filename=mrtalk.exe
35416. Description=Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
35417. Source=Paul Collins Startup list
35418.  
35419. [MediaXPServicePack]
35420. Number=5030
35421. Confirmed=X
35422. Filename=mxpsp.exe
35423. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CDT&VSect=T" target=_blank>SDBOT.CDT</a> WORM!
35424. Source=Paul Collins Startup list
35425.  
35426. [media_driver]
35427. Number=5031
35428. Confirmed=X
35429. Filename=media_driver.exe
35430. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-4910-99" target=_blank>TUPEG</a> VIRUS! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
35431. Source=Paul Collins Startup list
35432.  
35433. [media_manager]
35434. Number=5032
35435. Confirmed=X
35436. Filename=mediaman.exe
35437. Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>,  IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
35438. Source=Paul Collins Startup list
35439.  
35440. [media_stub]
35441. Number=5033
35442. Confirmed=X
35443. Filename=stub.exe
35444. Description=<a target="_blank" href="http://www.mini-player.com/">Mini-Player</a>,  IMESH related foistware, see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371">here</a>
35445. Source=Paul Collins Startup list
35446.  
35447. [MedionVFD]
35448. Number=5034
35449. Confirmed=?
35450. Filename=MdionLCM.exe
35451. Description=Related to <a href="http://www.medion.de/" target="_blank">Medion</a> Display Information. <font color="#FF0000">What does it do and is it required?</font>
35452. Source=Paul Collins Startup list
35453.  
35454. [Meeting Connection]
35455. Number=5035
35456. Confirmed=X
35457. Filename=comsutil.exe
35458. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoore.html" target= blank>PPDOOR-E</a> TROJAN!
35459. Source=Paul Collins Startup list
35460.  
35461. [Meeting Connection]
35462. Number=5036
35463. Confirmed=X
35464. Filename=wowdache.exe
35465. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoord.html" target= blank>PPDOOR-D</a> TROJAN!
35466. Source=Paul Collins Startup list
35467.  
35468. [Meeting Connection]
35469. Number=5037
35470. Confirmed=X
35471. Filename=hgakdl32.exe
35472. Description=Looks like a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojppdoore.html" target=_blank>PPDOOR-E</a> TROJAN!
35473. Source=Paul Collins Startup list
35474.  
35475. [MegaPanel]
35476. Number=5038
35477. Confirmed=U
35478. Filename=HSTrans.exe
35479. Description=Homescan Internet Transporter - part of <a href="http://www2.acnielsen.com/products/cps_homescan.shtml" target=_blank>ACNielson Homescan</a>. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
35480. Source=Paul Collins Startup list
35481.  
35482. [melg34]
35483. Number=5039
35484. Confirmed=X
35485. Filename=mdmd.exe
35486. Description=Added by an unidentified WORM or TROJAN - see <a href="http://www.greatis.com/appdata/d/m/mdmd.exe.htm" target="_blank">here</a>
35487. Source=Paul Collins Startup list
35488.  
35489. [Members area]
35490. Number=5040
35491. Confirmed=X
35492. Filename=******.exe [* = random digit]
35493. Description=Premium rate adult content dialer
35494. Source=Paul Collins Startup list
35495.  
35496. [MemConfig]
35497. Number=5041
35498. Confirmed=X
35499. Filename=SetupIE.com
35500. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112012-0423-99" target="_blank">TAPLAK</a> WORM!
35501. Source=Paul Collins Startup list
35502.  
35503. [Memento]
35504. Number=5042
35505. Confirmed=N
35506. Filename=Memento.exe
35507. Description=<a href="http://www.guyswithtowels.com/dev/apps/memento.html" target="_blank">Memento</a> - simple app to keep text notes on your desktop
35508. Source=Paul Collins Startup list
35509.  
35510. [MemMonster]
35511. Number=5043
35512. Confirmed=U
35513. Filename=memmnstr.exe
35514. Description=<a href="http://www.daolnwod.com/memmonster_2923.htm" target="_blank">MemMonster</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
35515. Source=Paul Collins Startup list
35516.  
35517. [MemoKit]
35518. Number=5044
35519. Confirmed=U
35520. Filename=MK.EXE
35521. Description=Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
35522. Source=Paul Collins Startup list
35523.  
35524. [memory]
35525. Number=5045
35526. Confirmed=X
35527. Filename=outlookrem.exe
35528. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060416-5102-99" target=_blank>NOPIR.C</a> WORM!
35529. Source=Paul Collins Startup list
35530.  
35531. [Memory Check]
35532. Number=5046
35533. Confirmed=X
35534. Filename=memore.exe
35535. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110912-1140-99" target="_blank">KILLAV.C</a> TROJAN!
35536. Source=Paul Collins Startup list
35537.  
35538. [Memory manager]
35539. Number=5047
35540. Confirmed=X
35541. Filename=himem32.exe
35542. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020216-3646-99" target=_blank>MANCSYN</a> TROJAN!
35543. Source=Paul Collins Startup list
35544.  
35545. [Memory Service]
35546. Number=5048
35547. Confirmed=X
35548. Filename=freememory.exe
35549. Description=Added by the RBOT.GEN WORM!
35550. Source=Paul Collins Startup list
35551.  
35552. [Memory Stick Monitor]
35553. Number=5049
35554. Confirmed=N
35555. Filename=MSTAT.exe
35556. Description=Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer
35557. Source=Paul Collins Startup list
35558.  
35559. [Memory Stick Monitor]
35560. Number=5050
35561. Confirmed=U
35562. Filename=MSstat.exe
35563. Description=Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
35564. Source=Paul Collins Startup list
35565.  
35566. [Memory Watcher]
35567. Number=5051
35568. Confirmed=X
35569. Filename=MemoryWatcher.exe
35570. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453080910" target=_blank>MemoryWatcher</a> spyware
35571. Source=Paul Collins Startup list
35572.  
35573. [Memory+]
35574. Number=5052
35575. Confirmed=U
35576. Filename=tfimemsr.exe
35577. Description=Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
35578. Source=Paul Collins Startup list
35579.  
35580. [MemoryBoost]
35581. Number=5053
35582. Confirmed=U
35583. Filename=MemoryBoost.exe
35584. Description=<a href="http://www.tenebril.com/consumer/memboost/" target="_blank">MemoryBoost</a> - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
35585. Source=Paul Collins Startup list
35586.  
35587. [MemoryCardManager]
35588. Number=5054
35589. Confirmed=U
35590. Filename=MemCard.exe
35591. Description=<a href="http://www.file.net/process/memcard.exe.html" target=_blank>Memory Card Manager</a> - for removable memory cards found on Dell or Lexmark photo printers
35592.  
35593. Source=Paul Collins Startup list
35594.  
35595. [MemoryMeter]
35596. Number=5055
35597. Confirmed=X
35598. Filename=MemoryMeter.exe
35599. Description=Autoinstalling spyware by <a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a>
35600. Source=Paul Collins Startup list
35601.  
35602. [MemoryZipperPlus]
35603. Number=5056
35604. Confirmed=U
35605. Filename=memzip.exe
35606. Description=<a href="http://www.systweak.com/memzip/" target=_blank>Memory Zipper Plus</a> - "optimizes the memory management of your system and boost-up its performance amazingly!"
35607.  
35608. Source=Paul Collins Startup list
35609.  
35610. [memreader.exe]
35611. Number=5057
35612. Confirmed=X
35613. Filename=memreader.exe
35614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotty.html" target=_blank>AGOBOT-TY</a> WORM!
35615. Source=Paul Collins Startup list
35616.  
35617. [MEMreaload]
35618. Number=5058
35619. Confirmed=X
35620. Filename=MEMreaload.exe
35621. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
35622. Source=Paul Collins Startup list
35623.  
35624. [MemScanner]
35625. Number=5059
35626. Confirmed=N
35627. Filename=MemScanner.exe
35628. Description=Part of Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
35629. Source=Paul Collins Startup list
35630.  
35631. [MemTurbo]
35632. Number=5060
35633. Confirmed=U
35634. Filename=memturbo.exe
35635. Description=<a href="http://www.memturbo.com/" target="_blank">MemTurbo</a> memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
35636. Source=Paul Collins Startup list
35637.  
35638. [MenuSnap]
35639. Number=5061
35640. Confirmed=N
35641. Filename=MenuSnap.exe
35642. Description=<a href="http://www.rietta.com/menusnap/" target="_blank">MenuSnap</a> from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe
35643. Source=Paul Collins Startup list
35644.  
35645. [Mercora]
35646. Number=5062
35647. Confirmed=N
35648. Filename=MercoraClient.exe
35649. Description=<a href="http://search.mercora.com/v6/_front/web.jsp" target="_blank">Mercora MusicSearch</a> "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the <a href="http://www.mercora.com/privacy.asp" target="_blank">Privacy Policy</a>
35650. Source=Paul Collins Startup list
35651.  
35652. [Message Queuing]
35653. Number=5063
35654. Confirmed=X
35655. Filename=msmqs.exe
35656. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120217-1031-99" target="_blank">FREEFORS</a> TROJAN!
35657. Source=Paul Collins Startup list
35658.  
35659. [MessagerStarter Freeserve]
35660. Number=5064
35661. Confirmed=N
35662. Filename=StartMessager.exe
35663. Description=Freeserve Messenger
35664. Source=Paul Collins Startup list
35665.  
35666. [Message_Blocker]
35667. Number=5065
35668. Confirmed=U
35669. Filename=messageblock.exe
35670. Description=<a href="http://www.ograhl.com/en/messageblocker/" target="_blank">Message Blocker</a> - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"
35671. Source=Paul Collins Startup list
35672.  
35673. [Messanger]
35674. Number=5066
35675. Confirmed=X
35676. Filename=trillian.exe
35677. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CKI" target="_blank">RBOT.CKI</a> WORM!
35678. Source=Paul Collins Startup list
35679.  
35680. [Messanger]
35681. Number=5067
35682. Confirmed=X
35683. Filename=deamon.exe
35684. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
35685. Source=Paul Collins Startup list
35686.  
35687. [Messanger]
35688. Number=5068
35689. Confirmed=X
35690. Filename=msgaol.exe
35691. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
35692. Source=Paul Collins Startup list
35693.  
35694. [Messanger]
35695. Number=5069
35696. Confirmed=Y
35697. Filename=s_menu.exe
35698. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
35699. Source=Paul Collins Startup list
35700.  
35701. [Messanger]
35702. Number=5070
35703. Confirmed=X
35704. Filename=browse.exe
35705. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
35706. Source=Paul Collins Startup list
35707.  
35708. [Messenger]
35709. Number=5071
35710. Confirmed=X
35711. Filename=messenger.exe
35712. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102516-2731-99" target="_blank">KUTEX</a> TROJAN!
35713. Source=Paul Collins Startup list
35714.  
35715. [Messenger]
35716. Number=5072
35717. Confirmed=X
35718. Filename=ntsubsys.exe
35719. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BGE&VSect=P" target=_blank>SDBOT.BGE</a> WORM!
35720. Source=Paul Collins Startup list
35721.  
35722. [Messenger]
35723. Number=5073
35724. Confirmed=X
35725. Filename=Wmsngr.exe
35726. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
35727. Source=Paul Collins Startup list
35728.  
35729. [Messenger]
35730. Number=5074
35731. Confirmed=Y
35732. Filename=SCANMSG.EXE
35733. Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - virus protection
35734. Source=Paul Collins Startup list
35735.  
35736. [Messenger Block]
35737. Number=5075
35738. Confirmed=X
35739. Filename=msngrblock.exe
35740. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091216-0113-99" target="_blank">PATOO</a> WORM!
35741. Source=Paul Collins Startup list
35742.  
35743. [Messenger Protocol]
35744. Number=5076
35745. Confirmed=X
35746. Filename=netsender.exe
35747. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacc.html" target=_blank>SDBOT-ACC</a> WORM!
35748. Source=Paul Collins Startup list
35749.  
35750. [Messenger Service]
35751. Number=5077
35752. Confirmed=X
35753. Filename=msmsgs.exe
35754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzb.html" target= blank>SDBOT-ZB</a> WORM!
35755. Source=Paul Collins Startup list
35756.  
35757. [Messenger Service]
35758. Number=5078
35759. Confirmed=X
35760. Filename=nvhost.exe
35761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
35762. Source=Paul Collins Startup list
35763.  
35764. [Messenger Service Updater]
35765. Number=5079
35766. Confirmed=X
35767. Filename=svshost.exe
35768. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.GC" target="_blank">MYTOB.GC</a> WORM!
35769. Source=Paul Collins Startup list
35770.  
35771. [Messenger start-up]
35772. Number=5080
35773. Confirmed=X
35774. Filename=Msgran.exe
35775. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100714-1840-99" target="_blank">GRAMOS</a> WORM!
35776. Source=Paul Collins Startup list
35777.  
35778. [Messenger6]
35779. Number=5081
35780. Confirmed=X
35781. Filename=command.pif
35782. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112319-1247-99" target=_blank>INZAE.B</a> WORM!
35783. Source=Paul Collins Startup list
35784.  
35785. [MessengerDiscovery]
35786. Number=5082
35787. Confirmed=U
35788. Filename=MessengerDiscovery.exe
35789. Description=MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseeded by <a href="http://live.msgdiscovery.com/" target="_blank">MessengerDiscovery Live</a> - with support added for Windows Live
35790. Source=Paul Collins Startup list
35791.  
35792. [MessengerPlus]
35793. Number=5083
35794. Confirmed=N
35795. Filename=MsgPlus.exe
35796. Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
35797. Source=Paul Collins Startup list
35798.  
35799. [MessengerPlus2]
35800. Number=5084
35801. Confirmed=N
35802. Filename=MsgPlus.exe
35803. Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
35804. Source=Paul Collins Startup list
35805.  
35806. [MessengerPlus3]
35807. Number=5085
35808. Confirmed=N
35809. Filename=MsgPlus.exe
35810. Description=<a href="http://www.msgplus.net/" target=_blank>MessengerPlus</a> - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media <a href="http://inetexplorer.mvps.org/data/messenger_plus.htm" target=_blank>LOP</a> adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
35811. Source=Paul Collins Startup list
35812.  
35813. [messnger]
35814. Number=5086
35815. Confirmed=X
35816. Filename=[worm filename]
35817. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030812-5056-99" target="_blank">DELODER</a> WORM!
35818. Source=Paul Collins Startup list
35819.  
35820. [messnger]
35821. Number=5087
35822. Confirmed=X
35823. Filename=Dvldr32.exe
35824. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A" target="_blank">DELODER.A</a> WORM!
35825. Source=Paul Collins Startup list
35826.  
35827. [Metacafe]
35828. Number=5088
35829. Confirmed=N
35830. Filename=MetacafeAgent.exe
35831. Description=<a href="http://www.metacafe.com/" target=_blank>Metacafe</a> - video sharing on the web. Note - if you subscribe make sure you read the <a href="http://www.metacafe.com/privacy/" target=_blank>Privacy Policy</a>
35832.  
35833. Source=Paul Collins Startup list
35834.  
35835. [MeTaLRoCk (irc.musirc.com) has sex with printers]
35836. Number=5089
35837. Confirmed=X
35838. Filename=metalrock-is-gay.exe
35839. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
35840. Source=Paul Collins Startup list
35841.  
35842. [MeuPrograma]
35843. Number=5090
35844. Confirmed=X
35845. Filename=accwizz.exe
35846. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
35847. Source=Paul Collins Startup list
35848.  
35849. [Mfc**.exe [* = random char]]
35850. Number=5091
35851. Confirmed=X
35852. Filename=Mfc**.exe [* = random char]
35853. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
35854. Source=Paul Collins Startup list
35855.  
35856. [Mfc**32.exe [* = random char]]
35857. Number=5092
35858. Confirmed=X
35859. Filename=Mfc**32.exe [* = random char]
35860. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
35861. Source=Paul Collins Startup list
35862.  
35863. [mfgboot]
35864. Number=5093
35865. Confirmed=?
35866. Filename=??
35867. Description=<font color="#FF0000">??</font>
35868. Source=Paul Collins Startup list
35869.  
35870. [mFilter]
35871. Number=5094
35872. Confirmed=X
35873. Filename=MNeck.exe
35874. Description=Added by the <a href="http://www.sophos.de/virusinfo/analyses/trojclickerag.html" target=_blank>CLICKER-AG</a> TROJAN!
35875. Source=Paul Collins Startup list
35876.  
35877. [mfin32]
35878. Number=5095
35879. Confirmed=X
35880. Filename=mfin32.exe
35881. Description=MyFreeInternetUpdate - adware downloader
35882. Source=Paul Collins Startup list
35883.  
35884. [MGA Hook]
35885. Number=5096
35886. Confirmed=?
35887. Filename=Mgahook.exe
35888. Description=MATROX Graphics card related. <font color="#FF0000">What does it do and is it required?</font>
35889. Source=Paul Collins Startup list
35890.  
35891. [MGA Quickdesk]
35892. Number=5097
35893. Confirmed=N
35894. Filename=MGAQDESK.EXE
35895. Description=For Matrox video cards. Quick access to tweak your card to your liking
35896. Source=Paul Collins Startup list
35897.  
35898. [Mgabg]
35899. Number=5098
35900. Confirmed=U
35901. Filename=Mgabg.exe
35902. Description=Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed
35903. Source=Paul Collins Startup list
35904.  
35905. [mgavctrl]
35906. Number=5099
35907. Confirmed=Y
35908. Filename=mgavrtcl.exe
35909. Description=McAfee's Virus Scan Online
35910. Source=Paul Collins Startup list
35911.  
35912. [mgavctrl]
35913. Number=5100
35914. Confirmed=Y
35915. Filename=mgavrte.exe
35916. Description=McAfee's Virus Scan Online
35917.  
35918. Source=Paul Collins Startup list
35919.  
35920. [mgavrtclexe]
35921. Number=5101
35922. Confirmed=Y
35923. Filename=mgavrtcl.exe
35924. Description=McAfee's Virus Scan Online
35925. Source=Paul Collins Startup list
35926.  
35927. [mgavrtclexe]
35928. Number=5102
35929. Confirmed=Y
35930. Filename=mgavrte.exe
35931. Description=McAfee's Virus Scan Online
35932.  
35933. Source=Paul Collins Startup list
35934.  
35935. [MGA_CD_Install]
35936. Number=5103
35937. Confirmed=N
35938. Filename=mgasetup.exe
35939. Description=Matrox Millennium video driver. Not required once drivers installed
35940. Source=Paul Collins Startup list
35941.  
35942. [mgmtapi]
35943. Number=5104
35944. Confirmed=X
35945. Filename=mgmtapi.exe
35946. Description=Unidentified malware
35947. Source=Paul Collins Startup list
35948.  
35949. [MHDOGStart]
35950. Number=5105
35951. Confirmed=X
35952. Filename=mhdogst.EXE
35953. Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
35954. Source=Paul Collins Startup list
35955.  
35956. [MHINIT]
35957. Number=5106
35958. Confirmed=N
35959. Filename=MHINIT.EXE
35960. Description=Part of the Cybermedia Clean Sweep package
35961. Source=Paul Collins Startup list
35962.  
35963. [mhs3]
35964. Number=5107
35965. Confirmed=X
35966. Filename=mhs3.exe
35967. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsalz.html" target="_blank">PWS-ALZ</a> TROJAN!
35968. Source=Paul Collins Startup list
35969.  
35970. [Mi7sft sdce]
35971. Number=5108
35972. Confirmed=X
35973. Filename=b0yz.exe
35974. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CWG" target="_blank">RBOT.CWG</a> WORM!
35975. Source=Paul Collins Startup list
35976.  
35977. [Mi7sft sdce]
35978. Number=5109
35979. Confirmed=X
35980. Filename=MNSQ.exe
35981. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DMU" target="_blank">RBOT.DMU</a> WORM!
35982. Source=Paul Collins Startup list
35983.  
35984. [Mi7sft sdce]
35985. Number=5110
35986. Confirmed=X
35987. Filename=scorti.exe
35988. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp;vic-sessionid=EBk6vUvCbzJVNYvJMICK7qh2akbU9yu9HNW3y8s81UURXvxlEK1y!90955832?VId=51060" target="_blank">RBOT.ELC</a> WORM!
35989. Source=Paul Collins Startup list
35990.  
35991. [Mickey Mouse Cereal]
35992. Number=5111
35993. Confirmed=X
35994. Filename=[random filename].exe
35995. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011217-4546-99" target=_blank>RANKY.Q</a> TROJAN!
35996. Source=Paul Collins Startup list
35997.  
35998. [Micosoft Data Core]
35999. Number=5112
36000. Confirmed=X
36001. Filename=runservice.exe
36002. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.BK" target="_blank">IRCBOT.BK</a> WORM!
36003. Source=Paul Collins Startup list
36004.  
36005. [Micr Update]
36006. Number=5113
36007. Confirmed=X
36008. Filename=soundblaster.exe
36009. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NP" target="_blank">SDBOT.NP</a> WORM!
36010. Source=Paul Collins Startup list
36011.  
36012. [Micr0s0ft Ms D0s]
36013. Number=5114
36014. Confirmed=X
36015. Filename=msdx.exe
36016. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaon.html" target=_blank>RBOT-AON</a> WORM!
36017. Source=Paul Collins Startup list
36018.  
36019. [Micr0s0ft Upd4t4z]
36020. Number=5115
36021. Confirmed=X
36022. Filename=svchost32.exe
36023. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=44933" target="_blank">RBOT.ALF</a> WORM!
36024. Source=Paul Collins Startup list
36025.  
36026. [Micrcoft Exploerer]
36027. Number=5116
36028. Confirmed=X
36029. Filename=spoolsal.exe
36030. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakk.html" target=_blank>RBOT-AKK</a> WORM!
36031. Source=Paul Collins Startup list
36032.  
36033. [Micrcoft Exploerer]
36034. Number=5117
36035. Confirmed=X
36036. Filename=svchose.exe
36037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasl.html" target=_blank>RBOT-ASL</a> WORM!
36038. Source=Paul Collins Startup list
36039.  
36040. [Micrcoft Updat]
36041. Number=5118
36042. Confirmed=X
36043. Filename=spoolsae.exe
36044. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaib.html" target=_blank>RBOT-AIB</a> WORM!
36045. Source=Paul Collins Startup list
36046.  
36047. [Micrcoft Updat]
36048. Number=5119
36049. Confirmed=X
36050. Filename=spoolsaex.exe
36051. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajm.html" target=_blank>RBOT-AJM</a> WORM!
36052. Source=Paul Collins Startup list
36053.  
36054. [Micrcoft Updat]
36055. Number=5120
36056. Confirmed=X
36057. Filename=Internet.exe
36058. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotana.html" target=_blank>RBOT-ANA</a> WORM!
36059. Source=Paul Collins Startup list
36060.  
36061. [Micrcsoft Certificate Services]
36062. Number=5121
36063. Confirmed=X
36064. Filename=cflmon.exe
36065. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwv.html" target="_blank">RBOT-FWV</a> WORM!
36066. Source=Paul Collins Startup list
36067.  
36068. [Micro CRC Protocol]
36069. Number=5122
36070. Confirmed=X
36071. Filename=scrc32.exe
36072. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36073. Source=Paul Collins Startup list
36074.  
36075. [Micro Process]
36076. Number=5123
36077. Confirmed=X
36078. Filename=appconf.exe
36079. Description=Added by an unidentified WORM or TROJAN!
36080. Source=Paul Collins Startup list
36081.  
36082. [Micro Update]
36083. Number=5124
36084. Confirmed=X
36085. Filename=dailin.exe
36086. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboter.html" target=_blank>RBOT-ER</a> WORM!
36087. Source=Paul Collins Startup list
36088.  
36089. [Microangelo Desktop]
36090. Number=5125
36091. Confirmed=N
36092. Filename=Muamgr.exe
36093. Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
36094. Source=Paul Collins Startup list
36095.  
36096. [microAttuneDownload]
36097. Number=5126
36098. Confirmed=N
36099. Filename=atmdlusr.exe
36100. Description=Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune
36101. Source=Paul Collins Startup list
36102.  
36103. [MicroCQ0]
36104. Number=5127
36105. Confirmed=X
36106. Filename=explorer.exe
36107. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageak.html" target="_blank">LINEAGE-AK</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
36108. Source=Paul Collins Startup list
36109.  
36110. [MicroDialler]
36111. Number=5128
36112. Confirmed=U
36113. Filename=atdialler1.exe
36114. Description=Part of the <a href="https://www.freeserve.com/time/anytimereg/migration/?redirect=int" target="_blank">Freeserve Connection Kit</a> - changes the dial-up for Freeserve AnyTime if access problems are encountered
36115. Source=Paul Collins Startup list
36116.  
36117. [MicroedSoft Toolbar]
36118. Number=5129
36119. Confirmed=X
36120. Filename=Smoked.exe
36121. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaln.html" target=_blank>RBOT-ALN</a> WORM!
36122. Source=Paul Collins Startup list
36123.  
36124. [Microfinder lptt01]
36125. Number=5130
36126. Confirmed=X
36127. Filename=mcf.exe
36128. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
36129. Source=Paul Collins Startup list
36130.  
36131. [Microfinder ml097e]
36132. Number=5131
36133. Confirmed=X
36134. Filename=mcf.exe
36135. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
36136. Source=Paul Collins Startup list
36137.  
36138. [Microfot Update]
36139. Number=5132
36140. Confirmed=X
36141. Filename=winldx32.exe
36142. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36143. Source=Paul Collins Startup list
36144.  
36145. [Microft Exploerer]
36146. Number=5133
36147. Confirmed=X
36148. Filename=spoolsac.exe
36149. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamd.html" target=_blank>RBOT-AMD</a> WORM!
36150. Source=Paul Collins Startup list
36151.  
36152. [Microft Update 32]
36153. Number=5134
36154. Confirmed=X
36155. Filename=winssx.exe
36156. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqs.html" target=_blank>RBOT-AQS</a> WORM!
36157. Source=Paul Collins Startup list
36158.  
36159. [MicroLoad]
36160. Number=5135
36161. Confirmed=X
36162. Filename=[random filename]
36163. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082921-0607-99" target="_blank">DARBY</a> WORM!
36164. Source=Paul Collins Startup list
36165.  
36166. [Micromedia Flash Update]
36167. Number=5136
36168. Confirmed=X
36169. Filename=wdfmrg.exe
36170. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
36171. Source=Paul Collins Startup list
36172.  
36173. [Micromedia Flash Update]
36174. Number=5137
36175. Confirmed=X
36176. Filename=xptxt.exe
36177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgab.html" target="_blank">RBOT-GAB</a> WORM!
36178. Source=Paul Collins Startup list
36179.  
36180. [Microoft Timing]
36181. Number=5138
36182. Confirmed=X
36183. Filename=pupdate.exe
36184. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
36185. Source=Paul Collins Startup list
36186.  
36187. [MICROSFT ANTIVIRUS UPDATE SUPPORT]
36188. Number=5139
36189. Confirmed=X
36190. Filename=[random 10-letter filename].EXE
36191. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqa.html" target=_blank>RBOT-AQA</a> WORM!
36192. Source=Paul Collins Startup list
36193.  
36194. [MICROSFT ANTIVIRUS UPDATE SUPPORT]
36195. Number=5140
36196. Confirmed=X
36197. Filename=MSGUPDATED.EXE
36198. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapz.html" target=_blank>RBOT-APZ</a> WORM!
36199. Source=Paul Collins Startup list
36200.  
36201. [Microsft Conf 32]
36202. Number=5141
36203. Confirmed=X
36204. Filename=msaconf.exe
36205. Description=Added by the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=53685" target="_blank">RBOT.EYA</a> WORM!
36206. Source=Paul Collins Startup list
36207.  
36208. [Microsft Confige 32]
36209. Number=5142
36210. Confirmed=X
36211. Filename=msaconfigurez.exe
36212. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLC&VSect=P" target=_blank>RBOT.CLC</a> WORM!
36213. Source=Paul Collins Startup list
36214.  
36215. [MICROSFT MX UPDATE SUPPORT]
36216. Number=5143
36217. Confirmed=X
36218. Filename=taskmngrs.exe
36219. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauz.html" target=_blank>RBOT-AUZ</a> WORM!
36220. Source=Paul Collins Startup list
36221.  
36222. [MICROSFT MX UPDATE SUPPORT]
36223. Number=5144
36224. Confirmed=X
36225. Filename=winmx32.EXE
36226. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotfd.html" target="_blank">IRCBOT-FD</a> WORM!
36227. Source=Paul Collins Startup list
36228.  
36229. [MICROSFT RAMA UPDATE SUPPORT]
36230. Number=5145
36231. Confirmed=X
36232. Filename=[random filename]
36233. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasm.html" target=_blank>RBOT-ASM</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauw.html" target=_blank>RBOT-AUW</a> WORMS!
36234. Source=Paul Collins Startup list
36235.  
36236. [MICROSFT RAMA UPDATE SUPPORT]
36237. Number=5146
36238. Confirmed=X
36239. Filename=MSN32.EXE
36240. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawj.html" target=_blank>RBOT-AWJ</a> WORM!
36241. Source=Paul Collins Startup list
36242.  
36243. [MICROSFT RAMA UPDATE SUPPORT]
36244. Number=5147
36245. Confirmed=X
36246. Filename=mtakthmyn.EXE
36247. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauj.html" target=_blank>RBOT-AUJ</a> WORM!
36248. Source=Paul Collins Startup list
36249.  
36250. [Microsft Security Monitor Process]
36251. Number=5148
36252. Confirmed=X
36253. Filename=cmh.exe
36254. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36255. Source=Paul Collins Startup list
36256.  
36257. [Microsft Security Monitor Process]
36258. Number=5149
36259. Confirmed=X
36260. Filename=mssmppp.exe
36261. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36262. Source=Paul Collins Startup list
36263.  
36264. [Microsft Security Monitor Process]
36265. Number=5150
36266. Confirmed=X
36267. Filename=mssmpp.exe
36268. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
36269. Source=Paul Collins Startup list
36270.  
36271. [Microsft Updtes]
36272. Number=5151
36273. Confirmed=X
36274. Filename=sarvice.exe
36275. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36276. Source=Paul Collins Startup list
36277.  
36278. [Microsft Upgraed]
36279. Number=5152
36280. Confirmed=X
36281. Filename=[random filename].exe
36282. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36283. Source=Paul Collins Startup list
36284.  
36285. [microsft windows updates]
36286. Number=5153
36287. Confirmed=X
36288. Filename=mwupdate32.exe
36289. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41911" target=_blank>TOXBOT/CODBOT</a> WORM!
36290. Source=Paul Collins Startup list
36291.  
36292. [Microsof Value]
36293. Number=5154
36294. Confirmed=X
36295. Filename=nmatt.exe
36296. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36297. Source=Paul Collins Startup list
36298.  
36299. [Microsof Windows Host]
36300. Number=5155
36301. Confirmed=X
36302. Filename=svhost32.exe
36303. Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY" target=_blank>RBOT.ADY</a> WORM!
36304. Source=Paul Collins Startup list
36305.  
36306. [Microsof Winlog Host]
36307. Number=5156
36308. Confirmed=X
36309. Filename=wilogon32.exe
36310. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XC" target=_blank>RBOT.XC</a> WORM! 
36311.  
36312. Source=Paul Collins Startup list
36313.  
36314. [Microsofot x386 System Monitor]
36315. Number=5157
36316. Confirmed=X
36317. Filename=system32.exe
36318. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.M" target="_blank">WOOTBOT.M</a> WORM!
36319. Source=Paul Collins Startup list
36320.  
36321. [microsoft]
36322. Number=5158
36323. Confirmed=X
36324. Filename=svchost.exe
36325. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
36326. Source=Paul Collins Startup list
36327.  
36328. [microsoft]
36329. Number=5159
36330. Confirmed=X
36331. Filename=microsoft.hta
36332. Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
36333. Source=Paul Collins Startup list
36334.  
36335. [Microsoft]
36336. Number=5160
36337. Confirmed=X
36338. Filename=win32.exe
36339. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99" target=_blank>DARKMOON</a> TROJAN!
36340. Source=Paul Collins Startup list
36341.  
36342. [Microsoft]
36343. Number=5161
36344. Confirmed=X
36345. Filename=iexplore.exe
36346. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobr.html" target=_blank>QQROB-R</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
36347. Source=Paul Collins Startup list
36348.  
36349. [Microsoft]
36350. Number=5162
36351. Confirmed=X
36352. Filename=svchost.exe
36353. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaduyoa.html" target=_blank>ADUYO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
36354. Source=Paul Collins Startup list
36355.  
36356. [Microsoft]
36357. Number=5163
36358. Confirmed=X
36359. Filename=wuauclt.exe
36360. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobaaq.html" target="_blank">QQROB-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
36361. Source=Paul Collins Startup list
36362.  
36363. [Microsoft]
36364. Number=5164
36365. Confirmed=X
36366. Filename=guard.exe
36367. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36368. Source=Paul Collins Startup list
36369.  
36370. [Microsoft]
36371. Number=5165
36372. Confirmed=X
36373. Filename=wcsntfy.exe
36374. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaht.html" target="_blank">AGOBOT-AHT</a> WORM!
36375. Source=Paul Collins Startup list
36376.  
36377. [Microsoft]
36378. Number=5166
36379. Confirmed=X
36380. Filename=ssmss.exe
36381. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzf.html" target="_blank">RBOT-FZF</a> WORM!
36382. Source=Paul Collins Startup list
36383.  
36384. [Microsoft]
36385. Number=5167
36386. Confirmed=X
36387. Filename=lsass.ppf
36388. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaa.html" target="_blank">RBOT-GAA</a> WORM!
36389. Source=Paul Collins Startup list
36390.  
36391. [Microsoft]
36392. Number=5168
36393. Confirmed=X
36394. Filename=msvchost.exe
36395. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaw.html" target="_blank">RBOT-GAW</a> WORM!
36396. Source=Paul Collins Startup list
36397.  
36398. [Microsoft]
36399. Number=5169
36400. Confirmed=X
36401. Filename=mixers.exe
36402. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahu.html" target="_blank">AGOBOT-AHU</a> WORM!
36403. Source=Paul Collins Startup list
36404.  
36405. [Microsoft]
36406. Number=5170
36407. Confirmed=X
36408. Filename=msmsger.exe
36409. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36410. Source=Paul Collins Startup list
36411.  
36412. [Microsoft]
36413. Number=5171
36414. Confirmed=X
36415. Filename=MSUPDATE.exe
36416. Description=Added by an unidentified WORM or TROJAN!
36417. Source=Paul Collins Startup list
36418.  
36419. [Microsoft]
36420. Number=5172
36421. Confirmed=X
36422. Filename=radnom.exe
36423. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgho.html" target="_blank">RBOT-GHO</a> WORM!
36424. Source=Paul Collins Startup list
36425.  
36426. [Microsoft]
36427. Number=5173
36428. Confirmed=X
36429. Filename=rtvcscan.exe
36430. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggu.html" target="_blank">RBOT-GGU</a> WORM!
36431. Source=Paul Collins Startup list
36432.  
36433. [Microsoft]
36434. Number=5174
36435. Confirmed=X
36436. Filename=taskbar.exe
36437. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
36438. Source=Paul Collins Startup list
36439.  
36440. [Microsoft]
36441. Number=5175
36442. Confirmed=X
36443. Filename=updater.exe
36444. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotghp.html" target="_blank">RBOT-GHP</a> WORM!
36445. Source=Paul Collins Startup list
36446.  
36447. [Microsoft]
36448. Number=5176
36449. Confirmed=X
36450. Filename=windl32.exe
36451. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdcz.html" target="_blank">SDBOT-DCZ</a> WORM!
36452. Source=Paul Collins Startup list
36453.  
36454. [Microsoft  Associates, Inc.]
36455. Number=5177
36456. Confirmed=X
36457. Filename=iexplorer.exe
36458. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
36459. Source=Paul Collins Startup list
36460.  
36461. [Microsoft (C) HTML Application host]
36462. Number=5178
36463. Confirmed=X
36464. Filename=[random filename]
36465. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyb.html" target= blank>RBOT-YB</a> WORM!
36466. Source=Paul Collins Startup list
36467.  
36468. [Microsoft (R) Windows Configuration Backup Service]
36469. Number=5179
36470. Confirmed=X
36471. Filename=svchost.exe
36472. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081415-2212-99" target="_blank">RANKY.X</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder
36473. Source=Paul Collins Startup list
36474.  
36475. [Microsoft (R) Windows DLL Loader]
36476. Number=5180
36477. Confirmed=X
36478. Filename=rundll32.exe
36479. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/backdoor.ranky.w.html" target="_blank">RANKY.W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target="_blank">rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in a "dll" subfolder of the Winnt or Windows folder
36480. Source=Paul Collins Startup list
36481.  
36482. [Microsoft (R) Windows Network Latency Controller]
36483. Number=5181
36484. Confirmed=X
36485. Filename=1.tmp
36486. Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
36487. Source=Paul Collins Startup list
36488.  
36489. [Microsoft (R) Windows Network Latency Controller]
36490. Number=5182
36491. Confirmed=X
36492. Filename=nlc.exe
36493. Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
36494. Source=Paul Collins Startup list
36495.  
36496. [Microsoft (R) Windows Network Latency Controller]
36497. Number=5183
36498. Confirmed=X
36499. Filename=sp2vc.exe
36500. Description=Added by a generic password stealer TROJAN - see <a href="http://spywarefiles.prevx.com/RRDAAG28799036/SP2VC.EXE.html" target="_blank">here</a>
36501. Source=Paul Collins Startup list
36502.  
36503. [Microsoft (R) Windows Network Security Management Service]
36504. Number=5184
36505. Confirmed=X
36506. Filename=nsms.exe
36507. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_RANKY.LC" target="_blank">RANKY.LC</a> TROJAN!
36508. Source=Paul Collins Startup list
36509.  
36510. [Microsoft (R) Windows Protected Content Restoration Service]
36511. Number=5185
36512. Confirmed=X
36513. Filename=services.exe
36514. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.AGV" target="_blank">AGENT.AGV</a> TROJAN!
36515. Source=Paul Collins Startup list
36516.  
36517. [Microsoft (R) Windows Protocol Deployment Manager]
36518. Number=5186
36519. Confirmed=X
36520. Filename=[random].tmp
36521. Description=Added by an unidentified WORM or TROJAN!
36522. Source=Paul Collins Startup list
36523.  
36524. [Microsoft (R) Windows TCP/IP Socket Driver]
36525. Number=5187
36526. Confirmed=X
36527. Filename=[path to trojan]
36528. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxydd.html" target="_blank">PROXY-DD</a> TROJAN!
36529. Source=Paul Collins Startup list
36530.  
36531. [Microsoft (R) Windows Update Service]
36532. Number=5188
36533. Confirmed=X
36534. Filename=wuauclt.exe
36535. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
36536. Source=Paul Collins Startup list
36537.  
36538. [Microsoft (R) Windows Vista/NT Runtime Compatibility Service]
36539. Number=5189
36540. Confirmed=X
36541. Filename=nrcs.exe
36542. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081415-2212-99" target="_blank">RANKY.X</a> TROJAN!
36543. Source=Paul Collins Startup list
36544.  
36545. [Microsoft .NET Confingurator]
36546. Number=5190
36547. Confirmed=X
36548. Filename=msnconf.exe
36549. Description=Added by an unidentified VIRUS, WORM or TROJAN!
36550. Source=Paul Collins Startup list
36551.  
36552. [Microsoft 16Bit Update]
36553. Number=5191
36554. Confirmed=X
36555. Filename=wuapdate16.exe
36556. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CZ" target="_blank">RBOT.CZ</a> WORM!
36557. Source=Paul Collins Startup list
36558.  
36559. [Microsoft 64 Bit Runtime Updater]
36560. Number=5192
36561. Confirmed=X
36562. Filename=wupdt64.exe
36563. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36564. Source=Paul Collins Startup list
36565.  
36566. [Microsoft ActiveX Debugger NT]
36567. Number=5193
36568. Confirmed=X
36569. Filename=[path to trojan]
36570. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdo.html" target=_blank>BANCOS-DO</a> TROJAN!
36571. Source=Paul Collins Startup list
36572.  
36573. [Microsoft ADservice]
36574. Number=5194
36575. Confirmed=X
36576. Filename=[random filename]
36577. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36578. Source=Paul Collins Startup list
36579.  
36580. [Microsoft Agent]
36581. Number=5195
36582. Confirmed=X
36583. Filename=mdss32.exe
36584. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogag.html" target=_blank>KEYLOG-AG</a> TROJAN!
36585. Source=Paul Collins Startup list
36586.  
36587. [Microsoft ALG32 Protocol]
36588. Number=5196
36589. Confirmed=X
36590. Filename=alg32.exe
36591. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
36592. Source=Paul Collins Startup list
36593.  
36594. [Microsoft ALGXP Protocol]
36595. Number=5197
36596. Confirmed=X
36597. Filename=alg32.exe
36598. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36599. Source=Paul Collins Startup list
36600.  
36601. [Microsoft Announcement Listener]
36602. Number=5198
36603. Confirmed=N
36604. Filename=Annclist.exe
36605. Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
36606. Source=Paul Collins Startup list
36607.  
36608. [Microsoft Ansti Update]
36609. Number=5199
36610. Confirmed=X
36611. Filename=msie.exe
36612. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotle.html" target="_blank">RBOT-LE</a> WORM!
36613. Source=Paul Collins Startup list
36614.  
36615. [Microsoft Anti-Spy]
36616. Number=5200
36617. Confirmed=X
36618. Filename=[random filename]
36619. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
36620. Source=Paul Collins Startup list
36621.  
36622. [Microsoft AntiSpyware]
36623. Number=5201
36624. Confirmed=X
36625. Filename=Bazzi.exe
36626. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.J&VSect=P" target=_blank>AHKER.J</a> WORM!
36627. Source=Paul Collins Startup list
36628.  
36629. [Microsoft AntiSpyware]
36630. Number=5202
36631. Confirmed=X
36632. Filename=KT06.pif
36633. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=85d717083566" target="_blank">IRCBOT.GEN</a> WORM!
36634. Source=Paul Collins Startup list
36635.  
36636. [Microsoft AOL Instant Messenger]
36637. Number=5203
36638. Confirmed=X
36639. Filename=MSAOL32.exe
36640. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaai.html" target=_blank>RBOT-AAI</a> WORM!
36641. Source=Paul Collins Startup list
36642.  
36643. [Microsoft AOL32 Protocol]
36644. Number=5204
36645. Confirmed=X
36646. Filename=aol32.exe
36647. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
36648. Source=Paul Collins Startup list
36649.  
36650. [Microsoft Application Center]
36651. Number=5205
36652. Confirmed=X
36653. Filename=mappc.exe
36654. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
36655. Source=Paul Collins Startup list
36656.  
36657. [Microsoft Application Manager]
36658. Number=5206
36659. Confirmed=X
36660. Filename=msapl32.exe
36661. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbropiaae.html" target=_blank>BROPIA-AE</a> TROJAN!
36662. Source=Paul Collins Startup list
36663.  
36664. [Microsoft AUT Update]
36665. Number=5207
36666. Confirmed=X
36667. Filename=MSlti32.exe
36668. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotx.html" target="_blank">RBOT-X</a> WORM!
36669. Source=Paul Collins Startup list
36670.  
36671. [Microsoft AUT Update]
36672. Number=5208
36673. Confirmed=X
36674. Filename=MSlti16.exe
36675. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EB&VSect=T" target=_blank>RBOT.EB</a> WORM!
36676. Source=Paul Collins Startup list
36677.  
36678. [Microsoft Authority Service]
36679. Number=5209
36680. Confirmed=X
36681. Filename=lsass.exe
36682. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
36683. Source=Paul Collins Startup list
36684.  
36685. [Microsoft auto update]
36686. Number=5210
36687. Confirmed=X
36688. Filename=winupdate.exe
36689. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021418-3605-99" target="_blank">BMBOT</a> TROJAN!
36690. Source=Paul Collins Startup list
36691.  
36692. [Microsoft Auto Update]
36693. Number=5211
36694. Confirmed=X
36695. Filename=WINHLP16.EXE
36696. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GY" target="_blank">RBOT.GY</a> WORM!
36697. Source=Paul Collins Startup list
36698.  
36699. [Microsoft auto update]
36700. Number=5212
36701. Confirmed=Y
36702. Filename=wuauclt.exe
36703. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcultb.html" target="_blank">CULT-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
36704. Source=Paul Collins Startup list
36705.  
36706. [Microsoft Automatic Update Serivce]
36707. Number=5213
36708. Confirmed=X
36709. Filename=msautou.exe
36710. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaob.html" target=_blank>RBOT-AOB</a> WORM!
36711. Source=Paul Collins Startup list
36712.  
36713. [Microsoft Automatic Updater]
36714. Number=5214
36715. Confirmed=X
36716. Filename=Explorer.exe
36717. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsg.html" target="_blank">RBOT-SG</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
36718. Source=Paul Collins Startup list
36719.  
36720. [Microsoft AutoUpdater]
36721. Number=5215
36722. Confirmed=X
36723. Filename=svhost.exe
36724. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QG" target="_blank">RBOT.QG</a> WORM!
36725. Source=Paul Collins Startup list
36726.  
36727. [Microsoft Bool Value]
36728. Number=5216
36729. Confirmed=X
36730. Filename=MV2.exe
36731. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36732. Source=Paul Collins Startup list
36733.  
36734. [Microsoft boot system cfg32]
36735. Number=5217
36736. Confirmed=X
36737. Filename=actboost.exe
36738. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022210-2736-99" target=_blank>BROPIA.R</a> WORM!
36739. Source=Paul Collins Startup list
36740.  
36741. [Microsoft Broadband Networking]
36742. Number=5218
36743. Confirmed=U
36744. Filename=MSBNTray.exe
36745. Description=Microsoft Broadband Networking Tray Application
36746. Source=Paul Collins Startup list
36747.  
36748. [Microsoft Cab Manager]
36749. Number=5219
36750. Confirmed=X
36751. Filename=exec.exe
36752. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
36753. Source=Paul Collins Startup list
36754.  
36755. [Microsoft checker]
36756. Number=5220
36757. Confirmed=X
36758. Filename=MsPMSPTv.exe
36759. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
36760. Source=Paul Collins Startup list
36761.  
36762. [Microsoft Client]
36763. Number=5221
36764. Confirmed=X
36765. Filename=mshost.exe
36766. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotand.html" target=_blank>RBOT-AND</a> WORM!
36767. Source=Paul Collins Startup list
36768.  
36769. [Microsoft Client Pc]
36770. Number=5222
36771. Confirmed=X
36772. Filename=spoolsrv.exe
36773. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqm.html" target=_blank>RBOT-AQM</a> WORM!
36774. Source=Paul Collins Startup list
36775.  
36776. [Microsoft Client/Server Runtime Server Subsystem]
36777. Number=5223
36778. Confirmed=X
36779. Filename=csrs.exe
36780. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
36781. Source=Paul Collins Startup list
36782.  
36783. [Microsoft Client/Server Runtime Server Subsystem]
36784. Number=5224
36785. Confirmed=X
36786. Filename=csrssa.exe
36787. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
36788. Source=Paul Collins Startup list
36789.  
36790. [Microsoft Command Line]
36791. Number=5225
36792. Confirmed=X
36793. Filename=wincmd.exe
36794. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
36795. Source=Paul Collins Startup list
36796.  
36797. [Microsoft Conf Ldr]
36798. Number=5226
36799. Confirmed=X
36800. Filename=sysconf.exe
36801. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
36802. Source=Paul Collins Startup list
36803.  
36804. [Microsoft ConfgKeys]
36805. Number=5227
36806. Confirmed=X
36807. Filename=wurmgrd32.exe
36808. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarx.html" target=_blank>RBOT-ARX</a> WORM!
36809. Source=Paul Collins Startup list
36810.  
36811. [Microsoft Config]
36812. Number=5228
36813. Confirmed=X
36814. Filename=msconf.exe
36815. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PV" target="_blank">RBOT.PV</a> WORM!
36816. Source=Paul Collins Startup list
36817.  
36818. [Microsoft Config]
36819. Number=5229
36820. Confirmed=X
36821. Filename=MSCONF.EXE
36822. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlg.html" target=_blank>RBOT-LG</a> WORM!
36823. Source=Paul Collins Startup list
36824.  
36825. [Microsoft Config 32]
36826. Number=5230
36827. Confirmed=X
36828. Filename=msconfigx32.exe
36829. Description=Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant
36830. Source=Paul Collins Startup list
36831.  
36832. [Microsoft Config 32bit]
36833. Number=5231
36834. Confirmed=X
36835. Filename=mscnfg32.exe
36836. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotz.html" target=_blank>RBOT-Z</a> WORM!
36837. Source=Paul Collins Startup list
36838.  
36839. [Microsoft Config File]
36840. Number=5232
36841. Confirmed=X
36842. Filename=config.exe
36843. Description=Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!
36844. Source=Paul Collins Startup list
36845.  
36846. [Microsoft Configoration Service]
36847. Number=5233
36848. Confirmed=X
36849. Filename=msconfigs.exe
36850. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotett.html" target="_blank">RBOT-ETT</a> WORM!
36851. Source=Paul Collins Startup list
36852.  
36853. [Microsoft Configs 32]
36854. Number=5234
36855. Confirmed=X
36856. Filename=msgconfigrs.exe
36857. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
36858. Source=Paul Collins Startup list
36859.  
36860. [Microsoft Configuration 35]
36861. Number=5235
36862. Confirmed=X
36863. Filename=microsot1.exe
36864. Description=Added by an unidentified <a href="http://www.greatis.com/appdata/d/m/microsot1.exe.htm" target="_blank">TROJAN</a>!
36865. Source=Paul Collins Startup list
36866.  
36867. [Microsoft Configure 32]
36868. Number=5236
36869. Confirmed=X
36870. Filename=msgconfigre.exe
36871. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
36872. Source=Paul Collins Startup list
36873.  
36874. [Microsoft Connection Manager Monitor]
36875. Number=5237
36876. Confirmed=X
36877. Filename=cmmon.pif
36878. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakv.html" target=_blank>RBOT-AKV</a> WORM!
36879. Source=Paul Collins Startup list
36880.  
36881. [Microsoft Control Center]
36882. Number=5238
36883. Confirmed=X
36884. Filename=crtl.exe
36885. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvx.html" target= blank>RBOT-VX</a> WORM!
36886. Source=Paul Collins Startup list
36887.  
36888. [Microsoft Core Support]
36889. Number=5239
36890. Confirmed=X
36891. Filename=MSxUP32.exe
36892. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanr.html" target=_blank>RBOT-ANR</a> WORM!
36893. Source=Paul Collins Startup list
36894.  
36895. [Microsoft Core Support]
36896. Number=5240
36897. Confirmed=X
36898. Filename=[random filename]
36899. Description=Added by a variant of the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=RBOT&threatid=14953" target="_blank">RBOT</a> TROJAN!
36900. Source=Paul Collins Startup list
36901.  
36902. [Microsoft Corp SQL Certificates]
36903. Number=5241
36904. Confirmed=X
36905. Filename=sqlcer.exe
36906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zybotc.html" target="_blank">ZYBOT-C</a> WORM!
36907. Source=Paul Collins Startup list
36908.  
36909. [Microsoft Corp SSL Certificates]
36910. Number=5242
36911. Confirmed=X
36912. Filename=windowz.exe
36913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcz.html" target="_blank">RBOT-GCZ</a> WORM!
36914. Source=Paul Collins Startup list
36915.  
36916. [Microsoft Corp TLS Certificates]
36917. Number=5243
36918. Confirmed=X
36919. Filename=msauth.exe
36920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgac.html" target="_blank">RBOT-GAC</a> WORM!
36921. Source=Paul Collins Startup list
36922.  
36923. [Microsoft Corp Updates]
36924. Number=5244
36925. Confirmed=X
36926. Filename=wupdates.exe
36927. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauu.html" target=_blank>RBOT-AUU</a> WORM!
36928. Source=Paul Collins Startup list
36929.  
36930. [Microsoft Corporaticn SQL Handler]
36931. Number=5245
36932. Confirmed=X
36933. Filename=sqlhandler.exe
36934. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
36935. Source=Paul Collins Startup list
36936.  
36937. [Microsoft Corporation]
36938. Number=5246
36939. Confirmed=X
36940. Filename=[random filename]
36941. Description=Added by various VIRUSES, WORMS & TROJANS!
36942. Source=Paul Collins Startup list
36943.  
36944. [Microsoft Corporation]
36945. Number=5247
36946. Confirmed=X
36947. Filename=jview.exe
36948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaod.html" target=_blank>RBOT-AOD</a> WORM!
36949. Source=Paul Collins Startup list
36950.  
36951. [Microsoft Corporation SYM monitor]
36952. Number=5248
36953. Confirmed=X
36954. Filename=mssym.exe
36955. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdb.html" target="_blank">RBOT-GDB</a> WORM!
36956. Source=Paul Collins Startup list
36957.  
36958. [Microsoft CPXP Protocol]
36959. Number=5249
36960. Confirmed=X
36961. Filename=cpxp.exe
36962. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATP" target="_blank">RBOT.ATP</a> WORM!
36963. Source=Paul Collins Startup list
36964.  
36965. [Microsoft Crs Fix Serv]
36966. Number=5250
36967. Confirmed=X
36968. Filename=wincrs.exe
36969. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BWF&VSect=P" target=_blank>SDBOT.BWF</a> WORM!
36970. Source=Paul Collins Startup list
36971.  
36972. [Microsoft CSRSS32 Protocol]
36973. Number=5251
36974. Confirmed=X
36975. Filename=csrss32.exe
36976. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
36977. Source=Paul Collins Startup list
36978.  
36979. [Microsoft CSRSS386 Protocol]
36980. Number=5252
36981. Confirmed=X
36982. Filename=csrss386.exe
36983. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
36984. Source=Paul Collins Startup list
36985.  
36986. [Microsoft Cvrt]
36987. Number=5253
36988. Confirmed=X
36989. Filename=mscvrt32.exe
36990. Description=Added by an unidentified VIRUS, WORM or TROJAN!
36991. Source=Paul Collins Startup list
36992.  
36993. [Microsoft Data Helper]
36994. Number=5254
36995. Confirmed=X
36996. Filename=cihost.exe
36997. Description=Malware, possibly a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3320-99" target="_blank">LINST</a> TROJAN
36998. Source=Paul Collins Startup list
36999.  
37000. [Microsoft Data Machine]
37001. Number=5255
37002. Confirmed=X
37003. Filename=csdata32.exe
37004. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37005.  
37006. Source=Paul Collins Startup list
37007.  
37008. [Microsoft Database Handler]
37009. Number=5256
37010. Confirmed=X
37011. Filename=mssql32.exe
37012. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112521-1453-99" target="_blank">RANDEX.AX</a> WORM!
37013. Source=Paul Collins Startup list
37014.  
37015. [Microsoft Datalog Application]
37016. Number=5257
37017. Confirmed=X
37018. Filename=msdata.exe
37019. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
37020. Source=Paul Collins Startup list
37021.  
37022. [Microsoft DDE Control]
37023. Number=5258
37024. Confirmed=X
37025. Filename=wupades.exe
37026. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
37027. Source=Paul Collins Startup list
37028.  
37029. [Microsoft DDEs Control]
37030. Number=5259
37031. Confirmed=X
37032. Filename=Erun.pif
37033. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamu.html" target=_blank>RBOT-AMU</a> WORM!
37034. Source=Paul Collins Startup list
37035.  
37036. [Microsoft Debug Service]
37037. Number=5260
37038. Confirmed=X
37039. Filename=dbgbgr.exe
37040. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
37041. Source=Paul Collins Startup list
37042.  
37043. [Microsoft Decryption Technology]
37044. Number=5261
37045. Confirmed=X
37046. Filename=Msfenoe.exe
37047. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdg.html" target=_blank>SPYBOT-DG</a> WORM!
37048.  
37049. Source=Paul Collins Startup list
37050.  
37051. [Microsoft Desktop Manager]
37052. Number=5262
37053. Confirmed=X
37054. Filename=msdesk32.exe
37055. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37056. Source=Paul Collins Startup list
37057.  
37058. [Microsoft Dev]
37059. Number=5263
37060. Confirmed=X
37061. Filename=iexplorer32.exe
37062. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
37063. Source=Paul Collins Startup list
37064.  
37065. [Microsoft Development Debugger]
37066. Number=5264
37067. Confirmed=X
37068. Filename=msdev.exe
37069. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37070. Source=Paul Collins Startup list
37071.  
37072. [Microsoft Development Services]
37073. Number=5265
37074. Confirmed=X
37075. Filename=msdevelop.exe
37076. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfws.html" target="_blank">RBOT-FWS</a> WORM!
37077. Source=Paul Collins Startup list
37078.  
37079. [Microsoft Device Manager]
37080. Number=5266
37081. Confirmed=X
37082. Filename=msdevmgr32.exe
37083. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011714-4950-99" target=_blank>LATEDA.B</a> TROJAN!
37084. Source=Paul Collins Startup list
37085.  
37086. [Microsoft Diagnostic]
37087. Number=5267
37088. Confirmed=X
37089. Filename=[random filename]
37090. Description=Added by the <a href="http://www3.ca.com/virusinfo/Virus.asp?ID=11532" target="_blank">ACEBOT</a> TROJAN!
37091. Source=Paul Collins Startup list
37092.  
37093. [Microsoft Diagnostic]
37094. Number=5268
37095. Confirmed=X
37096. Filename=msdiag32.exe
37097. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuc.html" target=_blank>RBOT-UC</a> WORM!
37098. Source=Paul Collins Startup list
37099.  
37100. [Microsoft Digital Clock]
37101. Number=5269
37102. Confirmed=X
37103. Filename=msclock.exe
37104. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbotd.html" target="_blank">NACKBOT-D</a> WORM!
37105. Source=Paul Collins Startup list
37106.  
37107. [Microsoft DirectX]
37108. Number=5270
37109. Confirmed=X
37110. Filename=Spoolserv.exe
37111. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020617-4635-99" target="_blank">DINFOR</a> WORM!
37112. Source=Paul Collins Startup list
37113.  
37114. [Microsoft DirectX]
37115. Number=5271
37116. Confirmed=X
37117. Filename=rasmngr.exe
37118. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
37119. Source=Paul Collins Startup list
37120.  
37121. [Microsoft DirectX]
37122. Number=5272
37123. Confirmed=X
37124. Filename=PDSched.exe
37125. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T" target=_blank>SDBOT.CN</a> WORM!
37126.  
37127. Source=Paul Collins Startup list
37128.  
37129. [Microsoft DirectX]
37130. Number=5273
37131. Confirmed=X
37132. Filename=wuamgrd.exe
37133. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MY&VSect=T" target=_blank>SDBOT.MY</a> WORM!
37134. Source=Paul Collins Startup list
37135.  
37136. [Microsoft DirectX]
37137. Number=5274
37138. Confirmed=X
37139. Filename=time123.exe
37140. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MD" target="_blank">SDBOT.MD</a> WORM!
37141. Source=Paul Collins Startup list
37142.  
37143. [Microsoft Directx]
37144. Number=5275
37145. Confirmed=X
37146. Filename=directxat.exe
37147. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbxf.html" target="_blank">SDBOT-BXF</a> WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)
37148. Source=Paul Collins Startup list
37149.  
37150. [Microsoft Directx click]
37151. Number=5276
37152. Confirmed=X
37153. Filename=directxclick.exe
37154. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
37155. Source=Paul Collins Startup list
37156.  
37157. [Microsoft Directx clicks]
37158. Number=5277
37159. Confirmed=X
37160. Filename=directxclickers.exe
37161. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
37162. Source=Paul Collins Startup list
37163.  
37164. [Microsoft Directx push]
37165. Number=5278
37166. Confirmed=X
37167. Filename=directxpushup.exe
37168. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
37169. Source=Paul Collins Startup list
37170.  
37171. [Microsoft Directxsp]
37172. Number=5279
37173. Confirmed=X
37174. Filename=directxbt.exe
37175. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
37176. Source=Paul Collins Startup list
37177.  
37178. [Microsoft Directxspnew]
37179. Number=5280
37180. Confirmed=X
37181. Filename=directxnew.exe
37182. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotght.html" target="_blank">RBOT-GHT</a> WORM!
37183. Source=Paul Collins Startup list
37184.  
37185. [Microsoft DirktorWin]
37186. Number=5281
37187. Confirmed=X
37188. Filename=[random filename]
37189. Description=Added by the <a href="http://sandbox.norman.no/live_2.html?logfile=856072" target="_blank">SPYBOT.GEN3</a> TROJAN!
37190. Source=Paul Collins Startup list
37191.  
37192. [Microsoft DLL]
37193. Number=5282
37194. Confirmed=X
37195. Filename=fumeta.exe
37196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaug.html" target=_blank>RBOT-AUG</a> WORM!
37197. Source=Paul Collins Startup list
37198.  
37199. [Microsoft DLL Extensions]
37200. Number=5283
37201. Confirmed=X
37202. Filename=SystemDll.exe
37203. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadv.html" target=_blank>RBOT-ADV</a> WORM!
37204. Source=Paul Collins Startup list
37205.  
37206. [Microsoft dll Host Service]
37207. Number=5284
37208. Confirmed=X
37209. Filename=wkssr.exe
37210. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
37211. Source=Paul Collins Startup list
37212.  
37213. [Microsoft Dll Management]
37214. Number=5285
37215. Confirmed=X
37216. Filename=windll.exe
37217. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmt.html" target=_blank>RBOT-MT</a> WORM! 
37218.  
37219. Source=Paul Collins Startup list
37220.  
37221. [Microsoft Dll Printer Manager]
37222. Number=5286
37223. Confirmed=X
37224. Filename=dllpt.exe
37225. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIH&VSect=P" target=_blank>SDBOT.BIH</a> WORM!
37226. Source=Paul Collins Startup list
37227.  
37228. [Microsoft DLL Verifier]
37229. Number=5287
37230. Confirmed=X
37231. Filename=file.exe
37232. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaed.html" target=_blank>RBOT-AED</a> WORM!
37233. Source=Paul Collins Startup list
37234.  
37235. [Microsoft DLL Verifier]
37236. Number=5288
37237. Confirmed=X
37238. Filename=chkfile.exe
37239. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoc.html" target=_blank>RBOT-AOC</a> WORM!
37240. Source=Paul Collins Startup list
37241.  
37242. [Microsoft DLL Verifier]
37243. Number=5289
37244. Confirmed=X
37245. Filename=csrssv.exe
37246. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatk.html" target=_blank>RBOT-ATK</a> WORM!
37247. Source=Paul Collins Startup list
37248.  
37249. [Microsoft DLL Verifier]
37250. Number=5290
37251. Confirmed=X
37252. Filename=mscon.exe
37253. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EAH" target="_blank">SDBOT.EAH</a> WORM!
37254. Source=Paul Collins Startup list
37255.  
37256. [Microsoft DLL Verifier]
37257. Number=5291
37258. Confirmed=X
37259. Filename=winavguard.exe
37260. Description=Added by the SDBOT.AAD WORM!
37261. Source=Paul Collins Startup list
37262.  
37263. [Microsoft DLLSet32]
37264. Number=5292
37265. Confirmed=X
37266. Filename=dllset32.exe
37267. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OZ" target="_blank">RBOT.OZ</a> WORM!
37268. Source=Paul Collins Startup list
37269.  
37270. [Microsoft DNS Query]
37271. Number=5293
37272. Confirmed=X
37273. Filename=msdns.exe
37274. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
37275.  
37276. Source=Paul Collins Startup list
37277.  
37278. [Microsoft DNSx]
37279. Number=5294
37280. Confirmed=X
37281. Filename=mdnex.exe
37282. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotai.html" target="_blank">DELBOT-AI</a> WORM!
37283. Source=Paul Collins Startup list
37284.  
37285. [Microsoft Document]
37286. Number=5295
37287. Confirmed=X
37288. Filename=krisp.exe
37289. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html" target=_blank>SDBOT-RQ</a> WORM!
37290. Source=Paul Collins Startup list
37291.  
37292. [Microsoft Domain Controller]
37293. Number=5296
37294. Confirmed=X
37295. Filename=mstc.exe
37296. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-043016-0900-99" target="_blank">NUGACHE.A</a> WORM!
37297. Source=Paul Collins Startup list
37298.  
37299. [Microsoft Driver]
37300. Number=5297
37301. Confirmed=X
37302. Filename=faet.exe
37303. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37304. Source=Paul Collins Startup list
37305.  
37306. [Microsoft Driver Control]
37307. Number=5298
37308. Confirmed=X
37309. Filename=windrv.exe
37310. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FW" target="_blank">SDBOT.FW</a> WORM!
37311. Source=Paul Collins Startup list
37312.  
37313. [Microsoft Driver Manager]
37314. Number=5299
37315. Confirmed=X
37316. Filename=mswindrv.exe
37317. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotez.html" target=_blank>FORBOT-EZ</a> WORM!
37318. Source=Paul Collins Startup list
37319.  
37320. [Microsoft driver update]
37321. Number=5300
37322. Confirmed=X
37323. Filename=Mshome.exe
37324. Description=Added by the SDBOT.BL WORM!
37325. Source=Paul Collins Startup list
37326.  
37327. [Microsoft Drivers]
37328. Number=5301
37329. Confirmed=X
37330. Filename=WSconf.exe
37331. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
37332. Source=Paul Collins Startup list
37333.  
37334. [Microsoft ErgoPack]
37335. Number=5302
37336. Confirmed=X
37337. Filename=wserb32.exe
37338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotri.html" target=_blank>RBOT-RI</a> WORM!
37339. Source=Paul Collins Startup list
37340.  
37341. [Microsoft EV32 Service]
37342. Number=5303
37343. Confirmed=X
37344. Filename=MSev32.exe
37345. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37346. Source=Paul Collins Startup list
37347.  
37348. [Microsoft Event Engine]
37349. Number=5304
37350. Confirmed=X
37351. Filename=EvtEngn.exe
37352. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxv.html" target="_blank">RBOT-XV</a> WORM!
37353. Source=Paul Collins Startup list
37354.  
37355. [Microsoft Excel]
37356. Number=5305
37357. Confirmed=X
37358. Filename=msexcel.exe
37359. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottq.html" target=_blank>RBOT-TQ</a> WORM!
37360. Source=Paul Collins Startup list
37361.  
37362. [Microsoft Excell]
37363. Number=5306
37364. Confirmed=X
37365. Filename=wuamngr32.exe
37366. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqh.html" target=_blank>RBOT-QH</a> WORM!
37367. Source=Paul Collins Startup list
37368.  
37369. [Microsoft Executing]
37370. Number=5307
37371. Confirmed=X
37372. Filename=microsoft.exe
37373. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV" target=_blank>AGOBOT.UV</a> WORM!
37374. Source=Paul Collins Startup list
37375.  
37376. [Microsoft Explorer]
37377. Number=5308
37378. Confirmed=X
37379. Filename=svapache.exe
37380. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvr.html" target=_blank>RBOT-VR</a> WORM!
37381. Source=Paul Collins Startup list
37382.  
37383. [Microsoft Explorer]
37384. Number=5309
37385. Confirmed=X
37386. Filename=explorer.scr
37387. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadh.html" target=_blank>RBOT-ADH</a> WORM!
37388. Source=Paul Collins Startup list
37389.  
37390. [Microsoft Explorer]
37391. Number=5310
37392. Confirmed=X
37393. Filename=explorer.pif
37394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacx.html" target=_blank>SDBOT-ACX</a> WORM!
37395. Source=Paul Collins Startup list
37396.  
37397. [Microsoft explorer Update]
37398. Number=5311
37399. Confirmed=X
37400. Filename=internal.exe
37401. Description=Added by an unidentified WORM or TROJAN!
37402. Source=Paul Collins Startup list
37403.  
37404. [Microsoft Explorer2]
37405. Number=5312
37406. Confirmed=X
37407. Filename=system.exe
37408. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCBOT.BS" target="_blank">IRCBOT.BS</a> TROJAN!
37409. Source=Paul Collins Startup list
37410.  
37411. [Microsoft Explorer2]
37412. Number=5313
37413. Confirmed=X
37414. Filename=nome.exe
37415. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AA" target="_blank">RANDEX.AA</a> WORM!
37416. Source=Paul Collins Startup list
37417.  
37418. [Microsoft Explorer2]
37419. Number=5314
37420. Confirmed=X
37421. Filename=bitchbot.exe
37422. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EV" target="_blank">SDBOT.EV</a> WORM!
37423. Source=Paul Collins Startup list
37424.  
37425. [Microsoft EXPLOREXP Protocol]
37426. Number=5315
37427. Confirmed=X
37428. Filename=explorexp.exe
37429. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
37430. Source=Paul Collins Startup list
37431.  
37432. [Microsoft Features]
37433. Number=5316
37434. Confirmed=X
37435. Filename=ms32cfg.exe
37436. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HO" target="_blank">RBOT.HO</a> WORM!
37437. Source=Paul Collins Startup list
37438.  
37439. [Microsoft Features]
37440. Number=5317
37441. Confirmed=X
37442. Filename=msie.exe
37443. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37444. Source=Paul Collins Startup list
37445.  
37446. [Microsoft File Demand Manager]
37447. Number=5318
37448. Confirmed=X
37449. Filename=wmgrdf.exe
37450. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37451. Source=Paul Collins Startup list
37452.  
37453. [Microsoft Find Fast]
37454. Number=5319
37455. Confirmed=X
37456. Filename=Findfast.exe
37457. Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
37458. Source=Paul Collins Startup list
37459.  
37460. [Microsoft Firewall]
37461. Number=5320
37462. Confirmed=X
37463. Filename=firewallsp2.exe
37464. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmc.html" target="_blank">RBOT-MC</a> WORM!
37465. Source=Paul Collins Startup list
37466.  
37467. [MICROSOFT FIREWALL CLIENT]
37468. Number=5321
37469. Confirmed=Y
37470. Filename=ISATRAY.EXE
37471. Description=MS Internet Security and Acceleration Server - see <a href="http://www.microsoft.com/isaserver/default.mspx" target=_blank>here</a>
37472. Source=Paul Collins Startup list
37473.  
37474. [Microsoft FixUp]
37475. Number=5322
37476. Confirmed=X
37477. Filename=pevblbvr.exe
37478. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DWK" target="_blank">RBOT.DWK</a> WORM!
37479. Source=Paul Collins Startup list
37480.  
37481. [Microsoft FixUp]
37482. Number=5323
37483. Confirmed=X
37484. Filename=wnpzjpuw.exe
37485. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
37486. Source=Paul Collins Startup list
37487.  
37488. [Microsoft Games]
37489. Number=5324
37490. Confirmed=X
37491. Filename=gamemanager.exe
37492. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AHQ&VSect=P" target=_blank>SPYBOT.AHQ</a> WORM!
37493. Source=Paul Collins Startup list
37494.  
37495. [Microsoft Generic Update Manager]
37496. Number=5325
37497. Confirmed=X
37498. Filename=wupdate.exe
37499. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawc.html" target=_blank>RBOT-AWC</a> TROJAN!
37500. Source=Paul Collins Startup list
37501.  
37502. [Microsoft Genetic Procress]
37503. Number=5326
37504. Confirmed=X
37505. Filename=svchost.exe
37506. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
37507. Source=Paul Collins Startup list
37508.  
37509. [Microsoft Gina V Encryption]
37510. Number=5327
37511. Confirmed=X
37512. Filename=MSGINAV.EXE
37513. Description=Added by an unidentified VIRUS, WORM or TROJAN!
37514. Source=Paul Collins Startup list
37515.  
37516. [Microsoft Greetings Reminders]
37517. Number=5328
37518. Confirmed=N
37519. Filename=MHPRMIND.EXE
37520. Description=Microsoft Home Publishing greetings reminder
37521. Source=Paul Collins Startup list
37522.  
37523. [Microsoft Greetings Workshop Reminder]
37524. Number=5329
37525. Confirmed=N
37526. Filename=Gwremind.exe
37527. Description=You really want to be reminded about somebody's birthday at the expense of resources?
37528. Source=Paul Collins Startup list
37529.  
37530. [Microsoft Greetings  Reminder]
37531. Number=5330
37532. Confirmed=N
37533. Filename=MHPRMINF.EXE
37534. Description=You really want to be reminded about somebody's birthday at the expense of resources?
37535. Source=Paul Collins Startup list
37536.  
37537. [Microsoft Help]
37538. Number=5331
37539. Confirmed=X
37540. Filename=svh0st.exe
37541. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
37542. Source=Paul Collins Startup list
37543.  
37544. [Microsoft Help Support]
37545. Number=5332
37546. Confirmed=X
37547. Filename=mshelp32.exe
37548. Description=Addded by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbf.html" target=_blank>KELVIR-BF</a> WORM!
37549. Source=Paul Collins Startup list
37550.  
37551. [Microsoft Help SVC]
37552. Number=5333
37553. Confirmed=X
37554. Filename=msnmngr.exe
37555. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html" target="_blank">SDBOT-PQ</a> WORM!
37556. Source=Paul Collins Startup list
37557.  
37558. [Microsoft Help System]
37559. Number=5334
37560. Confirmed=X
37561. Filename=mshelp32.exe
37562. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
37563. Source=Paul Collins Startup list
37564.  
37565. [Microsoft Host Protocol]
37566. Number=5335
37567. Confirmed=X
37568. Filename=svhost.exe
37569. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37570. Source=Paul Collins Startup list
37571.  
37572. [Microsoft Hosting Service]
37573. Number=5336
37574. Confirmed=X
37575. Filename=WINHOSTING.EXE
37576. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEV&VSect=P" target=_blank>RBOT.AEV</a> WORM!
37577. Source=Paul Collins Startup list
37578.  
37579. [Microsoft Hosts Service]
37580. Number=5337
37581. Confirmed=X
37582. Filename=Isass.exe
37583. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37584. Source=Paul Collins Startup list
37585.  
37586. [microsoft hotmail monitor]
37587. Number=5338
37588. Confirmed=U
37589. Filename=mshotmon.exe
37590. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfl.html" target="_blank">MYTOB-FL</a> WORM!
37591. Source=Paul Collins Startup list
37592.  
37593. [Microsoft Hyptertext Helper]
37594. Number=5339
37595. Confirmed=X
37596. Filename=mshtha.exe
37597. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
37598. Source=Paul Collins Startup list
37599.  
37600. [Microsoft IDCN]
37601. Number=5340
37602. Confirmed=X
37603. Filename=mshe1p.exe
37604. Description=Added by an unidentified TROJAN!
37605. Source=Paul Collins Startup list
37606.  
37607. [Microsoft IE]
37608. Number=5341
37609. Confirmed=X
37610. Filename=Iexplore.exe
37611. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotag.html" target=_blank>FORBOT-AG</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
37612. Source=Paul Collins Startup list
37613.  
37614. [Microsoft IE Execute shell]
37615. Number=5342
37616. Confirmed=X
37617. Filename=IEExec.exe
37618. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032415-5510-99" target="_blank">ALADINZ.N</a> TROJAN!
37619. Source=Paul Collins Startup list
37620.  
37621. [MicroSoft IE Sasser]
37622. Number=5343
37623. Confirmed=X
37624. Filename=ISASS.EXE
37625. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MX&VSect=P" target=_blank>SDBOT.MX</a> WORM!
37626. Source=Paul Collins Startup list
37627.  
37628. [Microsoft IIS]
37629. Number=5344
37630. Confirmed=X
37631. Filename=syshost.exe
37632. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111806-5041-99" target="_blank">FRANCETTE</a> WORM!
37633. Source=Paul Collins Startup list
37634.  
37635. [Microsoft IIS]
37636. Number=5345
37637. Confirmed=X
37638. Filename=[filename]
37639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32francettes.html" target=_blank>FRANCETTE-S</a> WORM!
37640. Source=Paul Collins Startup list
37641.  
37642. [Microsoft Inc.]
37643. Number=5346
37644. Confirmed=X
37645. Filename=iexplorer.exe
37646. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
37647. Source=Paul Collins Startup list
37648.  
37649. [Microsoft Incroporate]
37650. Number=5347
37651. Confirmed=X
37652. Filename=mfs.exe
37653. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanf.html" target=_blank>RBOT-ANF</a> WORM!
37654. Source=Paul Collins Startup list
37655.  
37656. [Microsoft Inet Xp..]
37657. Number=5348
37658. Confirmed=X
37659. Filename=teekids.exe
37660. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081312-1554-99" target="_blank">BLASTER.C</a> WORM!
37661. Source=Paul Collins Startup list
37662.  
37663. [Microsoft Installshield]
37664. Number=5349
37665. Confirmed=X
37666. Filename=nundll32.exe
37667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahz.html" target="_blank">AGOBOT-AHZ</a> WORM!
37668. Source=Paul Collins Startup list
37669.  
37670. [Microsoft Instant Messenger]
37671. Number=5350
37672. Confirmed=X
37673. Filename=msngmsngr32.exe
37674. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=24975" target=_blank>SPYBOTER.GEN</a> TROJAN!
37675. Source=Paul Collins Startup list
37676.  
37677. [Microsoft Int Service]
37678. Number=5351
37679. Confirmed=X
37680. Filename=MsIntSrv.exe
37681. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37682. Source=Paul Collins Startup list
37683.  
37684. [Microsoft Intellitype Pro]
37685. Number=5352
37686. Confirmed=U
37687. Filename=speedkey.exe
37688. Description=Additional keyboard shortcuts on MS programmable keyboard
37689. Source=Paul Collins Startup list
37690.  
37691. [Microsoft Internal AntiVirus Systems]
37692. Number=5353
37693. Confirmed=X
37694. Filename=dIlhost.exe
37695. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaev.html" target=_blank>RBOT-AEV</a> WORM!
37696. Source=Paul Collins Startup list
37697.  
37698. [Microsoft Internet]
37699. Number=5354
37700. Confirmed=X
37701. Filename=expl0rer.exe
37702. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
37703. Source=Paul Collins Startup list
37704.  
37705. [Microsoft Internet]
37706. Number=5355
37707. Confirmed=X
37708. Filename=windows32.exe
37709. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotf.html" target="_blank">SDBOT-F</a> WORM!
37710. Source=Paul Collins Startup list
37711.  
37712. [Microsoft Internet]
37713. Number=5356
37714. Confirmed=X
37715. Filename=wincfg16.exe
37716. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
37717. Source=Paul Collins Startup list
37718.  
37719. [Microsoft Internet Acceleration Utility]
37720. Number=5357
37721. Confirmed=X
37722. Filename=iau.exe
37723. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
37724. Source=Paul Collins Startup list
37725.  
37726. [Microsoft Internet Acceleration Utility]
37727. Number=5358
37728. Confirmed=X
37729. Filename=[path to file]
37730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcx.html" target= blank>AGENT-CX</a> TROJAN!
37731. Source=Paul Collins Startup list
37732.  
37733. [Microsoft Internet Acceleration Utility]
37734. Number=5359
37735. Confirmed=X
37736. Filename=[path to trojan]
37737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
37738. Source=Paul Collins Startup list
37739.  
37740. [Microsoft Internet Exp]
37741. Number=5360
37742. Confirmed=X
37743. Filename=iiexplorer.exe
37744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkx.html" target="_blank">RBOT-KX</a> WORM!
37745. Source=Paul Collins Startup list
37746.  
37747. [Microsoft Internet Explorer]
37748. Number=5361
37749. Confirmed=X
37750. Filename=iexplore.exe
37751. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target=_blank>POEBOT-J</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
37752. Source=Paul Collins Startup list
37753.  
37754. [Microsoft Internet Explorer]
37755. Number=5362
37756. Confirmed=X
37757. Filename=iexplorer.exe
37758. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxn.html" target= blank>SDBOT-XN</a> WORM!
37759. Source=Paul Collins Startup list
37760.  
37761. [Microsoft Internet Explorer]
37762. Number=5363
37763. Confirmed=X
37764. Filename=crsys32.exe
37765. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UZ&VSect=P" target=_blank>RBOT.UZ</a> WORM!
37766. Source=Paul Collins Startup list
37767.  
37768. [Microsoft Internet Explorer]
37769. Number=5364
37770. Confirmed=X
37771. Filename=movies.exe
37772. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdz.html" target=_blank>BANCOS-DZ</a> TROJAN!
37773. Source=Paul Collins Startup list
37774.  
37775. [Microsoft Internet Explorer]
37776. Number=5365
37777. Confirmed=X
37778. Filename=svzhost.exe
37779. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37780. Source=Paul Collins Startup list
37781.  
37782. [Microsoft Internet Explorer]
37783. Number=5366
37784. Confirmed=X
37785. Filename=mccagent.exe
37786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderud.html" target=_blank>DLOADER-UD</a> TROJAN!
37787. Source=Paul Collins Startup list
37788.  
37789. [Microsoft Internet Explorer]
37790. Number=5367
37791. Confirmed=X
37792. Filename=sysini.exe
37793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfln.html" target=_blank>DELF-LN</a> TROJAN!
37794. Source=Paul Collins Startup list
37795.  
37796. [Microsoft Internet Explorer]
37797. Number=5368
37798. Confirmed=X
37799. Filename=svchost.exe
37800. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotak.html" target=_blank>IRCBOT-AK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
37801. Source=Paul Collins Startup list
37802.  
37803. [Microsoft Internet Explorer]
37804. Number=5369
37805. Confirmed=X
37806. Filename=lEXPLORE.EXE
37807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamm.html" target="_blank">RBOT-AMM</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
37808. Source=Paul Collins Startup list
37809.  
37810. [Microsoft Internet Firewall Manager]
37811. Number=5370
37812. Confirmed=X
37813. Filename=GMT16.exe
37814. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112118-0413-99" target="_blank">RANDEX.AT</a> WORM!
37815. Source=Paul Collins Startup list
37816.  
37817. [Microsoft Internet Services]
37818. Number=5371
37819. Confirmed=X
37820. Filename=Smss32.exe
37821. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MS" target="_blank">RBOT.MS</a> WORM!
37822. Source=Paul Collins Startup list
37823.  
37824. [Microsoft Intrenet Explorer]
37825. Number=5372
37826. Confirmed=X
37827. Filename=goaw.pif
37828. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapi.html" target=_blank>RBOT-API</a> WORM!
37829. Source=Paul Collins Startup list
37830.  
37831. [Microsoft Intrenet Explorer]
37832. Number=5373
37833. Confirmed=X
37834. Filename=Soundsyst.exe
37835. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqu.html" target=_blank>RBOT-AQU</a> WORM!
37836. Source=Paul Collins Startup list
37837.  
37838. [Microsoft Intrenet Explorer]
37839. Number=5374
37840. Confirmed=X
37841. Filename=cnsg.pif
37842. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaro.html" target=_blank>RBOT-ARO</a> WORM!
37843. Source=Paul Collins Startup list
37844.  
37845. [Microsoft Intrenet Explorer]
37846. Number=5375
37847. Confirmed=X
37848. Filename=wcumrg.exe
37849. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafd.html" target=_blank>SDBOT-AFD</a> WORM!
37850. Source=Paul Collins Startup list
37851.  
37852. [Microsoft IPC]
37853. Number=5376
37854. Confirmed=X
37855. Filename=system.exe
37856. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090916-5835-99" target="_blank">NULLBOT</a> TROJAN!
37857. Source=Paul Collins Startup list
37858.  
37859. [Microsoft IPC]
37860. Number=5377
37861. Confirmed=X
37862. Filename=svshost.exe
37863. Description=Added by an unidentified VIRUS, WORM or TROJAN!
37864. Source=Paul Collins Startup list
37865.  
37866. [Microsoft IT Update]
37867. Number=5378
37868. Confirmed=X
37869. Filename=win64.exe
37870. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GA" target="_blank">RBOT.GA</a> WORM!
37871. Source=Paul Collins Startup list
37872.  
37873. [Microsoft IT Update]
37874. Number=5379
37875. Confirmed=X
37876. Filename=[random filename]
37877. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
37878. Source=Paul Collins Startup list
37879.  
37880. [Microsoft IT Update]
37881. Number=5380
37882. Confirmed=X
37883. Filename=IEserv.exe
37884. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37885. Source=Paul Collins Startup list
37886.  
37887. [Microsoft IT Update]
37888. Number=5381
37889. Confirmed=X
37890. Filename=msupdate.exe
37891. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37892. Source=Paul Collins Startup list
37893.  
37894. [Microsoft IT Update]
37895. Number=5382
37896. Confirmed=X
37897. Filename=winn43.exe
37898. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37899. Source=Paul Collins Startup list
37900.  
37901. [Microsoft IT Update]
37902. Number=5383
37903. Confirmed=X
37904. Filename=svchsst.exe
37905. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdh.html" target=_blank>RBOT-DH</a> WORM!
37906. Source=Paul Collins Startup list
37907.  
37908. [Microsoft IT Update]
37909. Number=5384
37910. Confirmed=X
37911. Filename=win43.exe
37912. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsa.html" target=_blank>RBOT-SA</a> WORM!
37913. Source=Paul Collins Startup list
37914.  
37915. [Microsoft IT Update]
37916. Number=5385
37917. Confirmed=X
37918. Filename=windows.exe
37919. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjm.html" target=_blank>RBOT-GL</a> WORM!
37920. Source=Paul Collins Startup list
37921.  
37922. [Microsoft IT Update]
37923. Number=5386
37924. Confirmed=X
37925. Filename=winsyst32.exe
37926. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfc.html" target=_blank>RBOT-FC</a> WORM!
37927. Source=Paul Collins Startup list
37928.  
37929. [Microsoft Java Virtual Machine]
37930. Number=5387
37931. Confirmed=X
37932. Filename=winscr32.exe
37933. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
37934. Source=Paul Collins Startup list
37935.  
37936. [Microsoft Java Virtual Machine]
37937. Number=5388
37938. Confirmed=X
37939. Filename=MsConfiG.exe
37940. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdv.html" target=_blank>FORBOT-DV</a> WORM!
37941. Source=Paul Collins Startup list
37942.  
37943. [Microsoft Java Virtual Machine]
37944. Number=5389
37945. Confirmed=X
37946. Filename=msjvm.exe
37947. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
37948. Source=Paul Collins Startup list
37949.  
37950. [Microsoft Java Virtual Machine]
37951. Number=5390
37952. Confirmed=X
37953. Filename=javavm.exe
37954. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
37955. Source=Paul Collins Startup list
37956.  
37957. [Microsoft Java Windows Update]
37958. Number=5391
37959. Confirmed=X
37960. Filename=[filename]
37961. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdz.html" target=_blank>RBOT-DZ</a> WORM!
37962. Source=Paul Collins Startup list
37963.  
37964. [Microsoft JavaVM]
37965. Number=5392
37966. Confirmed=X
37967. Filename=msjarun.exe
37968. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjw.html" target="_blank">RBOT-JW</a> WORM!
37969. Source=Paul Collins Startup list
37970.  
37971. [Microsoft Kernel]
37972. Number=5393
37973. Confirmed=X
37974. Filename=Windows_kernel32.exe
37975. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102522-4640-99" target=_blank>NETSKY.AE</a> WORM!
37976. Source=Paul Collins Startup list
37977.  
37978. [Microsoft LAN32 Protocol]
37979. Number=5394
37980. Confirmed=X
37981. Filename=lanXp.exe
37982. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotss.html" target= blank>RBOT-SS</a> WORM!
37983. Source=Paul Collins Startup list
37984.  
37985. [Microsoft Lmhosting Service]
37986. Number=5395
37987. Confirmed=X
37988. Filename=lmhosts.exe
37989. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrc.html" target=_blank>RBOT-RC</a> WORM!
37990. Source=Paul Collins Startup list
37991.  
37992. [Microsoft Locals 332]
37993. Number=5396
37994. Confirmed=X
37995. Filename=[random filename]
37996. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotku.html" target="_blank">RBOT-KU</a> WORM!
37997. Source=Paul Collins Startup list
37998.  
37999. [Microsoft Login]
38000. Number=5397
38001. Confirmed=X
38002. Filename=winlogin.exe
38003. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajp.html" target=_blank>RBOT-AJP</a> WORM!
38004. Source=Paul Collins Startup list
38005.  
38006. [Microsoft LSA layer]
38007. Number=5398
38008. Confirmed=X
38009. Filename=MSLSA32.exe
38010. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakz.html" target=_blank>RBOT-AKZ</a> WORM!
38011. Source=Paul Collins Startup list
38012.  
38013. [Microsoft Lsass Center]
38014. Number=5399
38015. Confirmed=X
38016. Filename=Isass.exe
38017. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
38018. Source=Paul Collins Startup list
38019.  
38020. [Microsoft Lsass Center]
38021. Number=5400
38022. Confirmed=X
38023. Filename=telecomes.exe
38024. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
38025. Source=Paul Collins Startup list
38026.  
38027. [Microsoft LSASS386 Protocol]
38028. Number=5401
38029. Confirmed=X
38030. Filename=scvhost32.exe
38031. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
38032. Source=Paul Collins Startup list
38033.  
38034. [Microsoft LV]
38035. Number=5402
38036. Confirmed=X
38037. Filename=[path to file]
38038. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html" target= blank>BDL</a> TROJAN!
38039. Source=Paul Collins Startup list
38040.  
38041. [Microsoft Machine]
38042. Number=5403
38043. Confirmed=X
38044. Filename=winjava.exe
38045. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
38046. Source=Paul Collins Startup list
38047.  
38048. [Microsoft Machine Script]
38049. Number=5404
38050. Confirmed=X
38051. Filename=iexplorersis.exe
38052. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcmh.html" target="_blank">RBOT-CMH</a> WORM!
38053. Source=Paul Collins Startup list
38054.  
38055. [Microsoft Macro Protection SubSsy]
38056. Number=5405
38057. Confirmed=X
38058. Filename=msacroprots386.exe
38059. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">RBOT-KE</a> WORM!
38060. Source=Paul Collins Startup list
38061.  
38062. [Microsoft Macro Protection Subsystems]
38063. Number=5406
38064. Confirmed=X
38065. Filename=msmacroprotxz.exe
38066. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
38067. Source=Paul Collins Startup list
38068.  
38069. [Microsoft Macro Protection Subsystems]
38070. Number=5407
38071. Confirmed=X
38072. Filename=Msmacroprot32.exe
38073. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KN" target=_blank>RBOT.KN</a> WORM!
38074.  
38075. Source=Paul Collins Startup list
38076.  
38077. [Microsoft Management]
38078. Number=5408
38079. Confirmed=X
38080. Filename=lmas.exe
38081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcz.html" target=_blank>FORBOT-CZ</a> WORM!
38082. Source=Paul Collins Startup list
38083.  
38084. [Microsoft Management Console]
38085. Number=5409
38086. Confirmed=X
38087. Filename=lssas.exe
38088. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
38089. Source=Paul Collins Startup list
38090.  
38091. [Microsoft Management Console]
38092. Number=5410
38093. Confirmed=X
38094. Filename=[path to trojan]
38095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmutsrcha.html" target=_blank>SMUTSRCH-A</a> TROJAN!
38096. Source=Paul Collins Startup list
38097.  
38098. [Microsoft Management Console]
38099. Number=5411
38100. Confirmed=X
38101. Filename=lssas1.exe
38102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
38103. Source=Paul Collins Startup list
38104.  
38105. [Microsoft Manager]
38106. Number=5412
38107. Confirmed=X
38108. Filename=msmanager.exe
38109. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LF&VSect=P" target=_blank>MYTOB.LF</a> WORM!
38110. Source=Paul Collins Startup list
38111.  
38112. [Microsoft Map PC]
38113. Number=5413
38114. Confirmed=X
38115. Filename=mappc.exe
38116. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38117. Source=Paul Collins Startup list
38118.  
38119. [Microsoft Mapped PC]
38120. Number=5414
38121. Confirmed=X
38122. Filename=mappedpc.exe
38123. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38124. Source=Paul Collins Startup list
38125.  
38126. [Microsoft media]
38127. Number=5415
38128. Confirmed=X
38129. Filename=winmplayers.exe
38130. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
38131. Source=Paul Collins Startup list
38132.  
38133. [Microsoft Media player 9]
38134. Number=5416
38135. Confirmed=X
38136. Filename=msmedia32.exe
38137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotado.html" target=_blank>RBOT-ADO</a> WORM!
38138. Source=Paul Collins Startup list
38139.  
38140. [Microsoft media services]
38141. Number=5417
38142. Confirmed=X
38143. Filename=Iassd.exe
38144. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
38145. Source=Paul Collins Startup list
38146.  
38147. [Microsoft media services]
38148. Number=5418
38149. Confirmed=X
38150. Filename=winmplayer.exe
38151. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZO" target="_blank">RBOT.ZO</a> WORM!
38152. Source=Paul Collins Startup list
38153.  
38154. [Microsoft MediaScope]
38155. Number=5419
38156. Confirmed=X
38157. Filename=winmes.exe
38158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxu.html" target=_blank>RBOT-XU</a> WORM!
38159. Source=Paul Collins Startup list
38160.  
38161. [Microsoft Message Machine]
38162. Number=5420
38163. Confirmed=X
38164. Filename=msmesg32.exe
38165. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BI" target=_blank>SPYBOT.BI</a> WORM!
38166. Source=Paul Collins Startup list
38167.  
38168. [Microsoft Messenger Management Controls]
38169. Number=5421
38170. Confirmed=X
38171. Filename=msmgmctl.exe
38172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapa.html" target=_blank>RBOT-APA</a> WORM!
38173. Source=Paul Collins Startup list
38174.  
38175. [Microsoft Messenger Service]
38176. Number=5422
38177. Confirmed=X
38178. Filename=msmsg32.exe
38179. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOK&VSect=P" target=_blank>RBOT.BOK</a> WORM!
38180. Source=Paul Collins Startup list
38181.  
38182. [Microsoft Messenger XP]
38183. Number=5423
38184. Confirmed=X
38185. Filename=MSMSN32.exe
38186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzp.html" target=_blank>RBOT-ZP</a> WORM!
38187. Source=Paul Collins Startup list
38188.  
38189. [Microsoft MicroP Protocol]
38190. Number=5424
38191. Confirmed=X
38192. Filename=wdgmr32.exe
38193. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38194. Source=Paul Collins Startup list
38195.  
38196. [Microsoft Movie Maker]
38197. Number=5425
38198. Confirmed=X
38199. Filename=Mmaker.exe
38200. Description=Added by the <a href="http://www.symantec.com/region/jp/avcenter/venc/data/w32.ircbot.c.html" target="_blank">IRCBOT.C</a> TROJAN! Note that this is not a valid Microsoft program
38201. Source=Paul Collins Startup list
38202.  
38203. [Microsoft MSGPLUS32 Protocol]
38204. Number=5426
38205. Confirmed=X
38206. Filename=msgplus32.exe
38207. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
38208. Source=Paul Collins Startup list
38209.  
38210. [Microsoft MSNGR32 Protocol]
38211. Number=5427
38212. Confirmed=X
38213. Filename=msngr32.exe
38214. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
38215. Source=Paul Collins Startup list
38216.  
38217. [Microsoft msnseru]
38218. Number=5428
38219. Confirmed=X
38220. Filename=msnseru.exe
38221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapb.html" target=_blank>RBOT-APB</a> WORM!
38222. Source=Paul Collins Startup list
38223.  
38224. [Microsoft MsnST]
38225. Number=5429
38226. Confirmed=X
38227. Filename=msnst32.exe
38228. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38229. Source=Paul Collins Startup list
38230.  
38231. [Microsoft MSUPDATE]
38232. Number=5430
38233. Confirmed=X
38234. Filename=SpoolSvc.exe
38235. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsxtba.html" target="_blank">SXTB-A</a> TROJAN!
38236. Source=Paul Collins Startup list
38237.  
38238. [Microsoft Neser Experience]
38239. Number=5431
38240. Confirmed=X
38241. Filename=nese.exe
38242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyh.html" target=_blank>RBOT-YH</a> WORM!
38243. Source=Paul Collins Startup list
38244.  
38245. [Microsoft NetMeeting Associates, Inc.]
38246. Number=5432
38247. Confirmed=X
38248. Filename=NetMeeting.exe
38249. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
38250. Source=Paul Collins Startup list
38251.  
38252. [Microsoft Netview]
38253. Number=5433
38254. Confirmed=X
38255. Filename=gesfm32.exe
38256. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061812-1316-99" target="_blank">RANDEX.C</a> WORM!
38257. Source=Paul Collins Startup list
38258.  
38259. [Microsoft Netview]
38260. Number=5434
38261. Confirmed=X
38262. Filename=mssvc32.exe
38263. Description=Added by an unidentified VIRUS, WORM or TROJAN!
38264. Source=Paul Collins Startup list
38265.  
38266. [Microsoft Netview Component v5.1]
38267. Number=5435
38268. Confirmed=X
38269. Filename=msnv32.exe
38270. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
38271. Source=Paul Collins Startup list
38272.  
38273. [Microsoft Network]
38274. Number=5436
38275. Confirmed=X
38276. Filename=msnet.exe
38277. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022608-5242-99" target="_blank">MOCKBOT.A</a> WORM!
38278. Source=Paul Collins Startup list
38279.  
38280. [Microsoft Network]
38281. Number=5437
38282. Confirmed=X
38283. Filename=Networksystem.exe
38284. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaai.html" target=_blank>SDBOT-AAI</a> WORM!
38285. Source=Paul Collins Startup list
38286.  
38287. [Microsoft Network Daemon for Win32]
38288. Number=5438
38289. Confirmed=X
38290. Filename=Netd32.exe
38291. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101019-3203-99" target="_blank">SDBOT.R</a> TROJAN!
38292. Source=Paul Collins Startup list
38293.  
38294. [Microsoft Network Host]
38295. Number=5439
38296. Confirmed=X
38297. Filename=svc0host.exe
38298. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaen.html" target=_blank>SDBOT-AEN</a> WORM!
38299. Source=Paul Collins Startup list
38300.  
38301. [Microsoft Network Services Controller]
38302. Number=5440
38303. Confirmed=X
38304. Filename=mmsvc32.exe
38305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nanpya.html" target=_blank>NANPY-A</a> WORM!
38306. Source=Paul Collins Startup list
38307.  
38308. [Microsoft Networking Agent For SP2]
38309. Number=5441
38310. Confirmed=X
38311. Filename=msnac32.exe
38312. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051916-0450-99" target=_blank>SPYBOT.PEN</a> WORM!
38313. Source=Paul Collins Startup list
38314.  
38315. [Microsoft Nod32 Service]
38316. Number=5442
38317. Confirmed=X
38318. Filename=nood32.exe
38319. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EJP" target="_blank">RBOT.EJP</a> WORM!
38320. Source=Paul Collins Startup list
38321.  
38322. [Microsoft NotePad]
38323. Number=5443
38324. Confirmed=X
38325. Filename=notepad.exe
38326. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38327. Source=Paul Collins Startup list
38328.  
38329. [Microsoft NT Drivers]
38330. Number=5444
38331. Confirmed=X
38332. Filename=ntdrv.exe
38333. Description=Added by the SDBOT.AJN TROJAN!
38334.  
38335. Source=Paul Collins Startup list
38336.  
38337. [Microsoft NT Update]
38338. Number=5445
38339. Confirmed=X
38340. Filename=winexec32.exe
38341. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38342. Source=Paul Collins Startup list
38343.  
38344. [Microsoft Nvidia Video]
38345. Number=5446
38346. Confirmed=X
38347. Filename=nvidia.exe
38348. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
38349. Source=Paul Collins Startup list
38350.  
38351. [Microsoft Office]
38352. Number=5447
38353. Confirmed=N
38354. Filename=Osa.exe
38355. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
38356. Source=Paul Collins Startup list
38357.  
38358. [Microsoft Office]
38359. Number=5448
38360. Confirmed=N
38361. Filename=Msoffice.exe
38362. Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
38363. Source=Paul Collins Startup list
38364.  
38365. [Microsoft Office]
38366. Number=5449
38367. Confirmed=X
38368. Filename=MSMSGR.exe
38369. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102208-5004-99" target="_blank">GAOBOT.BB</a> WORM!
38370. Source=Paul Collins Startup list
38371.  
38372. [Microsoft Office]
38373. Number=5450
38374. Confirmed=N
38375. Filename=Osa9.exe
38376. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
38377. Source=Paul Collins Startup list
38378.  
38379. [Microsoft Office]
38380. Number=5451
38381. Confirmed=X
38382. Filename=lserv.exe
38383. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T" target=_blank>SDBOT.MH</a> WORM!
38384. Source=Paul Collins Startup list
38385.  
38386. [Microsoft Office]
38387. Number=5452
38388. Confirmed=X
38389. Filename=Microsoft Office.hta
38390. Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
38391. Source=Paul Collins Startup list
38392.  
38393. [Microsoft Office]
38394. Number=5453
38395. Confirmed=X
38396. Filename=msoicons.exe
38397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzi.html" target=_blank>RBOT-ZI</a> WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described <a href="http://www.fileproperties.com/m/MSOICONS-EXE.htm" target=_blank>here</a>. The latter wil not be listed among your startups!
38398. Source=Paul Collins Startup list
38399.  
38400. [Microsoft Office]
38401. Number=5454
38402. Confirmed=X
38403. Filename=Nxcao.exe
38404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotze.html" target= blank>RBOT-ZE</a> WORM!
38405. Source=Paul Collins Startup list
38406.  
38407. [Microsoft Office]
38408. Number=5455
38409. Confirmed=X
38410. Filename=nxcxtpr.exe
38411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyg.html" target= blank>RBOT-YG</a> WORM!
38412. Source=Paul Collins Startup list
38413.  
38414. [Microsoft Office]
38415. Number=5456
38416. Confirmed=X
38417. Filename=svxhost.exe
38418. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
38419. Source=Paul Collins Startup list
38420.  
38421. [Microsoft Office]
38422. Number=5457
38423. Confirmed=X
38424. Filename=msoffice32.exe
38425. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38426. Source=Paul Collins Startup list
38427.  
38428. [Microsoft Office]
38429. Number=5458
38430. Confirmed=X
38431. Filename=msoff.exe
38432. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrakerc.html" target=_blank>RAKER-C</a> TROJAN!
38433. Source=Paul Collins Startup list
38434.  
38435. [Microsoft Office]
38436. Number=5459
38437. Confirmed=X
38438. Filename=microsoft.exe
38439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankervf.html" target=_blank>BANKER-VF</a> TROJAN!
38440. Source=Paul Collins Startup list
38441.  
38442. [Microsoft Office]
38443. Number=5460
38444. Confirmed=X
38445. Filename=msvcp.exe
38446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentxk.html" target="_blank">AGENT-XK</a> TROJAN!
38447. Source=Paul Collins Startup list
38448.  
38449. [Microsoft Office]
38450. Number=5461
38451. Confirmed=X
38452. Filename=msmsgr.exe
38453. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102208-5004-99" target="_blank">GAOBOT.BB</a> WORM!
38454. Source=Paul Collins Startup list
38455.  
38456. [Microsoft Office Fast Cache]
38457. Number=5462
38458. Confirmed=N
38459. Filename=Fastboot.exe
38460. Description=Part of MS Office 95 (v7.0). According to <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q132755" target=_blank>this</a> it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
38461. Source=Paul Collins Startup list
38462.  
38463. [Microsoft Office Monitor]
38464. Number=5463
38465. Confirmed=X
38466. Filename=alg2k.exe
38467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczo.html" target="_blank">SDBOT-CZO</a> WORM!
38468. Source=Paul Collins Startup list
38469.  
38470. [Microsoft Office Monitor]
38471. Number=5464
38472. Confirmed=X
38473. Filename=aql32.exe
38474. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrbotgcy.html" target="_blank">RBOT-GCY</a> TROJAN!
38475. Source=Paul Collins Startup list
38476.  
38477. [Microsoft Office OneNote 2003 Quick Launch]
38478. Number=5465
38479. Confirmed=U
38480. Filename=ONENOTEM.EXE
38481. Description=ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work
38482. Source=Paul Collins Startup list
38483.  
38484. [Microsoft Office Quick Launcher]
38485. Number=5466
38486. Confirmed=X
38487. Filename=iau1.exe
38488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
38489. Source=Paul Collins Startup list
38490.  
38491. [Microsoft Office Shortcut Bar]
38492. Number=5467
38493. Confirmed=N
38494. Filename=Msoffice.exe
38495. Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
38496. Source=Paul Collins Startup list
38497.  
38498. [Microsoft Office Start]
38499. Number=5468
38500. Confirmed=X
38501. Filename=winupdates.exe
38502. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102411-5646-99" target="_blank">GAOBOT.BC</a> WORM!
38503. Source=Paul Collins Startup list
38504.  
38505. [Microsoft Office Startup]
38506. Number=5469
38507. Confirmed=N
38508. Filename=Osa.exe
38509. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
38510. Source=Paul Collins Startup list
38511.  
38512. [Microsoft Office Startup]
38513. Number=5470
38514. Confirmed=N
38515. Filename=Osa9.exe
38516. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
38517. Source=Paul Collins Startup list
38518.  
38519. [Microsoft Office Studio]
38520. Number=5471
38521. Confirmed=X
38522. Filename=scvhvst.exe
38523. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022417-5047-99" target=_blank>RANDEX.CST</a> WORM!
38524. Source=Paul Collins Startup list
38525.  
38526. [Microsoft OfficeXP]
38527. Number=5472
38528. Confirmed=X
38529. Filename=officeXP.exe
38530. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KILLAV.MA&VSect=P" target=_blank>KILLAV.MA</a> WORM!
38531. Source=Paul Collins Startup list
38532.  
38533. [Microsoft Opeions]
38534. Number=5473
38535. Confirmed=X
38536. Filename=IEXwe.exe
38537. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38538. Source=Paul Collins Startup list
38539.  
38540. [Microsoft Outlook Express Protocol]
38541. Number=5474
38542. Confirmed=X
38543. Filename=svchst.exe
38544. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
38545. Source=Paul Collins Startup list
38546.  
38547. [Microsoft Patch Update]
38548. Number=5475
38549. Confirmed=X
38550. Filename=bootini.exe
38551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmn.html" target="_blank">RBOT-FMN</a> WORM!
38552. Source=Paul Collins Startup list
38553.  
38554. [Microsoft PC Health Remote Assistance File Open & Save controls]
38555. Number=5476
38556. Confirmed=X
38557. Filename=sfrcdlg32.exe
38558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavy.html" target=_blank>RBOT-AVY</a> WORM!
38559. Source=Paul Collins Startup list
38560.  
38561. [Microsoft PCHealth32]
38562. Number=5477
38563. Confirmed=X
38564. Filename=[path to file]
38565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnicea.html" target= blank>NICE-A</a> TROJAN!
38566. Source=Paul Collins Startup list
38567.  
38568. [Microsoft PCHealth32]
38569. Number=5478
38570. Confirmed=X
38571. Filename=NDDENB.exe
38572. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsyahooa.html" target=_blank>PWSYAHOO-A</a> TROJAN!
38573. Source=Paul Collins Startup list
38574.  
38575. [Microsoft PCI Manager]
38576. Number=5479
38577. Confirmed=X
38578. Filename=mspci.exe
38579. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
38580. Source=Paul Collins Startup list
38581.  
38582. [Microsoft Personal Firewalls]
38583. Number=5480
38584. Confirmed=X
38585. Filename=bakw.exe
38586. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotks.html" target="_blank">RBOT-KS</a> WORM!
38587. Source=Paul Collins Startup list
38588.  
38589. [Microsoft Proc Driver32]
38590. Number=5481
38591. Confirmed=X
38592. Filename=msprc.exe
38593. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
38594. Source=Paul Collins Startup list
38595.  
38596. [Microsoft Procedure Call]
38597. Number=5482
38598. Confirmed=X
38599. Filename=MSPCALL.exe
38600. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38601. Source=Paul Collins Startup list
38602.  
38603. [Microsoft PSTCP32 Data]
38604. Number=5483
38605. Confirmed=X
38606. Filename=pstcp32.exe
38607. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38608. Source=Paul Collins Startup list
38609.  
38610. [Microsoft QMGR]
38611. Number=5484
38612. Confirmed=X
38613. Filename=msnqmgr.exe
38614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbots.html" target=_blank>IRCBOT-S</a> TROJAN!
38615. Source=Paul Collins Startup list
38616.  
38617. [Microsoft RDLL]
38618. Number=5485
38619. Confirmed=X
38620. Filename=sysconf32.exe
38621. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
38622. Source=Paul Collins Startup list
38623.  
38624. [Microsoft Redirect]
38625. Number=5486
38626. Confirmed=X
38627. Filename=[path to file]
38628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfw.html" target=_blank>BANKER-FW</a> TROJAN!
38629. Source=Paul Collins Startup list
38630.  
38631. [Microsoft Redirect]
38632. Number=5487
38633. Confirmed=X
38634. Filename=systen.exe
38635. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfo.html" target=_blank>BANCOS-FO</a> TROJAN!
38636. Source=Paul Collins Startup list
38637.  
38638. [Microsoft Registro]
38639. Number=5488
38640. Confirmed=X
38641. Filename=svchostt.exe
38642. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdh.html" target=_blank>BANCOS-DH</a> TROJAN!
38643.  
38644. Source=Paul Collins Startup list
38645.  
38646. [Microsoft Registry]
38647. Number=5489
38648. Confirmed=X
38649. Filename=csrse.exe
38650. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpc.html" target=_blank>RBOT-PC</a> WORM!
38651.  
38652. Source=Paul Collins Startup list
38653.  
38654. [MicroSoft Remote Secure Service]
38655. Number=5490
38656. Confirmed=X
38657. Filename=MSRSS.exe
38658. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38659. Source=Paul Collins Startup list
38660.  
38661. [Microsoft Restore]
38662. Number=5491
38663. Confirmed=X
38664. Filename=scrgrd.exe
38665. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR" target=_blank>SPYBOT.BR</a> WORM!
38666. Source=Paul Collins Startup list
38667.  
38668. [Microsoft Rundll]
38669. Number=5492
38670. Confirmed=X
38671. Filename=windos.exe
38672. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwf.html" target= blank>SDBOT-WF</a> WORM!
38673. Source=Paul Collins Startup list
38674.  
38675. [Microsoft Runtime]
38676. Number=5493
38677. Confirmed=X
38678. Filename=CfgDll32.exe
38679. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120918-0007-99" target="_blank">RANDEX.BD</a> WORM!
38680. Source=Paul Collins Startup list
38681.  
38682. [Microsoft Scanreg]
38683. Number=5494
38684. Confirmed=X
38685. Filename=microsoftscanreg.exe
38686. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A" target="_blank">FRANRIV.A</a> WORM!
38687. Source=Paul Collins Startup list
38688.  
38689. [Microsoft SCVHOST32 Protocol]
38690. Number=5495
38691. Confirmed=X
38692. Filename=scvhost32.exe
38693. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38694. Source=Paul Collins Startup list
38695.  
38696. [Microsoft sddcE Contol]
38697. Number=5496
38698. Confirmed=X
38699. Filename=taskmnegr.exe
38700. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaum.html" target=_blank>RBOT-AUM</a> WORM!
38701. Source=Paul Collins Startup list
38702.  
38703. [Microsoft sdk temp]
38704. Number=5497
38705. Confirmed=X
38706. Filename=sdktemp.exe
38707. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanp.html" target=_blank>RBOT-ANP</a> WORM!
38708. Source=Paul Collins Startup list
38709.  
38710. [Microsoft SDKP3]
38711. Number=5498
38712. Confirmed=X
38713. Filename=mswinsdq.exe
38714. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotary.html" target=_blank>RBOT-ARY</a> WORM!
38715. Source=Paul Collins Startup list
38716.  
38717. [Microsoft Secure Messenger.NET Service]
38718. Number=5499
38719. Confirmed=X
38720. Filename=securitychk.exe
38721. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VT" target="_blank">SDBOT.VT</a> WORM!
38722. Source=Paul Collins Startup list
38723.  
38724. [Microsoft Security]
38725. Number=5500
38726. Confirmed=X
38727. Filename=winService.exe
38728. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38729. Source=Paul Collins Startup list
38730.  
38731. [Microsoft Security Center]
38732. Number=5501
38733. Confirmed=X
38734. Filename=savservices.exe
38735. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanu.html" target=_blank>RBOT-ANU</a> WORM!
38736. Source=Paul Collins Startup list
38737.  
38738. [Microsoft Security Center]
38739. Number=5502
38740. Confirmed=X
38741. Filename=wcsntfy.exe
38742. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BYD" target="_blank">SDBOT.BYD</a> WORM!
38743. Source=Paul Collins Startup list
38744.  
38745. [Microsoft Security Controlers]
38746. Number=5503
38747. Confirmed=X
38748. Filename=fxsecues.exe
38749. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
38750. Source=Paul Collins Startup list
38751.  
38752. [Microsoft Security GManagers]
38753. Number=5504
38754. Confirmed=X
38755. Filename=[random filename]
38756. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
38757. Source=Paul Collins Startup list
38758.  
38759. [Microsoft Security Hot Fix Update]
38760. Number=5505
38761. Confirmed=X
38762. Filename=mshotfix.exe
38763. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
38764. Source=Paul Collins Startup list
38765.  
38766. [Microsoft Security Management]
38767. Number=5506
38768. Confirmed=X
38769. Filename=winnt.exe
38770. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmq.html" target=_blank>RBOT-MQ</a> WORM!
38771.  
38772. Source=Paul Collins Startup list
38773.  
38774. [Microsoft Security Management]
38775. Number=5507
38776. Confirmed=X
38777. Filename=winserv.exe
38778. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmj.html" target=_blank>RBOT-MJ</a> WORM!
38779. Source=Paul Collins Startup list
38780.  
38781. [Microsoft Security Management]
38782. Number=5508
38783. Confirmed=X
38784. Filename=winamp.exe
38785. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory
38786. Source=Paul Collins Startup list
38787.  
38788. [Microsoft Security Management]
38789. Number=5509
38790. Confirmed=X
38791. Filename=wuauct1.exe
38792. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38793. Source=Paul Collins Startup list
38794.  
38795. [Microsoft Security Management]
38796. Number=5510
38797. Confirmed=X
38798. Filename=bling.exe
38799. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XL" target="_blank">RBOT.XL</a> WORM!
38800. Source=Paul Collins Startup list
38801.  
38802. [Microsoft Security Management]
38803. Number=5511
38804. Confirmed=X
38805. Filename=sp2fix.exe
38806. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UB" target="_blank">RBOT.UB</a> WORM!
38807. Source=Paul Collins Startup list
38808.  
38809. [Microsoft Security Manager]
38810. Number=5512
38811. Confirmed=X
38812. Filename=winamp.exe
38813. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TU" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
38814. Source=Paul Collins Startup list
38815.  
38816. [Microsoft Security Monitor Process]
38817. Number=5513
38818. Confirmed=X
38819. Filename=mssmp.exe
38820. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
38821. Source=Paul Collins Startup list
38822.  
38823. [Microsoft Security Monitor Process]
38824. Number=5514
38825. Confirmed=X
38826. Filename=mnsmp.exe
38827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
38828. Source=Paul Collins Startup list
38829.  
38830. [Microsoft Security Monitor Process]
38831. Number=5515
38832. Confirmed=X
38833. Filename=msmp.exe
38834. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfub.html" target="_blank">RBOT-FUB</a> WORM!
38835. Source=Paul Collins Startup list
38836.  
38837. [Microsoft Security Panager]
38838. Number=5516
38839. Confirmed=X
38840. Filename=[filename]
38841. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanl.html" target=_blank>RBOT-ANL</a> WORM!
38842. Source=Paul Collins Startup list
38843.  
38844. [Microsoft Security Panagers]
38845. Number=5517
38846. Confirmed=X
38847. Filename=[random filename]
38848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaig.html" target=_blank>RBOT-AIG</a> WORM!
38849. Source=Paul Collins Startup list
38850.  
38851. [Microsoft Security Panagers]
38852. Number=5518
38853. Confirmed=X
38854. Filename=zzoboony.exe
38855. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoi.html" target=_blank>RBOT-AOI</a> WORM!
38856. Source=Paul Collins Startup list
38857.  
38858. [Microsoft Security Process]
38859. Number=5519
38860. Confirmed=X
38861. Filename=wininit.exe
38862. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkm.html" target="_blank">RBOT-FKM</a> WORM!
38863. Source=Paul Collins Startup list
38864.  
38865. [Microsoft Server]
38866. Number=5520
38867. Confirmed=X
38868. Filename=rserv.exe
38869. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AVS" target="_blank">AGOBOT.AVS</a> WORM!
38870. Source=Paul Collins Startup list
38871.  
38872. [Microsoft Server Applacations]
38873. Number=5521
38874. Confirmed=X
38875. Filename=msnmsg.exe
38876. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38877. Source=Paul Collins Startup list
38878.  
38879. [Microsoft Server Applacations]
38880. Number=5522
38881. Confirmed=X
38882. Filename=wuauct1.exe
38883. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38884. Source=Paul Collins Startup list
38885.  
38886. [Microsoft Server Applacations]
38887. Number=5523
38888. Confirmed=X
38889. Filename=lsasss.exe
38890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqq.html" target=_blank>RBOT-AQQ</a> WORM!
38891. Source=Paul Collins Startup list
38892.  
38893. [Microsoft Server Applacations]
38894. Number=5524
38895. Confirmed=X
38896. Filename=Q8See.exe
38897. Description=Added by the <a href="http://sandbox.norman.no/live_2.html?logfile=725823" target="_blank">SPYBOT.GEN3</a> TROJAN!
38898. Source=Paul Collins Startup list
38899.  
38900. [Microsoft Server Applacations]
38901. Number=5525
38902. Confirmed=X
38903. Filename=cli.exe
38904. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaq.html" target="_blank">RBOT-GAQ</a> WORM!
38905. Source=Paul Collins Startup list
38906.  
38907. [Microsoft Server Application]
38908. Number=5526
38909. Confirmed=X
38910. Filename=Sound.exe
38911. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotne.html" target=_blank>RBOT-NE</a> WORM!
38912.  
38913. Source=Paul Collins Startup list
38914.  
38915. [microsoft server base]
38916. Number=5527
38917. Confirmed=X
38918. Filename=lass.exe
38919. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38920. Source=Paul Collins Startup list
38921.  
38922. [Microsoft Service]
38923. Number=5528
38924. Confirmed=X
38925. Filename=microhost.exe
38926. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlc.html" target="_blank">RBOT-LC</a> WORM!
38927. Source=Paul Collins Startup list
38928.  
38929. [Microsoft Service]
38930. Number=5529
38931. Confirmed=X
38932. Filename=winsvc.exe
38933. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdb.html" target="_blank">SPYBOT-DB</a> WORM!
38934. Source=Paul Collins Startup list
38935.  
38936. [Microsoft Service]
38937. Number=5530
38938. Confirmed=X
38939. Filename=rundll.exe
38940. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32popoa.html" target=_blank>POPO-A</a> WORM! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
38941. Source=Paul Collins Startup list
38942.  
38943. [Microsoft Service Controller]
38944. Number=5531
38945. Confirmed=X
38946. Filename=services.exe
38947. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
38948. Source=Paul Collins Startup list
38949.  
38950. [Microsoft Service Drivers]
38951. Number=5532
38952. Confirmed=X
38953. Filename=System.exe
38954. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38955. Source=Paul Collins Startup list
38956.  
38957. [Microsoft Service Drivers]
38958. Number=5533
38959. Confirmed=X
38960. Filename=VSADNIM.exe
38961. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38962. Source=Paul Collins Startup list
38963.  
38964. [Microsoft Service Host Process]
38965. Number=5534
38966. Confirmed=X
38967. Filename=svchost.exe
38968. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KRYNOS.B&VSect=P" target=_blank>KRYNOS.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder
38969. Source=Paul Collins Startup list
38970.  
38971. [Microsoft Service Pack]
38972. Number=5535
38973. Confirmed=X
38974. Filename=WindowsSP.exe
38975. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrf.html" target=_blank>RBOT-RF</a> WORM!
38976. Source=Paul Collins Startup list
38977.  
38978. [Microsoft Service Pack2.1]
38979. Number=5536
38980. Confirmed=X
38981. Filename=svchost2.exe
38982. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
38983. Source=Paul Collins Startup list
38984.  
38985. [Microsoft Services]
38986. Number=5537
38987. Confirmed=X
38988. Filename=lsserv.exe
38989. Description=Added by an unidentified VIRUS, WORM or TROJAN!
38990. Source=Paul Collins Startup list
38991.  
38992. [Microsoft Services]
38993. Number=5538
38994. Confirmed=X
38995. Filename=lssrv.exe
38996. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CW&VSect=T" target="_blank">RBOT.CW</a> WORM!
38997. Source=Paul Collins Startup list
38998.  
38999. [Microsoft Services]
39000. Number=5539
39001. Confirmed=X
39002. Filename=services.exe
39003. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-083116-5118-99" target="_blank">ALETS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
39004. Source=Paul Collins Startup list
39005.  
39006. [Microsoft Services]
39007. Number=5540
39008. Confirmed=X
39009. Filename=lsrv.exe
39010. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbk.html" target="_blank">RBOT-BK</a> WORM!
39011. Source=Paul Collins Startup list
39012.  
39013. [Microsoft Services]
39014. Number=5541
39015. Confirmed=X
39016. Filename=svshost.exe
39017. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010617-2801-99" target=_blank>ALETS.B</a> TROJAN!
39018. Source=Paul Collins Startup list
39019.  
39020. [Microsoft Services]
39021. Number=5542
39022. Confirmed=X
39023. Filename=bsc32.exe
39024. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooraw.html" target=_blank>BDOOR-AW</a> TROJAN!
39025. Source=Paul Collins Startup list
39026.  
39027. [Microsoft Services]
39028. Number=5543
39029. Confirmed=X
39030. Filename=Smss32.exe
39031. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotad.html" target=_blank>RBOT-AD</a> WORM!
39032. Source=Paul Collins Startup list
39033.  
39034. [Microsoft Services]
39035. Number=5544
39036. Confirmed=X
39037. Filename=svssshost.exe
39038. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39039. Source=Paul Collins Startup list
39040.  
39041. [Microsoft Services]
39042. Number=5545
39043. Confirmed=X
39044. Filename=module.exe
39045. Description=Added by the <a href="http://www.auditmypc.com/process/module.asp" target="_blank">LAVITS</a> WORM!
39046. Source=Paul Collins Startup list
39047.  
39048. [Microsoft Services Unitd]
39049. Number=5546
39050. Confirmed=X
39051. Filename=MSU32.exe
39052. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39053. Source=Paul Collins Startup list
39054.  
39055. [Microsoft Servicez Manager]
39056. Number=5547
39057. Confirmed=X
39058. Filename=servicemgrz.exe
39059. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasn.html" target=_blank>RBOT-ASN</a> WORM!
39060. Source=Paul Collins Startup list
39061.  
39062. [Microsoft Session Manager Subsystem]
39063. Number=5548
39064. Confirmed=X
39065. Filename=smss.exe
39066. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kaleld.html" target=_blank>KALEL-D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
39067. Source=Paul Collins Startup list
39068.  
39069. [Microsoft Sidewinder Game Controller Software]
39070. Number=5549
39071. Confirmed=N
39072. Filename=SWTRAY.EXE
39073. Description=MS SideWinder game controller system tray icon. Available via Start -> Programs
39074. Source=Paul Collins Startup list
39075.  
39076. [Microsoft Sinsup]
39077. Number=5550
39078. Confirmed=X
39079. Filename=odjiwjf.exe
39080. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdn.html" target= blank>RBOT-DN</a> WORM!
39081. Source=Paul Collins Startup list
39082.  
39083. [Microsoft Software]
39084. Number=5551
39085. Confirmed=X
39086. Filename=sysinfo33.exe
39087. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LS" target="_blank">RBOT.LS</a> WORM!
39088. Source=Paul Collins Startup list
39089.  
39090. [microsoft software]
39091. Number=5552
39092. Confirmed=X
39093. Filename=****.exe E255 [* = random char]
39094. Description=Added by an unidentified WORM or TROJAN!
39095. Source=Paul Collins Startup list
39096.  
39097. [Microsoft software]
39098. Number=5553
39099. Confirmed=X
39100. Filename=cdaccess.exe
39101. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK" target=_blank>RBOT.ABK</a> WORM!
39102. Source=Paul Collins Startup list
39103.  
39104. [Microsoft Software Update]
39105. Number=5554
39106. Confirmed=X
39107. Filename=nmon.exe
39108. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ" target="_blank">RBOT.HZ</a> WORM!
39109. Source=Paul Collins Startup list
39110.  
39111. [Microsoft Sound Driver]
39112. Number=5555
39113. Confirmed=X
39114. Filename=sound32.exe
39115. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
39116. Source=Paul Collins Startup list
39117.  
39118. [Microsoft Sound Technology]
39119. Number=5556
39120. Confirmed=X
39121. Filename=winsound.exe
39122. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagg.html" target=_blank>RBOT-AGG</a> WORM!
39123. Source=Paul Collins Startup list
39124.  
39125. [Microsoft Sound Volume Tool]
39126. Number=5557
39127. Confirmed=N
39128. Filename=mssvol.exe
39129. Description=This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
39130. Source=Paul Collins Startup list
39131.  
39132. [Microsoft Sounds]
39133. Number=5558
39134. Confirmed=X
39135. Filename=soundman.exe
39136. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgci.html" target="_blank">RBOT-GCI</a> WORM!
39137. Source=Paul Collins Startup list
39138.  
39139. [Microsoft SourceSafe]
39140. Number=5559
39141. Confirmed=X
39142. Filename=csrss.exe
39143. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
39144. Source=Paul Collins Startup list
39145.  
39146. [Microsoft SpA Service]
39147. Number=5560
39148. Confirmed=X
39149. Filename=msapps.exe
39150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvi.html" target= blank>RBOT-VI</a> WORM!
39151. Source=Paul Collins Startup list
39152.  
39153. [Microsoft SpA Service]
39154. Number=5561
39155. Confirmed=X
39156. Filename=win32.exe
39157. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATS&VSect=T" target=_blank>RBOT.ATS</a> WORM!
39158. Source=Paul Collins Startup list
39159.  
39160. [Microsoft SpA Service]
39161. Number=5562
39162. Confirmed=X
39163. Filename=Winupd32.exe
39164. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LT&VSect=P" target=_blank>RBOT.LT</a> WORM!
39165. Source=Paul Collins Startup list
39166.  
39167. [Microsoft Special offer]
39168. Number=5563
39169. Confirmed=X
39170. Filename=infoebay.exe
39171. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
39172. Source=Paul Collins Startup list
39173.  
39174. [Microsoft Spool Server for Win32]
39175. Number=5564
39176. Confirmed=X
39177. Filename=spoolsrv.exe
39178. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081617-3006-99" target="_blank">RANDEX.H</a> WORM!
39179. Source=Paul Collins Startup list
39180.  
39181. [Microsoft SSISVRI32 Protocol]
39182. Number=5565
39183. Confirmed=X
39184. Filename=ssisvri.exe
39185. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
39186. Source=Paul Collins Startup list
39187.  
39188. [Microsoft Standard Executions Library]
39189. Number=5566
39190. Confirmed=X
39191. Filename=win32lib.exe
39192. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauk.html" target=_blank>RBOT-AUK</a> WORM!
39193. Source=Paul Collins Startup list
39194.  
39195. [Microsoft standard protector]
39196. Number=5567
39197. Confirmed=X
39198. Filename=winsocks5.exe
39199. Description=Added by the SMALL.CF TROJAN!
39200. Source=Paul Collins Startup list
39201.  
39202. [Microsoft standard protector]
39203. Number=5568
39204. Confirmed=X
39205. Filename=[path to trojan]
39206. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstoxc.html" target=_blank>STOX-C</a> TROJAN!
39207. Source=Paul Collins Startup list
39208.  
39209. [Microsoft Sum32]
39210. Number=5569
39211. Confirmed=X
39212. Filename=sum32.exe
39213. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyw.html" target= blank>RBOT-YW</a> WORM!
39214. Source=Paul Collins Startup list
39215.  
39216. [Microsoft Support]
39217. Number=5570
39218. Confirmed=X
39219. Filename=sys32ms.exe
39220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahi.html" target=_blank>RBOT-AHI</a> WORM!
39221. Source=Paul Collins Startup list
39222.  
39223. [microsoft support]
39224. Number=5571
39225. Confirmed=X
39226. Filename=svchostt.exe
39227. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AWN" target="_blank">AGOBOT.AWN</a> WORM!
39228. Source=Paul Collins Startup list
39229.  
39230. [Microsoft Svchost local services]
39231. Number=5572
39232. Confirmed=X
39233. Filename=winoem.exe
39234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpe.html" target="_blank">RBOT-FPE</a>
39235. Source=Paul Collins Startup list
39236.  
39237. [Microsoft Svchost local services]
39238. Number=5573
39239. Confirmed=X
39240. Filename=winoem.exe
39241. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfpe.html" target="_blank">RBOT-FPE</a> WORM!
39242. Source=Paul Collins Startup list
39243.  
39244. [Microsoft Svchost local services]
39245. Number=5574
39246. Confirmed=X
39247. Filename=nzm23.exe
39248. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmc.html" target="_blank">RBOT-GMC</a> WORM!
39249. Source=Paul Collins Startup list
39250.  
39251. [Microsoft Synchronization Manager]
39252. Number=5575
39253. Confirmed=X
39254. Filename=asgard.exe
39255. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html" target="_blank">SDBOT-AEA</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
39256. Source=Paul Collins Startup list
39257.  
39258. [Microsoft Synchronization Manager]
39259. Number=5576
39260. Confirmed=X
39261. Filename=bot.exe
39262. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH" target="_blank">SDBOT.IH</a> WORM!
39263. Source=Paul Collins Startup list
39264.  
39265. [Microsoft Synchronization Manager]
39266. Number=5577
39267. Confirmed=X
39268. Filename=netscape.exe
39269. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AE" target="_blank">RANDEX.AE</a> WORM!
39270. Source=Paul Collins Startup list
39271.  
39272. [Microsoft Synchronization Manager]
39273. Number=5578
39274. Confirmed=X
39275. Filename=slhost.exe
39276. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.YH" target="_blank">SDBOT.YH</a> WORM!
39277. Source=Paul Collins Startup list
39278.  
39279. [Microsoft Synchronization Manager]
39280. Number=5579
39281. Confirmed=X
39282. Filename=svhost.exe
39283. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpy.html" target="_blank">SDBOT-PY</a> WORM!
39284. Source=Paul Collins Startup list
39285.  
39286. [Microsoft Synchronization Manager]
39287. Number=5580
39288. Confirmed=X
39289. Filename=WinLoginnn.exe
39290. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FO" target="_blank">SPYBOT.FO</a> WORM!
39291. Source=Paul Collins Startup list
39292.  
39293. [Microsoft Synchronization Manager]
39294. Number=5581
39295. Confirmed=X
39296. Filename=winupdate.exe
39297. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ER" target="_blank">SDBOT.ER</a> WORM!
39298. Source=Paul Collins Startup list
39299.  
39300. [Microsoft Synchronization Manager]
39301. Number=5582
39302. Confirmed=X
39303. Filename=xXx.exe
39304. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkz.html" target="_blank">SDBOT-KZ</a> WORM!
39305. Source=Paul Collins Startup list
39306.  
39307. [Microsoft Synchronization Manager]
39308. Number=5583
39309. Confirmed=X
39310. Filename=___synmgr.exe
39311. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120815-1506-99" target=_blank>MASLAN.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120914-3308-99" target=_blank>MASLAN.C</a> WORMS!
39312. Source=Paul Collins Startup list
39313.  
39314. [Microsoft Synchronization Manager]
39315. Number=5584
39316. Confirmed=X
39317. Filename=al.exe
39318. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTXPRO.132" target="_blank">OPTXPRO.132</a> TROJAN!
39319. Source=Paul Collins Startup list
39320.  
39321. [Microsoft Synchronization Manager]
39322. Number=5585
39323. Confirmed=X
39324. Filename=win.exe
39325. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011415-2748-99" target=_blank>SDBOT.AK</a> WORM!
39326. Source=Paul Collins Startup list
39327.  
39328. [Microsoft Synchronization Manager]
39329. Number=5586
39330. Confirmed=X
39331. Filename=java.exe
39332. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
39333. Source=Paul Collins Startup list
39334.  
39335. [Microsoft Synchronization Manager]
39336. Number=5587
39337. Confirmed=X
39338. Filename=svchosts.exe
39339. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotlm.html" target= blank>SDBOT-LM</a> WORM!
39340. Source=Paul Collins Startup list
39341.  
39342. [Microsoft Synchronization Manager]
39343. Number=5588
39344. Confirmed=X
39345. Filename=winlogon32.exe
39346. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AEU&VSect=T" target=_blank>SDBOT.AEU</a> WORM!
39347. Source=Paul Collins Startup list
39348.  
39349. [Microsoft Synchronization Manager]
39350. Number=5589
39351. Confirmed=X
39352. Filename=svxhost.exe
39353. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzu.html" target=_blank>SDBOT-ZU</a> WORM!
39354. Source=Paul Collins Startup list
39355.  
39356. [Microsoft Synchronization Manager]
39357. Number=5590
39358. Confirmed=X
39359. Filename=wincfg32.exe
39360. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DO&VSect=T" target=_blank>SDBOT.DO</a> WORM!
39361. Source=Paul Collins Startup list
39362.  
39363. [Microsoft Synchronization Manager]
39364. Number=5591
39365. Confirmed=X
39366. Filename=screen.exe
39367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaco.html" target=_blank>SDBOT-ACO</a> WORM!
39368. Source=Paul Collins Startup list
39369.  
39370. [Microsoft Synchronization Manager]
39371. Number=5592
39372. Confirmed=X
39373. Filename=devldr32.exe
39374. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - do not confuse with the legitimate Creative Labs <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>devldr32.exe</a> file
39375. Source=Paul Collins Startup list
39376.  
39377. [Microsoft Synchronization Manager]
39378. Number=5593
39379. Confirmed=X
39380. Filename=explorer.exe
39381. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html" target=_blank>SDBOT-AEA</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
39382. Source=Paul Collins Startup list
39383.  
39384. [Microsoft Synchronization Manager]
39385. Number=5594
39386. Confirmed=X
39387. Filename=firewire.exe
39388. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafc.html" target=_blank>SDBOT-AFC</a> WORM!
39389. Source=Paul Collins Startup list
39390.  
39391. [Microsoft Synchronization Manager]
39392. Number=5595
39393. Confirmed=X
39394. Filename=wmedia.exe
39395. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BFC" target="_blank">SDBOT.BFC</a> WORM!
39396. Source=Paul Collins Startup list
39397.  
39398. [Microsoft System]
39399. Number=5596
39400. Confirmed=X
39401. Filename=msupdtm.exe
39402. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060610-4756-99" target=_blank>SPYBOT.PKC</a> WORM!
39403. Source=Paul Collins Startup list
39404.  
39405. [Microsoft System]
39406. Number=5597
39407. Confirmed=X
39408. Filename=mssys32.exe
39409. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PETTICK.A" target="_blank">PETTICK.A</a> WORM!
39410. Source=Paul Collins Startup list
39411.  
39412. [Microsoft System]
39413. Number=5598
39414. Confirmed=X
39415. Filename=sys.exe
39416. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKI" target="_blank">RBOT.AKI</a> WORM!
39417. Source=Paul Collins Startup list
39418.  
39419. [Microsoft System Backup]
39420. Number=5599
39421. Confirmed=X
39422. Filename=[random filename]
39423. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagm.html" target=_blank>RBOT-AGM</a> WORM!
39424. Source=Paul Collins Startup list
39425.  
39426. [Microsoft System Checkup]
39427. Number=5600
39428. Confirmed=X
39429. Filename=Cool.exe
39430. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092716-2152-99" target="_blank">DONK.B</a> WORM!
39431. Source=Paul Collins Startup list
39432.  
39433. [Microsoft System Checkup]
39434. Number=5601
39435. Confirmed=X
39436. Filename=Wnetlib.exe
39437. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100914-4749-99" target="_blank">DONK.C</a> WORM!
39438. Source=Paul Collins Startup list
39439.  
39440. [Microsoft System Checkup]
39441. Number=5602
39442. Confirmed=X
39443. Filename=dbnetlib.exe
39444. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032318-2655-99" target="_blank">DONK.L</a> WORM!
39445. Source=Paul Collins Startup list
39446.  
39447. [Microsoft System Checkup]
39448. Number=5603
39449. Confirmed=X
39450. Filename=Keymgr.exe
39451. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040815-2440-99" target="_blank">DONK.M</a> WORM!
39452. Source=Paul Collins Startup list
39453.  
39454. [Microsoft System Checkup]
39455. Number=5604
39456. Confirmed=X
39457. Filename=inetman.exe
39458. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041911-2523-99" target="_blank">DONK.O</a> WORM!
39459. Source=Paul Collins Startup list
39460.  
39461. [Microsoft System Checkup]
39462. Number=5605
39463. Confirmed=X
39464. Filename=ntsysmgr.exe
39465. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092117-0635-99" target="_blank">DONK.S</a> WORM!
39466. Source=Paul Collins Startup list
39467.  
39468. [Microsoft System Checkup]
39469. Number=5606
39470. Confirmed=X
39471. Filename=ntsysman.exe
39472. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqw.html" target=_blank>SDBOT-QW</a> WORM!
39473.  
39474. Source=Paul Collins Startup list
39475.  
39476. [Microsoft System Checkup]
39477. Number=5607
39478. Confirmed=X
39479. Filename=libsysmgr.exe
39480. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html" target=_blank>SDBOT-CAF</a> WORM!
39481. Source=Paul Collins Startup list
39482.  
39483. [Microsoft System Checkup]
39484. Number=5608
39485. Confirmed=X
39486. Filename=sysmgr.exe
39487. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotoo.html" target=_blank>SDBOT-OO</a> TROJAN!
39488. Source=Paul Collins Startup list
39489.  
39490. [Microsoft System Checkup]
39491. Number=5609
39492. Confirmed=X
39493. Filename=netapi32.exe
39494. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32donke.html" target=_blank>DONK-E</a> WORM!
39495. Source=Paul Collins Startup list
39496.  
39497. [Microsoft System Checkup]
39498. Number=5610
39499. Confirmed=X
39500. Filename=wnetmgr.exe
39501. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051015-2700-99" target= blank>DONK.Q</a> WORM!
39502. Source=Paul Collins Startup list
39503.  
39504. [Microsoft System Checkup]
39505. Number=5611
39506. Confirmed=X
39507. Filename=libsys32.exe
39508. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotack.html" target=_blank>SDBOT-ACK</a> WORM!
39509. Source=Paul Collins Startup list
39510.  
39511. [Microsoft System Debug]
39512. Number=5612
39513. Confirmed=X
39514. Filename=services32.exe
39515. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKH&VSect=P" target=_blank>RBOT.AKH</a> WORM!
39516. Source=Paul Collins Startup list
39517.  
39518. [Microsoft System DLL Services Configuration]
39519. Number=5613
39520. Confirmed=X
39521. Filename=windir32.exe
39522. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacy.html" target=_blank>SDBOT-ACY</a> TROJAN!
39523. Source=Paul Collins Startup list
39524.  
39525. [Microsoft System File]
39526. Number=5614
39527. Confirmed=X
39528. Filename=svchots.exe
39529. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BYU" target="_blank">RBOT.BYU</a> WORM!
39530. Source=Paul Collins Startup list
39531.  
39532. [Microsoft System Firewall 2006.2]
39533. Number=5615
39534. Confirmed=X
39535. Filename=msmsgr.exe
39536. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
39537. Source=Paul Collins Startup list
39538.  
39539. [Microsoft System Firewall 2006.2]
39540. Number=5616
39541. Confirmed=X
39542. Filename=msnmsgr.exe
39543. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the valid MSN Messenger (now <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility
39544. Source=Paul Collins Startup list
39545.  
39546. [Microsoft System Firewall 2006.2]
39547. Number=5617
39548. Confirmed=X
39549. Filename=reg32.exe
39550. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
39551. Source=Paul Collins Startup list
39552.  
39553. [Microsoft System Init]
39554. Number=5618
39555. Confirmed=X
39556. Filename=mtmnr0.exe
39557. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BR" target="_blank">SDBOT.BR</a> TROJAN!
39558. Source=Paul Collins Startup list
39559.  
39560. [Microsoft System NT]
39561. Number=5619
39562. Confirmed=X
39563. Filename=svhost.exe
39564. Description=Added by the <a href="http://www.enciclopediavirus.com/virus/vervirus.php?id=1446&alerta=1" target=_blank>SDBOT.COU</a> WORM!
39565. Source=Paul Collins Startup list
39566.  
39567. [Microsoft System Restore Configuration]
39568. Number=5620
39569. Confirmed=X
39570. Filename=CBRSS.EXE
39571. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
39572. Source=Paul Collins Startup list
39573.  
39574. [Microsoft System Saver]
39575. Number=5621
39576. Confirmed=X
39577. Filename=[path to worm]
39578. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BSK" target="_blank">RBOT.BSK</a> WORM!
39579.  
39580. Source=Paul Collins Startup list
39581.  
39582. [Microsoft System Security Agent]
39583. Number=5622
39584. Confirmed=X
39585. Filename=MSTSA.EXE
39586. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CCM" target="_blank">RBOT.CCM</a> WORM!
39587. Source=Paul Collins Startup list
39588.  
39589. [Microsoft System Services]
39590. Number=5623
39591. Confirmed=X
39592. Filename=msnmgsr.exe
39593. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-4030-99" target=_blank>KELVIR.K</a> WORM!
39594. Source=Paul Collins Startup list
39595.  
39596. [Microsoft System Services]
39597. Number=5624
39598. Confirmed=X
39599. Filename=msmsgr.exe
39600. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzh.html" target= blank>RBOT-ZH</a> WORM!
39601. Source=Paul Collins Startup list
39602.  
39603. [Microsoft System Update]
39604. Number=5625
39605. Confirmed=X
39606. Filename=sysupdate.exe
39607. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.DG&VSect=P" target=_blank>SDBOT.DG</a> WORM!
39608. Source=Paul Collins Startup list
39609.  
39610. [Microsoft System32 Update]
39611. Number=5626
39612. Confirmed=X
39613. Filename=cmsrg.exe
39614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgn.html" target=_blank>RBOT-GN</a> WORM!
39615. Source=Paul Collins Startup list
39616.  
39617. [Microsoft Task32 Protocol]
39618. Number=5627
39619. Confirmed=X
39620. Filename=taskmgr32.exe
39621. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
39622. Source=Paul Collins Startup list
39623.  
39624. [Microsoft Taskmanager Updater]
39625. Number=5628
39626. Confirmed=X
39627. Filename=keyboard.exe
39628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalu.html" target=_blank>RBOT-ALU</a> WORM!
39629. Source=Paul Collins Startup list
39630.  
39631. [Microsoft TCP/IP Connection Monitor]
39632. Number=5629
39633. Confirmed=X
39634. Filename=svchost32.exe
39635. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
39636. Source=Paul Collins Startup list
39637.  
39638. [Microsoft Telecom Center]
39639. Number=5630
39640. Confirmed=X
39641. Filename=tellecom.exe
39642. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39643. Source=Paul Collins Startup list
39644.  
39645. [Microsoft Telecoma Center]
39646. Number=5631
39647. Confirmed=X
39648. Filename=tellcoma.exe
39649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawx.html" target=_blank>RBOT-AWX</a> WORM!
39650. Source=Paul Collins Startup list
39651.  
39652. [Microsoft Telecoms Center]
39653. Number=5632
39654. Confirmed=X
39655. Filename=telcoms.exe
39656. Description=Added by the <a href="http://www.greatis.com/appdata/d/SysDir/t/telcoms.exe_Removal.htm" target=_blank>IRCBOT.GEN</a> WORM!
39657.  
39658. Source=Paul Collins Startup list
39659.  
39660. [Microsoft Telecoms Center]
39661. Number=5633
39662. Confirmed=X
39663. Filename=xpfilesys.exe
39664. Description=Added by the RBOT.BCJ TROJAN!
39665. Source=Paul Collins Startup list
39666.  
39667. [Microsoft Telecoms Center]
39668. Number=5634
39669. Confirmed=X
39670. Filename=winupn.exe
39671. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
39672. Source=Paul Collins Startup list
39673.  
39674. [Microsoft Telecoms Center]
39675. Number=5635
39676. Confirmed=X
39677. Filename=svcchost.exe
39678. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39679. Source=Paul Collins Startup list
39680.  
39681. [Microsoft Time Manager]
39682. Number=5636
39683. Confirmed=X
39684. Filename=dveldr.exe
39685. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothq.html" target="_blank">RBOT-HQ</a> WORM!
39686. Source=Paul Collins Startup list
39687.  
39688. [MicroSoft Toolbar]
39689. Number=5637
39690. Confirmed=X
39691. Filename=key.exe
39692. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaew.html" target=_blank>RBOT-AEW</a> WORM!
39693. Source=Paul Collins Startup list
39694.  
39695. [Microsoft Transfer File Server]
39696. Number=5638
39697. Confirmed=X
39698. Filename=mtfs.exe
39699. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFE" target="_blank">RBOT.AFE</a> WORM!
39700. Source=Paul Collins Startup list
39701.  
39702. [Microsoft Tray]
39703. Number=5639
39704. Confirmed=X
39705. Filename=[random filename]
39706. Description=Added by the <a href="http://www.vsantivirus.com/back-delf-bz.htm" target="_blank">DELF.BZ</a> TROJAN!
39707. Source=Paul Collins Startup list
39708.  
39709. [Microsoft TTL Verifier]
39710. Number=5640
39711. Confirmed=X
39712. Filename=msttl.exe
39713. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgap.html" target="_blank">RBOT-GAP</a> WORM!
39714. Source=Paul Collins Startup list
39715.  
39716. [Microsoft U]
39717. Number=5641
39718. Confirmed=X
39719. Filename=wuamkopxp.exe
39720. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahc.html" target=_blank>RBOT-AHC</a> WORM!
39721. Source=Paul Collins Startup list
39722.  
39723. [Microsoft UMA Update]
39724. Number=5642
39725. Confirmed=X
39726. Filename=MSuma32.exe
39727. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FS" target="_blank">RBOT.FS</a> WORM!
39728. Source=Paul Collins Startup list
39729.  
39730. [MICROSOFT UNPACCKER SYSTEM]
39731. Number=5643
39732. Confirmed=X
39733. Filename=unpak32.exe
39734. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39735. Source=Paul Collins Startup list
39736.  
39737. [MICROSOFT UNPACK SYSTEM]
39738. Number=5644
39739. Confirmed=X
39740. Filename=winrarx.exe
39741. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39742. Source=Paul Collins Startup list
39743.  
39744. [Microsoft Updat3]
39745. Number=5645
39746. Confirmed=X
39747. Filename=mswkst32.exe
39748. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39749. Source=Paul Collins Startup list
39750.  
39751. [Microsoft Update]
39752. Number=5646
39753. Confirmed=X
39754. Filename=Microsoft.exe
39755. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
39756. Source=Paul Collins Startup list
39757.  
39758. [Microsoft Update]
39759. Number=5647
39760. Confirmed=X
39761. Filename=mssmgrd.exe
39762. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JT" target="_blank">SDBOT.JT</a> WORM!
39763. Source=Paul Collins Startup list
39764.  
39765. [Microsoft Update]
39766. Number=5648
39767. Confirmed=X
39768. Filename=mvsc.exe
39769. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082710-2418-99" target="_blank">SPYBOT.DAZ</a> WORM!
39770. Source=Paul Collins Startup list
39771.  
39772. [Microsoft Update]
39773. Number=5649
39774. Confirmed=X
39775. Filename=ascdl.exe
39776. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
39777. Source=Paul Collins Startup list
39778.  
39779. [Microsoft Update]
39780. Number=5650
39781. Confirmed=X
39782. Filename=Isac.exe
39783. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotau.html" target="_blank">RBOT-AU</a> WORM!
39784. Source=Paul Collins Startup list
39785.  
39786. [Microsoft Update]
39787. Number=5651
39788. Confirmed=X
39789. Filename=automgr32.exe
39790. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39791. Source=Paul Collins Startup list
39792.  
39793. [Microsoft Update]
39794. Number=5652
39795. Confirmed=X
39796. Filename=mediap.exe
39797. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39798. Source=Paul Collins Startup list
39799.  
39800. [Microsoft Update]
39801. Number=5653
39802. Confirmed=X
39803. Filename=Microsoftx.exe
39804. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39805. Source=Paul Collins Startup list
39806.  
39807. [Microsoft Update]
39808. Number=5654
39809. Confirmed=X
39810. Filename=msconfg.exe
39811. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39662" target=_blank>RBOT.H</a> WORM!
39812. Source=Paul Collins Startup list
39813.  
39814. [Microsoft Update]
39815. Number=5655
39816. Confirmed=X
39817. Filename=Mslti32.exe
39818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlx.html" target="_blank">RBOT-LX</a> WORM!
39819. Source=Paul Collins Startup list
39820.  
39821. [Microsoft Update]
39822. Number=5656
39823. Confirmed=X
39824. Filename=muamgrd.exe
39825. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
39826. Source=Paul Collins Startup list
39827.  
39828. [Microsoft Update]
39829. Number=5657
39830. Confirmed=X
39831. Filename=navmgrd.exe
39832. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DP" target="_blank">SDBOT.DP</a> TROJAN!
39833. Source=Paul Collins Startup list
39834.  
39835. [Microsoft Update]
39836. Number=5658
39837. Confirmed=X
39838. Filename=Smss32.exe
39839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcb.html" target="_blank">RBOT.CB</a> WORM!
39840. Source=Paul Collins Startup list
39841.  
39842. [Microsoft Update]
39843. Number=5659
39844. Confirmed=X
39845. Filename=sys32cfg.exe
39846. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DR" target="_blank">RBOT.DR</a> WORM!
39847. Source=Paul Collins Startup list
39848.  
39849. [Microsoft Update]
39850. Number=5660
39851. Confirmed=X
39852. Filename=VPC32.EXE
39853. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XM" target="_blank">AGOBOT.XM</a> WORM!
39854. Source=Paul Collins Startup list
39855.  
39856. [Microsoft Update]
39857. Number=5661
39858. Confirmed=X
39859. Filename=winsys32.exe
39860. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
39861. Source=Paul Collins Startup list
39862.  
39863. [Microsoft Update]
39864. Number=5662
39865. Confirmed=X
39866. Filename=wuamgrd.exe
39867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlk.html" target="_blank">RBOT-LK</a> WORM!
39868. Source=Paul Collins Startup list
39869.  
39870. [Microsoft Update]
39871. Number=5663
39872. Confirmed=X
39873. Filename=wuammgr32.exe
39874. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaw.html" target="_blank">RBOT-AW</a> WORM!
39875. Source=Paul Collins Startup list
39876.  
39877. [Microsoft Update]
39878. Number=5664
39879. Confirmed=X
39880. Filename=wudmate.exe
39881. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AP" target="_blank">RBOT.AP</a> WORM!
39882. Source=Paul Collins Startup list
39883.  
39884. [Microsoft Update]
39885. Number=5665
39886. Confirmed=X
39887. Filename=msawindows.exe
39888. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
39889. Source=Paul Collins Startup list
39890.  
39891. [Microsoft Update]
39892. Number=5666
39893. Confirmed=X
39894. Filename=msiwin84.exe
39895. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
39896. Source=Paul Collins Startup list
39897.  
39898. [Microsoft Update]
39899. Number=5667
39900. Confirmed=X
39901. Filename=wuamgrd32.exe
39902. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZB" target=_blank>RBOT.ZB</a> WORM!
39903.  
39904. Source=Paul Collins Startup list
39905.  
39906. [Microsoft Update]
39907. Number=5668
39908. Confirmed=X
39909. Filename=NAV.exe
39910. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotiv.html" target=_blank>RBOT-IV</a> WORM!
39911. Source=Paul Collins Startup list
39912.  
39913. [Microsoft Update]
39914. Number=5669
39915. Confirmed=X
39916. Filename=systemi32.exe
39917. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
39918. Source=Paul Collins Startup list
39919.  
39920. [Microsoft Update]
39921. Number=5670
39922. Confirmed=X
39923. Filename=xpupdate.exe
39924. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqe.html" target=_blank>RBOT-QE</a> WORM!
39925. Source=Paul Collins Startup list
39926.  
39927. [Microsoft Update]
39928. Number=5671
39929. Confirmed=X
39930. Filename=webm.exe
39931. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WK" target="_blank">SDBOT.WK</a> WORM!
39932. Source=Paul Collins Startup list
39933.  
39934. [Microsoft Update]
39935. Number=5672
39936. Confirmed=X
39937. Filename=wuagrd.exe
39938. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfk.html" target=_blank>RBOT-FK</a> WORM!
39939. Source=Paul Collins Startup list
39940.  
39941. [Microsoft Update]
39942. Number=5673
39943. Confirmed=X
39944. Filename=aaupdt.exe
39945. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrq.html" target=_blank>RBOT-RQ</a> WORM!
39946. Source=Paul Collins Startup list
39947.  
39948. [Microsoft Update]
39949. Number=5674
39950. Confirmed=X
39951. Filename=lsac.exe
39952. Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=48428" target="_blank">GAOBOT.XW</a> WORM!
39953. Source=Paul Collins Startup list
39954.  
39955. [Microsoft Update]
39956. Number=5675
39957. Confirmed=X
39958. Filename=Mupdate.exe
39959. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotag.html" target=_blank>RBOT-AG</a> WORM!
39960. Source=Paul Collins Startup list
39961.  
39962. [Microsoft Update]
39963. Number=5676
39964. Confirmed=X
39965. Filename=prowind32.exe
39966. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
39967. Source=Paul Collins Startup list
39968.  
39969. [Microsoft Update]
39970. Number=5677
39971. Confirmed=X
39972. Filename=snlogsvc.exe
39973. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
39974. Source=Paul Collins Startup list
39975.  
39976. [Microsoft Update]
39977. Number=5678
39978. Confirmed=X
39979. Filename=svhost.exe
39980. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpi.html" target=_blank>RBOT-PI</a> WORM!
39981. Source=Paul Collins Startup list
39982.  
39983. [Microsoft Update]
39984. Number=5679
39985. Confirmed=X
39986. Filename=wauguard.exe
39987. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEE" target="_blank">RBOT.AEE</a> WORM!
39988. Source=Paul Collins Startup list
39989.  
39990. [Microsoft Update]
39991. Number=5680
39992. Confirmed=X
39993. Filename=winscv.exe
39994. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbh.html" target=_blank>RBOT-BH</a> WORM!
39995. Source=Paul Collins Startup list
39996.  
39997. [Microsoft Update]
39998. Number=5681
39999. Confirmed=X
40000. Filename=winsys.exe
40001. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgv.html" target=_blank>RBOT-GV</a> WORM!
40002. Source=Paul Collins Startup list
40003.  
40004. [Microsoft Update]
40005. Number=5682
40006. Confirmed=X
40007. Filename=wserv32.exe
40008. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AF&VSect=T" target=_blank>RBOT.AF</a> WORM!
40009. Source=Paul Collins Startup list
40010.  
40011. [Microsoft Update]
40012. Number=5683
40013. Confirmed=X
40014. Filename=wtm32.exe
40015. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaq.html" target=_blank>RBOT-AQ</a> WORM!
40016. Source=Paul Collins Startup list
40017.  
40018. [Microsoft Update]
40019. Number=5684
40020. Confirmed=X
40021. Filename=wumgrd.exe
40022. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotky.html" target=_blank>SDBOT-KY</a> WORM!
40023. Source=Paul Collins Startup list
40024.  
40025. [Microsoft Update]
40026. Number=5685
40027. Confirmed=X
40028. Filename=wuampd.exe
40029. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotut.html" target=_blank>RBOT-UT</a> WORM!
40030. Source=Paul Collins Startup list
40031.  
40032. [Microsoft Update]
40033. Number=5686
40034. Confirmed=X
40035. Filename=msupdate32.exe
40036. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
40037. Source=Paul Collins Startup list
40038.  
40039. [Microsoft Update]
40040. Number=5687
40041. Confirmed=X
40042. Filename=Botnet.exe
40043. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFL" target="_blank">RBOT.AFL</a> WORM!
40044. Source=Paul Collins Startup list
40045.  
40046. [Microsoft Update]
40047. Number=5688
40048. Confirmed=X
40049. Filename=sghost.exe
40050. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKV&VSect=P" target=_blank>SDBOT.AKV</a> WORM!
40051. Source=Paul Collins Startup list
40052.  
40053. [Microsoft Update]
40054. Number=5689
40055. Confirmed=X
40056. Filename=update_w.exe
40057. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotew.html" target=_blank>RBOT-EW</a> WORM!
40058. Source=Paul Collins Startup list
40059.  
40060. [Microsoft Update]
40061. Number=5690
40062. Confirmed=X
40063. Filename=windows24.exe
40064. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40065. Source=Paul Collins Startup list
40066.  
40067. [Microsoft Update]
40068. Number=5691
40069. Confirmed=X
40070. Filename=wingrd32.exe
40071. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdw.html" target=_blank>RBOT-DW</a> WORM!
40072. Source=Paul Collins Startup list
40073.  
40074. [Microsoft Update]
40075. Number=5692
40076. Confirmed=X
40077. Filename=wssvr.exe
40078. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotod.html" target=_blank>RBOT-OD</a> WORM!
40079. Source=Paul Collins Startup list
40080.  
40081. [Microsoft Update]
40082. Number=5693
40083. Confirmed=X
40084. Filename=wuamagr32.exe
40085. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CG" target="_blank">SPYBOT.CG</a> WORM!
40086. Source=Paul Collins Startup list
40087.  
40088. [Microsoft Update]
40089. Number=5694
40090. Confirmed=X
40091. Filename=WinUpdate32.exe
40092. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotti.html" target= blank>RBOT-TI</a> WORM!
40093. Source=Paul Collins Startup list
40094.  
40095. [Microsoft Update]
40096. Number=5695
40097. Confirmed=X
40098. Filename=wkfix.exe
40099. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabz.html" target= blank>RBOT-ABZ</a> WORM!
40100. Source=Paul Collins Startup list
40101.  
40102. [Microsoft Update]
40103. Number=5696
40104. Confirmed=X
40105. Filename=Kkk.exe
40106. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahl.html" target=_blank>RBOT-AHL</a> WORM!
40107. Source=Paul Collins Startup list
40108.  
40109. [Microsoft Update]
40110. Number=5697
40111. Confirmed=X
40112. Filename=mcupdate.exe
40113. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XT" target="_blank">RBOT.XT</a> WORM! Note - this file is located in the Windows\System32 or Winnt\System32 folder, and should not be confused with the McAfee antivirus executable as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mcupdate/" target="_blank">here</a>
40114. Source=Paul Collins Startup list
40115.  
40116. [Microsoft Update]
40117. Number=5698
40118. Confirmed=X
40119. Filename=Micr0s0ft.exe
40120. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAR&VSect=P" target=_blank>AGOBOT.AAR</a> WORM!
40121. Source=Paul Collins Startup list
40122.  
40123. [Microsoft Update]
40124. Number=5699
40125. Confirmed=X
40126. Filename=Msnmsngr.exe
40127. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQS&VSect=P" target=_blank>RBOT.BQS</a> WORM!
40128. Source=Paul Collins Startup list
40129.  
40130. [Microsoft Update]
40131. Number=5700
40132. Confirmed=X
40133. Filename=msupdate32.exe
40134. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.LZ&VSect=P" target=_blank>SPYBOT.LZ</a> WORM!
40135. Source=Paul Collins Startup list
40136.  
40137. [Microsoft Update]
40138. Number=5701
40139. Confirmed=X
40140. Filename=scvhost.exe
40141. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaem.html" target=_blank>RBOT-AEM</a> WORM!
40142. Source=Paul Collins Startup list
40143.  
40144. [Microsoft Update]
40145. Number=5702
40146. Confirmed=X
40147. Filename=svghost.exe
40148. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40149. Source=Paul Collins Startup list
40150.  
40151. [Microsoft Update]
40152. Number=5703
40153. Confirmed=X
40154. Filename=sys.exe
40155. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaj.html" target=_blank>RBOT-AJ</a> WORM!
40156. Source=Paul Collins Startup list
40157.  
40158. [Microsoft Update]
40159. Number=5704
40160. Confirmed=X
40161. Filename=up2dat5.exe
40162. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
40163. Source=Paul Collins Startup list
40164.  
40165. [Microsoft Update]
40166. Number=5705
40167. Confirmed=X
40168. Filename=winamp.exe
40169. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
40170. Source=Paul Collins Startup list
40171.  
40172. [Microsoft Update]
40173. Number=5706
40174. Confirmed=X
40175. Filename=win-mang.exe
40176. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafk.html" target=_blank>RBOT-AFK</a> WORM!
40177. Source=Paul Collins Startup list
40178.  
40179. [Microsoft Update]
40180. Number=5707
40181. Confirmed=X
40182. Filename=winupdater.exe
40183. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BIN&VSect=P" target=_blank>RBOT.BIN</a> WORM!
40184. Source=Paul Collins Startup list
40185.  
40186. [Microsoft Update]
40187. Number=5708
40188. Confirmed=X
40189. Filename=wuamk0032.exe
40190. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40191. Source=Paul Collins Startup list
40192.  
40193. [Microsoft Update]
40194. Number=5709
40195. Confirmed=X
40196. Filename=wuamk032.exe
40197. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahd.html" target=_blank>RBOT-AHD</a> WORM!
40198. Source=Paul Collins Startup list
40199.  
40200. [Microsoft Update]
40201. Number=5710
40202. Confirmed=X
40203. Filename=wuamk0p32.exe
40204. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40205. Source=Paul Collins Startup list
40206.  
40207. [Microsoft Update]
40208. Number=5711
40209. Confirmed=X
40210. Filename=wuamkop.exe
40211. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafi.html" target=_blank>RBOT-AFI</a> WORM!
40212. Source=Paul Collins Startup list
40213.  
40214. [Microsoft Update]
40215. Number=5712
40216. Confirmed=X
40217. Filename=wuamkop32.exe
40218. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BGU&VSect=P" target=_blank>RBOT.BGU</a> WORM!
40219. Source=Paul Collins Startup list
40220.  
40221. [Microsoft Update]
40222. Number=5713
40223. Confirmed=X
40224. Filename=wuampkd.exe
40225. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BBX&VSect=P" target=_blank>SDBOT.BBX</a> WORM!
40226. Source=Paul Collins Startup list
40227.  
40228. [Microsoft Update]
40229. Number=5714
40230. Confirmed=X
40231. Filename=svzhost.exe
40232. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OX&VSect=P" target=_blank>RBOT.OX</a> WORM!
40233. Source=Paul Collins Startup list
40234.  
40235. [Microsoft Update]
40236. Number=5715
40237. Confirmed=X
40238. Filename=win32.exe
40239. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
40240. Source=Paul Collins Startup list
40241.  
40242. [Microsoft Update]
40243. Number=5716
40244. Confirmed=X
40245. Filename=wininit.exe
40246. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakr.html" target=_blank>RBOT-AKR</a> WORM!
40247. Source=Paul Collins Startup list
40248.  
40249. [Microsoft Update]
40250. Number=5717
40251. Confirmed=X
40252. Filename=wuamgrd3.exe
40253. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamc.html" target=_blank>RBOT-AMC</a> WORM! 
40254. Source=Paul Collins Startup list
40255.  
40256. [Microsoft Update]
40257. Number=5718
40258. Confirmed=X
40259. Filename=Wudates.exe
40260. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40261. Source=Paul Collins Startup list
40262.  
40263. [Microsoft Update]
40264. Number=5719
40265. Confirmed=X
40266. Filename=ms.exe
40267. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.CC" target="_blank">SDBOT.CC</a> WORM!
40268. Source=Paul Collins Startup list
40269.  
40270. [Microsoft Update]
40271. Number=5720
40272. Confirmed=X
40273. Filename=wuagmsd.exe
40274. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotax.html" target=_blank>RBOT-AX</a> WORM!
40275. Source=Paul Collins Startup list
40276.  
40277. [Microsoft Update]
40278. Number=5721
40279. Confirmed=X
40280. Filename=cmss.exe
40281. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatq.html" target=_blank>RBOT-ATQ</a> WORM!
40282. Source=Paul Collins Startup list
40283.  
40284. [Microsoft Update]
40285. Number=5722
40286. Confirmed=X
40287. Filename=wuamgrb.exe
40288. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaze.html" target=_blank>RBOT-AZE</a> WORM!
40289. Source=Paul Collins Startup list
40290.  
40291. [Microsoft Update]
40292. Number=5723
40293. Confirmed=X
40294. Filename=WINDOC.EXE
40295. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PF" target="_blank">SDBOT.PF</a> WORM!
40296. Source=Paul Collins Startup list
40297.  
40298. [Microsoft Update]
40299. Number=5724
40300. Confirmed=X
40301. Filename=phqghumea.exe
40302. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFO" target="_blank">SDBOT.AFO</a> WORM!
40303. Source=Paul Collins Startup list
40304.  
40305. [Microsoft Update]
40306. Number=5725
40307. Confirmed=X
40308. Filename=system32.exe
40309. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IS" target="_blank">RBOT.IS</a> WORM!
40310. Source=Paul Collins Startup list
40311.  
40312. [Microsoft Update]
40313. Number=5726
40314. Confirmed=X
40315. Filename=bling.exe
40316. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavk.html" target="_blank">RBOT-AVK</a> WORM!
40317. Source=Paul Collins Startup list
40318.  
40319. [Microsoft Update]
40320. Number=5727
40321. Confirmed=X
40322. Filename=Sygate.exe
40323. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
40324. Source=Paul Collins Startup list
40325.  
40326. [Microsoft Update]
40327. Number=5728
40328. Confirmed=X
40329. Filename=update.exe
40330. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
40331. Source=Paul Collins Startup list
40332.  
40333. [Microsoft Update]
40334. Number=5729
40335. Confirmed=X
40336. Filename=WinDrv32.exe
40337. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=50951" target="_blank">RBOT.EGW</a> WORM!
40338. Source=Paul Collins Startup list
40339.  
40340. [Microsoft Update]
40341. Number=5730
40342. Confirmed=X
40343. Filename=devmks32.exe
40344. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
40345. Source=Paul Collins Startup list
40346.  
40347. [Microsoft Update]
40348. Number=5731
40349. Confirmed=X
40350. Filename=devmks32.exe
40351. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
40352. Source=Paul Collins Startup list
40353.  
40354. [Microsoft update]
40355. Number=5732
40356. Confirmed=X
40357. Filename=winupdate.exe
40358. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
40359. Source=Paul Collins Startup list
40360.  
40361. [Microsoft Update]
40362. Number=5733
40363. Confirmed=X
40364. Filename=msupdate.exe
40365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojboroboti.html" target="_blank">BOROBOT-I</a> TROJAN!
40366. Source=Paul Collins Startup list
40367.  
40368. [Microsoft Update]
40369. Number=5734
40370. Confirmed=X
40371. Filename=mixer.exe
40372. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotair.html" target="_blank">RBOT-AIR</a> WORM!
40373. Source=Paul Collins Startup list
40374.  
40375. [Microsoft Update]
40376. Number=5735
40377. Confirmed=X
40378. Filename=taskmgr32.exe
40379. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcv.html" target="_blank">RBOT-CV</a> WORM!
40380. Source=Paul Collins Startup list
40381.  
40382. [Microsoft Update]
40383. Number=5736
40384. Confirmed=X
40385. Filename=drive.exe
40386. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bifrosepn.html" target="_blank">BIFROSE-PN</a> WORM!
40387. Source=Paul Collins Startup list
40388.  
40389. [Microsoft Update]
40390. Number=5737
40391. Confirmed=X
40392. Filename=wangard.exe
40393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlh.html" target="_blank">RBOT-LH</a> WORM!
40394. Source=Paul Collins Startup list
40395.  
40396. [Microsoft Update 23]
40397. Number=5738
40398. Confirmed=X
40399. Filename=NtKernelSystem.exe
40400. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40401. Source=Paul Collins Startup list
40402.  
40403. [Microsoft Update 23]
40404. Number=5739
40405. Confirmed=X
40406. Filename=spoolvs.exe
40407. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
40408. Source=Paul Collins Startup list
40409.  
40410. [Microsoft Update 32]
40411. Number=5740
40412. Confirmed=X
40413. Filename=explore32.exe
40414. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091416-0348-99" target="_blank">SPYBOT.CYM</a> WORM!
40415. Source=Paul Collins Startup list
40416.  
40417. [Microsoft Update 32]
40418. Number=5741
40419. Confirmed=X
40420. Filename=MSupdate32.exe
40421. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
40422. Source=Paul Collins Startup list
40423.  
40424. [Microsoft Update 32]
40425. Number=5742
40426. Confirmed=X
40427. Filename=wininit.exe
40428. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotany.html" target=_blank>RBOT-ANY</a> WORM!
40429. Source=Paul Collins Startup list
40430.  
40431. [Microsoft Update 32]
40432. Number=5743
40433. Confirmed=X
40434. Filename=wininit32.exe
40435. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40436. Source=Paul Collins Startup list
40437.  
40438. [Microsoft Update 32]
40439. Number=5744
40440. Confirmed=X
40441. Filename=[path to file]
40442. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajj.html" target=_blank>RBOT-AJJ</a> WORM!
40443. Source=Paul Collins Startup list
40444.  
40445. [Microsoft Update 32]
40446. Number=5745
40447. Confirmed=X
40448. Filename=mscnfg.exe
40449. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalm.html" target=_blank>RBOT-ALM</a> WORM!
40450. Source=Paul Collins Startup list
40451.  
40452. [Microsoft Update 32]
40453. Number=5746
40454. Confirmed=X
40455. Filename=servic.exe
40456. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxn.html" target=_blank>RBOT-AXN</a> WORM!
40457. Source=Paul Collins Startup list
40458.  
40459. [Microsoft Update 32]
40460. Number=5747
40461. Confirmed=X
40462. Filename=winitXP32.exe
40463. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40464. Source=Paul Collins Startup list
40465.  
40466. [Microsoft Update 32]
40467. Number=5748
40468. Confirmed=X
40469. Filename=mssetup32.exe
40470. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40471. Source=Paul Collins Startup list
40472.  
40473. [Microsoft Update 32]
40474. Number=5749
40475. Confirmed=X
40476. Filename=wiit.exe
40477. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotams.html" target=_blank>RBOT-AMS</a> WORM!
40478. Source=Paul Collins Startup list
40479.  
40480. [Microsoft Update 32]
40481. Number=5750
40482. Confirmed=X
40483. Filename=explorer.exe
40484. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarf.html" target="_blank">RBOT-ARF</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
40485. Source=Paul Collins Startup list
40486.  
40487. [Microsoft Update 32]
40488. Number=5751
40489. Confirmed=X
40490. Filename=network.exe
40491. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarz.html" target=_blank>RBOT-ARZ</a> WORM!
40492. Source=Paul Collins Startup list
40493.  
40494. [Microsoft Update 32]
40495. Number=5752
40496. Confirmed=X
40497. Filename=om4r.exe
40498. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqp.html" target=_blank>RBOT-AQP</a> WORM!
40499. Source=Paul Collins Startup list
40500.  
40501. [Microsoft Update 32]
40502. Number=5753
40503. Confirmed=X
40504. Filename=winin.exe
40505. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarr.html" target=_blank>RBOT-ARR</a> WORM!
40506. Source=Paul Collins Startup list
40507.  
40508. [Microsoft Update 32]
40509. Number=5754
40510. Confirmed=X
40511. Filename=wuinit.exe
40512. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotue.html" target=_blank>AGOBOT-UE</a> WORM!
40513. Source=Paul Collins Startup list
40514.  
40515. [Microsoft Update 32]
40516. Number=5755
40517. Confirmed=X
40518. Filename=neta.exe
40519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotami.html" target="_blank">RBOT-AMI</a> WORM!
40520. Source=Paul Collins Startup list
40521.  
40522. [Microsoft Update 33]
40523. Number=5756
40524. Confirmed=X
40525. Filename=init.exe
40526. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatt.html" target=_blank>RBOT-ATT</a> WORM!
40527. Source=Paul Collins Startup list
40528.  
40529. [Microsoft Update 64 BIT]
40530. Number=5757
40531. Confirmed=X
40532. Filename=wininit32.exe
40533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahe.html" target=_blank>RBOT-AHE</a> WORM!
40534. Source=Paul Collins Startup list
40535.  
40536. [Microsoft Update 64 BIT]
40537. Number=5758
40538. Confirmed=X
40539. Filename=winman32.exe
40540. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaki.html" target=_blank>RBOT-AKI</a> WORM!
40541. Source=Paul Collins Startup list
40542.  
40543. [Microsoft Update 64 BIT]
40544. Number=5759
40545. Confirmed=X
40546. Filename=schvost.exe
40547. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CAU&VSect=P" target=_blank>RBOT.CAU</a> WORM!
40548. Source=Paul Collins Startup list
40549.  
40550. [Microsoft Update 64 BIT]
40551. Number=5760
40552. Confirmed=X
40553. Filename=winl32xe.exe
40554. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqo.html" target=_blank>RBOT-AQO</a> WORM!
40555. Source=Paul Collins Startup list
40556.  
40557. [MICROSOFT UPDATE CONFIGURATION]
40558. Number=5761
40559. Confirmed=X
40560. Filename=WIN32SNC.EXE
40561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotai.html" target=_blank>RBOT-AI</a> WORM!
40562. Source=Paul Collins Startup list
40563.  
40564. [Microsoft Update Control]
40565. Number=5762
40566. Confirmed=X
40567. Filename=Ms64.exe
40568. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40569. Source=Paul Collins Startup list
40570.  
40571. [Microsoft Update Debugger]
40572. Number=5763
40573. Confirmed=X
40574. Filename=wincfg32.exe
40575. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ZC&VSect=T" target=_blank>SPYBOT.ZC</a> WORM!
40576. Source=Paul Collins Startup list
40577.  
40578. [Microsoft Update Device Drivers]
40579. Number=5764
40580. Confirmed=X
40581. Filename=wuauclt.exe
40582. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
40583. Source=Paul Collins Startup list
40584.  
40585. [Microsoft Update DLL]
40586. Number=5765
40587. Confirmed=X
40588. Filename=rxxhost.exe
40589. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40590. Source=Paul Collins Startup list
40591.  
40592. [Microsoft Update Drivers]
40593. Number=5766
40594. Confirmed=X
40595. Filename=explorers.exe
40596. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
40597. Source=Paul Collins Startup list
40598.  
40599. [Microsoft Update Emulator]
40600. Number=5767
40601. Confirmed=X
40602. Filename=kern-mxe.exe
40603. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40604. Source=Paul Collins Startup list
40605.  
40606. [Microsoft Update Loader]
40607. Number=5768
40608. Confirmed=X
40609. Filename=[random filename]
40610. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40611.  
40612. Source=Paul Collins Startup list
40613.  
40614. [Microsoft Update Loaders 2005]
40615. Number=5769
40616. Confirmed=X
40617. Filename=winusers.exe
40618. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiq.html" target="_blank">RBOT-AIQ</a> WORM!
40619. Source=Paul Collins Startup list
40620.  
40621. [Microsoft Update Loaders 2006]
40622. Number=5770
40623. Confirmed=X
40624. Filename=winusersystem32.exe
40625. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
40626. Source=Paul Collins Startup list
40627.  
40628. [Microsoft Update Machine]
40629. Number=5771
40630. Confirmed=X
40631. Filename=expl0rer.exe
40632. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T" target="_blank">SDBOT.OK</a> WORM!
40633. Source=Paul Collins Startup list
40634.  
40635. [Microsoft Update Machine]
40636. Number=5772
40637. Confirmed=X
40638. Filename=rxhost.exe
40639. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FC" target="_blank">RBOT.FC</a> WORM!
40640. Source=Paul Collins Startup list
40641.  
40642. [Microsoft Update Machine]
40643. Number=5773
40644. Confirmed=X
40645. Filename=servicz.exe
40646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothu.html" target="_blank">RBOT-HU</a> WORM!
40647. Source=Paul Collins Startup list
40648.  
40649. [Microsoft Update Machine]
40650. Number=5774
40651. Confirmed=X
40652. Filename=SP2.exe
40653. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FP" target="_blank">SPYBOT.FP</a> WORM!
40654. Source=Paul Collins Startup list
40655.  
40656. [Microsoft Update Machine]
40657. Number=5775
40658. Confirmed=X
40659. Filename=winini.exe
40660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkv.html" target="_blank">RBOT-KV</a> WORM!
40661. Source=Paul Collins Startup list
40662.  
40663. [Microsoft Update Machine]
40664. Number=5776
40665. Confirmed=X
40666. Filename=xvshost.exe
40667. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QP" target="_blank">RBOT.QP</a> WORM!
40668. Source=Paul Collins Startup list
40669.  
40670. [Microsoft Update Machine]
40671. Number=5777
40672. Confirmed=X
40673. Filename=memstat.exe
40674. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotom.html" target=_blank>RBOT-OM</a> WORM!
40675.  
40676. Source=Paul Collins Startup list
40677.  
40678. [Microsoft Update Machine]
40679. Number=5778
40680. Confirmed=X
40681. Filename=ntce.exe
40682. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfa.html" target=_blank>RBOT-FA</a> WORM!
40683.  
40684. Source=Paul Collins Startup list
40685.  
40686. [Microsoft Update Machine]
40687. Number=5779
40688. Confirmed=X
40689. Filename=system03.exe
40690. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnm.html" target=_blank>RBOT-NM</a> WORM!
40691.  
40692. Source=Paul Collins Startup list
40693.  
40694. [Microsoft Update Machine]
40695. Number=5780
40696. Confirmed=X
40697. Filename=wuawx.exe
40698. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotce.html" target=_blank>RBOT-CE</a> WORM!
40699.  
40700. Source=Paul Collins Startup list
40701.  
40702. [Microsoft Update Machine]
40703. Number=5781
40704. Confirmed=X
40705. Filename=zonealarm.exe
40706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbz.html" target=_blank>RBOT-BZ</a> WORM! Note - this is not the valid Zone Labs firewall program!
40707.  
40708. Source=Paul Collins Startup list
40709.  
40710. [Microsoft Update Machine]
40711. Number=5782
40712. Confirmed=X
40713. Filename=systemll.exe
40714. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjt.html" target=_blank>RBOT-JT</a> WORM!
40715.  
40716. Source=Paul Collins Startup list
40717.  
40718. [Microsoft Update Machine]
40719. Number=5783
40720. Confirmed=X
40721. Filename=winupdt.exe
40722. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfp.html"target=_blank>RBOT-FP</a> WORM!
40723.  
40724. Source=Paul Collins Startup list
40725.  
40726. [Microsoft Update Machine]
40727. Number=5784
40728. Confirmed=X
40729. Filename=svshost.exe
40730. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AK" target=_blank>RBOT.AK</a> WORM!
40731.  
40732. Source=Paul Collins Startup list
40733.  
40734. [Microsoft Update Machine]
40735. Number=5785
40736. Confirmed=X
40737. Filename=wuamgd.exe
40738. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HQ" target=_blank>SDBOT.HQ</a> WORM!
40739. Source=Paul Collins Startup list
40740.  
40741. [Microsoft Update Machine]
40742. Number=5786
40743. Confirmed=X
40744. Filename=wupdt32x.exe
40745. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
40746.  
40747. Source=Paul Collins Startup list
40748.  
40749. [Microsoft Update Machine]
40750. Number=5787
40751. Confirmed=X
40752. Filename=[random filename]
40753. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40754. Source=Paul Collins Startup list
40755.  
40756. [Microsoft Update Machine]
40757. Number=5788
40758. Confirmed=X
40759. Filename=linux.exe
40760. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotim.html" target=_blank>RBOT-IM</a> WORM!
40761. Source=Paul Collins Startup list
40762.  
40763. [Microsoft Update Machine]
40764. Number=5789
40765. Confirmed=X
40766. Filename=lmrss.exe
40767. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdy.html" target=_blank>RBOT-DY</a> WORM!
40768. Source=Paul Collins Startup list
40769.  
40770. [Microsoft Update Machine]
40771. Number=5790
40772. Confirmed=X
40773. Filename=windowsu.exe
40774. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40775. Source=Paul Collins Startup list
40776.  
40777. [Microsoft Update Machine]
40778. Number=5791
40779. Confirmed=X
40780. Filename=wininigo.exe
40781. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40782. Source=Paul Collins Startup list
40783.  
40784. [Microsoft Update Machine]
40785. Number=5792
40786. Confirmed=X
40787. Filename=winmgr.exe
40788. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40789. Source=Paul Collins Startup list
40790.  
40791. [Microsoft Update Machine]
40792. Number=5793
40793. Confirmed=X
40794. Filename=Winmsixp32.exe
40795. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
40796. Source=Paul Collins Startup list
40797.  
40798. [Microsoft Update Machine]
40799. Number=5794
40800. Confirmed=X
40801. Filename=Winregs32.exe
40802. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DN&VSect=T" target=_blank>RBOT.DN</a> WORM!
40803. Source=Paul Collins Startup list
40804.  
40805. [Microsoft Update Machine]
40806. Number=5795
40807. Confirmed=X
40808. Filename=winxpini.exe
40809. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotob.html" target=_blank>RBOT-OB</a> WORM!
40810. Source=Paul Collins Startup list
40811.  
40812. [Microsoft Update Machine]
40813. Number=5796
40814. Confirmed=X
40815. Filename=wuamgrd.exe
40816. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothe.html" target=_blank>RBOT-HE</a> WORM!
40817. Source=Paul Collins Startup list
40818.  
40819. [Microsoft Update Machine]
40820. Number=5797
40821. Confirmed=X
40822. Filename=wuagrd.exe
40823. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgf.html" target=_blank>RBOT-GF</a> WORM!
40824. Source=Paul Collins Startup list
40825.  
40826. [Microsoft Update Machine]
40827. Number=5798
40828. Confirmed=X
40829. Filename=LANWAKE.EXE
40830. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqz.html" target=_blank>RBOT-QZ</a> WORM!
40831. Source=Paul Collins Startup list
40832.  
40833. [Microsoft Update Machine]
40834. Number=5799
40835. Confirmed=X
40836. Filename=scvhost.exe
40837. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgs.html" target=_blank>RBOT-GS</a> WORM!
40838. Source=Paul Collins Startup list
40839.  
40840. [Microsoft Update Machine]
40841. Number=5800
40842. Confirmed=X
40843. Filename=winhost.exe
40844. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgk.html" target=_blank>RBOT-GK</a> WORM!
40845. Source=Paul Collins Startup list
40846.  
40847. [Microsoft Update Machine]
40848. Number=5801
40849. Confirmed=X
40850. Filename=winss.exe
40851. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JU" target=_blank>RBOT.JU</a> WORM!
40852. Source=Paul Collins Startup list
40853.  
40854. [Microsoft Update Machine]
40855. Number=5802
40856. Confirmed=X
40857. Filename=WUAMGRDXS.EXE
40858. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgl.html" target=_blank>RBOT-GL</a> WORM!
40859. Source=Paul Collins Startup list
40860.  
40861. [Microsoft Update Machine]
40862. Number=5803
40863. Confirmed=X
40864. Filename=crss32.exe
40865. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40866. Source=Paul Collins Startup list
40867.  
40868. [Microsoft Update Machine]
40869. Number=5804
40870. Confirmed=X
40871. Filename=lsasse.exe
40872. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdi.html" target=_blank>RBOT-DI</a> WORM!
40873. Source=Paul Collins Startup list
40874.  
40875. [Microsoft Update Machine]
40876. Number=5805
40877. Confirmed=X
40878. Filename=qwerty.exe
40879. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40880. Source=Paul Collins Startup list
40881.  
40882. [Microsoft Update Machine]
40883. Number=5806
40884. Confirmed=X
40885. Filename=rxxhost.exe
40886. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EP" target=_blank>RBOT.EP</a> WORM!
40887. Source=Paul Collins Startup list
40888.  
40889. [Microsoft Update Machine]
40890. Number=5807
40891. Confirmed=X
40892. Filename=servicez.exe
40893. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BI" target=_blank>SPYBOT.BI</a> WORM!
40894. Source=Paul Collins Startup list
40895.  
40896. [Microsoft Update Machine]
40897. Number=5808
40898. Confirmed=X
40899. Filename=spoolserv.exe
40900. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40901. Source=Paul Collins Startup list
40902.  
40903. [Microsoft Update Machine]
40904. Number=5809
40905. Confirmed=X
40906. Filename=Systemnt.exe
40907. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DA" target="_blank">RBOT.DA</a> WORM!
40908. Source=Paul Collins Startup list
40909.  
40910. [Microsoft Update Machine]
40911. Number=5810
40912. Confirmed=X
40913. Filename=systemse.exe
40914. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbd.html" target=_blank>RBOT-BD</a> WORM!
40915. Source=Paul Collins Startup list
40916.  
40917. [Microsoft Update Machine]
40918. Number=5811
40919. Confirmed=X
40920. Filename=taskmngrs.exe
40921. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcr.html" target=_blank>RBOT-CR</a> WORM!
40922. Source=Paul Collins Startup list
40923.  
40924. [Microsoft Update Machine]
40925. Number=5812
40926. Confirmed=X
40927. Filename=windowsup.exe
40928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfv.html" target=_blank>RBOT-FV</a> WORM!
40929. Source=Paul Collins Startup list
40930.  
40931. [Microsoft Update Machine]
40932. Number=5813
40933. Confirmed=X
40934. Filename=wuamgard.exe
40935. Description=Added by the <a href="http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.CS" target=_blank>SPYBOT.CS</a> WORM!
40936. Source=Paul Collins Startup list
40937.  
40938. [Microsoft Update Machine]
40939. Number=5814
40940. Confirmed=X
40941. Filename=wupdate32.exe
40942. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40943. Source=Paul Collins Startup list
40944.  
40945. [Microsoft Update Machine]
40946. Number=5815
40947. Confirmed=X
40948. Filename=system.exe
40949. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
40950. Source=Paul Collins Startup list
40951.  
40952. [Microsoft Update Machine]
40953. Number=5816
40954. Confirmed=X
40955. Filename=TMEMSER.EXE
40956. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnq.html" target= blank>RBOT-NQ</a> WORM!
40957. Source=Paul Collins Startup list
40958.  
40959. [Microsoft Update Machine]
40960. Number=5817
40961. Confirmed=X
40962. Filename=winnie.exe
40963. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacd.html" target= blank>RBOT-ACD</a> WORM!
40964. Source=Paul Collins Startup list
40965.  
40966. [Microsoft Update Machine]
40967. Number=5818
40968. Confirmed=X
40969. Filename=winortho.exe
40970. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnw.html" target= blank>RBOT-NW</a> WORM!
40971. Source=Paul Collins Startup list
40972.  
40973. [Microsoft Update Machine]
40974. Number=5819
40975. Confirmed=X
40976. Filename=wins32.exe
40977. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EZ" target="_blank">RBOT.EZ</a> WORM!
40978. Source=Paul Collins Startup list
40979.  
40980. [Microsoft Update Machine]
40981. Number=5820
40982. Confirmed=X
40983. Filename=serviz.exe
40984. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40985. Source=Paul Collins Startup list
40986.  
40987. [Microsoft Update Machine]
40988. Number=5821
40989. Confirmed=X
40990. Filename=TASKMAN4.EXE
40991. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
40992. Source=Paul Collins Startup list
40993.  
40994. [Microsoft Update Machine]
40995. Number=5822
40996. Confirmed=X
40997. Filename=wftestb.exe
40998. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafz.html" target=_blank>RBOT-AFZ</a> WORM!
40999. Source=Paul Collins Startup list
41000.  
41001. [Microsoft Update Machine]
41002. Number=5823
41003. Confirmed=X
41004. Filename=Win32.exe
41005. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UV&VSect=T" target=_blank>SDBOT.UV</a> WORM!
41006. Source=Paul Collins Startup list
41007.  
41008. [Microsoft Update Machine]
41009. Number=5824
41010. Confirmed=X
41011. Filename=windns.exe
41012. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EF&VSect=P" target=_blank>RBOT.EF</a> WORM!
41013. Source=Paul Collins Startup list
41014.  
41015. [Microsoft Update Machine]
41016. Number=5825
41017. Confirmed=X
41018. Filename=MSOICONS.EXE
41019. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AWS&VSect=T" target=_blank>RBOT.AWS</a> WORM! Note - do no confuse with the legitimate Msoicons.exe file described <a href="http://www.fileproperties.com/m/MSOICONS-EXE.htm" target=_blank>here</a>. The latter should not normally figure in Msconfig/Startup!
41020. Source=Paul Collins Startup list
41021.  
41022. [Microsoft Update Machine]
41023. Number=5826
41024. Confirmed=X
41025. Filename=WINSVC32.EXE
41026. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CU" target="_blank">RBOT.CU</a> WORM!
41027. Source=Paul Collins Startup list
41028.  
41029. [Microsoft Update Machine]
41030. Number=5827
41031. Confirmed=X
41032. Filename=ntsystem.exe
41033. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GF" target="_blank">RBOT.GF</a> WORM!
41034. Source=Paul Collins Startup list
41035.  
41036. [Microsoft Update Machine]
41037. Number=5828
41038. Confirmed=X
41039. Filename=winupdte.exe
41040. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkl.html" target="_blank">RBOT-GKL</a> WORM!
41041. Source=Paul Collins Startup list
41042.  
41043. [Microsoft Update Manager]
41044. Number=5829
41045. Confirmed=X
41046. Filename=WINRLS.EXE
41047. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaf.html" target=_blank>RBOT-AF</a> WORM!
41048. Source=Paul Collins Startup list
41049.  
41050. [Microsoft Update Manager]
41051. Number=5830
41052. Confirmed=X
41053. Filename=svshost.exe
41054. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41055. Source=Paul Collins Startup list
41056.  
41057. [Microsoft Update Manager]
41058. Number=5831
41059. Confirmed=X
41060. Filename=scvhost.exe
41061. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AXJ&VSect=P" target=_blank>AGOBOT.AXJ</a> WORM!
41062. Source=Paul Collins Startup list
41063.  
41064. [Microsoft Update Manager]
41065. Number=5832
41066. Confirmed=X
41067. Filename=scvideo.exe
41068. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcvp.html" target="_blank">SDBOT-CVP</a> TROJAN!
41069. Source=Paul Collins Startup list
41070.  
41071. [Microsoft Update Mechene]
41072. Number=5833
41073. Confirmed=X
41074. Filename=Updatez.exe
41075. Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotgi.html" target=_blank>RBOT-GI</a> WORM!
41076.  
41077. Source=Paul Collins Startup list
41078.  
41079. [Microsoft Update Module]
41080. Number=5834
41081. Confirmed=X
41082. Filename=rundll24.exe
41083. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotps.html" target=_blank>RBOT-PS</a> WORM!
41084. Source=Paul Collins Startup list
41085.  
41086. [Microsoft Update Process]
41087. Number=5835
41088. Confirmed=X
41089. Filename=wmipcvse.exe
41090. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagobotjf.html" target=_blank>AGOBOT-JF</a> TROJAN!
41091. Source=Paul Collins Startup list
41092.  
41093. [Microsoft Update Security Patch]
41094. Number=5836
41095. Confirmed=X
41096. Filename=mssecurityupdatepatch.exe
41097. Description=Added by the AGENT.EF TROJAN!
41098.  
41099. Source=Paul Collins Startup list
41100.  
41101. [Microsoft Update Server]
41102. Number=5837
41103. Confirmed=X
41104. Filename=mssrv.exe
41105. Description=Added by an unidentified VIRUS, WORM or TROJAN!
41106. Source=Paul Collins Startup list
41107.  
41108. [Microsoft Update Service]
41109. Number=5838
41110. Confirmed=X
41111. Filename=csrss32.exe
41112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothc.html" target="_blank">AGOBOT-HC</a> WORM!
41113. Source=Paul Collins Startup list
41114.  
41115. [Microsoft Update Service]
41116. Number=5839
41117. Confirmed=X
41118. Filename=mswin32.exe
41119. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
41120. Source=Paul Collins Startup list
41121.  
41122. [Microsoft update service]
41123. Number=5840
41124. Confirmed=X
41125. Filename=systemm.exe
41126. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
41127. Source=Paul Collins Startup list
41128.  
41129. [Microsoft Update SERVICE]
41130. Number=5841
41131. Confirmed=X
41132. Filename=phqghum.exe
41133. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41134. Source=Paul Collins Startup list
41135.  
41136. [Microsoft Update Service]
41137. Number=5842
41138. Confirmed=X
41139. Filename=msupdate.pif
41140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqb.html" target=_blank>RBOT-AQB</a> WORM!
41141. Source=Paul Collins Startup list
41142.  
41143. [Microsoft Update Services]
41144. Number=5843
41145. Confirmed=X
41146. Filename=wcsnfty.exe
41147. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagk.html" target=_blank>RBOT-AGK</a> WORM!
41148. Source=Paul Collins Startup list
41149.  
41150. [Microsoft Update Services]
41151. Number=5844
41152. Confirmed=X
41153. Filename=wsnfty.exe
41154. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafu.html" target=_blank>RBOT-AFU</a> WORM!
41155. Source=Paul Collins Startup list
41156.  
41157. [Microsoft Update Time]
41158. Number=5845
41159. Confirmed=X
41160. Filename=wuam.exe
41161. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotm.html" target="_blank">RBOT-M</a> WORM!
41162. Source=Paul Collins Startup list
41163.  
41164. [Microsoft Update USB2]
41165. Number=5846
41166. Confirmed=X
41167. Filename=wuammgrd32.exe
41168. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadt.html" target=_blank>RBOT-ADT</a> WORM!
41169. Source=Paul Collins Startup list
41170.  
41171. [Microsoft Update v2.6]
41172. Number=5847
41173. Confirmed=X
41174. Filename=lxxex.exe
41175. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41176. Source=Paul Collins Startup list
41177.  
41178. [Microsoft Update Win32a]
41179. Number=5848
41180. Confirmed=X
41181. Filename=winupdate32a.exe
41182. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlo.html" target="_blank">RBOT-LO</a> WORM!
41183. Source=Paul Collins Startup list
41184.  
41185. [Microsoft Update Win32x]
41186. Number=5849
41187. Confirmed=X
41188. Filename=winupdate32x.exe
41189. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajn.html" target=_blank>RBOT-AJN</a> WORM!
41190. Source=Paul Collins Startup list
41191.  
41192. [Microsoft Updater]
41193. Number=5850
41194. Confirmed=X
41195. Filename=Winsys32.exe
41196. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41197. Source=Paul Collins Startup list
41198.  
41199. [Microsoft Updater Resources]
41200. Number=5851
41201. Confirmed=X
41202. Filename=WinFixd32.exe
41203. Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.CA" target=_blank>SPYBOT.CA</a> WORM!
41204. Source=Paul Collins Startup list
41205.  
41206. [Microsoft UPDATER32]
41207. Number=5852
41208. Confirmed=X
41209. Filename=lsass.exe
41210. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111910-2515-99" target="_blank">RANDEX.AR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">Lsass.exe</a> system file should normally NOT figure in Msconfig/Startup!
41211. Source=Paul Collins Startup list
41212.  
41213. [Microsoft Updaters]
41214. Number=5853
41215. Confirmed=X
41216. Filename=tskmgr.exe
41217. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41218. Source=Paul Collins Startup list
41219.  
41220. [Microsoft Updaters]
41221. Number=5854
41222. Confirmed=X
41223. Filename=sysconfigs.exe
41224. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdf.html" target= blank>RBOT-DF</a> TROJAN!
41225. Source=Paul Collins Startup list
41226.  
41227. [Microsoft Updaters Pros]
41228. Number=5855
41229. Confirmed=X
41230. Filename=WINDLL32XP.EXE
41231. Description=Added by the SPYBOTTER.GEN VIRUS!
41232. Source=Paul Collins Startup list
41233.  
41234. [Microsoft Updates]
41235. Number=5856
41236. Confirmed=X
41237. Filename=systemc32.exe
41238. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgr.html" target=_blank>RBOT-GR</a> WORM!
41239. Source=Paul Collins Startup list
41240.  
41241. [Microsoft Updates]
41242. Number=5857
41243. Confirmed=X
41244. Filename=wkssvr.exe
41245. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.R&VSect=P" target=_blank>RBOT.R</a> WORM!
41246. Source=Paul Collins Startup list
41247.  
41248. [Microsoft Updates]
41249. Number=5858
41250. Confirmed=X
41251. Filename=wkssvrs.exe
41252. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteb.html" target=_blank>RBOT-EB</a> WORM!
41253. Source=Paul Collins Startup list
41254.  
41255. [Microsoft Updates]
41256. Number=5859
41257. Confirmed=X
41258. Filename=wuamgrd.exe
41259. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotco.html" target=_blank>RBOT-CO</a> WORM!
41260. Source=Paul Collins Startup list
41261.  
41262. [Microsoft Updates]
41263. Number=5860
41264. Confirmed=X
41265. Filename=wtemp32.exe
41266. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahq.html" target=_blank>RBOT-AHQ</a> WORM!
41267. Source=Paul Collins Startup list
41268.  
41269. [Microsoft Updates 2 USB]
41270. Number=5861
41271. Confirmed=X
41272. Filename=wgafixer.exe
41273. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41274. Source=Paul Collins Startup list
41275.  
41276. [Microsoft Updates 5 USB]
41277. Number=5862
41278. Confirmed=X
41279. Filename=sp3fixer.exe
41280. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotads.html" target=_blank>RBOT-ADS</a> WORM!
41281. Source=Paul Collins Startup list
41282.  
41283. [Microsoft Updates Resources]
41284. Number=5863
41285. Confirmed=X
41286. Filename=WinFixIDs.exe
41287. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41288.  
41289. Source=Paul Collins Startup list
41290.  
41291. [Microsoft Updating]
41292. Number=5864
41293. Confirmed=X
41294. Filename=navguard.exe
41295. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HW&VSect=P" target=_blank>RBOT.HW</a> WORM!
41296. Source=Paul Collins Startup list
41297.  
41298. [Microsoft Updating]
41299. Number=5865
41300. Confirmed=X
41301. Filename=syswr.exe
41302. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41303. Source=Paul Collins Startup list
41304.  
41305. [Microsoft Updating]
41306. Number=5866
41307. Confirmed=X
41308. Filename=wuamguards.exe
41309. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotby.html" target=_blank>RBOT-BY</a> WORM!
41310. Source=Paul Collins Startup list
41311.  
41312. [Microsoft Updating Client]
41313. Number=5867
41314. Confirmed=X
41315. Filename=websvc.exe
41316. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AQ" target="_blank">RBOT.AQ</a> WORM!
41317. Source=Paul Collins Startup list
41318.  
41319. [Microsoft Updating Machine]
41320. Number=5868
41321. Confirmed=X
41322. Filename=sysc0de.exe
41323. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RB" target="_blank">RBOT.RB</a> WORM!
41324. Source=Paul Collins Startup list
41325.  
41326. [Microsoft Updatting]
41327. Number=5869
41328. Confirmed=X
41329. Filename=miroupdate.exe
41330. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41331. Source=Paul Collins Startup list
41332.  
41333. [Microsoft Updote]
41334. Number=5870
41335. Confirmed=X
41336. Filename=[random filename]
41337. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarc.html" target=_blank>RBOT-ARC</a> WORM!
41338. Source=Paul Collins Startup list
41339.  
41340. [Microsoft UpMachine]
41341. Number=5871
41342. Confirmed=X
41343. Filename=doezs.exe
41344. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCT&VSect=P" target=_blank>RBOT.BCT</a> WORM!
41345. Source=Paul Collins Startup list
41346.  
41347. [Microsoft upnp Update]
41348. Number=5872
41349. Confirmed=X
41350. Filename=msie.exe
41351. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlq.html" target="_blank">RBOT-LQ</a> WORM!
41352. Source=Paul Collins Startup list
41353.  
41354. [Microsoft uptime Service]
41355. Number=5873
41356. Confirmed=X
41357. Filename=sysuptime.exe
41358. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacg.html" target= blank>RBOT-ACG</a> WORM!
41359. Source=Paul Collins Startup list
41360.  
41361. [Microsoft uptime Service]
41362. Number=5874
41363. Confirmed=X
41364. Filename=sycuptime.exe
41365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahy.html" target=_blank>RBOT-AHY</a> WORM!
41366. Source=Paul Collins Startup list
41367.  
41368. [Microsoft UpToDate Driver (32-bits)]
41369. Number=5875
41370. Confirmed=X
41371. Filename=[random filename].exe
41372. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040516-2515-99" target=_blank>SPYBOT.LXJ</a> WORM!
41373. Source=Paul Collins Startup list
41374.  
41375. [Microsoft USB2 Driver]
41376. Number=5876
41377. Confirmed=X
41378. Filename=crmss.exe
41379. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvk.html" target= blank>RBOT-VK</a> WORM!
41380. Source=Paul Collins Startup list
41381.  
41382. [Microsoft Utility Startup]
41383. Number=5877
41384. Confirmed=N
41385. Filename=OSA9.exe
41386. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
41387. Source=Paul Collins Startup list
41388.  
41389. [Microsoft Values]
41390. Number=5878
41391. Confirmed=X
41392. Filename=igfkishc.exe
41393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglo.html" target="_blank">RBOT-GLO</a> WORM!
41394. Source=Paul Collins Startup list
41395.  
41396. [Microsoft Vertupdate]
41397. Number=5879
41398. Confirmed=X
41399. Filename=MSvert32.exe
41400. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcy.html" target=_blank>MYTOB-CY</a> WORM!
41401. Source=Paul Collins Startup list
41402.  
41403. [Microsoft Video Capture Controls]
41404. Number=5880
41405. Confirmed=X
41406. Filename=MSsrvs32.exe
41407. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaak.html" target=_blank>SDBOT-AAK</a> WORM!
41408. Source=Paul Collins Startup list
41409.  
41410. [Microsoft Video Controls]
41411. Number=5881
41412. Confirmed=X
41413. Filename=tskmsgr.exe
41414. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
41415. Source=Paul Collins Startup list
41416.  
41417. [Microsoft Virual Machine]
41418. Number=5882
41419. Confirmed=X
41420. Filename=sms.exe
41421. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsp.html" target=_blank>RBOT-SP</a> WORM!
41422. Source=Paul Collins Startup list
41423.  
41424. [Microsoft Visual SourceSafe]
41425. Number=5883
41426. Confirmed=X
41427. Filename=services.exe
41428. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
41429. Source=Paul Collins Startup list
41430.  
41431. [Microsoft Visual SourceSafe]
41432. Number=5884
41433. Confirmed=X
41434. Filename=winlogon.exe
41435. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
41436. Source=Paul Collins Startup list
41437.  
41438. [Microsoft Visual Studio]
41439. Number=5885
41440. Confirmed=X
41441. Filename=plscdksxg.exe
41442. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawv.html" target=_blank>RBOT-AWV</a> WORM!
41443. Source=Paul Collins Startup list
41444.  
41445. [Microsoft Visual Studio VSA]
41446. Number=5886
41447. Confirmed=X
41448. Filename=varpc32.exe
41449. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
41450. Source=Paul Collins Startup list
41451.  
41452. [Microsoft Web Device]
41453. Number=5887
41454. Confirmed=X
41455. Filename=wdevice.exe
41456. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
41457. Source=Paul Collins Startup list
41458.  
41459. [Microsoft web update]
41460. Number=5888
41461. Confirmed=X
41462. Filename=webmsn.exe
41463. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotemq.html" target="_blank">RBOT-EMQ</a> WORM!
41464. Source=Paul Collins Startup list
41465.  
41466. [Microsoft Webserver]
41467. Number=5889
41468. Confirmed=U
41469. Filename=svctrl.exe
41470. Description=Personal web server program which enables you to create and host a web server from your computer. Not required for most people
41471. Source=Paul Collins Startup list
41472.  
41473. [Microsoft Win Corp TLS Verification]
41474. Number=5890
41475. Confirmed=X
41476. Filename=mswintls.exe
41477. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgct.html" target="_blank">RBOT-GCT</a> WORM!
41478. Source=Paul Collins Startup list
41479.  
41480. [Microsoft WIN32 DOS]
41481. Number=5891
41482. Confirmed=X
41483. Filename=MSdos32.exe
41484. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
41485. Source=Paul Collins Startup list
41486.  
41487. [Microsoft WIN32 Security]
41488. Number=5892
41489. Confirmed=X
41490. Filename=MSsec32.exe
41491. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdoq.html" target="_blank">RBOT-DOQ</a> TROJAN!
41492. Source=Paul Collins Startup list
41493.  
41494. [MicroSoft Wind0ws Updater]
41495. Number=5893
41496. Confirmed=X
41497. Filename=winsupdater.exe
41498. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41499. Source=Paul Collins Startup list
41500.  
41501. [Microsoft Windows]
41502. Number=5894
41503. Confirmed=X
41504. Filename=mstask0.exe
41505. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FQ" target=_blank>SDBOT.FQ</a> WORM!
41506. Source=Paul Collins Startup list
41507.  
41508. [Microsoft Windows]
41509. Number=5895
41510. Confirmed=X
41511. Filename=atup
41512. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41513. Source=Paul Collins Startup list
41514.  
41515. [Microsoft Windows]
41516. Number=5896
41517. Confirmed=X
41518. Filename=Microsoft Windows.hta
41519. Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
41520. Source=Paul Collins Startup list
41521.  
41522. [Microsoft Windows]
41523. Number=5897
41524. Confirmed=X
41525. Filename=explorar.exe
41526. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
41527. Source=Paul Collins Startup list
41528.  
41529. [Microsoft Windows]
41530. Number=5898
41531. Confirmed=X
41532. Filename=[path to file]
41533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorli.html" target=_blank>LI</a> TROJAN!
41534. Source=Paul Collins Startup list
41535.  
41536. [Microsoft Windows]
41537. Number=5899
41538. Confirmed=X
41539. Filename=bootini.exe
41540. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotk.html" target="_blank">VANEBOT-K</a> WORM!
41541. Source=Paul Collins Startup list
41542.  
41543. [Microsoft Windows 128bit Subsystem]
41544. Number=5900
41545. Confirmed=X
41546. Filename=system12.exe
41547. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcz.html" target=_blank>RANCK-CZ</a> TROJAN!
41548. Source=Paul Collins Startup list
41549.  
41550. [Microsoft Windows 16Bit]
41551. Number=5901
41552. Confirmed=X
41553. Filename=mswinn16.exe
41554. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
41555. Source=Paul Collins Startup list
41556.  
41557. [Microsoft Windows 2000]
41558. Number=5902
41559. Confirmed=X
41560. Filename=Winupdsdgm.exe
41561. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
41562. Source=Paul Collins Startup list
41563.  
41564. [Microsoft Windows 32Bit]
41565. Number=5903
41566. Confirmed=X
41567. Filename=mswinn32.exe
41568. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41569. Source=Paul Collins Startup list
41570.  
41571. [Microsoft Windows 64 Bit]
41572. Number=5904
41573. Confirmed=X
41574. Filename=mswin32.exe
41575. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41576. Source=Paul Collins Startup list
41577.  
41578. [Microsoft Windows Client Firewall]
41579. Number=5905
41580. Confirmed=X
41581. Filename=msclt.exe
41582. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotf.html" target="_blank">VANEBOT-F</a> WORM!
41583. Source=Paul Collins Startup list
41584.  
41585. [Microsoft Windows Communicator for NT/XP]
41586. Number=5906
41587. Confirmed=X
41588. Filename=wincomm.exe
41589. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATH" target="_blank">RBOT.ATH</a> WORM!
41590. Source=Paul Collins Startup list
41591.  
41592. [Microsoft Windows Control]
41593. Number=5907
41594. Confirmed=X
41595. Filename=mswctl32.exe
41596. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP" target=_blank>RBOT.JP</a> WORM!
41597. Source=Paul Collins Startup list
41598.  
41599. [Microsoft Windows CSRSS]
41600. Number=5908
41601. Confirmed=X
41602. Filename=csrss.exe
41603. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
41604. Source=Paul Collins Startup list
41605.  
41606. [Microsoft Windows DHCP]
41607. Number=5909
41608. Confirmed=X
41609. Filename=___r.exe
41610. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120815-1506-99" target=_blank>MASLAN.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120914-3308-99" target=_blank>MASLAN.C</a> WORMS!
41611. Source=Paul Collins Startup list
41612.  
41613. [Microsoft Windows DLL 32-BIT]
41614. Number=5910
41615. Confirmed=X
41616. Filename=msncheck32.exe
41617. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxx.html" target= blank>SDBOT-XX</a> WORM!
41618. Source=Paul Collins Startup list
41619.  
41620. [Microsoft Windows DLL Services]
41621. Number=5911
41622. Confirmed=X
41623. Filename=mwindll.exe
41624. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvx.html" target= blank>SDBOT-VX</a> WORM!
41625. Source=Paul Collins Startup list
41626.  
41627. [Microsoft Windows DLL Services Configuration]
41628. Number=5912
41629. Confirmed=X
41630. Filename=newdll.exe
41631. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzr.html" target=_blank>SDBOT-ZR</a> WORM!
41632. Source=Paul Collins Startup list
41633.  
41634. [Microsoft Windows DLL Services Configuration]
41635. Number=5913
41636. Confirmed=X
41637. Filename=newdll2.exe
41638. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabd.html" target=_blank>SDBOT-ABD</a> WORM!
41639. Source=Paul Collins Startup list
41640.  
41641. [Microsoft Windows DLL Services Configuration]
41642. Number=5914
41643. Confirmed=X
41644. Filename=poker.exe
41645. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzy.html" target=_blank>SDBOT-ZY</a> WORM!
41646. Source=Paul Collins Startup list
41647.  
41648. [Microsoft Windows DLL Services Configuration]
41649. Number=5915
41650. Confirmed=X
41651. Filename=poker3.exe
41652. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaah.html" target=_blank>SDBOT-AAH</a> WORM!
41653. Source=Paul Collins Startup list
41654.  
41655. [Microsoft Windows DLL Services Configuration]
41656. Number=5916
41657. Confirmed=X
41658. Filename=proxy.exe
41659. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzl.html" target=_blank>SDBOT-ZL</a> WORM!
41660. Source=Paul Collins Startup list
41661.  
41662. [Microsoft Windows DLL Services Configuration]
41663. Number=5917
41664. Confirmed=X
41665. Filename=windir32.exe
41666. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHF&VSect=T" target=_blank>SDBOT.BHF</a> WORM!
41667. Source=Paul Collins Startup list
41668.  
41669. [Microsoft Windows DLL Services Configuration]
41670. Number=5918
41671. Confirmed=X
41672. Filename=windir32a.exe
41673. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BHF&VSect=T" target=_blank>SDBOT.BHF</a> WORM!
41674. Source=Paul Collins Startup list
41675.  
41676. [Microsoft Windows DLL Services Configuration]
41677. Number=5919
41678. Confirmed=X
41679. Filename=windll32.exe
41680. Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_SDBOT.BHD" target=_blank>SDBOT.BHD</a> WORM!
41681. Source=Paul Collins Startup list
41682.  
41683. [Microsoft Windows DLL Services Configuration]
41684. Number=5920
41685. Confirmed=X
41686. Filename=winDSL.exe
41687. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzg.html" target=_blank>SDBOT-ZG</a> WORM!
41688. Source=Paul Collins Startup list
41689.  
41690. [Microsoft Windows DLL Services Configuration]
41691. Number=5921
41692. Confirmed=X
41693. Filename=dllmanager32.exe
41694. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbtu.html" target="_blank">SDBOT-BTU</a> WORM!
41695. Source=Paul Collins Startup list
41696.  
41697. [Microsoft Windows DLLHandler]
41698. Number=5922
41699. Confirmed=X
41700. Filename=bitpaint.exe
41701. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AHG" target=_blank>SDBOT.AHG</a> WORM!
41702. Source=Paul Collins Startup list
41703.  
41704. [Microsoft Windows Drivers]
41705. Number=5923
41706. Confirmed=X
41707. Filename=windrv.exe
41708. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
41709. Source=Paul Collins Startup list
41710.  
41711. [Microsoft Windows DVR]
41712. Number=5924
41713. Confirmed=X
41714. Filename=windvr.exe
41715. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxd.html" target=_blank>RBOT-AXD</a> WORM!
41716. Source=Paul Collins Startup list
41717.  
41718. [Microsoft Windows Explorer]
41719. Number=5925
41720. Confirmed=X
41721. Filename=iexplorer.exe
41722. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
41723. Source=Paul Collins Startup list
41724.  
41725. [Microsoft Windows Explorer]
41726. Number=5926
41727. Confirmed=X
41728. Filename=explorewin.exe
41729. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7217" target="_blank">IRCBOT.WORM.212480.H</a> WORM!
41730. Source=Paul Collins Startup list
41731.  
41732. [Microsoft Windows Files Loader]
41733. Number=5927
41734. Confirmed=X
41735. Filename=cgy32win.exe
41736. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxr.html" target=_blank>RBOT-AXR</a> WORM!
41737. Source=Paul Collins Startup list
41738.  
41739. [Microsoft Windows Game Updater]
41740. Number=5928
41741. Confirmed=X
41742. Filename=msgame32.exe
41743. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41744. Source=Paul Collins Startup list
41745.  
41746. [Microsoft Windows GUI]
41747. Number=5929
41748. Confirmed=X
41749. Filename=Windowz.exe
41750. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050615-3701-99" target="_blank">RANDEX.AEV</a> WORM!
41751. Source=Paul Collins Startup list
41752.  
41753. [Microsoft Windows GUI]
41754. Number=5930
41755. Confirmed=X
41756. Filename=msmonk32.exe
41757. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html" target=_blank>SDBOT-PE</a> WORM!
41758. Source=Paul Collins Startup list
41759.  
41760. [Microsoft Windows Kernel Services]
41761. Number=5931
41762. Confirmed=X
41763. Filename=winkrnl386.exe
41764. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082113-3132-99" target="_blank">ZEBROXY</a> TROJAN!
41765. Source=Paul Collins Startup list
41766.  
41767. [Microsoft Windows Loader]
41768. Number=5932
41769. Confirmed=X
41770. Filename=wloader.exe
41771. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
41772. Source=Paul Collins Startup list
41773.  
41774. [Microsoft Windows Logon Process]
41775. Number=5933
41776. Confirmed=X
41777. Filename=winlogon.exe
41778. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserr.html" target="_blank">PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder
41779. Source=Paul Collins Startup list
41780.  
41781. [Microsoft Windows Media Player]
41782. Number=5934
41783. Confirmed=X
41784. Filename=mediaplayer.exe
41785. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41786. Source=Paul Collins Startup list
41787.  
41788. [Microsoft Windows Media Player]
41789. Number=5935
41790. Confirmed=X
41791. Filename=wimp.exe
41792. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfn.html" target=_blank>RBOT-FN</a> WORM!
41793. Source=Paul Collins Startup list
41794.  
41795. [Microsoft Windows Secure]
41796. Number=5936
41797. Confirmed=X
41798. Filename=windocs.exe
41799. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
41800. Source=Paul Collins Startup list
41801.  
41802. [Microsoft Windows Secure]
41803. Number=5937
41804. Confirmed=X
41805. Filename=windocs.exe
41806. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
41807. Source=Paul Collins Startup list
41808.  
41809. [Microsoft Windows Secure Server]
41810. Number=5938
41811. Confirmed=X
41812. Filename=rpcxWindows.exe
41813. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotll.html" target="_blank">RBOT-LL</a> WORM!
41814. Source=Paul Collins Startup list
41815.  
41816. [Microsoft Windows Secure Update]
41817. Number=5939
41818. Confirmed=X
41819. Filename=rpcxwinupdt.exe
41820. Description=Added by an unidentified WORM or TROJAN!
41821. Source=Paul Collins Startup list
41822.  
41823. [Microsoft Windows Securety]
41824. Number=5940
41825. Confirmed=X
41826. Filename=wurguar.exe
41827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotky.html" target=_blank>RBOT-KY</a> WORM!
41828. Source=Paul Collins Startup list
41829.  
41830. [Microsoft Windows Security]
41831. Number=5941
41832. Confirmed=X
41833. Filename=spvsper.exe
41834. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
41835. Source=Paul Collins Startup list
41836.  
41837. [Microsoft Windows Security]
41838. Number=5942
41839. Confirmed=X
41840. Filename=wscndrives.exe
41841. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajk.html" target=_blank>RBOT-AJK</a> WORM!
41842. Source=Paul Collins Startup list
41843.  
41844. [Microsoft Windows Service]
41845. Number=5943
41846. Confirmed=X
41847. Filename=winsys.exe
41848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadp.html" target=_blank>RBOT-ADP</a> WORM!
41849. Source=Paul Collins Startup list
41850.  
41851. [Microsoft Windows Service Pack]
41852. Number=5944
41853. Confirmed=X
41854. Filename=winspkn.exe
41855. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayd.html" target=_blank>RBOT-AYD</a> WORM!
41856. Source=Paul Collins Startup list
41857.  
41858. [Microsoft Windows Services]
41859. Number=5945
41860. Confirmed=X
41861. Filename=msw32.exe
41862. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwq.html" target="_blank">RBOT-FWQ</a> WORM!
41863. Source=Paul Collins Startup list
41864.  
41865. [Microsoft Windows Services Edt]
41866. Number=5946
41867. Confirmed=X
41868. Filename=ssvvcchhoosst.exe
41869. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfyf.html" target="_blank">RBOT-FYF</a> TROJAN!
41870. Source=Paul Collins Startup list
41871.  
41872. [Microsoft Windows Services Edt]
41873. Number=5947
41874. Confirmed=X
41875. Filename=dllrun32.exe
41876. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaf.html" target="_blank">RBOT-GAF</a> WORM!
41877. Source=Paul Collins Startup list
41878.  
41879. [Microsoft Windows Session Manager Subsystem]
41880. Number=5948
41881. Confirmed=X
41882. Filename=smss.exe
41883. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserr.html" target="_blank">PROXYSER-R</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
41884. Source=Paul Collins Startup list
41885.  
41886. [Microsoft Windows Socketx32 Services]
41887. Number=5949
41888. Confirmed=X
41889. Filename=winsockx32.exe
41890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwt.html" target="_blank">RBOT-FWT</a> WORM!
41891. Source=Paul Collins Startup list
41892.  
41893. [Microsoft Windows Storage Machine Service]
41894. Number=5950
41895. Confirmed=X
41896. Filename=winms.exe
41897. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahk.html" target=_blank>RBOT-AHK</a> WORM!
41898. Source=Paul Collins Startup list
41899.  
41900. [Microsoft Windows System]
41901. Number=5951
41902. Confirmed=X
41903. Filename=srwhost.exe
41904. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
41905. Source=Paul Collins Startup list
41906.  
41907. [Microsoft Windows System]
41908. Number=5952
41909. Confirmed=X
41910. Filename=syshost.exe
41911. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
41912. Source=Paul Collins Startup list
41913.  
41914. [Microsoft Windows System Kernel]
41915. Number=5953
41916. Confirmed=X
41917. Filename=kernel32.exe
41918. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target="_blank">IRC.BOT</a> TROJAN!
41919. Source=Paul Collins Startup list
41920.  
41921. [Microsoft Windows System Service Manager]
41922. Number=5954
41923. Confirmed=X
41924. Filename=winsvc.exe
41925. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.LR&VSect=P" target=_blank>SPYBOT.LR</a> WORM!
41926. Source=Paul Collins Startup list
41927.  
41928. [Microsoft Windows Task Management]
41929. Number=5955
41930. Confirmed=X
41931. Filename=mstasks.exe
41932. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
41933. Source=Paul Collins Startup list
41934.  
41935. [Microsoft Windows Task Manger]
41936. Number=5956
41937. Confirmed=X
41938. Filename=Mstosk.exe
41939. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotww.html" target="_blank">SDBOT-WW</a> WORM!
41940. Source=Paul Collins Startup list
41941.  
41942. [Microsoft Windows Tasks Management]
41943. Number=5957
41944. Confirmed=X
41945. Filename=taskmng.exe
41946. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfxk.html" target="_blank">RBOT-FXK</a> WORM!
41947. Source=Paul Collins Startup list
41948.  
41949. [Microsoft Windows Updata]
41950. Number=5958
41951. Confirmed=X
41952. Filename=scvhost.exe
41953. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
41954. Source=Paul Collins Startup list
41955.  
41956. [Microsoft Windows Updata]
41957. Number=5959
41958. Confirmed=X
41959. Filename=windows.exe
41960. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
41961. Source=Paul Collins Startup list
41962.  
41963. [Microsoft Windows Update]
41964. Number=5960
41965. Confirmed=X
41966. Filename=rundlls.exe
41967. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081217-1008-99" target="_blank">HABRACK</a> WORM!
41968. Source=Paul Collins Startup list
41969.  
41970. [Microsoft Windows Update]
41971. Number=5961
41972. Confirmed=X
41973. Filename=msoffice2.exe
41974. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgb.html" target="_blank">RBOT-GB</a> WORM!
41975. Source=Paul Collins Startup list
41976.  
41977. [Microsoft Windows Update]
41978. Number=5962
41979. Confirmed=X
41980. Filename=spools.exe
41981. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TD" target="_blank">SDBOT.TD</a> WORM!
41982. Source=Paul Collins Startup list
41983.  
41984. [Microsoft Windows Update]
41985. Number=5963
41986. Confirmed=X
41987. Filename=svchos.exe
41988. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100415-4933-99" target="_blank">SDBOT.AC</a> WORM!
41989. Source=Paul Collins Startup list
41990.  
41991. [Microsoft Windows Update]
41992. Number=5964
41993. Confirmed=X
41994. Filename=svcshost.exe
41995. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcf.html" target=_blank>FORBOT-CF</a> WORM!
41996.  
41997. Source=Paul Collins Startup list
41998.  
41999. [Microsoft Windows Update]
42000. Number=5965
42001. Confirmed=X
42002. Filename=svmhost.exe
42003. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotch.html" target=_blank>FORBOT-CH</a> WORM!
42004.  
42005. Source=Paul Collins Startup list
42006.  
42007. [Microsoft Windows Update]
42008. Number=5966
42009. Confirmed=X
42010. Filename=svshost.exe
42011. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CJ" target=_blank>WOOTBOT.CJ</a> WORM!
42012. Source=Paul Collins Startup list
42013.  
42014. [Microsoft Windows Update]
42015. Number=5967
42016. Confirmed=X
42017. Filename=msnmessenger.exe
42018. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011009-1754-99" target=_blank>SDBOT.AJ</a> WORM!
42019. Source=Paul Collins Startup list
42020.  
42021. [Microsoft Windows Update]
42022. Number=5968
42023. Confirmed=X
42024. Filename=msnwun.exe
42025. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotrm.html" target=_blank>SDBOT-RM</a> WORM!
42026. Source=Paul Collins Startup list
42027.  
42028. [Microsoft Windows Update]
42029. Number=5969
42030. Confirmed=X
42031. Filename=scvvhost.exe
42032. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdh.html" target=_blank>FORBOT-DH</a> WORM!
42033. Source=Paul Collins Startup list
42034.  
42035. [Microsoft Windows Update]
42036. Number=5970
42037. Confirmed=X
42038. Filename=swwhost.exe
42039. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42040. Source=Paul Collins Startup list
42041.  
42042. [Microsoft Windows Update]
42043. Number=5971
42044. Confirmed=X
42045. Filename=MSNMSGR.EXE
42046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwm.html" target= blank>SDBOT-WM</a> WORM!
42047. Source=Paul Collins Startup list
42048.  
42049. [Microsoft Windows Update]
42050. Number=5972
42051. Confirmed=X
42052. Filename=svzhost.exe
42053. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotev.html" target= blank>FORBOT-EV</a> WORM!
42054. Source=Paul Collins Startup list
42055.  
42056. [Microsoft Windows Update]
42057. Number=5973
42058. Confirmed=X
42059. Filename=sccvhost.exe
42060. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
42061. Source=Paul Collins Startup list
42062.  
42063. [Microsoft Windows Update]
42064. Number=5974
42065. Confirmed=X
42066. Filename=scrhost.exe
42067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaow.html" target=_blank>RBOT-AOW</a> WORM!
42068. Source=Paul Collins Startup list
42069.  
42070. [Microsoft Windows Update]
42071. Number=5975
42072. Confirmed=X
42073. Filename=mnswinsx.exe
42074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawh.html" target=_blank>RBOT-AWH</a> WORM!
42075. Source=Paul Collins Startup list
42076.  
42077. [MICROSOFT Windows update]
42078. Number=5976
42079. Confirmed=X
42080. Filename=pdate.exe
42081. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BZT" target="_blank">RBOT.BZT</a> WORM!
42082. Source=Paul Collins Startup list
42083.  
42084. [Microsoft Windows Update]
42085. Number=5977
42086. Confirmed=X
42087. Filename=srshost.exe
42088. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
42089. Source=Paul Collins Startup list
42090.  
42091. [Microsoft Windows Update Application]
42092. Number=5978
42093. Confirmed=X
42094. Filename=wuap.exe
42095. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42096. Source=Paul Collins Startup list
42097.  
42098. [Microsoft Windows Update Logon]
42099. Number=5979
42100. Confirmed=X
42101. Filename=win-logon.exe
42102. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42103. Source=Paul Collins Startup list
42104.  
42105. [Microsoft Windows Update Service]
42106. Number=5980
42107. Confirmed=X
42108. Filename=wupdmgr32.exe
42109. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051822-4126-99" target="_blank">DOS.AUTOCAT</a> TROJAN!
42110. Source=Paul Collins Startup list
42111.  
42112. [Microsoft Windows Update XP64]
42113. Number=5981
42114. Confirmed=X
42115. Filename=********.exe [* = random char]
42116. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
42117. Source=Paul Collins Startup list
42118.  
42119. [Microsoft Windows Updater]
42120. Number=5982
42121. Confirmed=X
42122. Filename=winupdgm.exe
42123. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-5454-99" target="_blank">GAOBOT.BI</a> WORM!
42124. Source=Paul Collins Startup list
42125.  
42126. [Microsoft Windows Updater]
42127. Number=5983
42128. Confirmed=X
42129. Filename=WINIUPDATES.EXE
42130. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkk.html" target="_blank">RBOT-KK</a> WORM!
42131. Source=Paul Collins Startup list
42132.  
42133. [Microsoft Windows Updater]
42134. Number=5984
42135. Confirmed=X
42136. Filename=WINUPDATE.EXE
42137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotli.html" target=_blank>SDBOT-PU</a> WORM!
42138.  
42139. Source=Paul Collins Startup list
42140.  
42141. [Microsoft Windows Updater]
42142. Number=5985
42143. Confirmed=X
42144. Filename=TMNTSrv.exe
42145. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42146. Source=Paul Collins Startup list
42147.  
42148. [Microsoft Windows Updater]
42149. Number=5986
42150. Confirmed=X
42151. Filename=win32upd.exe
42152. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotec.html" target=_blank>RBOT-EC</a> WORM!
42153. Source=Paul Collins Startup list
42154.  
42155. [Microsoft Windows Updater]
42156. Number=5987
42157. Confirmed=X
42158. Filename=msnupdateit.exe
42159. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrl.html" target=_blank>AGOBOT-RL</a> WORM!
42160. Source=Paul Collins Startup list
42161.  
42162. [Microsoft Windows Updater]
42163. Number=5988
42164. Confirmed=X
42165. Filename=windates.exe
42166. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TE&VSect=P" target=_blank>SDBOT.TE</a> WORM!
42167. Source=Paul Collins Startup list
42168.  
42169. [Microsoft Windows Updater]
42170. Number=5989
42171. Confirmed=X
42172. Filename=spoolvs.exe
42173. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACQ&VSect=P" target=_blank>RBOT.ACQ</a> WORM!
42174. Source=Paul Collins Startup list
42175.  
42176. [Microsoft Windows Updater]
42177. Number=5990
42178. Confirmed=X
42179. Filename=suvhost.exe
42180. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
42181. Source=Paul Collins Startup list
42182.  
42183. [Microsoft Windows updaterD]
42184. Number=5991
42185. Confirmed=X
42186. Filename=log32zx.exe
42187. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM!
42188. Source=Paul Collins Startup list
42189.  
42190. [Microsoft Windows Updates]
42191. Number=5992
42192. Confirmed=X
42193. Filename=explorer32.exe
42194. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T" target=_blank>SDBOT.VQ</a> WORM!
42195.  
42196. Source=Paul Collins Startup list
42197.  
42198. [Microsoft Windows Updates]
42199. Number=5993
42200. Confirmed=X
42201. Filename=wsap32.exe
42202. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
42203. Source=Paul Collins Startup list
42204.  
42205. [Microsoft Windows Updating System]
42206. Number=5994
42207. Confirmed=X
42208. Filename=msresource.exe
42209. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteam.html" target="_blank">RBOT-EAM</a> WORM!
42210. Source=Paul Collins Startup list
42211.  
42212. [Microsoft Windows W32 Services]
42213. Number=5995
42214. Confirmed=X
42215. Filename=mssw32.exe
42216. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
42217. Source=Paul Collins Startup list
42218.  
42219. [Microsoft Windows WinSaSS Management]
42220. Number=5996
42221. Confirmed=X
42222. Filename=winsass.exe
42223. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapw.html" target=_blank>RBOT-APW</a> WORM!
42224. Source=Paul Collins Startup list
42225.  
42226. [Microsoft Windows WKS Service]
42227. Number=5997
42228. Confirmed=X
42229. Filename= gt.exe
42230. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FV" target="_blank">SDBOT.FV</a> WORM!
42231. Source=Paul Collins Startup list
42232.  
42233. [Microsoft Windows Workstation]
42234. Number=5998
42235. Confirmed=X
42236. Filename=devcode.exe
42237. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawl.html" target=_blank>RBOT-AWL</a> WORM!
42238. Source=Paul Collins Startup list
42239.  
42240. [Microsoft Windows XP Configuration Loader]
42241. Number=5999
42242. Confirmed=X
42243. Filename=m32svco.exe
42244. Description=Added by the <a href="http://vil.nai.com/vil/content/v_132310.htm" target= blank>SDBOT.WORM!.48548</a> WORM!
42245. Source=Paul Collins Startup list
42246.  
42247. [Microsoft WINGS32 Protocol]
42248. Number=6000
42249. Confirmed=X
42250. Filename=WinSGR32.exe
42251. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapu.html" target=_blank>RBOT-APU</a> WORM!
42252. Source=Paul Collins Startup list
42253.  
42254. [Microsoft WinRaR]
42255. Number=6001
42256. Confirmed=X
42257. Filename=winrar.exe
42258. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaec.html" target=_blank>RBOT-AEC</a> WORM!
42259. Source=Paul Collins Startup list
42260.  
42261. [Microsoft Winsock]
42262. Number=6002
42263. Confirmed=X
42264. Filename=mswinsck.exe
42265. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotank.html" target=_blank>RBOT-ANK</a> WORM!
42266. Source=Paul Collins Startup list
42267.  
42268. [Microsoft Winsock Service]
42269. Number=6003
42270. Confirmed=X
42271. Filename=msusvc.exe
42272. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotans.html" target=_blank>RBOT-ANS</a> WORM!
42273. Source=Paul Collins Startup list
42274.  
42275. [Microsoft Winsock Wrapper]
42276. Number=6004
42277. Confirmed=X
42278. Filename=ws2_32s.exe
42279. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
42280. Source=Paul Collins Startup list
42281.  
42282. [Microsoft WinSound]
42283. Number=6005
42284. Confirmed=X
42285. Filename=[random filename]
42286. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
42287. Source=Paul Collins Startup list
42288.  
42289. [Microsoft WinUpdate]
42290. Number=6006
42291. Confirmed=X
42292. Filename=mntcgf032.exe
42293. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpf.html" target=_blank>RBOT-PF</a> WORM!
42294. Source=Paul Collins Startup list
42295.  
42296. [Microsoft WinUpdate]
42297. Number=6007
42298. Confirmed=X
42299. Filename=svh0st.exe
42300. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DL&VSect=T" target="_blank">SPYBOT.DL</a> WORM!
42301. Source=Paul Collins Startup list
42302.  
42303. [Microsoft WinUpdate]
42304. Number=6008
42305. Confirmed=X
42306. Filename=syslx32.exe
42307. Description=Added by an unidentified VIRUS, WORM or TROJAN!
42308. Source=Paul Collins Startup list
42309.  
42310. [Microsoft WinUpdate]
42311. Number=6009
42312. Confirmed=X
42313. Filename=syswin32.exe
42314. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotho.html" target=_blank>RBOT-HO</a> WORM!
42315. Source=Paul Collins Startup list
42316.  
42317. [Microsoft WinUpdate]
42318. Number=6010
42319. Confirmed=X
42320. Filename=spfix.exe
42321. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42322. Source=Paul Collins Startup list
42323.  
42324. [Microsoft WinUpdate]
42325. Number=6011
42326. Confirmed=X
42327. Filename=Winamp61.exe
42328. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42329. Source=Paul Collins Startup list
42330.  
42331. [Microsoft WinUpdate]
42332. Number=6012
42333. Confirmed=X
42334. Filename=Winupd32.exe
42335. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MQ&VSect=P" target=_blank>RBOT.MQ</a> WORM!
42336. Source=Paul Collins Startup list
42337.  
42338. [Microsoft WinUpdate]
42339. Number=6013
42340. Confirmed=X
42341. Filename=WinNTinit32.exe
42342. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VS" target="_blank">RBOT.VS</a> WORM!
42343. Source=Paul Collins Startup list
42344.  
42345. [Microsoft WinUpdates]
42346. Number=6014
42347. Confirmed=X
42348. Filename=serm32.exe
42349. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T" target="_blank">RBOT.GE</a> WORM!
42350. Source=Paul Collins Startup list
42351.  
42352. [Microsoft WM]
42353. Number=6015
42354. Confirmed=X
42355. Filename=mswm32.exe
42356. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdram.html" target=_blank>BCKDR-AM</a> TROJAN!
42357. Source=Paul Collins Startup list
42358.  
42359. [Microsoft Word]
42360. Number=6016
42361. Confirmed=X
42362. Filename=BootSector.exe
42363. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
42364. Source=Paul Collins Startup list
42365.  
42366. [Microsoft Word Profissional]
42367. Number=6017
42368. Confirmed=X
42369. Filename=csrss.exe
42370. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandb.html" target=_blank>BANCBAN-DB</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolder
42371. Source=Paul Collins Startup list
42372.  
42373. [Microsoft Word Profissional]
42374. Number=6018
42375. Confirmed=X
42376. Filename=Java Plug In close.exe
42377. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerel.html" target=_blank>BANKER-EL</a> TROJAN!
42378. Source=Paul Collins Startup list
42379.  
42380. [Microsoft Word Profissional]
42381. Number=6019
42382. Confirmed=X
42383. Filename=csrss.exe
42384. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdj.html" target=_blank>BANKER-DJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "protect" subfolder
42385. Source=Paul Collins Startup list
42386.  
42387. [Microsoft Word Profissional]
42388. Number=6020
42389. Confirmed=X
42390. Filename=csrss.exe
42391. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdj.html" target=_blank>BANKER-DJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "JavaVM" subfolder
42392. Source=Paul Collins Startup list
42393.  
42394. [Microsoft Works Calendar Reminders]
42395. Number=6021
42396. Confirmed=N
42397. Filename=wkcalrem.exe
42398. Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
42399. Source=Paul Collins Startup list
42400.  
42401. [Microsoft Works Portfolio]
42402. Number=6022
42403. Confirmed=N
42404. Filename=WksSb.exe
42405. Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
42406. Source=Paul Collins Startup list
42407.  
42408. [Microsoft Works Update Detection ]
42409. Number=6023
42410. Confirmed=N
42411. Filename=wkdetect.exe
42412. Description=Checks for updates to MS Works
42413. Source=Paul Collins Startup list
42414.  
42415. [Microsoft World Service]
42416. Number=6024
42417. Confirmed=X
42418. Filename=winworld.exe
42419. Description=Added by an unidentified IRC worm with backdoor capability!
42420.  
42421. Source=Paul Collins Startup list
42422.  
42423. [Microsoft WPCEmail]
42424. Number=6025
42425. Confirmed=X
42426. Filename=svchost.exe
42427. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsniffern.html" target="_blank">SNIFFER-N</a> TROJAN!
42428. Source=Paul Collins Startup list
42429.  
42430. [Microsoft WWW]
42431. Number=6026
42432. Confirmed=X
42433. Filename=free.exe
42434. Description=Added by a variant of the CWS.AK TROJAN!
42435. Source=Paul Collins Startup list
42436.  
42437. [Microsoft Wxdate]
42438. Number=6027
42439. Confirmed=X
42440. Filename=Syswu32.exe
42441. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HZ&VSect=T" target=_blank>SPYBOT.HZ</a> WORM!
42442. Source=Paul Collins Startup list
42443.  
42444. [Microsoft X Update]
42445. Number=6028
42446. Confirmed=X
42447. Filename=wuamkoppnp.exe
42448. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotani.html" target=_blank>RBOT-ANI</a> WORM!
42449. Source=Paul Collins Startup list
42450.  
42451. [microsoft xdaemon 2.0]
42452. Number=6029
42453. Confirmed=X
42454. Filename=xdaemon.exe
42455. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102817-4837-99" target="_blank">DELF.D</a> TROJAN!
42456. Source=Paul Collins Startup list
42457.  
42458. [Microsoft XML Service]
42459. Number=6030
42460. Confirmed=X
42461. Filename=msxmlx.exe
42462. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS" target="_blank">RBOT.KS</a> WORM!
42463. Source=Paul Collins Startup list
42464.  
42465. [Microsoft Xp Systems loader]
42466. Number=6031
42467. Confirmed=X
42468. Filename=winsystem32xp.exe
42469. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041514-1510-99" target=_blank>KELVIR.W</a> WORM!
42470. Source=Paul Collins Startup list
42471.  
42472. [Microsoft Xp Systems loaders]
42473. Number=6032
42474. Confirmed=X
42475. Filename=win32xpsys.exe
42476. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041715-4455-99" target=_blank>SPYBOT.NYT</a> WORM!
42477. Source=Paul Collins Startup list
42478.  
42479. [Microsoft XPSP Protocol]
42480. Number=6033
42481. Confirmed=X
42482. Filename=xp386.exe
42483. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42484. Source=Paul Collins Startup list
42485.  
42486. [Microsoft xpsp2]
42487. Number=6034
42488. Confirmed=X
42489. Filename=Networksystem.exe
42490. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
42491. Source=Paul Collins Startup list
42492.  
42493. [Microsoft xpsp2]
42494. Number=6035
42495. Confirmed=X
42496. Filename=xpsp2.exe
42497. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyq.html" target=_blank>SDBOT-YQ</a> WORM!
42498. Source=Paul Collins Startup list
42499.  
42500. [Microsoft's System Module]
42501. Number=6036
42502. Confirmed=X
42503. Filename=Sysmodule.exe
42504. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfj.html" target= blank>FJ</a> TROJAN!
42505. Source=Paul Collins Startup list
42506.  
42507. [Microsoft--Updates]
42508. Number=6037
42509. Confirmed=X
42510. Filename=sxvhost.exe
42511. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfh.html" target="_blank">RBOT-FH</a> WORM! 
42512. Source=Paul Collins Startup list
42513.  
42514. [Microsoft-software]
42515. Number=6038
42516. Confirmed=X
42517. Filename=****.exe [* = random char]
42518. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42519. Source=Paul Collins Startup list
42520.  
42521. [Microsoft-Update]
42522. Number=6039
42523. Confirmed=X
42524. Filename=wngard.exe
42525. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjv.html" target="_blank">RBOT-JV</a> WORM!
42526. Source=Paul Collins Startup list
42527.  
42528. [Microsoft-Updates]
42529. Number=6040
42530. Confirmed=X
42531. Filename=svxhost.exe
42532. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotct.html" target="_blank">RBOT-CT</a> WORM!
42533. Source=Paul Collins Startup list
42534.  
42535. [microsoft420]
42536. Number=6041
42537. Confirmed=X
42538. Filename=microsoft420.exe
42539. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B" target="_blank">MENACE.B</a> WORM!
42540. Source=Paul Collins Startup list
42541.  
42542. [Microsoft64]
42543. Number=6042
42544. Confirmed=X
42545. Filename=antiv.exe
42546. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102410-5713-99" target=_blank>SOBER</a> WORM!
42547. Source=Paul Collins Startup list
42548.  
42549. [Microsoftf DDEs ContDLL]
42550. Number=6043
42551. Confirmed=X
42552. Filename=rune.pif
42553. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagf.html" target=_blank>RBOT-AGF</a> WORM!
42554. Source=Paul Collins Startup list
42555.  
42556. [Microsoftf DDEs ContrDL]
42557. Number=6044
42558. Confirmed=X
42559. Filename=runm.pif
42560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafq.html" target=_blank>RBOT-AFQ</a> WORM!
42561. Source=Paul Collins Startup list
42562.  
42563. [Microsoftf DDEs Control]
42564. Number=6045
42565. Confirmed=X
42566. Filename=lxes.exe
42567. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOF&VSect=T" target=_blank>RBOT.BOF</a> WORM!
42568. Source=Paul Collins Startup list
42569.  
42570. [Microsoftf DDEs Control]
42571. Number=6046
42572. Confirmed=X
42573. Filename=wees.exe
42574. Description=Added by a variant of the the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOF&VSect=T" target=_blank>RBOT.BOF</a> WORM!
42575. Source=Paul Collins Startup list
42576.  
42577. [Microsoftf DDEs Control]
42578. Number=6047
42579. Confirmed=X
42580. Filename=soff.pif
42581. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakh.html" target=_blank>RBOT-AKH</a> WORM!
42582. Source=Paul Collins Startup list
42583.  
42584. [Microsoftf DDEs Control]
42585. Number=6048
42586. Confirmed=X
42587. Filename=why-.exe
42588. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamv.html" target=_blank>RBOT-AMV</a> WORM!
42589. Source=Paul Collins Startup list
42590.  
42591. [Microsoftf DDEs Control]
42592. Number=6049
42593. Confirmed=X
42594. Filename=msnn.exe
42595. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxt.html" target=_blank>RBOT-AXT</a> WORM!
42596. Source=Paul Collins Startup list
42597.  
42598. [Microsoftf DDEs Control]
42599. Number=6050
42600. Confirmed=X
42601. Filename=FEnR.exe
42602. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaim.html" target="_blank">RBOT-AIM</a> WORM!
42603. Source=Paul Collins Startup list
42604.  
42605. [Microsoftkeysd]
42606. Number=6051
42607. Confirmed=X
42608. Filename=systemproc.exe
42609. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbi.html" target=_blank>FORBOT-BI</a> WORM!
42610.  
42611. Source=Paul Collins Startup list
42612.  
42613. [Microsoftkeysd]
42614. Number=6052
42615. Confirmed=X
42616. Filename=systemwin32s.exe
42617. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CO" target="_blank">WOOTBOT.CO</a> WORM!
42618. Source=Paul Collins Startup list
42619.  
42620. [Microsoftkeysds]
42621. Number=6053
42622. Confirmed=X
42623. Filename=lass32.exe
42624. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42625. Source=Paul Collins Startup list
42626.  
42627. [MicrosoftKs]
42628. Number=6054
42629. Confirmed=X
42630. Filename=Drivers.bat
42631. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshutdownf.html" target=_blank>SHUTDOWN-F</a> TROJAN!
42632. Source=Paul Collins Startup list
42633.  
42634. [microsoftm eegs cuntrol]
42635. Number=6055
42636. Confirmed=X
42637. Filename=loor.pif
42638. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42639. Source=Paul Collins Startup list
42640.  
42641. [Microsoftmsn32.exe]
42642. Number=6056
42643. Confirmed=X
42644. Filename=microsoftmsn32.exe
42645. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifc.html" target=_blank>CERTIF-C</a> TROJAN!
42646.  
42647. Source=Paul Collins Startup list
42648.  
42649. [MicrosoftMultimediaTask]
42650. Number=6057
42651. Confirmed=X
42652. Filename=Mmtask.exe
42653. Description=Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
42654. Source=Paul Collins Startup list
42655.  
42656. [MicrosoftNetwork Daemon for Win32]
42657. Number=6058
42658. Confirmed=X
42659. Filename=NETD32.EXE
42660. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
42661. Source=Paul Collins Startup list
42662.  
42663. [MicrosoftOEM]
42664. Number=6059
42665. Confirmed=X
42666. Filename=smvss.exe
42667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
42668. Source=Paul Collins Startup list
42669.  
42670. [Microsofts media]
42671. Number=6060
42672. Confirmed=X
42673. Filename=winmplayd.exe
42674. Description=Added by an undidentified WORM or TROJAN!
42675. Source=Paul Collins Startup list
42676.  
42677. [Microsofts media]
42678. Number=6061
42679. Confirmed=X
42680. Filename=wingtp.exe
42681. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvo.html" target=_blank>RBOT-VO</a> WORM!
42682. Source=Paul Collins Startup list
42683.  
42684. [Microsofts MediaScope]
42685. Number=6062
42686. Confirmed=X
42687. Filename=winmep.exe
42688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwb.html" target=_blank>RBOT-WB</a> WORM!
42689. Source=Paul Collins Startup list
42690.  
42691. [Microsofts MediaScope]
42692. Number=6063
42693. Confirmed=X
42694. Filename=winmedplay.exe
42695. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42696. Source=Paul Collins Startup list
42697.  
42698. [Microsofts Security Manager]
42699. Number=6064
42700. Confirmed=X
42701. Filename=****.exe [**** = random char]
42702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwh.html" target=_blank>RBOT-WH</a> TROJAN!
42703. Source=Paul Collins Startup list
42704.  
42705. [Microsofts Service]
42706. Number=6065
42707. Confirmed=X
42708. Filename=lcsrv16.exe
42709. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42710. Source=Paul Collins Startup list
42711.  
42712. [Microsofts Updates]
42713. Number=6066
42714. Confirmed=X
42715. Filename=lsasss.exe
42716. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaex.html" target=_blank>RBOT-AEX</a> WORM!
42717. Source=Paul Collins Startup list
42718.  
42719. [Microsofts Updatez]
42720. Number=6067
42721. Confirmed=X
42722. Filename=cmsssr.exe
42723. Description=Added by an unidentified VIRUS, WORM or TROJAN!
42724. Source=Paul Collins Startup list
42725.  
42726. [Microsofts Updatez]
42727. Number=6068
42728. Confirmed=X
42729. Filename=exploirez.exe
42730. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
42731. Source=Paul Collins Startup list
42732.  
42733. [MicrosoftServiceManager]
42734. Number=6069
42735. Confirmed=X
42736. Filename=mstask32.exe
42737. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100092" target="_blank">YAHA.P</a> WORM!
42738. Source=Paul Collins Startup list
42739.  
42740. [MicrosoftServiceManager]
42741. Number=6070
42742. Confirmed=X
42743. Filename=Wintsk32.exe
42744. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070117-2046-99" target="_blank">YAHA.U</a> WORM!
42745. Source=Paul Collins Startup list
42746.  
42747. [MicrosoftServiceManager]
42748. Number=6071
42749. Confirmed=X
42750. Filename=EXPLORERE.EXE
42751. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091712-0724-99" target="_blank">YAHA.AB</a> WORM!
42752. Source=Paul Collins Startup list
42753.  
42754. [MicrosoftServiceManager]
42755. Number=6072
42756. Confirmed=X
42757. Filename=msupdat.exe
42758. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091707-1011-99" target="_blank">YAHA.AA</a> WORM!
42759. Source=Paul Collins Startup list
42760.  
42761. [MicrosoftSourceSafe]
42762. Number=6073
42763. Confirmed=X
42764. Filename=lsass.exe
42765. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
42766. Source=Paul Collins Startup list
42767.  
42768. [MicrosoftSys]
42769. Number=6074
42770. Confirmed=X
42771. Filename=SPOOLSYS.exe
42772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080210-3705-99" target=_blank>TARNO.N</a> TROJAN!
42773. Source=Paul Collins Startup list
42774.  
42775. [MicrosoftUpdate]
42776. Number=6075
42777. Confirmed=X
42778. Filename=syshelper.exe
42779. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AC&VSect=P" target=_blank>WOOTBOT.AC</a> WORM!
42780. Source=Paul Collins Startup list
42781.  
42782. [MicrosoftUpdate]
42783. Number=6076
42784. Confirmed=X
42785. Filename=WinUp32.exe
42786. Description=Added by an unidentified VIRUS, WORM or TROJAN!
42787. Source=Paul Collins Startup list
42788.  
42789. [MicrosoftUpdates]
42790. Number=6077
42791. Confirmed=X
42792. Filename=[path to trojan]
42793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflo.html" target=_blank>DELF-LO</a> TROJAN!
42794. Source=Paul Collins Startup list
42795.  
42796. [MicrosoftValue]
42797. Number=6078
42798. Confirmed=X
42799. Filename=syscnfg.exe
42800. Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
42801. Source=Paul Collins Startup list
42802.  
42803. [Microsoftvirus]
42804. Number=6079
42805. Confirmed=X
42806. Filename=sysoverload.exe
42807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotal.html" target="_blank">FORBOT-AL</a> WORM!
42808. Source=Paul Collins Startup list
42809.  
42810. [MicrosoftWindows]
42811. Number=6080
42812. Confirmed=X
42813. Filename=[various filenames]
42814. Description=MagicSearch - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
42815. Source=Paul Collins Startup list
42816.  
42817. [MicrosoftWindows]
42818. Number=6081
42819. Confirmed=X
42820. Filename=a@26m.exe
42821. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillparb.html" target="_blank">KILLPAR-B</a> TROJAN!
42822. Source=Paul Collins Startup list
42823.  
42824. [MicrosoftXP Service Pack 2]
42825. Number=6082
42826. Confirmed=X
42827. Filename=servicepack2.exe
42828. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=51085" target="_blank">RBOT.EMC</a> WORM!
42829. Source=Paul Collins Startup list
42830.  
42831. [Microsoftz turn Control]
42832. Number=6083
42833. Confirmed=X
42834. Filename=aexl.exe
42835. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCO&VSect=P" target=_blank>SDBOT.BCO</a> WORM!
42836. Source=Paul Collins Startup list
42837.  
42838. [Microsoftz turn Control]
42839. Number=6084
42840. Confirmed=X
42841. Filename=read.pif
42842. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafs.html" target=_blank>RBOT-AFS</a> WORM!
42843. Source=Paul Collins Startup list
42844.  
42845. [Microsoft⌐ PID Lex]
42846. Number=6085
42847. Confirmed=X
42848. Filename=PIDLex.exe
42849. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-103118-2307-99" target="_blank">NIOVADOOR</a> TROJAN!
42850. Source=Paul Collins Startup list
42851.  
42852. [Microsoft½ ActiveX Debugger NT]
42853. Number=6086
42854. Confirmed=X
42855. Filename=setdebugnt.exe
42856. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscz.html" target=_blank>BANCOS-CZ</a> TROJAN!
42857. Source=Paul Collins Startup list
42858.  
42859. [Microsoft« System Mapper]
42860. Number=6087
42861. Confirmed=X
42862. Filename=SysMap.exe
42863. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-120615-0547-99" target="_blank">MAPSY</a> TROJAN!
42864. Source=Paul Collins Startup list
42865.  
42866. [Microsoft« Windows« Operating System]
42867. Number=6088
42868. Confirmed=U
42869. Filename=ehTray.exe
42870. Description=Enables the user to access Windows Messenger from within <a href="http://msdn.microsoft.com/library/en-us/MedctrSDK/htm/formoreinformation.asp" target="_blank">Windows Media Center Edition</a>
42871. Source=Paul Collins Startup list
42872.  
42873. [Microsoft« Windows« Operating System]
42874. Number=6089
42875. Confirmed=N
42876. Filename=RunDLL32.exe [path] ehuihlp.dll, BootMediaCenter
42877. Description=Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
42878. Source=Paul Collins Startup list
42879.  
42880. [Microsoft« Windows« Operating System]
42881. Number=6090
42882. Confirmed=N
42883. Filename=rundll32.exe [path] oobefldr.dll, ShowWelcomeCenter
42884. Description=Shows the Welcome Center every time you boot into Windows Vista
42885. Source=Paul Collins Startup list
42886.  
42887. [Microsong]
42888. Number=6091
42889. Confirmed=X
42890. Filename=svchosts11.exe
42891. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotev.html" target="_blank">SDBOT-EV</a> WORM!
42892. Source=Paul Collins Startup list
42893.  
42894. [Microsot NT Support]
42895. Number=6092
42896. Confirmed=X
42897. Filename=[random filename].exe
42898. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcti.html" target="_blank">RBOT-CTI</a> WORM!
42899. Source=Paul Collins Startup list
42900.  
42901. [Microszoft Update Mach1nezs]
42902. Number=6093
42903. Confirmed=X
42904. Filename=svchst.exe
42905. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>RBOT-ED</a> WORM!
42906.  
42907. Source=Paul Collins Startup list
42908.  
42909. [Microtek Scanner Finder]
42910. Number=6094
42911. Confirmed=U
42912. Filename=ScannerFinder.exe
42913. Description=Monitors whether a scanner is present. Provided with Microtek scanners
42914. Source=Paul Collins Startup list
42915.  
42916. [Microzoft_Ofiz]
42917. Number=6095
42918. Confirmed=X
42919. Filename=KdzEregli.exe
42920. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080612-0026-99" target="_blank">AMUS.A</a> WORM!
42921. Source=Paul Collins Startup list
42922.  
42923. [Micrsoft CFG 32]
42924. Number=6096
42925. Confirmed=X
42926. Filename=lrbzus32.exe
42927. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
42928. Source=Paul Collins Startup list
42929.  
42930. [Micrsoft Driver]
42931. Number=6097
42932. Confirmed=X
42933. Filename=windrive.exe
42934. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111811-0117-99" target=_blank>SDBOT.AF</a> TROJAN!
42935. Source=Paul Collins Startup list
42936.  
42937. [Micrsoft Driver]
42938. Number=6098
42939. Confirmed=X
42940. Filename=msdriver.exe
42941. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxd.html" target=_blank>SDBOT-XD</a> WORM!
42942. Source=Paul Collins Startup list
42943.  
42944. [Micrsoft Internet Explorer]
42945. Number=6099
42946. Confirmed=X
42947. Filename=IEXPL0RE.EXE
42948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqv.html" target=_blank>RBOT-AQV</a> WORM! Note the number "0" in the filename
42949. Source=Paul Collins Startup list
42950.  
42951. [Micsoft-Published-Software]
42952. Number=6100
42953. Confirmed=X
42954. Filename=explrer.exe
42955. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgfl.html" target="_blank">RBOT-GFL</a> WORM!
42956. Source=Paul Collins Startup list
42957.  
42958. [Micsorosft Security Center]
42959. Number=6101
42960. Confirmed=X
42961. Filename=wcnsfty.exe
42962. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahu.html" target=_blank>RBOT-AHU</a> WORM!
42963. Source=Paul Collins Startup list
42964.  
42965. [MightyFAX Controller]
42966. Number=6102
42967. Confirmed=N
42968. Filename=MFNTCTL.EXE
42969. Description=<a href="http://www.rkssoftware.com/mightyfax/overview.html" target="_blank">Mighty FAX</a> from RKS Software - "installs a printer driver so that you can fax directly from Windows software"
42970. Source=Paul Collins Startup list
42971.  
42972. [MigrationVendorSetupCaller]
42973. Number=6103
42974. Confirmed=?
42975. Filename=rundll32.exe migrate.dll, CallVendorSetupDlls
42976. Description=<font color="#FF0000">??</font>
42977. Source=Paul Collins Startup list
42978.  
42979. [Military Net Killer]
42980. Number=6104
42981. Confirmed=X
42982. Filename=MNK.exe
42983. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32millneta.html" target="_blank">MILLNET-A</a> WORM!
42984. Source=Paul Collins Startup list
42985.  
42986. [MilShieldSlave]
42987. Number=6105
42988. Confirmed=U
42989. Filename=ShieldWorker.exe
42990. Description=<a href="http://www.milincorporated.com/milshield2.html" target="_blank">Mil Shield</a> from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities
42991. Source=Paul Collins Startup list
42992.  
42993. [MimBoot]
42994. Number=6106
42995. Confirmed=N
42996. Filename=mimboot.exe
42997. Description=Starts <a href="http://www.musicmatch.com/" target=_blank>Musicmatch Jukebox</a> at bootup - can be started manually
42998. Source=Paul Collins Startup list
42999.  
43000. [Mincer]
43001. Number=6107
43002. Confirmed=X
43003. Filename=Mincer.exe
43004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97mincemea.html" target=_blank>MINCEME-A</a> WORM!
43005. Source=Paul Collins Startup list
43006.  
43007. [MINIBUG]
43008. Number=6108
43009. Confirmed=X
43010. Filename=MINIBUG.EXE
43011. Description=Displays ads inside Weatherbug - see <a href="http://spybot.safer-networking.de/index.php?lang=en&page=knowledgebase/threats/spybots-minibug" target="_blank">here</a>
43012. Source=Paul Collins Startup list
43013.  
43014. [MiniEYE-MiniREAD Launch]
43015. Number=6109
43016. Confirmed=N
43017. Filename=ARLaunch.exe
43018. Description=<a href="http://www.infmind.com/what/" target="_blank">eyeQ</a> - improve your reading speed
43019. Source=Paul Collins Startup list
43020.  
43021. [MINIFERT.EXE]
43022. Number=6110
43023. Confirmed=N
43024. Filename=MINIFERT.EXE
43025. Description=Part of Backweb
43026. Source=Paul Collins Startup list
43027.  
43028. [minilog]
43029. Number=6111
43030. Confirmed=U
43031. Filename=MINILOG.EXE
43032. Description=If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
43033. Source=Paul Collins Startup list
43034.  
43035. [MiniMavis]
43036. Number=6112
43037. Confirmed=N
43038. Filename=MiniMavis.exe
43039. Description=Mavis Beacon typing tutor
43040. Source=Paul Collins Startup list
43041.  
43042. [minimo]
43043. Number=6113
43044. Confirmed=X
43045. Filename=[path to file]
43046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckx.html" target= blank>MOSUCK-X</a> TROJAN!
43047. Source=Paul Collins Startup list
43048.  
43049. [MiniNote]
43050. Number=6114
43051. Confirmed=N
43052. Filename=MININOTE.EXE
43053. Description=<a href="http://www.fookes.com/software/mininote.htm" target="_blank">Mini NoteTab</a> was the first in the family of "NoteTab" text and HTML editors from Fookes Software
43054. Source=Paul Collins Startup list
43055.  
43056. [Miniphone]
43057. Number=6115
43058. Confirmed=?
43059. Filename=glophone.exe
43060. Description=<a href="http://www.voiceglo.com/" target=_blank>VoiceGlo</a> Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - <font color="#FF0000">is it required in startup?</font>
43061. Source=Paul Collins Startup list
43062.  
43063. [miniport]
43064. Number=6116
43065. Confirmed=X
43066. Filename=usb2chk.exe
43067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN!
43068. Source=Paul Collins Startup list
43069.  
43070. [MiniPortRt]
43071. Number=6117
43072. Confirmed=X
43073. Filename=miniport_mp.exe
43074. Description=Malware - see <a href="http://www.protext.com/support/Miniport_mpVirus.htm" target=_blank>here</a>
43075. Source=Paul Collins Startup list
43076.  
43077. [MiniServer.exe]
43078. Number=6118
43079. Confirmed=X
43080. Filename=MiniServer.exe
43081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlittlewe.html" target=_blank>LITTLEW-E</a> TROJAN!
43082. Source=Paul Collins Startup list
43083.  
43084. [MinMaxExtender]
43085. Number=6119
43086. Confirmed=U
43087. Filename=Mmext.exe
43088. Description=<a href="http://www.geocities.com/revenger_inc/mmext.html" target="_blank">MinMaxExtender</a> - window handling tool
43089. Source=Paul Collins Startup list
43090.  
43091. [Miosf Update]
43092. Number=6120
43093. Confirmed=X
43094. Filename=wimsqaad.exe
43095. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111817-1202-99" target=_blank>SDBOT.AG</a> TROJAN!
43096. Source=Paul Collins Startup list
43097.  
43098. [Mirabilis ICQ]
43099. Number=6121
43100. Confirmed=N
43101. Filename=NDetect.exe
43102. Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
43103. Source=Paul Collins Startup list
43104.  
43105. [Mirabilis ICQ]
43106. Number=6122
43107. Confirmed=N
43108. Filename=icq.exe
43109. Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
43110. Source=Paul Collins Startup list
43111.  
43112. [Mirabilis ICQ]
43113. Number=6123
43114. Confirmed=N
43115. Filename=ICQNet.exe
43116. Description=If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
43117. Source=Paul Collins Startup list
43118.  
43119. [Miramar Systems, Inc.]
43120. Number=6124
43121. Confirmed=U
43122. Filename=atmsg.exe
43123. Description=Miramar PC/Mac networking software
43124. Source=Paul Collins Startup list
43125.  
43126. [Miranda IM]
43127. Number=6125
43128. Confirmed=N
43129. Filename=miranda32.exe
43130. Description=<a href="http://www.miranda-im.org/" target=_blank>Miranda</a> instant messaging client
43131. Source=Paul Collins Startup list
43132.  
43133. [Mirate Sp 2 Information]
43134. Number=6126
43135. Confirmed=X
43136. Filename=miratesp2.exe
43137. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QH" target=_blank>RBOT.QH</a> WORM!
43138. Source=Paul Collins Startup list
43139.  
43140. [Mircosoft DNS Service]
43141. Number=6127
43142. Confirmed=X
43143. Filename=svchost.exe
43144. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotak.html" target=_blank>IRCBOT-AK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
43145. Source=Paul Collins Startup list
43146.  
43147. [Mircosoft Sockets SP2]
43148. Number=6128
43149. Confirmed=X
43150. Filename=mssck.exe
43151. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.ET" target="_blank">MYTOB.ET</a> WORM!
43152. Source=Paul Collins Startup list
43153.  
43154. [Mircosoft Update]
43155. Number=6129
43156. Confirmed=X
43157. Filename=wuampkd.exe
43158. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
43159. Source=Paul Collins Startup list
43160.  
43161. [Mircrosoft Svchost32]
43162. Number=6130
43163. Confirmed=X
43164. Filename=svchost32.exe
43165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazw.html" target=_blank>RBOT-AZW</a> WORM!
43166. Source=Paul Collins Startup list
43167.  
43168. [Mircrosoft Windows Config DLL]
43169. Number=6131
43170. Confirmed=X
43171. Filename=rundllc32b.exe
43172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzy.html" target=_blank>RBOT-ZY</a> WORM!
43173. Source=Paul Collins Startup list
43174.  
43175. [miroVIDEO Tray Tool]
43176. Number=6132
43177. Confirmed=N
43178. Filename=misitray.exe
43179. Description=Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions
43180. Source=Paul Collins Startup list
43181.  
43182. [MirrorFolderShell]
43183. Number=6133
43184. Confirmed=U
43185. Filename=mrfshl.exe
43186. Description=<a href="http://download.e-not.net/utilities/11696/mirrorfolder.html" target=_blank>MirrorFolder</a> backup software
43187. Source=Paul Collins Startup list
43188.  
43189. [Mirsoft sdcE]
43190. Number=6134
43191. Confirmed=X
43192. Filename=taskmegr.exe
43193. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawy.html" target=_blank>RBOT-AWY</a> WORM!
43194. Source=Paul Collins Startup list
43195.  
43196. [Mirsoft sdcE]
43197. Number=6135
43198. Confirmed=X
43199. Filename=taskmegr.exe
43200. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DFQ" target="_blank">RBOT.DFQ</a> WORM!
43201. Source=Paul Collins Startup list
43202.  
43203. [Miscrosoft Windows Explorer]
43204. Number=6136
43205. Confirmed=X
43206. Filename=IEEXPLORER.exe
43207. Description=Reported as the SDBOT.YX WORM!
43208. Source=Paul Collins Startup list
43209.  
43210. [misiCTRL]
43211. Number=6137
43212. Confirmed=?
43213. Filename=misiCTRL.exe
43214. Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
43215. Source=Paul Collins Startup list
43216.  
43217. [misiTRAY]
43218. Number=6138
43219. Confirmed=?
43220. Filename=misiTRAY.exe
43221. Description=<a href="http://www.video-drivers.com/drivers/26/26750.htm" target="_blank">Miro</a> video driver related.<font color="#FF0000"> Is it required?</font>
43222. Source=Paul Collins Startup list
43223.  
43224. [Mismo]
43225. Number=6139
43226. Confirmed=X
43227. Filename=win32x.exe
43228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjp.html" target=_blank>RBOT-JP</a> WORM!
43229. Source=Paul Collins Startup list
43230.  
43231. [Mixer]
43232. Number=6140
43233. Confirmed=N
43234. Filename=Mixer.exe
43235. Description=C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
43236. Source=Paul Collins Startup list
43237.  
43238. [Mixersel]
43239. Number=6141
43240. Confirmed=N
43241. Filename=mixersel.exe
43242. Description=Configuration for Realtek audio devices
43243. Source=Paul Collins Startup list
43244.  
43245. [Mixghost]
43246. Number=6142
43247. Confirmed=N
43248. Filename=mixghost.exe
43249. Description=Management software for Altec Lansing speakers.  If a change is needed, the user can launch it from the Start menu
43250. Source=Paul Collins Startup list
43251.  
43252. [ml00!.exe]
43253. Number=6143
43254. Confirmed=X
43255. Filename=ml00!.exe
43256. Description=Malware, detected by <a href="<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> as Trj/Downloader.BWD
43257. Source=Paul Collins Startup list
43258.  
43259. [ML1HelperStartUp]
43260. Number=6144
43261. Confirmed=U
43262. Filename=ML1HEL~1.EXE
43263. Description=ScreenScenes "Midnight Lake" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
43264. Source=Paul Collins Startup list
43265.  
43266. [ML1HelperStartUp]
43267. Number=6145
43268. Confirmed=U
43269. Filename=ML1Helper.exe
43270. Description=ScreenScenes "Midnight Lake" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
43271. Source=Paul Collins Startup list
43272.  
43273. [ml34]
43274. Number=6146
43275. Confirmed=X
43276. Filename=[path to trojan]
43277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmailbotbh.html!" target="_blank">MAILBOT-BH</a> TROJAN!
43278. Source=Paul Collins Startup list
43279.  
43280. [Mlcr0s0ftf DDEs C0ntr0i]
43281. Number=6147
43282. Confirmed=X
43283. Filename=WAed.pif
43284. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbjw.html" target="_blank">RBOT-BJW</a> WORM!
43285. Source=Paul Collins Startup list
43286.  
43287. [mlibsysmc]
43288. Number=6148
43289. Confirmed=X
43290. Filename=comzcinc.exe
43291. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcxs.html" target="_blank">SDBOT-CXS</a> WORM!
43292. Source=Paul Collins Startup list
43293.  
43294. [mload]
43295. Number=6149
43296. Confirmed=X
43297. Filename=lxmstart.exe
43298. Description=Added by an unidentified VIRUS, WORM or TROJAN!
43299. Source=Paul Collins Startup list
43300.  
43301. [MM Install]
43302. Number=6150
43303. Confirmed=?
43304. Filename=setup.exe
43305. Description=<font color="#FF0000">Possibly <a href="http://www.moneysoft.co.uk/" target="_blank">Money Manager</a> from Moneysoft?</font>
43306. Source=Paul Collins Startup list
43307.  
43308. [MMB2]
43309. Number=6151
43310. Confirmed=X
43311. Filename=explorer.exe
43312. Description=Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
43313. Source=Paul Collins Startup list
43314.  
43315. [MMC]
43316. Number=6152
43317. Confirmed=X
43318. Filename=inisys.exe
43319. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscaboti.html" target=_blank>OSCABOT-I</a> WORM!
43320. Source=Paul Collins Startup list
43321.  
43322. [mmcndmgr]
43323. Number=6153
43324. Confirmed=X
43325. Filename=mmcndmgr.exe
43326. Description=Added by an unidentified VIRUS, WORM or TROJAN!
43327. Source=Paul Collins Startup list
43328.  
43329. [MMCWINMGMT]
43330. Number=6154
43331. Confirmed=N
43332. Filename=winmgmt.exe
43333. Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
43334. Source=Paul Collins Startup list
43335.  
43336. [mmemdrv]
43337. Number=6155
43338. Confirmed=X
43339. Filename=mmemdrv.exe
43340. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022010-1625-99" target=_blank>SecondSight</a> spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installed
43341. Source=Paul Collins Startup list
43342.  
43343. [MMERefresh]
43344. Number=6156
43345. Confirmed=U
43346. Filename=MMERefresh.exe
43347. Description=Part of <a href="http://www.digidesign.com/index.cfm?" target="_blank">Digidesgin</a> Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
43348. Source=Paul Collins Startup list
43349.  
43350. [Mmessenger]
43351. Number=6157
43352. Confirmed=X
43353. Filename=messenger.exe
43354. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GM" target="_blank">AGOBOT.GM</a> WORM!
43355. Source=Paul Collins Startup list
43356.  
43357. [Mmgsvc]
43358. Number=6158
43359. Confirmed=X
43360. Filename=mmgsvc.exe
43361. Description=Mmgsvc spyware
43362.  
43363. Source=Paul Collins Startup list
43364.  
43365. [MMhid]
43366. Number=6159
43367. Confirmed=U
43368. Filename=mmhid.dll
43369. Description=This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See <a href="http://www.microsoft.com/whdc/device/input/audctrl.mspx" target="_blank">here</a>. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
43370. Source=Paul Collins Startup list
43371.  
43372. [MMHK]
43373. Number=6160
43374. Confirmed=?
43375. Filename=mmhk.exe
43376. Description=<font color="#FF0000">A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?</font>
43377. Source=Paul Collins Startup list
43378.  
43379. [MMHotKey]
43380. Number=6161
43381. Confirmed=N
43382. Filename=MMHotKey.exe
43383. Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
43384. Source=Paul Collins Startup list
43385.  
43386. [MMicrosoft Security Management]
43387. Number=6162
43388. Confirmed=X
43389. Filename=inetforn.exe
43390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFZ" target="_blank">RBOT.AFZ</a> WORM!
43391. Source=Paul Collins Startup list
43392.  
43393. [MMKeybd]
43394. Number=6163
43395. Confirmed=U
43396. Filename=MMKeybd.exe
43397. Description=Multimedia keyboard manager. Required if you use the additional keys
43398. Source=Paul Collins Startup list
43399.  
43400. [Mmm]
43401. Number=6164
43402. Confirmed=U
43403. Filename=Mmm.exe
43404. Description=Hace <a href="http://www.hace.us-inc.com/mmm.shtml" target="_blank">Mmm</a> - free utility to configure your Windows menus and move and remove menu-items you never use
43405. Source=Paul Collins Startup list
43406.  
43407. [mmod]
43408. Number=6165
43409. Confirmed=X
43410. Filename=mmod.exe
43411. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
43412. Source=Paul Collins Startup list
43413.  
43414. [mmpti]
43415. Number=6166
43416. Confirmed=N
43417. Filename=m1mmpti.exe
43418. Description=Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
43419. Source=Paul Collins Startup list
43420.  
43421. [MMReminderService]
43422. Number=6167
43423. Confirmed=N
43424. Filename=MMReminderService.exe
43425. Description=<a href="http://www.mindjet.com/" target=_blank>Mind Manager</a> from Mindjet - "easy way to organize ideas and information". Registration reminder
43426.  
43427. Source=Paul Collins Startup list
43428.  
43429. [MMRun]
43430. Number=6168
43431. Confirmed=?
43432. Filename=mmrun.exe
43433. Description=<font color="#FF0000">??</font>
43434. Source=Paul Collins Startup list
43435.  
43436. [mmsys]
43437. Number=6169
43438. Confirmed=?
43439. Filename=recover.exe
43440. Description=<font color="#FF0000">??</font>
43441. Source=Paul Collins Startup list
43442.  
43443. [MMSystem]
43444. Number=6170
43445. Confirmed=X
43446. Filename=RunDll32
43447. Description=Added by the FUNNER-A WORM!
43448.  
43449. Source=Paul Collins Startup list
43450.  
43451. [MMTASK]
43452. Number=6171
43453. Confirmed=Y
43454. Filename=mmtask.tsk
43455. Description=A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc
43456. Source=Paul Collins Startup list
43457.  
43458. [mmtask]
43459. Number=6172
43460. Confirmed=N
43461. Filename=mmtask.exe
43462. Description=Part of <a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=" target="_blank"> MusicMatch Jukebox</a> - digital music player / CD burner and ripper / music organizer / playlist creator
43463. Source=Paul Collins Startup list
43464.  
43465. [MMtask Service]
43466. Number=6173
43467. Confirmed=X
43468. Filename=mmtask.exe
43469. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbackgata.html" target="_blank">BACKGAT.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
43470. Source=Paul Collins Startup list
43471.  
43472. [MMTray]
43473. Number=6174
43474. Confirmed=N
43475. Filename=mm_tray.exe
43476. Description=<a href="http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=" target="_blank">MusicMatch Jukebox</a> icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator
43477. Source=Paul Collins Startup list
43478.  
43479. [MMTray]
43480. Number=6175
43481. Confirmed=N
43482. Filename=MMTray.exe
43483. Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
43484. Source=Paul Collins Startup list
43485.  
43486. [MMTray2K]
43487. Number=6176
43488. Confirmed=N
43489. Filename=MMTray2K.exe
43490. Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
43491. Source=Paul Collins Startup list
43492.  
43493. [MMTrayLSI]
43494. Number=6177
43495. Confirmed=N
43496. Filename=MMTrayLSI.exe
43497. Description=Part of <a href="http://www.morgan-multimedia.com/" target="_blank"> Morgan Multimedia Codecs</a>. Only required when the codecs are used
43498. Source=Paul Collins Startup list
43499.  
43500. [mmusrstp]
43501. Number=6178
43502. Confirmed=?
43503. Filename=procrun.exe
43504. Description=<font color="#FF0000">??</font>
43505. Source=Paul Collins Startup list
43506.  
43507. [mmxp2passion.exe]
43508. Number=6179
43509. Confirmed=X
43510. Filename=mmxp2passion.exe
43511. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
43512. Source=Paul Collins Startup list
43513.  
43514. [mmxrun]
43515. Number=6180
43516. Confirmed=X
43517. Filename=msosa.exe
43518. Description=Added by an unidentified TROJAN or WORM!
43519.  
43520. Source=Paul Collins Startup list
43521.  
43522. [mmxrun]
43523. Number=6181
43524. Confirmed=X
43525. Filename=mswinindex.exe
43526. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110516-2239-99" target=_blank>TwoSeven</a> spyware
43527. Source=Paul Collins Startup list
43528.  
43529. [mnklins]
43530. Number=6182
43531. Confirmed=X
43532. Filename=mnklins.exe
43533. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
43534. Source=Paul Collins Startup list
43535.  
43536. [MNPol]
43537. Number=6183
43538. Confirmed=X
43539. Filename=mnpol.exe
43540. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091104-3134-99" target=_blank>DLUCA.B</a> TROJAN!
43541. Source=Paul Collins Startup list
43542.  
43543. [MNS]
43544. Number=6184
43545. Confirmed=U
43546. Filename=MNS.exe
43547. Description=<a href="http://www.mobilenetswitch.com/" target=_blank>Mobile Net Switch</a> enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more
43548. Source=Paul Collins Startup list
43549.  
43550. [mnsvc]
43551. Number=6185
43552. Confirmed=X
43553. Filename=mnsvc.exe
43554. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
43555. Source=Paul Collins Startup list
43556.  
43557. [mnsvcsp]
43558. Number=6186
43559. Confirmed=X
43560. Filename=mnsvcsp.exe
43561. Description=Added by an unidentified VIRUS, WORM or TROJAN!
43562. Source=Paul Collins Startup list
43563.  
43564. [Mobile Phone Suite]
43565. Number=6187
43566. Confirmed=U
43567. Filename=MobilePhoneSuite.exe
43568. Description=Logitech Mobile Phone Suite
43569.  
43570. Source=Paul Collins Startup list
43571.  
43572. [mobile PhoneTools]
43573. Number=6188
43574. Confirmed=U
43575. Filename=mPhonetools.exe
43576. Description=Motorola <a href="http://www.bvrp.com/customers/motorola/upgrade/US/" target="_blank">Phone Tools</a>
43577. Source=Paul Collins Startup list
43578.  
43579. [Mobipocket Reader Notifications]
43580. Number=6189
43581. Confirmed=U
43582. Filename=readernotify.exe
43583. Description=Part of <a href="http://www.mobipocket.com/en/DownloadSoft/ProductDetailsReader.asp" target="_blank">Mobipocket Reader</a> - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"
43584. Source=Paul Collins Startup list
43585.  
43586. [mobsync]
43587. Number=6190
43588. Confirmed=N
43589. Filename=mobsync.exe
43590. Description=MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
43591. Source=Paul Collins Startup list
43592.  
43593. [MOBSYNC32.EXE]
43594. Number=6191
43595. Confirmed=X
43596. Filename=mobsync32.exe
43597. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100313-3137-99" target="_blank">FINERO</a> TROJAN!
43598. Source=Paul Collins Startup list
43599.  
43600. [MOD]
43601. Number=6192
43602. Confirmed=N
43603. Filename=muamgr.exe
43604. Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
43605. Source=Paul Collins Startup list
43606.  
43607. [Modem]
43608. Number=6193
43609. Confirmed=X
43610. Filename=locatesvc.exe
43611. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
43612. Source=Paul Collins Startup list
43613.  
43614. [Modem Driverz Updates]
43615. Number=6194
43616. Confirmed=X
43617. Filename=mdmdrv.exe
43618. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
43619. Source=Paul Collins Startup list
43620.  
43621. [MODEMBTR]
43622. Number=6195
43623. Confirmed=U
43624. Filename=MODEMBTR.EXE
43625. Description=Modem Booster from <a href="http://inklineglobal.com/" target="_blank">inKline Global</a> to improve ISP connections
43626. Source=Paul Collins Startup list
43627.  
43628. [Modeminf]
43629. Number=6196
43630. Confirmed=X
43631. Filename=Modeminf.exe
43632. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
43633. Source=Paul Collins Startup list
43634.  
43635. [ModemOnHold]
43636. Number=6197
43637. Confirmed=U
43638. Filename=MOH.EXE
43639. Description=NetWaiting Modem-on-Hold Application
43640. Source=Paul Collins Startup list
43641.  
43642. [ModemUtility]
43643. Number=6198
43644. Confirmed=N
43645. Filename=mdmsetpe.exe
43646. Description=System Tray configuration icon for Aztech modems
43647. Source=Paul Collins Startup list
43648.  
43649. [ModularConfig]
43650. Number=6199
43651. Confirmed=X
43652. Filename=syscnfg.exe
43653. Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
43654. Source=Paul Collins Startup list
43655.  
43656. [Module Call initialize]
43657. Number=6200
43658. Confirmed=X
43659. Filename=RUNDLL32.EXE reg.dll, ondll_reg
43660. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
43661. Source=Paul Collins Startup list
43662.  
43663. [Modulo 00FE0F01 Host Internet]
43664. Number=6201
43665. Confirmed=X
43666. Filename=syschost.exe
43667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkw.html" target="_blank">DELF-KW</a> TROJAN!
43668. Source=Paul Collins Startup list
43669.  
43670. [Money Express]
43671. Number=6202
43672. Confirmed=N
43673. Filename=moneyexpress.exe
43674. Description=Part of MS Money. Available via Start -> Programs
43675. Source=Paul Collins Startup list
43676.  
43677. [MoneyAgent]
43678. Number=6203
43679. Confirmed=N
43680. Filename=money express.exe
43681. Description=Part of MS Money. Available via Start -> Programs
43682. Source=Paul Collins Startup list
43683.  
43684. [MoneyAgent]
43685. Number=6204
43686. Confirmed=N
43687. Filename=mnyexpr.exe
43688. Description=Microsoft Money
43689. Source=Paul Collins Startup list
43690.  
43691. [MoneyStartUp]
43692. Number=6205
43693. Confirmed=N
43694. Filename=Money Startup.exe
43695. Description=Microsoft Money
43696. Source=Paul Collins Startup list
43697.  
43698. [MoneyStartUp10.0]
43699. Number=6206
43700. Confirmed=N
43701. Filename=Activation.exe
43702. Description=Part of MS Money 2002. Available via Start -> Programs
43703. Source=Paul Collins Startup list
43704.  
43705. [monitor]
43706. Number=6207
43707. Confirmed=X
43708. Filename=monitor.exe
43709. Description=Browser hijacker, redirecting to NCM Search
43710. Source=Paul Collins Startup list
43711.  
43712. [Monitor]
43713. Number=6208
43714. Confirmed=U
43715. Filename=SD Monitor.exe
43716. Description="Transfer data quickly between your memory card and your computer with SanDisk's <a href="http://www.sandisk.com/Products/Catalog(1086)-Readers_Writers_and_Adapters.aspx" target="_blank">Readers, Writers and Adapters</a>"
43717. Source=Paul Collins Startup list
43718.  
43719. [Monitor Apache Servers]
43720. Number=6209
43721. Confirmed=U
43722. Filename=ApacheMonitor.exe
43723. Description=Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
43724. Source=Paul Collins Startup list
43725.  
43726. [Monitor Helper]
43727. Number=6210
43728. Confirmed=U
43729. Filename=monitor.exe
43730. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080508-3152-99" target= blank>MyLittleSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
43731. Source=Paul Collins Startup list
43732.  
43733. [Monitoring Service]
43734. Number=6211
43735. Confirmed=X
43736. Filename=svchost.exe
43737. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030912-4419-99" target=_blank>CONE.C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
43738. Source=Paul Collins Startup list
43739.  
43740. [Monitormgt]
43741. Number=6212
43742. Confirmed=X
43743. Filename=Monitormgt.exe
43744. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
43745. Source=Paul Collins Startup list
43746.  
43747. [MonitorSD]
43748. Number=6213
43749. Confirmed=U
43750. Filename=SDMonitor.exe
43751. Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target="_blank">here</a>
43752. Source=Paul Collins Startup list
43753.  
43754. [MONPluginSrIvcs]
43755. Number=6214
43756. Confirmed=X
43757. Filename=n3monap23.exe
43758. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
43759. Source=Paul Collins Startup list
43760.  
43761. [Monstersoundtray]
43762. Number=6215
43763. Confirmed=N
43764. Filename=Freectrl.exe
43765. Description=Diamond Multimedia sound card control panel
43766. Source=Paul Collins Startup list
43767.  
43768. [MonTest]
43769. Number=6216
43770. Confirmed=X
43771. Filename=vccxzq.exe
43772. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotea.html" target=_blank>SDBOT-EA</a> WORM!
43773. Source=Paul Collins Startup list
43774.  
43775. [MoodBook]
43776. Number=6217
43777. Confirmed=U
43778. Filename=mb.exe
43779. Description=<a href="http://www.moodbook.com/" target=_blank>MoodBook</a> is a free Windows utility that brings art to your desktop 
43780. Source=Paul Collins Startup list
43781.  
43782. [moon phase]
43783. Number=6218
43784. Confirmed=N
43785. Filename=moon.exe
43786. Description=<a href="http://www.locutuscodeware.com" target="_blank">Moon Phase</a> - tray icon that indicates the phases of the moon
43787. Source=Paul Collins Startup list
43788.  
43789. [MoreResults]
43790. Number=6219
43791. Confirmed=X
43792. Filename=MoreResults.exe
43793. Description=<a href="http://www.superadblocker.com/M/MORERESULTS.EXE-4789.html" target="_blank">MoreResults</a> adware
43794. Source=Paul Collins Startup list
43795.  
43796. [Morpheus]
43797. Number=6220
43798. Confirmed=N
43799. Filename=morpheus.exe
43800. Description=MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"
43801. Source=Paul Collins Startup list
43802.  
43803. [morphstb]
43804. Number=6221
43805. Confirmed=X
43806. Filename=morphstb.exe
43807. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Stubby.c
43808. Source=Paul Collins Startup list
43809.  
43810. [mosearch]
43811. Number=6222
43812. Confirmed=X
43813. Filename=mosearch.exe
43814. Description=Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try <a href="http://support.microsoft.com/kb/q282106/" target="_blank">here</a>
43815. Source=Paul Collins Startup list
43816.  
43817. [Motherboard Config]
43818. Number=6223
43819. Confirmed=X
43820. Filename=Ati2xxx.exe
43821. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaik.html" target="_blank">RBOT-AIK</a> WORM!
43822. Source=Paul Collins Startup list
43823.  
43824. [MotherBoard Sounds]
43825. Number=6224
43826. Confirmed=X
43827. Filename=Sounds.exe
43828. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaap.html" target=_blank>RBOT-AAP</a> WORM!
43829. Source=Paul Collins Startup list
43830.  
43831. [Motive SmartBridge]
43832. Number=6225
43833. Confirmed=N
43834. Filename=mpbtn.exe
43835. Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
43836. Source=Paul Collins Startup list
43837.  
43838. [Motive SmartBridge]
43839. Number=6226
43840. Confirmed=N
43841. Filename=MotiveSB.exe
43842. Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
43843. Source=Paul Collins Startup list
43844.  
43845. [Motive SmartBridge]
43846. Number=6227
43847. Confirmed=N
43848. Filename=BTHelpNotifier.exe
43849. Description=System tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
43850. Source=Paul Collins Startup list
43851.  
43852. [MotiveMonitor]
43853. Number=6228
43854. Confirmed=U
43855. Filename=motmon.exe
43856. Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
43857. Source=Paul Collins Startup list
43858.  
43859. [MotiveSB]
43860. Number=6229
43861. Confirmed=N
43862. Filename=MotiveSB.exe
43863. Description=System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
43864. Source=Paul Collins Startup list
43865.  
43866. [MotMon]
43867. Number=6230
43868. Confirmed=U
43869. Filename=motmon.exe
43870. Description=Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is usedáthe suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
43871. Source=Paul Collins Startup list
43872.  
43873. [motoin]
43874. Number=6231
43875. Confirmed=X
43876. Filename=mm15201518.Stub.exe
43877. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target= blank>Delfin Promulgate</a> adware variant
43878. Source=Paul Collins Startup list
43879.  
43880. [Motorola Desktop Suite]
43881. Number=6232
43882. Confirmed=U
43883. Filename=DesktopSuite.exe
43884. Description=Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the <a href="http://developer.motorola.com/?path=1.2.5.22.112" target="_blank">A1000</a>
43885. Source=Paul Collins Startup list
43886.  
43887. [Motorola Desktop Suite mRouter Config]
43888. Number=6233
43889. Confirmed=U
43890. Filename=mRouterConfig.exe
43891. Description=Configuration for Intuwave's <a href="http://www.intuwave.com/index.php?page=mrouter" target="_blank">mRouter</a> - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". An integral component of Symbian OS that is provided to all Symbian licensees
43892. Source=Paul Collins Startup list
43893.  
43894. [Mount Safe & Sound]
43895. Number=6234
43896. Confirmed=U
43897. Filename=Fbmount.exe
43898. Description=From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
43899. Source=Paul Collins Startup list
43900.  
43901. [mouse]
43902. Number=6235
43903. Confirmed=X
43904. Filename=mouse.exe
43905. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahj.html" target=_blank>RBOT-AHJ</a> WORM!
43906. Source=Paul Collins Startup list
43907.  
43908. [Mouse 32A]
43909. Number=6236
43910. Confirmed=N
43911. Filename=Mouse32A.exe
43912. Description=Mouse driver to control mouse functions from Azona. Available via Start -> Programs
43913. Source=Paul Collins Startup list
43914.  
43915. [Mouse Suite 98 Daemon]
43916. Number=6237
43917. Confirmed=N
43918. Filename=pelmiced.exe
43919. Description=Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
43920. Source=Paul Collins Startup list
43921.  
43922. [Mouse Suite 98 Daemon]
43923. Number=6238
43924. Confirmed=N
43925. Filename=ICO.EXE
43926. Description=Found on Sony Vaio and IBM Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
43927. Source=Paul Collins Startup list
43928.  
43929. [mousebut]
43930. Number=6239
43931. Confirmed=X
43932. Filename=mousebut.exe
43933. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
43934. Source=Paul Collins Startup list
43935.  
43936. [Mousecntl]
43937. Number=6240
43938. Confirmed=X
43939. Filename=mousecntl.exe
43940. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
43941. Source=Paul Collins Startup list
43942.  
43943. [MouseCount]
43944. Number=6241
43945. Confirmed=N
43946. Filename=MC.exe
43947. Description=<a href="http://www.kittyfeet.com/mousecount.htm" target="_blank">MouseCount</a> by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required
43948. Source=Paul Collins Startup list
43949.  
43950. [MouseDrv]
43951. Number=6242
43952. Confirmed=X
43953. Filename=[path to worm]
43954. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zoloadb.html" target=_blank>ZOLOAD-B</a> WORM!
43955. Source=Paul Collins Startup list
43956.  
43957. [MouseDrv]
43958. Number=6243
43959. Confirmed=X
43960. Filename=update.exe
43961. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.N&VSect=P" target=_blank>ZOTOB.N</a> WORM!
43962. Source=Paul Collins Startup list
43963.  
43964. [mouseElf]
43965. Number=6244
43966. Confirmed=U
43967. Filename=MC.exe
43968. Description=<a href="http://www.geniusnet.com.tw/" target=_blank>Genius</a> NetScroll mouse driver - required if you use non-standard Windows driver features
43969. Source=Paul Collins Startup list
43970.  
43971. [mouseElf]
43972. Number=6245
43973. Confirmed=U
43974. Filename=mouseElf.exe
43975. Description=System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
43976. Source=Paul Collins Startup list
43977.  
43978. [MouseImp]
43979. Number=6246
43980. Confirmed=U
43981. Filename=MImpHost.exe
43982. Description=MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"
43983. Source=Paul Collins Startup list
43984.  
43985. [mousepad]
43986. Number=6247
43987. Confirmed=X
43988. Filename=mousepad.exe
43989. Description=Added by the <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>CLICKER</a> TROJAN!
43990.  
43991. Source=Paul Collins Startup list
43992.  
43993. [Mousinfo]
43994. Number=6248
43995. Confirmed=U
43996. Filename=mousinfo.exe
43997. Description=MS mouse information tool - for troubleshooting mouse problems
43998. Source=Paul Collins Startup list
43999.  
44000. [MoussaEvil]
44001. Number=6249
44002. Confirmed=X
44003. Filename=[path to file]
44004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32musanuba.html" target=_blank>MUSANUB-A</a> WORM!
44005. Source=Paul Collins Startup list
44006.  
44007. [MoveSearch]
44008. Number=6250
44009. Confirmed=X
44010. Filename=Search.exe
44011. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101816-5730-99" target=_blank>PigSearch</a> adware
44012. Source=Paul Collins Startup list
44013.  
44014. [Movielink Manager Uninstall]
44015. Number=6251
44016. Confirmed=N
44017. Filename=msvcmm32.exe
44018. Description=Auto-update for <a href="http://www.movielink.com/" target="_blank">Movielink</a> - internet movie rental System Tray access
44019. Source=Paul Collins Startup list
44020.  
44021. [MovieM]
44022. Number=6252
44023. Confirmed=X
44024. Filename=lmovie.exe
44025. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021611-2701-99" target=_blank>BEAGLE.DS</a> WORM!
44026. Source=Paul Collins Startup list
44027.  
44028. [moviemk]
44029. Number=6253
44030. Confirmed=X
44031. Filename=moviemk.exe
44032. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtb.html" target="_blank">DWNLDR-GTB</a> TROJAN!
44033. Source=Paul Collins Startup list
44034.  
44035. [MovieNetworks]
44036. Number=6254
44037. Confirmed=X
44038. Filename=MovieNetworks.exe
44039. Description=<a href="http://www.movienetworks.com/" target="_blank">MovieNetworks</a> will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory
44040. Source=Paul Collins Startup list
44041.  
44042. [Movieplace]
44043. Number=6255
44044. Confirmed=X
44045. Filename=Movieplace.exe
44046. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060662" target="_blank">MoviePlace</a> malware
44047. Source=Paul Collins Startup list
44048.  
44049. [Mozila]
44050. Number=6256
44051. Confirmed=X
44052. Filename=mozila.exe
44053. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotaj.html" target="_blank">DELBOT-AJ</a> WORM!
44054. Source=Paul Collins Startup list
44055.  
44056. [Mozila Firefox]
44057. Number=6257
44058. Confirmed=X
44059. Filename=firebox.exe
44060. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaip.html" target="_blank">RBOT-AIP</a> WORM!
44061. Source=Paul Collins Startup list
44062.  
44063. [Mozilla Firefox]
44064. Number=6258
44065. Confirmed=X
44066. Filename=F1REF0X.EXE
44067. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
44068. Source=Paul Collins Startup list
44069.  
44070. [Mozilla Quick Launch]
44071. Number=6259
44072. Confirmed=N
44073. Filename=Netscp6.exe
44074. Description=Netscape 6 and Mozilla browsers
44075. Source=Paul Collins Startup list
44076.  
44077. [Mozilla Quick Launch]
44078. Number=6260
44079. Confirmed=N
44080. Filename=Mozilla.exe
44081. Description=Netscape 6 and Mozilla browsers
44082. Source=Paul Collins Startup list
44083.  
44084. [Mozy Status]
44085. Number=6261
44086. Confirmed=U
44087. Filename=mozystat.exe
44088. Description=<a href="http://mozy.com/" target="_blank">Mozy</a> - free backup at a secure, remote location
44089. Source=Paul Collins Startup list
44090.  
44091. [MP Tcloakss]
44092. Number=6262
44093. Confirmed=X
44094. Filename=mptclock.exe
44095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbotb.html" target="_blank">NACKBOT-B</a> WORM!
44096. Source=Paul Collins Startup list
44097.  
44098. [MP Tcloaxs]
44099. Number=6263
44100. Confirmed=X
44101. Filename=mptcloaxs.exe
44102. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT" target="_blank">RANDEX.CT</a> WORM!
44103. Source=Paul Collins Startup list
44104.  
44105. [MP Tclockvv]
44106. Number=6264
44107. Confirmed=X
44108. Filename=mptclock.exe
44109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nackbota.html" target="_blank">NACKBOT-A</a> WORM!
44110. Source=Paul Collins Startup list
44111.  
44112. [Mp3 Loader]
44113. Number=6265
44114. Confirmed=X
44115. Filename=Sysdata.EXE
44116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32avettea.html" target=_blank>AVETTE-A</a> VIRUS!
44117. Source=Paul Collins Startup list
44118.  
44119. [MP3download]
44120. Number=6266
44121. Confirmed=X
44122. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
44123. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
44124. Source=Paul Collins Startup list
44125.  
44126. [MPEO]
44127. Number=6267
44128. Confirmed=U
44129. Filename=Csinsm32.exe
44130. Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
44131. Source=Paul Collins Startup list
44132.  
44133. [MPFExe]
44134. Number=6268
44135. Confirmed=Y
44136. Filename=mpf.exe
44137. Description=McAfee Personal Firewall
44138. Source=Paul Collins Startup list
44139.  
44140. [MPFExe]
44141. Number=6269
44142. Confirmed=Y
44143. Filename=MpfTray.exe
44144. Description=McAfee Personal Firewall
44145. Source=Paul Collins Startup list
44146.  
44147. [MPFTray]
44148. Number=6270
44149. Confirmed=Y
44150. Filename=MpfTray.exe
44151. Description=McAfee Personal Firewall
44152. Source=Paul Collins Startup list
44153.  
44154. [MPL32 driver]
44155. Number=6271
44156. Confirmed=X
44157. Filename=MPL32.exe
44158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonym.html" target="_blank">LOONY-M</a> TROJAN!
44159. Source=Paul Collins Startup list
44160.  
44161. [MPlay64]
44162. Number=6272
44163. Confirmed=X
44164. Filename=mplay64.exe
44165. Description=Added by the <a href="http://www.superadblocker.com/M/MPLAY64.EXE-6741.html" target=_blank>MPLAY64</a> TROJAN!
44166. Source=Paul Collins Startup list
44167.  
44168. [MplSetup]
44169. Number=6273
44170. Confirmed=U
44171. Filename=MplSetup.exe
44172. Description=Used by Ricoh network printers to enable network printing from the client
44173. Source=Paul Collins Startup list
44174.  
44175. [MPM Manager]
44176. Number=6274
44177. Confirmed=X
44178. Filename=MPM.exe
44179. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
44180. Source=Paul Collins Startup list
44181.  
44182. [MPNet]
44183. Number=6275
44184. Confirmed=X
44185. Filename=mpn.exe
44186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotw.html" target="_blank">DELBOT-W</a> WORM!
44187. Source=Paul Collins Startup list
44188.  
44189. [MPower]
44190. Number=6276
44191. Confirmed=U
44192. Filename=MPower.exe
44193. Description=<a href="http://www.mindbeat.com/" target="_blank">MPower</a> from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
44194. Source=Paul Collins Startup list
44195.  
44196. [mppdds]
44197. Number=6277
44198. Confirmed=X
44199. Filename=mppdds.exe
44200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsakz.html" target="_blank">PWS-AKZ</a> TROJAN!
44201. Source=Paul Collins Startup list
44202.  
44203. [mppds]
44204. Number=6278
44205. Confirmed=X
44206. Filename=mppds.exe
44207. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_LEGMIR.AQZ" target="_blank">LEGMIR.AQZ</a> TROJAN!
44208. Source=Paul Collins Startup list
44209.  
44210. [MPR MSG]
44211. Number=6279
44212. Confirmed=X
44213. Filename=mprmsg32.exe
44214. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051510-2144-99" target= blank>MYTOB.CF</a> WORM!
44215. Source=Paul Collins Startup list
44216.  
44217. [MPREXE]
44218. Number=6280
44219. Confirmed=X
44220. Filename=MPREXE.EXE
44221. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mprexe/" target="_blank"> Mprexe.exe</a> system file
44222. Source=Paul Collins Startup list
44223.  
44224. [MPREXE.exe]
44225. Number=6281
44226. Confirmed=Y
44227. Filename=mprexe.exe
44228. Description=WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see <a href="http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q178084&ID=KB;EN-US;Q178084" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
44229. Source=Paul Collins Startup list
44230.  
44231. [MprHTML]
44232. Number=6282
44233. Confirmed=X
44234. Filename=MprHTML.exe
44235. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
44236. Source=Paul Collins Startup list
44237.  
44238. [mprocessor]
44239. Number=6283
44240. Confirmed=X
44241. Filename=mprocessor.exe
44242. Description=InstallDollars.com foistware
44243. Source=Paul Collins Startup list
44244.  
44245. [MPSExe]
44246. Number=6284
44247. Confirmed=U
44248. Filename=mscifapp.exe
44249. Description=McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
44250. Source=Paul Collins Startup list
44251.  
44252. [MpsOnn]
44253. Number=6285
44254. Confirmed=Y
44255. Filename=MpsOnn.exe
44256. Description=Canon printer driver
44257. Source=Paul Collins Startup list
44258.  
44259. [MPT]
44260. Number=6286
44261. Confirmed=?
44262. Filename=MPT.exe
44263. Description=<font color="#FF0000">??</font>
44264. Source=Paul Collins Startup list
44265.  
44266. [MPtask Services]
44267. Number=6287
44268. Confirmed=X
44269. Filename=mptask.exe
44270. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122014-1523-99" target="_blank">LALA</a> or <a href="http://vil.nai.com/vil/content/v_99788.htm" target="_blank">AOT</a> TROJANS!
44271. Source=Paul Collins Startup list
44272.  
44273. [MPTBox]
44274. Number=6288
44275. Confirmed=N
44276. Filename=MPTBOX.EXE
44277. Description=Cannon Multi-Pass toolbox - a button bar
44278. Source=Paul Collins Startup list
44279.  
44280. [mptsgsvc.exe]
44281. Number=6289
44282. Confirmed=X
44283. Filename=mptsgsvc.exe
44284. Description=<a href="http://www.f-secure.com/v-descs/hacktool.shtml" target="_blank">Hacker Tool</a> - detected by <a href="http://www.diamondcs.com.au/" target= blank>DiamondCS</a> TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"
44285. Source=Paul Collins Startup list
44286.  
44287. [MPXTray]
44288. Number=6290
44289. Confirmed=N
44290. Filename=mpxptray.exe
44291. Description=Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
44292. Source=Paul Collins Startup list
44293.  
44294. [MP_STATUS_MONITOR]
44295. Number=6291
44296. Confirmed=U
44297. Filename=monitr32.exe
44298. Description=Cannon Multi-Pass status monitor - your choice
44299. Source=Paul Collins Startup list
44300.  
44301. [mqbkup]
44302. Number=6292
44303. Confirmed=X
44304. Filename=mqbkup.exe
44305. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122416-1629-99" target="_blank">OPASERV.K</a> WORM!
44306. Source=Paul Collins Startup list
44307.  
44308. [mrsvctr]
44309. Number=6293
44310. Confirmed=X
44311. Filename=mrsvctr.exe
44312. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
44313. Source=Paul Collins Startup list
44314.  
44315. [mrtMngr]
44316. Number=6294
44317. Confirmed=N
44318. Filename=mrtMngr.exe
44319. Description=Maintenance Release Task Manager for Intuit's QuickBooks or Quicken
44320. Source=Paul Collins Startup list
44321.  
44322. [MRU-Blaster Scheduler]
44323. Number=6295
44324. Confirmed=U
44325. Filename=scheduler.exe
44326. Description=Scheduler for <a href="http://www.javacoolsoftware.com/mrublaster.html" target="_blank">MRU-Blaster</a> - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"
44327. Source=Paul Collins Startup list
44328.  
44329. [MRU-Blaster Silent Clean]
44330. Number=6296
44331. Confirmed=N
44332. Filename=mrublaster.exe
44333. Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target="_blank">MRU-Blaster</a> - performs silent cleaning of MRU lists at boot
44334. Source=Paul Collins Startup list
44335.  
44336. [MRUBlaster]
44337. Number=6297
44338. Confirmed=U
44339. Filename=indexcleaner.exe
44340. Description=<a href="http://www.wilderssecurity.com/mrublaster.html" target=_blank>MRU-Blaster</a> related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder
44341. Source=Paul Collins Startup list
44342.  
44343. [ms]
44344. Number=6298
44345. Confirmed=X
44346. Filename=svhost32.exe
44347. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqo.html" target="_blank">LEGMIR-AQO</a> TROJAN!
44348. Source=Paul Collins Startup list
44349.  
44350. [MS Auto-IPSec Protection]
44351. Number=6299
44352. Confirmed=X
44353. Filename=MSASP32.exe
44354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaer.html" target=_blank>RBOT-AER</a> WORM!
44355.  
44356. Source=Paul Collins Startup list
44357.  
44358. [MS Autoloader 32]
44359. Number=6300
44360. Confirmed=X
44361. Filename=MSAuto32.exe
44362. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BD" target="_blank">SPYBOT.BD</a> WORM!
44363. Source=Paul Collins Startup list
44364.  
44365. [Ms Builders]
44366. Number=6301
44367. Confirmed=X
44368. Filename=Wupated.exe
44369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotss.html" target=_blank>AGOBOT-SS</a> WORM!
44370. Source=Paul Collins Startup list
44371.  
44372. [MS Config]
44373. Number=6302
44374. Confirmed=X
44375. Filename=msdconfig.exe
44376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotczh.html" target="_blank">RBOT-CZH</a> WORM!
44377. Source=Paul Collins Startup list
44378.  
44379. [MS Config Loader]
44380. Number=6303
44381. Confirmed=X
44382. Filename=svchos1.exe
44383. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.R" target="_blank">AGOBOT.R</a> WORM!
44384. Source=Paul Collins Startup list
44385.  
44386. [MS Config Loader]
44387. Number=6304
44388. Confirmed=X
44389. Filename=MSWin32bck.exe
44390. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082113-0023-99" target="_blank">GAOBOT.AA</a> WORM!
44391. Source=Paul Collins Startup list
44392.  
44393. [MS Config Loader]
44394. Number=6305
44395. Confirmed=X
44396. Filename=svcrhost.exe
44397. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
44398. Source=Paul Collins Startup list
44399.  
44400. [MS Config Service]
44401. Number=6306
44402. Confirmed=X
44403. Filename=Msloader32.exe
44404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkj.html" target="_blank">RBOT-KJ</a> WORM!
44405. Source=Paul Collins Startup list
44406.  
44407. [MS Config v13]
44408. Number=6307
44409. Confirmed=U
44410. Filename=lrbz32.exe
44411. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.aol.html" target=_blank>GAOBOT.AOL</a> WORM!
44412. Source=Paul Collins Startup list
44413.  
44414. [Ms configsu]
44415. Number=6308
44416. Confirmed=X
44417. Filename=msconfigsu.exe
44418. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
44419. Source=Paul Collins Startup list
44420.  
44421. [MS Configuration]
44422. Number=6309
44423. Confirmed=X
44424. Filename=MSFramer.exe
44425. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032615-0559-99" target="_blank">RANDEX.OL</a> WORM!
44426. Source=Paul Collins Startup list
44427.  
44428. [Ms Configuration]
44429. Number=6310
44430. Confirmed=X
44431. Filename=microsoftsa32.exe
44432. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041621-4123-99" target=_blank>KELVIR.X</a> WORM!
44433. Source=Paul Collins Startup list
44434.  
44435. [MS DATABASE]
44436. Number=6311
44437. Confirmed=X
44438. Filename=MSDATA32.EXE
44439. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
44440. Source=Paul Collins Startup list
44441.  
44442. [MS Decryption Software]
44443. Number=6312
44444. Confirmed=X
44445. Filename=active.exe
44446. Description=<a href="http://www.spywareguide.com/product_show.php?id=813" target="_blank">MediaTickets</a> adware variant
44447. Source=Paul Collins Startup list
44448.  
44449. [MS DirectX Sound Drivers]
44450. Number=6313
44451. Confirmed=X
44452. Filename=msdrvdx.exe
44453. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCX&VSect=T" target=_blank>RBOT.BCX</a> WORM!
44454. Source=Paul Collins Startup list
44455.  
44456. [MS DLL Library Manager]
44457. Number=6314
44458. Confirmed=X
44459. Filename=dllsys64.exe
44460. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Ranky&threatid=39385" target="_blank">RANKY</a> TROJAN!
44461. Source=Paul Collins Startup list
44462.  
44463. [MS Domain Name Server Deamon]
44464. Number=6315
44465. Confirmed=X
44466. Filename=MSDNSD32.exe
44467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcmz.html" target="_blank">RBOT-CMZ</a> WORM!
44468. Source=Paul Collins Startup list
44469.  
44470. [MS Domain Name System]
44471. Number=6316
44472. Confirmed=X
44473. Filename=MSWDNS32.exe
44474. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgky.html" target="_blank">RBOT-GKY</a> WORM!
44475. Source=Paul Collins Startup list
44476.  
44477. [MS DVD DirectX Dll Drivers]
44478. Number=6317
44479. Confirmed=X
44480. Filename=mdxdl.exe
44481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxi.html" target= blank>SDBOT-XI</a> WORM!
44482. Source=Paul Collins Startup list
44483.  
44484. [MS DVD DirectX Sound Drivers]
44485. Number=6318
44486. Confirmed=X
44487. Filename=msdrvdx.exe
44488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxj.html" target= blank>SDBOT-XJ</a> WORM!
44489. Source=Paul Collins Startup list
44490.  
44491. [MS Explorer]
44492. Number=6319
44493. Confirmed=X
44494. Filename=mexplore.exe
44495. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102707-4458-99" target="_blank">YAHA.AE</a> WORM!
44496. Source=Paul Collins Startup list
44497.  
44498. [MS FIREWALL]
44499. Number=6320
44500. Confirmed=X
44501. Filename=msfrewall.exe
44502. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpu.html" target=_blank>SDBOT-PU</a> WORM!
44503. Source=Paul Collins Startup list
44504.  
44505. [MS FIREWALL]
44506. Number=6321
44507. Confirmed=X
44508. Filename=msfirewall.exe
44509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqh.html" target=_blank>SDBOT-QH</a> WORM!
44510.  
44511. Source=Paul Collins Startup list
44512.  
44513. [MS HTML]
44514. Number=6322
44515. Confirmed=X
44516. Filename=msHtml.exe
44517. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PESTDOOR.31" target="_blank">PESTDOOR.31</a> TROJAN!
44518. Source=Paul Collins Startup list
44519.  
44520. [MS HTML]
44521. Number=6323
44522. Confirmed=X
44523. Filename=mslat.exe
44524. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.SVR" target="_blank">LATINUS.SVR</a> TROJAN!
44525. Source=Paul Collins Startup list
44526.  
44527. [MS HTML Location Class]
44528. Number=6324
44529. Confirmed=X
44530. Filename=MSHTML32.exe
44531. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyd.html" target= blank>RBOT-YD</a> WORM!
44532. Source=Paul Collins Startup list
44533.  
44534. [MS Internet Executor 32]
44535. Number=6325
44536. Confirmed=X
44537. Filename=MSIXEC32.exe
44538. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeq.html" target=_blank>RBOT-AEQ</a> WORM!
44539. Source=Paul Collins Startup list
44540.  
44541. [MS Java Applets for Windows NT & XP]
44542. Number=6326
44543. Confirmed=X
44544. Filename=javaapplet.exe
44545. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bhg&threatid=49487" target="_blank">RBOT.BHG</a> WORM!
44546. Source=Paul Collins Startup list
44547.  
44548. [MS Java Applets for Windows NT, ME & XP]
44549. Number=6327
44550. Confirmed=U
44551. Filename=javaapplets.exe
44552. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotb.html" target="_blank">VANEBOT-B</a> WORM!
44553. Source=Paul Collins Startup list
44554.  
44555. [Ms Java for Windows 98, NT, ME & XP]
44556. Number=6328
44557. Confirmed=X
44558. Filename=msjavames.exe
44559. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bhj&threatid=49488" target="_blank">RBOT.BHJ</a> WORM!
44560. Source=Paul Collins Startup list
44561.  
44562. [Ms Java for Windows 98, NT, XP & ME]
44563. Number=6329
44564. Confirmed=X
44565. Filename=msjavaxps.exe
44566. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=94ecff2c00a4a555c64602e0e6c7f3004273fc9b&psection=desc" target="_blank">BACKDOOR.GEN</a> TROJAN!
44567. Source=Paul Collins Startup list
44568.  
44569. [Ms Java for Windows NT]
44570. Number=6330
44571. Confirmed=X
44572. Filename=MS32.exe
44573. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vaneboth.html" target="_blank">VANEBOT-H</a> WORM!
44574. Source=Paul Collins Startup list
44575.  
44576. [Ms Java for Windows NT]
44577. Number=6331
44578. Confirmed=X
44579. Filename=msi32java.exe
44580. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vaneboti.html" target="_blank">VANEBOT-I</a> WORM!
44581. Source=Paul Collins Startup list
44582.  
44583. [Ms Java for Windows NT]
44584. Number=6332
44585. Confirmed=X
44586. Filename=msjava.exe
44587. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebote.html" target="_blank">VANEBOT-E</a> WORM!
44588. Source=Paul Collins Startup list
44589.  
44590. [MS Java for Windows NT, XP & ME]
44591. Number=6333
44592. Confirmed=X
44593. Filename=xpjavams.exe
44594. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kassbotv.html" target="_blank">KASSBOT-V</a> WORM!
44595. Source=Paul Collins Startup list
44596.  
44597. [MS Java for Windows XP & NT]
44598. Number=6334
44599. Confirmed=X
44600. Filename=javanet.exe
44601. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebota.html" target="_blank">VANEBOT-A</a> WORM!
44602. Source=Paul Collins Startup list
44603.  
44604. [MS Java Service Wrapper for Windows NT & XP]
44605. Number=6335
44606. Confirmed=U
44607. Filename=wrapper.exe
44608. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotd.html" target="_blank">VANEBOT-D</a> WORM!
44609. Source=Paul Collins Startup list
44610.  
44611. [Ms Java Update For Windows NT/XP]
44612. Number=6336
44613. Confirmed=X
44614. Filename=msijavaupdt32.exe
44615. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AF" target="_blank">RANDEX.AF</a> WORM!
44616. Source=Paul Collins Startup list
44617.  
44618. [MS lsass Startup]
44619. Number=6337
44620. Confirmed=X
44621. Filename=lsass135.exe
44622. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WM" target="_blank">RBOT.WM</a> WORM!
44623. Source=Paul Collins Startup list
44624.  
44625. [MS management console]
44626. Number=6338
44627. Confirmed=?
44628. Filename=mms.exe
44629. Description=<font color="#FF0000">Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup</font>
44630. Source=Paul Collins Startup list
44631.  
44632. [MS Microsoft Socket Deamon]
44633. Number=6339
44634. Confirmed=X
44635. Filename=MSSCKD32.exe
44636. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
44637. Source=Paul Collins Startup list
44638.  
44639. [MS MSN Menssenger 7.0]
44640. Number=6340
44641. Confirmed=X
44642. Filename=MSMSN7.exe
44643. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaca.html" target= blank>RBOT-ACA</a> WORM!
44644. Source=Paul Collins Startup list
44645.  
44646. [MS MSN Menssenger 7.0]
44647. Number=6341
44648. Confirmed=X
44649. Filename=MSEXPORT.exe
44650. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
44651. Source=Paul Collins Startup list
44652.  
44653. [MS Network Control]
44654. Number=6342
44655. Confirmed=X
44656. Filename=mswin.exe
44657. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091616-5442-99" target="_blank">DUMBA</a> TROJAN!
44658. Source=Paul Collins Startup list
44659.  
44660. [ms ownage]
44661. Number=6343
44662. Confirmed=X
44663. Filename=winPE.exe
44664. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajl.html" target=_blank>RBOT-AJL</a> WORM!
44665. Source=Paul Collins Startup list
44666.  
44667. [MS PLUS INC]
44668. Number=6344
44669. Confirmed=X
44670. Filename=wpad.exe
44671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytoban.html" target=_blank>MYTOB-AN</a> WORM!
44672. Source=Paul Collins Startup list
44673.  
44674. [Ms Processe Manager]
44675. Number=6345
44676. Confirmed=X
44677. Filename=msproc.exe
44678. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATO" target="_blank">RBOT.ATO</a> WORM!
44679. Source=Paul Collins Startup list
44680.  
44681. [MS Real Player]
44682. Number=6346
44683. Confirmed=X
44684. Filename=RealPlyr.exe
44685. Description=Added by the <a href="http://de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RBOT.MR" target=_blank>RBOT.MR</a> WORM!
44686. Source=Paul Collins Startup list
44687.  
44688. [MS Registry Service]
44689. Number=6347
44690. Confirmed=X
44691. Filename=MSRMS32.exe
44692. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakp.html" target=_blank>RBOT-AKP</a> WORM!
44693. Source=Paul Collins Startup list
44694.  
44695. [MS Remote Procedure Call]
44696. Number=6348
44697. Confirmed=X
44698. Filename=msrpc32.exe
44699. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotql.html" target=_blank>RBOT-QL</a> WORM!
44700. Source=Paul Collins Startup list
44701.  
44702. [MS Screen Saver]
44703. Number=6349
44704. Confirmed=X
44705. Filename=scrsave.scr
44706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagt.html" target=_blank>RBOT-AGT</a> WORM!
44707. Source=Paul Collins Startup list
44708.  
44709. [MS Security]
44710. Number=6350
44711. Confirmed=X
44712. Filename=systm.pif
44713. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqn.html" target=_blank>RBOT-AQN</a> WORM!
44714. Source=Paul Collins Startup list
44715.  
44716. [MS Security Authority Service]
44717. Number=6351
44718. Confirmed=X
44719. Filename=lsass.exe
44720. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
44721. Source=Paul Collins Startup list
44722.  
44723. [MS Security Hotfix]
44724. Number=6352
44725. Confirmed=X
44726. Filename=service5.exe
44727. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092318-4059-99" target="_blank">GAOBOT.AG</a> WORM!
44728. Source=Paul Collins Startup list
44729.  
44730. [MS Security Update 993]
44731. Number=6353
44732. Confirmed=X
44733. Filename=msident.exe
44734. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
44735. Source=Paul Collins Startup list
44736.  
44737. [MS service]
44738. Number=6354
44739. Confirmed=X
44740. Filename=msservice.exe
44741. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzg.html" target= blank>RBOT-ZG</a> WORM!
44742. Source=Paul Collins Startup list
44743.  
44744. [MS Service Drivers]
44745. Number=6355
44746. Confirmed=X
44747. Filename=winscv.exe
44748. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcog.html" target="_blank">SDBOT-COG</a> WORM!
44749. Source=Paul Collins Startup list
44750.  
44751. [Ms sock for Windows NT]
44752. Number=6356
44753. Confirmed=X
44754. Filename=winser.exe
44755. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
44756. Source=Paul Collins Startup list
44757.  
44758. [MS Sound Config 16bit]
44759. Number=6357
44760. Confirmed=X
44761. Filename=sndcfg16.exe
44762. Description=Added by the <a href="http://www.f-secure.com/v-descs/sdbot_mb.shtml" target="_blank">SDBOT.MB</a> TROJAN!
44763. Source=Paul Collins Startup list
44764.  
44765. [Ms Sound Drivers]
44766. Number=6358
44767. Confirmed=X
44768. Filename=msdrv.exe
44769. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwr.html" target=_blank>SDBOT-WR</a> WORM!
44770. Source=Paul Collins Startup list
44771.  
44772. [Ms Spool32]
44773. Number=6359
44774. Confirmed=X
44775. Filename=MS SPOOL32.EXE
44776. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070311-2607-99" target="_blank">ASASSIN</a> TROJAN!
44777. Source=Paul Collins Startup list
44778.  
44779. [MS SyS Restore]
44780. Number=6360
44781. Confirmed=X
44782. Filename=sysrestore.exe
44783. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XM" target="_blank">RBOT.XM</a> WORM!
44784. Source=Paul Collins Startup list
44785.  
44786. [MS Sys Security]
44787. Number=6361
44788. Confirmed=X
44789. Filename=mswin.pif
44790. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapj.html" target=_blank>RBOT-APJ</a> WORM!
44791. Source=Paul Collins Startup list
44792.  
44793. [MS System Call Function]
44794. Number=6362
44795. Confirmed=X
44796. Filename=msscf32.exe
44797. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgbz.html" target="_blank">RBOT-GBZ</a> WORM!
44798. Source=Paul Collins Startup list
44799.  
44800. [Ms System Config]
44801. Number=6363
44802. Confirmed=X
44803. Filename=Mscfg.exe
44804. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotccr.html" target="_blank">SDBOT-CCR</a> WORM!
44805. Source=Paul Collins Startup list
44806.  
44807. [Ms System Config]
44808. Number=6364
44809. Confirmed=X
44810. Filename=pcedit.exe
44811. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
44812. Source=Paul Collins Startup list
44813.  
44814. [MS System Security]
44815. Number=6365
44816. Confirmed=X
44817. Filename=mswin32.pif
44818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaox.html" target=_blank>RBOT-AOX</a> WORM!
44819. Source=Paul Collins Startup list
44820.  
44821. [Ms task manager]
44822. Number=6366
44823. Confirmed=X
44824. Filename=tskmgr.exe
44825. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CCD" target="_blank">SDBOT.CCD</a> WORM!
44826. Source=Paul Collins Startup list
44827.  
44828. [MS taskbar]
44829. Number=6367
44830. Confirmed=X
44831. Filename=crssr.exe
44832. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotago.html" target=_blank>RBOT-AGO</a> WORM!
44833. Source=Paul Collins Startup list
44834.  
44835. [MS taskbar]
44836. Number=6368
44837. Confirmed=X
44838. Filename=nts.exe
44839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagb.html" target=_blank>RBOT-AGB</a> WORM! 
44840. Source=Paul Collins Startup list
44841.  
44842. [MS taskbar]
44843. Number=6369
44844. Confirmed=X
44845. Filename=taskbars.exe
44846. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRW&VSect=P" target=_blank>RBOT.BRW</a> WORM!
44847. Source=Paul Collins Startup list
44848.  
44849. [MS Taskbars]
44850. Number=6370
44851. Confirmed=X
44852. Filename=taskbars.exe
44853. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacv.html" target=_blank>SDBOT-ACV</a> WORM!
44854. Source=Paul Collins Startup list
44855.  
44856. [MS taskmanager]
44857. Number=6371
44858. Confirmed=X
44859. Filename=tskmgr.exe
44860. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaka.html" target=_blank>RBOT-AKA</a> WORM!
44861. Source=Paul Collins Startup list
44862.  
44863. [MS UniX]
44864. Number=6372
44865. Confirmed=X
44866. Filename=navupdate64.exe
44867. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
44868. Source=Paul Collins Startup list
44869.  
44870. [MS Unix Binary]
44871. Number=6373
44872. Confirmed=X
44873. Filename=win32ttb.exe
44874. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.OQ&VSect=P" target=_blank>SPYBOT.OQ</a> WORM!
44875. Source=Paul Collins Startup list
44876.  
44877. [MS Unix Binary]
44878. Number=6374
44879. Confirmed=X
44880. Filename=msmq2inst.exe
44881. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyf.html" target=_blank>RBOT-YF</a> WORM!
44882. Source=Paul Collins Startup list
44883.  
44884. [MS Unix Binary]
44885. Number=6375
44886. Confirmed=X
44887. Filename=msnupdate.exe
44888. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaam.html" target=_blank>RBOT-AAM</a> WORM!
44889. Source=Paul Collins Startup list
44890.  
44891. [MS Unix Binary]
44892. Number=6376
44893. Confirmed=X
44894. Filename=outlookexpressupdate.exe
44895. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyu.html" target=_blank>RBOT-YU</a> WORM!
44896. Source=Paul Collins Startup list
44897.  
44898. [MS Unix Binary]
44899. Number=6377
44900. Confirmed=X
44901. Filename=Win32Update.exe
44902. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbas.html" target=_blank>RBOT-BAS</a> WORM!
44903. Source=Paul Collins Startup list
44904.  
44905. [MS Unix Binary]
44906. Number=6378
44907. Confirmed=X
44908. Filename=Norton2005Update.exe
44909. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
44910. Source=Paul Collins Startup list
44911.  
44912. [MS Unix Binary]
44913. Number=6379
44914. Confirmed=X
44915. Filename=trmupdate.exe
44916. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacc.html" target= blank>RBOT-ACC</a> WORM!
44917. Source=Paul Collins Startup list
44918.  
44919. [MS Unix Binary]
44920. Number=6380
44921. Confirmed=X
44922. Filename=WinGuard.exe
44923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacl.html" target= blank>RBOT-ACL</a> WORM!
44924. Source=Paul Collins Startup list
44925.  
44926. [MS Unix Binary]
44927. Number=6381
44928. Confirmed=X
44929. Filename=msnq3insller.exe
44930. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
44931. Source=Paul Collins Startup list
44932.  
44933. [MS Update]
44934. Number=6382
44935. Confirmed=X
44936. Filename=syshost.exe
44937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32evamanf.html" target="_blank">EVAMAN-F</a> WORM!
44938. Source=Paul Collins Startup list
44939.  
44940. [Ms Update WinServices NT/XP]
44941. Number=6383
44942. Confirmed=X
44943. Filename=winservnt32.exe
44944. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotg.html" target="_blank">VANEBOT-G</a> WORM!
44945. Source=Paul Collins Startup list
44946.  
44947. [MS Updates]
44948. Number=6384
44949. Confirmed=X
44950. Filename=mscache.exe
44951. Description=Spyware web downloader
44952. Source=Paul Collins Startup list
44953.  
44954. [MS Updates]
44955. Number=6385
44956. Confirmed=X
44957. Filename=syshosts.exe
44958. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091518-1442-99" target="_blank">MYDOOM.Y</a> WORM!
44959. Source=Paul Collins Startup list
44960.  
44961. [MS Updates]
44962. Number=6386
44963. Confirmed=X
44964. Filename=aupd.exe
44965. Description=Spyware web downloader
44966. Source=Paul Collins Startup list
44967.  
44968. [MS Updating Utility]
44969. Number=6387
44970. Confirmed=X
44971. Filename=msupdater.exe
44972. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxr.html" target= blank>RBOT-XR</a> WORM!
44973. Source=Paul Collins Startup list
44974.  
44975. [MS USB 2.0 Windows Support]
44976. Number=6388
44977. Confirmed=X
44978. Filename=msusb32.exe
44979. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
44980. Source=Paul Collins Startup list
44981.  
44982. [Ms Valud Loader]
44983. Number=6389
44984. Confirmed=X
44985. Filename=Svhots.exe
44986. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsp.html" target=_blank>AGOBOT-SP</a> WORM!
44987. Source=Paul Collins Startup list
44988.  
44989. [ms window update]
44990. Number=6390
44991. Confirmed=X
44992. Filename=******.exe [* = random character]
44993. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
44994. Source=Paul Collins Startup list
44995.  
44996. [MS Windows AOL Driver]
44997. Number=6391
44998. Confirmed=X
44999. Filename=MSAOLdrv.exe
45000. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasp.html" target=_blank>RBOT-ASP</a> WORM!
45001. Source=Paul Collins Startup list
45002.  
45003. [MS windows Data list process]
45004. Number=6392
45005. Confirmed=X
45006. Filename=MSDATLST.exe
45007. Description=Added by an unidentified WORM or TROJAN!
45008. Source=Paul Collins Startup list
45009.  
45010. [MS Windows procces 32]
45011. Number=6393
45012. Confirmed=X
45013. Filename=msprocces.exe
45014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaez.html" target=_blank>RBOT-AEZ</a> WORM!
45015. Source=Paul Collins Startup list
45016.  
45017. [MS Windows Process Class]
45018. Number=6394
45019. Confirmed=X
45020. Filename=MSPRCSS32.exe
45021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyq.html" target= blank>RBOT-YQ</a> WORM!
45022. Source=Paul Collins Startup list
45023.  
45024. [MS Windows Process Init]
45025. Number=6395
45026. Confirmed=X
45027. Filename=MSWPI32.exe
45028. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasq.html" target=_blank>RBOT-ASQ</a> WORM!
45029. Source=Paul Collins Startup list
45030.  
45031. [MS Windows Security Updater]
45032. Number=6396
45033. Confirmed=X
45034. Filename=updater.pif
45035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaky.html" target=_blank>RBOT-AKY</a> WORM!
45036. Source=Paul Collins Startup list
45037.  
45038. [MS Windows System Alert]
45039. Number=6397
45040. Confirmed=X
45041. Filename=MSWSA32.exe
45042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbfn.html" target="_blank">RBOT-BFN</a> WORM!
45043. Source=Paul Collins Startup list
45044.  
45045. [MS Windows Update]
45046. Number=6398
45047. Confirmed=X
45048. Filename=scguard.exe
45049. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyz.html" target= blank>RBOT-YZ</a> WORM!
45050. Source=Paul Collins Startup list
45051.  
45052. [MS WINS Binary]
45053. Number=6399
45054. Confirmed=X
45055. Filename=ign32.pif
45056. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasb.html" target=_blank>RBOT-ASB</a> WORM!
45057. Source=Paul Collins Startup list
45058.  
45059. [ms************* [* = random digit]]
45060. Number=6400
45061. Confirmed=X
45062. Filename=ms*************.exe [* = random digit]
45063. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
45064. Source=Paul Collins Startup list
45065.  
45066. [Ms**.exe [* = random char]]
45067. Number=6401
45068. Confirmed=X
45069. Filename=Ms**.exe [* = random char]
45070. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
45071. Source=Paul Collins Startup list
45072.  
45073. [Ms**32.exe [* = random char]]
45074. Number=6402
45075. Confirmed=X
45076. Filename=Ms**32.exe [* = random char]
45077. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
45078. Source=Paul Collins Startup list
45079.  
45080. [MS-Connect]
45081. Number=6403
45082. Confirmed=X
45083. Filename=arr.exe
45084. Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
45085. Source=Paul Collins Startup list
45086.  
45087. [MS-Connect]
45088. Number=6404
45089. Confirmed=X
45090. Filename=cdm.exe
45091. Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
45092. Source=Paul Collins Startup list
45093.  
45094. [MS-Connect]
45095. Number=6405
45096. Confirmed=X
45097. Filename=game.exe
45098. Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
45099. Source=Paul Collins Startup list
45100.  
45101. [MS-Connect]
45102. Number=6406
45103. Confirmed=X
45104. Filename=msite18.exe
45105. Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
45106. Source=Paul Collins Startup list
45107.  
45108. [MS-Connect]
45109. Number=6407
45110. Confirmed=X
45111. Filename=web.exe
45112. Description=Adult content dialler - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99972" target="_blank">here</a>
45113. Source=Paul Collins Startup list
45114.  
45115. [MS-DOS Boot Service]
45116. Number=6408
45117. Confirmed=X
45118. Filename=Boot32.pif
45119. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamf.html" target=_blank>RBOT-AMF</a> WORM!
45120. Source=Paul Collins Startup list
45121.  
45122. [MS-DOS Security Service]
45123. Number=6409
45124. Confirmed=X
45125. Filename=ms-dos.pif
45126. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamr.html" target=_blank>RBOT-AMR</a> WORM!
45127. Source=Paul Collins Startup list
45128.  
45129. [MS-DOS Service]
45130. Number=6410
45131. Confirmed=X
45132. Filename=MS-DOS.pif
45133. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaii.html" target="_blank">RBOT-AII</a> WORM!
45134. Source=Paul Collins Startup list
45135.  
45136. [MS-DOS Windows Service]
45137. Number=6411
45138. Confirmed=X
45139. Filename=MS-DOS.PIF
45140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajw.html" target=_blank>RBOT-AJW</a> WORM!
45141. Source=Paul Collins Startup list
45142.  
45143. [MS-HTML]
45144. Number=6412
45145. Confirmed=X
45146. Filename=[random filename]
45147. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.15" target="_blank">LATINUS.15</a> TROJAN!
45148. Source=Paul Collins Startup list
45149.  
45150. [MS-patch]
45151. Number=6413
45152. Confirmed=X
45153. Filename=msconfig32.exe
45154. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauf.html" target=_blank>RBOT-AUF</a> WORM!
45155. Source=Paul Collins Startup list
45156.  
45157. [MS-patch]
45158. Number=6414
45159. Confirmed=X
45160. Filename=mspatch32.exe
45161. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawf.html" target=_blank>RBOT-AWF</a> TROJAN!
45162. Source=Paul Collins Startup list
45163.  
45164. [MS-RunKey]
45165. Number=6415
45166. Confirmed=X
45167. Filename=arr.exe
45168. Description=MS-Connect dialler/hijacker
45169. Source=Paul Collins Startup list
45170.  
45171. [ms2src]
45172. Number=6416
45173. Confirmed=X
45174. Filename=ms2src.exe
45175. Description=Added by a TROJAN - see <a href="http://greatis.com/appdata/d/m/ms2src.exe_Removal.htm" target=_blank>here</a> 
45176.  
45177. Source=Paul Collins Startup list
45178.  
45179. [MS32DLL]
45180. Number=6417
45181. Confirmed=X
45182. Filename=achi.dll.vbs
45183. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojachia.html" target="_blank">ACHI-A</a> TROJAN!
45184. Source=Paul Collins Startup list
45185.  
45186. [MS32DLL]
45187. Number=6418
45188. Confirmed=X
45189. Filename=Bha.dll.vbs
45190. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsbutsura.html" target="_blank">BUTSUR-A</a> WORM!
45191. Source=Paul Collins Startup list
45192.  
45193. [MS32DLL]
45194. Number=6419
45195. Confirmed=X
45196. Filename=Bha.dll.vbs
45197. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsbutsura.html" target="_blank">BUTSUR-A</a> WORM!
45198. Source=Paul Collins Startup list
45199.  
45200. [MS7531]
45201. Number=6420
45202. Confirmed=X
45203. Filename=ms7531.exe
45204. Description=Homepage hijacker
45205. Source=Paul Collins Startup list
45206.  
45207. [MSACM]
45208. Number=6421
45209. Confirmed=X
45210. Filename=msacm.exe
45211. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
45212. Source=Paul Collins Startup list
45213.  
45214. [msadcheck]
45215. Number=6422
45216. Confirmed=X
45217. Filename=msadcheck32.exe
45218. Description=Browser hijacker, redirecting to search-system.com
45219.  
45220. Source=Paul Collins Startup list
45221.  
45222. [MSAdmin]
45223. Number=6423
45224. Confirmed=X
45225. Filename=jdbgmrg.exe
45226. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A" target="_blank">DASMIN.A</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99436" target="_blank">here</a>
45227. Source=Paul Collins Startup list
45228.  
45229. [MSAgent]
45230. Number=6424
45231. Confirmed=X
45232. Filename=mshtm.exe
45233. Description=Browser hijacker - redirecting to buldog-search.com
45234.  
45235. Source=Paul Collins Startup list
45236.  
45237. [MSAgent]
45238. Number=6425
45239. Confirmed=X
45240. Filename=hhnt.exe
45241. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.JI" target=_blank>AGENT.JI</a> spyware
45242. Source=Paul Collins Startup list
45243.  
45244. [MSAgentXP]
45245. Number=6426
45246. Confirmed=X
45247. Filename=MSAgentXP.exe
45248. Description=Reported by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a> as TrojanDownloader.Reqlook.c
45249. Source=Paul Collins Startup list
45250.  
45251. [msaim]
45252. Number=6427
45253. Confirmed=U
45254. Filename=msaolim.exe
45255. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050516-5740-99" target= blank>MessageSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
45256. Source=Paul Collins Startup list
45257.  
45258. [msappts32]
45259. Number=6428
45260. Confirmed=X
45261. Filename=msappts32.exe
45262. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelburroa.html" target=_blank>ELBURRO-A</a> TROJAN!
45263. Source=Paul Collins Startup list
45264.  
45265. [MsAudio]
45266. Number=6429
45267. Confirmed=X
45268. Filename=explorer.exe
45269. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirby.html" target=_blank>LEGMIR-BY</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
45270. Source=Paul Collins Startup list
45271.  
45272. [MsAudio]
45273. Number=6430
45274. Confirmed=X
45275. Filename=MsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWnd
45276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirby.html" target=_blank>LEGMIR-BY</a> TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see <a href="http://www.sysinfo.org/startuplist.php?filter=CMICtrlWnd" target=_blank>here</a>)
45277. Source=Paul Collins Startup list
45278.  
45279. [MSbackups]
45280. Number=6431
45281. Confirmed=X
45282. Filename=backups.exe
45283. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html" target="_blank">BANLOAD-TL</a> TROJAN!
45284. Source=Paul Collins Startup list
45285.  
45286. [MSBB]
45287. Number=6432
45288. Confirmed=X
45289. Filename=msbb.exe
45290. Description=Advertising spyware
45291. Source=Paul Collins Startup list
45292.  
45293. [msbcs]
45294. Number=6433
45295. Confirmed=X
45296. Filename=msbcs.exe
45297. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobrag.html" target=_blank>DADOBRA-G</a> TROJAN!
45298. Source=Paul Collins Startup list
45299.  
45300. [MsBootMgr.exe]
45301. Number=6434
45302. Confirmed=X
45303. Filename=MsBootMgr.exe
45304. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040711-2720-99" target=_blank>VERIFY</a> TROJAN!
45305. Source=Paul Collins Startup list
45306.  
45307. [msbsc]
45308. Number=6435
45309. Confirmed=X
45310. Filename=[path to trojan]
45311. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdf.html" target=_blank>BANKER-DF</a> TROJAN!
45312. Source=Paul Collins Startup list
45313.  
45314. [msccrt]
45315. Number=6436
45316. Confirmed=X
45317. Filename=msccrt.exe
45318. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsala.html" target="_blank">PWS-ALA</a> TROJAN!
45319. Source=Paul Collins Startup list
45320.  
45321. [mschkdf.exe]
45322. Number=6437
45323. Confirmed=X
45324. Filename=mschkdf.exe
45325. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
45326. Source=Paul Collins Startup list
45327.  
45328. [MSChoExE]
45329. Number=6438
45330. Confirmed=X
45331. Filename=suge.exe
45332. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
45333.  
45334. Source=Paul Collins Startup list
45335.  
45336. [msci]
45337. Number=6439
45338. Confirmed=?
45339. Filename=mcinfo.exe
45340. Description=McAfee Internet Security related. <font color="#FF0000">What does it do and is it required?</font>
45341. Source=Paul Collins Startup list
45342.  
45343. [mscman]
45344. Number=6440
45345. Confirmed=X
45346. Filename=mscman.exe
45347. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
45348. Source=Paul Collins Startup list
45349.  
45350. [mscn]
45351. Number=6441
45352. Confirmed=U
45353. Filename=mscn.exe
45354. Description=Part of the SafeChildNet internet filtering program - required if you use it
45355. Source=Paul Collins Startup list
45356.  
45357. [Mscnt]
45358. Number=6442
45359. Confirmed=X
45360. Filename=mscnt.exe
45361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucac.html" target=_blank>DLUCA-C</a> TROJAN!
45362. Source=Paul Collins Startup list
45363.  
45364. [Mscolour]
45365. Number=6443
45366. Confirmed=X
45367. Filename=mscolour.exe
45368. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40574" target=_blank>GEMA</a> TROJAN!
45369. Source=Paul Collins Startup list
45370.  
45371. [MSCommX]
45372. Number=6444
45373. Confirmed=X
45374. Filename=mscommx.exe
45375. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
45376. Source=Paul Collins Startup list
45377.  
45378. [MSCONFG32.EXE]
45379. Number=6445
45380. Confirmed=X
45381. Filename=MSCONFG32.EXE
45382. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102319-1255-99" target="_blank">OPTIX.04.C</a> TROJAN!
45383. Source=Paul Collins Startup list
45384.  
45385. [MSConfig]
45386. Number=6446
45387. Confirmed=N
45388. Filename=msconfig.exe
45389. Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
45390. Source=Paul Collins Startup list
45391.  
45392. [MSConfig]
45393. Number=6447
45394. Confirmed=X
45395. Filename=MSCONFIG32.EXE
45396. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.B&VSect=P" target=_blank>SPYBOT.B</a> WORM!
45397. Source=Paul Collins Startup list
45398.  
45399. [msconfig]
45400. Number=6448
45401. Confirmed=X
45402. Filename=msconfig.exe
45403. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite related. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
45404. Source=Paul Collins Startup list
45405.  
45406. [Msconfig]
45407. Number=6449
45408. Confirmed=X
45409. Filename=msconfig.exe
45410. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020316-5130-99" target="_blank">WINUR</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
45411. Source=Paul Collins Startup list
45412.  
45413. [msconfig]
45414. Number=6450
45415. Confirmed=X
45416. Filename=wins.exe
45417. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PF&VSect=P" target=_blank>RBOT.PF</a> WORM!
45418. Source=Paul Collins Startup list
45419.  
45420. [MSConfig]
45421. Number=6451
45422. Confirmed=X
45423. Filename=MSCONFIG35.EXE
45424. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
45425. Source=Paul Collins Startup list
45426.  
45427. [msconfig]
45428. Number=6452
45429. Confirmed=X
45430. Filename=scvhost.exe
45431. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
45432. Source=Paul Collins Startup list
45433.  
45434. [msconfig]
45435. Number=6453
45436. Confirmed=X
45437. Filename=winlog.exe
45438. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
45439. Source=Paul Collins Startup list
45440.  
45441. [Msconfig]
45442. Number=6454
45443. Confirmed=X
45444. Filename=icpldrvx.exe
45445. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANLOAD.BFT" target="_blank">BANLOAD.BFT</a> TROJAN!
45446. Source=Paul Collins Startup list
45447.  
45448. [msconfig]
45449. Number=6455
45450. Confirmed=X
45451. Filename=msconfig.com
45452. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotsm.html" target="_blank">IRCBOT-SM</a> WORM!
45453. Source=Paul Collins Startup list
45454.  
45455. [Msconfig lptt01]
45456. Number=6456
45457. Confirmed=X
45458. Filename=msconfig.exe
45459. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
45460. Source=Paul Collins Startup list
45461.  
45462. [MSConfig Manager]
45463. Number=6457
45464. Confirmed=X
45465. Filename=msupdate.exe
45466. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
45467. Source=Paul Collins Startup list
45468.  
45469. [Msconfig ml097e]
45470. Number=6458
45471. Confirmed=X
45472. Filename=msconfig.exe
45473. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Windows Msconfig which has the same executable name
45474. Source=Paul Collins Startup list
45475.  
45476. [msconfig service]
45477. Number=6459
45478. Confirmed=X
45479. Filename=MSupdate32.exe
45480. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
45481. Source=Paul Collins Startup list
45482.  
45483. [msconfig.exe]
45484. Number=6460
45485. Confirmed=X
45486. Filename=proxy.exe
45487. Description=Added by a variant of the AGENT.AH downloader TROJAN!
45488. Source=Paul Collins Startup list
45489.  
45490. [msconfig.exe]
45491. Number=6461
45492. Confirmed=X
45493. Filename=uline.exe
45494. Description=Added by a variant of the AGENT.AH downloader TROJAN!
45495. Source=Paul Collins Startup list
45496.  
45497. [msconfig38]
45498. Number=6462
45499. Confirmed=X
45500. Filename=mssvcc.exe
45501. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbjv.html" target=_blank>RBOT-BJV</a> WORM!
45502.  
45503. Source=Paul Collins Startup list
45504.  
45505. [MSConfig45]
45506. Number=6463
45507. Confirmed=X
45508. Filename=MSConfig45.exe
45509. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.OJ" target="_blank">SDBOT.OJ</a> TROJAN!
45510. Source=Paul Collins Startup list
45511.  
45512. [MSConfigr]
45513. Number=6464
45514. Confirmed=X
45515. Filename=jdbgmrg.exe
45516. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C" target="_blank">DASMIN.C</a> TROJAN! Note - this is not the valid JDBGMGR.EXE file - see <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99436" target="_blank">here</a>
45517. Source=Paul Collins Startup list
45518.  
45519. [MSConfigReminder]
45520. Number=6465
45521. Confirmed=N
45522. Filename=msconfig.exe
45523. Description=Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
45524. Source=Paul Collins Startup list
45525.  
45526. [MsConfigs]
45527. Number=6466
45528. Confirmed=X
45529. Filename=MsConfigs.exe
45530. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
45531. Source=Paul Collins Startup list
45532.  
45533. [MSControl28]
45534. Number=6467
45535. Confirmed=X
45536. Filename=crsss.exe
45537. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AJX&VSect=P" target=_blank>SPYBOT.AJX</a> WORM!
45538. Source=Paul Collins Startup list
45539.  
45540. [MSControl31]
45541. Number=6468
45542. Confirmed=X
45543. Filename=winnsyst.exe
45544. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CFY&VSect=P" target=_blank>RBOT.CFY</a> WORM!
45545. Source=Paul Collins Startup list
45546.  
45547. [MSControl3d1]
45548. Number=6469
45549. Confirmed=X
45550. Filename=isasse.exe
45551. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CGU&VSect=P" target=_blank>RBOT.CGU</a> WORM!
45552. Source=Paul Collins Startup list
45553.  
45554. [MSCORE]
45555. Number=6470
45556. Confirmed=X
45557. Filename=syscnfg.exe
45558. Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
45559. Source=Paul Collins Startup list
45560.  
45561. [Mscsgs]
45562. Number=6471
45563. Confirmed=X
45564. Filename=MSCSGS.EXE
45565. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5607-99" target="_blank">ZEZER</a> WORM!
45566. Source=Paul Collins Startup list
45567.  
45568. [Mscsgs32]
45569. Number=6472
45570. Confirmed=X
45571. Filename=MSCSGS32.EXE
45572. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5607-99" target="_blank">ZEZER</a> WORM!
45573. Source=Paul Collins Startup list
45574.  
45575. [mscsvc.exe]
45576. Number=6473
45577. Confirmed=X
45578. Filename=mscsvc.exe
45579. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/pwsteal.bancos.t.html" target= blank>BANCOS.T</a> TROJAN!
45580. Source=Paul Collins Startup list
45581.  
45582. [Msctrl32]
45583. Number=6474
45584. Confirmed=X
45585. Filename=Msctrl32.scr
45586. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051917-5210-99" target="_blank">REDIST</a> WORM!
45587. Source=Paul Collins Startup list
45588.  
45589. [MSCVT]
45590. Number=6475
45591. Confirmed=X
45592. Filename=MSCVT.exe
45593. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120414-4935-99" target="_blank">SLIDESHOW</a> WORM!
45594. Source=Paul Collins Startup list
45595.  
45596. [MSDcom]
45597. Number=6476
45598. Confirmed=X
45599. Filename=MSDcom.exe
45600. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
45601. Source=Paul Collins Startup list
45602.  
45603. [msdev]
45604. Number=6477
45605. Confirmed=X
45606. Filename=msdev.exe
45607. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcr.html" target=_blank>FORBOT-CR</a> WORM!
45608. Source=Paul Collins Startup list
45609.  
45610. [msdev]
45611. Number=6478
45612. Confirmed=X
45613. Filename=msconfig.exe
45614. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAU&VSect=T" target=_blank>AGOBOT.AAU</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/msconfig/" target=_blank>msconfig.exe</a> which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
45615. Source=Paul Collins Startup list
45616.  
45617. [msdirect.exe]
45618. Number=6479
45619. Confirmed=X
45620. Filename=msdirect.exe
45621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifl.html" target=_blank>CERTIF-L</a> TROJAN!
45622. Source=Paul Collins Startup list
45623.  
45624. [MSDLL]
45625. Number=6480
45626. Confirmed=X
45627. Filename=syscnfg.exe
45628. Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
45629. Source=Paul Collins Startup list
45630.  
45631. [Msdmxm]
45632. Number=6481
45633. Confirmed=X
45634. Filename=msdmxm.exe
45635. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
45636. Source=Paul Collins Startup list
45637.  
45638. [MSDN]
45639. Number=6482
45640. Confirmed=X
45641. Filename=nese.exe
45642. Description=Added by the SDBOT.AHY WORM!
45643. Source=Paul Collins Startup list
45644.  
45645. [MSDN for Windows NT & WinXP]
45646. Number=6483
45647. Confirmed=X
45648. Filename=msdnxp.exe
45649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotpe.html" target="_blank">IRCBOT-PE</a> WORM!
45650. Source=Paul Collins Startup list
45651.  
45652. [MSDN for Windows with NT's]
45653. Number=6484
45654. Confirmed=X
45655. Filename=msdn-nt.exe
45656. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotewd.html" target="_blank">RBOT-EWD</a> WORM!
45657. Source=Paul Collins Startup list
45658.  
45659. [MSDN HELP]
45660. Number=6485
45661. Confirmed=X
45662. Filename=msdn.exe
45663. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIB&VSect=P" target=_blank>AGOBOT.AIB</a> WORM!
45664. Source=Paul Collins Startup list
45665.  
45666. [MSDOS Security Service]
45667. Number=6486
45668. Confirmed=X
45669. Filename=msdos.pif
45670. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamp.html" target=_blank>RBOT-AMP</a> WORM!
45671. Source=Paul Collins Startup list
45672.  
45673. [MSDOS Service]
45674. Number=6487
45675. Confirmed=X
45676. Filename=MSDOS.PIF
45677. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiy.html" target=_blank>RBOT-AIY</a> WORM!
45678. Source=Paul Collins Startup list
45679.  
45680. [MSDOS Windows Service]
45681. Number=6488
45682. Confirmed=X
45683. Filename=MSDOS.PIF
45684. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakf.html" target=_blank>RBOT-AKF</a> WORM!
45685. Source=Paul Collins Startup list
45686.  
45687. [Msdos32]
45688. Number=6489
45689. Confirmed=X
45690. Filename=Msdos32.pif
45691. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-123122-0347-99" target="_blank">RECORY</a> WORM!
45692. Source=Paul Collins Startup list
45693.  
45694. [msdos423]
45695. Number=6490
45696. Confirmed=X
45697. Filename=msdos423.exe
45698. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A" target="_blank">MENACE.A</a> WORM!
45699. Source=Paul Collins Startup list
45700.  
45701. [MSDosdrv]
45702. Number=6491
45703. Confirmed=N
45704. Filename=msdosdrv.exe
45705. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101915-0010-99" target=_blank>BACROS</a> WORM!
45706. Source=Paul Collins Startup list
45707.  
45708. [MSDTC]
45709. Number=6492
45710. Confirmed=N
45711. Filename=msdtc.exe
45712. Description=MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
45713. Source=Paul Collins Startup list
45714.  
45715. [Msemu32]
45716. Number=6493
45717. Confirmed=X
45718. Filename=Msemu32.exe
45719. Description=Unidentified spyware/adware/hijacker
45720. Source=Paul Collins Startup list
45721.  
45722. [mservices.exe]
45723. Number=6494
45724. Confirmed=X
45725. Filename=mservices.exe
45726. Description=Added by the <a href="http://it.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.WJ" target=_blank>SDBOT.WJ</a> WORM!
45727. Source=Paul Collins Startup list
45728.  
45729. [Msfind]
45730. Number=6495
45731. Confirmed=X
45732. Filename=Msfind.exe
45733. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
45734. Source=Paul Collins Startup list
45735.  
45736. [MSFind32]
45737. Number=6496
45738. Confirmed=X
45739. Filename=msfind32.exe
45740. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121609-1754-99" target="_blank">CAYAM</a> WORM!
45741. Source=Paul Collins Startup list
45742.  
45743. [msfindosa.exe]
45744. Number=6497
45745. Confirmed=X
45746. Filename=msfindosa.exe
45747. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99960.htm" target="_blank">DOWNLOADER-BS</a> TROJAN!
45748. Source=Paul Collins Startup list
45749.  
45750. [MSFTP Service Config]
45751. Number=6498
45752. Confirmed=X
45753. Filename=r3grun.exe
45754. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
45755. Source=Paul Collins Startup list
45756.  
45757. [MSFWAVTSM]
45758. Number=6499
45759. Confirmed=X
45760. Filename=FTPDev.exe
45761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacf.html" target= blank>RBOT-ACF</a> WORM!
45762. Source=Paul Collins Startup list
45763.  
45764. [Msg Fixage]
45765. Number=6500
45766. Confirmed=X
45767. Filename=msgfixed.exe
45768. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
45769. Source=Paul Collins Startup list
45770.  
45771. [MsgApi]
45772. Number=6501
45773. Confirmed=X
45774. Filename=[path to file]
45775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target="_blank">DEDLER-D</a> TROJAN!
45776. Source=Paul Collins Startup list
45777.  
45778. [msgb1]
45779. Number=6502
45780. Confirmed=X
45781. Filename=msgb1.exe
45782. Description=Added by the DLUCA.GEN TROJAN!
45783. Source=Paul Collins Startup list
45784.  
45785. [MsgCenterExe]
45786. Number=6503
45787. Confirmed=N
45788. Filename=RealOneMessageCenter.exe
45789. Description=RealNetworks <a href="http://www.real.com/" target=_blank>RealPlayer</a> related - disabling this application will not affect Real Player in any way
45790. Source=Paul Collins Startup list
45791.  
45792. [msgex32]
45793. Number=6504
45794. Confirmed=X
45795. Filename=msgex32.exe
45796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32appfleta.html" target=_blank>APPFLET-A</a> WORM!
45797. Source=Paul Collins Startup list
45798.  
45799. [Msgmgr]
45800. Number=6505
45801. Confirmed=X
45802. Filename=[path to worm]
45803. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072314-3721-99" target="_blank">BABYBEAR</a> WORM!
45804. Source=Paul Collins Startup list
45805.  
45806. [msgserv_]
45807. Number=6506
45808. Confirmed=X
45809. Filename=Syss.exe
45810. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110517-3735-99" target=_blank>FANTA</a> TROJAN!
45811. Source=Paul Collins Startup list
45812.  
45813. [msgsm32]
45814. Number=6507
45815. Confirmed=X
45816. Filename=msgsm32.exe
45817. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasg.html" target=_blank>RBOT-ASG</a> WORM!
45818. Source=Paul Collins Startup list
45819.  
45820. [Msgsrv16]
45821. Number=6508
45822. Confirmed=X
45823. Filename=Msgsrv16.exe
45824. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
45825. Source=Paul Collins Startup list
45826.  
45827. [MSGSRV32.exe]
45828. Number=6509
45829. Confirmed=Y
45830. Filename=msgsrv32.exe
45831. Description=Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see <a href="http://support.microsoft.com/kb/q138708/" target="_blank">here</a>. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
45832. Source=Paul Collins Startup list
45833.  
45834. [Msgsvc32]
45835. Number=6510
45836. Confirmed=X
45837. Filename=[worm filename]
45838. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nauticala.html" target="_blank">NAUTICAL-A</a> TROJAN!
45839.  
45840. Source=Paul Collins Startup list
45841.  
45842. [MsgSvcMgr32]
45843. Number=6511
45844. Confirmed=X
45845. Filename=cmdzxdll.exe
45846. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaek.html" target=_blank>RBOT-AEK</a> WORM!
45847. Source=Paul Collins Startup list
45848.  
45849. [msgsvr32]
45850. Number=6512
45851. Confirmed=X
45852. Filename=msgsvr32.exe
45853. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021217-0427-99" target="_blank">DEADHAT.B</a> WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine
45854. Source=Paul Collins Startup list
45855.  
45856. [MSGTAG]
45857. Number=6513
45858. Confirmed=U
45859. Filename=MSGTAG.exe
45860. Description=<a href="http://www.msgtag.com/home/" target=_blank>MSGTAG</a> is an application that tells you when your emails have been received and opened
45861. Source=Paul Collins Startup list
45862.  
45863. [Msgtray]
45864. Number=6514
45865. Confirmed=X
45866. Filename=sys16.exe
45867. Description=Added by an unknown VIRUS!
45868. Source=Paul Collins Startup list
45869.  
45870. [Mshelp32]
45871. Number=6515
45872. Confirmed=X
45873. Filename=mshelp32.exe
45874. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
45875. Source=Paul Collins Startup list
45876.  
45877. [MSHT@]
45878. Number=6516
45879. Confirmed=X
45880. Filename=MSHT@.EXE
45881. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
45882. Source=Paul Collins Startup list
45883.  
45884. [mshtmll]
45885. Number=6517
45886. Confirmed=X
45887. Filename=mshtmll.dll
45888. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Delf.bas&threatid=90253" target="_blank">DELF.BAS</a> TROJAN!
45889. Source=Paul Collins Startup list
45890.  
45891. [msident]
45892. Number=6518
45893. Confirmed=X
45894. Filename=msident.exe
45895. Description=Unidentified adware or trojan
45896. Source=Paul Collins Startup list
45897.  
45898. [msidle]
45899. Number=6519
45900. Confirmed=X
45901. Filename=msidle.exe
45902. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opaservo.html" target="_blank">OPASERV-O</a> WORM!
45903. Source=Paul Collins Startup list
45904.  
45905. [MsIdle32.exe]
45906. Number=6520
45907. Confirmed=X
45908. Filename=MsIdle32.exe
45909. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040711-2720-99" target=_blank>VERIFY</a> TROJAN!
45910. Source=Paul Collins Startup list
45911.  
45912. [MSIdll]
45913. Number=6521
45914. Confirmed=X
45915. Filename=winmp.exe
45916. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
45917. Source=Paul Collins Startup list
45918.  
45919. [MSIE Parsers]
45920. Number=6522
45921. Confirmed=X
45922. Filename=MSIE32ab.exe
45923. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MV" target="_blank">SDBOT.MV</a> WORM!
45924. Source=Paul Collins Startup list
45925.  
45926. [msiew]
45927. Number=6523
45928. Confirmed=X
45929. Filename=mseiw.exe
45930. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033001-2340-99" target=_blank>LITTLOG</a> TROJAN!
45931. Source=Paul Collins Startup list
45932.  
45933. [MSIEXEC]
45934. Number=6524
45935. Confirmed=X
45936. Filename=MSIEXEC32.exe
45937. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062520-3058-99" target="_blank">AINESEY.A</a> WORM!
45938. Source=Paul Collins Startup list
45939.  
45940. [MSIEXEC]
45941. Number=6525
45942. Confirmed=X
45943. Filename=MSIEXEC.EXE
45944. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsyosenioa.html" target=_blank>YOSENIO-A</a> VIRUS!
45945. Source=Paul Collins Startup list
45946.  
45947. [msiexecs.exe]
45948. Number=6526
45949. Confirmed=X
45950. Filename=msiexecs.exe
45951. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
45952. Source=Paul Collins Startup list
45953.  
45954. [MSIMN32]
45955. Number=6527
45956. Confirmed=X
45957. Filename=MSIMN32.EXE
45958. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
45959. Source=Paul Collins Startup list
45960.  
45961. [MSIN]
45962. Number=6528
45963. Confirmed=?
45964. Filename=MSin.exe
45965. Description=<font color="#FF0000">??</font>
45966. Source=Paul Collins Startup list
45967.  
45968. [Msinet]
45969. Number=6529
45970. Confirmed=X
45971. Filename=Msinet.exe
45972. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoa.html" target=_blank>RBOT-AOA</a> WORM!
45973. Source=Paul Collins Startup list
45974.  
45975. [MSInfo]
45976. Number=6530
45977. Confirmed=X
45978. Filename=msinfo.exe
45979. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022515-4233-99" target="_blank">ALADINZ.M</a> TROJAN!
45980. Source=Paul Collins Startup list
45981.  
45982. [MSInfo]
45983. Number=6531
45984. Confirmed=X
45985. Filename=AVBgle.exe
45986. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031709-3728-99" target="_blank">NETSKY.O</a> WORM!
45987. Source=Paul Collins Startup list
45988.  
45989. [MSInstall]
45990. Number=6532
45991. Confirmed=X
45992. Filename=smvss.exe
45993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
45994. Source=Paul Collins Startup list
45995.  
45996. [msjava service]
45997. Number=6533
45998. Confirmed=X
45999. Filename=xpcd.exe
46000. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VM" target="_blank">SDBOT.VM</a> WORM!
46001. Source=Paul Collins Startup list
46002.  
46003. [MSKAGENTEXE]
46004. Number=6534
46005. Confirmed=U
46006. Filename=MskAgent.exe
46007. Description=McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
46008. Source=Paul Collins Startup list
46009.  
46010. [MSKCES32]
46011. Number=6535
46012. Confirmed=X
46013. Filename=[random filename]
46014. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022010-0405-99" target="_blank">CLONER</a> TROJAN!
46015. Source=Paul Collins Startup list
46016.  
46017. [MSKDetectorExe]
46018. Number=6536
46019. Confirmed=U
46020. Filename=MSKDetct.exe
46021. Description=Part of McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
46022. Source=Paul Collins Startup list
46023.  
46024. [MSKernel32]
46025. Number=6537
46026. Confirmed=X
46027. Filename=MSKernel32.vbs
46028. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
46029. Source=Paul Collins Startup list
46030.  
46031. [MSkernel32]
46032. Number=6538
46033. Confirmed=X
46034. Filename=System.exe 4820
46035. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/backdoor.tuxder.html" target="_blank">TUXDER</a> TROJAN!
46036. Source=Paul Collins Startup list
46037.  
46038. [MSKExe]
46039. Number=6539
46040. Confirmed=U
46041. Filename=spamkiller.exe
46042. Description=McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
46043. Source=Paul Collins Startup list
46044.  
46045. [mskj]
46046. Number=6540
46047. Confirmed=X
46048. Filename=mskj.exe
46049. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031217-2631-99" target=_blank>KAEMON</a> TROJAN!
46050. Source=Paul Collins Startup list
46051.  
46052. [MSKServerExe]
46053. Number=6541
46054. Confirmed=U
46055. Filename=MSKSrvr.exe
46056. Description=Part of McAfee <a href="http://www.mcafeestore.com/dr/sat4/ec_MAIN.Entry10?SP=10023&PN=1&xid=39695&V1=749687&CUR=826&DSP=&PGRP=0&ABCODE=&CACHE_ID=0" target="_blank">Spamkiller</a>
46057. Source=Paul Collins Startup list
46058.  
46059. [mslagent]
46060. Number=6542
46061. Confirmed=X
46062. Filename=mslagent.exe
46063. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwintrimf.html" target=_blank>WINTRIM-F</a> TROJAN!
46064. Source=Paul Collins Startup list
46065.  
46066. [MSLARISSA]
46067. Number=6543
46068. Confirmed=X
46069. Filename=MSLARISSA.pif
46070. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target=_blank>ASSIRAL.B</a> WORM!
46071. Source=Paul Collins Startup list
46072.  
46073. [MSLIB32]
46074. Number=6544
46075. Confirmed=?
46076. Filename=mswatch32.exe
46077. Description=<font color="#FF0000">??</font>
46078. Source=Paul Collins Startup list
46079.  
46080. [MSLog]
46081. Number=6545
46082. Confirmed=X
46083. Filename=MicrosoftLog.exe
46084. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
46085. Source=Paul Collins Startup list
46086.  
46087. [Mslogon lptt01]
46088. Number=6546
46089. Confirmed=X
46090. Filename=mslogon.exe
46091. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
46092. Source=Paul Collins Startup list
46093.  
46094. [Mslogon ml097e]
46095. Number=6547
46096. Confirmed=X
46097. Filename=mslogon.exe
46098. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Mslogon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
46099. Source=Paul Collins Startup list
46100.  
46101. [MsManager]
46102. Number=6548
46103. Confirmed=X
46104. Filename=msmgr32.exe
46105. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111215-5603-99" target="_blank">YAHA.AF</a> WORM!
46106. Source=Paul Collins Startup list
46107.  
46108. [msmanager32]
46109. Number=6549
46110. Confirmed=X
46111. Filename=msmngr32.exe
46112. Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/w32randonr.html" target="_blank">RANDON-R</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank">WOMANIZ.A</a>) WORM!
46113. Source=Paul Collins Startup list
46114.  
46115. [msmautoprotect]
46116. Number=6550
46117. Confirmed=X
46118. Filename=msmssgs.exe
46119. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseaj.html" target= blank>BIFROSE-AJ</a> TROJAN!
46120. Source=Paul Collins Startup list
46121.  
46122. [msmc]
46123. Number=6551
46124. Confirmed=X
46125. Filename=mscpbo.exe
46126. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
46127. Source=Paul Collins Startup list
46128.  
46129. [msmc]
46130. Number=6552
46131. Confirmed=X
46132. Filename=msgdmf.exe
46133. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
46134. Source=Paul Collins Startup list
46135.  
46136. [msmc]
46137. Number=6553
46138. Confirmed=X
46139. Filename=msongn.exe
46140. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
46141. Source=Paul Collins Startup list
46142.  
46143. [msmc]
46144. Number=6554
46145. Confirmed=X
46146. Filename=msmc.exe
46147. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
46148. Source=Paul Collins Startup list
46149.  
46150. [msmc]
46151. Number=6555
46152. Confirmed=X
46153. Filename=ms****.exe [* = random char]
46154. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
46155. Source=Paul Collins Startup list
46156.  
46157. [MSMcAfeee]
46158. Number=6556
46159. Confirmed=X
46160. Filename=Avsynmgr32e.exe
46161. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120314-1133-99" target="_blank">FRAMAR</a> TROJAN!
46162. Source=Paul Collins Startup list
46163.  
46164. [MSMcAfeeh]
46165. Number=6557
46166. Confirmed=X
46167. Filename=Avsynmgr32h.exe
46168. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101816-5050-99" target="_blank">FRANGO</a> TROJAN!
46169. Source=Paul Collins Startup list
46170.  
46171. [MSMcAfeeS]
46172. Number=6558
46173. Confirmed=X
46174. Filename=Avsynmgr32S.exe
46175. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121108-2958-99" target="_blank">VOLAC</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121107-2003-99" target="_blank">VOLAC.DR</a> TROJANS!
46176. Source=Paul Collins Startup list
46177.  
46178. [MSMessnger]
46179. Number=6559
46180. Confirmed=X
46181. Filename=msnupd.exe
46182. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotady.html" target=_blank>RBOT-ADY</a> WORM!
46183. Source=Paul Collins Startup list
46184.  
46185. [msmgr]
46186. Number=6560
46187. Confirmed=?
46188. Filename=msmgr.exe
46189. Description=<font color="#FF0000">??</font>
46190. Source=Paul Collins Startup list
46191.  
46192. [msMGR]
46193. Number=6561
46194. Confirmed=X
46195. Filename=rtkmsg.exe
46196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbpy.html" target=_blank>SDBOT-BPY</a> WORM!
46197. Source=Paul Collins Startup list
46198.  
46199. [Msmgt]
46200. Number=6562
46201. Confirmed=X
46202. Filename=msmgt.exe
46203. Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> adware/hijacker
46204. Source=Paul Collins Startup list
46205.  
46206. [MSMNTGNT]
46207. Number=6563
46208. Confirmed=X
46209. Filename=MSMNTGNT.EXE
46210. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerie.html" target=_blank>BANKER-IE</a> TROJAN!
46211. Source=Paul Collins Startup list
46212.  
46213. [MSMNTJBE]
46214. Number=6564
46215. Confirmed=X
46216. Filename=MSMNTJBE.EXE
46217. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosef.html" target=_blank>Bancos-EF</a> TROJAN!
46218. Source=Paul Collins Startup list
46219.  
46220. [MSMNTJNG]
46221. Number=6565
46222. Confirmed=X
46223. Filename=MSMNTJNG.EXE
46224. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberg.html" target=_blank>GRABER-G</a> TROJAN!
46225. Source=Paul Collins Startup list
46226.  
46227. [MSMNTMTS]
46228. Number=6566
46229. Confirmed=X
46230. Filename=MSMNTMTS.EXE
46231. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergz.html" target=_blank>BANKER-GZ</a> TROJAN!
46232. Source=Paul Collins Startup list
46233.  
46234. [msmon]
46235. Number=6567
46236. Confirmed=X
46237. Filename=msmon.exe
46238. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
46239. Source=Paul Collins Startup list
46240.  
46241. [MsMovies]
46242. Number=6568
46243. Confirmed=X
46244. Filename=MsMovies.exe
46245. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.WinAD.h
46246. Source=Paul Collins Startup list
46247.  
46248. [MsmqIntCert]
46249. Number=6569
46250. Confirmed=?
46251. Filename=regsvr32 /s mqrt.dll
46252. Description=Microsoft Message Queue Server - Internal Certificate - see <a href="http://www.microsoft.com/windowsserver2003/technologies/msmq/default.mspx" target="_blank">here</a> for more info and <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;230050" target="_blank">here</a> for a potential problem.<font color="#FF0000"> Is it required?</font>
46253. Source=Paul Collins Startup list
46254.  
46255. [MSMSGNER]
46256. Number=6570
46257. Confirmed=X
46258. Filename=[4-8 random letters].exe
46259. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfowldogen.html" target="_blank">FOWLDO-GEN</a> TROJAN!
46260. Source=Paul Collins Startup list
46261.  
46262. [msmsgr]
46263. Number=6571
46264. Confirmed=X
46265. Filename=msmsgss.exe
46266. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as RBOT.AJJ
46267. Source=Paul Collins Startup list
46268.  
46269. [MSMSGS]
46270. Number=6572
46271. Confirmed=U
46272. Filename=msmsgs.exe
46273. Description=<a href="http://www.microsoft.com/windowsxp/windowsmessenger/default.asp"_blank">Windows Messenger</a> utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
46274. Source=Paul Collins Startup list
46275.  
46276. [MSMsgs]
46277. Number=6573
46278. Confirmed=X
46279. Filename=msmessgs.exe
46280. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallew.html" target=_blank>SMALL-EW</a> TROJAN!
46281. Source=Paul Collins Startup list
46282.  
46283. [MsMsgSrv]
46284. Number=6574
46285. Confirmed=X
46286. Filename=msmsgsrv.exe
46287. Description=Added by the <a href="http://vil.nai.com/vil/content/v_132938.htm" target= blank>CQO</a> TROJAN!
46288. Source=Paul Collins Startup list
46289.  
46290. [MSMsgSvc]
46291. Number=6575
46292. Confirmed=X
46293. Filename=MSMSGSVC.exe
46294. Description=Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN!
46295.  
46296. Source=Paul Collins Startup list
46297.  
46298. [msmsngr]
46299. Number=6576
46300. Confirmed=X
46301. Filename=msmsngr.exe
46302. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dopbotb.html" target=_blank>DOPBOT-B</a> WORM!
46303. Source=Paul Collins Startup list
46304.  
46305. [msn]
46306. Number=6577
46307. Confirmed=X
46308. Filename=system32.exe
46309. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KITRO.A" target="_blank"> KITRO.A</a> WORM!
46310. Source=Paul Collins Startup list
46311.  
46312. [msn]
46313. Number=6578
46314. Confirmed=X
46315. Filename=msnmsg.exe
46316. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgo.html" target="_blank">RBOT-GO</a> WORM!
46317. Source=Paul Collins Startup list
46318.  
46319. [MSN]
46320. Number=6579
46321. Confirmed=X
46322. Filename=msnmsgs.exe
46323. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkl.html" target="_blank">RBOT-KL</a> WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
46324. Source=Paul Collins Startup list
46325.  
46326. [MSN]
46327. Number=6580
46328. Confirmed=X
46329. Filename=ctfmoons.exe
46330. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.HI" target="_blank">SPYBOT.HI</a> WORM!
46331. Source=Paul Collins Startup list
46332.  
46333. [MSN]
46334. Number=6581
46335. Confirmed=X
46336. Filename=msnmesengers.exe
46337. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotme.html" target=_blank>RBOT-ME</a> WORM!
46338. Source=Paul Collins Startup list
46339.  
46340. [MSN]
46341. Number=6582
46342. Confirmed=X
46343. Filename=MSN.exe
46344. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010722-5132-99" target=_blank>MINIT</a> WORM!
46345. Source=Paul Collins Startup list
46346.  
46347. [MSN]
46348. Number=6583
46349. Confirmed=X
46350. Filename=msnmsgr.exe
46351. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022614-4627-99" target=_blank>MYTOB</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022810-1111-99" target=_blank>MYTOB.B</a> WORMS! Note - this is not the valid MSN Messenger (now <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility
46352. Source=Paul Collins Startup list
46353.  
46354. [msn]
46355. Number=6584
46356. Confirmed=X
46357. Filename=msnsvc.exe
46358. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
46359. Source=Paul Collins Startup list
46360.  
46361. [MSN]
46362. Number=6585
46363. Confirmed=X
46364. Filename=msn16.exe
46365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvn.html" target= blank>SDBOT-VN</a> WORM!
46366. Source=Paul Collins Startup list
46367.  
46368. [MSN]
46369. Number=6586
46370. Confirmed=X
46371. Filename=msnsgr.exe
46372. Description=Added by an unidentified WORM or TROJAN!
46373. Source=Paul Collins Startup list
46374.  
46375. [MSN 9.0 Plus]
46376. Number=6587
46377. Confirmed=X
46378. Filename=[random letters].exe
46379. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaly.html" target=_blank>RBOT-ALY</a> WORM!
46380. Source=Paul Collins Startup list
46381.  
46382. [MSN Administration For Windows]
46383. Number=6588
46384. Confirmed=X
46385. Filename=msnadp32.exe
46386. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.W&VSect=P" target=_blank>BROPIA.W</a> WORM!
46387. Source=Paul Collins Startup list
46388.  
46389. [MSN ang]
46390. Number=6589
46391. Confirmed=X
46392. Filename=cssrss.exe
46393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotce.html" target=_blank>FORBOT-CE</a> WORM!
46394.  
46395. Source=Paul Collins Startup list
46396.  
46397. [MSN BETA]
46398. Number=6590
46399. Confirmed=X
46400. Filename=service.exe
46401. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUU&VSect=P" target=_blank>RBOT.AUU</a> WORM!
46402. Source=Paul Collins Startup list
46403.  
46404. [MSN Checker]
46405. Number=6591
46406. Confirmed=X
46407. Filename=msnchecker.exe
46408. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotagb.html" target="_blank">SDBOT-AGB</a> WORM!
46409. Source=Paul Collins Startup list
46410.  
46411. [Msn Config]
46412. Number=6592
46413. Confirmed=X
46414. Filename=msngf.exe
46415. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqg.html" target=_blank>RBOT-QG</a> WORM!
46416. Source=Paul Collins Startup list
46417.  
46418. [Msn Configuration Loader]
46419. Number=6593
46420. Confirmed=X
46421. Filename=msngms.exe
46422. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-0115-99" target=_blank>KELVIR.T</a> WORM!
46423. Source=Paul Collins Startup list
46424.  
46425. [MSN Explorer]
46426. Number=6594
46427. Confirmed=X
46428. Filename=msnexplorer.exe
46429. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcax.html" target="_blank">AGENT-CAX</a> TROJAN!
46430. Source=Paul Collins Startup list
46431.  
46432. [MSN Explorer]
46433. Number=6595
46434. Confirmed=X
46435. Filename=explorer..exe
46436. Description=Dropper for the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcb.html" target="_blank">Ciadoor.cb</a> TROJAN!
46437. Source=Paul Collins Startup list
46438.  
46439. [MSN Funny Images]
46440. Number=6596
46441. Confirmed=X
46442. Filename=imsngsr.exe
46443. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottt.html" target=_blank>AGOBOT-TT</a> WORM!
46444. Source=Paul Collins Startup list
46445.  
46446. [MSN Internet Access]
46447. Number=6597
46448. Confirmed=N
46449. Filename=trayclnt.exe
46450. Description=Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards
46451. Source=Paul Collins Startup list
46452.  
46453. [MSN Manager]
46454. Number=6598
46455. Confirmed=X
46456. Filename=cvss.exe
46457. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
46458. Source=Paul Collins Startup list
46459.  
46460. [MSN Manager]
46461. Number=6599
46462. Confirmed=X
46463. Filename=mscmgr.exe
46464. Description=Unidentified malware - causes multiple browser windows to open
46465. Source=Paul Collins Startup list
46466.  
46467. [MSN Message Background loader]
46468. Number=6600
46469. Confirmed=X
46470. Filename=msnmesg.exe
46471. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46472. Source=Paul Collins Startup list
46473.  
46474. [MSN Messages]
46475. Number=6601
46476. Confirmed=X
46477. Filename=msnmesg.exe
46478. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacn.html" target=_blank>RBOT-ACN</a> WORM!
46479. Source=Paul Collins Startup list
46480.  
46481. [MSN Messanger]
46482. Number=6602
46483. Confirmed=X
46484. Filename=msnmsng.exe
46485. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XN" target="_blank">SDBOT.XN</a> WORM!
46486. Source=Paul Collins Startup list
46487.  
46488. [MSN messanger]
46489. Number=6603
46490. Confirmed=X
46491. Filename=msnmsgsm.exe
46492. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmp.html" target="_blank">RBOT-FMP</a> WORM!
46493. Source=Paul Collins Startup list
46494.  
46495. [MSN Messanger]
46496. Number=6604
46497. Confirmed=X
46498. Filename=msnmsgsmn.exe
46499. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfoq.html" target="_blank">RBOT-FOQ</a> WORM!
46500. Source=Paul Collins Startup list
46501.  
46502. [Msn Messeng]
46503. Number=6605
46504. Confirmed=X
46505. Filename=windns.exe
46506. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46507. Source=Paul Collins Startup list
46508.  
46509. [Msn Messenge]
46510. Number=6606
46511. Confirmed=X
46512. Filename=IExplorer.exe
46513. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfll.html" target=_blank>DELF-LL</a> TROJAN!
46514. Source=Paul Collins Startup list
46515.  
46516. [MSN messenger]
46517. Number=6607
46518. Confirmed=X
46519. Filename=messenger.exe
46520. Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger
46521. Source=Paul Collins Startup list
46522.  
46523. [Msn Messenger]
46524. Number=6608
46525. Confirmed=X
46526. Filename=msnmsgs.exe
46527. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyp.html" target=_blank>LOONY-P</a> TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
46528. Source=Paul Collins Startup list
46529.  
46530. [MSN Messenger]
46531. Number=6609
46532. Confirmed=X
46533. Filename=Reosmsngr.exe
46534. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
46535. Source=Paul Collins Startup list
46536.  
46537. [MSN MESSENGER]
46538. Number=6610
46539. Confirmed=X
46540. Filename=msmmsgr.exe
46541. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041213-2840-99" target=_blank>KELVIR.Q</a> WORM!
46542. Source=Paul Collins Startup list
46543.  
46544. [MSN Messenger]
46545. Number=6611
46546. Confirmed=X
46547. Filename=msmsgs.exe
46548. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderln.html" target=_blank>DLOADER-LN</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojzlobc.html" target=_blank>ZLOB-C</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojzlobdropc.html" target=_blank>ZLOBDROP-C</a> TROJANS! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
46549. Source=Paul Collins Startup list
46550.  
46551. [MSN Messenger]
46552. Number=6612
46553. Confirmed=X
46554. Filename=msnmsgr.exe
46555. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_AGOBOT.AOQ" target=_blank>AGOBOT.AOQ</a> WORM! Note - this is not the valid MSN Messenger utility
46556. Source=Paul Collins Startup list
46557.  
46558. [MSN Messenger]
46559. Number=6613
46560. Confirmed=X
46561. Filename=msmsgs.exe
46562. Description=Added by the <a href="http://www.symantec.com/region/jp/avcenter/venc/data/jp-trojan.zhopa.html" target= blank>ZHOPA</a> TROJAN! Note -  this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
46563. Source=Paul Collins Startup list
46564.  
46565. [MSN Messenger]
46566. Number=6614
46567. Confirmed=X
46568. Filename=msnmsngr.exe
46569. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
46570. Source=Paul Collins Startup list
46571.  
46572. [MSN Messenger]
46573. Number=6615
46574. Confirmed=X
46575. Filename=IExplorer.exe
46576. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereu.html" target=_blank>BANKER-EU</a> TROJAN!
46577. Source=Paul Collins Startup list
46578.  
46579. [Msn Messenger]
46580. Number=6616
46581. Confirmed=X
46582. Filename=msnmsnr.exe
46583. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergg.html" target=_blank>BANKER-GG</a> TROJAN!
46584. Source=Paul Collins Startup list
46585.  
46586. [MSN Messenger]
46587. Number=6617
46588. Confirmed=X
46589. Filename=PIC1324.exe
46590. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99184.htm" target=_blank>CHOKE.C</a> WORM!
46591. Source=Paul Collins Startup list
46592.  
46593. [MSN Messenger]
46594. Number=6618
46595. Confirmed=X
46596. Filename=explorer..exe
46597. Description=Dropper for the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcb.html" target="_blank">Ciadoor.cb</a> TROJAN!
46598. Source=Paul Collins Startup list
46599.  
46600. [MSN Messenger 32]
46601. Number=6619
46602. Confirmed=X
46603. Filename=msniu.exe
46604. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawb.html" target=_blank>RBOT-AWB</a> WORM!
46605. Source=Paul Collins Startup list
46606.  
46607. [MSN Messenger 323]
46608. Number=6620
46609. Confirmed=X
46610. Filename=msniu3.exe
46611. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxb.html" target=_blank>RBOT-AXB</a> WORM!
46612. Source=Paul Collins Startup list
46613.  
46614. [MSN Messenger 6.2]
46615. Number=6621
46616. Confirmed=X
46617. Filename=tyd.exe
46618. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46619. Source=Paul Collins Startup list
46620.  
46621. [MSN MESSENGER 9.0]
46622. Number=6622
46623. Confirmed=X
46624. Filename=messengerr.exe
46625. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
46626. Source=Paul Collins Startup list
46627.  
46628. [MSN messenger service]
46629. Number=6623
46630. Confirmed=X
46631. Filename=mssgs.exe
46632. Description=Added by an unidentified TROJAN! Note - this is not the real MSN Messenger
46633. Source=Paul Collins Startup list
46634.  
46635. [MSN Messenger Service Starter]
46636. Number=6624
46637. Confirmed=X
46638. Filename=msnmgsr.exe
46639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaos.html" target=_blank>RBOT-AOS</a> WORM!
46640. Source=Paul Collins Startup list
46641.  
46642. [Msn Messenger Update]
46643. Number=6625
46644. Confirmed=X
46645. Filename=msnupdate.exe
46646. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
46647. Source=Paul Collins Startup list
46648.  
46649. [MSN Messenger User Controls]
46650. Number=6626
46651. Confirmed=X
46652. Filename=msmsgr.exe
46653. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082416-5051-99" target=_blank>KELVIR.HI</a> WORM!
46654. Source=Paul Collins Startup list
46655.  
46656. [Msn Messengers]
46657. Number=6627
46658. Confirmed=X
46659. Filename=MSNMSGR.EXE
46660. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T" target="_blank">RBOT.KX</a> WORM!
46661. Source=Paul Collins Startup list
46662.  
46663. [MSN MMISSENGER]
46664. Number=6628
46665. Confirmed=X
46666. Filename=mssmmspgr.exe
46667. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042217-0207-99" target=_blank>KELVIR.AJ</a> WORM!
46668. Source=Paul Collins Startup list
46669.  
46670. [Msn Patch]
46671. Number=6629
46672. Confirmed=X
46673. Filename=msndp.exe
46674. Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI" target=_blank>RBOT.AAI</a> WORM!
46675. Source=Paul Collins Startup list
46676.  
46677. [Msn Patches]
46678. Number=6630
46679. Confirmed=X
46680. Filename=msndr.exe
46681. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
46682. Source=Paul Collins Startup list
46683.  
46684. [Msn Plus Updater]
46685. Number=6631
46686. Confirmed=X
46687. Filename=msnplus.exe
46688. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmu.html" target=_blank>RBOT-MU</a> WORM!
46689. Source=Paul Collins Startup list
46690.  
46691. [Msn Processe Manager]
46692. Number=6632
46693. Confirmed=X
46694. Filename=msni32.exe
46695. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadx.html" target=_blank>RBOT-ADX</a> WORM!
46696. Source=Paul Collins Startup list
46697.  
46698. [MSN Quick View]
46699. Number=6633
46700. Confirmed=N
46701. Filename=Msndc.exe
46702. Description=Quick way to connect to MSN internet service
46703. Source=Paul Collins Startup list
46704.  
46705. [MSN Registry loader]
46706. Number=6634
46707. Confirmed=X
46708. Filename=msmnwin.exe
46709. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071517-0520-99" target=_blank>KELVIR.FK</a> WORM!
46710. Source=Paul Collins Startup list
46711.  
46712. [MSN service]
46713. Number=6635
46714. Confirmed=X
46715. Filename=msnmgr16.exe
46716. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46717. Source=Paul Collins Startup list
46718.  
46719. [MSN Service]
46720. Number=6636
46721. Confirmed=X
46722. Filename=amsnmsgrs.exe
46723. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
46724. Source=Paul Collins Startup list
46725.  
46726. [Msn Service]
46727. Number=6637
46728. Confirmed=X
46729. Filename=matrixcam.exe
46730. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JH&VSect=T" target=_blank>MYTOB.JH</a> WORM!
46731. Source=Paul Collins Startup list
46732.  
46733. [Msn Service]
46734. Number=6638
46735. Confirmed=X
46736. Filename=raloded.exe
46737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdy.html" target=_blank>MYTOB-DY</a> WORM!
46738. Source=Paul Collins Startup list
46739.  
46740. [MSN service]
46741. Number=6639
46742. Confirmed=X
46743. Filename=msnmsgr16.exe
46744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrz.html" target=_blank>RBOT-RZ</a> WORM!
46745. Source=Paul Collins Startup list
46746.  
46747. [MSN service]
46748. Number=6640
46749. Confirmed=X
46750. Filename=NTDKRN.EXE
46751. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UJ" target="_blank">RBOT.UJ</a> WORM!
46752. Source=Paul Collins Startup list
46753.  
46754. [MSN Service Updates]
46755. Number=6641
46756. Confirmed=X
46757. Filename=winproc.exe
46758. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbb.html" target=_blank>KELVIR-BB</a> WORM!
46759. Source=Paul Collins Startup list
46760.  
46761. [MSN Service Utilities]
46762. Number=6642
46763. Confirmed=X
46764. Filename=nkn.exe
46765. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kelvirbc.html" target=_blank>KELVIR-BC</a> WORM!
46766. Source=Paul Collins Startup list
46767.  
46768. [MSN Start]
46769. Number=6643
46770. Confirmed=X
46771. Filename=msnmsgr7.exe
46772. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotph.html" target=_blank>RBOT-PH</a> WORM!
46773.  
46774. Source=Paul Collins Startup list
46775.  
46776. [MSN Update]
46777. Number=6644
46778. Confirmed=X
46779. Filename=mscon.exe
46780. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqa.html" target=_blank>RBOT-QA</a> WORM!
46781. Source=Paul Collins Startup list
46782.  
46783. [MSN Update]
46784. Number=6645
46785. Confirmed=X
46786. Filename=msn32.exe
46787. Description=Added by the <a href="http://origin.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AHN&VSect=Sn" target=_blank>RBOT.AHN</a> WORM!
46788. Source=Paul Collins Startup list
46789.  
46790. [MSN Update]
46791. Number=6646
46792. Confirmed=X
46793. Filename=DLLCON.EXE
46794. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotea.html" target=_blank>RBOT-EA</a> WORM!
46795.  
46796. Source=Paul Collins Startup list
46797.  
46798. [Msn Update Manager (Sp2)]
46799. Number=6647
46800. Confirmed=X
46801. Filename=MSMSGS.EXE
46802. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnl.html" target=_blank>AGOBOT-NL</a> WORM!
46803.  
46804. Source=Paul Collins Startup list
46805.  
46806. [Msn Update Service]
46807. Number=6648
46808. Confirmed=X
46809. Filename=userx.exe
46810. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082510-2930-99" target=_blank>MYTOB.JF</a> WORM!
46811. Source=Paul Collins Startup list
46812.  
46813. [MSN Updater]
46814. Number=6649
46815. Confirmed=X
46816. Filename=msnms.exe
46817. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcg.html" target=_blank>FORBOT-CG</a> WORM!
46818.  
46819. Source=Paul Collins Startup list
46820.  
46821. [Msn Updater]
46822. Number=6650
46823. Confirmed=X
46824. Filename=msnplugins.exe
46825. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboths.html" target=_blank>RBOT-HS</a> WORM!
46826. Source=Paul Collins Startup list
46827.  
46828. [Msn Updater]
46829. Number=6651
46830. Confirmed=X
46831. Filename=windatemanager.exe
46832. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TS" target="_blank">SDBOT.TS</a> WORM!
46833. Source=Paul Collins Startup list
46834.  
46835. [MSN UPDATERS]
46836. Number=6652
46837. Confirmed=X
46838. Filename=virtualmemory.exe
46839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjk.html" target="_blank">RBOT-JK</a> WORM!
46840. Source=Paul Collins Startup list
46841.  
46842. [msn.exe]
46843. Number=6653
46844. Confirmed=X
46845. Filename=son.exe
46846. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpags.html" target=_blank>STARTPA-GS</a> TROJAN!
46847. Source=Paul Collins Startup list
46848.  
46849. [MSN32 X Service]
46850. Number=6654
46851. Confirmed=X
46852. Filename=MSN32x.EXE
46853. Description=Added by an unidentified WORM!
46854. Source=Paul Collins Startup list
46855.  
46856. [MSN8m Startup]
46857. Number=6655
46858. Confirmed=X
46859. Filename=msn8m.exe
46860. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46861. Source=Paul Collins Startup list
46862.  
46863. [msnager32]
46864. Number=6656
46865. Confirmed=X
46866. Filename=svchostt.exe
46867. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.E&VSect=P" target=_blank>WOMANIZ.E</a> TROJAN!
46868. Source=Paul Collins Startup list
46869.  
46870. [msnappau]
46871. Number=6657
46872. Confirmed=N
46873. Filename=msnappau.exe
46874. Description=Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar
46875. Source=Paul Collins Startup list
46876.  
46877. [Msnarrator]
46878. Number=6658
46879. Confirmed=X
46880. Filename=msnarrator.exe
46881. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A" target="_blank">NARAT.A</a> TROJAN! - also identified as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010214-1222-99" target="_blank">MPGCOM Toolbar</a> adware
46882. Source=Paul Collins Startup list
46883.  
46884. [MSNavWH]
46885. Number=6659
46886. Confirmed=X
46887. Filename=MSWkwrH.exe
46888. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anava.html" target= blank>ANAV-A</a> WORM!
46889. Source=Paul Collins Startup list
46890.  
46891. [msndrvsys]
46892. Number=6660
46893. Confirmed=X
46894. Filename=msndrvsys.exe
46895. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerd.html" target=_blank>BROGGER-D</a> TROJAN!
46896. Source=Paul Collins Startup list
46897.  
46898. [MSNET]
46899. Number=6661
46900. Confirmed=X
46901. Filename=msnet.exe
46902. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050113-3507-99" target="_blank">BOA</a> WORM!
46903. Source=Paul Collins Startup list
46904.  
46905. [MsnExplorer]
46906. Number=6662
46907. Confirmed=X
46908. Filename=winagent.exe
46909. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreq.html" target=_blank>EQ</a> TROJAN!
46910. Source=Paul Collins Startup list
46911.  
46912. [MsnExplorer]
46913. Number=6663
46914. Confirmed=X
46915. Filename=MSEXPLOREN.EXE
46916. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
46917. Source=Paul Collins Startup list
46918.  
46919. [MsnExplorer]
46920. Number=6664
46921. Confirmed=X
46922. Filename=SHCH.EXE
46923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
46924. Source=Paul Collins Startup list
46925.  
46926. [MsnExplorer]
46927. Number=6665
46928. Confirmed=X
46929. Filename=SVCHST.EXE
46930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
46931. Source=Paul Collins Startup list
46932.  
46933. [MsnExplorer]
46934. Number=6666
46935. Confirmed=X
46936. Filename=msnexploren.exe
46937. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
46938. Source=Paul Collins Startup list
46939.  
46940. [MsnExplorer]
46941. Number=6667
46942. Confirmed=X
46943. Filename=sdhch.exe
46944. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
46945. Source=Paul Collins Startup list
46946.  
46947. [MsnFixer]
46948. Number=6668
46949. Confirmed=?
46950. Filename=msnfixjs.js
46951. Description=<font color="#FF0000">Located in the HPbinmsnfix directory of a HP PC</font>
46952. Source=Paul Collins Startup list
46953.  
46954. [MSNGrabber]
46955. Number=6669
46956. Confirmed=X
46957. Filename=MSNgrabber.exe
46958. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111312-2642-99" target=_blank>ENVID.A</a> WORM!
46959. Source=Paul Collins Startup list
46960.  
46961. [msngta32]
46962. Number=6670
46963. Confirmed=X
46964. Filename=msngta32.exe
46965. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
46966. Source=Paul Collins Startup list
46967.  
46968. [MSNIA]
46969. Number=6671
46970. Confirmed=N
46971. Filename=MSNIASVC.EXE
46972. Description=Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
46973. Source=Paul Collins Startup list
46974.  
46975. [msnload32.exe]
46976. Number=6672
46977. Confirmed=X
46978. Filename=msnload32.exe
46979. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092816-5111-99" target="_blank">BANCOS.M</a> TROJAN!
46980. Source=Paul Collins Startup list
46981.  
46982. [MSNMESENGER]
46983. Number=6673
46984. Confirmed=X
46985. Filename=Main.exe
46986. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
46987. Source=Paul Collins Startup list
46988.  
46989. [msnmessenger]
46990. Number=6674
46991. Confirmed=X
46992. Filename=msnmessenger.exe
46993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbankj.html" target="_blank">BANCBAN-KJ</a> TROJAN!
46994. Source=Paul Collins Startup list
46995.  
46996. [msnmsg]
46997. Number=6675
46998. Confirmed=X
46999. Filename=asgag.exe
47000. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
47001. Source=Paul Collins Startup list
47002.  
47003. [msnmsg]
47004. Number=6676
47005. Confirmed=X
47006. Filename=TBC.exe
47007. Description=Added by an unidentified TROJAN!
47008. Source=Paul Collins Startup list
47009.  
47010. [msnmsg]
47011. Number=6677
47012. Confirmed=X
47013. Filename=msnmsg.exe
47014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerclx.html" target="_blank">BANKER-CLX</a> TROJAN!
47015. Source=Paul Collins Startup list
47016.  
47017. [msnmsg.exe]
47018. Number=6678
47019. Confirmed=X
47020. Filename=mscmd32.exe
47021. Description=Added by a variant of the AGENT.AH TROJAN!
47022. Source=Paul Collins Startup list
47023.  
47024. [msnmsgq32]
47025. Number=6679
47026. Confirmed=X
47027. Filename=msnmsgq.exe
47028. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.H</a> TROJAN!
47029. Source=Paul Collins Startup list
47030.  
47031. [msnmsgq32]
47032. Number=6680
47033. Confirmed=X
47034. Filename=msnmsgq32.exe
47035. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
47036. Source=Paul Collins Startup list
47037.  
47038. [msnmsgq32]
47039. Number=6681
47040. Confirmed=X
47041. Filename=sssasasb32.exe
47042. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
47043. Source=Paul Collins Startup list
47044.  
47045. [msnmsgr]
47046. Number=6682
47047. Confirmed=N
47048. Filename=msnmsgr.exe
47049. Description=MSN Messenger (now superseeded by <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger -> Tools -> Options -> Preferences and uncheck "Run this program when Windows starts"
47050. Source=Paul Collins Startup list
47051.  
47052. [MsnMsgr]
47053. Number=6683
47054. Confirmed=X
47055. Filename=MsnMsgrs.exe
47056. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101313-4906-99" target=_blank>NETSKY-AD</a> WORM!
47057. Source=Paul Collins Startup list
47058.  
47059. [MsnMsgr]
47060. Number=6684
47061. Confirmed=X
47062. Filename=msnmsgr.exe
47063. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32annewfam.html" target="_blank">ANNEW-FAM</a> WORM! Note - this is not the valid MSN Messenger utility
47064. Source=Paul Collins Startup list
47065.  
47066. [msnmsgr32-.exe]
47067. Number=6685
47068. Confirmed=X
47069. Filename=msnmsgr-.exe
47070. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
47071. Source=Paul Collins Startup list
47072.  
47073. [MSNMSGR5]
47074. Number=6686
47075. Confirmed=X
47076. Filename=MSNMSGR5.exe
47077. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PQ" target="_blank">RBOT.PQ</a> WORM!
47078. Source=Paul Collins Startup list
47079.  
47080. [MSNMSGRE]
47081. Number=6687
47082. Confirmed=X
47083. Filename=swef.bat
47084. Description=IRC backdoor TROJAN or WORM!
47085. Source=Paul Collins Startup list
47086.  
47087. [MSNMSGRR]
47088. Number=6688
47089. Confirmed=X
47090. Filename=swin.bat
47091. Description=IRC backdoor TROJAN or WORM!
47092. Source=Paul Collins Startup list
47093.  
47094. [MSNMSGRS]
47095. Number=6689
47096. Confirmed=X
47097. Filename=swe.bat
47098. Description=IRC worm or backdoor trojan!
47099. Source=Paul Collins Startup list
47100.  
47101. [MSNMSGRS]
47102. Number=6690
47103. Confirmed=X
47104. Filename=swiss.bat
47105. Description=IRC worm or backdoor trojan!
47106. Source=Paul Collins Startup list
47107.  
47108. [MSNMSGRS1]
47109. Number=6691
47110. Confirmed=X
47111. Filename=swed.bat
47112. Description=IRC backdoor TROJAN or WORM!
47113. Source=Paul Collins Startup list
47114.  
47115. [msnmsgs.exe]
47116. Number=6692
47117. Confirmed=X
47118. Filename=msnmsgs.exe
47119. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhk.html" target=_blank>BANKER-HK</a> TROJAN! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
47120. Source=Paul Collins Startup list
47121.  
47122. [msnmsgsgs]
47123. Number=6693
47124. Confirmed=X
47125. Filename=msnmsgsgs.exe
47126. Description=Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN!
47127.  
47128. Source=Paul Collins Startup list
47129.  
47130. [msnmsgy]
47131. Number=6694
47132. Confirmed=X
47133. Filename=[path to file]
47134. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereq.html" target="_blank">BANKER-EQ</a> TROJAN!
47135. Source=Paul Collins Startup list
47136.  
47137. [msnnt]
47138. Number=6695
47139. Confirmed=X
47140. Filename=winampb.exe
47141. Description=Chinese originated adware - detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.Agent.tl
47142. Source=Paul Collins Startup list
47143.  
47144. [msnnt]
47145. Number=6696
47146. Confirmed=X
47147. Filename=winampf.exe
47148. Description=Added by the SMALL.DTS TROJAN!
47149. Source=Paul Collins Startup list
47150.  
47151. [MSNPluginSrIvcs]
47152. Number=6697
47153. Confirmed=X
47154. Filename=n3vasap23.exe
47155. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
47156. Source=Paul Collins Startup list
47157.  
47158. [MSNPluginSrvcs]
47159. Number=6698
47160. Confirmed=X
47161. Filename=p6.exe
47162. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKJ&VSect=P" target=_blank>SDBOT.AKJ</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvj.html" target=_blank>RBOT-VJ</a> WORMS!
47163. Source=Paul Collins Startup list
47164.  
47165. [MSNPluginSrvcs]
47166. Number=6699
47167. Confirmed=X
47168. Filename=sagate.exe
47169. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AKJ&VSect=P" target=_blank>SDBOT.AKJ</a> WORM!
47170. Source=Paul Collins Startup list
47171.  
47172. [MSNPlus]
47173. Number=6700
47174. Confirmed=X
47175. Filename=msnplus.exe
47176. Description=Added by the <a href="http://www.sophos.com/security/analyses/trojbankerdan.html" target="_blank">BANKER-DAN</a> TROJAN!
47177. Source=Paul Collins Startup list
47178.  
47179. [MSNS PLUS XP2]
47180. Number=6701
47181. Confirmed=X
47182. Filename=msdupd.exe
47183. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbce.html" target="_blank">RBOT-BCE</a> WORM!
47184. Source=Paul Collins Startup list
47185.  
47186. [msnsched2]
47187. Number=6702
47188. Confirmed=X
47189. Filename=msnsched2.exe
47190. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041412-5949-99" target=_blank>SPYBOT.NNT</a> WORM!
47191. Source=Paul Collins Startup list
47192.  
47193. [MSNService]
47194. Number=6703
47195. Confirmed=X
47196. Filename=MSNService.exe
47197. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110415-2939-99" target="_blank">CARPET.C</a> WORM!
47198. Source=Paul Collins Startup list
47199.  
47200. [msnsgs]
47201. Number=6704
47202. Confirmed=X
47203. Filename=msnsgs.exe
47204. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcheukob.html" target=_blank>CHEUKO-B</a> TROJAN!
47205. Source=Paul Collins Startup list
47206.  
47207. [msnshed]
47208. Number=6705
47209. Confirmed=X
47210. Filename=msnshed.exe
47211. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyn.html" target= blank>RBOT-YN</a> WORM!
47212. Source=Paul Collins Startup list
47213.  
47214. [msnsmgr]
47215. Number=6706
47216. Confirmed=X
47217. Filename=MsnMsr.exe
47218. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyn.html" target="_blank">LOONY-N</a> TROJAN!
47219. Source=Paul Collins Startup list
47220.  
47221. [msnsyslog]
47222. Number=6707
47223. Confirmed=N
47224. Filename=msnappm.exe
47225. Description=Related to <a href="http://www.file.net/process/msnappm.exe.html" target="_blank">Messenger Applications</a>. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying
47226. Source=Paul Collins Startup list
47227.  
47228. [MSNSysRestore]
47229. Number=6708
47230. Confirmed=X
47231. Filename=pc32.exe
47232. Description=Added by a variant of the MASTAK VIRUS!
47233. Source=Paul Collins Startup list
47234.  
47235. [msnToolbaar]
47236. Number=6709
47237. Confirmed=X
47238. Filename=msnmsgesc.exe
47239. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMF&VSect=P" target=_blank>RBOT.BMF</a> WORM!
47240. Source=Paul Collins Startup list
47241.  
47242. [MSObject32]
47243. Number=6710
47244. Confirmed=X
47245. Filename=MSObject32.js
47246. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120111-2845-99" target="_blank">PUN</a> TROJAN!
47247. Source=Paul Collins Startup list
47248.  
47249. [Msoffice]
47250. Number=6711
47251. Confirmed=X
47252. Filename=msoffice.hta
47253. Description=Hijacker - redirecting to Searchdot.net
47254. Source=Paul Collins Startup list
47255.  
47256. [MSOffice]
47257. Number=6712
47258. Confirmed=X
47259. Filename=services.exe
47260. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadereu.html" target=_blank>DLOADER-EU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "MSOffice" subfolder
47261. Source=Paul Collins Startup list
47262.  
47263. [MSOffice32]
47264. Number=6713
47265. Confirmed=X
47266. Filename=msjcf.exe
47267. Description=Added by the <a href="http://www.us.sophos.com/virusinfo/analyses/trojrakera.html" target=_blank>RAKER-A</a> TROJAN!
47268. Source=Paul Collins Startup list
47269.  
47270. [MSOfficeCfg]
47271. Number=6714
47272. Confirmed=X
47273. Filename=msocfg.exe
47274. Description=Premium rate adult content dialer
47275. Source=Paul Collins Startup list
47276.  
47277. [MSOfficeCfg]
47278. Number=6715
47279. Confirmed=X
47280. Filename=navchk.exe
47281. Description=Premium rate adult content dialer
47282. Source=Paul Collins Startup list
47283.  
47284. [MSOfficeCfg]
47285. Number=6716
47286. Confirmed=X
47287. Filename=qservice.exe
47288. Description=Premium rate adult content dialer
47289. Source=Paul Collins Startup list
47290.  
47291. [MSOfficeCfg]
47292. Number=6717
47293. Confirmed=X
47294. Filename=shman.exe
47295. Description=Premium rate adult content dialer
47296. Source=Paul Collins Startup list
47297.  
47298. [MSOfficeCfg]
47299. Number=6718
47300. Confirmed=X
47301. Filename=ssvr.exe
47302. Description=Premium rate adult content dialer
47303. Source=Paul Collins Startup list
47304.  
47305. [msoffwz]
47306. Number=6719
47307. Confirmed=X
47308. Filename=msoffwz.EXE
47309. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhq.html" target=_blank>BANCBAN-HQ</a> TROJAN!
47310. Source=Paul Collins Startup list
47311.  
47312. [msoft-updater23]
47313. Number=6720
47314. Confirmed=X
47315. Filename=mssysstems.exe
47316. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatu.html" target=_blank>RBOT-ATU</a> WORM!
47317. Source=Paul Collins Startup list
47318.  
47319. [msoft-updater23]
47320. Number=6721
47321. Confirmed=X
47322. Filename=slssystem.exe
47323. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasr.html" target=_blank>RBOT-ASR</a> WORM!
47324. Source=Paul Collins Startup list
47325.  
47326. [MSOleath32]
47327. Number=6722
47328. Confirmed=X
47329. Filename=winss.exe
47330. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100491.htm" target=_blank>KATHER</a> TROJAN!
47331. Source=Paul Collins Startup list
47332.  
47333. [MSOOBD]
47334. Number=6723
47335. Confirmed=X
47336. Filename=MSOOBD.EXE
47337. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A" target="_blank">MAGISTR.A</a> VIRUS!
47338. Source=Paul Collins Startup list
47339.  
47340. [mspaint.exe]
47341. Number=6724
47342. Confirmed=X
47343. Filename=check32.exe
47344. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentah.html" target=_blank>AGENT.AH</a> TROJAN!
47345. Source=Paul Collins Startup list
47346.  
47347. [Mspatch69]
47348. Number=6725
47349. Confirmed=X
47350. Filename=[path to trojan]
47351. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092417-2624-99" target="_blank">MPROX</a> TROJAN!
47352. Source=Paul Collins Startup list
47353.  
47354. [Mspatch89]
47355. Number=6726
47356. Confirmed=X
47357. Filename=cnqmax.exe
47358. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092417-1527-99" target="_blank">RANDEX.P</a> WORM!
47359. Source=Paul Collins Startup list
47360.  
47361. [MSPetServ]
47362. Number=6727
47363. Confirmed=X
47364. Filename=PET32.EXE
47365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotve.html" target="_blank">IRCBOT-VE</a> WORM!
47366. Source=Paul Collins Startup list
47367.  
47368. [msping]
47369. Number=6728
47370. Confirmed=X
47371. Filename=msping.exe
47372. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062110-0844-99" target=_blank>FLOODBLACK</a> TROJAN!
47373. Source=Paul Collins Startup list
47374.  
47375. [msping.exe]
47376. Number=6729
47377. Confirmed=X
47378. Filename=msping.exe
47379. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormz.html" target=_blank>MZ</a> TROJAN!
47380. Source=Paul Collins Startup list
47381.  
47382. [MSPluginSrvc]
47383. Number=6730
47384. Confirmed=X
47385. Filename=p3.exe
47386. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwv.html" target= blank>RBOT-WV</a> WORM!
47387. Source=Paul Collins Startup list
47388.  
47389. [MSPLUS]
47390. Number=6731
47391. Confirmed=X
47392. Filename=msplus32.exe
47393. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobam.html" target=_blank>MYTOB-AM</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcl.html" target=_blank>MYTOB-CL</a> WORMS!
47394. Source=Paul Collins Startup list
47395.  
47396. [MSPP System Update 64]
47397. Number=6732
47398. Confirmed=X
47399. Filename=wiaadmgr.exe
47400. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the RANKY.GEN TROJAN!
47401. Source=Paul Collins Startup list
47402.  
47403. [MSPQFile]
47404. Number=6733
47405. Confirmed=X
47406. Filename=MSA****.TMP
47407. Description=Homepage hijacker. See <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=10" target="_blank">here</a> for more information. **** can be anything
47408. Source=Paul Collins Startup list
47409.  
47410. [MSPRO32]
47411. Number=6734
47412. Confirmed=X
47413. Filename=[path to worm]
47414. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091616-2741-99" target=_blank>IBERIO</a> WORM!
47415. Source=Paul Collins Startup list
47416.  
47417. [MSPRO32]
47418. Number=6735
47419. Confirmed=X
47420. Filename=pnp.exe
47421. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.O&VSect=P" target=_blank>ZOTOB.O</a> WORM!
47422. Source=Paul Collins Startup list
47423.  
47424. [MSprotect.exe]
47425. Number=6736
47426. Confirmed=X
47427. Filename=MSprotect.exe
47428. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A" target="_blank">DABYREV.A</a> VIRUS!
47429. Source=Paul Collins Startup list
47430.  
47431. [mspwr]
47432. Number=6737
47433. Confirmed=U
47434. Filename=pupstman.exe
47435. Description="Transparent icon background" feature of <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a>PowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)
47436. Source=Paul Collins Startup list
47437.  
47438. [mspwr]
47439. Number=6738
47440. Confirmed=U
47441. Filename=pupxpman.exe
47442. Description=Related to <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP
47443. Source=Paul Collins Startup list
47444.  
47445. [mspwr]
47446. Number=6739
47447. Confirmed=U
47448. Filename=pwrupst.exe
47449. Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration"
47450. Source=Paul Collins Startup list
47451.  
47452. [mspwr]
47453. Number=6740
47454. Confirmed=U
47455. Filename=PuXpMan2.exe
47456. Description=Related to <a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> Magic Defrag Utility
47457. Source=Paul Collins Startup list
47458.  
47459. [MSPY2002]
47460. Number=6741
47461. Confirmed=N
47462. Filename=ImScInst.exe
47463. Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
47464. Source=Paul Collins Startup list
47465.  
47466. [msqssr]
47467. Number=6742
47468. Confirmed=X
47469. Filename=msqssr.exe
47470. Description=Detected by Kaspersky as the DLUCA.GEN TROJAN!
47471. Source=Paul Collins Startup list
47472.  
47473. [MSR]
47474. Number=6743
47475. Confirmed=X
47476. Filename=msr.exe
47477. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RT" target="_blank">AGOBOT.RT</a> WORM!
47478. Source=Paul Collins Startup list
47479.  
47480. [Msrc]
47481. Number=6744
47482. Confirmed=X
47483. Filename=Msrc.exe
47484. Description=Added by the KRYPTONIC GHOST TROJAN!
47485. Source=Paul Collins Startup list
47486.  
47487. [msrdc]
47488. Number=6745
47489. Confirmed=X
47490. Filename=msrdc.exe
47491. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcxo.html" target="_blank">SDBOT-CXO</a> WORM!
47492. Source=Paul Collins Startup list
47493.  
47494. [msreg.exe]
47495. Number=6746
47496. Confirmed=X
47497. Filename=msrege.exe
47498. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111014-3109-99" target="_blank">ZINX</a> TROJAN!
47499. Source=Paul Collins Startup list
47500.  
47501. [msReg32 Loader]
47502. Number=6747
47503. Confirmed=X
47504. Filename=msreg32.exe
47505. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IU" target="_blank">AGOBOT.IU</a> WORM!
47506. Source=Paul Collins Startup list
47507.  
47508. [MSREGIT]
47509. Number=6748
47510. Confirmed=X
47511. Filename=Msgp.exe
47512. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.13" target="_blank">KRYPGHOS.13</a> TROJAN!
47513. Source=Paul Collins Startup list
47514.  
47515. [MSRegScan]
47516. Number=6749
47517. Confirmed=U
47518. Filename=SGP.exe
47519. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spygator.html" target="_blank">SpyGator</a>  surveillance software. Uninstall this software unless you put it there yourself
47520. Source=Paul Collins Startup list
47521.  
47522. [MSRegScan]
47523. Number=6750
47524. Confirmed=X
47525. Filename=SSDemo.exe
47526. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010614-5630-99" target=_blank>Supremespy</a> spyware
47527. Source=Paul Collins Startup list
47528.  
47529. [MSRegScan]
47530. Number=6751
47531. Confirmed=U
47532. Filename=ETNKL.exe
47533. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072214-3110-99" target="_blank">ComKeylogger</a> surveillance software. Uninstall this software unless you put it there yourself
47534. Source=Paul Collins Startup list
47535.  
47536. [MSRegSvc]
47537. Number=6752
47538. Confirmed=X
47539. Filename=regsvc32.exe
47540. Description=Homepage hijacker that changes your homepage to an adult content site
47541. Source=Paul Collins Startup list
47542.  
47543. [msresear]
47544. Number=6753
47545. Confirmed=X
47546. Filename=[path to trojan]
47547. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojweasywb.html" target=_blank>WEASYW-B</a> TROJAN!
47548. Source=Paul Collins Startup list
47549.  
47550. [msresearch]
47551. Number=6754
47552. Confirmed=X
47553. Filename=msresearch.exe
47554. Description=TROJAN! - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target=_blank>180SearchAssistant</a> adware related
47555. Source=Paul Collins Startup list
47556.  
47557. [msresearch]
47558. Number=6755
47559. Confirmed=X
47560. Filename=tool3.exe
47561. Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
47562. Source=Paul Collins Startup list
47563.  
47564. [msrundll]
47565. Number=6756
47566. Confirmed=X
47567. Filename=msrund1l32.exe
47568. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
47569. Source=Paul Collins Startup list
47570.  
47571. [msrunocx32]
47572. Number=6757
47573. Confirmed=X
47574. Filename=msrunocx32.exe
47575. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110415-2940-99" target="_blank">SKUS</a> WORM!
47576. Source=Paul Collins Startup list
47577.  
47578. [MSSCDL]
47579. Number=6758
47580. Confirmed=U
47581. Filename=MSSCDLL.exe
47582. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062217-4252-99" target= blank>SpyCapture</a> keystroke logger/monitoring program - remove unless you installed it yourself!
47583. Source=Paul Collins Startup list
47584.  
47585. [msserv]
47586. Number=6759
47587. Confirmed=X
47588. Filename=msserv.exe
47589. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojblackloga.html" target=_blank>BLACKLOG-A</a> TROJAN!
47590. Source=Paul Collins Startup list
47591.  
47592. [msserv]
47593. Number=6760
47594. Confirmed=X
47595. Filename=lvsrev.exe
47596. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbrowmonb.html" target="_blank">BROWMON-B</a> TROJAN!
47597. Source=Paul Collins Startup list
47598.  
47599. [msserv32]
47600. Number=6761
47601. Confirmed=X
47602. Filename=msserv32.exe
47603. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotack.html" target= blank>RBOT-ACK</a> WORM!
47604. Source=Paul Collins Startup list
47605.  
47606. [msservice]
47607. Number=6762
47608. Confirmed=X
47609. Filename=msserv.exe
47610. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-061412-5404-99" target="_blank">HYD</a> WORM!
47611. Source=Paul Collins Startup list
47612.  
47613. [MSService_v1.0]
47614. Number=6763
47615. Confirmed=X
47616. Filename=realsched.exe
47617. Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
47618. Source=Paul Collins Startup list
47619.  
47620. [MSService_v1.0]
47621. Number=6764
47622. Confirmed=X
47623. Filename=vfp02.exe
47624. Description=<a href="http://www.sophos.com/virusinfo/analyses/newweb.html" target="_blank">NewWeb</a> adware
47625. Source=Paul Collins Startup list
47626.  
47627. [mssfos]
47628. Number=6765
47629. Confirmed=X
47630. Filename=sfool.exe
47631. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081614-2307-99" target=_blank>RANDEX.EUS</a> WORM!
47632. Source=Paul Collins Startup list
47633.  
47634. [MSSGisg]
47635. Number=6766
47636. Confirmed=X
47637. Filename=[path to file]
47638. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121317-0552-99" target=_blank>RANKY.N</a> TROJAN!
47639. Source=Paul Collins Startup list
47640.  
47641. [MSShow]
47642. Number=6767
47643. Confirmed=X
47644. Filename=MSShow.exe
47645. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobm.html" target=_blank>QQROB-M</a> TROJAN!
47646. Source=Paul Collins Startup list
47647.  
47648. [MSSHVC]
47649. Number=6768
47650. Confirmed=X
47651. Filename=MSSHVC.exe
47652. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080717-0327-99" target="_blank">NUFFY.A</a> WORM!
47653. Source=Paul Collins Startup list
47654.  
47655. [mssonfig]
47656. Number=6769
47657. Confirmed=X
47658. Filename=winupdate.exe
47659. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
47660. Source=Paul Collins Startup list
47661.  
47662. [mssoul]
47663. Number=6770
47664. Confirmed=X
47665. Filename=msmscc2.exe
47666. Description=Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!)
47667.  
47668. Source=Paul Collins Startup list
47669.  
47670. [mssp3]
47671. Number=6771
47672. Confirmed=X
47673. Filename=mssp22.exe
47674. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojibankd.html" target=_blank>IBANK-D</a> TROJAN!
47675. Source=Paul Collins Startup list
47676.  
47677. [MSSQL]
47678. Number=6772
47679. Confirmed=X
47680. Filename=Mssql.exe
47681. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
47682. Source=Paul Collins Startup list
47683.  
47684. [MSSQL for Windows NT & XP]
47685. Number=6773
47686. Confirmed=X
47687. Filename=mssqlsnt.exe
47688. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
47689. Source=Paul Collins Startup list
47690.  
47691. [Msstart]
47692. Number=6774
47693. Confirmed=X
47694. Filename=msstart.exe
47695. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LIVUP.C" target="_blank">LIVUP.C</a> TROJAN!
47696. Source=Paul Collins Startup list
47697.  
47698. [MSStartOptimizer]
47699. Number=6775
47700. Confirmed=X
47701. Filename=Iexpres.exe
47702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!
47703.  
47704. Source=Paul Collins Startup list
47705.  
47706. [MSStartOptimizer]
47707. Number=6776
47708. Confirmed=X
47709. Filename=WINUPD.EXE
47710. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!
47711.  
47712. Source=Paul Collins Startup list
47713.  
47714. [MSStartOptimizer]
47715. Number=6777
47716. Confirmed=X
47717. Filename=SCVHOST.EXE
47718. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!
47719.  
47720. Source=Paul Collins Startup list
47721.  
47722. [msstask]
47723. Number=6778
47724. Confirmed=X
47725. Filename=msstask.exe
47726. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012722-4614-99" target="_blank">MYPARTY</a> WORM!
47727. Source=Paul Collins Startup list
47728.  
47729. [mssurfer lptt01]
47730. Number=6779
47731. Confirmed=X
47732. Filename=mssurfer.exe
47733. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
47734. Source=Paul Collins Startup list
47735.  
47736. [mssurfer ml097e]
47737. Number=6780
47738. Confirmed=X
47739. Filename=mssurfer.exe
47740. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "surfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
47741. Source=Paul Collins Startup list
47742.  
47743. [mssvc]
47744. Number=6781
47745. Confirmed=X
47746. Filename=[path to trojan]
47747. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072515-2959-99" target="_blank">PSK</a> TROJAN!
47748. Source=Paul Collins Startup list
47749.  
47750. [MSSVC]
47751. Number=6782
47752. Confirmed=X
47753. Filename=svcsys.exe
47754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
47755. Source=Paul Collins Startup list
47756.  
47757. [MSSVC.EXE]
47758. Number=6783
47759. Confirmed=Y
47760. Filename=MSSVC.EXE
47761. Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - hides folders, files and applications. Will also encrypt them for better protection
47762. Source=Paul Collins Startup list
47763.  
47764. [mssvc32]
47765. Number=6784
47766. Confirmed=X
47767. Filename=mssvc32.exe
47768. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotme.html" target=_blank>AGOBOT-ME</a> WORM!
47769. Source=Paul Collins Startup list
47770.  
47771. [mssync20]
47772. Number=6785
47773. Confirmed=X
47774. Filename=mssync20.exe
47775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpincqc.html" target="_blank">LDPINC-QC</a> TROJAN!
47776. Source=Paul Collins Startup list
47777.  
47778. [mssys]
47779. Number=6786
47780. Confirmed=X
47781. Filename=mssys.exe
47782. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100210-0759-99" target="_blank">MYSS.B</a> TROJAN!
47783. Source=Paul Collins Startup list
47784.  
47785. [mssysint]
47786. Number=6787
47787. Confirmed=X
47788. Filename=Iexplore .exe
47789. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-060511-5140-99" target="_blank">PWSTEAL.ABCHLP</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083109-1242-99" target="_blank">PSPIDER.310.B</a> TROJANS! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process as there is a space before the ".exe"
47790. Source=Paul Collins Startup list
47791.  
47792. [mssysint]
47793. Number=6788
47794. Confirmed=X
47795. Filename=comime.exe
47796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetsnakei.html" target=_blank>NETSNAKE-I</a> TROJAN!
47797. Source=Paul Collins Startup list
47798.  
47799. [mssyslanhelper]
47800. Number=6789
47801. Confirmed=X
47802. Filename=msmsgri32.exe
47803. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank">RANDEX.D</a> WORM!
47804. Source=Paul Collins Startup list
47805.  
47806. [MsSystem]
47807. Number=6790
47808. Confirmed=X
47809. Filename=msdos.exe
47810. Description=Adult content downloader - see <a href="http://vil.nai.com/vil/content/v_100801.htm" target="_blank">here</a>
47811. Source=Paul Collins Startup list
47812.  
47813. [MsSystem]
47814. Number=6791
47815. Confirmed=X
47816. Filename=mssys.exe
47817. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VANTA.A" target="_blank">VANTA.A</a> TROJAN!
47818. Source=Paul Collins Startup list
47819.  
47820. [MSSYSTEM]
47821. Number=6792
47822. Confirmed=X
47823. Filename=svcsys.exe
47824. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfatoosc.html" target=_blank>FATOOS-C</a> TROJAN!
47825. Source=Paul Collins Startup list
47826.  
47827. [Mstapi]
47828. Number=6793
47829. Confirmed=U
47830. Filename=Mstapi.exe
47831. Description=Keystroke logger/monitoring program - remove unless you installed it yourself!
47832.  
47833. Source=Paul Collins Startup list
47834.  
47835. [Mstask]
47836. Number=6794
47837. Confirmed=X
47838. Filename=mstask.exe
47839. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.N" target="_blank">OPASERV.N</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target="_blank">mstask.exe</a> system file and the executable resides in C:\Windows or C:\WINNT
47840. Source=Paul Collins Startup list
47841.  
47842. [mstask]
47843. Number=6795
47844. Confirmed=X
47845. Filename=mstask.exe
47846. Description=Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/" target=_blank>mstask.exe</a> system file
47847. Source=Paul Collins Startup list
47848.  
47849. [MSTask]
47850. Number=6796
47851. Confirmed=X
47852. Filename=run dll.exe
47853. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-123011-1258-99" target= blank>Yuupsearch</a> adware
47854. Source=Paul Collins Startup list
47855.  
47856. [MStask]
47857. Number=6797
47858. Confirmed=X
47859. Filename=svchost.exe
47860. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbv.html" target=_blank>LDPINCH-BV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder!
47861. Source=Paul Collins Startup list
47862.  
47863. [MsTask]
47864. Number=6798
47865. Confirmed=X
47866. Filename=wstask32.exe
47867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfe.html" target=_blank>MYTOB-FE</a> WORM!
47868. Source=Paul Collins Startup list
47869.  
47870. [Mstask32driver]
47871. Number=6799
47872. Confirmed=X
47873. Filename=Mstask32.exe
47874. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyd.html" target="_blank">LOONY-D</a> TROJAN!
47875. Source=Paul Collins Startup list
47876.  
47877. [MSTaskbar 32]
47878. Number=6800
47879. Confirmed=X
47880. Filename=tbsvc32.exe
47881. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQZ&VSect=P" target=_blank>RBOT.BQZ</a> WORM!
47882. Source=Paul Collins Startup list
47883.  
47884. [mstasks]
47885. Number=6801
47886. Confirmed=X
47887. Filename=mstasks.exe
47888. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidray.html" target=_blank>MULTIDR-AY</a> TROJAN!
47889. Source=Paul Collins Startup list
47890.  
47891. [Mstcgww]
47892. Number=6802
47893. Confirmed=?
47894. Filename=MSTCGWW.EXE
47895. Description=<font color="#FF0000">??</font>
47896. Source=Paul Collins Startup list
47897.  
47898. [mstds.exe]
47899. Number=6803
47900. Confirmed=X
47901. Filename=mstds.exe
47902. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.IPtables&threatid=70511" target="_blank">IPTABLES</a> TROJAN!
47903. Source=Paul Collins Startup list
47904.  
47905. [mstg32.exe]
47906. Number=6804
47907. Confirmed=X
47908. Filename=mstg32.exe
47909. Description=Added by the AGENT.BI TROJAN!
47910. Source=Paul Collins Startup list
47911.  
47912. [MSTMON_N]
47913. Number=6805
47914. Confirmed=N
47915. Filename=MSTMON_N.EXE
47916. Description=Generates an error message on startup if a Konica Minolta printer is not turned on and ready
47917. Source=Paul Collins Startup list
47918.  
47919. [MSTMON_Q]
47920. Number=6806
47921. Confirmed=N
47922. Filename=MSTMON_Q.exe
47923. Description=Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready
47924. Source=Paul Collins Startup list
47925.  
47926. [Mstng32]
47927. Number=6807
47928. Confirmed=X
47929. Filename=MSTng32.exe
47930. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021716-3437-99" target="_blank">TANG</a> WORM!
47931. Source=Paul Collins Startup list
47932.  
47933. [mstsdsc.exe]
47934. Number=6808
47935. Confirmed=X
47936. Filename=mstsdsc.exe
47937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzcd.html" target="_blank">CIMUZ-CD</a> TROJAN!
47938. Source=Paul Collins Startup list
47939.  
47940. [msupd]
47941. Number=6809
47942. Confirmed=X
47943. Filename=msupd.exe
47944. Description=Added by the <a href="http://forums.spywareinfo.com/index.php?showtopic=54649" target=_blank>IEACCESS</a> DIALER! 
47945.  
47946. Source=Paul Collins Startup list
47947.  
47948. [MSUpdate]
47949. Number=6810
47950. Confirmed=X
47951. Filename=wupd.exe
47952. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022515-4233-99" target="_blank">ALADINZ.M</a> TROJAN!
47953. Source=Paul Collins Startup list
47954.  
47955. [MSUpdate]
47956. Number=6811
47957. Confirmed=X
47958. Filename=svchosthlp.exe
47959. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-1932-99" target="_blank">BLASTER.T</a> WORM!
47960. Source=Paul Collins Startup list
47961.  
47962. [msupdate]
47963. Number=6812
47964. Confirmed=X
47965. Filename=msupdate.exe
47966. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmz.html" target=_blank>RBOT-MZ</a> WORM!
47967.  
47968. Source=Paul Collins Startup list
47969.  
47970. [MSUpdate]
47971. Number=6813
47972. Confirmed=X
47973. Filename=criticalUpdate.exe
47974. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
47975. Source=Paul Collins Startup list
47976.  
47977. [msupdate]
47978. Number=6814
47979. Confirmed=X
47980. Filename=update.exe
47981. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
47982. Source=Paul Collins Startup list
47983.  
47984. [Msupdate]
47985. Number=6815
47986. Confirmed=X
47987. Filename=expIorer.exe
47988. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
47989. Source=Paul Collins Startup list
47990.  
47991. [Msupdate]
47992. Number=6816
47993. Confirmed=X
47994. Filename=outIook.exe
47995. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
47996. Source=Paul Collins Startup list
47997.  
47998. [Msupdate]
47999. Number=6817
48000. Confirmed=X
48001. Filename=svchosts.exe
48002. Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
48003. Source=Paul Collins Startup list
48004.  
48005. [Msupdate]
48006. Number=6818
48007. Confirmed=X
48008. Filename=svcrhost.exe
48009. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
48010. Source=Paul Collins Startup list
48011.  
48012. [Msupdate]
48013. Number=6819
48014. Confirmed=X
48015. Filename=svcshost.exe
48016. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
48017. Source=Paul Collins Startup list
48018.  
48019. [MSupdate.exe]
48020. Number=6820
48021. Confirmed=X
48022. Filename=N/A
48023. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - resets home page to an adult content site
48024. Source=Paul Collins Startup list
48025.  
48026. [MSUpdateDevKit]
48027. Number=6821
48028. Confirmed=X
48029. Filename=axfd.exe
48030. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html" target= blank>SDBOT-ZD</a> WORM!
48031. Source=Paul Collins Startup list
48032.  
48033. [MsUpdater System]
48034. Number=6822
48035. Confirmed=X
48036. Filename=udpsys32.exe
48037. Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66137&VName=WORM_RBOT.AAA&VSect=O" target=_blank>RBOT.AAA</a> WORM!
48038. Source=Paul Collins Startup list
48039.  
48040. [MSupdater.exe]
48041. Number=6823
48042. Confirmed=X
48043. Filename=N/A
48044. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Installs the Winshow.dll browser plugin
48045. Source=Paul Collins Startup list
48046.  
48047. [msupdater25]
48048. Number=6824
48049. Confirmed=X
48050. Filename=lsasser.exe
48051. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotats.html" target=_blank>RBOT-ATS</a> WORM!
48052. Source=Paul Collins Startup list
48053.  
48054. [msupdates]
48055. Number=6825
48056. Confirmed=X
48057. Filename=msupdt.exe
48058. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjo.html" target="_blank">RBOT-JO</a> WORM!
48059. Source=Paul Collins Startup list
48060.  
48061. [MSUpdSrv]
48062. Number=6826
48063. Confirmed=X
48064. Filename=msupdsrv.exe
48065. Description=Browser hijacker, redirecting to a adult content site
48066.  
48067. Source=Paul Collins Startup list
48068.  
48069. [msurl]
48070. Number=6827
48071. Confirmed=X
48072. Filename=msurl32.exe
48073. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
48074. Source=Paul Collins Startup list
48075.  
48076. [msuser32.exe]
48077. Number=6828
48078. Confirmed=X
48079. Filename=msuser32.exe
48080. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110712-2413-99" target="_blank">ANDROV</a> TROJAN!
48081. Source=Paul Collins Startup list
48082.  
48083. [MsVBdll]
48084. Number=6829
48085. Confirmed=X
48086. Filename=sys32dll.exe
48087. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021614-4255-99" target=_blank>AIMDES.B</a> or  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021615-4720-99" target=_blank>AIMDES.C</a> WORMS!
48088. Source=Paul Collins Startup list
48089.  
48090. [MsVBdll]
48091. Number=6830
48092. Confirmed=X
48093. Filename=MsVBdll.pif
48094. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021111-0439-99" target=_blank>AIMDES.A</a> WORM!
48095. Source=Paul Collins Startup list
48096.  
48097. [MSVBVM60]
48098. Number=6831
48099. Confirmed=X
48100. Filename=MSVBVBM60.pif
48101. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scoldb.html" target= blank>SCOLD-B</a> WORM!
48102. Source=Paul Collins Startup list
48103.  
48104. [msvc32]
48105. Number=6832
48106. Confirmed=X
48107. Filename=msvc32.exe
48108. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
48109. Source=Paul Collins Startup list
48110.  
48111. [msvc32]
48112. Number=6833
48113. Confirmed=X
48114. Filename=msvc32.exe
48115. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnt.html" target=_blank>AGOBOT-NT</a> WORM!
48116. Source=Paul Collins Startup list
48117.  
48118. [msvcc]
48119. Number=6834
48120. Confirmed=X
48121. Filename=msvchost.exe
48122. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010912-0405-99" target="_blank">XOMBE</a> TROJAN!
48123. Source=Paul Collins Startup list
48124.  
48125. [msvcc25]
48126. Number=6835
48127. Confirmed=X
48128. Filename=svcchost.exe
48129. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
48130. Source=Paul Collins Startup list
48131.  
48132. [msvcc25]
48133. Number=6836
48134. Confirmed=X
48135. Filename=salvage.exe
48136. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
48137. Source=Paul Collins Startup list
48138.  
48139. [msvccc66]
48140. Number=6837
48141. Confirmed=X
48142. Filename=svcchosst.exe
48143. Description=Added by the <a href="http://www.sophos.com/security/analyses/w32rbotgls.html" target="_blank">RBOT-GLS</a> WORM!
48144. Source=Paul Collins Startup list
48145.  
48146. [MSVersion]
48147. Number=6838
48148. Confirmed=X
48149. Filename=INTERNETFEATURES.exe
48150. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
48151. Source=Paul Collins Startup list
48152.  
48153. [MSVersion]
48154. Number=6839
48155. Confirmed=X
48156. Filename=clrschp038.exe
48157. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A" target="_blank">POPMON.A</a> TROJAN! - also known as PopMonster adware
48158. Source=Paul Collins Startup list
48159.  
48160. [msvhost]
48161. Number=6840
48162. Confirmed=X
48163. Filename=aig.exe
48164. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html" target=_blank>AIMBOT-BC</a> TROJAN!
48165. Source=Paul Collins Startup list
48166.  
48167. [msvload32]
48168. Number=6841
48169. Confirmed=X
48170. Filename=msvload32.exe
48171. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaci.html" target= blank>RBOT-ACI</a> WORM!
48172. Source=Paul Collins Startup list
48173.  
48174. [msvsc32]
48175. Number=6842
48176. Confirmed=X
48177. Filename=msdev.exe
48178. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgj.html" target=_blank>RBOT-GJ</a> WORM!
48179.  
48180. Source=Paul Collins Startup list
48181.  
48182. [MSVsmt]
48183. Number=6843
48184. Confirmed=X
48185. Filename=rpcxctx.exe
48186. Description=Added by an unidentified WORM or TROJAN!
48187. Source=Paul Collins Startup list
48188.  
48189. [MSVSync]
48190. Number=6844
48191. Confirmed=X
48192. Filename=videosync.exe
48193. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
48194. Source=Paul Collins Startup list
48195.  
48196. [MSVXD]
48197. Number=6845
48198. Confirmed=X
48199. Filename=MSVXD.EXE
48200. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A" target="_blank">DATOM.A</a> WORM!
48201. Source=Paul Collins Startup list
48202.  
48203. [mswave]
48204. Number=6846
48205. Confirmed=X
48206. Filename=mswave.exe
48207. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
48208. Source=Paul Collins Startup list
48209.  
48210. [Mswavedll]
48211. Number=6847
48212. Confirmed=X
48213. Filename=mswavedll.exe
48214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER-C</a> TROJAN!
48215. Source=Paul Collins Startup list
48216.  
48217. [MSwheel]
48218. Number=6848
48219. Confirmed=U
48220. Filename=mswheel.exe
48221. Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
48222. Source=Paul Collins Startup list
48223.  
48224. [MSWin]
48225. Number=6849
48226. Confirmed=X
48227. Filename=mswin.exe
48228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercu.html" target=_blank>BANKER-CU</a> TROJAN!
48229. Source=Paul Collins Startup list
48230.  
48231. [Mswincfg]
48232. Number=6850
48233. Confirmed=X
48234. Filename=Mswincfg32.exe
48235. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D" target="_blank">CYBRSPY.D</a> TROJAN!
48236. Source=Paul Collins Startup list
48237.  
48238. [MsWindows DRT Drivers]
48239. Number=6851
48240. Confirmed=X
48241. Filename=wsdrt32.exe
48242. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ALT&VSect=T" target=_blank>RBOT.ALT</a> WORM!
48243. Source=Paul Collins Startup list
48244.  
48245. [MsWindows SSL Drivers]
48246. Number=6852
48247. Confirmed=X
48248. Filename=mssl32.exe
48249. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.API&VSect=T" target=_blank>SPYBOT.API</a> WORM!
48250. Source=Paul Collins Startup list
48251.  
48252. [MsWindows SysDate]
48253. Number=6853
48254. Confirmed=X
48255. Filename=sysmsvc.exe
48256. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-5125-99" target=_blank>SPYBOT.FCD</a> WORM!
48257. Source=Paul Collins Startup list
48258.  
48259. [MSWindows Syspg]
48260. Number=6854
48261. Confirmed=X
48262. Filename=mspg32.exe
48263. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottb.html" target=_blank>RBOT-TB</a> WORM!
48264. Source=Paul Collins Startup list
48265.  
48266. [MSWindowsUpdate]
48267. Number=6855
48268. Confirmed=X
48269. Filename=Systern.exe
48270. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafd.html" target=_blank>RBOT-AFD</a> WORM!
48271. Source=Paul Collins Startup list
48272.  
48273. [MSWindowsUpdate]
48274. Number=6856
48275. Confirmed=X
48276. Filename=mswinup.exe
48277. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
48278. Source=Paul Collins Startup list
48279.  
48280. [Mswinpid32]
48281. Number=6857
48282. Confirmed=X
48283. Filename=mswinpid32.exe
48284. Description=Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
48285.  
48286. Source=Paul Collins Startup list
48287.  
48288. [MSWinSrv]
48289. Number=6858
48290. Confirmed=X
48291. Filename=MSWinSrv.exe
48292. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052712-1255-99" target=_blank>MTRON</a> TROJAN!
48293. Source=Paul Collins Startup list
48294.  
48295. [MSWinSrv32]
48296. Number=6859
48297. Confirmed=X
48298. Filename=MSWinSrv32.exe
48299. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmtronb.html" target=_blank>MTRON-B</a> TROJAN!
48300. Source=Paul Collins Startup list
48301.  
48302. [MSWinupd]
48303. Number=6860
48304. Confirmed=U
48305. Filename=winupd.exe
48306. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderye.html" target=_blank>DLOADER-YE</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaa.html" target=_blank>DLOADR-AAA</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzf.html" target=_blank>DLOADER-ZF</a> TROJAN!
48307. Source=Paul Collins Startup list
48308.  
48309. [MSWinupdate]
48310. Number=6861
48311. Confirmed=X
48312. Filename=winupdate.exe
48313. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraaw.html" target=_blank>DLOADR-AAW</a> TROJAN!
48314. Source=Paul Collins Startup list
48315.  
48316. [MsWinVgr]
48317. Number=6862
48318. Confirmed=X
48319. Filename=msvgr.exe
48320. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101815-3906-99" target=_blank>MYTOB.LE</a> WORM!
48321. Source=Paul Collins Startup list
48322.  
48323. [mswiz32]
48324. Number=6863
48325. Confirmed=X
48326. Filename=mswiz32.exe
48327. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stratiobg.html" target="_blank">STRATIO-BG</a> WORM!
48328. Source=Paul Collins Startup list
48329.  
48330. [mswkork Service]
48331. Number=6864
48332. Confirmed=X
48333. Filename=msework.exe
48334. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
48335. Source=Paul Collins Startup list
48336.  
48337. [msword]
48338. Number=6865
48339. Confirmed=X
48340. Filename=msword.exe
48341. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadr.html" target=_blank>RBOT-ADR</a> WORM!
48342. Source=Paul Collins Startup list
48343.  
48344. [mswspl]
48345. Number=6866
48346. Confirmed=X
48347. Filename=[random filename]
48348. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ" target="_blank">SMALL.IQ</a> TROJAN!
48349. Source=Paul Collins Startup list
48350.  
48351. [mswspl]
48352. Number=6867
48353. Confirmed=X
48354. Filename=searchbarcash.exe
48355. Description=SearchBarCash adware
48356. Source=Paul Collins Startup list
48357.  
48358. [mswspl]
48359. Number=6868
48360. Confirmed=X
48361. Filename=vnmispoisn downloader.exe
48362. Description=SearchBarCash adware variant
48363. Source=Paul Collins Startup list
48364.  
48365. [mswspl]
48366. Number=6869
48367. Confirmed=X
48368. Filename=plugin1.exe
48369. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ" target=_blank>SMALL.IQ</a> TROJAN!
48370. Source=Paul Collins Startup list
48371.  
48372. [msxct]
48373. Number=6870
48374. Confirmed=X
48375. Filename=msxct.exe
48376. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072519" target=_blank>eXact Advertising</a> (NaviSearch, BargainBuddy, CashBack) adware
48377. Source=Paul Collins Startup list
48378.  
48379. [Msy1 Startups]
48380. Number=6871
48381. Confirmed=X
48382. Filename=msyj32.exe
48383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqq.html" target= blank>AGOBOT-QQ</a> WORM!
48384. Source=Paul Collins Startup list
48385.  
48386. [msys lptt01]
48387. Number=6872
48388. Confirmed=X
48389. Filename=msys.exe
48390. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Msyss" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
48391. Source=Paul Collins Startup list
48392.  
48393. [Msys32]
48394. Number=6873
48395. Confirmed=X
48396. Filename=morfitwebentrance.exe
48397. Description=Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage
48398. Source=Paul Collins Startup list
48399.  
48400. [MSysDrv]
48401. Number=6874
48402. Confirmed=X
48403. Filename=msdrv.exe
48404. Description=Added by the VB.WF TROJAN!
48405. Source=Paul Collins Startup list
48406.  
48407. [ms_anti_spyware]
48408. Number=6875
48409. Confirmed=X
48410. Filename=mwfirewall.exe
48411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102012-4020-99" target=_blank>GAMQOWI</a> TROJAN!
48412. Source=Paul Collins Startup list
48413.  
48414. [ms_anti_spywarebxp]
48415. Number=6876
48416. Confirmed=X
48417. Filename=mwfirebpx.exe
48418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsurilad.html" target=_blank>SURILA-D</a> TROJAN!
48419. Source=Paul Collins Startup list
48420.  
48421. [ms_anti_spywarebxp]
48422. Number=6877
48423. Confirmed=X
48424. Filename=mwfibpx.exe
48425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsurilaj.html" target=_blank>SURILA-J</a> TROJAN!
48426. Source=Paul Collins Startup list
48427.  
48428. [MS_LARISSA]
48429. Number=6878
48430. Confirmed=X
48431. Filename=MS_LARISSA.exe
48432. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022300-0309-99" target=_blank>ASSIRAL</a> WORM!
48433. Source=Paul Collins Startup list
48434.  
48435. [MS_NETD_WIN32]
48436. Number=6879
48437. Confirmed=X
48438. Filename=netd32.EXE
48439. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
48440. Source=Paul Collins Startup list
48441.  
48442. [MS_SETUP.EXE]
48443. Number=6880
48444. Confirmed=X
48445. Filename=MS_SETUP.EXE
48446. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061213-3711-99" target="_blank">CHARGE</a> TROJAN!
48447. Source=Paul Collins Startup list
48448.  
48449. [MS_Update Check]
48450. Number=6881
48451. Confirmed=X
48452. Filename=wdfmgr.exe
48453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottb.html" target=_blank>AGOBOT-TB</a> WORM!
48454. Source=Paul Collins Startup list
48455.  
48456. [Mtr2]
48457. Number=6882
48458. Confirmed=X
48459. Filename=mtr2.exe
48460. Description=Added by the KRYPTONIC GHOST TROJAN!
48461. Source=Paul Collins Startup list
48462.  
48463. [MUAL]
48464. Number=6883
48465. Confirmed=U
48466. Filename=mual.exe
48467. Description=Millesky video mail updater and launcher
48468. Source=Paul Collins Startup list
48469.  
48470. [muamgr]
48471. Number=6884
48472. Confirmed=N
48473. Filename=muamgr.exe
48474. Description=Using <a href="http://www.microangelo.us/" target="_blank">MicroAngelo</a> On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
48475. Source=Paul Collins Startup list
48476.  
48477. [Mufix]
48478. Number=6885
48479. Confirmed=?
48480. Filename=mufix.exe
48481. Description=Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - <font color="#FF0000">what does it do and is it required</font>
48482. Source=Paul Collins Startup list
48483.  
48484. [mule_st_key]
48485. Number=6886
48486. Confirmed=X
48487. Filename=flec006.exe
48488. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.AV" target="_blank">BAGLE.AV</a> TROJAN!
48489. Source=Paul Collins Startup list
48490.  
48491. [Multi-function keyboard]
48492. Number=6887
48493. Confirmed=U
48494. Filename=GWHotkey.exe
48495. Description=Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)
48496. Source=Paul Collins Startup list
48497.  
48498. [MultiCAM Initializer]
48499. Number=6888
48500. Confirmed=U
48501. Filename=MCamBoot.exe
48502. Description=The MultiCAM Initializer is part of the MultiCAM software package provided by <a href="http://www.vistaimaging.com/multicam.htm" target="_blank">Vista Imaging</a> in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled
48503. Source=Paul Collins Startup list
48504.  
48505. [Multimedia Codecs]
48506. Number=6889
48507. Confirmed=X
48508. Filename=mcc.exe
48509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadermb.html" target=_blank>DLOADER-MB</a> TROJAN!
48510. Source=Paul Collins Startup list
48511.  
48512. [Multimedia extensions]
48513. Number=6890
48514. Confirmed=X
48515. Filename=mservice.exe
48516. Description=<a href="http://sarc.com/avcenter/venc/data/adware.easysearch.html" target=_blank>EasySearch</a> adware
48517. Source=Paul Collins Startup list
48518.  
48519. [Multimedia extensions]
48520. Number=6891
48521. Confirmed=X
48522. Filename=[path to trojan]
48523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojSMUTSRCHa.html" target=_blank>SMUTSRCH-A</a> TROJAN!
48524. Source=Paul Collins Startup list
48525.  
48526. [Multimedia extensions]
48527. Number=6892
48528. Confirmed=X
48529. Filename=mservice1.exe
48530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawd.html" target="_blank">DLOADR-AWD</a> TROJAN!
48531. Source=Paul Collins Startup list
48532.  
48533. [Multimedia KBD]
48534. Number=6893
48535. Confirmed=U
48536. Filename=MMKeybd.exe
48537. Description=Multimedia keyboard manager. Required if you use the additional keys
48538. Source=Paul Collins Startup list
48539.  
48540. [MULTIMEDIA KEYBOARD]
48541. Number=6894
48542. Confirmed=U
48543. Filename=MMKeybd.exe
48544. Description=Multimedia keyboard manager. Required if you use the additional keys
48545. Source=Paul Collins Startup list
48546.  
48547. [multiran]
48548. Number=6895
48549. Confirmed=X
48550. Filename=multiran.exe
48551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiame.html" target=_blank>COSIAM-E</a> TROJAN!
48552. Source=Paul Collins Startup list
48553.  
48554. [MultiRes]
48555. Number=6896
48556. Confirmed=U
48557. Filename=MultiRes.exe
48558. Description=<a href="http://www.entechtaiwan.com/" target="_blank">MultiRes</a> - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP
48559. Source=Paul Collins Startup list
48560.  
48561. [MUPS]
48562. Number=6897
48563. Confirmed=U
48564. Filename=MUPS.exe
48565. Description=Lauches the <a href="http://www.belkin.com/" target="_blank">Belkin</a> Bulldog Plus Service - required if you want to access the UPS advanced functions
48566. Source=Paul Collins Startup list
48567.  
48568. [murphy shield]
48569. Number=6898
48570. Confirmed=Y
48571. Filename=lmgui.exe
48572. Description=Firewall part of <a href="http://www.bitdefender.com/" target="_blank">BitDefender</a> virus scanner/firewall
48573. Source=Paul Collins Startup list
48574.  
48575. [Music01 Server]
48576. Number=6899
48577. Confirmed=N
48578. Filename=Music01 Server.exe
48579. Description=J River <a target="_blank" href="http://www.musicex.com/mediajukebox/">Media Jukebox</a>
48580. Source=Paul Collins Startup list
48581.  
48582. [MusIRC (irc.music.com) client]
48583. Number=6900
48584. Confirmed=X
48585. Filename=musirc4.71.exe
48586. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q" target=_blank>RANDEX.Q</a> WORM!
48587. Source=Paul Collins Startup list
48588.  
48589. [Mustek MDC 3000]
48590. Number=6901
48591. Confirmed=?
48592. Filename=Mounter.exe
48593. Description=Related to software for the Mustek <a href="http://www.ciao.co.uk/Mustek_MDC_3000__5303302" target="_blank">MDC 3000</a> digital camera - <font color="#FF0000">what does it do and is it required?</font>
48594. Source=Paul Collins Startup list
48595.  
48596. [MutexServiceEx]
48597. Number=6902
48598. Confirmed=N
48599. Filename=Sys32Smm.exe
48600. Description=Webroot Sofware's discontinued "Privacy Master"
48601. Source=Paul Collins Startup list
48602.  
48603. [MVRescue]
48604. Number=6903
48605. Confirmed=U
48606. Filename=mvrescue
48607. Description=Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004
48608.  
48609. Source=Paul Collins Startup list
48610.  
48611. [mvsyswina]
48612. Number=6904
48613. Confirmed=X
48614. Filename=acsysiom.exe
48615. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
48616. Source=Paul Collins Startup list
48617.  
48618. [MW1HelperStartUp]
48619. Number=6905
48620. Confirmed=U
48621. Filename=Mw1helper.exe
48622. Description=ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
48623. Source=Paul Collins Startup list
48624.  
48625. [MW1HelperStartUp]
48626. Number=6906
48627. Confirmed=U
48628. Filename=MW1HEL~1.EXE
48629. Description=ScreenScenes "Magic Waterfall" screensaver. The freeware version comes with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target="_blank">GAIN</a> branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
48630. Source=Paul Collins Startup list
48631.  
48632. [mwavscan]
48633. Number=6907
48634. Confirmed=U
48635. Filename=mwavscan.com
48636. Description=MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive
48637. Source=Paul Collins Startup list
48638.  
48639. [MWLExe]
48640. Number=6908
48641. Confirmed=U
48642. Filename=MwlGui.exe
48643. Description=Part of McAfee <a href="http://us.mcafee.com/root/package.asp?pkgid=278" target="_blank">Wireless Protection</a> for Wi-Fi users
48644. Source=Paul Collins Startup list
48645.  
48646. [MWProEng]
48647. Number=6909
48648. Confirmed=N
48649. Filename=MWProEng.exe
48650. Description=Logitech Mouseware Pro software - only required when using special functions
48651. Source=Paul Collins Startup list
48652.  
48653. [MWSnap]
48654. Number=6910
48655. Confirmed=N
48656. Filename=MWSnap.exe
48657. Description=<a href="http://www.mirekw.com/winfreeware/mwsnap.html" target="_blank">MWSnap</a> - screen capture utility. Start manually when required
48658. Source=Paul Collins Startup list
48659.  
48660. [mwsoemon]
48661. Number=6911
48662. Confirmed=X
48663. Filename=mwsoemon.exe
48664. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MyWebSearch%20Toolbar&threatid=14137" target="_blank">MyWebSearch</a> parasite
48665. Source=Paul Collins Startup list
48666.  
48667. [Mwsvm]
48668. Number=6912
48669. Confirmed=X
48670. Filename=mwsvm.exe
48671. Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>
48672.  
48673. Source=Paul Collins Startup list
48674.  
48675. [mxb2]
48676. Number=6913
48677. Confirmed=X
48678. Filename=[path to worm]
48679. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotg.html" target=_blank>IXBOT-G</a> WORM!
48680.  
48681. Source=Paul Collins Startup list
48682.  
48683. [MxHLp32]
48684. Number=6914
48685. Confirmed=X
48686. Filename=MxHLp32.exe
48687. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
48688. Source=Paul Collins Startup list
48689.  
48690. [MXO Auto Loader]
48691. Number=6915
48692. Confirmed=U
48693. Filename=MXOaldr.exe
48694. Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
48695. Source=Paul Collins Startup list
48696.  
48697. [MXOBG]
48698. Number=6916
48699. Confirmed=U
48700. Filename=MXOALDR.EXE
48701. Description=Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
48702. Source=Paul Collins Startup list
48703.  
48704. [mxomssmenu]
48705. Number=6917
48706. Confirmed=?
48707. Filename=maxmenumgr.exe
48708. Description=Related to <a href="http://www.maxtor.com/" target="_blank">Maxtor's</a> One Touch series of external hard drives. <font color="#FF0000">What does it do and is it required?</a>
48709. Source=Paul Collins Startup list
48710.  
48711. [MxRunner]
48712. Number=6918
48713. Confirmed=U
48714. Filename=MxRunner.exe
48715. Description=EasyUninstall from Aladdin Systems (formerly by Ontrack)
48716. Source=Paul Collins Startup list
48717.  
48718. [My Agent]
48719. Number=6919
48720. Confirmed=X
48721. Filename=msagent.exe
48722. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
48723. Source=Paul Collins Startup list
48724.  
48725. [My App]
48726. Number=6920
48727. Confirmed=X
48728. Filename=SMSSvc.exe
48729. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A" target="_blank">NEGASMS.A</a> TROJAN!
48730. Source=Paul Collins Startup list
48731.  
48732. [My Search Bar Eq]
48733. Number=6921
48734. Confirmed=X
48735. Filename=S4BAREQ.EXE
48736. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090717" target="_blank">MySearch</a> parasite
48737.  
48738. Source=Paul Collins Startup list
48739.  
48740. [My Web Search Bar]
48741. Number=6922
48742. Confirmed=X
48743. Filename=MWSBAR.DLL
48744. Description=<a href="http://www.spyany.com/files/Mwsbar_dll.html" target="_blank">MyWay</a> - an IE Browser Helper Object used by adware WebSearch to add an IE toolbar to provide search features, and hijack browser search requests to its controlling servers run by MyWay
48745. Source=Paul Collins Startup list
48746.  
48747. [My-disgo]
48748. Number=6923
48749. Confirmed=U
48750. Filename=MyKey disgo.exe
48751. Description=Related to <a href="http://www.mydisgo.com/" target="_blank">disgo</a> pro. Program will synchronize data
48752. Source=Paul Collins Startup list
48753.  
48754. [MyAccessMedia]
48755. Number=6924
48756. Confirmed=X
48757. Filename=tmp**.exe [* = random char/digit]
48758. Description=My AccessMedia toolbar related, stealth installed!
48759. Source=Paul Collins Startup list
48760.  
48761. [MyAgtTry]
48762. Number=6925
48763. Confirmed=U
48764. Filename=MyAgtTry.exe
48765. Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
48766. Source=Paul Collins Startup list
48767.  
48768. [Myapp]
48769. Number=6926
48770. Confirmed=X
48771. Filename=[filename]
48772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092617-0957-99" target="_blank">FATEE.B</a> WORM!
48773. Source=Paul Collins Startup list
48774.  
48775. [Myapp]
48776. Number=6927
48777. Confirmed=X
48778. Filename=service.exe
48779. Description=Homepage hijacker
48780. Source=Paul Collins Startup list
48781.  
48782. [MyAV]
48783. Number=6928
48784. Confirmed=X
48785. Filename=avpguard.exe
48786. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030815-2837-99" target="_blank">NETSKY.J</a> WORM!
48787. Source=Paul Collins Startup list
48788.  
48789. [MyCIO Agent Service]
48790. Number=6929
48791. Confirmed=Y
48792. Filename=myagtsvc.exe
48793. Description=McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> Agent service
48794. Source=Paul Collins Startup list
48795.  
48796. [myCIO.com ASaP]
48797. Number=6930
48798. Confirmed=U
48799. Filename=MyAgtTry.exe
48800. Description=System tray notification for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner. Not required to be protected but you lose notifications
48801. Source=Paul Collins Startup list
48802.  
48803. [myCIO.com Splash]
48804. Number=6931
48805. Confirmed=N
48806. Filename=Splash.exe
48807. Description=Splash screen for McAfee <a href="http://www.mcafeeasap.com/content/virusscan_asap/default.asp" target="_blank">VirusScan ASaP</a> on-line scanner
48808. Source=Paul Collins Startup list
48809.  
48810. [MyCometCursor]
48811. Number=6932
48812. Confirmed=X
48813. Filename=MYCOME~1.EXE
48814. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
48815. Source=Paul Collins Startup list
48816.  
48817. [MyDailyHoroscope]
48818. Number=6933
48819. Confirmed=X
48820. Filename=MYDAIL~1.EXE
48821. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090414-4356-99" target="_blank">MyDailyHoroscope</a> foistware
48822. Source=Paul Collins Startup list
48823.  
48824. [MyDailyHoroscope]
48825. Number=6934
48826. Confirmed=X
48827. Filename=MyDailyHoroscope.exe
48828. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090414-4356-99" target="_blank">MyDailyHoroscope</a> foistware
48829. Source=Paul Collins Startup list
48830.  
48831. [MyEmoticons]
48832. Number=6935
48833. Confirmed=U
48834. Filename=MYEMOTICONS.EXE
48835. Description=<a href="http://www.myemoticons.com/" target=_blank>MyEmoticons</a> from Persona Ltd - add icons (emoticons) to your E-mail
48836.  
48837. Source=Paul Collins Startup list
48838.  
48839. [MyFastAccess]
48840. Number=6936
48841. Confirmed=X
48842. Filename=myfastupdate.exe
48843. Description=My-Fast-Access toolbar updater
48844. Source=Paul Collins Startup list
48845.  
48846. [myhuy]
48847. Number=6937
48848. Confirmed=X
48849. Filename=huy.exe
48850. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32blasterc.html" target=_blank>BLASTER-C</a> WORM!
48851. Source=Paul Collins Startup list
48852.  
48853. [myhuy]
48854. Number=6938
48855. Confirmed=X
48856. Filename=huy2.exe
48857. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32blasterl.html" target=_blank>BLASTER-L</a> WORM!
48858. Source=Paul Collins Startup list
48859.  
48860. [MyIE.exe]
48861. Number=6939
48862. Confirmed=U
48863. Filename=MyIE.exe
48864. Description=<a href="http://www.myie2.com/html_en/home.htm" target="_blank">MyIE2/Maxthon</a> browser related
48865. Source=Paul Collins Startup list
48866.  
48867. [MyLife]
48868. Number=6940
48869. Confirmed=X
48870. Filename=CmdServ.exe
48871. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
48872. Source=Paul Collins Startup list
48873.  
48874. [myMh2]
48875. Number=6941
48876. Confirmed=X
48877. Filename=iexpl0re.exe
48878. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.FAI" target="_blank">DELF.FAI</a> TROJAN!
48879. Source=Paul Collins Startup list
48880.  
48881. [myNetWatchman]
48882. Number=6942
48883. Confirmed=U
48884. Filename=nwclient.exe
48885. Description=Sends your firewall alerts to a <a href="http://www.mynetwatchman.com/" target="_blank">website</a>, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
48886. Source=Paul Collins Startup list
48887.  
48888. [MyPointsPointAlert]
48889. Number=6943
48890. Confirmed=X
48891. Filename=wjview ...MyPointsPointAlertrun.exe
48892. Description="With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
48893. Source=Paul Collins Startup list
48894.  
48895. [MyPopupKiller]
48896. Number=6944
48897. Confirmed=U
48898. Filename=mpk.exe
48899. Description=<a href="http://www.nirsoft.net/utils/mpk.html" target=_blank>MyPopupKiller</a> - popup killer
48900.  
48901. Source=Paul Collins Startup list
48902.  
48903. [myprint mileage]
48904. Number=6945
48905. Confirmed=U
48906. Filename=mpm.exe
48907. Description=Reports battery status on a portable printer
48908. Source=Paul Collins Startup list
48909.  
48910. [Mysee Alert]
48911. Number=6946
48912. Confirmed=X
48913. Filename=Mysee Alert.exe
48914. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MySee%20Alert&threatid=45751" target="_blank">MySee Alert</a> adware
48915. Source=Paul Collins Startup list
48916.  
48917. [MyShares]
48918. Number=6947
48919. Confirmed=X
48920. Filename=MyShares.exe
48921. Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware
48922. Source=Paul Collins Startup list
48923.  
48924. [MySLScan]
48925. Number=6948
48926. Confirmed=X
48927. Filename=msvc32.exe
48928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteh.html" target=_blank>FORBOT-EH</a> WORM!
48929. Source=Paul Collins Startup list
48930.  
48931. [mysoft]
48932. Number=6949
48933. Confirmed=X
48934. Filename=winexplor.exe
48935. Description=Browser hijacker, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpajr.html" target= blank>STARTPA-JR</a> TROJAN!
48936. Source=Paul Collins Startup list
48937.  
48938. [MySoftware NewsFlash]
48939. Number=6950
48940. Confirmed=N
48941. Filename=Newsflsh.exe
48942. Description=Runs in your task bar and receives alerts and release information on <a href="http://www.avanquestusa.com/products/mysoftware/default.asp" target="_blank">MySoftware</a> products from Avenquest
48943. Source=Paul Collins Startup list
48944.  
48945. [MySpaceIM]
48946. Number=6951
48947. Confirmed=N
48948. Filename=MySpaceIM.exe
48949. Description=<a href="http://collect.myspace.com/index.cfm?fuseaction=im.download" target="_blank">MySpaceIM</a> internet messenger
48950. Source=Paul Collins Startup list
48951.  
48952. [mysvcig38]
48953. Number=6952
48954. Confirmed=X
48955. Filename=mysvcc.exe
48956. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfou.html" target="_blank">RBOT-FOU</a> WORM!
48957. Source=Paul Collins Startup list
48958.  
48959. [mysvcig38]
48960. Number=6953
48961. Confirmed=X
48962. Filename=recsl.exe
48963. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfou.html" target="_blank">RBOT-FOU</a> WORM!
48964. Source=Paul Collins Startup list
48965.  
48966. [MyTam]
48967. Number=6954
48968. Confirmed=X
48969. Filename=MyTam.exe
48970. Description=<a href="http://spywarefiles.prevx.com/RRHJEF27863284/MYTAM.EXE.html" target="_blank">Covert Sys Exec</a> malware variant
48971. Source=Paul Collins Startup list
48972.  
48973. [MytekSystrayExePath]
48974. Number=6955
48975. Confirmed=U
48976. Filename=MyTekSystray.exe
48977. Description=<a href="http://www.mytek.com.au/" target="_blank">MyTek</a> system tray - web site providing computer tech support in Australia
48978. Source=Paul Collins Startup list
48979.  
48980. [MyTotalSearch Email Plugin]
48981. Number=6956
48982. Confirmed=X
48983. Filename=mtsoemon.exe
48984. Description=<a href="http://www.spynet.com/spyware/spyware-My-Total-Search-Toolbar.aspx" target=_blank>MyTotalSearchBar</a> adware
48985. Source=Paul Collins Startup list
48986.  
48987. [MyVBApp]
48988. Number=6957
48989. Confirmed=X
48990. Filename=SysNT.exe
48991. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.referad.html" target=_blank>ReferAd</a> adware
48992. Source=Paul Collins Startup list
48993.  
48994. [MyVBApp]
48995. Number=6958
48996. Confirmed=X
48997. Filename=install.exe
48998. Description=Detected as Generic Downloader.s by McAfee, probable variant of <a href="http://www.sarc.com/avcenter/venc/data/adware.referad.html" target=_blank>ReferAd</a> adware!
48999. Source=Paul Collins Startup list
49000.  
49001. [MyVBApp]
49002. Number=6959
49003. Confirmed=X
49004. Filename=setup.exe
49005. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as the Clicker.Win32.VB.kb TROJAN! File location is in the Root folder (C:\), (D:\), etc
49006. Source=Paul Collins Startup list
49007.  
49008. [MyVirt.exe]
49009. Number=6960
49010. Confirmed=X
49011. Filename=MyVirt.exe
49012. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!
49013.  
49014. Source=Paul Collins Startup list
49015.  
49016. [MyVitalAgent]
49017. Number=6961
49018. Confirmed=U
49019. Filename=VtlAgent.exe
49020. Description=<a href="http://www.lucent.com/solutions/netops_enter.html" target=_blank>MyVitalAgent</a> from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the location of connection problems. Available via Start -> Programs
49021.  
49022. Source=Paul Collins Startup list
49023.  
49024. [MyWebSearch Email Plugin]
49025. Number=6962
49026. Confirmed=X
49027. Filename=mwsoemon.exe
49028. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MyWebSearch%20Toolbar&threatid=14137" target="_blank">MyWebSearch</a> parasite
49029. Source=Paul Collins Startup list
49030.  
49031. [N2PTray]
49032. Number=6963
49033. Confirmed=U
49034. Filename=Net2fone.exe
49035. Description=An Internet telephony application. Needed only if you have an account at <a href="http://web.net2phone.com/" target="_blank">Net2Phone, Inc</a>
49036. Source=Paul Collins Startup list
49037.  
49038. [NADaemon]
49039. Number=6964
49040. Confirmed=N
49041. Filename=NADAEMON.EXE
49042. Description=Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
49043. Source=Paul Collins Startup list
49044.  
49045. [Naggerrunkey]
49046. Number=6965
49047. Confirmed=N
49048. Filename=nagger.exe
49049. Description=Packard Bell Free Internet Signup screen
49050. Source=Paul Collins Startup list
49051.  
49052. [Naimagent_service]
49053. Number=6966
49054. Confirmed=Y
49055. Filename=EPOAgentnaimas32.exe
49056. Description=Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
49057. Source=Paul Collins Startup list
49058.  
49059. [Naimagent_UI]
49060. Number=6967
49061. Confirmed=Y
49062. Filename=EPOAgentnaimag32.exe
49063. Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
49064. Source=Paul Collins Startup list
49065.  
49066. [Naimagent_UI]
49067. Number=6968
49068. Confirmed=Y
49069. Filename=naimag32.exe
49070. Description=Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
49071. Source=Paul Collins Startup list
49072.  
49073. [Name]
49074. Number=6969
49075. Confirmed=X
49076. Filename=Iexplorer0.exe
49077. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011013-2241-99" target="_blank">THREADSYS</a> TROJAN!
49078. Source=Paul Collins Startup list
49079.  
49080. [Name Server]
49081. Number=6970
49082. Confirmed=X
49083. Filename=mswins.exe
49084. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
49085. Source=Paul Collins Startup list
49086.  
49087. [NAMEDPIPE SYSTEM]
49088. Number=6971
49089. Confirmed=X
49090. Filename=namedpipe.exe
49091. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfh.html" target=_blank>MYTOB-FH</a> TROJAN!
49092. Source=Paul Collins Startup list
49093.  
49094. [nano]
49095. Number=6972
49096. Confirmed=X
49097. Filename=svchost.exe
49098. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnanoa.html" target=_blank>NANO-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
49099. Source=Paul Collins Startup list
49100.  
49101. [NAP32]
49102. Number=6973
49103. Confirmed=X
49104. Filename=NAP32.exe
49105. Description=Premium rate adult content dialler
49106. Source=Paul Collins Startup list
49107.  
49108. [Narrator]
49109. Number=6974
49110. Confirmed=X
49111. Filename=******.exe [* = random char]
49112. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
49113. Source=Paul Collins Startup list
49114.  
49115. [Narrator]
49116. Number=6975
49117. Confirmed=U
49118. Filename=Narrator.exe
49119. Description=Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
49120. Source=Paul Collins Startup list
49121.  
49122. [Natal]
49123. Number=6976
49124. Confirmed=X
49125. Filename=Natal.scr
49126. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010716-2851-99" target="_blank">OPASERV.AE</a> WORM!
49127. Source=Paul Collins Startup list
49128.  
49129. [NAV]
49130. Number=6977
49131. Confirmed=X
49132. Filename=RuxDLL32.exe
49133. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083013-5647-99" target="_blank">MAPSON.D</a> WORM!
49134. Source=Paul Collins Startup list
49135.  
49136. [NAV Agent]
49137. Number=6978
49138. Confirmed=Y
49139. Filename=navapw32.exe
49140. Description=Norton Anti-Virus's background scanning process 
49141. Source=Paul Collins Startup list
49142.  
49143. [nAv AGENT]
49144. Number=6979
49145. Confirmed=X
49146. Filename=N/A
49147. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090917-5916-99" target="_blank">RIOSYS</a> MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes
49148. Source=Paul Collins Startup list
49149.  
49150. [NAV Agent]
49151. Number=6980
49152. Confirmed=X
49153. Filename=systems.exe
49154. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-1636-99" target="_blank">TARNO.C</a> TROJAN! Note - this is not the valid Norton Antivirus entry of the same name
49155. Source=Paul Collins Startup list
49156.  
49157. [NAV Agent]
49158. Number=6981
49159. Confirmed=X
49160. Filename=winsnav.vbs
49161. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
49162. Source=Paul Collins Startup list
49163.  
49164. [NAV Agent]
49165. Number=6982
49166. Confirmed=X
49167. Filename=wmilib32.exe
49168. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>VB-XU</a> TROJAN!
49169. Source=Paul Collins Startup list
49170.  
49171. [NAV Auto Prot]
49172. Number=6983
49173. Confirmed=X
49174. Filename=navprot1.exe
49175. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZAC" target="_blank">RBOT.ZAC</a> WORM!
49176. Source=Paul Collins Startup list
49177.  
49178. [NAV Auto Protect]
49179. Number=6984
49180. Confirmed=X
49181. Filename=msfwe1.exe
49182. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
49183. Source=Paul Collins Startup list
49184.  
49185. [NAV Auto Protect]
49186. Number=6985
49187. Confirmed=X
49188. Filename=navprotect.exe
49189. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
49190. Source=Paul Collins Startup list
49191.  
49192. [NAV Auto Protect]
49193. Number=6986
49194. Confirmed=X
49195. Filename=dnsserv.exe
49196. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
49197. Source=Paul Collins Startup list
49198.  
49199. [NAV Auto Protect]
49200. Number=6987
49201. Confirmed=X
49202. Filename=mcafee32.exe
49203. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
49204. Source=Paul Collins Startup list
49205.  
49206. [NAV Auto Update]
49207. Number=6988
49208. Confirmed=X
49209. Filename=Navautoupdate.exe
49210. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
49211. Source=Paul Collins Startup list
49212.  
49213. [NAV Auto Updates]
49214. Number=6989
49215. Confirmed=X
49216. Filename=csrssp.exe
49217. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
49218. Source=Paul Collins Startup list
49219.  
49220. [NAV Auto Updates]
49221. Number=6990
49222. Confirmed=X
49223. Filename=navwindows.exe
49224. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
49225. Source=Paul Collins Startup list
49226.  
49227. [NAV Auto Updates]
49228. Number=6991
49229. Confirmed=X
49230. Filename=slserves.exe
49231. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
49232. Source=Paul Collins Startup list
49233.  
49234. [NAV Auto Updates]
49235. Number=6992
49236. Confirmed=X
49237. Filename=navupdaters.exe
49238. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotun.html" target=_blank>RBOT-UN</a> WORM!
49239. Source=Paul Collins Startup list
49240.  
49241. [NAV Auto Updates]
49242. Number=6993
49243. Confirmed=X
49244. Filename=navupdaterx.exe
49245. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
49246. Source=Paul Collins Startup list
49247.  
49248. [NAV CfgWiz]
49249. Number=6994
49250. Confirmed=N
49251. Filename=cfgwiz.exe
49252. Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
49253. Source=Paul Collins Startup list
49254.  
49255. [NAV Configuration Wizard]
49256. Number=6995
49257. Confirmed=N
49258. Filename=cfgwiz.exe
49259. Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
49260. Source=Paul Collins Startup list
49261.  
49262. [NAV DefAlert]
49263. Number=6996
49264. Confirmed=U
49265. Filename=DefAlert.exe
49266. Description=Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
49267. Source=Paul Collins Startup list
49268.  
49269. [NAV Live Update]
49270. Number=6997
49271. Confirmed=X
49272. Filename=[path to worm]
49273. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050118-3243-99" target="_blank">DEBORMS.C</a> WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
49274. Source=Paul Collins Startup list
49275.  
49276. [NAV Scan Service]
49277. Number=6998
49278. Confirmed=X
49279. Filename=NAVSCAN32.EXE
49280. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG" target="_blank">SDBOT.VG</a> WORM!
49281. Source=Paul Collins Startup list
49282.  
49283. [NavAgent32]
49284. Number=6999
49285. Confirmed=X
49286. Filename=lasvr32.exe
49287. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071515-5912-99" target="_blank">FEMOT.D</a> WORM!
49288. Source=Paul Collins Startup list
49289.  
49290. [NavAgent32]
49291. Number=7000
49292. Confirmed=X
49293. Filename=SCardSvr32.Exe
49294. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
49295. Source=Paul Collins Startup list
49296.  
49297. [navapp]
49298. Number=7001
49299. Confirmed=X
49300. Filename=navapp.exe
49301. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074928" target="_blank">NavExcel</a> adware variant
49302.  
49303. Source=Paul Collins Startup list
49304.  
49305. [navapw32]
49306. Number=7002
49307. Confirmed=Y
49308. Filename=navapw32.exe
49309. Description=Norton Anti-Virus's background scanning process 
49310. Source=Paul Collins Startup list
49311.  
49312. [NAVCheck]
49313. Number=7003
49314. Confirmed=X
49315. Filename=navchk.exe
49316. Description=Premium rate adult content dialer
49317. Source=Paul Collins Startup list
49318.  
49319. [NAVCheck]
49320. Number=7004
49321. Confirmed=X
49322. Filename=shman.exe
49323. Description=Premium rate adult content dialer
49324. Source=Paul Collins Startup list
49325.  
49326. [Naviscope]
49327. Number=7005
49328. Confirmed=U
49329. Filename=naviscope.exe
49330. Description=<a href="http://naviscope.com/" target="_blank">Naviscope</a> is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
49331. Source=Paul Collins Startup list
49332.  
49333. [NaviSearch]
49334. Number=7006
49335. Confirmed=X
49336. Filename=nls.exe
49337. Description=NaviSearch, eXact Advertising variant
49338. Source=Paul Collins Startup list
49339.  
49340. [NavLoad]
49341. Number=7007
49342. Confirmed=N
49343. Filename=NAVBrowser.exe
49344. Description=Registration reminder for CorelDRAW 10
49345. Source=Paul Collins Startup list
49346.  
49347. [navman_20]
49348. Number=7008
49349. Confirmed=X
49350. Filename=sysnav32.exe
49351. Description=Hijacker, possibly a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
49352. Source=Paul Collins Startup list
49353.  
49354. [NAVMD25]
49355. Number=7009
49356. Confirmed=?
49357. Filename=UpdtNv28.exe
49358. Description=Added by Symantec for updating the MicroDefs for their AV products - <font color=#FF0000>is it required?</font>
49359.  
49360. Source=Paul Collins Startup list
49361.  
49362. [NAVNet]
49363. Number=7010
49364. Confirmed=X
49365. Filename=***.tmp [* = random digit]
49366. Description=Unidentified adware
49367. Source=Paul Collins Startup list
49368.  
49369. [navp.exe]
49370. Number=7011
49371. Confirmed=X
49372. Filename=navp.exe
49373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotoe.html" target=_blank>AGOBOT-OE</a> WORM!
49374. Source=Paul Collins Startup list
49375.  
49376. [NavPass]
49377. Number=7012
49378. Confirmed=X
49379. Filename=NavPass.exe
49380. Description=Free system for gaining access to and downloading from adult content web-sites
49381. Source=Paul Collins Startup list
49382.  
49383. [NavScan]
49384. Number=7013
49385. Confirmed=X
49386. Filename=[filename]
49387. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102917-0924-99" target="_blank">OBSORB</a> TROJAN!
49388. Source=Paul Collins Startup list
49389.  
49390. [NAVSCAN32.EXE]
49391. Number=7014
49392. Confirmed=X
49393. Filename=NAVSCAN32.exe
49394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdo.html" target=_blank>SDBOT-DO</a> WORM!
49395. Source=Paul Collins Startup list
49396.  
49397. [NAVSCANNER32]
49398. Number=7015
49399. Confirmed=X
49400. Filename=NAVSCANNER32.EXE
49401. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC" target="_blank">RBOT.QC</a> WORM!
49402. Source=Paul Collins Startup list
49403.  
49404. [NAVUpd]
49405. Number=7016
49406. Confirmed=X
49407. Filename=rundll32.exe navupd.dll, Startup
49408. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082117-0007-99" target="_blank">NAVU</a> TROJAN!
49409. Source=Paul Collins Startup list
49410.  
49411. [NAV_Update]
49412. Number=7017
49413. Confirmed=X
49414. Filename=NAV_Update.exe
49415. Description=Unidentified WORM or TROJAN!
49416. Source=Paul Collins Startup list
49417.  
49418. [nawadll32]
49419. Number=7018
49420. Confirmed=X
49421. Filename=nawadll32.exe
49422. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzi.html" target=_blank>SDBOT-ZI</a> WORM!
49423. Source=Paul Collins Startup list
49424.  
49425. [nawdll32]
49426. Number=7019
49427. Confirmed=X
49428. Filename=nawdll32.exe
49429. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html" target=_blank>SDBOT-ZM</a> WORM!
49430. Source=Paul Collins Startup list
49431.  
49432. [NB Common Dialog Enhancements]
49433. Number=7020
49434. Confirmed=N
49435. Filename=COMDLGEX.EXE
49436. Description=Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
49437. Source=Paul Collins Startup list
49438.  
49439. [NB Start Menu]
49440. Number=7021
49441. Confirmed=N
49442. Filename=STARTM.EXE
49443. Description=Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B
49444. Source=Paul Collins Startup list
49445.  
49446. [NB Windows Patterns]
49447. Number=7022
49448. Confirmed=N
49449. Filename=WINDBKGND.EXE
49450. Description=Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
49451. Source=Paul Collins Startup list
49452.  
49453. [NBJ]
49454. Number=7023
49455. Confirmed=U
49456. Filename=NBJ.exe
49457. Description=Ahead Nero BackItUp - backup program. Only required for if you have scheduled back-ups
49458. Source=Paul Collins Startup list
49459.  
49460. [NbkCtrl]
49461. Number=7024
49462. Confirmed=U
49463. Filename=NbkCtrl.exe
49464. Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
49465. Source=Paul Collins Startup list
49466.  
49467. [NBKeyScan]
49468. Number=7025
49469. Confirmed=U
49470. Filename=NBKeyScan.exe
49471. Description=This tool comes with a special version of <a href="http://www.nero.com/nero7/eng/Nero_BackItUp_2.html" target="_blank">Nero BackItUp</a> for some external harddisks. Controls two buttons on the drive - one button power off the drive and the other directly calls Nero BackItUp to make a quick backup
49472. Source=Paul Collins Startup list
49473.  
49474. [NBT System alias]
49475. Number=7026
49476. Confirmed=X
49477. Filename=[path] repcale.exe [path] beird.exe
49478. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
49479. Source=Paul Collins Startup list
49480.  
49481. [nbustrce1D]
49482. Number=7027
49483. Confirmed=?
49484. Filename=nbustrce1D.exe
49485. Description=Device driver, possibly CD/DVD - <font color="#FF0000">what exactly is it and is it required in startup?</font>
49486. Source=Paul Collins Startup list
49487.  
49488. [NC1565]
49489. Number=7028
49490. Confirmed=X
49491. Filename=winntsrv -l -p10001 -d -e cmd.exe -L
49492. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsnewleya.html" target=_blank>NEWLEY-A</a> WORM!
49493. Source=Paul Collins Startup list
49494.  
49495. [Ncao]
49496. Number=7029
49497. Confirmed=X
49498. Filename=osoa.exe
49499. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
49500. Source=Paul Collins Startup list
49501.  
49502. [Ncao]
49503. Number=7030
49504. Confirmed=X
49505. Filename=urpo.exe
49506. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target=_blank>PurityScan/Clickspring</a> adware
49507. Source=Paul Collins Startup list
49508.  
49509. [NCClient]
49510. Number=7031
49511. Confirmed=?
49512. Filename=N/A
49513. Description=<font color="#FF0000">??</font>
49514. Source=Paul Collins Startup list
49515.  
49516. [NCD]
49517. Number=7032
49518. Confirmed=N
49519. Filename=ncd.exe
49520. Description=Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
49521. Source=Paul Collins Startup list
49522.  
49523. [NCLAUNCH]
49524. Number=7033
49525. Confirmed=?
49526. Filename=NCLAUNCH.exe
49527. Description=Part of SWF Studio from <a href="http://www.northcode.com/index.php" target="_blank">Northcode Inc.</a> - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. <font color="#FF0000">Is it required?</font>
49528. Source=Paul Collins Startup list
49529.  
49530. [nClient]
49531. Number=7034
49532. Confirmed=X
49533. Filename=cnen.exe
49534. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotal.html" target="_blank">DELBOT-AL</a> WORM!
49535. Source=Paul Collins Startup list
49536.  
49537. [NCS_SS]
49538. Number=7035
49539. Confirmed=N
49540. Filename=Csinsm32.exe
49541. Description=Same as CleanSweep Smart Sweep-Internet Sweep
49542. Source=Paul Collins Startup list
49543.  
49544. [NDAv]
49545. Number=7036
49546. Confirmed=X
49547. Filename=csnss.exe
49548. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
49549. Source=Paul Collins Startup list
49550.  
49551. [NDAv]
49552. Number=7037
49553. Confirmed=X
49554. Filename=svhost.exe
49555. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
49556. Source=Paul Collins Startup list
49557.  
49558. [NDDEAGNT]
49559. Number=7038
49560. Confirmed=?
49561. Filename=NDDEAGNT.EXE
49562. Description=WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
49563. Source=Paul Collins Startup list
49564.  
49565. [NDIS Adapter]
49566. Number=7039
49567. Confirmed=X
49568. Filename=ndis.exe
49569. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VF&VSect=T" target="_blank">SDBOT.VF</a> WORM!
49570. Source=Paul Collins Startup list
49571.  
49572. [NDIS Adapter]
49573. Number=7040
49574. Confirmed=X
49575. Filename=windows.exe
49576. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbr.html" target=_blank>FORBOT-BR</a> WORM!
49577.  
49578. Source=Paul Collins Startup list
49579.  
49580. [NDIS Adapter]
49581. Number=7041
49582. Confirmed=X
49583. Filename=lsass2.exe
49584. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CW&VSect=P" target=_blank>WOOTBOT.CW</a> WORM!
49585. Source=Paul Collins Startup list
49586.  
49587. [NDIS Adapter]
49588. Number=7042
49589. Confirmed=X
49590. Filename=servenxpp.exe
49591. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgp.html" target= blank>FORBOT-GP</a> WORM!
49592. Source=Paul Collins Startup list
49593.  
49594. [ndlhosta]
49595. Number=7043
49596. Confirmed=X
49597. Filename=uiremsyl.exe
49598. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
49599. Source=Paul Collins Startup list
49600.  
49601. [Ndpldaemon]
49602. Number=7044
49603. Confirmed=X
49604. Filename=[path to trojan]
49605. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html" target=_blank>RPCSDBOT-A</a> TROJAN!
49606. Source=Paul Collins Startup list
49607.  
49608. [NDplDeamon]
49609. Number=7045
49610. Confirmed=X
49611. Filename=nstask32.exe
49612. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target="_blank">RANDEX.E</a> WORM!
49613. Source=Paul Collins Startup list
49614.  
49615. [NDplDeamon]
49616. Number=7046
49617. Confirmed=X
49618. Filename=winlogin.exe
49619. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target="_blank">RANDEX.E</a> WORM!
49620. Source=Paul Collins Startup list
49621.  
49622. [NDPS]
49623. Number=7047
49624. Confirmed=U
49625. Filename=DPMW32.EXE
49626. Description=Novell Distributed Printer Services - part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client and <a href="http://www.novell.com/products/groupwise/" target="_blank"> Groupwise</a> products. Not required if you don't use this feature
49627. Source=Paul Collins Startup list
49628.  
49629. [NDrv]
49630. Number=7048
49631. Confirmed=X
49632. Filename=NDrv.exe
49633. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
49634. Source=Paul Collins Startup list
49635.  
49636. [NDSTray]
49637. Number=7049
49638. Confirmed=U
49639. Filename=NDSTray.exe
49640. Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
49641. Source=Paul Collins Startup list
49642.  
49643. [NDSTray.exe]
49644. Number=7050
49645. Confirmed=U
49646. Filename=NDSTray.exe
49647. Description=ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have
49648. Source=Paul Collins Startup list
49649.  
49650. [Ndtstat]
49651. Number=7051
49652. Confirmed=X
49653. Filename=Ndtstat.exe
49654. Description=Added by a variant of the BANLOAD family of TROJANS!
49655. Source=Paul Collins Startup list
49656.  
49657. [Necbar]
49658. Number=7052
49659. Confirmed=N
49660. Filename=Necbar.exe
49661. Description=Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
49662. Source=Paul Collins Startup list
49663.  
49664. [NECMFK]
49665. Number=7053
49666. Confirmed=Y
49667. Filename=necmfk.exe
49668. Description=NEC wireless keyboard driver
49669. Source=Paul Collins Startup list
49670.  
49671. [Necutray]
49672. Number=7054
49673. Confirmed=U
49674. Filename=Necutray.exe
49675. Description=Driver for external USB storage devices (hard drives, flsh disks, etc)
49676. Source=Paul Collins Startup list
49677.  
49678. [neqprvfy.exe]
49679. Number=7055
49680. Confirmed=?
49681. Filename=neqprvfy.exe
49682. Description=<font color="#FF0000">Appears to be related to the downloading of some application - possibly verifying updates?</font>
49683. Source=Paul Collins Startup list
49684.  
49685. [Nero]
49686. Number=7056
49687. Confirmed=X
49688. Filename=shch.exe
49689. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
49690. Source=Paul Collins Startup list
49691.  
49692. [Nero Checker]
49693. Number=7057
49694. Confirmed=X
49695. Filename=nerocheck.exe
49696. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyx.html" target=_blank>PROXY-X</a> TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software
49697. Source=Paul Collins Startup list
49698.  
49699. [Nero DriveSpeed]
49700. Number=7058
49701. Confirmed=N
49702. Filename=DRIVESPEED.EXE
49703. Description=Ahead <a href="http://www.nero.com/nero7/eng/Nero_Toolkit_Features.html" target=_blank>Nero DriveSpeed</a> - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives
49704.  
49705. Source=Paul Collins Startup list
49706.  
49707. [Nero Updater.6.12]
49708. Number=7059
49709. Confirmed=X
49710. Filename=wmp9.exe
49711. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaag.html" target=_blank>AGOBOT-AAG</a> WORM!
49712. Source=Paul Collins Startup list
49713.  
49714. [Nero.ma]
49715. Number=7060
49716. Confirmed=X
49717. Filename=***.exe [*** = 2 to 3 digits]
49718. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090509-3811-99" target="_blank">JONBARR.D</a> WORM!
49719. Source=Paul Collins Startup list
49720.  
49721. [NeroAutoStartClient]
49722. Number=7061
49723. Confirmed=X
49724. Filename=NeroASM.exe
49725. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T" target=_blank>AGOBOT.VG</a> WORM!
49726. Source=Paul Collins Startup list
49727.  
49728. [NeroCheck]
49729. Number=7062
49730. Confirmed=U
49731. Filename=nerocheck.exe
49732. Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
49733. Source=Paul Collins Startup list
49734.  
49735. [NeroCheck]
49736. Number=7063
49737. Confirmed=X
49738. Filename=regedit.exe
49739. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021110-1955-99" target=_blank>DOOMJUICE.B</a> WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
49740. Source=Paul Collins Startup list
49741.  
49742. [NeroFil]
49743. Number=7064
49744. Confirmed=X
49745. Filename=NeroFil.EXE
49746. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47970" target="_blank">RBOT.EAM</a> TROJAN!
49747. Source=Paul Collins Startup list
49748.  
49749. [NeroFilterCheck]
49750. Number=7065
49751. Confirmed=U
49752. Filename=NeroCheck.exe
49753. Description=Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
49754. Source=Paul Collins Startup list
49755.  
49756. [NeroHomeFirstStart]
49757. Number=7066
49758. Confirmed=U
49759. Filename=NMFirstStart.exe
49760. Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">clicking here</a>
49761. Source=Paul Collins Startup list
49762.  
49763. [NeroLoader]
49764. Number=7067
49765. Confirmed=X
49766. Filename=NeroLoader.exe
49767. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanej.html" target=_blank>BANCBAN-EJ</a> TROJAN!
49768. Source=Paul Collins Startup list
49769.  
49770. [NeroNETTrayIcon]
49771. Number=7068
49772. Confirmed=N
49773. Filename=NNServiceCtrl.exe
49774. Description=System tray access to <a href="http://www.nero.com/us/631898255953125.html" target="_blank">NeroNET</a> - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
49775. Source=Paul Collins Startup list
49776.  
49777. [NeroUpdater6.8]
49778. Number=7069
49779. Confirmed=X
49780. Filename=winjava.exe
49781. Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AMK" target=_blank>AGOBOT.AMK</a> WORM!
49782. Source=Paul Collins Startup list
49783.  
49784. [Net]
49785. Number=7070
49786. Confirmed=X
49787. Filename=WINREG.EXE
49788. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-123011-0304-99" target="_blank">ASSASIN.D</a> TROJAN!
49789. Source=Paul Collins Startup list
49790.  
49791. [Net Accelerator]
49792. Number=7071
49793. Confirmed=U
49794. Filename=NetAccelerator.exe
49795. Description=<a href="http://www.rizalsoftware.com/" target="_blank">Rizal</a> NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
49796. Source=Paul Collins Startup list
49797.  
49798. [Net Activity Diagram]
49799. Number=7072
49800. Confirmed=U
49801. Filename=nad.exe
49802. Description=<a href="http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=20" target="_blank">Net Activity Diagram</a> from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs
49803. Source=Paul Collins Startup list
49804.  
49805. [NET Bios Stats]
49806. Number=7073
49807. Confirmed=X
49808. Filename=ntbstats.exe
49809. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzx.html" target=_blank>SDBOT-ZX</a> WORM!
49810. Source=Paul Collins Startup list
49811.  
49812. [NET DEMON]
49813. Number=7074
49814. Confirmed=X
49815. Filename=ndemon.exe
49816. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotla.html" target="_blank">AGOBOT-LA</a> WORM!
49817. Source=Paul Collins Startup list
49818.  
49819. [Net iD]
49820. Number=7075
49821. Confirmed=U
49822. Filename=iid.exe
49823. Description="With the <a href="http://www.netmaker-cg.com/" target="_blank">Net_iD</a> program,  you can easily and securely logon with a smart card into a domain, a virtual private network (VPN) or in Citrix and Terminal Server environments"
49824. Source=Paul Collins Startup list
49825.  
49826. [Net**.exe [* = random char]]
49827. Number=7076
49828. Confirmed=X
49829. Filename=Net**.exe [* = random char]
49830. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
49831. Source=Paul Collins Startup list
49832.  
49833. [Net**32.exe [* = random char]]
49834. Number=7077
49835. Confirmed=X
49836. Filename=Net**32.exe [* = random char]
49837. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
49838. Source=Paul Collins Startup list
49839.  
49840. [Net-It Launcher]
49841. Number=7078
49842. Confirmed=N
49843. Filename=NILaunch.exe
49844. Description=<a href="http://www.net-it.com/" target="_blank">Net-It</a> - web publishing software
49845. Source=Paul Collins Startup list
49846.  
49847. [NetAccelerator]
49848. Number=7079
49849. Confirmed=U
49850. Filename=NetAccel.exe
49851. Description=<a href="http://www.netaccelerator.net/" target="_blank">NetAccelerator</a> is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
49852. Source=Paul Collins Startup list
49853.  
49854. [NetAdm7]
49855. Number=7080
49856. Confirmed=X
49857. Filename=NETADM7.EXE
49858. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031617-3734-99" target="_blank">BANCOS.F</a> TROJAN!
49859. Source=Paul Collins Startup list
49860.  
49861. [Netapi]
49862. Number=7081
49863. Confirmed=X
49864. Filename=Netapi.exe
49865. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.14" target="_blank">NETDEVIL.14</a> TROJAN!
49866. Source=Paul Collins Startup list
49867.  
49868. [netapi32]
49869. Number=7082
49870. Confirmed=X
49871. Filename=netapi32.exe
49872. Description=Added by an unidentified TROJAN!
49873. Source=Paul Collins Startup list
49874.  
49875. [NetApp]
49876. Number=7083
49877. Confirmed=X
49878. Filename=winserv.exe
49879. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SHADOWTHIEF" target="_blank">SHADOWTHIEF</a> TROJAN!
49880. Source=Paul Collins Startup list
49881.  
49882. [Netbeans]
49883. Number=7084
49884. Confirmed=X
49885. Filename=netbeans.exe
49886. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotr.html" target="_blank">DELBOT-R</a> WORM!
49887. Source=Paul Collins Startup list
49888.  
49889. [Netbios Helper]
49890. Number=7085
49891. Confirmed=X
49892. Filename=nbthlp.exe
49893. Description=Added by the <a href="http://vil.nai.com/vil/content/v_134470.htm" target=_blank>BANKER.Y</a> TROJAN!
49894. Source=Paul Collins Startup list
49895.  
49896. [NetBiosSrvc]
49897. Number=7086
49898. Confirmed=X
49899. Filename=HPSrvPrt.exe
49900. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcol.html" target="_blank">SDBOT-COL</a> WORM!
49901. Source=Paul Collins Startup list
49902.  
49903. [netconfig]
49904. Number=7087
49905. Confirmed=X
49906. Filename=netconfig.exe
49907. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4090" target="_blank">NETWARE</a> TROJAN!
49908. Source=Paul Collins Startup list
49909.  
49910. [NetCruiser Dialer]
49911. Number=7088
49912. Confirmed=U
49913. Filename=NCDialer.exe
49914. Description=<a href="http://www.netcruiser-software.com/products.html" target="_blank">NetCruiser Dialer</a> from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"
49915. Source=Paul Collins Startup list
49916.  
49917. [netdaemon]
49918. Number=7089
49919. Confirmed=X
49920. Filename=netdaemon /v
49921. Description=Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
49922. Source=Paul Collins Startup list
49923.  
49924. [netdll32]
49925. Number=7090
49926. Confirmed=X
49927. Filename=netdll32.exe
49928. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
49929. Source=Paul Collins Startup list
49930.  
49931. [netdllex]
49932. Number=7091
49933. Confirmed=X
49934. Filename=netdllex.Exe
49935. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
49936. Source=Paul Collins Startup list
49937.  
49938. [NetDy]
49939. Number=7092
49940. Confirmed=X
49941. Filename=VisualGuard.exe
49942. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031613-2027-99" target="_blank">NETSKY.N</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041612-2421-99" target="_blank">NETSKY.W</a> WORMS!
49943. Source=Paul Collins Startup list
49944.  
49945. [NETFP32.EXE]
49946. Number=7093
49947. Confirmed=X
49948. Filename=NETFP32.EXE
49949. Description=Added by the AGENT.CD TROJAN!
49950. Source=Paul Collins Startup list
49951.  
49952. [netfxupdate]
49953. Number=7094
49954. Confirmed=?
49955. Filename=netfxupdate.exe
49956. Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but other sources suggest it could be a trojan</font>
49957. Source=Paul Collins Startup list
49958.  
49959. [NetFxUpdate_v1.0.3705]
49960. Number=7095
49961. Confirmed=?
49962. Filename=netfxupdate.exe
49963. Description=<font color="#FF0000">Would appear to be a valid Microsoft .NET file (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;827801" target="_blank">here</a>) but other sources suggest it could be a trojan</font>
49964. Source=Paul Collins Startup list
49965.  
49966. [NETGEAR WG111T Smart Wizard]
49967. Number=7096
49968. Confirmed=U
49969. Filename=wlan111t.exe
49970. Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/SuperGWirelessAdapters/WG111T.aspx" target="_blank">WG111T</a> multi-rate Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
49971. Source=Paul Collins Startup list
49972.  
49973. [NetGuard]
49974. Number=7097
49975. Confirmed=U
49976. Filename=NetGuard.exe
49977. Description=FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor
49978. Source=Paul Collins Startup list
49979.  
49980. [nethost.exe]
49981. Number=7098
49982. Confirmed=X
49983. Filename=[path to file]
49984. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdaj.html" target=_blank>PERDA-J</a> TROJAN!
49985. Source=Paul Collins Startup list
49986.  
49987. [Netlimiter]
49988. Number=7099
49989. Confirmed=U
49990. Filename=Netlimiter.exe
49991. Description=<a href="http://www.netlimiter.com/" target="_blank">Netlimiter</a> - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
49992. Source=Paul Collins Startup list
49993.  
49994. [Netline User]
49995. Number=7100
49996. Confirmed=N
49997. Filename=netchk.exe
49998. Description=Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
49999. Source=Paul Collins Startup list
50000.  
50001. [NetLink]
50002. Number=7101
50003. Confirmed=X
50004. Filename=netlink32.exe
50005. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040712-2418-99" target="_blank">GAOBOT.WO</a> WORM!
50006. Source=Paul Collins Startup list
50007.  
50008. [NetLogon]
50009. Number=7102
50010. Confirmed=X
50011. Filename=userint.exe
50012. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbc.html" target=_blank>SDBOT-BC</a> WORM!
50013. Source=Paul Collins Startup list
50014.  
50015. [NetManageImport]
50016. Number=7103
50017. Confirmed=U
50018. Filename=nmcpdata.exe
50019. Description=<a href="http://www.netmanage.com/products/" target="_blank">NetManage</a> business software related
50020. Source=Paul Collins Startup list
50021.  
50022. [NetManagerService]
50023. Number=7104
50024. Confirmed=X
50025. Filename=ntss.exe
50026. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A" target="_blank">BESTPICS.A</a> TROJAN!
50027. Source=Paul Collins Startup list
50028.  
50029. [NetMeter]
50030. Number=7105
50031. Confirmed=X
50032. Filename=NetMeter.exe
50033. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
50034.  
50035. Source=Paul Collins Startup list
50036.  
50037. [NetMeter]
50038. Number=7106
50039. Confirmed=X
50040. Filename=NielsenOnline.exe
50041. Description=Appears to have possible Malware functions, for more information see <a href="http://www.file.net/process/nielsenonline.exe.html" target=_blank>here</a>
50042. Source=Paul Collins Startup list
50043.  
50044. [NetMon]
50045. Number=7107
50046. Confirmed=X
50047. Filename=netmon.exe
50048. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120314-2603-99" target="_blank">MIMAIL.M</a> WORM!
50049. Source=Paul Collins Startup list
50050.  
50051. [Netmonw]
50052. Number=7108
50053. Confirmed=X
50054. Filename=Netmonw.exe
50055. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorfx.html" target=_blank>BDOOR-FX</a> TROJAN!
50056. Source=Paul Collins Startup list
50057.  
50058. [netmsg]
50059. Number=7109
50060. Confirmed=U
50061. Filename=netmsg.exe
50062. Description=<a href="http://users.pandora.be/Grrrippp/" target=_blank>Net_Message</a> is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well
50063.  
50064. Source=Paul Collins Startup list
50065.  
50066. [NetPatrol]
50067. Number=7110
50068. Confirmed=U
50069. Filename=winclient.exe
50070. Description=<a href="http://www.digitalweb.com.br/netpatrol/" target="_blank">NetPatrol</a> network monitoring software
50071. Source=Paul Collins Startup list
50072.  
50073. [netpc32.exe]
50074. Number=7111
50075. Confirmed=X
50076. Filename=netpc32.exe
50077. Description=Malware, probably a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
50078. Source=Paul Collins Startup list
50079.  
50080. [NetPerSec]
50081. Number=7112
50082. Confirmed=N
50083. Filename=NetPerSec.exe
50084. Description=<a href="http://www.pcmag.com/article2/0,4149,1735,00.asp" target="_blank">NetPerSec</a> - measures the real-time speed of your Internet connection
50085. Source=Paul Collins Startup list
50086.  
50087. [NetPumper]
50088. Number=7113
50089. Confirmed=N
50090. Filename=NetPumperIEProxy.exe
50091. Description=<a href="http://www.netpumper.com/" target=_blank>NetPumper</a> download manager - bundles Cydoor and SaveNow adware, see <a href="http://www.kephyr.com/spywarescanner/library/netpumper/index.phtml" target=_blank>here</a>
50092. Source=Paul Collins Startup list
50093.  
50094. [NetReach]
50095. Number=7114
50096. Confirmed=X
50097. Filename=nrcheck.exe
50098. Description=Added by an unidentified VIRUS, WORM or TROJAN!
50099. Source=Paul Collins Startup list
50100.  
50101. [Netropa Internet Receiver]
50102. Number=7115
50103. Confirmed=X
50104. Filename=Netropa.exe
50105. Description=Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
50106. Source=Paul Collins Startup list
50107.  
50108. [NetRun]
50109. Number=7116
50110. Confirmed=U
50111. Filename=NetRun.exe
50112. Description=<a href="http://www.czarsoft.shorturl.com/" target="_blank">NetRun</a> - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
50113. Source=Paul Collins Startup list
50114.  
50115. [Netscape Messenger]
50116. Number=7117
50117. Confirmed=N
50118. Filename=NETSCAPE.EXE
50119. Description=In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
50120. Source=Paul Collins Startup list
50121.  
50122. [Netscp6]
50123. Number=7118
50124. Confirmed=N
50125. Filename=Netscp6.exe
50126. Description=Netscape 6
50127. Source=Paul Collins Startup list
50128.  
50129. [NetScreen-Remote]
50130. Number=7119
50131. Confirmed=U
50132. Filename=SafeCfg.exe
50133. Description=<a href="http://www.nscreensales.com/products/nsremote.php" target=_blank>NetScreen Remote</a> VPN client software
50134. Source=Paul Collins Startup list
50135.  
50136. [NetService]
50137. Number=7120
50138. Confirmed=X
50139. Filename=ntsvc.exe
50140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassdu.html" target=_blank>QQPASS-DU</a> TROJAN!
50141. Source=Paul Collins Startup list
50142.  
50143. [netservices]
50144. Number=7121
50145. Confirmed=X
50146. Filename=recall.exe
50147. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
50148. Source=Paul Collins Startup list
50149.  
50150. [netservices]
50151. Number=7122
50152. Confirmed=X
50153. Filename=svchostn.exe
50154. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.GI" target="_blank">SDBOT.GI</a> WORM!
50155. Source=Paul Collins Startup list
50156.  
50157. [NETServices]
50158. Number=7123
50159. Confirmed=X
50160. Filename=csxrs.exe
50161. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
50162. Source=Paul Collins Startup list
50163.  
50164. [NetShow Powerpoint Helper]
50165. Number=7124
50166. Confirmed=U
50167. Filename=NSPPTHLP.EXE
50168. Description=If disabled, user created fonts can no longer be seen by other programs
50169. Source=Paul Collins Startup list
50170.  
50171. [NetStart]
50172. Number=7125
50173. Confirmed=X
50174. Filename=svchost.exe
50175. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mkara.html" target=_blank>MKAR-A</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a NETSTART subfolder
50176. Source=Paul Collins Startup list
50177.  
50178. [NetStat Live]
50179. Number=7126
50180. Confirmed=N
50181. Filename=Nsl.exe
50182. Description=AnalogX <a href="http://www.analogx.com/contents/download/network/nsl.htm" target="_blank">NetStat Live</a> - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
50183. Source=Paul Collins Startup list
50184.  
50185. [netsv32]
50186. Number=7127
50187. Confirmed=X
50188. Filename=netsv32.exe
50189. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html" target="_blank">SDBOT-PX</a> WORM!
50190. Source=Paul Collins Startup list
50191.  
50192. [NettGain2000]
50193. Number=7128
50194. Confirmed=Y
50195. Filename=WgwMngr.exe
50196. Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
50197. Source=Paul Collins Startup list
50198.  
50199. [NettGain2000 Verifier]
50200. Number=7129
50201. Confirmed=Y
50202. Filename=NettGain2000 Verifier.exe
50203. Description=Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed
50204. Source=Paul Collins Startup list
50205.  
50206. [NetTime]
50207. Number=7130
50208. Confirmed=U
50209. Filename=NETTIME.EXE
50210. Description=From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."
50211. Source=Paul Collins Startup list
50212.  
50213. [NetTurbo]
50214. Number=7131
50215. Confirmed=U
50216. Filename=netturbo.exe
50217. Description=<a href="http://www.netturbo.com/" target="_blank">NetTurbo</a> from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled
50218. Source=Paul Collins Startup list
50219.  
50220. [Netunit32]
50221. Number=7132
50222. Confirmed=X
50223. Filename=wunit32.exe
50224. Description=Added by an unidentified WORM or TROJAN!
50225. Source=Paul Collins Startup list
50226.  
50227. [NETVISIONAdulti]
50228. Number=7133
50229. Confirmed=X
50230. Filename=[random filename]
50231. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-5031-99" target="_blank">Trafficadvance</a> dialer
50232. Source=Paul Collins Startup list
50233.  
50234. [NETVISIONPasse-partout]
50235. Number=7134
50236. Confirmed=X
50237. Filename=Passe-partout.exe
50238. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialdialcarm.html" target=_blank>DIALCAR-M</a> DIALER!
50239. Source=Paul Collins Startup list
50240.  
50241. [NetWatch32]
50242. Number=7135
50243. Confirmed=X
50244. Filename=netwatch.exe
50245. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103114-2352-99" target="_blank">MIMAIL.C</a> WORM!
50246. Source=Paul Collins Startup list
50247.  
50248. [Netword Agent]
50249. Number=7136
50250. Confirmed=N
50251. Filename=nwant33.exe
50252. Description=An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
50253. Source=Paul Collins Startup list
50254.  
50255. [NetWork]
50256. Number=7137
50257. Confirmed=X
50258. Filename=csrs.exe
50259. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JJ" target="_blank">AGOBOT.JJ</a> WORM!
50260. Source=Paul Collins Startup list
50261.  
50262. [Network Access]
50263. Number=7138
50264. Confirmed=X
50265. Filename=winssh.exe
50266. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
50267. Source=Paul Collins Startup list
50268.  
50269. [Network Administration]
50270. Number=7139
50271. Confirmed=X
50272. Filename=NAS.exe
50273. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082907-5935-99" target="_blank">ANTILAM.20.Q</a> TROJAN!
50274. Source=Paul Collins Startup list
50275.  
50276. [Network Administration Service]
50277. Number=7140
50278. Confirmed=X
50279. Filename=rsvc32.exe
50280. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH" target=_blank>RBOT.ABH</a> WORM!
50281. Source=Paul Collins Startup list
50282.  
50283. [Network Associates Error Reporting Service]
50284. Number=7141
50285. Confirmed=U
50286. Filename=TBMon.exe
50287. Description=Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
50288. Source=Paul Collins Startup list
50289.  
50290. [Network Connections]
50291. Number=7142
50292. Confirmed=X
50293. Filename=internat.exe
50294. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbzd.html" target=_blank>ZD</a> TROJAN!
50295. Source=Paul Collins Startup list
50296.  
50297. [network device driver]
50298. Number=7143
50299. Confirmed=X
50300. Filename=msfirewall.exe
50301. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
50302. Source=Paul Collins Startup list
50303.  
50304. [NetWork Device Switch]
50305. Number=7144
50306. Confirmed=U
50307. Filename=NetDevSW.exe
50308. Description=Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
50309. Source=Paul Collins Startup list
50310.  
50311. [Network Host Controller]
50312. Number=7145
50313. Confirmed=X
50314. Filename=[path to trojan]
50315. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-2255-99" target="_blank">WHISPER</a> TROJAN!
50316. Source=Paul Collins Startup list
50317.  
50318. [Network Host Service]
50319. Number=7146
50320. Confirmed=X
50321. Filename=msmnart32.exe
50322. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcjv.html" target=_blank>RBOT-CJV</a> WORM!
50323. Source=Paul Collins Startup list
50324.  
50325. [Network Host Service]
50326. Number=7147
50327. Confirmed=X
50328. Filename=[random]32.exe
50329. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbab.html" target=_blank>RBOT-BAB</a> WORM!
50330. Source=Paul Collins Startup list
50331.  
50332. [Network Protocol Service]
50333. Number=7148
50334. Confirmed=X
50335. Filename=wuamgrd.exe
50336. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EA" target="_blank">RBOT.EA</a> WORM!
50337. Source=Paul Collins Startup list
50338.  
50339. [Network protocol service]
50340. Number=7149
50341. Confirmed=X
50342. Filename=wintcp.exe
50343. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
50344.  
50345. Source=Paul Collins Startup list
50346.  
50347. [Network Security]
50348. Number=7150
50349. Confirmed=X
50350. Filename=secsvc.exe
50351. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalx.html" target=_blank>RBOT-ALX</a> WORM!
50352. Source=Paul Collins Startup list
50353.  
50354. [Network Security Guard]
50355. Number=7151
50356. Confirmed=X
50357. Filename=**********.exe [* = random char]
50358. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
50359. Source=Paul Collins Startup list
50360.  
50361. [Network Security Guard]
50362. Number=7152
50363. Confirmed=X
50364. Filename=[path to trojan]
50365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcolema.html" target=_blank>COLEM-A</a> TROJAN!
50366. Source=Paul Collins Startup list
50367.  
50368. [Network Service]
50369. Number=7153
50370. Confirmed=X
50371. Filename=svchost.exe
50372. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpacc.html" target=_blank>STARTPA-CC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
50373. Source=Paul Collins Startup list
50374.  
50375. [Network Service]
50376. Number=7154
50377. Confirmed=X
50378. Filename=svhost.exe
50379. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhacdefk.html" target=_blank>HACDEF-K</a> TROJAN!
50380. Source=Paul Collins Startup list
50381.  
50382. [Network Service]
50383. Number=7155
50384. Confirmed=X
50385. Filename=MccTrayApp.exe
50386. Description=Added by an unidentified WORM or TROJAN!
50387. Source=Paul Collins Startup list
50388.  
50389. [Network Service Manager]
50390. Number=7156
50391. Confirmed=X
50392. Filename=netsvc.exe
50393. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
50394. Source=Paul Collins Startup list
50395.  
50396. [Network Service Manager]
50397. Number=7157
50398. Confirmed=X
50399. Filename=netsvc.exe
50400. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
50401. Source=Paul Collins Startup list
50402.  
50403. [NetworkAssociates Inc]
50404. Number=7158
50405. Confirmed=X
50406. Filename=internet.exe
50407. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
50408. Source=Paul Collins Startup list
50409.  
50410. [NetworkClient]
50411. Number=7159
50412. Confirmed=X
50413. Filename=NetworkClient.exe
50414. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082106-5659-99" target="_blank">LEMUR</a> WORM!
50415. Source=Paul Collins Startup list
50416.  
50417. [NetworkKey]
50418. Number=7160
50419. Confirmed=X
50420. Filename=netkey.exe
50421. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotaj.html" target=_blank>IRCBOT-AJ</a> TROJAN!
50422. Source=Paul Collins Startup list
50423.  
50424. [Networks Configurator]
50425. Number=7161
50426. Confirmed=X
50427. Filename=NetConfs.exe
50428. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotox.html" target=_blank>RBOT-OX</a> WORM!
50429.  
50430. Source=Paul Collins Startup list
50431.  
50432. [Networks Controler]
50433. Number=7162
50434. Confirmed=X
50435. Filename=Netsis.exe
50436. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotng.html" target=_blank>RBOT-NG</a> WORM!
50437.  
50438. Source=Paul Collins Startup list
50439.  
50440. [NetworkSetup]
50441. Number=7163
50442. Confirmed=N
50443. Filename=dlink.exe
50444. Description=<a href="http://www.dlink.com/" target="_blank">D-Link</a> System Tray icon
50445. Source=Paul Collins Startup list
50446.  
50447. [Netzip Smart Downloader]
50448. Number=7164
50449. Confirmed=X
50450. Filename=npnzdad.exe
50451. Description=Advertising spyware
50452. Source=Paul Collins Startup list
50453.  
50454. [NetZIPFolders]
50455. Number=7165
50456. Confirmed=N
50457. Filename=nzfprop.exe
50458. Description=<a href="http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc" target="_blank">Netzip Classic</a> zip file manager
50459. Source=Paul Collins Startup list
50460.  
50461. [NeuroMedia(IESpeaker)]
50462. Number=7166
50463. Confirmed=X
50464. Filename=NeuroMedia.exe
50465. Description=Part of an older freeware version of <a href="http://www.neurospeech.com/Products/IESpeaker.aspx" target="_blank"> IESpeaker</a> - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
50466. Source=Paul Collins Startup list
50467.  
50468. [NeuroSpeech OESpeaker]
50469. Number=7167
50470. Confirmed=N
50471. Filename=OEMonitor.exe
50472. Description=Part of <a href="http://www.neurospeech.com/Products/IESpeaker.aspx" target="_blank">OESpeaker</a> - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
50473. Source=Paul Collins Startup list
50474.  
50475. [New Csnm Manager]
50476. Number=7168
50477. Confirmed=X
50478. Filename=csmn.exe
50479. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P" target=_blank>SDBOT.BZS</a> WORM!
50480. Source=Paul Collins Startup list
50481.  
50482. [New.net]
50483. Number=7169
50484. Confirmed=X
50485. Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
50486. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
50487. Source=Paul Collins Startup list
50488.  
50489. [New.net Startup]
50490. Number=7170
50491. Confirmed=X
50492. Filename=rundll32 [path], NewDotNetStartup -s
50493. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
50494. Source=Paul Collins Startup list
50495.  
50496. [NEWDOT~1]
50497. Number=7171
50498. Confirmed=X
50499. Filename=rundll32.exe NewDotNetStartup Newdot~2.exe
50500. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NewDotNet&threatid=9108" target="_blank">NewDotNet</a> foistware
50501. Source=Paul Collins Startup list
50502.  
50503. [Newman]
50504. Number=7172
50505. Confirmed=X
50506. Filename=playavi.exe
50507. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageat.html" target=_blank>LINEAGE-AT</a> TROJAN! Note - This trojan file is found in the Windows\java or Winnt\java folder
50508. Source=Paul Collins Startup list
50509.  
50510. [newname]
50511. Number=7173
50512. Confirmed=X
50513. Filename=[path to trojan]
50514. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html" target=_blank>DRSMARTL-S</a> TROJAN!
50515.  
50516. Source=Paul Collins Startup list
50517.  
50518. [News Service]
50519. Number=7174
50520. Confirmed=?
50521. Filename=ispnews.exe
50522. Description=<a href="http://www.f-secure.com/" target="_blank">F-Secure</a> antivirus related. <font color="#FF0000" target="_blank">However, is this particular item required?</font>
50523. Source=Paul Collins Startup list
50524.  
50525. [Newsalrt]
50526. Number=7175
50527. Confirmed=N
50528. Filename=NEWSALRT.EXE
50529. Description=MSNBC News system tray utility to alert you to new news
50530. Source=Paul Collins Startup list
50531.  
50532. [Newsgroup lptt01]
50533. Number=7176
50534. Confirmed=X
50535. Filename=newsgroup.exe
50536. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
50537. Source=Paul Collins Startup list
50538.  
50539. [Newsgroup ml097e]
50540. Number=7177
50541. Confirmed=X
50542. Filename=newsgroup.exe
50543. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "newsgroup" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
50544. Source=Paul Collins Startup list
50545.  
50546. [NewsUpd]
50547. Number=7178
50548. Confirmed=N
50549. Filename=newsupd.exe
50550. Description=For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see <a href="http://cexx.org/newsupd.htm" target="_blank">here</a>.
50551. Source=Paul Collins Startup list
50552.  
50553. [NewtonKnowsUpd]
50554. Number=7179
50555. Confirmed=X
50556. Filename=NewtKnow.exe ...NewtnUpd.dll, runkey
50557. Description=<a href="http://allentech.net/parasite/NewtonKnows.html" target="_blank">NewtonKnows</a> hijacker
50558.  
50559. Source=Paul Collins Startup list
50560.  
50561. [NexusServer]
50562. Number=7180
50563. Confirmed=U
50564. Filename=PNXSERVR.exe
50565. Description=Related to <a href="http://www.canopus.com/" target=_blank>ProCoder 2.0</a> from Canopus. "ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring, extensive input/output options, advanced filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the ideal solution for high-quality multi-format video creation"
50566.  
50567. Source=Paul Collins Startup list
50568.  
50569. [NFM Service]
50570. Number=7181
50571. Confirmed=U
50572. Filename=NPDOR9x.exe
50573. Description=Appears in startup if you have chosen to participate in on survey by <a href="http://www.npdor.com/" target="_blank"> NPD Online Research</a>. Required for the survey to work correctly. Otherwise not required
50574. Source=Paul Collins Startup list
50575.  
50576. [Nfo]
50577. Number=7182
50578. Confirmed=X
50579. Filename=nfomon.exe
50580. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
50581. Source=Paul Collins Startup list
50582.  
50583. [nForce Tray Options]
50584. Number=7183
50585. Confirmed=N
50586. Filename=sstray.exe
50587. Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
50588. Source=Paul Collins Startup list
50589.  
50590. [NGClient]
50591. Number=7184
50592. Confirmed=U
50593. Filename=ngctw32.exe
50594. Description=Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
50595. Source=Paul Collins Startup list
50596.  
50597. [ngpw36]
50598. Number=7185
50599. Confirmed=X
50600. Filename=ngpw36.exe
50601. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target=_blank>AdBlaster</a> adware variant
50602. Source=Paul Collins Startup list
50603.  
50604. [NGServer]
50605. Number=7186
50606. Confirmed=N
50607. Filename=ngserver.exe
50608. Description=Symantec/Norton Ghost Console service
50609. Source=Paul Collins Startup list
50610.  
50611. [NI.UERSM_0001_N68M1602]
50612. Number=7187
50613. Confirmed=N
50614. Filename=UERSM_0001_N68M1602NetInstaller.exe
50615. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99" target="_blank">ErrorSafe</a> security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
50616. Source=Paul Collins Startup list
50617.  
50618. [NI.UWA6P_0001_N56M1001]
50619. Number=7188
50620. Confirmed=X
50621. Filename=WinAntiVirusPro2006Installer.exe
50622. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/winantiviruspro2006installer/" target="_blank">here</a>
50623. Source=Paul Collins Startup list
50624.  
50625. [NI.UWA6P_0001_N69M0303]
50626. Number=7189
50627. Confirmed=U
50628. Filename=WinAntiVirusPro2006Installer[1].exe
50629. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/winantiviruspro2006installer/" target="_blank">here</a>
50630. Source=Paul Collins Startup list
50631.  
50632. [NI.UWA6P_0001_N73M1004]
50633. Number=7190
50634. Confirmed=N
50635. Filename=WinAntiVirusPro2006FreeInstall.exe
50636. Description=WinAntiVirus Pro 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
50637. Source=Paul Collins Startup list
50638.  
50639. [NI.UWA6P_0001_N91M1807]
50640. Number=7191
50641. Confirmed=N
50642. Filename=winantiviruspro2006freeinstall[1].exe
50643. Description=WinAntiVirus Pro 2006 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
50644. Source=Paul Collins Startup list
50645.  
50646. [NI.UWA7P_0001_N91M0809]
50647. Number=7192
50648. Confirmed=N
50649. Filename=winantiviruspro2007freeinstall[1].exe
50650. Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
50651. Source=Paul Collins Startup list
50652.  
50653. [NI.UWAS6_0001_N68M2301]
50654. Number=7193
50655. Confirmed=X
50656. Filename=UWAS6_0001_N68M2301NetInstaller.exe
50657. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target=_blank>here</a>
50658.  
50659. Source=Paul Collins Startup list
50660.  
50661. [NI.UWFX5]
50662. Number=7194
50663. Confirmed=X
50664. Filename=UWFX5NetInstaller.exe
50665. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/definition/uwfx5netinstaller/" target=_blank>here</a>
50666.  
50667. Source=Paul Collins Startup list
50668.  
50669. [NI.UWFX5T]
50670. Number=7195
50671. Confirmed=X
50672. Filename=UWFX5TNetInstaller.exe
50673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdownldrbo.html" target=_blank>DOWNLDR-BO</a> TROJAN!
50674. Source=Paul Collins Startup list
50675.  
50676. [NI.UWFX5[various]]
50677. Number=7196
50678. Confirmed=X
50679. Filename=[various filenames]
50680. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target=_blank>here</a>. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe
50681.  
50682. Source=Paul Collins Startup list
50683.  
50684. [NiceDownloads]
50685. Number=7197
50686. Confirmed=X
50687. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
50688. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914" target=_blank>MatrixDialer</a> related
50689. Source=Paul Collins Startup list
50690.  
50691. [Nielsen NetRatings]
50692. Number=7198
50693. Confirmed=X
50694. Filename=insight.exe
50695. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
50696. Source=Paul Collins Startup list
50697.  
50698. [NIHomeAM]
50699. Number=7199
50700. Confirmed=U
50701. Filename=LiteClientAM.exe
50702. Description=A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet. Made by <a href="http://www.netintelligence.com/" target=_blank>Netintelligence Ltd</a>
50703. Source=Paul Collins Startup list
50704.  
50705. [nikLaus]
50706. Number=7200
50707. Confirmed=X
50708. Filename=nikLaus.exe
50709. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080616-0728-99" target="_blank">NIKLAS</a> WORM!
50710. Source=Paul Collins Startup list
50711.  
50712. [NInit]
50713. Number=7201
50714. Confirmed=N
50715. Filename=NInit.exe
50716. Description=Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
50717. Source=Paul Collins Startup list
50718.  
50719. [nisserv]
50720. Number=7202
50721. Confirmed=Y
50722. Filename=NISSERV.EXE
50723. Description=Norton Personal Firewall
50724. Source=Paul Collins Startup list
50725.  
50726. [Nisum]
50727. Number=7203
50728. Confirmed=Y
50729. Filename=NISUM.EXE
50730. Description=Norton Personal Firewall
50731. Source=Paul Collins Startup list
50732.  
50733. [niSvcLoc]
50734. Number=7204
50735. Confirmed=U
50736. Filename=niSvcLoc.exe
50737. Description=Related to National Instruments Corp. <a href="http://www.ni.com/labview/" target=_blank>LabView</a>
50738. Source=Paul Collins Startup list
50739.  
50740. [NJG40]
50741. Number=7205
50742. Confirmed=X
50743. Filename=NJG40.EXE
50744. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122215-5815-99" target="_blank">BANCOS.D</a> TROJAN!
50745. Source=Paul Collins Startup list
50746.  
50747. [NkbMonitor]
50748. Number=7206
50749. Confirmed=N
50750. Filename=NkbMonitor.exe
50751. Description=Part of <a href="http://www.nikonimaging.com/global/products/software/pictureproject/index.htm" target=blank>Nikon PictureProject</a> - image management for Nikon digital cameras
50752. Source=Paul Collins Startup list
50753.  
50754. [NkvMon.exe]
50755. Number=7207
50756. Confirmed=N
50757. Filename=NkvMon.exe
50758. Description=Nikon View 5 - for transferring pictures from Nikon digital cameras
50759. Source=Paul Collins Startup list
50760.  
50761. [NkVwMon.exe]
50762. Number=7208
50763. Confirmed=N
50764. Filename=NkVwMon.exe
50765. Description=Nikon View - for transferring pictures from Nikon digital cameras
50766. Source=Paul Collins Startup list
50767.  
50768. [NliaClient]
50769. Number=7209
50770. Confirmed=U
50771. Filename=Netpia.exe
50772. Description=Netpia <a href="http://e.netpia.com/service/service01_02_01.asp" target="_blank">NLIA System</a> - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS"
50773. Source=Paul Collins Startup list
50774.  
50775. [NLS Keyboard]
50776. Number=7210
50777. Confirmed=X
50778. Filename=keyboard.exe
50779. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
50780. Source=Paul Collins Startup list
50781.  
50782. [NLS Monitor]
50783. Number=7211
50784. Confirmed=X
50785. Filename=nlsmon.exe
50786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxj.html" target=_blank>RBOT-AXJ</a> WORM!
50787. Source=Paul Collins Startup list
50788.  
50789. [nmapp]
50790. Number=7212
50791. Confirmed=U
50792. Filename=nmapp.exe
50793. Description=Pure Networks "<a href="http://www.networkmagic.com/" target="_blank">Network Magic</a> eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless"
50794. Source=Paul Collins Startup list
50795.  
50796. [NMBgMonitor]
50797. Number=7213
50798. Confirmed=U
50799. Filename=NMBgMonitor.exe
50800. Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www.help2go.com/Tutorials/Software_Utilities/Disable_Nero_Scout_in_Nero_7.html" target="_blank">clicking here</a>
50801. Source=Paul Collins Startup list
50802.  
50803. [NMFirstStart]
50804. Number=7214
50805. Confirmed=U
50806. Filename=NMFirstStart.exe
50807. Description=Associated with <a href="http://www.nero.com/nero7/eng/Nero_Scout.html" target="_blank">Nero Scout</a>, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58686" target="_blank">clicking here</a>
50808. Source=Paul Collins Startup list
50809.  
50810. [nmgr]
50811. Number=7215
50812. Confirmed=X
50813. Filename=nnmgr.exe
50814. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
50815. Source=Paul Collins Startup list
50816.  
50817. [NMSSvc]
50818. Number=7216
50819. Confirmed=?
50820. Filename=NMSSVC.EXE
50821. Description=NIC Management Service - diagnostics program for Intel Pro family network cards
50822. Source=Paul Collins Startup list
50823.  
50824. [NMSVC]
50825. Number=7217
50826. Confirmed=Y
50827. Filename=nmSvc.exe
50828. Description=<a href="http://www.covenanteyes.com/help_and_support/category/?c=20" target="_blank">Covenant Eyes</a> - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
50829. Source=Paul Collins Startup list
50830.  
50831. [nMTaskBarService]
50832. Number=7218
50833. Confirmed=?
50834. Filename=nMtsk.exe
50835. Description=Taskbar control for ISDN <a href="http://netmod.intracom.gr/" target=_blank>NetMod</a> modem. <font color="#FF0000">What does it do and is it required?</font>
50836. Source=Paul Collins Startup list
50837.  
50838. [NNLL]
50839. Number=7219
50840. Confirmed=U
50841. Filename=nnll.exe
50842. Description=<a href="http://www.netnanny.com/p/page?sb=product" target=_blank>Net Nanny</a> internet filter
50843.  
50844. Source=Paul Collins Startup list
50845.  
50846. [nnqcouu]
50847. Number=7220
50848. Confirmed=X
50849. Filename=nnqcouu.exe
50850. Description=<a href="http://www.geekstogo.com/forum/The_ABI_Network-t42642.html" target="_blank">The Abi Network</a> adware
50851. Source=Paul Collins Startup list
50852.  
50853. [NNSvc]
50854. Number=7221
50855. Confirmed=U
50856. Filename=nnsvc.exe
50857. Description=<a href="http://www.netnanny.com/p/page?sb=product" target="_blank">Net Nanny</a> internet filter
50858. Source=Paul Collins Startup list
50859.  
50860. [No Credit Card]
50861. Number=7222
50862. Confirmed=X
50863. Filename=plugin-[random].exe
50864. Description=Adult content pop-up dialler
50865. Source=Paul Collins Startup list
50866.  
50867. [No-IP DUC]
50868. Number=7223
50869. Confirmed=U
50870. Filename=DUC20.exe
50871. Description=Part of <a href="http://www.no-ip.com" target="_blank">http://www.no-ip.com</a> provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
50872. Source=Paul Collins Startup list
50873.  
50874. [NoAds]
50875. Number=7224
50876. Confirmed=U
50877. Filename=NoAds.exe
50878. Description=Blocks advertisement banners in Internet Explorer
50879. Source=Paul Collins Startup list
50880.  
50881. [NoAdware]
50882. Number=7225
50883. Confirmed=U
50884. Filename=NoAdware.exe
50885. Description=NoAdware - spyware remover. This version is not recommended - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
50886. Source=Paul Collins Startup list
50887.  
50888. [NoAdware3]
50889. Number=7226
50890. Confirmed=U
50891. Filename=NoAdware3.exe
50892. Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
50893. Source=Paul Collins Startup list
50894.  
50895. [NoAdware4]
50896. Number=7227
50897. Confirmed=U
50898. Filename=NoAdware4.exe
50899. Description=NoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note" target=_blank>here</a>
50900. Source=Paul Collins Startup list
50901.  
50902. [Nocana]
50903. Number=7228
50904. Confirmed=X
50905. Filename=[path to worm]
50906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32anaconb.html" target=_blank>ANACON-B</a> WORM!
50907. Source=Paul Collins Startup list
50908.  
50909. [NOD32 FiX]
50910. Number=7229
50911. Confirmed=X
50912. Filename=regedt32.exe
50913. Description=<a href="http://www.sophos.com/virusinfo/analyses/nodfix.html" target="_blank">NodFix</a> is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided
50914. Source=Paul Collins Startup list
50915.  
50916. [Nod32 Free antivirus]
50917. Number=7230
50918. Confirmed=X
50919. Filename=nod32krn.exe
50920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaao.html" target="_blank">RBOT-AAO</a> WORM! Note - not the popular free <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus software, which shares the same filename
50921. Source=Paul Collins Startup list
50922.  
50923. [Nod32 Service]
50924. Number=7231
50925. Confirmed=X
50926. Filename=nod64.exe
50927. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
50928. Source=Paul Collins Startup list
50929.  
50930. [Nod32 Service]
50931. Number=7232
50932. Confirmed=X
50933. Filename=alserv32.exe
50934. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DHN" target="_blank">RBOT.DHN</a> WORM!
50935. Source=Paul Collins Startup list
50936.  
50937. [Nod32CC]
50938. Number=7233
50939. Confirmed=U
50940. Filename=nod32cc.exe
50941. Description=Control Center part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
50942. Source=Paul Collins Startup list
50943.  
50944. [NOD32kernel]
50945. Number=7234
50946. Confirmed=Y
50947. Filename=Nod32krn.exe
50948. Description=<a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus
50949. Source=Paul Collins Startup list
50950.  
50951. [nod32kui]
50952. Number=7235
50953. Confirmed=Y
50954. Filename=nod32kui.exe
50955. Description=<a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> antivirus
50956. Source=Paul Collins Startup list
50957.  
50958. [NOD32POP3]
50959. Number=7236
50960. Confirmed=Y
50961. Filename=Pop3scan.exe
50962. Description=POP3 E-mail part of Eset's <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a> virus-scanner
50963. Source=Paul Collins Startup list
50964.  
50965. [Nod3d2 Free antivirus]
50966. Number=7237
50967. Confirmed=X
50968. Filename=N0D32KRN.EXE
50969. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabq.html" target= blank>RBOT-ABQ</a> WORM!
50970. Source=Paul Collins Startup list
50971.  
50972. [NodeMnger]
50973. Number=7238
50974. Confirmed=?
50975. Filename=Nodemngr.exe
50976. Description=<font color="#FF0000">Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?</font>
50977. Source=Paul Collins Startup list
50978.  
50979. [nodriver]
50980. Number=7239
50981. Confirmed=X
50982. Filename=AUEKXRZ.EXE
50983. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
50984. Source=Paul Collins Startup list
50985.  
50986. [Noha]
50987. Number=7240
50988. Confirmed=X
50989. Filename=aasd.exe
50990. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
50991. Source=Paul Collins Startup list
50992.  
50993. [Nokia Check]
50994. Number=7241
50995. Confirmed=X
50996. Filename=nokiacheck.exe
50997. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CDC" target="_blank">WORM_RBOT.CDC</a> WORM!
50998. Source=Paul Collins Startup list
50999.  
51000. [Nokia Connection Monitor]
51001. Number=7242
51002. Confirmed=N
51003. Filename=NclConf.exe
51004. Description=Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required
51005. Source=Paul Collins Startup list
51006.  
51007. [Nokia Tray Application]
51008. Number=7243
51009. Confirmed=U
51010. Filename=NclTray.exe
51011. Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
51012. Source=Paul Collins Startup list
51013.  
51014. [NOMAD Detector]
51015. Number=7244
51016. Confirmed=U
51017. Filename=ctnmrun.exe
51018. Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
51019. Source=Paul Collins Startup list
51020.  
51021. [NomdCheck]
51022. Number=7245
51023. Confirmed=N
51024. Filename=nomdchek.exe
51025. Description=Part of Intel's Native Audio
51026. Source=Paul Collins Startup list
51027.  
51028. [nomtray]
51029. Number=7246
51030. Confirmed=U
51031. Filename=nomtray.exe
51032. Description=System Tray access to NetMotion Wireless options - including connectivity status (see <a href="http://www.netmotionwireless.com/support/technotes/2140.asp" target=_blank>here</a>)
51033. Source=Paul Collins Startup list
51034.  
51035. [Nord]
51036. Number=7247
51037. Confirmed=X
51038. Filename=nordsys.exe
51039. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefs.html" target="_blank">DREF-S</a> WORM!
51040. Source=Paul Collins Startup list
51041.  
51042. [Norman ZANDA]
51043. Number=7248
51044. Confirmed=U
51045. Filename=ZLH.EXE
51046. Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
51047. Source=Paul Collins Startup list
51048.  
51049. [NortE Antivirus]
51050. Number=7249
51051. Confirmed=X
51052. Filename=norte.exe
51053. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQQ&VSect=P" target=_blank>RBOT.BQQ</a> WORM!
51054. Source=Paul Collins Startup list
51055.  
51056. [NortE Antivirus]
51057. Number=7250
51058. Confirmed=X
51059. Filename=norten.exe
51060. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaff.html" target=_blank>RBOT-AFF</a> WORM!
51061. Source=Paul Collins Startup list
51062.  
51063. [norten Software Intrenet]
51064. Number=7251
51065. Confirmed=X
51066. Filename=norten.pif
51067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawa.html" target=_blank>RBOT-AWA</a> WORM!
51068. Source=Paul Collins Startup list
51069.  
51070. [Norton Antiviral Scanner]
51071. Number=7252
51072. Confirmed=X
51073. Filename=navscnr.exe
51074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotk.html" target="_blank">DELBOT-K</a> WORM!
51075. Source=Paul Collins Startup list
51076.  
51077. [Norton Antivirus]
51078. Number=7253
51079. Confirmed=X
51080. Filename=nortonav.exe
51081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaye.html" target=_blank>RBOT-AYE</a> TROJAN! Note - this is not the real Norton AV!
51082. Source=Paul Collins Startup list
51083.  
51084. [Norton Antivirus 2004]
51085. Number=7254
51086. Confirmed=X
51087. Filename=SYMANTECAV2.EXE
51088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdy.html" target=_blank>SPYBOT-DY</a> WORM! Note - this is not the real Norton AV!
51089. Source=Paul Collins Startup list
51090.  
51091. [Norton Antivirus 7.0a]
51092. Number=7255
51093. Confirmed=X
51094. Filename=[path to file]
51095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdab.html" target=_blank>PERDA-B</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojranckct.html" target=_blank>RANCK-CT</a> TROJANS!
51096. Source=Paul Collins Startup list
51097.  
51098. [Norton Antivirus AV]
51099. Number=7256
51100. Confirmed=X
51101. Filename=FVProtect.exe
51102. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032110-4938-99" target="_blank">NETSKY.P</a> WORM! Note - this is not the popular AV software!
51103. Source=Paul Collins Startup list
51104.  
51105. [Norton AntiVirus Sys]
51106. Number=7257
51107. Confirmed=X
51108. Filename=NAVsys32.exe
51109. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
51110. Source=Paul Collins Startup list
51111.  
51112. [Norton Antivirus Updater]
51113. Number=7258
51114. Confirmed=X
51115. Filename=nortonav.exe
51116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbott.html" target="_blank">DELBOT-T</a> WORM! Note - this is not the real Norton AV!
51117. Source=Paul Collins Startup list
51118.  
51119. [Norton Auto Protect]
51120. Number=7259
51121. Confirmed=X
51122. Filename=nava.exe
51123. Description=Added by an unidentified WORM or TROJAN!
51124. Source=Paul Collins Startup list
51125.  
51126. [Norton Auto Protect]
51127. Number=7260
51128. Confirmed=X
51129. Filename=crss32.exe
51130. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ATF" target="_blank">SDBOT.ATF</a> WORM!
51131. Source=Paul Collins Startup list
51132.  
51133. [Norton Auto-Protect]
51134. Number=7261
51135. Confirmed=Y
51136. Filename=navapw32.exe
51137. Description=Norton Anti-Virus's background scanning process 
51138. Source=Paul Collins Startup list
51139.  
51140. [Norton Auto-Protect]
51141. Number=7262
51142. Confirmed=X
51143. Filename=ccApp.exe
51144. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021610-0732-99" target=_blank>AKHER.D</a> WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename
51145. Source=Paul Collins Startup list
51146.  
51147. [Norton Auto-Protect]
51148. Number=7263
51149. Confirmed=X
51150. Filename=SERVICES.exe
51151. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012611-2803-99" target=_blank>Ahker.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder. Also, this is not part of Norton AV
51152. Source=Paul Collins Startup list
51153.  
51154. [Norton AV Preload]
51155. Number=7264
51156. Confirmed=?
51157. Filename=Premend.exe
51158. Description=Norton Antivirus related. <font color="#FF0000"> What does it do and is it required</font>
51159. Source=Paul Collins Startup list
51160.  
51161. [Norton AV Protection Startup]
51162. Number=7265
51163. Confirmed=X
51164. Filename=Ati2xxx.exe
51165. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
51166. Source=Paul Collins Startup list
51167.  
51168. [Norton Crashguard Monitor]
51169. Number=7266
51170. Confirmed=N
51171. Filename=cgmenu.exe
51172. Description=Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
51173. Source=Paul Collins Startup list
51174.  
51175. [Norton Disk Doctor]
51176. Number=7267
51177. Confirmed=N
51178. Filename=Ndd32.exe
51179. Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
51180. Source=Paul Collins Startup list
51181.  
51182. [Norton Drive Protection]
51183. Number=7268
51184. Confirmed=X
51185. Filename=msdt32.exe
51186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgb.html" target=_blank>FORBOT-GB</a> WORM! Note - this not a valid Norton program!
51187. Source=Paul Collins Startup list
51188.  
51189. [Norton eMail Protect]
51190. Number=7269
51191. Confirmed=Y
51192. Filename=POPROXY.EXE
51193. Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
51194. Source=Paul Collins Startup list
51195.  
51196. [Norton Firewall]
51197. Number=7270
51198. Confirmed=X
51199. Filename=[path to trojan]
51200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeret.html" target=_blank>BANKER-ET</a> TROJAN!
51201. Source=Paul Collins Startup list
51202.  
51203. [Norton Ghost 9.0]
51204. Number=7271
51205. Confirmed=N
51206. Filename=GhostTray.exe
51207. Description=<a href="http://www.symantec.com/sabu/ghost/ghost_personal/" target=_blank>Norton Ghost</a> tray icon - the application can be launched manually
51208. Source=Paul Collins Startup list
51209.  
51210. [Norton Guard 32]
51211. Number=7272
51212. Confirmed=X
51213. Filename=ntguard32.exe
51214. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
51215. Source=Paul Collins Startup list
51216.  
51217. [Norton Live Update Server]
51218. Number=7273
51219. Confirmed=X
51220. Filename=cpsdv.exe
51221. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW" target="_blank">AGOBOT.EW</a> TROJAN!
51222. Source=Paul Collins Startup list
51223.  
51224. [Norton Live Updater]
51225. Number=7274
51226. Confirmed=X
51227. Filename=Cavapsvc.exe
51228. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
51229. Source=Paul Collins Startup list
51230.  
51231. [Norton Live Updater]
51232. Number=7275
51233. Confirmed=X
51234. Filename=Sochost.exe
51235. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
51236. Source=Paul Collins Startup list
51237.  
51238. [Norton Navigator Loader]
51239. Number=7276
51240. Confirmed=N
51241. Filename=nnloader.exe
51242. Description=An older Norton utility for file management under Windows 95. More information <a href="http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html" target="_blank">here</a>
51243. Source=Paul Collins Startup list
51244.  
51245. [Norton Personal Firewall]
51246. Number=7277
51247. Confirmed=X
51248. Filename=jah.exe
51249. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
51250. Source=Paul Collins Startup list
51251.  
51252. [Norton Personal Firewall]
51253. Number=7278
51254. Confirmed=X
51255. Filename=npfw.exe
51256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotui.html" target=_blank>RBOT-UI</a> WORM!
51257. Source=Paul Collins Startup list
51258.  
51259. [Norton Personal Firewall]
51260. Number=7279
51261. Confirmed=X
51262. Filename=lah.exe
51263. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
51264. Source=Paul Collins Startup list
51265.  
51266. [Norton Personal Firewall]
51267. Number=7280
51268. Confirmed=X
51269. Filename=npfw32.exe
51270. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuq.html" target=_blank>RBOT-UQ</a> WORM!
51271. Source=Paul Collins Startup list
51272.  
51273. [Norton Personal Firewall]
51274. Number=7281
51275. Confirmed=Y
51276. Filename=IntroWiz.exe
51277. Description=Part of Norton Personal Firewall or Norton Internet Security
51278. Source=Paul Collins Startup list
51279.  
51280. [Norton Program Scheduler]
51281. Number=7282
51282. Confirmed=U
51283. Filename=nsched32.exe
51284. Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
51285. Source=Paul Collins Startup list
51286.  
51287. [Norton Program Scheduler]
51288. Number=7283
51289. Confirmed=U
51290. Filename=NPSsvc.exe
51291. Description=Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
51292. Source=Paul Collins Startup list
51293.  
51294. [Norton Program Scheduler Event Checker]
51295. Number=7284
51296. Confirmed=?
51297. Filename=npscheck.exe
51298. Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker</font>
51299. Source=Paul Collins Startup list
51300.  
51301. [Norton Protect]
51302. Number=7285
51303. Confirmed=X
51304. Filename=npprotect.exe
51305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotww.html" target= blank>RBOT-WW</a> WORM!
51306. Source=Paul Collins Startup list
51307.  
51308. [Norton protect]
51309. Number=7286
51310. Confirmed=X
51311. Filename=nvsvc.exe
51312. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
51313. Source=Paul Collins Startup list
51314.  
51315. [Norton Protect Activies]
51316. Number=7287
51317. Confirmed=X
51318. Filename=csrss.exe
51319. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercz.html" target=_blank>BANKER-CZ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
51320. Source=Paul Collins Startup list
51321.  
51322. [Norton Service Driver]
51323. Number=7288
51324. Confirmed=X
51325. Filename=wsul.exe
51326. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabi.html" target= blank>RBOT-ABI</a> WORM!
51327. Source=Paul Collins Startup list
51328.  
51329. [Norton Service Process]
51330. Number=7289
51331. Confirmed=X
51332. Filename=navapvc.exe
51333. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
51334. Source=Paul Collins Startup list
51335.  
51336. [Norton SpySweeper AutoUpdate]
51337. Number=7290
51338. Confirmed=X
51339. Filename=navsw.exe
51340. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotas.html" target="_blank">FORBOT-AS</a> WORM!
51341. Source=Paul Collins Startup list
51342.  
51343. [Norton System]
51344. Number=7291
51345. Confirmed=X
51346. Filename=csrs.scr
51347. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanloaafm.html" target="_blank">BANLOA-AFM</a> TROJAN!
51348. Source=Paul Collins Startup list
51349.  
51350. [Norton System Doctor]
51351. Number=7292
51352. Confirmed=N
51353. Filename=Sysdoc32.exe
51354. Description=Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
51355. Source=Paul Collins Startup list
51356.  
51357. [Norton SystemWorks]
51358. Number=7293
51359. Confirmed=N
51360. Filename=cfgwiz.exe
51361. Description=Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
51362. Source=Paul Collins Startup list
51363.  
51364. [Norton Update]
51365. Number=7294
51366. Confirmed=X
51367. Filename=ccUpdate.exe
51368. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
51369.  
51370. Source=Paul Collins Startup list
51371.  
51372. [Norton Update]
51373. Number=7295
51374. Confirmed=X
51375. Filename=winsvc.exe
51376. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALP&VSect=P" target=_blank>AGOBOT.ALP</a> WORM!
51377. Source=Paul Collins Startup list
51378.  
51379. [Norton Update]
51380. Number=7296
51381. Confirmed=X
51382. Filename=cUpdate.exe
51383. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=49211" target="_blank">AGOBOT.APP</a> WORM!
51384. Source=Paul Collins Startup list
51385.  
51386. [Norton updated]
51387. Number=7297
51388. Confirmed=X
51389. Filename=NVSV32.EXE
51390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ABH&VSect=P" target=_blank>SDBOT.ABH</a> WORM!
51391. Source=Paul Collins Startup list
51392.  
51393. [Norton Updater]
51394. Number=7298
51395. Confirmed=X
51396. Filename=winset.exe
51397. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
51398. Source=Paul Collins Startup list
51399.  
51400. [Norton Updater]
51401. Number=7299
51402. Confirmed=X
51403. Filename=lsa.exe
51404. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
51405. Source=Paul Collins Startup list
51406.  
51407. [Norton Updater]
51408. Number=7300
51409. Confirmed=X
51410. Filename=NortonUpdate.exe
51411. Description=Added by an unidentified WORM or TROJAN!
51412. Source=Paul Collins Startup list
51413.  
51414. [Norton Updater]
51415. Number=7301
51416. Confirmed=X
51417. Filename=ccUpdate.exe
51418. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
51419. Source=Paul Collins Startup list
51420.  
51421. [Norton Updater]
51422. Number=7302
51423. Confirmed=X
51424. Filename=navupdtr.exe
51425. Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.AXV" target=_blank>SDBOT.AXV</a> WORM!
51426. Source=Paul Collins Startup list
51427.  
51428. [Norton Wizzard]
51429. Number=7303
51430. Confirmed=X
51431. Filename=nwiz.exe
51432. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042217-0801-99" target="_blank">GAOBOT.ADV</a> WORM! Note - this is not the valid nVidia application that shares the same name
51433. Source=Paul Collins Startup list
51434.  
51435. [norton32]
51436. Number=7304
51437. Confirmed=X
51438. Filename=norton32.exe
51439. Description=Added by an unidentified VIRUS, WORM or TROJAN!
51440. Source=Paul Collins Startup list
51441.  
51442. [NortonAntivirus]
51443. Number=7305
51444. Confirmed=X
51445. Filename=LSASS.exe
51446. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091615-0246-99" target=_blank>PEXMOR</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Temp" subfolder of the Winnt or Windows folder. It also has nothing to do with Norton AV
51447. Source=Paul Collins Startup list
51448.  
51449. [NortonAV]
51450. Number=7306
51451. Confirmed=X
51452. Filename=norton_antivirus.exe
51453. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111613-5136-99" target=_blank>NETJOE</a> TROJAN! Note - this is not the legitimate Symantec AV program
51454. Source=Paul Collins Startup list
51455.  
51456. [nortonav]
51457. Number=7307
51458. Confirmed=X
51459. Filename=CCUPD32.EXE
51460. Description=Added by an unidentified WORM or TROJAN!
51461. Source=Paul Collins Startup list
51462.  
51463. [nortonp]
51464. Number=7308
51465. Confirmed=X
51466. Filename=nortonp.exe
51467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN!
51468. Source=Paul Collins Startup list
51469.  
51470. [Nortons AV SYSTEM]
51471. Number=7309
51472. Confirmed=X
51473. Filename=scvchost.exe
51474. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
51475. Source=Paul Collins Startup list
51476.  
51477. [Nortons AVS Systems]
51478. Number=7310
51479. Confirmed=X
51480. Filename=arse.exe
51481. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AWY" target="_blank">RBOT.AWY</a> WORM!
51482. Source=Paul Collins Startup list
51483.  
51484. [nortonsantivirus]
51485. Number=7311
51486. Confirmed=X
51487. Filename=ccEvtMngr.exe
51488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhzdoora.html" target=_blank>HZDOOR-A</a> TROJAN!
51489. Source=Paul Collins Startup list
51490.  
51491. [NortonVPlus]
51492. Number=7312
51493. Confirmed=X
51494. Filename=svchost.exe
51495. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
51496. Source=Paul Collins Startup list
51497.  
51498. [Notebook Maximizer]
51499. Number=7313
51500. Confirmed=U
51501. Filename=maximizer_startup.exe
51502. Description=Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
51503. Source=Paul Collins Startup list
51504.  
51505. [NotebookManager]
51506. Number=7314
51507. Confirmed=?
51508. Filename=nbm.exe
51509. Description=<font color="#FF0000">Associated with Acer notebook PCs. What does it do and is it required?</font>
51510. Source=Paul Collins Startup list
51511.  
51512. [NOTEPAD]
51513. Number=7315
51514. Confirmed=X
51515. Filename=NOTEPAD.exe
51516. Description=Added as the result of the RUSTY VIRUS! Note - not to be confused with the valid Windows "NOTEPAD" text editor! This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
51517. Source=Paul Collins Startup list
51518.  
51519. [NotePad]
51520. Number=7316
51521. Confirmed=X
51522. Filename=[worm filename]
51523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcg.html" target="_blank">SILLYFDC-G</a> WORM!
51524. Source=Paul Collins Startup list
51525.  
51526. [Notepad]
51527. Number=7317
51528. Confirmed=X
51529. Filename=ntoepad.exe
51530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotak.html" target="_blank">DELBOT-AK</a> WORM!
51531. Source=Paul Collins Startup list
51532.  
51533. [Notepad lptt01]
51534. Number=7318
51535. Confirmed=X
51536. Filename=notepad.exe
51537. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not Windows Notepad which has the same executable name
51538. Source=Paul Collins Startup list
51539.  
51540. [Notepad ml097e]
51541. Number=7319
51542. Confirmed=X
51543. Filename=notepad.exe
51544. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Notepad" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not Windows Notepad which has the same executable name
51545. Source=Paul Collins Startup list
51546.  
51547. [notepad.exe]
51548. Number=7320
51549. Confirmed=X
51550. Filename=upx.exe
51551. Description=Added by a variant of the AGENT.AH TROJAN!
51552. Source=Paul Collins Startup list
51553.  
51554. [notepad.exe]
51555. Number=7321
51556. Confirmed=X
51557. Filename=msmsgs.exe
51558. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespyb.html" target= blank>FAKESPY-B</a> TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
51559. Source=Paul Collins Startup list
51560.  
51561. [notepad.exe]
51562. Number=7322
51563. Confirmed=X
51564. Filename=msmsgs.exe
51565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobi.html" target= blank>ZLOB-I</a> TROJAN!
51566.  Note - not be mistaken for the MSN Messenger file of the same name!
51567. Source=Paul Collins Startup list
51568.  
51569. [notepad.exe]
51570. Number=7323
51571. Confirmed=X
51572. Filename=msmsgs.exe
51573. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobi.html" target=_blank>ZLOB-I</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojzlobh.html" target=_blank>ZLOB-H</a> TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
51574. Source=Paul Collins Startup list
51575.  
51576. [notepad2.exe]
51577. Number=7324
51578. Confirmed=X
51579. Filename=popuper.exe
51580. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupere.html" target= blank>PUPER-E</a> TROJAN!
51581. Source=Paul Collins Startup list
51582.  
51583. [notes]
51584. Number=7325
51585. Confirmed=X
51586. Filename=notepaad.exe
51587. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BME&VSect=P" target=_blank>RBOT.BME</a> WORM!
51588. Source=Paul Collins Startup list
51589.  
51590. [Notification Utility]
51591. Number=7326
51592. Confirmed=X
51593. Filename=altpayV2.exe
51594. Description=Reported by <a href="http://www.ewido.net/en/" target="_blank">Ewido Security Suite</a> as WeirWeb adware
51595. Source=Paul Collins Startup list
51596.  
51597. [Notn]
51598. Number=7327
51599. Confirmed=X
51600. Filename=Eber.exe
51601. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
51602. Source=Paul Collins Startup list
51603.  
51604. [Notn]
51605. Number=7328
51606. Confirmed=X
51607. Filename=wtta.exe
51608. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
51609. Source=Paul Collins Startup list
51610.  
51611. [NovaBackup * Tray Control]
51612. Number=7329
51613. Confirmed=U
51614. Filename=NbkCtrl.exe
51615. Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank">NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank">here</a>. * represents the version number
51616. Source=Paul Collins Startup list
51617.  
51618. [NovaPortal Single User Service]
51619. Number=7330
51620. Confirmed=?
51621. Filename=NPSU.exe
51622. Description=<font color="#FF0000">??</font>
51623. Source=Paul Collins Startup list
51624.  
51625. [NovastorSchedulerd]
51626. Number=7331
51627. Confirmed=U
51628. Filename=SCHENGD.EXE
51629. Description=NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
51630. Source=Paul Collins Startup list
51631.  
51632. [NOYPI_KANG_ASTIG]
51633. Number=7332
51634. Confirmed=X
51635. Filename=Exit to DosPrompt.pif
51636. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062709-3249-99" target=_blank>FILUKIN.A</a> WORM!
51637. Source=Paul Collins Startup list
51638.  
51639. [np]
51640. Number=7333
51641. Confirmed=X
51642. Filename=upnp.exe
51643. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YABE.AE" target="_blank">YABE.AE</a> TROJAN!
51644. Source=Paul Collins Startup list
51645.  
51646. [NPF Value]
51647. Number=7334
51648. Confirmed=X
51649. Filename=NPFMONTR.exe
51650. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
51651. Source=Paul Collins Startup list
51652.  
51653. [NPFMonitor]
51654. Number=7335
51655. Confirmed=?
51656. Filename=NPFMntor.exe
51657. Description=Norton AntiVirus Firewall Install Monitor. <font color="#FF0000">What does it do and is it required?</font>
51658. Source=Paul Collins Startup list
51659.  
51660. [NPROTECT]
51661. Number=7336
51662. Confirmed=U
51663. Filename=nprotect.exe
51664. Description=Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid
51665. Source=Paul Collins Startup list
51666.  
51667. [NPS Event Checker]
51668. Number=7337
51669. Confirmed=?
51670. Filename=npscheck.exe
51671. Description=<font color="#FF0000">Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as </font>Norton Program Scheduler Event Checker
51672. Source=Paul Collins Startup list
51673.  
51674. [NS]
51675. Number=7338
51676. Confirmed=X
51677. Filename=ns.exe
51678. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agoboths.html" target=_blank>AGOBOT-HS</a> WORM!
51679. Source=Paul Collins Startup list
51680.  
51681. [NSCheck]
51682. Number=7339
51683. Confirmed=X
51684. Filename=NSCHECK.EXE
51685. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers
51686.  
51687. Source=Paul Collins Startup list
51688.  
51689. [nscntrl]
51690. Number=7340
51691. Confirmed=X
51692. Filename=nscntrl.exe
51693. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaddc.html" target=_blank>DLOAD-DC</a> TROJAN!
51694. Source=Paul Collins Startup list
51695.  
51696. [nsdcmd services]
51697. Number=7341
51698. Confirmed=X
51699. Filename=nsdcmdav.exe
51700. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
51701. Source=Paul Collins Startup list
51702.  
51703. [nsdcmd vid process]
51704. Number=7342
51705. Confirmed=X
51706. Filename=nsdcmdwin.exe
51707. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
51708. Source=Paul Collins Startup list
51709.  
51710. [nsdlua]
51711. Number=7343
51712. Confirmed=X
51713. Filename=nsdlua.exe
51714. Description=All-In-One Telcom - adult content dialler
51715. Source=Paul Collins Startup list
51716.  
51717. [nsdriver]
51718. Number=7344
51719. Confirmed=X
51720. Filename=nssys32.exe
51721. Description=<a href="http://allentech.net/parasite/NetShagg.html" target="_blank">NetShagg</a> adware
51722.  
51723. Source=Paul Collins Startup list
51724.  
51725. [nse]
51726. Number=7345
51727. Confirmed=X
51728. Filename=nse.exe
51729. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotml.html" target=_blank>AGOBOT-ML</a> WORM!
51730. Source=Paul Collins Startup list
51731.  
51732. [Nsengine]
51733. Number=7346
51734. Confirmed=U
51735. Filename=Nsengine.exe
51736. Description=Scheduling engine of <a href="http://www.no-panic.com/backup/n_backup.html" target="_blank"> NovaSTOR Backup</a> Service. Only required if scheduling is enabled and wanted - see <a href="http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html" target="_blank"> here</a>
51737. Source=Paul Collins Startup list
51738.  
51739. [NSHelper]
51740. Number=7347
51741. Confirmed=U
51742. Filename=aexnsinstallhelper.exe
51743. Description=Altiris Express Notification Server Install helper - monitors integrity of the installation
51744. Source=Paul Collins Startup list
51745.  
51746. [nssysconf]
51747. Number=7348
51748. Confirmed=X
51749. Filename=[random filename]
51750. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VIVIA.A" target="_blank">VIVIA.A</a> TROJAN!
51751. Source=Paul Collins Startup list
51752.  
51753. [nstat]
51754. Number=7349
51755. Confirmed=X
51756. Filename=netstat.exe
51757. Description=Adult content dialler
51758. Source=Paul Collins Startup list
51759.  
51760. [NSupdate]
51761. Number=7350
51762. Confirmed=X
51763. Filename=NSupdate.exe
51764. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/diallaetb.html" target=_blank>Dial/Laet-B</a> premium rate dialer!
51765. Source=Paul Collins Startup list
51766.  
51767. [Nsv]
51768. Number=7351
51769. Confirmed=X
51770. Filename=nsvsvc.exe
51771. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target=_blank>Delfin Promulgate</a> adware
51772. Source=Paul Collins Startup list
51773.  
51774. [nsvcin]
51775. Number=7352
51776. Confirmed=X
51777. Filename=n20050308.exe
51778. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
51779. Source=Paul Collins Startup list
51780.  
51781. [Nsvdr]
51782. Number=7353
51783. Confirmed=X
51784. Filename=nsvdr.exe
51785. Description=Adult content dialler
51786. Source=Paul Collins Startup list
51787.  
51788. [nsys]
51789. Number=7354
51790. Confirmed=U
51791. Filename=nsys.exe
51792. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080510-5653-99" target= blank>NetSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
51793. Source=Paul Collins Startup list
51794.  
51795. [nsys32]
51796. Number=7355
51797. Confirmed=X
51798. Filename=nsys32.exe
51799. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsu.html" target=_blank>AGOBOT-SU</a> WORM!
51800. Source=Paul Collins Startup list
51801.  
51802. [NSystemMonitor]
51803. Number=7356
51804. Confirmed=N
51805. Filename=Symmon.exe
51806. Description=Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
51807. Source=Paul Collins Startup list
51808.  
51809. [NT Kernel Patch]
51810. Number=7357
51811. Confirmed=N
51812. Filename=ntkrnlpt.exe
51813. Description=<a href="http://www.2point.com/FAXserve/" target="_blank">FaxServe</a> network fax software
51814. Source=Paul Collins Startup list
51815.  
51816. [NT Logging Service]
51817. Number=7358
51818. Confirmed=X
51819. Filename=Syslog32.exe
51820. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092716-2152-99" target="_blank">DONK.B</a> WORM and variants!
51821. Source=Paul Collins Startup list
51822.  
51823. [NT MICROSOFT SVCD]
51824. Number=7359
51825. Confirmed=X
51826. Filename=ntvsvcd.exe
51827. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
51828. Source=Paul Collins Startup list
51829.  
51830. [NT security]
51831. Number=7360
51832. Confirmed=X
51833. Filename=rundll32.com
51834. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajc.html" target=_blank>RBOT-AJC</a> WORM!
51835. Source=Paul Collins Startup list
51836.  
51837. [NT Service]
51838. Number=7361
51839. Confirmed=X
51840. Filename=NTOKSRNL.EXE
51841. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaag.html" target=_blank>RBOT-AAG</a> WORM!
51842. Source=Paul Collins Startup list
51843.  
51844. [NT Services]
51845. Number=7362
51846. Confirmed=X
51847. Filename=ntsvc.exe
51848. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VJ" target="_blank">AGOBOT.VJ</a> WORM!
51849. Source=Paul Collins Startup list
51850.  
51851. [Nt System Protocol]
51852. Number=7363
51853. Confirmed=X
51854. Filename=ntsystem.exe
51855. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47332" target="_blank">RBOT.DSB</a> TROJAN!
51856. Source=Paul Collins Startup list
51857.  
51858. [NT Virtual Machine]
51859. Number=7364
51860. Confirmed=X
51861. Filename=[path to file]
51862. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32scaerbota.html" target= blank>SCAERBOT-A</a> WORM!
51863. Source=Paul Collins Startup list
51864.  
51865. [Nt**.exe [* = random char]]
51866. Number=7365
51867. Confirmed=X
51868. Filename=Nt**.exe [* = random char]
51869. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
51870. Source=Paul Collins Startup list
51871.  
51872. [Nt**32.exe [* = random char]]
51873. Number=7366
51874. Confirmed=X
51875. Filename=Nt**32.exe [* = random char]
51876. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
51877. Source=Paul Collins Startup list
51878.  
51879. [NT-Virtual Device Manager]
51880. Number=7367
51881. Confirmed=X
51882. Filename=ntvdmn.exe
51883. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaaa.html" target=_blank>SDBOT-AAA</a> WORM!
51884. Source=Paul Collins Startup list
51885.  
51886. [Ntcheck]
51887. Number=7368
51888. Confirmed=X
51889. Filename=mapserver.exe
51890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtompaib.html" target=_blank>TOMPAI-B</a> WORM!
51891. Source=Paul Collins Startup list
51892.  
51893. [NTCommLib3]
51894. Number=7369
51895. Confirmed=X
51896. Filename=NTCommLib3.exe
51897. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-061915-5855-99" target=_blank>Admess</a> adware variant
51898. Source=Paul Collins Startup list
51899.  
51900. [ntddetect]
51901. Number=7370
51902. Confirmed=X
51903. Filename=ntddetect.exe
51904. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentcu.html" target=_blank>AGENT-CU</a> TROJAN!
51905. Source=Paul Collins Startup list
51906.  
51907. [NTdhcp]
51908. Number=7371
51909. Confirmed=X
51910. Filename=NTdhcp.exe
51911. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobc.html" target=_blank>QQROB-C</a> TROJAN!
51912. Source=Paul Collins Startup list
51913.  
51914. [NTdhcp]
51915. Number=7372
51916. Confirmed=X
51917. Filename=CiKewl.exe
51918. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobn.html" target=_blank>QQROB-N</a> TROJAN!
51919. Source=Paul Collins Startup list
51920.  
51921. [ntdll]
51922. Number=7373
51923. Confirmed=X
51924. Filename=ntdll.exe
51925. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110416-1452-99" target="_blank">BIONET.404</a> TROJAN!
51926. Source=Paul Collins Startup list
51927.  
51928. [ntdll.dll]
51929. Number=7374
51930. Confirmed=X
51931. Filename=TrustCleaner.exe
51932. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
51933. Source=Paul Collins Startup list
51934.  
51935. [NTDLM]
51936. Number=7375
51937. Confirmed=X
51938. Filename=csrss.exe
51939. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-2036-99" target=_blank>HALE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Qossrv" subfolder
51940. Source=Paul Collins Startup list
51941.  
51942. [Ntech.patchs]
51943. Number=7376
51944. Confirmed=X
51945. Filename=[trojan filename]
51946. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033014-4558-99" target="_blank">LEMIR.G</a> TROJAN!
51947. Source=Paul Collins Startup list
51948.  
51949. [ntechin]
51950. Number=7377
51951. Confirmed=X
51952. Filename=n20050308.exe
51953. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
51954. Source=Paul Collins Startup list
51955.  
51956. [nternet Explorer]
51957. Number=7378
51958. Confirmed=X
51959. Filename=iexplore.exe
51960. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotct.html" target=_blank>FORBOT-CT</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
51961. Source=Paul Collins Startup list
51962.  
51963. [NTFS16]
51964. Number=7379
51965. Confirmed=X
51966. Filename=ntfs16.exe
51967. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotly.html" target="_blank">RBOT-LY</a> WORM!
51968. Source=Paul Collins Startup list
51969.  
51970. [NTFSCLUP]
51971. Number=7380
51972. Confirmed=Y
51973. Filename=NTFSCLUP.EXE
51974. Description=Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"
51975. Source=Paul Collins Startup list
51976.  
51977. [ntfsmonitorpro]
51978. Number=7381
51979. Confirmed=X
51980. Filename=ntfs64.exe
51981. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteb.html" target=_blank>FORBOT-EB</a> WORM!
51982. Source=Paul Collins Startup list
51983.  
51984. [NTFSS Microsoft System]
51985. Number=7382
51986. Confirmed=X
51987. Filename=filees.exe
51988. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GAB" target="_blank">RBOT.GAB</a> WORM!
51989. Source=Paul Collins Startup list
51990.  
51991. [NTFSS MICROSOFT SYSTEM]
51992. Number=7383
51993. Confirmed=X
51994. Filename=filess.exe
51995. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AXZ&VSect=P" target=_blank>RBOT.AXZ</a> WORM!
51996. Source=Paul Collins Startup list
51997.  
51998. [ntl Netguard]
51999. Number=7384
52000. Confirmed=Y
52001. Filename=RPS.exe
52002. Description=<a href="http://www.ntlworld.com/helpsupport/netguard/index.php" target=_blank>ntl Netguard</a> - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services
52003.  
52004. Source=Paul Collins Startup list
52005.  
52006. [ntldr]
52007. Number=7385
52008. Confirmed=X
52009. Filename=ntldr.exe
52010. Description=Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat
52011. Source=Paul Collins Startup list
52012.  
52013. [ntlfreedom]
52014. Number=7386
52015. Confirmed=N
52016. Filename=rundll32 [path] RyDial.dll, QuickStart
52017. Description=<a href="http://secure.ntlfreedom.com/bundled/bundle_DialUp.aspx" target="_blank">NTL Freedom</a> dial-up ISP software - not required
52018. Source=Paul Collins Startup list
52019.  
52020. [ntmsevt]
52021. Number=7387
52022. Confirmed=X
52023. Filename=ntmsevt.exe
52024. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstopedb.html" target="_blank">STOPED-B</a> TROJAN
52025. Source=Paul Collins Startup list
52026.  
52027. [NTP Server]
52028. Number=7388
52029. Confirmed=X
52030. Filename=[path to trojan]
52031. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-5250-99" target="_blank">RANKY.F</a> TROJAN!
52032. Source=Paul Collins Startup list
52033.  
52034. [nTrayFw]
52035. Number=7389
52036. Confirmed=Y
52037. Filename=ntrayfw.exe
52038. Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
52039. Source=Paul Collins Startup list
52040.  
52041. [NTrtc]
52042. Number=7390
52043. Confirmed=N
52044. Filename=ntrtc.exe
52045. Description=Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support
52046. Source=Paul Collins Startup list
52047.  
52048. [NTSet32]
52049. Number=7391
52050. Confirmed=X
52051. Filename=services.exe
52052. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwinspyc.html" target=_blank>WINSPY-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "dll32" subfolder of the Windows or Winnt folder
52053. Source=Paul Collins Startup list
52054.  
52055. [NTSF Microsoft System]
52056. Number=7392
52057. Confirmed=X
52058. Filename=fylez.exe
52059. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
52060. Source=Paul Collins Startup list
52061.  
52062. [NTSF MICROSOFT SYSTEM]
52063. Number=7393
52064. Confirmed=X
52065. Filename=wntsf.exe
52066. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATC&VSect=P" target=_blank>RBOT.ATC</a> WORM!
52067. Source=Paul Collins Startup list
52068.  
52069. [NTSF MICROSOFT SYSTEM]
52070. Number=7394
52071. Confirmed=X
52072. Filename=fufffy.exe
52073. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotael.html" target=_blank>RBOT-AEL</a> WORM!
52074. Source=Paul Collins Startup list
52075.  
52076. [NTSF MICROSOFT SYSTEM]
52077. Number=7395
52078. Confirmed=X
52079. Filename=ntssf.exe
52080. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
52081. Source=Paul Collins Startup list
52082.  
52083. [NTSF MICROSOFT SYSTEM]
52084. Number=7396
52085. Confirmed=X
52086. Filename=scvhost.exe
52087. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
52088. Source=Paul Collins Startup list
52089.  
52090. [NTSF MICROSOFT SYSTEM]
52091. Number=7397
52092. Confirmed=X
52093. Filename=winsis32.exe
52094. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
52095. Source=Paul Collins Startup list
52096.  
52097. [NTSF MICROSOFT SYSTEM]
52098. Number=7398
52099. Confirmed=X
52100. Filename=marya.exe
52101. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxy.html" target=_blank>RBOT-AXY</a> WORM!
52102. Source=Paul Collins Startup list
52103.  
52104. [NTSF MICROSOFT SYSTEM]
52105. Number=7399
52106. Confirmed=X
52107. Filename=sysman.exe
52108. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EDP" target="_blank">RBOT.EDP</a> WORM!
52109. Source=Paul Collins Startup list
52110.  
52111. [ntsmod]
52112. Number=7400
52113. Confirmed=X
52114. Filename=ntsmod.exe
52115. Description=Adware downloader/installer, probably <a href="http://sarc.com/avcenter/venc/data/adware.look2me.html" target=_blank>VX2/Look2Me</a> related - also detected as the WIN32.VB.RL TROJAN!
52116. Source=Paul Collins Startup list
52117.  
52118. [NTsocket]
52119. Number=7401
52120. Confirmed=X
52121. Filename=NoeWinnt.exe
52122. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojatakae.html" target="_blank">ATAKA-E</a> TROJAN!
52123. Source=Paul Collins Startup list
52124.  
52125. [NTsrv.exe]
52126. Number=7402
52127. Confirmed=X
52128. Filename=NTsrv.exe
52129. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojservuo.html" target=_blank>SERVU-O</a> TROJAN!
52130. Source=Paul Collins Startup list
52131.  
52132. [Ntsysv]
52133. Number=7403
52134. Confirmed=X
52135. Filename=ntsysv.exe
52136. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmifenge.html" target=_blank>MIFENG-E</a> TROJAN!
52137.  
52138. Source=Paul Collins Startup list
52139.  
52140. [nTune]
52141. Number=7404
52142. Confirmed=U
52143. Filename=nTune.exe
52144. Description=nVidia <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
52145. Source=Paul Collins Startup list
52146.  
52147. [ntupd32]
52148. Number=7405
52149. Confirmed=X
52150. Filename=ntupd32.exe
52151. Description=Unidentified adware/spyware
52152. Source=Paul Collins Startup list
52153.  
52154. [ntupdate]
52155. Number=7406
52156. Confirmed=X
52157. Filename=dnsvc.exe
52158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottc.html" target=_blank>SDBOT-TC</a> WORM!
52159. Source=Paul Collins Startup list
52160.  
52161. [NTupdater]
52162. Number=7407
52163. Confirmed=X
52164. Filename=[path to trojan]
52165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdigarixd.html" target=_blank>DIGARIX-D</a> TROJAN!
52166. Source=Paul Collins Startup list
52167.  
52168. [NTVDM]
52169. Number=7408
52170. Confirmed=U
52171. Filename=NTVDM.EXE
52172. Description=Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ntvdm/" target="_blank">here</a>
52173. Source=Paul Collins Startup list
52174.  
52175. [ntvdmd]
52176. Number=7409
52177. Confirmed=X
52178. Filename=ntvdmd.exe
52179. Description=Adware downloader - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyp.html" target=_blank>DLOADER-YP</a> TROJAN!
52180. Source=Paul Collins Startup list
52181.  
52182. [ntvdscm]
52183. Number=7410
52184. Confirmed=X
52185. Filename=ntvdscm.exe
52186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsckeylogi.html" target="_blank">SCKEYLOG-I</a> TROJAN!
52187. Source=Paul Collins Startup list
52188.  
52189. [ntx32]
52190. Number=7411
52191. Confirmed=X
52192. Filename=ntx32.exe
52193. Description=Added by an unidentified WORM or TROJAN!
52194. Source=Paul Collins Startup list
52195.  
52196. [Numerical Xterm Agent]
52197. Number=7412
52198. Confirmed=X
52199. Filename=0x32.exe
52200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwp.html" target="_blank">RBOT-FWP</a> WORM!
52201. Source=Paul Collins Startup list
52202.  
52203. [Numerical Xterm Agents]
52204. Number=7413
52205. Confirmed=X
52206. Filename=2x32.exe
52207. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwy.html" target="_blank">RBOT-FWY</a> WORM!
52208. Source=Paul Collins Startup list
52209.  
52210. [Numerical Xtermz Agent]
52211. Number=7414
52212. Confirmed=X
52213. Filename=1x32.exe
52214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfwx.html" target="_blank">RBOT-FWX</a> WORM!
52215. Source=Paul Collins Startup list
52216.  
52217. [NuTCSetupEnviron]
52218. Number=7415
52219. Confirmed=Y
52220. Filename=ncoeenv.exe
52221. Description=Used by the <a href="http://www.mkssoftware.com/products/tk/ds_tkedev.asp" target="_blank">MKS Toolkit for Enterprise Developers</a> product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
52222. Source=Paul Collins Startup list
52223.  
52224. [NvagNT]
52225. Number=7416
52226. Confirmed=X
52227. Filename=nvagNT.exe
52228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrv.html" target= blank>AGOBOT-RV</a> WORM!
52229. Source=Paul Collins Startup list
52230.  
52231. [nvc Win32]
52232. Number=7417
52233. Confirmed=X
52234. Filename=nvcvc.exe
52235. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadd.html" target=_blank>RBOT-ADD</a> WORM!
52236. Source=Paul Collins Startup list
52237.  
52238. [nvchost]
52239. Number=7418
52240. Confirmed=X
52241. Filename=winlogon.exe
52242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojklonej.html" target="_blank">KLONE-J</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
52243. Source=Paul Collins Startup list
52244.  
52245. [NvClipRsv]
52246. Number=7419
52247. Confirmed=X
52248. Filename=svchost.exe
52249. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-K</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
52250. Source=Paul Collins Startup list
52251.  
52252. [NvClipRsv]
52253. Number=7420
52254. Confirmed=X
52255. Filename=swchost.exe
52256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dumaruak.html" target=_blank>DUMARU-AK</a> WORM!
52257. Source=Paul Collins Startup list
52258.  
52259. [NVCLOCK]
52260. Number=7421
52261. Confirmed=?
52262. Filename=rundll32 nvclock.dll, fnNvclock
52263. Description=<font color="#FF0000">Overclocking utility for nVidia based graphics cards?</font>
52264. Source=Paul Collins Startup list
52265.  
52266. [NvColorInit]
52267. Number=7422
52268. Confirmed=?
52269. Filename=rundll32.exe NvQtwk.dll, NvColorInit
52270. Description=<font color="#FF0000">Associated with Nvidia based graphics cards</font>
52271. Source=Paul Collins Startup list
52272.  
52273. [NVCOM]
52274. Number=7423
52275. Confirmed=X
52276. Filename=NVCOM.exe
52277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsb.html" target= blank>AGOBOT-SB</a> WORM!
52278. Source=Paul Collins Startup list
52279.  
52280. [NvCpl]
52281. Number=7424
52282. Confirmed=U
52283. Filename=rundll32.exe NvCpl.dll, NvStartup
52284. Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
52285. Source=Paul Collins Startup list
52286.  
52287. [NvCpl]
52288. Number=7425
52289. Confirmed=X
52290. Filename=NvCpl.EXE
52291. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112216-2050-99" target=_blank>YANZ.B</a> WORM!
52292. Source=Paul Collins Startup list
52293.  
52294. [NvCpl]
52295. Number=7426
52296. Confirmed=X
52297. Filename=[random filename]
52298. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotapj.html" target=_blank>AGOBOT-APJ</a> WORM!
52299. Source=Paul Collins Startup list
52300.  
52301. [NvCpl]
52302. Number=7427
52303. Confirmed=X
52304. Filename=windowsp.exe
52305. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
52306. Source=Paul Collins Startup list
52307.  
52308. [NvCpl]
52309. Number=7428
52310. Confirmed=X
52311. Filename=rundl32.exe
52312. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotto.html" target=_blank>AGOBOT-TO</a> WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"
52313. Source=Paul Collins Startup list
52314.  
52315. [NvCpl32Deamon]
52316. Number=7429
52317. Confirmed=X
52318. Filename=nvcpl.exe
52319. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RPCSDBOT.B&highlight=WORM_RPCSDBOT.B" target=_blank>RPCSDBOT.B</a> WORM!
52320. Source=Paul Collins Startup list
52321.  
52322. [NvCplD]
52323. Number=7430
52324. Confirmed=X
52325. Filename=m2gr32.exe
52326. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> premium rate adult content dialler
52327. Source=Paul Collins Startup list
52328.  
52329. [NvCplD]
52330. Number=7431
52331. Confirmed=X
52332. Filename=ntcpl.exe
52333. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>Switch</a> adult content dialler
52334. Source=Paul Collins Startup list
52335.  
52336. [NvCplDaemon]
52337. Number=7432
52338. Confirmed=N
52339. Filename=rundll32.exe NvQtwk.dll, NvCplDaemon
52340. Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
52341. Source=Paul Collins Startup list
52342.  
52343. [NvCplDaemon]
52344. Number=7433
52345. Confirmed=U
52346. Filename=rundll32.exe NvCpl.dll, NvStartup
52347. Description=Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
52348. Source=Paul Collins Startup list
52349.  
52350. [NvCplDaemon]
52351. Number=7434
52352. Confirmed=X
52353. Filename=msmsgrs.exe
52354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderyi.html" target=_blank>DLOADER-YI</a> TROJAN!
52355. Source=Paul Collins Startup list
52356.  
52357. [NvCplDaemon32]
52358. Number=7435
52359. Confirmed=X
52360. Filename=anvshell32.exe
52361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
52362. Source=Paul Collins Startup list
52363.  
52364. [NvCplDeamon]
52365. Number=7436
52366. Confirmed=X
52367. Filename=nvdisp.exe
52368. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpeepviei.html" target=_blank>PEEPVIE-I</a> TROJAN!
52369. Source=Paul Collins Startup list
52370.  
52371. [NvCplDmn]
52372. Number=7437
52373. Confirmed=X
52374. Filename=NAVSVC.EXE
52375. Description=Added by an unidentified VIRUS, WORM or TROJAN!
52376. Source=Paul Collins Startup list
52377.  
52378. [NvCplScan]
52379. Number=7438
52380. Confirmed=X
52381. Filename=msc32.exe
52382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdd.html" target=_blank>FORBOT-DD</a> WORM!
52383. Source=Paul Collins Startup list
52384.  
52385. [NvCplScan]
52386. Number=7439
52387. Confirmed=X
52388. Filename=winasp.exe
52389. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FORBOT.BZ&VSect=T" target=_blank>FORBOT.BZ</a> WORM!
52390. Source=Paul Collins Startup list
52391.  
52392. [NvCplScan]
52393. Number=7440
52394. Confirmed=X
52395. Filename=nvsc32.exe
52396. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
52397. Source=Paul Collins Startup list
52398.  
52399. [NvCplScan]
52400. Number=7441
52401. Confirmed=X
52402. Filename=kav32.exe
52403. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotew.html" target= blank>FORBOT-EW</a> WORM!
52404. Source=Paul Collins Startup list
52405.  
52406. [nvctrl.exe]
52407. Number=7442
52408. Confirmed=X
52409. Filename=nvctrl.exe
52410. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121311-5012-99" target=_blank>ZLOB.G</a> TROJAN!
52411. Source=Paul Collins Startup list
52412.  
52413. [nvd32 lptt01]
52414. Number=7443
52415. Confirmed=X
52416. Filename=nvd32.exe
52417. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
52418. Source=Paul Collins Startup list
52419.  
52420. [nvd32 ml097e]
52421. Number=7444
52422. Confirmed=X
52423. Filename=nvd32.exe
52424. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "nvd32" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
52425. Source=Paul Collins Startup list
52426.  
52427. [NVHotkey]
52428. Number=7445
52429. Confirmed=U
52430. Filename=rundll32.exe [path] nvHotkey.dll
52431. Description=Enables the use of "hot keys" for changing setting on Nvidia graphics
52432. Source=Paul Collins Startup list
52433.  
52434. [Nvid]
52435. Number=7446
52436. Confirmed=X
52437. Filename=[8 random charachters]
52438. Description=Unidentified adware
52439. Source=Paul Collins Startup list
52440.  
52441. [Nvid32]
52442. Number=7447
52443. Confirmed=X
52444. Filename=Nvid32.exe
52445. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
52446. Source=Paul Collins Startup list
52447.  
52448. [Nvidex32]
52449. Number=7448
52450. Confirmed=X
52451. Filename=Nvidex32.exe
52452. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
52453. Source=Paul Collins Startup list
52454.  
52455. [NVIDIA ActiveArmor]
52456. Number=7449
52457. Confirmed=Y
52458. Filename=ntrayfw.exe
52459. Description=Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
52460. Source=Paul Collins Startup list
52461.  
52462. [Nvidia Control Daemon]
52463. Number=7450
52464. Confirmed=X
52465. Filename=nksvc32.exe
52466. Description=Added by an unidentified WORM or TROJAN!
52467.  
52468. Source=Paul Collins Startup list
52469.  
52470. [Nvidia Control Panel]
52471. Number=7451
52472. Confirmed=X
52473. Filename=ncsvc32.exe
52474. Description=Added by an unidentified VIRUS, WORM or TROJAN!
52475. Source=Paul Collins Startup list
52476.  
52477. [NVIDIA Driver]
52478. Number=7452
52479. Confirmed=X
52480. Filename=MSPMSPSU.EXE
52481. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target="_blank">WOOTBOT.Y</a> WORM!
52482. Source=Paul Collins Startup list
52483.  
52484. [nVidia Drivers]
52485. Number=7453
52486. Confirmed=X
52487. Filename=nVidiaDrvers.exe
52488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafx.html" target=_blank>SDBOT-AFX</a> WORM! Note - this is not related to any nVidia based motherboard or graphics card
52489. Source=Paul Collins Startup list
52490.  
52491. [NVIDIA nForce APU1 Utilities]
52492. Number=7454
52493. Confirmed=N
52494. Filename=NVATray.exe
52495. Description=nVidia's nForce Audio Processing Unit (<a href="http://www.nvidia.com/object/apu.html" target="_blank">APU</a>)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"
52496. Source=Paul Collins Startup list
52497.  
52498. [NVIDIA nTune]
52499. Number=7455
52500. Confirmed=U
52501. Filename=nTune.exe
52502. Description=nVidia <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a> - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
52503. Source=Paul Collins Startup list
52504.  
52505. [NVidia System Utility]
52506. Number=7456
52507. Confirmed=U
52508. Filename=NVSystemUtility.exe
52509. Description=NVidia System Utility (now <a href="http://www.nvidia.com/object/sysutility.html" target="_blank">nTune</a>) lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds
52510. Source=Paul Collins Startup list
52511.  
52512. [NVIDIA Video drivers]
52513. Number=7457
52514. Confirmed=X
52515. Filename=video_32D.exe
52516. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.KV" target="_blank">AGOBOT.KV</a> WORM!
52517. Source=Paul Collins Startup list
52518.  
52519. [NVIDIA Video drivers]
52520. Number=7458
52521. Confirmed=X
52522. Filename=video_32sD.exe
52523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbb.html" target=_blank>RBOT-BB</a> WORM!
52524. Source=Paul Collins Startup list
52525.  
52526. [Nvidia32]
52527. Number=7459
52528. Confirmed=X
52529. Filename=nvidia32.exe
52530. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojhostsb.html" target= blank>HOSTS-B</a> TROJAN!
52531. Source=Paul Collins Startup list
52532.  
52533. [NvidiaQuickTweak]
52534. Number=7460
52535. Confirmed=N
52536. Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
52537. Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
52538. Source=Paul Collins Startup list
52539.  
52540. [nvidll32]
52541. Number=7461
52542. Confirmed=X
52543. Filename=nvidll32.exe
52544. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxk.html" target= blank>RBOT-XK</a> WORM!
52545. Source=Paul Collins Startup list
52546.  
52547. [NVIEW]
52548. Number=7462
52549. Confirmed=U
52550. Filename=rundll32.exe nview.dll, nViewLoadHook
52551. Description=This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
52552. Source=Paul Collins Startup list
52553.  
52554. [nviload32]
52555. Number=7463
52556. Confirmed=X
52557. Filename=nviload32.exe
52558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvt.html" target=_blank>SDBOT-VT</a> WORM!
52559.  
52560. Source=Paul Collins Startup list
52561.  
52562. [NvInitialize]
52563. Number=7464
52564. Confirmed=N
52565. Filename=rundll32.exe NvQtwk.dll, NvXTInit
52566. Description=Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
52567. Source=Paul Collins Startup list
52568.  
52569. [nvirundll]
52570. Number=7465
52571. Confirmed=X
52572. Filename=nvirundll.exe
52573. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041512-0913-99" target=_blank>SPYBOT.NPS</a> WORM!
52574. Source=Paul Collins Startup list
52575.  
52576. [nvjxue]
52577. Number=7466
52578. Confirmed=X
52579. Filename=nvjxue.exe
52580. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32eyevegj.html" target=_blank>EYEVEG-J</a> WORM!
52581. Source=Paul Collins Startup list
52582.  
52583. [NVmax]
52584. Number=7467
52585. Confirmed=Y
52586. Filename=NVmax.exe
52587. Description=NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
52588. Source=Paul Collins Startup list
52589.  
52590. [NVMCTRAY]
52591. Number=7468
52592. Confirmed=N
52593. Filename=RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit
52594. Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
52595. Source=Paul Collins Startup list
52596.  
52597. [NvMediaCenter]
52598. Number=7469
52599. Confirmed=U
52600. Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
52601. Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
52602. Source=Paul Collins Startup list
52603.  
52604. [NVMixerTray]
52605. Number=7470
52606. Confirmed=N
52607. Filename=NVMixerTray.exe
52608. Description=System Tray access to audio controls from nVidia's motherboard ForceWare software
52609. Source=Paul Collins Startup list
52610.  
52611. [nvmsgdwn]
52612. Number=7471
52613. Confirmed=X
52614. Filename=NVMSGDWN.EXE
52615. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraberd.html" target=_blank>GRABER-D</a> TROJAN!
52616. Source=Paul Collins Startup list
52617.  
52618. [nvpatch]
52619. Number=7472
52620. Confirmed=X
52621. Filename=napatch.exe
52622. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sasserf.html" target=_blank>SASSER-F</a> WORM!
52623. Source=Paul Collins Startup list
52624.  
52625. [NvPvrNetMon]
52626. Number=7473
52627. Confirmed=U
52628. Filename=NvPvrNetMon.exe
52629. Description=Network monitor for the Personal Video Recorder function of the <a href="http://www.networkautomation.com/automate/index.htm" target="_blank">NVIDIA ForceWare Multimedia</a> application - "makes sure you donÆt miss your favorite show. If you wonÆt be home to watch the show, just use the PVR to set future recordings"
52630. Source=Paul Collins Startup list
52631.  
52632. [NVQuickTweak]
52633. Number=7474
52634. Confirmed=N
52635. Filename=rundll32.exe NvQtwk.dll, NvTaskbarInit
52636. Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
52637. Source=Paul Collins Startup list
52638.  
52639. [NVRaidService]
52640. Number=7475
52641. Confirmed=N
52642. Filename=nvraidservice.exe
52643. Description=nVidia <a href="http://www.nvidia.com/object/feature_raid.html" target="_blank">NVRaid</a> - hard disk striping/mirroring utility for increased performance and reliability. Doesn't seem to be required if you have a <a href="http://data-recovery.lsoft.net/concept_raid.html" target="_blank">RAID</a> setup as there is no performance difference without it
52644. Source=Paul Collins Startup list
52645.  
52646. [NVRotateSysTray]
52647. Number=7476
52648. Confirmed=?
52649. Filename=nvsysrot.dll
52650. Description=Related to <a href="http://www.fileresearchcenter.com/N/NVSYSROT.DLL-6190.html" target="_blank">NVIDIA</a> nView Control Panel. <font color="#FF0000">What does it do and is it required?</font>
52651. Source=Paul Collins Startup list
52652.  
52653. [NVRT]
52654. Number=7477
52655. Confirmed=N
52656. Filename=nvrt.exe
52657. Description=NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
52658. Source=Paul Collins Startup list
52659.  
52660. [NVRTClk]
52661. Number=7478
52662. Confirmed=?
52663. Filename=NVRTClk.exe
52664. Description=Related to a Gigabyte video card. <font color="#FF0000">What does it do, and is it required?</font>
52665. Source=Paul Collins Startup list
52666.  
52667. [nvsv32.exe]
52668. Number=7479
52669. Confirmed=X
52670. Filename=nvsv32.exe
52671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdi.html" target=_blank>FORBOT-DI</a> WORM!
52672. Source=Paul Collins Startup list
52673.  
52674. [nvsv32.exe]
52675. Number=7480
52676. Confirmed=X
52677. Filename=cstr.exe
52678. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
52679. Source=Paul Collins Startup list
52680.  
52681. [nvsv32.exe]
52682. Number=7481
52683. Confirmed=X
52684. Filename=asr_fnt.exe
52685. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GE&VSect=P" target=_blank>WOOTBOT.GE</a> WORM!
52686. Source=Paul Collins Startup list
52687.  
52688. [nvsv32.exe]
52689. Number=7482
52690. Confirmed=X
52691. Filename=nvsv33.exe
52692. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.FP&VSect=P" target=_blank>WOOTBOT.FP</a> WORM!
52693. Source=Paul Collins Startup list
52694.  
52695. [NvSvc]
52696. Number=7483
52697. Confirmed=N
52698. Filename=nvsvc.exe
52699. Description=NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that
52700. Source=Paul Collins Startup list
52701.  
52702. [nvsvc]
52703. Number=7484
52704. Confirmed=X
52705. Filename=nvsvc.exe
52706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhq.html" target=_blank>BANKER-HQ</a> TROJAN! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
52707. Source=Paul Collins Startup list
52708.  
52709. [NVSVC]
52710. Number=7485
52711. Confirmed=X
52712. Filename=nvsvc.exe
52713. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ALX" target="_blank">AGOBOT.ALX</a> WORM! Note - this is not the valid <a href="http://www.sysinfo.org/startuplist.php?filter=NvSvc" target=_blank>NVIDIA Driver Helper Service</a> and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
52714. Source=Paul Collins Startup list
52715.  
52716. [nvsvca32]
52717. Number=7486
52718. Confirmed=X
52719. Filename=nvsvca32.exe
52720. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.E</a> TROJAN!
52721. Source=Paul Collins Startup list
52722.  
52723. [nvsvca32]
52724. Number=7487
52725. Confirmed=X
52726. Filename=clfmon.exe
52727. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.E</a> TROJAN!
52728. Source=Paul Collins Startup list
52729.  
52730. [NVSystem32]
52731. Number=7488
52732. Confirmed=X
52733. Filename=nvscv32.exe
52734. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotno.html" target=_blank>AGOBOT-NO</a> WORM!
52735.  
52736. Source=Paul Collins Startup list
52737.  
52738. [NvUpdater]
52739. Number=7489
52740. Confirmed=X
52741. Filename=nwiz32.exe
52742. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
52743. Source=Paul Collins Startup list
52744.  
52745. [NvXplDeamon]
52746. Number=7490
52747. Confirmed=X
52748. Filename=xstyles.exe
52749. Description=Added by the SMALL.AJ VIRUS!
52750. Source=Paul Collins Startup list
52751.  
52752. [NWEReboot]
52753. Number=7491
52754. Confirmed=?
52755. Filename=dummy.exe
52756. Description=<font color="#FF0000">??</font>
52757. Source=Paul Collins Startup list
52758.  
52759. [nwiz]
52760. Number=7492
52761. Confirmed=U
52762. Filename=nwiz.exe
52763. Description=Nvidia nView Wizard - present with the newer versions of nVidia graphics cards drivers.  Allows you to immensely improve desktop layouts by setting preferences and optimizations. If you use any of the special nView features available in the control panel leave this alone - otherwise you can disable it
52764. Source=Paul Collins Startup list
52765.  
52766. [nwiz32]
52767. Number=7493
52768. Confirmed=X
52769. Filename=nwiz32.exe
52770. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinbanka.html" target=_blank>SINBANK-A</a> TROJAN!
52771. Source=Paul Collins Startup list
52772.  
52773. [Nwpopup]
52774. Number=7494
52775. Confirmed=Y
52776. Filename=Nwpopup.exe
52777. Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages
52778. Source=Paul Collins Startup list
52779.  
52780. [nwrecmsg]
52781. Number=7495
52782. Confirmed=U
52783. Filename=nwrecmsg.exe
52784. Description=Broadcast message handler part of <a href="http://www.novell.com/products/netware/" target=_blank>Novell Netware</a> that displays server, printer and other messages - can cause crashes
52785. Source=Paul Collins Startup list
52786.  
52787. [nwss]
52788. Number=7496
52789. Confirmed=U
52790. Filename=Sp0.exe
52791. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052614-0022-99" target="_blank">SpyOutside</a> surveillance software. Uninstall this software unless you put it there yourself
52792. Source=Paul Collins Startup list
52793.  
52794. [NWTRAY]
52795. Number=7497
52796. Confirmed=Y
52797. Filename=nwtray.exe
52798. Description=<a href="http://www.novell.com/products/netware/" target="_blank">Novell Netware</a>. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client
52799. Source=Paul Collins Startup list
52800.  
52801. [oadaemon]
52802. Number=7498
52803. Confirmed=?
52804. Filename=oadaemon.exe
52805. Description=Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. <font color="#FF0000">Can it be started manually?</font>
52806. Source=Paul Collins Startup list
52807.  
52808. [oahstifr]
52809. Number=7499
52810. Confirmed=Y
52811. Filename=oahstifr.exe
52812. Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
52813. Source=Paul Collins Startup list
52814.  
52815. [OAKSTART]
52816. Number=7500
52817. Confirmed=U
52818. Filename=OAKSTART.EXE
52819. Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
52820. Source=Paul Collins Startup list
52821.  
52822. [OAKTASK]
52823. Number=7501
52824. Confirmed=N
52825. Filename=OAKTASK.EXE
52826. Description=Taskbar utility for a "control panel" for a CD-RW
52827. Source=Paul Collins Startup list
52828.  
52829. [OASClnt]
52830. Number=7502
52831. Confirmed=U
52832. Filename=oasclnt.exe
52833. Description=McAfee VirusScan On-Access Scan Client service
52834. Source=Paul Collins Startup list
52835.  
52836. [Object Store Server]
52837. Number=7503
52838. Confirmed=Y
52839. Filename=osserver.exe
52840. Description=Comes with <a href="http://www.hypertextstudio.com" target="_blank">HyperTextStudio</a>. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
52841. Source=Paul Collins Startup list
52842.  
52843. [objtjprx]
52844. Number=7504
52845. Confirmed=?
52846. Filename=objtjprx.exe
52847. Description=<font color="#FF0000">??</font>
52848. Source=Paul Collins Startup list
52849.  
52850. [obsver]
52851. Number=7505
52852. Confirmed=?
52853. Filename=obsver.exe
52854. Description=Part of <a href="http://www.lingoware.com/english/" target=_blank>LingoWare</a> translating software - <font color="#FF0000">what does it do and is it required?</font>
52855. Source=Paul Collins Startup list
52856.  
52857. [OCAudioIni]
52858. Number=7506
52859. Confirmed=N
52860. Filename=OCAudioIni.exe
52861. Description=<a href="http://www.streamware-dev.com/products.html" target="_blank">One-click Audio Converter</a> - allows you to convert files of multiple audio formats right from Windows Explorer
52862. Source=Paul Collins Startup list
52863.  
52864. [ocraware]
52865. Number=7507
52866. Confirmed=N
52867. Filename=ocraware.exe
52868. Description=<u>O</u>ptical <u>C</u>haracter <u>R</u>ecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
52869. Source=Paul Collins Startup list
52870.  
52871. [Octoshape Streaming Services]
52872. Number=7508
52873. Confirmed=U
52874. Filename=OctoshapeClient.exe
52875. Description=<a href="http://www.octoshape.com/" target="_blank">Octoshape</a> Live Streaming - "is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"
52876. Source=Paul Collins Startup list
52877.  
52878. [ocx32]
52879. Number=7509
52880. Confirmed=X
52881. Filename=ocx32.exe
52882. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
52883. Source=Paul Collins Startup list
52884.  
52885. [OCXUPDT32]
52886. Number=7510
52887. Confirmed=X
52888. Filename=ocxupdt32.exe
52889. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotif.html" target=_blank>AGOBOT-IF</a> WORM!
52890. Source=Paul Collins Startup list
52891.  
52892. [OD]
52893. Number=7511
52894. Confirmed=X
52895. Filename=SYSCNTR.EXE
52896. Description=HotVideo dialler
52897. Source=Paul Collins Startup list
52898.  
52899. [od-matrxx]
52900. Number=7512
52901. Confirmed=X
52902. Filename=od-matrxx.exe
52903. Description=Adult dialler - xx can be any number
52904. Source=Paul Collins Startup list
52905.  
52906. [od-stndxx]
52907. Number=7513
52908. Confirmed=X
52909. Filename=od-stndxx.exe
52910. Description=Adult dialler - xx can be any number
52911. Source=Paul Collins Startup list
52912.  
52913. [od-teenxx]
52914. Number=7514
52915. Confirmed=X
52916. Filename=od-teenxx.exe
52917. Description=Adult dialler - xx can be any number
52918. Source=Paul Collins Startup list
52919.  
52920. [ODBC BackUp]
52921. Number=7515
52922. Confirmed=U
52923. Filename=fdxxl.exe
52924. Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
52925. Source=Paul Collins Startup list
52926.  
52927. [oddworldz.exe]
52928. Number=7516
52929. Confirmed=X
52930. Filename=oddworldz.exe
52931. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidreg.html" target=_blank>MULTIDR-EG</a> TROJAN!
52932. Source=Paul Collins Startup list
52933.  
52934. [Odometer]
52935. Number=7517
52936. Confirmed=N
52937. Filename=Odometer.EXE
52938. Description=Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
52939. Source=Paul Collins Startup list
52940.  
52941. [ODSPConfig]
52942. Number=7518
52943. Confirmed=U
52944. Filename=ODSPConfig.exe
52945. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092111-1952-99" target="_blank">DsktopSurveil</a> surveillance software. Uninstall this software if you did not install it yourself
52946. Source=Paul Collins Startup list
52947.  
52948. [Oeloader]
52949. Number=7519
52950. Confirmed=X
52951. Filename=Oeloader.exe
52952. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
52953. Source=Paul Collins Startup list
52954.  
52955. [OEM Tools 32]
52956. Number=7520
52957. Confirmed=X
52958. Filename=tres32.exe
52959. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QB&VSect=T" target="_blank">RBOT.QB</a> WORM!
52960. Source=Paul Collins Startup list
52961.  
52962. [OEM32 Tools]
52963. Number=7521
52964. Confirmed=X
52965. Filename=sres32.exe
52966. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
52967. Source=Paul Collins Startup list
52968.  
52969. [OEMCLEANUP]
52970. Number=7522
52971. Confirmed=N
52972. Filename=oemreset.exe
52973. Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
52974. Source=Paul Collins Startup list
52975.  
52976. [OEMRESET]
52977. Number=7523
52978. Confirmed=U
52979. Filename=oemreset.exe
52980. Description=Resets OEM installation settings at bootup. Not required unless you're new to PC's
52981. Source=Paul Collins Startup list
52982.  
52983. [OEMRUNONCE]
52984. Number=7524
52985. Confirmed=U
52986. Filename=oemrun.exe
52987. Description=Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished
52988. Source=Paul Collins Startup list
52989.  
52990. [oeplugin]
52991. Number=7525
52992. Confirmed=U
52993. Filename=bxOEPlugin.exe
52994. Description=<a href="http://www.baxbex.com/nohtml.html" target=_blank>noHTML</a> for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text
52995. Source=Paul Collins Startup list
52996.  
52997. [OEPowerPlugs]
52998. Number=7526
52999. Confirmed=?
53000. Filename=winoeinit.exe
53001. Description=<font color="#FF0000">??</font>
53002. Source=Paul Collins Startup list
53003.  
53004. [oepsrv]
53005. Number=7527
53006. Confirmed=U
53007. Filename=oepsrv.exe
53008. Description=<a href="http://www.softheap.com/oeprot.html" target=_blank>Outlook Express Protector</a> is designed for controlling access to Outlook Express and its e-mail and address data bases
53009. Source=Paul Collins Startup list
53010.  
53011. [OESET]
53012. Number=7528
53013. Confirmed=X
53014. Filename=setup60.exe
53015. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7349" target="_blank">WAREZDL.28672</a> TROJAN!
53016. Source=Paul Collins Startup list
53017.  
53018. [OESpamTest]
53019. Number=7529
53020. Confirmed=U
53021. Filename=OESpamTest.ExE
53022. Description=Kaspersky <a href="http://www.kaspersky.com/antispamenterprise" target=_blank>Anti-Spam</a>
53023. Source=Paul Collins Startup list
53024.  
53025. [OEXCheck]
53026. Number=7530
53027. Confirmed=N
53028. Filename=EA2Check.exe
53029. Description=<a href="http://www.ajsystems.com/oexhome.html" target="_blank">Express Assist</a> from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
53030. Source=Paul Collins Startup list
53031.  
53032. [oe_drop_spam]
53033. Number=7531
53034. Confirmed=X
53035. Filename=oesrv.exe
53036. Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_137582.htm" target="_blank">Dropspam</a> adware
53037. Source=Paul Collins Startup list
53038.  
53039. [OE_OEM]
53040. Number=7532
53041. Confirmed=Y
53042. Filename=TMAS_OEMon.exe
53043. Description=Related to Trend Micro PC-cillin - Internet Security 12
53044.  
53045. Source=Paul Collins Startup list
53046.  
53047. [Offer Companion]
53048. Number=7533
53049. Confirmed=X
53050. Filename=offers.exe
53051. Description=Adware
53052. Source=Paul Collins Startup list
53053.  
53054. [Offers]
53055. Number=7534
53056. Confirmed=X
53057. Filename=offers.exe
53058. Description=Adware
53059. Source=Paul Collins Startup list
53060.  
53061. [Office]
53062. Number=7535
53063. Confirmed=X
53064. Filename=Office.exe
53065. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41605" target="_blank">KRAIMER.12</a> TROJAN!
53066. Source=Paul Collins Startup list
53067.  
53068. [Office Mail]
53069. Number=7536
53070. Confirmed=U
53071. Filename=off_mail.exe
53072. Description=<a href="http://www.burrotech.com/officemail.php" target=_blank>Office Mail</a> from Burrotech Ltd - "complete email solution for small/medium businesses, homes, schools and colleges. It is a small email server which forms the perfect gateway between your internal and external email"
53073.  
53074. Source=Paul Collins Startup list
53075.  
53076. [Office Mail Alerter]
53077. Number=7537
53078. Confirmed=U
53079. Filename=om_Alerter.exe
53080. Description=<a href="http://www.burrotech.com/om_alerter.php" target=_blank>Office Mail Alerter</a> - "alert <a href="http://www.burrotech.com/officemail.php" target=_blank>Office Mail</a> users when they receive new emails" via a System Tray icon
53081.  
53082. Source=Paul Collins Startup list
53083.  
53084. [Office Monitor]
53085. Number=7538
53086. Confirmed=X
53087. Filename=adv32.exe
53088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcwo.html" target="_blank">SDBOT-CWO</a> WORM!
53089. Source=Paul Collins Startup list
53090.  
53091. [Office Monitorse]
53092. Number=7539
53093. Confirmed=X
53094. Filename=[path to worm]
53095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczx.html" target="_blank">SDBOT-CZX</a> WORM!
53096. Source=Paul Collins Startup list
53097.  
53098. [Office Startup]
53099. Number=7540
53100. Confirmed=N
53101. Filename=Osa.exe
53102. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
53103. Source=Paul Collins Startup list
53104.  
53105. [Office Startup]
53106. Number=7541
53107. Confirmed=X
53108. Filename=Exploer.exe
53109. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103117-5243-99" target="_blank">GAOBOT.BV</a> WORM! Note the different filename to the valid MS Office entries
53110. Source=Paul Collins Startup list
53111.  
53112. [Office Startup]
53113. Number=7542
53114. Confirmed=N
53115. Filename=Osa9.exe
53116. Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
53117. Source=Paul Collins Startup list
53118.  
53119. [Office SturtUp]
53120. Number=7543
53121. Confirmed=X
53122. Filename=osa9.exe
53123. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickerec.html" target="_blank">CLICKER-EC</a> TROJAN! Note - this trojan is located in the Windows or Winnt folder and should not be confused with the Microsoft office program, located in Program Files\Microsoft Office\...
53124. Source=Paul Collins Startup list
53125.  
53126. [OfficeAgent]
53127. Number=7544
53128. Confirmed=X
53129. Filename=expIorer.exe
53130. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
53131. Source=Paul Collins Startup list
53132.  
53133. [OfficeAgent]
53134. Number=7545
53135. Confirmed=X
53136. Filename=outIook.exe
53137. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
53138. Source=Paul Collins Startup list
53139.  
53140. [OfficeAgent]
53141. Number=7546
53142. Confirmed=X
53143. Filename=svcrhost.exe
53144. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
53145. Source=Paul Collins Startup list
53146.  
53147. [OfficeAgent]
53148. Number=7547
53149. Confirmed=X
53150. Filename=svcshost.exe
53151. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
53152. Source=Paul Collins Startup list
53153.  
53154. [OfficeDeamon]
53155. Number=7548
53156. Confirmed=X
53157. Filename=msorunner.exe
53158. Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
53159. Source=Paul Collins Startup list
53160.  
53161. [OfficeGuard RegChecker]
53162. Number=7549
53163. Confirmed=Y
53164. Filename=ogrc.exe
53165. Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
53166. Source=Paul Collins Startup list
53167.  
53168. [OfficeGuardUI]
53169. Number=7550
53170. Confirmed=X
53171. Filename=svcss.exe
53172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerc.html" target=_blank>DEDLER-C</a> TROJAN!
53173. Source=Paul Collins Startup list
53174.  
53175. [officejet 6100]
53176. Number=7551
53177. Confirmed=?
53178. Filename=hposol08.exe
53179. Description=Associated with a HP PSC2110 (and maybe others) all-in-one machine
53180. Source=Paul Collins Startup list
53181.  
53182. [OFFICEKB]
53183. Number=7552
53184. Confirmed=U
53185. Filename=kbdap32a.EXE
53186. Description=<a href="http://www.mic-innovations.com/display.cfm?id=Keyboards" target="_blank">Micro Innovations</a> keyboard management
53187. Source=Paul Collins Startup list
53188.  
53189. [OfficeQuickAccess]
53190. Number=7553
53191. Confirmed=X
53192. Filename=OfficeHost.vbs
53193. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091615-0246-99" target=_blank>PEXMOR</a> WORM!
53194. Source=Paul Collins Startup list
53195.  
53196. [Offices]
53197. Number=7554
53198. Confirmed=X
53199. Filename=msnmgd32.exe
53200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdv.html" target=_blank>FORBOT-DV</a> WORM!
53201. Source=Paul Collins Startup list
53202.  
53203. [Offices Monitors]
53204. Number=7555
53205. Confirmed=X
53206. Filename=[path to worm]
53207. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgko.html" target="_blank">RBOT-GKO</a> WORM!
53208. Source=Paul Collins Startup list
53209.  
53210. [Offices Monitorse]
53211. Number=7556
53212. Confirmed=X
53213. Filename=[path to worm]
53214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgko.html" target="_blank">RBOT-GKO</a> WORM!
53215. Source=Paul Collins Startup list
53216.  
53217. [Offices Monitorse]
53218. Number=7557
53219. Confirmed=X
53220. Filename=algose32.exe
53221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdd.html" target="_blank">RBOT-GDD</a> WORM!
53222. Source=Paul Collins Startup list
53223.  
53224. [OfficeScan95]
53225. Number=7558
53226. Confirmed=Y
53227. Filename=pccwin97.exe
53228. Description=Trend Micro antivirus <a href="http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm" target=_blank>OfficeScan</a>
53229. Source=Paul Collins Startup list
53230.  
53231. [OfficeScanNT Monitor]
53232. Number=7559
53233. Confirmed=Y
53234. Filename=pccntmon.exe
53235. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm" target="_blank">OfficeScan</a> Antivirus real-time scan monitor
53236. Source=Paul Collins Startup list
53237.  
53238. [OFFICEXP]
53239. Number=7560
53240. Confirmed=X
53241. Filename=OFFICEXP.exe
53242. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HE&VSect=P" target=_blank>WOOTBOT.HE</a> WORM!
53243. Source=Paul Collins Startup list
53244.  
53245. [office_update]
53246. Number=7561
53247. Confirmed=X
53248. Filename=[path to trojan]
53249. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html" target=_blank>DLOADER-ZB</a> TROJAN!
53250. Source=Paul Collins Startup list
53251.  
53252. [OfotoNow USB Detection]
53253. Number=7562
53254. Confirmed=N
53255. Filename=Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow
53256. Description=Autodetects when a digital camera is attached to a USB port and launches <a href="http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&US=0&c=f_on">OfotoNow</a> image software. Available via Start -> Programs
53257. Source=Paul Collins Startup list
53258.  
53259. [ogrc]
53260. Number=7563
53261. Confirmed=Y
53262. Filename=ogrc.exe
53263. Description=<a href="http://www.kaspersky.com/" target="_blank">Kaspersky Labs</a> anti-virus
53264. Source=Paul Collins Startup list
53265.  
53266. [Oil Change]
53267. Number=7564
53268. Confirmed=N
53269. Filename=OCTray32.exe
53270. Description=From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
53271. Source=Paul Collins Startup list
53272.  
53273. [OIM]
53274. Number=7565
53275. Confirmed=?
53276. Filename=oim.exe
53277. Description=<font color="#FF0000">Related to the <a href="http://www.o2.co.uk/" target="_blank">O2</a> (was "genie") mobile phone service. What does it do and is it required?</font>
53278. Source=Paul Collins Startup list
53279.  
53280. [OKI LPR Utility]
53281. Number=7566
53282. Confirmed=U
53283. Filename=okilpr.exe
53284. Description=OKI printer utility
53285. Source=Paul Collins Startup list
53286.  
53287. [OLE]
53288. Number=7567
53289. Confirmed=X
53290. Filename=[filename]
53291. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012915-2315-99" target="_blank">STAWIN</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-1006-99" target="_blank">TARNO.D</a> TROJANS!
53292. Source=Paul Collins Startup list
53293.  
53294. [OLE Automation Server]
53295. Number=7568
53296. Confirmed=X
53297. Filename=ole32aut.vbe
53298. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
53299. Source=Paul Collins Startup list
53300.  
53301. [oleaccrc]
53302. Number=7569
53303. Confirmed=X
53304. Filename=oleaccrc.exe
53305. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as TrojanDownloader.Agent.am
53306. Source=Paul Collins Startup list
53307.  
53308. [OLEDb Service]
53309. Number=7570
53310. Confirmed=X
53311. Filename=runoledb32.exe
53312. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreb.html" target=_blank>SPYRE.B</a> TROJAN!
53313. Source=Paul Collins Startup list
53314.  
53315. [olehelp]
53316. Number=7571
53317. Confirmed=X
53318. Filename=olehelp.exe
53319. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012315-4733-99" target="_blank">BOOKMARKER.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3240-99" target="_blank">BOOKMARKER.G</a> TROJANS!
53320. Source=Paul Collins Startup list
53321.  
53322. [OleLoader]
53323. Number=7572
53324. Confirmed=X
53325. Filename=ole32.exe
53326. Description=Added by the DELF.BR TROJAN!
53327. Source=Paul Collins Startup list
53328.  
53329. [olesvr]
53330. Number=7573
53331. Confirmed=U
53332. Filename=olesvr.exe
53333. Description=Salfeld <a href="http://www.salfeld.com/software/childcontrol/index.html" target="_blank">Child Control</a> - parental control software
53334. Source=Paul Collins Startup list
53335.  
53336. [Olive System]
53337. Number=7574
53338. Confirmed=X
53339. Filename=Szchost.exe
53340. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042216-3333-99" target="_blank">MERCURYCAS.A</a> TROJAN!
53341. Source=Paul Collins Startup list
53342.  
53343. [Olympic]
53344. Number=7575
53345. Confirmed=X
53346. Filename=IE4321.exe
53347. Description=Adult content premium rate dialer - also detected as SMALL.CZ
53348. Source=Paul Collins Startup list
53349.  
53350. [Omf4]
53351. Number=7576
53352. Confirmed=X
53353. Filename=OMF4.EXE
53354. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011116-0904-99" target="_blank">FREEMEGA</a> TROJAN!
53355. Source=Paul Collins Startup list
53356.  
53357. [OmgStartup]
53358. Number=7577
53359. Confirmed=N
53360. Filename=omgstartup.exe
53361. Description=Sony program called OpenMG Jukebox - player and music organizer
53362. Source=Paul Collins Startup list
53363.  
53364. [OmniHTTPd]
53365. Number=7578
53366. Confirmed=U
53367. Filename=ohttpd.exe
53368. Description=<a href="http://www.omnicron.ca/httpd/" target="_blank">OmniHTTPd</a> web server from Omnicron
53369. Source=Paul Collins Startup list
53370.  
53371. [OmniPage]
53372. Number=7579
53373. Confirmed=N
53374. Filename=Opware32.exe
53375. Description=Part of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - "the fastest, easiest way to turn paper documents into digital files you can edit". Links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page". Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
53376. Source=Paul Collins Startup list
53377.  
53378. [OmniPass]
53379. Number=7580
53380. Confirmed=U
53381. Filename=scureapp.exe
53382. Description=OmniPass from <a href="http://www.softexinc.com/" target="_blank">Softex Inc.</a> - secure password management software
53383. Source=Paul Collins Startup list
53384.  
53385. [OM_Monitor]
53386. Number=7581
53387. Confirmed=U
53388. Filename=FirstStart.exe
53389. Description=<a href="http://www.olympus.co.uk/consumer/205_Olympus_Master_Software.htm" target=_blank>Olympus Master</a> - digital camera management tools
53390.  
53391. Source=Paul Collins Startup list
53392.  
53393. [OM_Monitor]
53394. Number=7582
53395. Confirmed=U
53396. Filename=MONITOR.EXE
53397. Description=<a href="http://www.olympus.co.uk/consumer/205_Olympus_Master_Software.htm" target=_blank>Olympus Master</a> - digital camera management tools
53398.  
53399. Source=Paul Collins Startup list
53400.  
53401. [On Screen Display]
53402. Number=7583
53403. Confirmed=U
53404. Filename=OSD.EXE
53405. Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
53406. Source=Paul Collins Startup list
53407.  
53408. [once]
53409. Number=7584
53410. Confirmed=X
53411. Filename=help.exe
53412. Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
53413. Source=Paul Collins Startup list
53414.  
53415. [One Touch Monitor]
53416. Number=7585
53417. Confirmed=N
53418. Filename=OneTouchMonitor.exe
53419. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53420. Source=Paul Collins Startup list
53421.  
53422. [One Touch Monitor]
53423. Number=7586
53424. Confirmed=N
53425. Filename=1tou~2.exe
53426. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53427. Source=Paul Collins Startup list
53428.  
53429. [One Touch Monitor]
53430. Number=7587
53431. Confirmed=N
53432. Filename=ONETOU~2.EXE
53433. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53434. Source=Paul Collins Startup list
53435.  
53436. [OneCareUI]
53437. Number=7588
53438. Confirmed=Y
53439. Filename=winssnotify.exe
53440. Description=Related to <a href="http://www.windowsonecare.com/" target=_blank>Windows OneCare Live</a> from Microsoft
53441. Source=Paul Collins Startup list
53442.  
53443. [OneTouch Monitor]
53444. Number=7589
53445. Confirmed=N
53446. Filename=OneTouchMon.exe
53447. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53448. Source=Paul Collins Startup list
53449.  
53450. [OneTouchMonitor]
53451. Number=7590
53452. Confirmed=N
53453. Filename=OneTouchMonitor.exe
53454. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53455. Source=Paul Collins Startup list
53456.  
53457. [OneTouchMonitor]
53458. Number=7591
53459. Confirmed=N
53460. Filename=1tou~2.exe
53461. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53462. Source=Paul Collins Startup list
53463.  
53464. [OneTouchMonitor]
53465. Number=7592
53466. Confirmed=N
53467. Filename=ONETOU~2.EXE
53468. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53469. Source=Paul Collins Startup list
53470.  
53471. [ONETOU~2]
53472. Number=7593
53473. Confirmed=N
53474. Filename=OneTouchMonitor.exe
53475. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53476. Source=Paul Collins Startup list
53477.  
53478. [ONETOU~2]
53479. Number=7594
53480. Confirmed=N
53481. Filename=1tou~2.exe
53482. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53483. Source=Paul Collins Startup list
53484.  
53485. [ONETOU~2]
53486. Number=7595
53487. Confirmed=N
53488. Filename=ONETOU~2.EXE
53489. Description=For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
53490. Source=Paul Collins Startup list
53491.  
53492. [Onflow]
53493. Number=7596
53494. Confirmed=X
53495. Filename=onflow.exe
53496. Description=Onflow is a internet company that offers an online advertising program. Not required - uninstall
53497. Source=Paul Collins Startup list
53498.  
53499. [OnfolioStorage]
53500. Number=7597
53501. Confirmed=U
53502. Filename=onfserv.exe
53503. Description="<a href="http://www.onfolio.com/" target="_blank">Onfolio</a> is the complete solution for collecting, organizing and sharing online content"
53504. Source=Paul Collins Startup list
53505.  
53506. [online cdrom]
53507. Number=7598
53508. Confirmed=?
53509. Filename=Active acid.exe
53510. Description=<font color="#FF0000">??</font>
53511. Source=Paul Collins Startup list
53512.  
53513. [Online Service]
53514. Number=7599
53515. Confirmed=X
53516. Filename=svchost.exe
53517. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111717-3802-99" target="_blank">HOSTIDEL.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020316-5221-99" target="_blank">HOSTIDEL.C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022617-1556-99" target="_blank">TARNO.B</a> TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
53518. Source=Paul Collins Startup list
53519.  
53520. [OnlinePCfix SmoothSurfer]
53521. Number=7600
53522. Confirmed=U
53523. Filename=SS.exe
53524. Description=<a href="http://www.smooth-surfer.com/" target="_blank">Smooth-Surfer</a> - blocks banners, ads, popups, and cleans MRU and Recent file lists
53525. Source=Paul Collins Startup list
53526.  
53527. [OnlineTime]
53528. Number=7601
53529. Confirmed=N
53530. Filename=onlinetime.exe
53531. Description=<a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html">OnlineTimer</a> - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
53532. Source=Paul Collins Startup list
53533.  
53534. [online_party]
53535. Number=7602
53536. Confirmed=X
53537. Filename=online_party.exe
53538. Description=Adult content dialler
53539. Source=Paul Collins Startup list
53540.  
53541. [Onluna Sarvice]
53542. Number=7603
53543. Confirmed=X
53544. Filename=sachost.exe
53545. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeraa.html" target="_blank">TOFGER-AA</a> TROJAN!
53546. Source=Paul Collins Startup list
53547.  
53548. [Onlune Sarvice]
53549. Number=7604
53550. Confirmed=X
53551. Filename=sachost.exe
53552. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonij.html" target="_blank">DAEMONI-J</a> TROJAN!
53553. Source=Paul Collins Startup list
53554.  
53555. [only23]
53556. Number=7605
53557. Confirmed=X
53558. Filename=SCVHOST.exe
53559. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpuq.html" target="_blank">PUQ</a> TROJAN!
53560. Source=Paul Collins Startup list
53561.  
53562. [OnSrvr]
53563. Number=7606
53564. Confirmed=X
53565. Filename=OnSrvr.exe
53566. Description=OnWebMedia adware
53567. Source=Paul Collins Startup list
53568.  
53569. [oo4]
53570. Number=7607
53571. Confirmed=X
53572. Filename=RunDLL32.EXE [path] oo4.dll, DllRun
53573. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BookedSpace&threatid=3275" target=_blank>BookedSpace</a> parasite
53574. Source=Paul Collins Startup list
53575.  
53576. [OOLHELPT]
53577. Number=7608
53578. Confirmed=?
53579. Filename=OOLHELPT.exe
53580. Description=<font color="#FF0000">??</font>
53581. Source=Paul Collins Startup list
53582.  
53583. [OP12 Reminder]
53584. Number=7609
53585. Confirmed=N
53586. Filename=Ereg.exe
53587. Description=Registration reminder for <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft)
53588. Source=Paul Collins Startup list
53589.  
53590. [OpAgent]
53591. Number=7610
53592. Confirmed=U
53593. Filename=OpAgent.exe
53594. Description=Part of Nuance (was Scansoft) <a href="http://www.nuance.com/omnipage/" target=_blank>OmniPage Pro</a> document conversion software
53595. Source=Paul Collins Startup list
53596.  
53597. [Open Service Drivers]
53598. Number=7611
53599. Confirmed=X
53600. Filename=opiater.exe
53601. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
53602. Source=Paul Collins Startup list
53603.  
53604. [Open Site]
53605. Number=7612
53606. Confirmed=X
53607. Filename=opnste.exe
53608. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-1431-99" target="_blank">OpenSite</a> adware
53609. Source=Paul Collins Startup list
53610.  
53611. [Open Site]
53612. Number=7613
53613. Confirmed=X
53614. Filename=opensite.exe
53615. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102717-1431-99" target="_blank">OpenSite</a> adware
53616. Source=Paul Collins Startup list
53617.  
53618. [Open2Enter]
53619. Number=7614
53620. Confirmed=X
53621. Filename=runme.exe
53622. Description=Adult content dialler
53623. Source=Paul Collins Startup list
53624.  
53625. [Open2Enter]
53626. Number=7615
53627. Confirmed=X
53628. Filename=runme2.exe
53629. Description=Adult content dialler
53630. Source=Paul Collins Startup list
53631.  
53632. [OpenGL Drivers]
53633. Number=7616
53634. Confirmed=X
53635. Filename=0penGLD.exe
53636. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yimpa.html" target=_blank>YIMP-A</a> WORM!
53637. Source=Paul Collins Startup list
53638.  
53639. [OpenMstart]
53640. Number=7617
53641. Confirmed=X
53642. Filename=mcmgr32.exe
53643. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
53644.  
53645. Source=Paul Collins Startup list
53646.  
53647. [OpenMstart]
53648. Number=7618
53649. Confirmed=X
53650. Filename=mmgr32.exe
53651. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
53652.  
53653. Source=Paul Collins Startup list
53654.  
53655. [OpenMstart]
53656. Number=7619
53657. Confirmed=X
53658. Filename=Snt.exe
53659. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchd.html" target= blank>"Switch"</a> premium rate adult content dialler
53660. Source=Paul Collins Startup list
53661.  
53662. [OpenOffice.org *.*.*]
53663. Number=7620
53664. Confirmed=N
53665. Filename=quickstart.exe
53666. Description=<a href="http://www.openoffice.org/" target=_blank>OpenOffice.org</a> office suite quick start (where "*.*.*" is the version number)
53667. Source=Paul Collins Startup list
53668.  
53669. [OpenOffice.org x]
53670. Number=7621
53671. Confirmed=N
53672. Filename=QUICKS~1.EXE
53673. Description=Displays <a href="http://www.openoffice.org/" target="_blank">OpenOffice</a> quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number
53674. Source=Paul Collins Startup list
53675.  
53676. [openvpn-gui]
53677. Number=7622
53678. Confirmed=U
53679. Filename=openvpn-gui.exe
53680. Description="<a href="http://openvpn.se/" target=_blank>OpenVPN</a> is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls"
53681.  
53682. Source=Paul Collins Startup list
53683.  
53684. [Openwares LiveUpdate]
53685. Number=7623
53686. Confirmed=U
53687. Filename=LiveUpdate.exe
53688. Description=Web-update utility as used by various types of software - see <a href="http://liveupdate.openwares.org/" target="_blank">here</a>
53689. Source=Paul Collins Startup list
53690.  
53691. [Operations Typhoon Rising Registration]
53692. Number=7624
53693. Confirmed=N
53694. Filename=NOVG.EXE
53695. Description=<a href="http://www.gamespot.com/pc/action/jointoperations/" target=_blank>Joint Operations</a> registration reminder
53696. Source=Paul Collins Startup list
53697.  
53698. [Operator]
53699. Number=7625
53700. Confirmed=N
53701. Filename=??
53702. Description=Media Pilot operator, in Win.ini. Locks port open
53703. Source=Paul Collins Startup list
53704.  
53705. [Operator]
53706. Number=7626
53707. Confirmed=U
53708. Filename=xtmop.exe
53709. Description=Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
53710. Source=Paul Collins Startup list
53711.  
53712. [OpiStat]
53713. Number=7627
53714. Confirmed=N
53715. Filename=OPISTAT.EXE
53716. Description=<a href="http://www.opistat.com/mp/index.html" target="_blank">OpiStat</a> is a European Research Institute whose goal is to understand consumer needs and opinions better
53717. Source=Paul Collins Startup list
53718.  
53719. [OPQFile]
53720. Number=7628
53721. Confirmed=X
53722. Filename=regedit.exe /s ...rad03FA6.tmp
53723. Description=Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
53724. Source=Paul Collins Startup list
53725.  
53726. [opr]
53727. Number=7629
53728. Confirmed=X
53729. Filename=opr.exe
53730. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
53731. Source=Paul Collins Startup list
53732.  
53733. [OpScheduler]
53734. Number=7630
53735. Confirmed=U
53736. Filename=OpScheduler.exe
53737. Description=Part of Nuance (was Scansoft) <a href="http://www.nuance.com/omnipage/" target=_blank>OmniPage Pro</a> document conversion software
53738. Source=Paul Collins Startup list
53739.  
53740. [opsql update check]
53741. Number=7631
53742. Confirmed=X
53743. Filename=opsql.exe
53744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacj.html" target= blank>RBOT-ACJ</a> WORM!
53745. Source=Paul Collins Startup list
53746.  
53747. [OPTIMIZER]
53748. Number=7632
53749. Confirmed=X
53750. Filename=iexplore.exe
53751. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042518-0520-99" target=_blank>EVEVINC</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
53752. Source=Paul Collins Startup list
53753.  
53754. [Optimum Online]
53755. Number=7633
53756. Confirmed=X
53757. Filename=Netsurf.exe
53758. Description=OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity
53759. Source=Paul Collins Startup list
53760.  
53761. [Optional Web Drivers For WIN32]
53762. Number=7634
53763. Confirmed=X
53764. Filename=phqghume.exe
53765. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
53766. Source=Paul Collins Startup list
53767.  
53768. [OPTMOUSEMOUSE]
53769. Number=7635
53770. Confirmed=U
53771. Filename=optmouse.exe
53772. Description=Related to a <a href="http://www.samsung.com/" target=_blank>Samsung</a> optical mouse
53773. Source=Paul Collins Startup list
53774.  
53775. [Optus Cable Data Monitor]
53776. Number=7636
53777. Confirmed=U
53778. Filename=datamonitor.exe
53779. Description=Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits"
53780. Source=Paul Collins Startup list
53781.  
53782. [OptusNetUsage]
53783. Number=7637
53784. Confirmed=U
53785. Filename=OptusNet Usage Meter.exe
53786. Description=Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be
53787. Source=Paul Collins Startup list
53788.  
53789. [Opware12]
53790. Number=7638
53791. Confirmed=N
53792. Filename=Opware12.exe
53793. Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 12. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
53794. Source=Paul Collins Startup list
53795.  
53796. [Opware14]
53797. Number=7639
53798. Confirmed=N
53799. Filename=Opware14.exe
53800. Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
53801. Source=Paul Collins Startup list
53802.  
53803. [Opware15]
53804. Number=7640
53805. Confirmed=N
53806. Filename=Opware15.exe
53807. Description=<a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft) - version 14. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
53808. Source=Paul Collins Startup list
53809.  
53810. [OpwareSE2]
53811. Number=7641
53812. Confirmed=N
53813. Filename=OpwareSE2.exe
53814. Description=Hardware bundled version of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
53815. Source=Paul Collins Startup list
53816.  
53817. [OpwareSE4]
53818. Number=7642
53819. Confirmed=N
53820. Filename=OpwareSE4.exe
53821. Description=Hardware bundled version of <a href="http://www.nuance.com/omnipage/" target="_blank">OmniPage</a> from Nuance (was Scansoft). If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start -> Programs
53822. Source=Paul Collins Startup list
53823.  
53824. [Oracle Web-to-Go]
53825. Number=7643
53826. Confirmed=U
53827. Filename=webtogo.exe
53828. Description="<a href="http://www.oracle.com/technology/docs/tech/java/oc4j/jsp1131/orajspov.htm#1012705," target="_blank">Oracle Web-to-go</a>, a component of Oracle9i Lite, consists of a collection of modules and services that facilitate development, deployment, and management of mobile Web applications"
53829. Source=Paul Collins Startup list
53830.  
53831. [OrbitUpdate]
53832. Number=7644
53833. Confirmed=X
53834. Filename=update.exe
53835. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
53836. Source=Paul Collins Startup list
53837.  
53838. [OrbitView]
53839. Number=7645
53840. Confirmed=X
53841. Filename=view.exe
53842. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Orbit%20Explorer&threatid=14913" target=_blank>OrbitExplorer</a> toolbar related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
53843. Source=Paul Collins Startup list
53844.  
53845. [OrderReminder]
53846. Number=7646
53847. Confirmed=N
53848. Filename=OrderReminder.exe
53849. Description=The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice
53850. Source=Paul Collins Startup list
53851.  
53852. [orderShell]
53853. Number=7647
53854. Confirmed=X
53855. Filename=order****.exe [* = random char]
53856. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrun.html" target=_blank>DLOADR-UN</a> TROJAN!
53857.  
53858. Source=Paul Collins Startup list
53859.  
53860. [order_Shell]
53861. Number=7648
53862. Confirmed=X
53863. Filename=order_smey.exe
53864. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbanksnifh.html" target=_blank>BANKSNIF-H</a> TROJAN!
53865. Source=Paul Collins Startup list
53866.  
53867. [org5.exe]
53868. Number=7649
53869. Confirmed=?
53870. Filename=org5.exe
53871. Description=Lotus Organizer 5 application file, Lotus Organizer software. <font color="#FF0000">What does it do and is it required?</font>
53872. Source=Paul Collins Startup list
53873.  
53874. [OrgyCam]
53875. Number=7650
53876. Confirmed=X
53877. Filename=OrgyCam.exe
53878. Description=Adult content dialler
53879. Source=Paul Collins Startup list
53880.  
53881. [OrigRage128Tweaker]
53882. Number=7651
53883. Confirmed=U
53884. Filename=RAGE128TWEAK.EXE
53885. Description=Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
53886. Source=Paul Collins Startup list
53887.  
53888. [ORiNOCO]
53889. Number=7652
53890. Confirmed=U
53891. Filename=Cmluc.exe
53892. Description=Client Manager software for a Proxim <a href="http://www.proxim.com/products/cp/pci.html" target="_blank">ORiNOCO</a> 11a/b/g wireless LAN PCI card
53893. Source=Paul Collins Startup list
53894.  
53895. [OS Security]
53896. Number=7653
53897. Confirmed=X
53898. Filename=mswind32.pif
53899. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasu.html" target=_blank>RBOT-ASU</a> WORM!
53900. Source=Paul Collins Startup list
53901.  
53902. [OSA]
53903. Number=7654
53904. Confirmed=X
53905. Filename=winword.exe
53906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
53907. Source=Paul Collins Startup list
53908.  
53909. [Osa32]
53910. Number=7655
53911. Confirmed=X
53912. Filename=NTOSA32.exe
53913. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012912-1745-99" target="_blank">ANIG</a> WORM!
53914. Source=Paul Collins Startup list
53915.  
53916. [osCheck]
53917. Number=7656
53918. Confirmed=?
53919. Filename=osCheck.exe
53920. Description=Part of <a href="http://www.symantec.com/index.htm" target="_blank">Norton Antivirus</a>. <font color="#FF0000">What does it do and is it required?</font>
53921. Source=Paul Collins Startup list
53922.  
53923. [OSD]
53924. Number=7657
53925. Confirmed=U
53926. Filename=OSD.exe
53927. Description=By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze
53928. Source=Paul Collins Startup list
53929.  
53930. [OSS]
53931. Number=7658
53932. Confirmed=X
53933. Filename=ossproxy.exe
53934. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers
53935.  
53936. Source=Paul Collins Startup list
53937.  
53938. [OSS]
53939. Number=7659
53940. Confirmed=X
53941. Filename=rk.exe
53942. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers
53943.  
53944. Source=Paul Collins Startup list
53945.  
53946. [OSS]
53947. Number=7660
53948. Confirmed=X
53949. Filename=rlvknlg.exe
53950. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers
53951.  
53952. Source=Paul Collins Startup list
53953.  
53954. [OSSProxy]
53955. Number=7661
53956. Confirmed=X
53957. Filename=OSSPROXY.EXE
53958. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43974" target="_blank">MarketScore</a> parasite - ActiveX control used to download premium-rate dialers
53959.  
53960. Source=Paul Collins Startup list
53961.  
53962. [OStivityInvAgt]
53963. Number=7662
53964. Confirmed=U
53965. Filename=ostivity.exe
53966. Description=<a href="http://www.somix.com/products/ostivity.php" target="_blank">OStivity</a> - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"
53967. Source=Paul Collins Startup list
53968.  
53969. [Osus]
53970. Number=7663
53971. Confirmed=X
53972. Filename=acao.exe
53973. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
53974. Source=Paul Collins Startup list
53975.  
53976. [Osus]
53977. Number=7664
53978. Confirmed=X
53979. Filename=rrup.exe
53980. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. The executable is located in the user's "Application Data" folder or the Program Files\htwu folder
53981. Source=Paul Collins Startup list
53982.  
53983. [otcx]
53984. Number=7665
53985. Confirmed=X
53986. Filename=otcxxh.exe
53987. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050417-5258-99" target="_blank">CAROOL</a> TROJAN!
53988. Source=Paul Collins Startup list
53989.  
53990. [outlook]
53991. Number=7666
53992. Confirmed=X
53993. Filename=outlook.exe
53994. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotru.html" target=_blank>SDBOT-RU</a> WORM!
53995. Source=Paul Collins Startup list
53996.  
53997. [outlook]
53998. Number=7667
53999. Confirmed=X
54000. Filename=outlook.exe
54001. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021712-3034-99" target=_blank>ALCRA.F</a> WORM! Note - this is not the valid MS Office program which is found in Program Files\Microsoft Office\Office. This file is found in Program Files\Outlook
54002. Source=Paul Collins Startup list
54003.  
54004. [Outlook Express Config]
54005. Number=7668
54006. Confirmed=X
54007. Filename=*****.exe [* = random char]
54008. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
54009. Source=Paul Collins Startup list
54010.  
54011. [Outlook Express Protocol]
54012. Number=7669
54013. Confirmed=X
54014. Filename=look.exe
54015. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacs.html" target=_blank>RBOT-ACS</a> WORM!
54016. Source=Paul Collins Startup list
54017.  
54018. [Outlook Mail Services]
54019. Number=7670
54020. Confirmed=X
54021. Filename=express.exe
54022. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CJN&VSect=P" target=_blank>RBOT.CJN</a> WORM!
54023. Source=Paul Collins Startup list
54024.  
54025. [Outlook Mail Services]
54026. Number=7671
54027. Confirmed=X
54028. Filename=outlook.exe
54029. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbka.html" target="_blank">RBOT-BKA</a> TROJAN! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the System (9x/Me) or System32 (NT/2K/XP) folder
54030. Source=Paul Collins Startup list
54031.  
54032. [OutLooks]
54033. Number=7672
54034. Confirmed=X
54035. Filename=InSane.exe
54036. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050414-5512-99" target= blank>SWOOP</a> TROJAN!
54037. Source=Paul Collins Startup list
54038.  
54039. [Outpost Firewall]
54040. Number=7673
54041. Confirmed=Y
54042. Filename=outpost.exe
54043. Description=<a href="http://www.agnitum.com/products/outpost/" target="_blank">Outpost</a> personal firewall
54044. Source=Paul Collins Startup list
54045.  
54046. [OutpostFeedBack]
54047. Number=7674
54048. Confirmed=Y
54049. Filename=feedback.exe
54050. Description=Part of <a href="http://www.agnitum.co.uk/index.php?page=products&sub=ofp1" target="_blank">Outpost</a> firewall by Agnitum. The feedback service is for reporting issues directly to Agnitum from within OP
54051. Source=Paul Collins Startup list
54052.  
54053. [outpostupdate]
54054. Number=7675
54055. Confirmed=X
54056. Filename=outpostupdate.exe
54057. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamc.html" target=_blank>COSIAM-C</a> TROJAN!
54058. Source=Paul Collins Startup list
54059.  
54060. [Outwar]
54061. Number=7676
54062. Confirmed=X
54063. Filename=syslaunch.exe
54064. Description=Outwar adware downloader
54065. Source=Paul Collins Startup list
54066.  
54067. [OVCJ]
54068. Number=7677
54069. Confirmed=?
54070. Filename=ovcj.exe
54071. Description=<font color="#FF0000">??</font>
54072. Source=Paul Collins Startup list
54073.  
54074. [Overnet]
54075. Number=7678
54076. Confirmed=N
54077. Filename=Overnet.exe
54078. Description=<a href="http://www.overnet.com/" target="_blank">Overnet</a> peer-to-peer (P2P) file sharing program
54079. Source=Paul Collins Startup list
54080.  
54081. [ovyriwi]
54082. Number=7679
54083. Confirmed=X
54084. Filename=telace.exe
54085. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BVS" target=_blank>SDBOT.BVS</a> WORM!
54086. Source=Paul Collins Startup list
54087.  
54088. [OWCCardbusTray]
54089. Number=7680
54090. Confirmed=U
54091. Filename=ocbtray.exe
54092. Description=Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
54093. Source=Paul Collins Startup list
54094.  
54095. [OWCWebCamDV]
54096. Number=7681
54097. Confirmed=U
54098. Filename=wcdvtray.exe
54099. Description=<a href="http://www.orangemicro.com/webcamdv.html" target="_blank">WebCamDV</a> from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
54100. Source=Paul Collins Startup list
54101.  
54102. [OWMngr]
54103. Number=7682
54104. Confirmed=X
54105. Filename=OWMngr.exe
54106. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112514-4643-99" target="_blank">OnWebMedia/SearchSeekFind</a> advertising foistware
54107. Source=Paul Collins Startup list
54108.  
54109. [OxigenClientAdmin]
54110. Number=7683
54111. Confirmed=U
54112. Filename=Oxigen.exe
54113. Description=Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver
54114. Source=Paul Collins Startup list
54115.  
54116. [oz2]
54117. Number=7684
54118. Confirmed=X
54119. Filename=oz2.exe
54120. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM!
54121. Source=Paul Collins Startup list
54122.  
54123. [P0w3rF1Y]
54124. Number=7685
54125. Confirmed=X
54126. Filename=svchost.exe
54127. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormm.html" target=_blank>MM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
54128. Source=Paul Collins Startup list
54129.  
54130. [P17Helper]
54131. Number=7686
54132. Confirmed=U
54133. Filename=Rundll32 P17.dll, P17Helper
54134. Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
54135. Source=Paul Collins Startup list
54136.  
54137. [P2P NETWORKING]
54138. Number=7687
54139. Confirmed=N
54140. Filename=P2P Networking.exe
54141. Description=Peer to Peer (P2P) sharing of files on the internet
54142. Source=Paul Collins Startup list
54143.  
54144. [P2P Networking]
54145. Number=7688
54146. Confirmed=N
54147. Filename=P2P
54148. Description=Peer to Peer (P2P) sharing of files on the internet
54149. Source=Paul Collins Startup list
54150.  
54151. [p2p networking]
54152. Number=7689
54153. Confirmed=X
54154. Filename=p2pnetworking.exe
54155. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotecp.html" target="_blank">RBOT-ECP</a> WORM!
54156. Source=Paul Collins Startup list
54157.  
54158. [P2P Networking2]
54159. Number=7690
54160. Confirmed=X
54161. Filename= P2P Networking2.exe
54162. Description=P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately
54163. Source=Paul Collins Startup list
54164.  
54165. [P2P Networking3]
54166. Number=7691
54167. Confirmed=N
54168. Filename=P2P Networking3.exe
54169. Description=P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see <a href="http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml" target="_blank">here</a>
54170. Source=Paul Collins Startup list
54171.  
54172. [p2pnetwork]
54173. Number=7692
54174. Confirmed=X
54175. Filename=p2pnetwork.exe
54176. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A" target=_blank>ALCAN.A</a> WORM!
54177. Source=Paul Collins Startup list
54178.  
54179. [p2pnetworking]
54180. Number=7693
54181. Confirmed=X
54182. Filename=p2pnetworking.exe
54183. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafl.html" target=_blank>RBOT-AFL</a> WORM!
54184. Source=Paul Collins Startup list
54185.  
54186. [P3p4chk]
54187. Number=7694
54188. Confirmed=X
54189. Filename=P3p4chk.exe
54190. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
54191. Source=Paul Collins Startup list
54192.  
54193. [p4mx4]
54194. Number=7695
54195. Confirmed=X
54196. Filename=p4mx4.exe
54197. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
54198. Source=Paul Collins Startup list
54199.  
54200. [PaciSoft]
54201. Number=7696
54202. Confirmed=X
54203. Filename=pacis.exe
54204. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target= blank>PacerD Media/Pacimedia.com</a> adware installer
54205. Source=Paul Collins Startup list
54206.  
54207. [Packard Bell EverSafe Tray Control]
54208. Number=7697
54209. Confirmed=?
54210. Filename=TrayControl.exe
54211. Description=Packard Bell EverSafe software. <font color="#FF0000">What does it do, and is it required?</font>
54212. Source=Paul Collins Startup list
54213.  
54214. [PadTouch]
54215. Number=7698
54216. Confirmed=N
54217. Filename=PadExe.exe
54218. Description=Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad
54219. Source=Paul Collins Startup list
54220.  
54221. [Pagekeeper Jobs]
54222. Number=7699
54223. Confirmed=U
54224. Filename=pkjobs.exe
54225. Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
54226. Source=Paul Collins Startup list
54227.  
54228. [Pagekeeper Lite]
54229. Number=7700
54230. Confirmed=U
54231. Filename=pkjobs.exe
54232. Description=PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
54233. Source=Paul Collins Startup list
54234.  
54235. [PAgent]
54236. Number=7701
54237. Confirmed=X
54238. Filename=PAgent.exe
54239. Description=Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> servers and tells it what, if anything, is found
54240. Source=Paul Collins Startup list
54241.  
54242. [Pagis Scheduler]
54243. Number=7702
54244. Confirmed=N
54245. Filename=Monitor.exe
54246. Description=Scheduler for the Pagis scanning suite from Scansoft (now Nuance)
54247. Source=Paul Collins Startup list
54248.  
54249. [pagmstart]
54250. Number=7703
54251. Confirmed=?
54252. Filename=client.exe
54253. Description=<font color="#FF0000">??</font>
54254. Source=Paul Collins Startup list
54255.  
54256. [Pagoo]
54257. Number=7704
54258. Confirmed=N
54259. Filename=PAGOO.EXE
54260. Description=<a href="http://www.pagoo.com/cc.asp" target="_blank">Pagoo</a> - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
54261. Source=Paul Collins Startup list
54262.  
54263. [paint.exe]
54264. Number=7705
54265. Confirmed=X
54266. Filename=shnlog.exe
54267. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpupera.html" target= blank>PUPER-A</a> TROJAN!
54268. Source=Paul Collins Startup list
54269.  
54270. [PaintingRoom evidence monitor]
54271. Number=7706
54272. Confirmed=X
54273. Filename=paintingroom.exe
54274. Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
54275. Source=Paul Collins Startup list
54276.  
54277. [PaintingRoom smile monitor]
54278. Number=7707
54279. Confirmed=X
54280. Filename=paintingroom.exe
54281. Description=Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
54282. Source=Paul Collins Startup list
54283.  
54284. [PAL Evidence Eliminator]
54285. Number=7708
54286. Confirmed=N
54287. Filename=Cleaner.exe
54288. Description=<a href="http://www.pal-evidence-eliminator.com/" target=_blank>PAL Evidence Eliminator</a> - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
54289.  
54290. Source=Paul Collins Startup list
54291.  
54292. [Palm Desktop]
54293. Number=7709
54294. Confirmed=N
54295. Filename=Palm.exe
54296. Description=<a href="http://www.palm.com/us/support/downloads/win_desktop.html" target="_blank">Palm Desktop Software</a> for use with Palm handheld devices. Available via Start -> Programs
54297. Source=Paul Collins Startup list
54298.  
54299. [Palm MultiUser Config]
54300. Number=7710
54301. Confirmed=?
54302. Filename=Configtool.exe
54303. Description=<font color="#FF0000">MultiUser configuration for a Palm PDA device?. Is it required?</font>
54304. Source=Paul Collins Startup list
54305.  
54306. [palmOne Registration]
54307. Number=7711
54308. Confirmed=N
54309. Filename=register.exe
54310. Description=Registration reminder for <a href="http://www.palm.com/us/" target=blank>Palm</a> products
54311. Source=Paul Collins Startup list
54312.  
54313. [PalNetaware]
54314. Number=7712
54315. Confirmed=X
54316. Filename=pnetaware.exe
54317. Description=PalTalk adware - as included in Morpheus
54318. Source=Paul Collins Startup list
54319.  
54320. [PaltalkNetaware.exe]
54321. Number=7713
54322. Confirmed=N
54323. Filename=PALNETAW~1.EXE
54324. Description=Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated
54325. Source=Paul Collins Startup list
54326.  
54327. [pamela.exe]
54328. Number=7714
54329. Confirmed=U
54330. Filename=pamela.exe
54331. Description=<a href="http://www.pamela-systems.com/" target=_blank>Pamela</a> is a plug-in or add-on that adds features to <a href="http://www.skype.com/" target=_blank>Skype</a> peer to peer voice service
54332. Source=Paul Collins Startup list
54333.  
54334. [Panasonic Communications Utility]
54335. Number=7715
54336. Confirmed=U
54337. Filename=Mfpscdl.exe
54338. Description=Port manager for <a href="http://www.panasonic.ca/English/Office/officefax/index.asp" target=_blank>Panasonic Panafax</a> fax_machines
54339.  
54340. Source=Paul Collins Startup list
54341.  
54342. [Panasonic HotKey Manager]
54343. Number=7716
54344. Confirmed=U
54345. Filename=HKEYAPP.EXE
54346. Description=HotKey management for Panasonic rugged mobile PCs
54347. Source=Paul Collins Startup list
54348.  
54349. [Panda Antispam Server Service]
54350. Number=7717
54351. Confirmed=U
54352. Filename=PasSrv.exe
54353. Description=AntiSpam software, part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda</a> Platinum Internet Security
54354. Source=Paul Collins Startup list
54355.  
54356. [Panda Cleaner]
54357. Number=7718
54358. Confirmed=Y
54359. Filename=pavdr.exe
54360. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target= blank>Panda</a> software related - possibly Panda ActiveScan
54361. Source=Paul Collins Startup list
54362.  
54363. [Panda Preventium+ Service]
54364. Number=7719
54365. Confirmed=Y
54366. Filename=PREVSRV.EXE
54367. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54368. Source=Paul Collins Startup list
54369.  
54370. [Panda Scheduler]
54371. Number=7720
54372. Confirmed=U
54373. Filename=pavsched.exe
54374. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
54375. Source=Paul Collins Startup list
54376.  
54377. [Panda Software Intrenet]
54378. Number=7721
54379. Confirmed=X
54380. Filename=panda.pif
54381. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotatz.html" target="_blank">RBOT-ATZ</a> WORM!
54382. Source=Paul Collins Startup list
54383.  
54384. [PandaAVEngine]
54385. Number=7722
54386. Confirmed=X
54387. Filename=PandaAVEngine.exe
54388. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033114-0628-99" target="_blank">NETSKY.R</a> WORM!
54389. Source=Paul Collins Startup list
54390.  
54391. [PandaScheduler]
54392. Number=7723
54393. Confirmed=U
54394. Filename=pavsched.exe
54395. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a> scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
54396. Source=Paul Collins Startup list
54397.  
54398. [Pando]
54399. Number=7724
54400. Confirmed=U
54401. Filename=Pando.exe
54402. Description="<a href="http://www.pando.com/" target="_blank">Pando</a> is free software that lets you send and receive files and folders of any size* with your existing email address"
54403. Source=Paul Collins Startup list
54404.  
54405. [Pantera]
54406. Number=7725
54407. Confirmed=X
54408. Filename=pantera.exe
54409. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYN&VSect=P" target=_blank>SDBOT.AYN</a> WORM!
54410. Source=Paul Collins Startup list
54411.  
54412. [Paperport]
54413. Number=7726
54414. Confirmed=N
54415. Filename=runppdrv.exe
54416. Description=Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see <a href="http://groups.google.com/group/alt.comp.periphs.scanner/msg/cda2c8dde3e1e8fe?q=runppdrv.exe&hl=en&rnum=7" target="_blank">here</a>
54417. Source=Paul Collins Startup list
54418.  
54419. [PaperPort PTD]
54420. Number=7727
54421. Confirmed=N
54422. Filename=pptd40nt.exe
54423. Description="PaperPort" software associated with scanners
54424. Source=Paul Collins Startup list
54425.  
54426. [PaperQuote System Tray Icon]
54427. Number=7728
54428. Confirmed=N
54429. Filename=PQTRAY.EXE
54430. Description=PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation
54431. Source=Paul Collins Startup list
54432.  
54433. [Parallel Tasking]
54434. Number=7729
54435. Confirmed=X
54436. Filename=ptask.exe
54437. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallcj.html" target= blank>SMALL-CJ</a> TROJAN!
54438. Source=Paul Collins Startup list
54439.  
54440. [ParetoLogic Anti-Spyware]
54441. Number=7730
54442. Confirmed=U
54443. Filename=Pareto_AS.exe
54444. Description="ParetoLogic <a href="http://paretologic.com/products/paretologicas/" target="_blank">Anti-Spyware</a> delivers Active Protection in the form of real-time blocking"
54445. Source=Paul Collins Startup list
54446.  
54447. [PartSeal]
54448. Number=7731
54449. Confirmed=U
54450. Filename=PartSeal.exe
54451. Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
54452. Source=Paul Collins Startup list
54453.  
54454. [Password Door Loader]
54455. Number=7732
54456. Confirmed=U
54457. Filename=PDMonitor.exe
54458. Description=<a href="http://www.toplang.com/passworddoor.htm" target="_blank">Password Door</a> - password protection software
54459. Source=Paul Collins Startup list
54460.  
54461. [Password Tracker Deluxe]
54462. Number=7733
54463. Confirmed=U
54464. Filename=PwTrkr.exe
54465. Description="<a href="http://www.clrpc.com/" target="_blank">Password Tracker Deluxe</a> stores passwords and usernames neatly and securely (encrypted) on your computer"
54466. Source=Paul Collins Startup list
54467.  
54468. [PasteLister]
54469. Number=7734
54470. Confirmed=N
54471. Filename=plister.exe
54472. Description=<a href="http://www.progency.com/pastelister.html" target="_blank">PasteLister</a> - clipboard extender. Start manually when required
54473. Source=Paul Collins Startup list
54474.  
54475. [PAS_Check]
54476. Number=7735
54477. Confirmed=N
54478. Filename=udcpas.exe
54479. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
54480. Source=Paul Collins Startup list
54481.  
54482. [pas_check]
54483. Number=7736
54484. Confirmed=N
54485. Filename=pasmon.exe
54486. Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
54487. Source=Paul Collins Startup list
54488.  
54489. [Patch]
54490. Number=7737
54491. Confirmed=X
54492. Filename=patch.exe
54493. Description=Added by the <a href="http://www.dark-e.com/archive/trojans/netbusworm/index.shtml" target="_blank"> NETBUS</a> WORM!
54494. Source=Paul Collins Startup list
54495.  
54496. [Patches Value]
54497. Number=7738
54498. Confirmed=X
54499. Filename=WinGamed.exe
54500. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BR" target="_blank">SDBOT.BR</a> WORM!
54501. Source=Paul Collins Startup list
54502.  
54503. [Path]
54504. Number=7739
54505. Confirmed=?
54506. Filename=lide.exe
54507. Description=<font color="#FF0000">??</font>
54508. Source=Paul Collins Startup list
54509.  
54510. [pathname]
54511. Number=7740
54512. Confirmed=X
54513. Filename=pathname.exe
54514. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target=_blank>IRCCONTACT</a> TROJAN!
54515. Source=Paul Collins Startup list
54516.  
54517. [PathNvidiaTV]
54518. Number=7741
54519. Confirmed=?
54520. Filename=patchnvidiaTVout.exe
54521. Description=Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program Files\Gigabyte\Nvidia folder
54522. Source=Paul Collins Startup list
54523.  
54524. [PAV.EXE]
54525. Number=7742
54526. Confirmed=X
54527. Filename=%Number%
54528. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM! %Number% can be any number
54529. Source=Paul Collins Startup list
54530.  
54531. [PAV.EXE]
54532. Number=7743
54533. Confirmed=Y
54534. Filename=PAV.EXE
54535. Description=<a href="http://www.perantivirus.com/antivir.htm" target="_blank">PER Antivirus</a>
54536. Source=Paul Collins Startup list
54537.  
54538. [PAVFIRES]
54539. Number=7744
54540. Confirmed=Y
54541. Filename=PavFires.exe
54542. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54543. Source=Paul Collins Startup list
54544.  
54545. [PAVFNSVR]
54546. Number=7745
54547. Confirmed=Y
54548. Filename=PavFnSvr.exe
54549. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54550. Source=Paul Collins Startup list
54551.  
54552. [Pavkre9x]
54553. Number=7746
54554. Confirmed=Y
54555. Filename=pavkre9x.exe
54556. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54557. Source=Paul Collins Startup list
54558.  
54559. [PavProc]
54560. Number=7747
54561. Confirmed=Y
54562. Filename=PavPrS9x.exe
54563. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54564. Source=Paul Collins Startup list
54565.  
54566. [PavProt]
54567. Number=7748
54568. Confirmed=Y
54569. Filename=PavProt.exe
54570. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54571. Source=Paul Collins Startup list
54572.  
54573. [Pavprot9]
54574. Number=7749
54575. Confirmed=Y
54576. Filename=Pavprot9.exe
54577. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
54578. Source=Paul Collins Startup list
54579.  
54580. [PayTime]
54581. Number=7750
54582. Confirmed=X
54583. Filename=paytime.exe
54584. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpayr.html" target=_blank>STARTPA-YR</a> TROJAN!
54585. Source=Paul Collins Startup list
54586.  
54587. [pbagent]
54588. Number=7751
54589. Confirmed=U
54590. Filename=pbagent.exe
54591. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090811-5438-99" target= blank>Probot</a> keystroke logger/monitoring program - remove unless you installed it yourself!
54592. Source=Paul Collins Startup list
54593.  
54594. [PBKScheduler]
54595. Number=7752
54596. Confirmed=U
54597. Filename=PBKScheduler.exe
54598. Description=Scheduler for CyberLink <a href="http://www.cyberlink.com/multi/products/main_29_ENU.html" target=_blank>PowerBackup</a> - archiving/backup utility
54599. Source=Paul Collins Startup list
54600.  
54601. [PC Alert III]
54602. Number=7753
54603. Confirmed=U
54604. Filename=alert.exe
54605. Description=MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
54606. Source=Paul Collins Startup list
54607.  
54608. [PC Booster]
54609. Number=7754
54610. Confirmed=U
54611. Filename=pcbooster.exe
54612. Description=<a href="http://www.inklineglobal.net/products/pcb/index.html" target="_blank">PC Booster</a> from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
54613. Source=Paul Collins Startup list
54614.  
54615. [PC Doc Pro - 3.1]
54616. Number=7755
54617. Confirmed=U
54618. Filename=pcdocpro.exe
54619. Description=<a href="http://www.pcdocpro.com/" target="_blank">PC Doc Pro</a> (now Win Doc Pro) - system health check and fix utility
54620. Source=Paul Collins Startup list
54621.  
54622. [PC Dynamics SdwMon32]
54623. Number=7756
54624. Confirmed=U
54625. Filename=sdwmon32.exe
54626. Description=<a href="http://www.pcdynamics.com/SafeHousePP/" target=_blank>SafeHouse</a> "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
54627. Source=Paul Collins Startup list
54628.  
54629. [PC Pitstop Optimize Scheduler]
54630. Number=7757
54631. Confirmed=U
54632. Filename=PCPOptimize.exe
54633. Description=<a href="http://www.pcpitstop.com/store/optimize.asp" target="_blank">PC Pitstop Optimize</a> - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
54634. Source=Paul Collins Startup list
54635.  
54636. [PC Spy Keylogger]
54637. Number=7758
54638. Confirmed=U
54639. Filename=ToolKeylogger.exe
54640. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022411-2100-99" target=blank>PCSpyKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
54641. Source=Paul Collins Startup list
54642.  
54643. [PC-Config32]
54644. Number=7759
54645. Confirmed=X
54646. Filename=corona.exe
54647. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32coronexa.html" target="_blank">CORONEX.A</a> WORM!
54648. Source=Paul Collins Startup list
54649.  
54650. [PC2X]
54651. Number=7760
54652. Confirmed=X
54653. Filename=initial.bat
54654. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfzz.html" target="_blank">DWNLDR-FZZ</a> TROJAN!
54655. Source=Paul Collins Startup list
54656.  
54657. [pcAnywhere Agent]
54658. Number=7761
54659. Confirmed=U
54660. Filename=pcamgt.exe
54661. Description=Part of  <a href="http://www.symantec.com/pcanywhere/Consumer/index.html" target= blank>pcAnywhere</a> 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host
54662. Source=Paul Collins Startup list
54663.  
54664. [PCBG]
54665. Number=7762
54666. Confirmed=Y
54667. Filename=PCBODYGUARD.EXE
54668. Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
54669. Source=Paul Collins Startup list
54670.  
54671. [PCBODYGUARD]
54672. Number=7763
54673. Confirmed=Y
54674. Filename=PCBODYGUARD.EXE
54675. Description=<a href="http://www.calluna.com/pcbody.html" target="_blank">PC Bodyguard</a> from Calluna - protects system files and settings from being deleted, modified, etc
54676. Source=Paul Collins Startup list
54677.  
54678. [PcBoost]
54679. Number=7764
54680. Confirmed=U
54681. Filename=PcBoost.exe
54682. Description=<a href="http://www.pgware.com/" target=_blank>PCBoost</a> from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games
54683. Source=Paul Collins Startup list
54684.  
54685. [PCCClient.exe]
54686. Number=7765
54687. Confirmed=Y
54688. Filename=PCCClient.exe
54689. Description=PC-Cillin 2002 antivirus software
54690. Source=Paul Collins Startup list
54691.  
54692. [pccguide.exe]
54693. Number=7766
54694. Confirmed=Y
54695. Filename=pccguide.exe
54696. Description=PC-Cillin 2002 antivirus software
54697. Source=Paul Collins Startup list
54698.  
54699. [PCCIOMON.EXE]
54700. Number=7767
54701. Confirmed=Y
54702. Filename=PCCIOMON.EXE
54703. Description=PC-Cillin 2000 antivirus software. This is the actual virus-scanner
54704. Source=Paul Collins Startup list
54705.  
54706. [PCClient.exe]
54707. Number=7768
54708. Confirmed=Y
54709. Filename=PCClient.exe
54710. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
54711. Source=Paul Collins Startup list
54712.  
54713. [PccPfw]
54714. Number=7769
54715. Confirmed=Y
54716. Filename=PccPfw.exe
54717. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target="_blank">PC-Cillin</a> Internet Security
54718. Source=Paul Collins Startup list
54719.  
54720. [PcCtlCom]
54721. Number=7770
54722. Confirmed=Y
54723. Filename=Pcctlcom.exe
54724. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm" target=_blank>PC-cillin</a> Internet Security
54725. Source=Paul Collins Startup list
54726.  
54727. [PCDRealtime]
54728. Number=7771
54729. Confirmed=N
54730. Filename=realtime.exe
54731. Description=Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site
54732. Source=Paul Collins Startup list
54733.  
54734. [PcEXPLODE]
54735. Number=7772
54736. Confirmed=X
54737. Filename=specialfile.exe
54738. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
54739. Source=Paul Collins Startup list
54740.  
54741. [PCHbutton]
54742. Number=7773
54743. Confirmed=N
54744. Filename=PCHbutton.exe
54745. Description=Used by HP Instant Support
54746. Source=Paul Collins Startup list
54747.  
54748. [PCHealth]
54749. Number=7774
54750. Confirmed=N
54751. Filename=pchschd.exe
54752. Description=This is a "scheduler" and does not turn off PC Health. For more information refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
54753. Source=Paul Collins Startup list
54754.  
54755. [PCHEasySearch]
54756. Number=7775
54757. Confirmed=X
54758. Filename=STUpdate.exe
54759. Description=PCH EasySearch bar
54760. Source=Paul Collins Startup list
54761.  
54762. [PCIMODEM]
54763. Number=7776
54764. Confirmed=?
54765. Filename=pcimodem.exe
54766. Description=Associated with Lucent based Aztech MDP7800-U PCI modems. <font color="#FF0000">Is it required?</font>
54767. Source=Paul Collins Startup list
54768.  
54769. [PCLEPCI]
54770. Number=7777
54771. Confirmed=U
54772. Filename=ppe.exe
54773. Description=Pinnacle Systems <a href="http://www.pinnaclesys.com/docsupport1.asp?division_id=1&langue_id=2&product_id=469&product_name=Studio%20version%207&page_id=146" target="_blank">PCI Performance Enhancer</a>. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."
54774. Source=Paul Collins Startup list
54775.  
54776. [PClK]
54777. Number=7778
54778. Confirmed=X
54779. Filename=PClK.exe
54780. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbl.html" target=_blank>LEGMIR-BL</a> TROJAN!
54781. Source=Paul Collins Startup list
54782.  
54783. [PCMCIA Resource Monitor]
54784. Number=7779
54785. Confirmed=?
54786. Filename=nvp2pmon.exe
54787. Description=NVIDIA nForce P2P Driver. <font color="#FF0000">What does it do and is it required?</font>
54788. Source=Paul Collins Startup list
54789.  
54790. [PCMMRealtime]
54791. Number=7780
54792. Confirmed=U
54793. Filename=pcmm.exe
54794. Description=<a href="http://www.pcmightymax.net/cgi-bin/view.cgi/index.html" target="_blank">PC MightyMax</a> - diagnostic program that identifies and fixes problems. However, some users report it does the opposite and messes up their systems (see <a href="http://www.techspot.com/vb/topic21210.html" target="_blank">here</a>) and they also have problems removing it (see <a href="http://www.bullguard.com/forum/9/PC-MightyMax-removal_8719.html" target="_blank">here</a>)
54795. Source=Paul Collins Startup list
54796.  
54797. [PCMService]
54798. Number=7781
54799. Confirmed=U
54800. Filename=PCMService.exe
54801. Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_12_ENU.html" target=_blank>Power Cinema</a>. Commonly distributed with the Dell MultiMedia software suite. It is used to watch movies, play music and even watch TV in a central location
54802.  
54803. Source=Paul Collins Startup list
54804.  
54805. [PCPitStopEraser]
54806. Number=7782
54807. Confirmed=U
54808. Filename=PCPitStopErase.exe
54809. Description="<a href="http://www.pcpitstop.com/store/erase.asp" target="_blank">PC PitStop Erase</a> is both a free privacy scanner and paid tracks cleaner"
54810. Source=Paul Collins Startup list
54811.  
54812. [PCPOptimize]
54813. Number=7783
54814. Confirmed=U
54815. Filename=PCPOptimize.exe
54816. Description=<a href="http://www.pcpitstop.com/store/optimize.asp" target="_blank">PC Pitstop Optimize</a> - "an application that will make your PC run faster, make it more stable, and clean up hard drive space"
54817. Source=Paul Collins Startup list
54818.  
54819. [PCprot]
54820. Number=7784
54821. Confirmed=X
54822. Filename=crcss.exe
54823. Description=Added by an unidentified WORM!
54824. Source=Paul Collins Startup list
54825.  
54826. [pcqmqgn.exe]
54827. Number=7785
54828. Confirmed=?
54829. Filename=pcqmqgn.exe
54830. Description=<font color="#FF0000">??</font>
54831. Source=Paul Collins Startup list
54832.  
54833. [PCRecSA]
54834. Number=7786
54835. Confirmed=U
54836. Filename=PCRecSA.exe
54837. Description=Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
54838. Source=Paul Collins Startup list
54839.  
54840. [pcServer]
54841. Number=7787
54842. Confirmed=X
54843. Filename=server.exe
54844. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050618-4623-99" target=_blank>Ssppyy</a> spyware
54845. Source=Paul Collins Startup list
54846.  
54847. [PCShield]
54848. Number=7788
54849. Confirmed=X
54850. Filename=regsvr32 [path] sfg_****.dll [* = random char]
54851. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
54852. Source=Paul Collins Startup list
54853.  
54854. [PCStart]
54855. Number=7789
54856. Confirmed=N
54857. Filename=Pcm25.exe
54858. Description=Runs as part of <a href="http://pcmonitor.com/" target="_blank">PCMonitor</a> which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
54859. Source=Paul Collins Startup list
54860.  
54861. [PCSuiteTrayApplication]
54862. Number=7790
54863. Confirmed=N
54864. Filename=TrayApplication.exe
54865. Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
54866. Source=Paul Collins Startup list
54867.  
54868. [PCSuiteTrayApplication]
54869. Number=7791
54870. Confirmed=N
54871. Filename=LaunchApplication.exe
54872. Description=System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu
54873. Source=Paul Collins Startup list
54874.  
54875. [Pcsv]
54876. Number=7792
54877. Confirmed=X
54878. Filename=pcsvc.exe
54879. Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware
54880. Source=Paul Collins Startup list
54881.  
54882. [PcSync]
54883. Number=7793
54884. Confirmed=N
54885. Filename=PcSync.exe
54886. Description=If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs
54887. Source=Paul Collins Startup list
54888.  
54889. [PcSync]
54890. Number=7794
54891. Confirmed=X
54892. Filename=PcSync.exe
54893. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxj.html" target= blank>RBOT-XJ</a> WORM! Note - do not confuse with the Nokia application described <a href="http://www.sysinfo.org/startuplist.php?filter=PCsync.exe" target= blank>here</a>
54894. Source=Paul Collins Startup list
54895.  
54896. [PCTAVApp]
54897. Number=7795
54898. Confirmed=Y
54899. Filename=PCTAV.exe
54900. Description=Related to <a href="http://www.pctools.com/anti-virus/" target=_blank>PC TOOLS</a> Antivirus software
54901. Source=Paul Collins Startup list
54902.  
54903. [PcThrust]
54904. Number=7796
54905. Confirmed=U
54906. Filename=PcThrust.exe
54907. Description=<a href="http://www.swiftdog.com/" target=_blank>PCThrust</a> from SwiftDog - "increases computer performance by allocating higher portions of CPU power to active applications and games"
54908.  
54909. Source=Paul Collins Startup list
54910.  
54911. [pctspk]
54912. Number=7797
54913. Confirmed=U
54914. Filename=pctspk.exe
54915. Description=Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
54916. Source=Paul Collins Startup list
54917.  
54918. [PCTVOICE]
54919. Number=7798
54920. Confirmed=U
54921. Filename=pctvoice.exe
54922. Description=The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It's better to leave it
54923. Source=Paul Collins Startup list
54924.  
54925. [PCTVRemote]
54926. Number=7799
54927. Confirmed=U
54928. Filename=remoterm.exe
54929. Description=Controls the remote control on some Pinnacle TV tuners
54930. Source=Paul Collins Startup list
54931.  
54932. [PCWatch]
54933. Number=7800
54934. Confirmed=U
54935. Filename=pcwatch.exe
54936. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.pcwatch.html" target="_blank">PCWatch</a> surveillance software. Uninstall this software if you did not install it yourself
54937. Source=Paul Collins Startup list
54938.  
54939. [PDA Commander]
54940. Number=7801
54941. Confirmed=X
54942. Filename=stisvc32.exe
54943. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottx.html" target=_blank>AGOBOT-TX</a> WORM!
54944. Source=Paul Collins Startup list
54945.  
54946. [PdaNet Desktop]
54947. Number=7802
54948. Confirmed=U
54949. Filename=PdaNetPC.exe
54950. Description=<a href="http://www.junefabrics.com/" target="_blank">PdaNet</a> from June Fabrics Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless modem for your PC
54951. Source=Paul Collins Startup list
54952.  
54953. [PDASCAN]
54954. Number=7803
54955. Confirmed=X
54956. Filename=pdascan.exe
54957. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqy.html" target= blank>AGOBOT-QY</a> WORM!
54958. Source=Paul Collins Startup list
54959.  
54960. [PDDM]
54961. Number=7804
54962. Confirmed=U
54963. Filename=pddm.exe
54964. Description=<a href="http://www.patchlink.com/products/update.html" target="_blank">Patchlink Update</a> - "core product of the leading patch and vulnerability management software solution for medium and large enterprise network security"
54965. Source=Paul Collins Startup list
54966.  
54967. [PDEngine]
54968. Number=7805
54969. Confirmed=U
54970. Filename=PDEngine.exe
54971. Description=<a href="http://www.raxco.com/products/perfectdisk2k/" target="_blank">PerfectDisk</a> from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
54972. Source=Paul Collins Startup list
54973.  
54974. [pdexplo]
54975. Number=7806
54976. Confirmed=N
54977. Filename=PDEXPLO.EXE
54978. Description=PowerDesk Pro by PowerDesk Pro by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Enhanced desktop and file manager. Available via Start -> Programs
54979. Source=Paul Collins Startup list
54980.  
54981. [PDF Converter Registry Controller]
54982. Number=7807
54983. Confirmed=?
54984. Filename=RegistryController.exe
54985. Description=Nuance (was Scansoft) <a href="http://www.nuance.com/pdfconverter/" target="_blank">PDF Converter Registry Controller
54986. </a> related - <font color="#FF0000">what does it do and is it required?</font>
54987. Source=Paul Collins Startup list
54988.  
54989. [pdfFactory Dispatcher v1]
54990. Number=7808
54991. Confirmed=U
54992. Filename=fppdis1a.exe
54993. Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html" target="_blank">pdfFactory</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
54994. Source=Paul Collins Startup list
54995.  
54996. [pdfFactory Dispatcher v2]
54997. Number=7809
54998. Confirmed=U
54999. Filename=fppdis2a.exe
55000. Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html" target="_blank">pdfFactory</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
55001. Source=Paul Collins Startup list
55002.  
55003. [pdfFactory Pro Dispatcher v1]
55004. Number=7810
55005. Confirmed=U
55006. Filename=fppdis1.exe
55007. Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html#pfp" target="_blank">pdfFactory Pro</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
55008. Source=Paul Collins Startup list
55009.  
55010. [pdfFactory Pro Dispatcher v3]
55011. Number=7811
55012. Confirmed=U
55013. Filename=fppdis3a.exe
55014. Description=FinePrint <a href="http://www.fineprint.com/products/pdffactory/index.html#pfp" target="_blank">pdfFactory Pro</a> Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. "pdfFactory products offer a unique approach to PDF creation that is simpler, more effective and less expensive than that offered by other programs"
55015. Source=Paul Collins Startup list
55016.  
55017. [pdfMachine dispatcher]
55018. Number=7812
55019. Confirmed=U
55020. Filename=mapisnd.exe
55021. Description=<a href="http://www.pdfmachine.com/genp/overview.html" target="_blank">pdfMachine</a> Windows print driver
55022. Source=Paul Collins Startup list
55023.  
55024. [pdfSaver3]
55025. Number=7813
55026. Confirmed=N
55027. Filename=pdfSaver3.exe
55028. Description=<a href="http://www.docu-track.com/home/prod_user/pdfxchange_pro/" target=_blank>PDF-XChange</a> - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc
55029. Source=Paul Collins Startup list
55030.  
55031. [PDirect]
55032. Number=7814
55033. Confirmed=N
55034. Filename=PDirect.exe
55035. Description=IBM Presentation Director software
55036. Source=Paul Collins Startup list
55037.  
55038. [pdp Server]
55039. Number=7815
55040. Confirmed=U
55041. Filename=ctpdpsrvr.exe
55042. Description=Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
55043. Source=Paul Collins Startup list
55044.  
55045. [PDService.exe]
55046. Number=7816
55047. Confirmed=U
55048. Filename=pdservice.exe
55049. Description=Related to <a href="http://www.utimaco.com/" target=_blank>Utimaco</a> Safeware Easy. "Your electronic safe for protecting confidential data"
55050. Source=Paul Collins Startup list
55051.  
55052. [PDVDServ]
55053. Number=7817
55054. Confirmed=U
55055. Filename=PDVDServ.exe
55056. Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
55057.  
55058. Source=Paul Collins Startup list
55059.  
55060. [Pe2ckfnt SE]
55061. Number=7818
55062. Confirmed=N
55063. Filename=chkfont.exe
55064. Description=Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
55065. Source=Paul Collins Startup list
55066.  
55067. [PECarlin]
55068. Number=7819
55069. Confirmed=X
55070. Filename=PECarlin.exe
55071. Description=Adware - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098420" target=_blank>here</a>
55072.  
55073. Source=Paul Collins Startup list
55074.  
55075. [Peeramid]
55076. Number=7820
55077. Confirmed=?
55078. Filename=PService.exe
55079. Description=In a "Koptimizer" folder in Program Files. <font color="#FF0000">What does it do and is it required?</font>
55080. Source=Paul Collins Startup list
55081.  
55082. [PeerGuardian]
55083. Number=7821
55084. Confirmed=U
55085. Filename=PeerGuardian_1.99b_pr14.exe
55086. Description=<a href="http://phoenixlabs.org/pg2/" target="_blank">PeerGuardian</a> - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
55087. Source=Paul Collins Startup list
55088.  
55089. [PeerGuardian]
55090. Number=7822
55091. Confirmed=U
55092. Filename=pg2.exe
55093. Description=<a href="http://phoenixlabs.org/pg2/" target="_blank">PeerGuardian</a> - IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc)
55094. Source=Paul Collins Startup list
55095.  
55096. [Pent@VALUE 3.2]
55097. Number=7823
55098. Confirmed=U
55099. Filename=Pent@VALUE.exe
55100. Description=Pent@VALUE Digital Satellite Internet PC Receiver
55101. Source=Paul Collins Startup list
55102.  
55103. [PeqBL100]
55104. Number=7824
55105. Confirmed=X
55106. Filename=PEQBL100.exe
55107. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122009-1421-99" target=_blank>ENVID.D</a> WORM!
55108. Source=Paul Collins Startup list
55109.  
55110. [PER Email Protection]
55111. Number=7825
55112. Confirmed=Y
55113. Filename=pavmail.exe
55114. Description=<a href="http://www.perantivirus.com/antivir.htm" target="_blank">PER Antivirus</a>
55115. Source=Paul Collins Startup list
55116.  
55117. [PerfectPrint]
55118. Number=7826
55119. Confirmed=N
55120. Filename=pfppop70.exe
55121. Description=Print engine used by Corel WordPerfect 7 and Presentations 7
55122. Source=Paul Collins Startup list
55123.  
55124. [PerfFont (Performance True Type Font)]
55125. Number=7827
55126. Confirmed=X
55127. Filename=perfont.exe
55128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmuteche.html" target=_blank>MUTECH-E</a> TROJAN!
55129. Source=Paul Collins Startup list
55130.  
55131. [perfmon]
55132. Number=7828
55133. Confirmed=U
55134. Filename=perfmon.vbs
55135. Description=<a href="http://www.securesa.com" target=_blank>MindStorm AnalyzerPro</a> from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"
55136.  
55137. Source=Paul Collins Startup list
55138.  
55139. [Perfomance Monitor]
55140. Number=7829
55141. Confirmed=X
55142. Filename=davcsync.exe
55143. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lamuda.html" target=_blank>LAMUD-A</a> WORM!
55144. Source=Paul Collins Startup list
55145.  
55146. [Perfomance Settings]
55147. Number=7830
55148. Confirmed=X
55149. Filename=svchost.exe
55150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgerap.html" target=_blank>TOFGER-AP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
55151. Source=Paul Collins Startup list
55152.  
55153. [Performance]
55154. Number=7831
55155. Confirmed=X
55156. Filename=MyHeart.exe
55157. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pesind.html" target=_blank>PESIN-D</a> WORM!
55158. Source=Paul Collins Startup list
55159.  
55160. [Performs peer to peer connection]
55161. Number=7832
55162. Confirmed=X
55163. Filename=WinPTTP.exe
55164. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmi.html" target="_blank">RBOT-GMI</a> WORM!
55165. Source=Paul Collins Startup list
55166.  
55167. [PersFw]
55168. Number=7833
55169. Confirmed=Y
55170. Filename=PersFw.exe
55171. Description=<a href="http://www.kerio.com/us/kpf_home.html" target="_blank">Kerio</a> or <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny</a> Personal Firewall
55172. Source=Paul Collins Startup list
55173.  
55174. [Persistence]
55175. Number=7834
55176. Confirmed=N
55177. Filename=igfxpers.exe
55178. Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
55179. Source=Paul Collins Startup list
55180.  
55181. [Personal Computer]
55182. Number=7835
55183. Confirmed=X
55184. Filename=scvhost.exe
55185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaje.html" target=_blank>RBOT-AJE</a> WORM!
55186. Source=Paul Collins Startup list
55187.  
55188. [Personal Firwall]
55189. Number=7836
55190. Confirmed=X
55191. Filename=ptmedsrv.exe
55192. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XY" target="_blank">SDBOT.XY</a> WORM!
55193.  
55194. Source=Paul Collins Startup list
55195.  
55196. [Pervasive.SQL Workgroup Engine]
55197. Number=7837
55198. Confirmed=U
55199. Filename=W3dbsmgr.exe
55200. Description=Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
55201. Source=Paul Collins Startup list
55202.  
55203. [PestPatrol Control Center]
55204. Number=7838
55205. Confirmed=U
55206. Filename=PPControl.exe
55207. Description=PestPatrol Control Terminal - utility that launched <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol before CA's acquisition
55208. Source=Paul Collins Startup list
55209.  
55210. [PestPatrolCL]
55211. Number=7839
55212. Confirmed=?
55213. Filename=PestPatrolCL.exe
55214. Description=<a href="http://www.pestpatrol.com/" target= blank>PestPatrol's</a> command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set
55215. Source=Paul Collins Startup list
55216.  
55217. [PestTrap]
55218. Number=7840
55219. Confirmed=N
55220. Filename=PestTrap.exe
55221. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
55222.  
55223. Source=Paul Collins Startup list
55224.  
55225. [Petit Larousse 2001]
55226. Number=7841
55227. Confirmed=U
55228. Filename=HIPL2000Popup.exe
55229. Description=Popup dictionary tool
55230. Source=Paul Collins Startup list
55231.  
55232. [Pex Sound Driver]
55233. Number=7842
55234. Confirmed=X
55235. Filename=Today's Results.vbs
55236. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
55237. Source=Paul Collins Startup list
55238.  
55239. [pex Sound driver 2]
55240. Number=7843
55241. Confirmed=X
55242. Filename=Today's Results.vbs
55243. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32trodea.html" target=_blank>TRODE-A</a> WORM!
55244. Source=Paul Collins Startup list
55245.  
55246. [PFW_CfgEngine]
55247. Number=7844
55248. Confirmed=?
55249. Filename=PFWCFG~1.EXE
55250. Description=<font color="#FF0000">Personal Firewall related?</font>
55251. Source=Paul Collins Startup list
55252.  
55253. [PFW_PullSrv]
55254. Number=7845
55255. Confirmed=?
55256. Filename=PULL.EXE
55257. Description=<font color="#FF0000">Personal Firewall related?</font>
55258. Source=Paul Collins Startup list
55259.  
55260. [PgMonitr]
55261. Number=7846
55262. Confirmed=X
55263. Filename=PgMonitr.exe
55264. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
55265. Source=Paul Collins Startup list
55266.  
55267. [PGPSDKSVC]
55268. Number=7847
55269. Confirmed=Y
55270. Filename=pgpsdkserv.exe
55271. Description=PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
55272. Source=Paul Collins Startup list
55273.  
55274. [PGPSERVICE]
55275. Number=7848
55276. Confirmed=U
55277. Filename=pgpservice.exe
55278. Description=PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
55279. Source=Paul Collins Startup list
55280.  
55281. [PGPtray]
55282. Number=7849
55283. Confirmed=N
55284. Filename=pgptray.exe
55285. Description=PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
55286. Source=Paul Collins Startup list
55287.  
55288. [PGQL]
55289. Number=7850
55290. Confirmed=X
55291. Filename=pgql.exe
55292. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpqn.html" target="_blank">PQN</a> TROJAN!
55293. Source=Paul Collins Startup list
55294.  
55295. [PGStub.exe]
55296. Number=7851
55297. Confirmed=X
55298. Filename=[various filenames]
55299. Description=Unidentified adware
55300. Source=Paul Collins Startup list
55301.  
55302. [pgtaff]
55303. Number=7852
55304. Confirmed=X
55305. Filename=pgtaff.exe
55306. Description=AdRotator adware variant
55307. Source=Paul Collins Startup list
55308.  
55309. [phc700]
55310. Number=7853
55311. Confirmed=U
55312. Filename=vphc700.exe
55313. Description=Related to the <a href="http://www.philips.com/" target="_blank">Philips</a> SPC700NC web camera
55314. Source=Paul Collins Startup list
55315.  
55316. [PhiBtn]
55317. Number=7854
55318. Confirmed=Y
55319. Filename=PhiBtn.exe
55320. Description=Snapshot and Launch button application from Philips belonging to Philips SPC 900NC Camera
55321. Source=Paul Collins Startup list
55322.  
55323. [Phime2002a]
55324. Number=7855
55325. Confirmed=N
55326. Filename=TINTSETP.EXE
55327. Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
55328. Source=Paul Collins Startup list
55329.  
55330. [PHIME2002ASync]
55331. Number=7856
55332. Confirmed=N
55333. Filename=TINTSETP.EXE
55334. Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
55335. Source=Paul Collins Startup list
55336.  
55337. [PHIME2004C]
55338. Number=7857
55339. Confirmed=X
55340. Filename=CTFMDN.exe
55341. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadramv.html" target="_blank">DLOADR-AMV</a> TROJAN!
55342. Source=Paul Collins Startup list
55343.  
55344. [PHIME2OO2ASyst]
55345. Number=7858
55346. Confirmed=X
55347. Filename=[path to trojan]
55348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html" target=_blank>DBDOOR-B</a> TROJAN!
55349. Source=Paul Collins Startup list
55350.  
55351. [PhoneFree version 6.2]
55352. Number=7859
55353. Confirmed=U
55354. Filename=PHONEF??.EXE
55355. Description=An Internet telephony application. Complicated registration and ad banners tailored to your profile - see <a href="http://www.phonefree.com/" target="_blank">here</a>
55356. Source=Paul Collins Startup list
55357.  
55358. [Photo Express Calendar Checker SE]
55359. Number=7860
55360. Confirmed=N
55361. Filename=CALCHECK.EXE
55362. Description=If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
55363. Source=Paul Collins Startup list
55364.  
55365. [Photo Loader supervisory]
55366. Number=7861
55367. Confirmed=N
55368. Filename=Plauto.exe
55369. Description=Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
55370. Source=Paul Collins Startup list
55371.  
55372. [Photoshop]
55373. Number=7862
55374. Confirmed=X
55375. Filename=svchost.exe
55376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcdopene.html" target=_blank>CDOPEN-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Program Files" folder
55377. Source=Paul Collins Startup list
55378.  
55379. [PhotoShow Deluxe Media Manager]
55380. Number=7863
55381. Confirmed=N
55382. Filename=mssysmgr.exe
55383. Description=Simple Star <a href="http://www.simplestar.com/site_html/index.php" target=blank>PhotoShow Deluxe</a> photo editing and organizing software, makes it easy to send and share digital photos. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others
55384. Source=Paul Collins Startup list
55385.  
55386. [PhotoWise QuickLink]
55387. Number=7864
55388. Confirmed=N
55389. Filename=quicklnk.exe
55390. Description=Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."
55391. Source=Paul Collins Startup list
55392.  
55393. [PhraseExpress]
55394. Number=7865
55395. Confirmed=U
55396. Filename=phrase.exe
55397. Description="<a href="http://www.phraseexpress.com/" target="_blank">PhraseExpress</a> organizes your frequently used text phrases and allows pasting them into any application"
55398. Source=Paul Collins Startup list
55399.  
55400. [PIC SYSTEM]
55401. Number=7866
55402. Confirmed=X
55403. Filename=picx.exe
55404. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LL&VSect=P" target=_blank>MYTOB.LL</a> WORM!
55405. Source=Paul Collins Startup list
55406.  
55407. [Picasa Media Detector]
55408. Number=7867
55409. Confirmed=N
55410. Filename=PicasaMediaDetector.exe
55411. Description=Media detector for <a href="http://www.picasa.net/" target="_blank">Picasa</a>'s automatic photo organizer
55412. Source=Paul Collins Startup list
55413.  
55414. [PicasaNet]
55415. Number=7868
55416. Confirmed=N
55417. Filename=Hello.exe
55418. Description=<a href="http://www.hello.com/index.php" target=_blank>Hello</a> is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs
55419. Source=Paul Collins Startup list
55420.  
55421. [Pickatag]
55422. Number=7869
55423. Confirmed=N
55424. Filename=pickatag.exe
55425. Description=<a href="http://www.freedownloadscenter.com/Email_Tools/Mail_Signature_Tools/Pick_a_Tag.html" target="_blank">Pick-a-tag</a> - "freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
55426. Source=Paul Collins Startup list
55427.  
55428. [PICPRTR]
55429. Number=7870
55430. Confirmed=N
55431. Filename=PICPRTR.EXE
55432. Description=Program for viewing and measuring a variety of 3D CAD data formats
55433. Source=Paul Collins Startup list
55434.  
55435. [picsvr]
55436. Number=7871
55437. Confirmed=X
55438. Filename=picsvr.exe
55439. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target=_blank>Delfin Promulgate</a> adware
55440. Source=Paul Collins Startup list
55441.  
55442. [pictureBUZZTray]
55443. Number=7872
55444. Confirmed=N
55445. Filename=swtray.exe
55446. Description=System Tray access to <a href="http://www.picturebuzz.com" target="_blank">PictureBUZZ</a> on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
55447. Source=Paul Collins Startup list
55448.  
55449. [PiDunHK]
55450. Number=7873
55451. Confirmed=U
55452. Filename=PIDUNHK.EXE
55453. Description=Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
55454. Source=Paul Collins Startup list
55455.  
55456. [pigglett]
55457. Number=7874
55458. Confirmed=X
55459. Filename=pigglett.exe
55460. Description=Added by a variant of the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Small.EP&threatid=45711" target="_blank">SMALL.EP</a> TROJAN!
55461. Source=Paul Collins Startup list
55462.  
55463. [piiserviceOE]
55464. Number=7875
55465. Confirmed=U
55466. Filename=N/A
55467. Description=<a href="http://www.giantcompany.com/" target=_blank>Spam Inspector</a> (nee Postal Inspector) from The Giant Company or <a href="http://www.sunbelt-software.com/product.cfm?id=930" target=_blank>iHateSpam</a> from Sunbelt Software - spam filter add-ons for OE
55468. Source=Paul Collins Startup list
55469.  
55470. [pilif]
55471. Number=7876
55472. Confirmed=X
55473. Filename=pilif.exe
55474. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100613-1042-99" target="_blank">FILI</a> WORM!
55475. Source=Paul Collins Startup list
55476.  
55477. [Pinger]
55478. Number=7877
55479. Confirmed=N
55480. Filename=pinger.exe
55481. Description=Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
55482. Source=Paul Collins Startup list
55483.  
55484. [PingTimeout Institution]
55485. Number=7878
55486. Confirmed=X
55487. Filename=pingchek.exe
55488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvy.html" target=_blank>SDBOT-VY</a> WORM!
55489. Source=Paul Collins Startup list
55490.  
55491. [PingTimeout Institution]
55492. Number=7879
55493. Confirmed=X
55494. Filename=internal.exe
55495. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMH" target="_blank">SDBOT.BMH</a> WORM!
55496. Source=Paul Collins Startup list
55497.  
55498. [PinnacleDriverCheck]
55499. Number=7880
55500. Confirmed=Y
55501. Filename=PSDrvCheck.exe
55502. Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
55503. Source=Paul Collins Startup list
55504.  
55505. [Piolet]
55506. Number=7881
55507. Confirmed=N
55508. Filename=piolet.exe
55509. Description=<a href="http://www.piolet.com/" target="_blank">Piolet</a> - peer-to-peer file sharing client
55510. Source=Paul Collins Startup list
55511.  
55512. [PIPE SYSTEM]
55513. Number=7882
55514. Confirmed=X
55515. Filename=pipe.exe
55516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobff.html" target=_blank>MYTOB-FF</a> WORM!
55517. Source=Paul Collins Startup list
55518.  
55519. [Piracy]
55520. Number=7883
55521. Confirmed=N
55522. Filename=SysUtil.exe
55523. Description=Software Piracy Alert feature bundled with <a href="http://www.pgware.com/products/gamegain/" target=_blank>PGWare</a> software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users"
55524.  
55525. Source=Paul Collins Startup list
55526.  
55527. [PivotSoftware]
55528. Number=7884
55529. Confirmed=N
55530. Filename=wpctrl.exe
55531. Description=PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
55532. Source=Paul Collins Startup list
55533.  
55534. [Pixel32]
55535. Number=7885
55536. Confirmed=X
55537. Filename=Pixel32.exe
55538. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
55539. Source=Paul Collins Startup list
55540.  
55541. [Pixelpwr32]
55542. Number=7886
55543. Confirmed=X
55544. Filename=Pixelpwr32.exe
55545. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
55546. Source=Paul Collins Startup list
55547.  
55548. [Pixelsvr]
55549. Number=7887
55550. Confirmed=X
55551. Filename=Pixelsvr.exe
55552. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
55553. Source=Paul Collins Startup list
55554.  
55555. [pjWebCam]
55556. Number=7888
55557. Confirmed=U
55558. Filename=pjWebCam.exe
55559. Description=Webcam automation software that saves regular photos from webcam and can also act as HTTP server
55560. Source=Paul Collins Startup list
55561.  
55562. [PK Guard]
55563. Number=7889
55564. Confirmed=X
55565. Filename=pkguard32.exe
55566. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082311-0208-99" target=_blank>GUAPIM</a> WORM!
55567. Source=Paul Collins Startup list
55568.  
55569. [PK Services]
55570. Number=7890
55571. Confirmed=X
55572. Filename=pksvc.exe
55573. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbw.html" target=_blank>FORBOT-BW</a> WORM!
55574.  
55575. Source=Paul Collins Startup list
55576.  
55577. [PktAnything]
55578. Number=7891
55579. Confirmed=U
55580. Filename=PocketCompanion.exe
55581. Description=<a href="http://www.o2pocket.com/pocketanythinginfo" target=_blank>PocketAnything</a> lets you save anything on your computer to your mobile, with one click
55582. Source=Paul Collins Startup list
55583.  
55584. [Planlµgningsagent]
55585. Number=7892
55586. Confirmed=U
55587. Filename=mstask.exe
55588. Description=Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on
55589. Source=Paul Collins Startup list
55590.  
55591. [Plasdll service]
55592. Number=7893
55593. Confirmed=X
55594. Filename=[random filename]
55595. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
55596. Source=Paul Collins Startup list
55597.  
55598. [Playboy]
55599. Number=7894
55600. Confirmed=X
55601. Filename=playavi.exe
55602. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092709-2346-99" target=_blank>GAMANLOCK</a> TROJAN!
55603. Source=Paul Collins Startup list
55604.  
55605. [PLEAPCPUCPL]
55606. Number=7895
55607. Confirmed=U
55608. Filename=pleapu.exe
55609. Description=CPU Control Panel for the <a href="http://www.powerleap.com/" target="_blank">Powerleap</a> CPU upgrade
55610. Source=Paul Collins Startup list
55611.  
55612. [PLFFAP]
55613. Number=7896
55614. Confirmed=?
55615. Filename=HotfixQ0306270.exe
55616. Description=Prolific Technology Inc. USB Flash Disk driver - <font color="#FF0000">is it required in startup?</font>
55617. Source=Paul Collins Startup list
55618.  
55619. [Plguni]
55620. Number=7897
55621. Confirmed=N
55622. Filename=Plguni.exe
55623. Description=<a href="http://www.mcafee.com/myapps/qc3/default.asp" target="_blank">McAfee QuickClean 3.0</a> - removes internet clutter and unwanted programs
55624. Source=Paul Collins Startup list
55625.  
55626. [plmg.exe]
55627. Number=7898
55628. Confirmed=U
55629. Filename=plmg.exe
55630. Description=Paragon Last Minute Bidder - auction assistant software
55631. Source=Paul Collins Startup list
55632.  
55633. [PLoader]
55634. Number=7899
55635. Confirmed=?
55636. Filename=umsd.exe
55637. Description=USB Mass Storage Disk related tray icon. <font color="#FF0000">Is it required?</font>
55638. Source=Paul Collins Startup list
55639.  
55640. [Plob]
55641. Number=7900
55642. Confirmed=X
55643. Filename=kernel.com
55644. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.12" target="_blank">OPTIXPRO.12</a> TROJAN!
55645. Source=Paul Collins Startup list
55646.  
55647. [Plook]
55648. Number=7901
55649. Confirmed=X
55650. Filename=plook.exe
55651. Description=AffiliateTarget.com alias <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101114-0118-99" target=_blank>PLook</a> adware
55652. Source=Paul Collins Startup list
55653.  
55654. [Pluck Tray]
55655. Number=7902
55656. Confirmed=U
55657. Filename=PluckTray.exe
55658. Description=RSS (XML TAGS) reader program
55659. Source=Paul Collins Startup list
55660.  
55661. [PluckSvr]
55662. Number=7903
55663. Confirmed=?
55664. Filename=PluckUpdater.exe
55665. Description=<a href="http://www.pluck.com/" target=_blank>Pluck</a> Toolbar updater
55666. Source=Paul Collins Startup list
55667.  
55668. [Plug And Play]
55669. Number=7904
55670. Confirmed=X
55671. Filename=msnmsg.exe
55672. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotid.html" target=_blank>RBOT-ID</a> WORM!
55673. Source=Paul Collins Startup list
55674.  
55675. [Pluto! Pager]
55676. Number=7905
55677. Confirmed=X
55678. Filename=srvhandle.exe
55679. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3251-99" target=_blank>REDPLUT</a> VIRUS!
55680. Source=Paul Collins Startup list
55681.  
55682. [PLXSTART]
55683. Number=7906
55684. Confirmed=U
55685. Filename=PLXSTART.EXE
55686. Description=Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.
55687. Source=Paul Collins Startup list
55688.  
55689. [PLXTASK]
55690. Number=7907
55691. Confirmed=N
55692. Filename=PLXTASK.EXE
55693. Description=Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
55694. Source=Paul Collins Startup list
55695.  
55696. [pm32ctrl]
55697. Number=7908
55698. Confirmed=X
55699. Filename=pwr32crtl.exe
55700. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
55701. Source=Paul Collins Startup list
55702.  
55703. [pm32info]
55704. Number=7909
55705. Confirmed=X
55706. Filename=pm32info.exe
55707. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
55708. Source=Paul Collins Startup list
55709.  
55710. [pmc]
55711. Number=7910
55712. Confirmed=X
55713. Filename=764.exe
55714. Description=Adult content dialler
55715. Source=Paul Collins Startup list
55716.  
55717. [pmcqt]
55718. Number=7911
55719. Confirmed=X
55720. Filename=pmcqt.exe
55721. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucav.html" target=_blank>DLUCA-V</a> TROJAN!
55722. Source=Paul Collins Startup list
55723.  
55724. [Pmedia]
55725. Number=7912
55726. Confirmed=X
55727. Filename=winsrvc.exe
55728. Description=Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see <a href="http://vil.nai.com/vil/content/v_99760.htm" target="_blank">here</a>. Treated by Trend as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRIENDGRT.B" target="_blank">FRIENDGRT.B</a> WORM!
55729. Source=Paul Collins Startup list
55730.  
55731. [PmProxy]
55732. Number=7913
55733. Confirmed=?
55734. Filename=PmProxy.exe
55735. Description=Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. <font color="#FF0000">What does it do and is it required?</font>
55736. Source=Paul Collins Startup list
55737.  
55738. [pmr]
55739. Number=7914
55740. Confirmed=X
55741. Filename=pmr.exe
55742. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PowerStrip&threatid=14844" target="_blank">PowerStrip</a> foistware. Note - this is not the same as the video tweaking utility of the same name <a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">here</a>
55743. Source=Paul Collins Startup list
55744.  
55745. [PMT]
55746. Number=7915
55747. Confirmed=U
55748. Filename=personalmoneytree.exe
55749. Description=According to the web site <a href="http://www.personalmoneytree.com/" target=_blank>Personal Money Tree</a> is an automatic cash rebate program. Note: Not recommended
55750. Source=Paul Collins Startup list
55751.  
55752. [PMTSHOOT]
55753. Number=7916
55754. Confirmed=N
55755. Filename=pmtshoot.exe
55756. Description=MS tool for troubleshooting power management problems
55757. Source=Paul Collins Startup list
55758.  
55759. [PMXInit]
55760. Number=7917
55761. Confirmed=U
55762. Filename=pmxinit.exe
55763. Description=Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma 
55764. Source=Paul Collins Startup list
55765.  
55766. [PNAgent]
55767. Number=7918
55768. Confirmed=N
55769. Filename=PNAgent.exe
55770. Description=<a href="http://www.phatnoise.com/products/software/music_manager.php" target="_blank">PhatNoise Music Manager</a> - manages WMA, MP3, WAV, etc music files
55771. Source=Paul Collins Startup list
55772.  
55773. [PNP]
55774. Number=7919
55775. Confirmed=X
55776. Filename=wuaaclt.exe
55777. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lilbrea.html" target=_blank>LILBRE-A</a> WORM!
55778. Source=Paul Collins Startup list
55779.  
55780. [PnP Driver]
55781. Number=7920
55782. Confirmed=X
55783. Filename=playboy.exe
55784. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfr.html" target=_blank>FORBOT-FR</a> WORM!
55785. Source=Paul Collins Startup list
55786.  
55787. [PNP FIX]
55788. Number=7921
55789. Confirmed=X
55790. Filename=[worm filename]
55791. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakq.html" target=_blank>RBOT-AKQ</a> WORM!
55792. Source=Paul Collins Startup list
55793.  
55794. [Pnpchk]
55795. Number=7922
55796. Confirmed=U
55797. Filename=Pnpchk.exe
55798. Description=<a target="_blank" href="http://www.aztech.com/">Aztech Labs</a> Sound 3 PnP driver
55799. Source=Paul Collins Startup list
55800.  
55801. [pnpsvc_lock]
55802. Number=7923
55803. Confirmed=X
55804. Filename=******.exe [* = random digit]
55805. Description=Browser hijacker
55806. Source=Paul Collins Startup list
55807.  
55808. [pnpsvc_lock]
55809. Number=7924
55810. Confirmed=X
55811. Filename=startsvs.exe
55812. Description=Browser hijacker
55813. Source=Paul Collins Startup list
55814.  
55815. [PNSetup]
55816. Number=7925
55817. Confirmed=U
55818. Filename=PNSetup.exe
55819. Description=<a href="http://www.hdsoft.com/?0.1" target="_blank">PopNot</a> - pop-up killer
55820. Source=Paul Collins Startup list
55821.  
55822. [PNtask Services]
55823. Number=7926
55824. Confirmed=X
55825. Filename=pntask.exe
55826. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-5345-99" target="_blank">LALA.C</a> TROJAN!
55827. Source=Paul Collins Startup list
55828.  
55829. [pnvifj]
55830. Number=7927
55831. Confirmed=X
55832. Filename=jusodl.exe 
55833. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=6907" target="_blank">QQPASS.48436</a> TROJAN!
55834. Source=Paul Collins Startup list
55835.  
55836. [Pocket Sheet Sync]
55837. Number=7928
55838. Confirmed=U
55839. Filename=PSXLTRAY.EXE
55840. Description=Casio <a href="http://www.pcsync.de/download/e_pocketsheet.asp" target="_blank"> Pocket Sheet</a> synchronization software
55841. Source=Paul Collins Startup list
55842.  
55843. [Poet]
55844. Number=7929
55845. Confirmed=X
55846. Filename=Poet.exe
55847. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-063013-4800-99" target="_blank">DOEP.A</a> WORM!
55848. Source=Paul Collins Startup list
55849.  
55850. [Pofatch]
55851. Number=7930
55852. Confirmed=X
55853. Filename=nstrue.exe
55854. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110610-2833-99" target="_blank">RANDEX.Z</a> WORM!
55855. Source=Paul Collins Startup list
55856.  
55857. [point32]
55858. Number=7931
55859. Confirmed=U
55860. Filename=point32.exe
55861. Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
55862. Source=Paul Collins Startup list
55863.  
55864. [POINTER]
55865. Number=7932
55866. Confirmed=U
55867. Filename=point32.exe
55868. Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
55869. Source=Paul Collins Startup list
55870.  
55871. [Points Manager]
55872. Number=7933
55873. Confirmed=X
55874. Filename=points manager.exe
55875. Description=Altnet <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080415-0053-99" target=_blank>TopSearch</a> adware
55876. Source=Paul Collins Startup list
55877.  
55878. [Pollon]
55879. Number=7934
55880. Confirmed=X
55881. Filename=pollone.exe
55882. Description=Added by the <a href="http://se.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.FW" target=_blank>SPYBOT.FW</a> WORM!
55883. Source=Paul Collins Startup list
55884.  
55885. [polo.exe]
55886. Number=7935
55887. Confirmed=X
55888. Filename=polo.exe
55889. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentpe.html" target=_blank>AGENT-PE</a> TROJAN!
55890. Source=Paul Collins Startup list
55891.  
55892. [POP]
55893. Number=7936
55894. Confirmed=X
55895. Filename=PopSrv***.exe
55896. Description=<a href="http://www.pchell.com/support/peopleonpage.shtml" target="_blank">PeopleonPage</a> foistware, bundled with Grokster where *** are random digits
55897. Source=Paul Collins Startup list
55898.  
55899. [POP Manager]
55900. Number=7937
55901. Confirmed=X
55902. Filename=popmgr.exe
55903. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrpyv.html" target="_blank">BCKDR-PYV</a> TROJAN!
55904. Source=Paul Collins Startup list
55905.  
55906. [Pop-Up Smasher]
55907. Number=7938
55908. Confirmed=U
55909. Filename=PopupSmasher.exe
55910. Description=<a href="http://www.popupsmasher.com/" target="_blank">Pop-Up Smasher</a> - pop-up killer
55911. Source=Paul Collins Startup list
55912.  
55913. [Pop-Up Stopper]
55914. Number=7939
55915. Confirmed=U
55916. Filename=dpps2.exe
55917. Description=<a href="http://www.popupstopper.net/product_dpps.html" target="_blank">Pop-Up Stopper</a> Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
55918. Source=Paul Collins Startup list
55919.  
55920. [Pop-Up_Blocker]
55921. Number=7940
55922. Confirmed=U
55923. Filename=Popup.exe
55924. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
55925. Source=Paul Collins Startup list
55926.  
55927. [Pop-Up_Scanner]
55928. Number=7941
55929. Confirmed=U
55930. Filename=Popupscn.exe
55931. Description=<a href="http://www.panicware.com/" target=_blank>Panicware</a> popup blocker
55932. Source=Paul Collins Startup list
55933.  
55934. [pop06ap]
55935. Number=7942
55936. Confirmed=X
55937. Filename=pop06ap2.exe
55938. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
55939. Source=Paul Collins Startup list
55940.  
55941. [pop06apelt]
55942. Number=7943
55943. Confirmed=X
55944. Filename=thiselt.exe
55945. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
55946. Source=Paul Collins Startup list
55947.  
55948. [pop3 Server]
55949. Number=7944
55950. Confirmed=U
55951. Filename=config.cfg
55952. Description=Part of <a href="http://sourceforge.net/projects/html2pop3/" target="_blank">HTML2POP3</a> - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"
55953. Source=Paul Collins Startup list
55954.  
55955. [pop3trap.exe]
55956. Number=7945
55957. Confirmed=Y
55958. Filename=pop3trap.exe
55959. Description=PC-Cillin 2000 antivirus software -> E-mail scanner
55960. Source=Paul Collins Startup list
55961.  
55962. [PopeSvr]
55963. Number=7946
55964. Confirmed=X
55965. Filename=PopeSvr.exe
55966. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraj.html" target=_blank>LEGMIR-AJ</a> TROJAN!
55967. Source=Paul Collins Startup list
55968.  
55969. [PopMark]
55970. Number=7947
55971. Confirmed=X
55972. Filename=WinTask.exe
55973. Description="Pop Marketing" adware
55974. Source=Paul Collins Startup list
55975.  
55976. [PopNot]
55977. Number=7948
55978. Confirmed=U
55979. Filename=PopNot.exe
55980. Description=<a href="http://www.hdsoft.com/?0.1" target="_blank">PopNot</a> - pop-up killer
55981. Source=Paul Collins Startup list
55982.  
55983. [PopOops]
55984. Number=7949
55985. Confirmed=U
55986. Filename=PopOops.exe
55987. Description=<a href="http://www.gasanov.net/PopOops.htm" target="_blank">PopOops</a> - pop-up killer
55988. Source=Paul Collins Startup list
55989.  
55990. [Popopen]
55991. Number=7950
55992. Confirmed=U
55993. Filename=popopen.exe
55994. Description=<a href="http://www.pcworld.com/downloads/file/fid,4719-order,1-page,1-c,alldownloads/description.html" target="_blank">PopOpen</a> makes your windows spring open with animation effects
55995. Source=Paul Collins Startup list
55996.  
55997. [Poproxy]
55998. Number=7951
55999. Confirmed=Y
56000. Filename=POPROXY.EXE
56001. Description=Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
56002. Source=Paul Collins Startup list
56003.  
56004. [popsrv146]
56005. Number=7952
56006. Confirmed=X
56007. Filename=popsrv146.exe
56008. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
56009. Source=Paul Collins Startup list
56010.  
56011. [PopSubtract]
56012. Number=7953
56013. Confirmed=U
56014. Filename=PopSub.exe
56015. Description=<a href="http://www.popsubtract.com/features.html" target="_blank">PopSubtract</a> - pop-up killer
56016. Source=Paul Collins Startup list
56017.  
56018. [Popup Ad Filter]
56019. Number=7954
56020. Confirmed=U
56021. Filename=PopFilter.exe
56022. Description=<a href="http://www.meaya.com/" target="_blank">Popup Ad Filter</a> - pop-up killer
56023. Source=Paul Collins Startup list
56024.  
56025. [Popup and Advertisement Killers]
56026. Number=7955
56027. Confirmed=U
56028. Filename=adkillers.exe
56029. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotddh.html" target="_blank">RBOT-DDH</a> WORM!
56030. Source=Paul Collins Startup list
56031.  
56032. [Popup Blocker System]
56033. Number=7956
56034. Confirmed=X
56035. Filename=PopUpBlocker.exe
56036. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
56037. Source=Paul Collins Startup list
56038.  
56039. [Popup Blocker System326a Monitoring]
56040. Number=7957
56041. Confirmed=X
56042. Filename=PopUpBlocker6a.exe
56043. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUH&VSect=P" target=_blank>RBOT.AUH</a> WORM!
56044. Source=Paul Collins Startup list
56045.  
56046. [Popup Blocker System8 Monitoring]
56047. Number=7958
56048. Confirmed=X
56049. Filename=PopUpBlocker8.exe
56050. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
56051. Source=Paul Collins Startup list
56052.  
56053. [Popup Blocker Updater]
56054. Number=7959
56055. Confirmed=X
56056. Filename=regsvr32 [path] veev****.dll [* = random char]
56057. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
56058. Source=Paul Collins Startup list
56059.  
56060. [PopUp Buster+]
56061. Number=7960
56062. Confirmed=U
56063. Filename=popupbuster.exe
56064. Description=PopUp Buster - free Pop-up blocker
56065. Source=Paul Collins Startup list
56066.  
56067. [Popup Defence Updater]
56068. Number=7961
56069. Confirmed=X
56070. Filename=regsvr32 [path] pdf****.dll [* = random char]
56071. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
56072. Source=Paul Collins Startup list
56073.  
56074. [Popup Defender]
56075. Number=7962
56076. Confirmed=U
56077. Filename=PD.exe
56078. Description=<a  href="http://www.pcworld.com/downloads/file/fid,22573-order,1-page,1-c,alldownloads/description.html" target="_blank">Popup Defender</a> - pop-up killer
56079. Source=Paul Collins Startup list
56080.  
56081. [Popup Terminator]
56082. Number=7963
56083. Confirmed=U
56084. Filename=GLADManager.exe
56085. Description=<a href="http://www.gleanersoft.com/popupterminator/info.html" target="_blank">Popup Terminator</a> - pop-up killer
56086. Source=Paul Collins Startup list
56087.  
56088. [PopupEliminator]
56089. Number=7964
56090. Confirmed=U
56091. Filename=Popup Eliminator.exe
56092. Description=<a href="http://www.popupeliminator.info/" target="_blank">Popup Eliminator</a> - pop-up killer
56093. Source=Paul Collins Startup list
56094.  
56095. [PopUpKiller]
56096. Number=7965
56097. Confirmed=U
56098. Filename=PopUpKiller.exe
56099. Description=<a href="http://software.xfx.net/utilities/popupkiller/index.php" target="_blank">PopUpKiller</a> - pop-up killer
56100. Source=Paul Collins Startup list
56101.  
56102. [popuppers]
56103. Number=7966
56104. Confirmed=X
56105. Filename=newpop63.exe
56106. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
56107. Source=Paul Collins Startup list
56108.  
56109. [popuppers64]
56110. Number=7967
56111. Confirmed=X
56112. Filename=a64sddd.exe
56113. Description=Popuppers adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneaa.html" target= blank>LOWZONE-AA</a> TROJAN!
56114. Source=Paul Collins Startup list
56115.  
56116. [popuppers65]
56117. Number=7968
56118. Confirmed=X
56119. Filename=[path to file]
56120. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
56121. Source=Paul Collins Startup list
56122.  
56123. [PopUpStopperCompanion]
56124. Number=7969
56125. Confirmed=U
56126. Filename=PSComp.exe
56127. Description=<a href="http://www.panicware.com/product_companion.html" target=_blank>PopupStopper Companion</a> popup blocker
56128.  
56129. Source=Paul Collins Startup list
56130.  
56131. [PopUpStopperFreeEdition]
56132. Number=7970
56133. Confirmed=U
56134. Filename=PSFREE.EXE
56135. Description=Panicware's <a href="http://www.panicware.com/product_psfree.html" target="_blank">Pop-Up Stopper</a> - free limited features version
56136. Source=Paul Collins Startup list
56137.  
56138. [PopUpStopperProfessional]
56139. Number=7971
56140. Confirmed=U
56141. Filename=PopUpStopperProfessional.exe
56142. Description=Panicware's <a href="http://www.panicware.com/popupstopper.html" target="_blank">Pop-Up Stopper</a> - paid for version
56143. Source=Paul Collins Startup list
56144.  
56145. [PopupVanish]
56146. Number=7972
56147. Confirmed=U
56148. Filename=PopupVanish.exe
56149. Description=Pop-up blocker
56150. Source=Paul Collins Startup list
56151.  
56152. [PopUpWasher]
56153. Number=7973
56154. Confirmed=U
56155. Filename=PopUpWasher.exe
56156. Description=<a href="http://www.webroot.com/consumer/products/popupwasher/" target="_blank">PopUpWasher</a> pop-up killer
56157. Source=Paul Collins Startup list
56158.  
56159. [PopUpWatch]
56160. Number=7974
56161. Confirmed=N
56162. Filename=PopUpWatch.exe
56163. Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
56164. Source=Paul Collins Startup list
56165.  
56166. [POS-Partnerbatchprocessor]
56167. Number=7975
56168. Confirmed=?
56169. Filename=BATCH.EXE
56170. Description=VISA credit card batch processing related to Appcon. <font color="#FF0000">Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?</font>
56171. Source=Paul Collins Startup list
56172.  
56173. [Post-It(r) Software]
56174. Number=7976
56175. Confirmed=N
56176. Filename=Psnotes.exe
56177. Description=Pop-up "yellow" notes on screen. Available via Start -> Programs
56178. Source=Paul Collins Startup list
56179.  
56180. [POW!]
56181. Number=7977
56182. Confirmed=U
56183. Filename=pow.exe
56184. Description=Pop-up killer
56185. Source=Paul Collins Startup list
56186.  
56187. [Power Scan]
56188. Number=7978
56189. Confirmed=X
56190. Filename=powerscan.exe
56191. Description=Foistware by Integrated Search Technologies - the people behind <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
56192.  
56193. Source=Paul Collins Startup list
56194.  
56195. [Power2GoExpress]
56196. Number=7979
56197. Confirmed=U
56198. Filename=Power2GoExpress.exe
56199. Description=<a href="http://www.cyberlink.com/multi/products/main_24_ENU.html" target=_blank>Power2GoExpress</a> - all media disc burning software
56200.  
56201. Source=Paul Collins Startup list
56202.  
56203. [PowerBar]
56204. Number=7980
56205. Confirmed=N
56206. Filename=Powerbar.exe
56207. Description=Part of Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> software. Not sure what exactly it does, but not required in startup
56208.  
56209. Source=Paul Collins Startup list
56210.  
56211. [PowerChute]
56212. Number=7981
56213. Confirmed=Y
56214. Filename=Pwrchute.exe
56215. Description="During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff"
56216. Source=Paul Collins Startup list
56217.  
56218. [PowerChute]
56219. Number=7982
56220. Confirmed=X
56221. Filename=Pwrchute.exe
56222. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN! Note - this is located in the Program Files\APC_Power directory
56223. Source=Paul Collins Startup list
56224.  
56225. [PowerDOCSAPIHost]
56226. Number=7983
56227. Confirmed=U
56228. Filename=papihost.exe
56229. Description=<a href="http://www.imageware.ch/tr/products/dms/powerdocs.jsp" target="_blank">Hummingbird PowerDOCS</a> - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"
56230. Source=Paul Collins Startup list
56231.  
56232. [PowerDVD]
56233. Number=7984
56234. Confirmed=N
56235. Filename=PowerDVD.exe
56236. Description=Launches Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually
56237.  
56238. Source=Paul Collins Startup list
56239.  
56240. [PowerKey]
56241. Number=7985
56242. Confirmed=U
56243. Filename=PowerKey.exe
56244. Description=Part of <a href="http://global.acer.com/" target="_blank">Acer</a> Launch Manager - programmable keys on such laptops as the TravelMate 610
56245. Source=Paul Collins Startup list
56246.  
56247. [PowerManagement]
56248. Number=7986
56249. Confirmed=X
56250. Filename=Rundlll.exe
56251. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091909-3458-99" target="_blank">SURDUX</a> TROJAN!
56252. Source=Paul Collins Startup list
56253.  
56254. [PowerManager]
56255. Number=7987
56256. Confirmed=X
56257. Filename=Svchost.exe
56258. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100277" target=_blank>JEEFO</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
56259. Source=Paul Collins Startup list
56260.  
56261. [PowerPanel]
56262. Number=7988
56263. Confirmed=Y
56264. Filename=POWPANEL.EXE
56265. Description=Power management utility on notebooks/laptops - automatically switches modes when running on battery
56266. Source=Paul Collins Startup list
56267.  
56268. [PowerPanel Personal Edition User Interaction]
56269. Number=7989
56270. Confirmed=U
56271. Filename=pppeuser.exe
56272. Description=CyberPower <a href="http://www.cyberpowersystems.com/pp_pe.asp" target="_blank">PowerPanel Personal Edition</a> UPS Monitoring & Control Software - "is included with CyberPower's products. This exclusive software allows control and monitoring of your UPS to provide protection for your computer system, components, peripherals, and most importantly, your data"
56273. Source=Paul Collins Startup list
56274.  
56275. [PowerPrifile]
56276. Number=7990
56277. Confirmed=X
56278. Filename=rundl132 kenel.dll, PowerProfileEnable
56279. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101016-3833-99" target="_blank">INMOTA</a> WORM!
56280. Source=Paul Collins Startup list
56281.  
56282. [PowerPro]
56283. Number=7991
56284. Confirmed=U
56285. Filename=powerpro.exe
56286. Description=Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program
56287. Source=Paul Collins Startup list
56288.  
56289. [PowerProf]
56290. Number=7992
56291. Confirmed=X
56292. Filename=PowerProf.exe
56293. Description=Added by the LOREX.B TROJAN!
56294. Source=Paul Collins Startup list
56295.  
56296. [PowerProfile]
56297. Number=7993
56298. Confirmed=X
56299. Filename=mfcp30.exe
56300. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrindasa.html" target= blank>RINDAS-A</a> TROJAN!
56301. Source=Paul Collins Startup list
56302.  
56303. [PowerQuest Startup Utility]
56304. Number=7994
56305. Confirmed=N
56306. Filename=PQINIT.EXE
56307. Description=From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems"
56308. Source=Paul Collins Startup list
56309.  
56310. [PowerReg Scheduler]
56311. Number=7995
56312. Confirmed=N
56313. Filename=PowerReg Scheduler.exe
56314. Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
56315. Source=Paul Collins Startup list
56316.  
56317. [PowerReg SchedulerV2]
56318. Number=7996
56319. Confirmed=N
56320. Filename=PowerReg SchedulerV2.exe
56321. Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
56322. Source=Paul Collins Startup list
56323.  
56324. [PowerReg SchedulerV3]
56325. Number=7997
56326. Confirmed=N
56327. Filename=PowerReg SchedulerV3.exe
56328. Description=<a href="http://www.leadertech.com/register.htm" target="_blank">PowerREGISTER</a> from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
56329. Source=Paul Collins Startup list
56330.  
56331. [POWERR~1]
56332. Number=7998
56333. Confirmed=?
56334. Filename=POWERR~1.exe
56335. Description=<font color="#FF0000">Power monitoring?</font>
56336. Source=Paul Collins Startup list
56337.  
56338. [PowerS]
56339. Number=7999
56340. Confirmed=?
56341. Filename=PowerS.exe
56342. Description=<a href="http://www.prolink-usa.com/" target="_blank">Prolink</a>Test for either their AGP graphics card or TV/FM capture card. <font color="#FF0000">Is it required?</font>
56343.  
56344. Source=Paul Collins Startup list
56345.  
56346. [PowerSet]
56347. Number=8000
56348. Confirmed=?
56349. Filename=Regedit.exe /s ...PowerSet_8100_CU.REG
56350. Description=<font color="#FF0000">Appears to be Toshiba power management related</font>
56351. Source=Paul Collins Startup list
56352.  
56353. [PowerStrip]
56354. Number=8001
56355. Confirmed=N
56356. Filename=powerstrip.exe
56357. Description=<a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
56358. Source=Paul Collins Startup list
56359.  
56360. [PowerStrip]
56361. Number=8002
56362. Confirmed=N
56363. Filename=PSTRIP.EXE
56364. Description=<a href="http://www.entechtaiwan.com/util/ps.shtm" target="_blank">PowerStrip</a> is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
56365. Source=Paul Collins Startup list
56366.  
56367. [PowerTools Tray Icon]
56368. Number=8003
56369. Confirmed=U
56370. Filename=pttray.exe
56371. Description=<a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank">PowerTools</a> - add-on for AOL
56372. Source=Paul Collins Startup list
56373.  
56374. [Powertweak]
56375. Number=8004
56376. Confirmed=U
56377. Filename=PT2.EXE
56378. Description="<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Use predefined settings' is enabled in the programs options
56379. Source=Paul Collins Startup list
56380.  
56381. [Powertweak]
56382. Number=8005
56383. Confirmed=U
56384. Filename=PTCTRL.EXE
56385. Description="<a href="http://www.powertweak.com/" target="_blank">Powertweak</a> is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if 'Configure system at logon' is enabled in the programs options
56386. Source=Paul Collins Startup list
56387.  
56388. [Power_Gear]
56389. Number=8006
56390. Confirmed=U
56391. Filename=BatteryLife.exe
56392. Description=Power management for all Asus notebook. Useful but not critical
56393. Source=Paul Collins Startup list
56394.  
56395. [PP Gamma]
56396. Number=8007
56397. Confirmed=U
56398. Filename=ppgamma.exe
56399. Description=<a href="http://www.ddisoftware.com/prism/" target="_blank">Profile Prism</a> software that allows monitor calibration and can generate ICC profiles for digital cameras
56400. Source=Paul Collins Startup list
56401.  
56402. [PP****usb]
56403. Number=8008
56404. Confirmed=N
56405. Filename=FBDirect.exe
56406. Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
56407. Source=Paul Collins Startup list
56408.  
56409. [PP2000 Instaupdate]
56410. Number=8009
56411. Confirmed=U
56412. Filename=PPInupdt.exe
56413. Description=Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
56414. Source=Paul Collins Startup list
56415.  
56416. [PP2000 Real Time Scan]
56417. Number=8010
56418. Confirmed=Y
56419. Filename=PPVstop.exe
56420. Description=Protector Plus anti-virus software - real time scanner
56421. Source=Paul Collins Startup list
56422.  
56423. [PP2000 Taskbar Control]
56424. Number=8011
56425. Confirmed=Y
56426. Filename=PPTbc.exe
56427. Description=Protector Plus anti-virus software - system tray access
56428. Source=Paul Collins Startup list
56429.  
56430. [PP3100b]
56431. Number=8012
56432. Confirmed=N
56433. Filename=flatbed.exe
56434. Description=Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop
56435. Source=Paul Collins Startup list
56436.  
56437. [ppass]
56438. Number=8013
56439. Confirmed=U
56440. Filename=Antispy.exe
56441. Description=<a href="http://www.antivirus-program.com/antivirus_program/antispy/" target="_blank">AntiSpy</a> firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"
56442. Source=Paul Collins Startup list
56443.  
56444. [PPControl]
56445. Number=8014
56446. Confirmed=U
56447. Filename=PPControl.exe
56448. Description=PestPatrol Control Terminal - utility that launched <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> features such as PPMemCheck and CookiePatrol before CA's acquisition
56449. Source=Paul Collins Startup list
56450.  
56451. [PPCRunonce]
56452. Number=8015
56453. Confirmed=U
56454. Filename=PPCRunOnce.exe
56455. Description=Related to PeoplePC ISP software - may display advertising, see <a href="http://www.spywaredata.com/spyware/threat_list/PEOPLEPC/result.php" target="_blank">here</a>
56456. Source=Paul Collins Startup list
56457.  
56458. [PPHIDPAD]
56459. Number=8016
56460. Confirmed=U
56461. Filename=pphidpad.exe
56462. Description=<a href="http://www.penpowerusa.com/ProductInfo.asp?Product ID=PPEJWCRC" target= blank>PenPower</a> Chinese handwriting recognition software
56463. Source=Paul Collins Startup list
56464.  
56465. [PPK Setup(Server)]
56466. Number=8017
56467. Confirmed=U
56468. Filename=SEServe.exe
56469. Description=Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended"
56470. Source=Paul Collins Startup list
56471.  
56472. [PPMemCheck]
56473. Number=8018
56474. Confirmed=U
56475. Filename=ppmemcheck.exe
56476. Description=PPMemCheck - used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's acquisition
56477. Source=Paul Collins Startup list
56478.  
56479. [PPPOEO]
56480. Number=8019
56481. Confirmed=X
56482. Filename=pingppac.exe
56483. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022817-3323-99" target=_blank>SPYBOT.KHC</a> WORM!
56484. Source=Paul Collins Startup list
56485.  
56486. [PProTray]
56487. Number=8020
56488. Confirmed=N
56489. Filename=pprotray.exe
56490. Description=Part of the power professional program. Loads the System Tray control
56491. Source=Paul Collins Startup list
56492.  
56493. [PPScheduler]
56494. Number=8021
56495. Confirmed=?
56496. Filename=PPScheduler.exe
56497. Description=Nuance (was ScanSoft) <a href="http://www.nuance.com/paperport/" target="_blank">PaperPort Scheduler</a> - <font color=#FF0000>what does it do and is it required?</font>
56498. Source=Paul Collins Startup list
56499.  
56500. [PPSVC]
56501. Number=8022
56502. Confirmed=U
56503. Filename=[path to file]
56504. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.pcpolice.html" target="_blank">PC Police</a> surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself
56505. Source=Paul Collins Startup list
56506.  
56507. [PPSYS]
56508. Number=8023
56509. Confirmed=U
56510. Filename=ppsys.exe
56511. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=PC Police&threatid=29174" target="_blank">PC Police</a> commercial keystroke logger. Uninstall this software if you did not install it yourself
56512. Source=Paul Collins Startup list
56513.  
56514. [pptd40nt]
56515. Number=8024
56516. Confirmed=N
56517. Filename=pptd40nt.exe
56518. Description="PaperPort" software associated with scanners
56519. Source=Paul Collins Startup list
56520.  
56521. [PPUpdate]
56522. Number=8025
56523. Confirmed=U
56524. Filename=ppupdater.exe
56525. Description=PPUpdater - updater that used to be part of <a href="http://www.pestpatrol.com/default.asp" target="_blank">PestPatrol</a> before CA's acquisition
56526. Source=Paul Collins Startup list
56527.  
56528. [PPWWebCap]
56529. Number=8026
56530. Confirmed=N
56531. Filename=PPWebCap.exe
56532. Description="PaperPort" software associated with scanners
56533. Source=Paul Collins Startup list
56534.  
56535. [pqhelper]
56536. Number=8027
56537. Confirmed=X
56538. Filename=pqhelper.exe
56539. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
56540. Source=Paul Collins Startup list
56541.  
56542. [PractiSearch]
56543. Number=8028
56544. Confirmed=U
56545. Filename=PSearch.exe
56546. Description=<a href="http://www.practisearch.com/" target="_blank">PractiSearch</a> web search software
56547. Source=Paul Collins Startup list
56548.  
56549. [Praize Messenger]
56550. Number=8029
56551. Confirmed=U
56552. Filename=itLoad.exe
56553. Description=<a target="_blank" href="http://www.praize.com/IM/">Praize IM</a> Christian chat instant messenger
56554. Source=Paul Collins Startup list
56555.  
56556. [Prayer]
56557. Number=8030
56558. Confirmed=U
56559. Filename=PTW.EXE
56560. Description=Islamic <a href="http://www.muhaddith.org/" target="_blank">Adhan</a> program (call fpr daily prayers)
56561. Source=Paul Collins Startup list
56562.  
56563. [prdtect]
56564. Number=8031
56565. Confirmed=X
56566. Filename=prdtect.exe
56567. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
56568. Source=Paul Collins Startup list
56569.  
56570. [PreAnnotate]
56571. Number=8032
56572. Confirmed=?
56573. Filename=PreAnntt.exe
56574. Description=Genius Wizard Pen Tablet driver related. <font color="#FF0000">Is it required?</font>
56575. Source=Paul Collins Startup list
56576.  
56577. [Precision Time Clock Checker]
56578. Number=8033
56579. Confirmed=N
56580. Filename=PrecisionTime.exe
56581. Description=Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time
56582. Source=Paul Collins Startup list
56583.  
56584. [PrecisionTime]
56585. Number=8034
56586. Confirmed=X
56587. Filename=PrecisionTime.exe
56588. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.PrecisionTime&threatid=9962" target="_blank">PrecisionTime</a> - clock synchronizing software containg spyware by Claria/GAIN. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
56589. Source=Paul Collins Startup list
56590.  
56591. [precpop2]
56592. Number=8035
56593. Confirmed=X
56594. Filename=starter.exe
56595. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021414-1601-99" target="_blank">PrecisionPop</a> adware
56596. Source=Paul Collins Startup list
56597.  
56598. [Prein]
56599. Number=8036
56600. Confirmed=X
56601. Filename=APP****.tmp [* = random char or digit]
56602. Description=Unidentified adware
56603. Source=Paul Collins Startup list
56604.  
56605. [Preload]
56606. Number=8037
56607. Confirmed=Y
56608. Filename=Preload.exe
56609. Description=Millenium Multi-Function Keyboard driver
56610. Source=Paul Collins Startup list
56611.  
56612. [PreloadApp]
56613. Number=8038
56614. Confirmed=?
56615. Filename=hphprld.exe
56616. Description=HP PhotoSmart printers related. <font color="#FF0000">What does it do and is it required?</font>
56617. Source=Paul Collins Startup list
56618.  
56619. [Premeter]
56620. Number=8039
56621. Confirmed=X
56622. Filename=nrpr.exe
56623. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
56624. Source=Paul Collins Startup list
56625.  
56626. [Premeter]
56627. Number=8040
56628. Confirmed=X
56629. Filename=prmt.exe
56630. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
56631. Source=Paul Collins Startup list
56632.  
56633. [Preview AdService]
56634. Number=8041
56635. Confirmed=X
56636. Filename=PrevAdServ.exe
56637. Description=Windupdates adware variant
56638. Source=Paul Collins Startup list
56639.  
56640. [PrevX]
56641. Number=8042
56642. Confirmed=X
56643. Filename=prevx.exe
56644. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottf.html" target="_blank">IRCBOT-TF</a> WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the <a href="http://www.prevx.com/" target="_blank">PrevX Home</a> intrusion prevention software
56645. Source=Paul Collins Startup list
56646.  
56647. [PrevxHome]
56648. Number=8043
56649. Confirmed=Y
56650. Filename=SAGUI.exe
56651. Description=<a href="http://www.prevx.com/" target=_blank>PrevX Home</a> intrusion prevention software
56652. Source=Paul Collins Startup list
56653.  
56654. [PrevxOne]
56655. Number=8044
56656. Confirmed=Y
56657. Filename=PXConsole.exe
56658. Description=<a href="http://www.prevx.com/" target=_blank>Prevx</a> intrusion prevention software
56659. Source=Paul Collins Startup list
56660.  
56661. [PrevxPro]
56662. Number=8045
56663. Confirmed=Y
56664. Filename=SAGUI.exe
56665. Description=<a href="http://www.prevx.com/" target=_blank>PrevX Home</a> intrusion prevention software
56666. Source=Paul Collins Startup list
56667.  
56668. [prgtect]
56669. Number=8046
56670. Confirmed=X
56671. Filename=prgtect.exe
56672. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
56673. Source=Paul Collins Startup list
56674.  
56675. [Price Patrol]
56676. Number=8047
56677. Confirmed=N
56678. Filename=neo.exe
56679. Description=<a href="http://corp.half.ebay.com/20010612.html" target="_blank">Price Patrol</a> by Half.com - internet shopping companion for finding the best on-line prices
56680. Source=Paul Collins Startup list
56681.  
56682. [PrimaLauncher]
56683. Number=8048
56684. Confirmed=?
56685. Filename=Launcher.exe
56686. Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
56687. Source=Paul Collins Startup list
56688.  
56689. [Primax 3D Mouse]
56690. Number=8049
56691. Confirmed=U
56692. Filename=3dmoused.exe
56693. Description=Enables the scroll button on the Primax 3-D Scroll mouse
56694. Source=Paul Collins Startup list
56695.  
56696. [Primsta]
56697. Number=8050
56698. Confirmed=?
56699. Filename=Primsta.exe
56700. Description=Linksys Wireless CompactFlash Card driver related. <font color="#FF0000"> Is it required?</font>
56701. Source=Paul Collins Startup list
56702.  
56703. [Print Driver Helper Service]
56704. Number=8051
56705. Confirmed=X
56706. Filename=crsrr.exe
56707. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbc.html" target=_blank>AGENT-BC</a> TROJAN!
56708. Source=Paul Collins Startup list
56709.  
56710. [Print Master Event Reminder]
56711. Number=8052
56712. Confirmed=N
56713. Filename=PMremind.exe
56714. Description=Print Master Gold - calander feature that pops up reminders, such as birthdays
56715. Source=Paul Collins Startup list
56716.  
56717. [Print Screen Deluxe]
56718. Number=8053
56719. Confirmed=N
56720. Filename=psdeluxe.exe
56721. Description=Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window
56722. Source=Paul Collins Startup list
56723.  
56724. [Print Services]
56725. Number=8054
56726. Confirmed=X
56727. Filename=spolserv32.exe
56728. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZP" target="_blank">RBOT.ZP</a> WORM!
56729. Source=Paul Collins Startup list
56730.  
56731. [print sharing]
56732. Number=8055
56733. Confirmed=X
56734. Filename=start.bat
56735. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
56736. Source=Paul Collins Startup list
56737.  
56738. [print sharing]
56739. Number=8056
56740. Confirmed=X
56741. Filename=[path] hidden32.exe [path] explorer.exe
56742. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090519-2614-99" target="_blank">ZCREW.B</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
56743. Source=Paul Collins Startup list
56744.  
56745. [Print Spooler]
56746. Number=8057
56747. Confirmed=X
56748. Filename=Spoolsv.exe
56749. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112315-1255-99" target="_blank">CIADOOR.B</a> TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
56750. Source=Paul Collins Startup list
56751.  
56752. [Print Spooler]
56753. Number=8058
56754. Confirmed=X
56755. Filename=spoolsvc32.exe
56756. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BB" target="_blank">SDBOT.BB</a> TROJAN!
56757. Source=Paul Collins Startup list
56758.  
56759. [Print Spooler]
56760. Number=8059
56761. Confirmed=X
56762. Filename=spools.exe
56763. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotld.html" target="_blank">RBOT-LD</a> WORM!
56764. Source=Paul Collins Startup list
56765.  
56766. [Print Spooler]
56767. Number=8060
56768. Confirmed=X
56769. Filename=spool.exe
56770. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooris.html" target=_blank>IS</a> TROJAN!
56771. Source=Paul Collins Startup list
56772.  
56773. [Print Spooler]
56774. Number=8061
56775. Confirmed=X
56776. Filename=spoolsv32.exe
56777. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.SW&VSect=P" target=_blank>RBOT.SW</a> WORM!
56778. Source=Paul Collins Startup list
56779.  
56780. [Printer]
56781. Number=8062
56782. Confirmed=N
56783. Filename=Spyassault.exe
56784. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
56785. Source=Paul Collins Startup list
56786.  
56787. [Printer]
56788. Number=8063
56789. Confirmed=X
56790. Filename=[path to file]
56791. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101411-3637-99" target=_blank>LOWTAPER</a> TROJAN!
56792. Source=Paul Collins Startup list
56793.  
56794. [Printer]
56795. Number=8064
56796. Confirmed=X
56797. Filename=dipset.exe
56798. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/Print119618.htm" target=_blank>FBSR</a> TROJAN!
56799.  
56800. Source=Paul Collins Startup list
56801.  
56802. [printer]
56803. Number=8065
56804. Confirmed=U
56805. Filename=SpyAssaultScanner.exe
56806. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080410-3022-99" target= blank>SpyAssault</a> keystroke logger/monitoring program - remove unless you installed it yourself!
56807. Source=Paul Collins Startup list
56808.  
56809. [printer]
56810. Number=8066
56811. Confirmed=N
56812. Filename=SpyAssaultScanner.exe
56813. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
56814. Source=Paul Collins Startup list
56815.  
56816. [Printer]
56817. Number=8067
56818. Confirmed=X
56819. Filename=vmmon32.exe
56820. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcsb.html" target="_blank">RBOT-CSB</a> WORM!
56821. Source=Paul Collins Startup list
56822.  
56823. [Printer Monitor]
56824. Number=8068
56825. Confirmed=X
56826. Filename=webprinter.exe
56827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotz.html" target= blank>IRCBOT-Z</a> TROJAN!
56828. Source=Paul Collins Startup list
56829.  
56830. [Printer Spool]
56831. Number=8069
56832. Confirmed=X
56833. Filename=updater.exe
56834. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
56835. Source=Paul Collins Startup list
56836.  
56837. [Printer spool Service]
56838. Number=8070
56839. Confirmed=X
56840. Filename=spool.exe
56841. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacp.html" target= blank>RBOT-ACP</a> WORM!
56842. Source=Paul Collins Startup list
56843.  
56844. [printer spooler]
56845. Number=8071
56846. Confirmed=X
56847. Filename=commonaccess.exe
56848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflb.html" target=_blank>DELF-LB</a> TROJAN!
56849. Source=Paul Collins Startup list
56850.  
56851. [Printer Spooler Subsystem]
56852. Number=8072
56853. Confirmed=X
56854. Filename=spoolss.exe
56855. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM! - Note - this is NOT the legitimate Windows <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/spoolss/" target= blank>spoolss.exe</a> process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
56856. Source=Paul Collins Startup list
56857.  
56858. [Printer Update]
56859. Number=8073
56860. Confirmed=?
56861. Filename=CFGREG.EXE
56862. Description=<font color="#FF0000">Maybe a registration reminder or automatically updates drivers or application software for a printer?</font>
56863. Source=Paul Collins Startup list
56864.  
56865. [PrinterSpool]
56866. Number=8074
56867. Confirmed=X
56868. Filename=[path] RESTORE.EXE [path] SPOOL.EXE
56869. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021917-2136-99" target="_blank">ALADINZ.K</a> TROJAN!
56870. Source=Paul Collins Startup list
56871.  
56872. [Printing Driver]
56873. Number=8075
56874. Confirmed=X
56875. Filename=msprint.exe
56876. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH" target=_blank>RBOT.JH</a> WORM!
56877. Source=Paul Collins Startup list
56878.  
56879. [Printkey2000]
56880. Number=8076
56881. Confirmed=N
56882. Filename=printkey2000.exe
56883. Description=Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required
56884. Source=Paul Collins Startup list
56885.  
56886. [PrintMngr]
56887. Number=8077
56888. Confirmed=X
56889. Filename=system.exe
56890. Description=Added by an unidentified TROJAN!
56891. Source=Paul Collins Startup list
56892.  
56893. [printnow]
56894. Number=8078
56895. Confirmed=N
56896. Filename=printnow.exe
56897. Description=<a href="http://www.pcmag.com/article2/0,4149,8418,00.asp" target="_blank">PrintNow</a> - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer
56898. Source=Paul Collins Startup list
56899.  
56900. [PrinTray]
56901. Number=8079
56902. Confirmed=N
56903. Filename=Printray.exe
56904. Description=Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray
56905. Source=Paul Collins Startup list
56906.  
56907. [PrintScreen]
56908. Number=8080
56909. Confirmed=N
56910. Filename=UNWISE.EXE
56911. Description=Gadwin <a href="http://www.gadwin.com/printscreen/" target="_blank">PrintScreen</a> - utility to capture, print or save the current window
56912. Source=Paul Collins Startup list
56913.  
56914. [Printscreen 95]
56915. Number=8081
56916. Confirmed=N
56917. Filename=PRT95MIN.EXE
56918. Description=<a href="http://www.printscreen95.com/" target="_blank">Printscreen 95</a> - utility to capture, print or save the current window
56919. Source=Paul Collins Startup list
56920.  
56921. [PrintSpoolSv]
56922. Number=8082
56923. Confirmed=X
56924. Filename=System.exe
56925. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoors.html" target="_blank">BDOOR-S</a> TROJAN!
56926. Source=Paul Collins Startup list
56927.  
56928. [PRISMSTA.EXE]
56929. Number=8083
56930. Confirmed=U
56931. Filename=PRISMSTA.EXE
56932. Description=Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
56933. Source=Paul Collins Startup list
56934.  
56935. [PRISMSVR]
56936. Number=8084
56937. Confirmed=U
56938. Filename=PRISMSVR.EXE
56939. Description=Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
56940. Source=Paul Collins Startup list
56941.  
56942. [Privacy Eraser Pro]
56943. Number=8085
56944. Confirmed=N
56945. Filename=PrivacyEraser.exe
56946. Description=<a href="http://www.privacyeraser.com/" target="_blank">Privacy Eraser Pro</a> - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities
56947. Source=Paul Collins Startup list
56948.  
56949. [PrivacyKeyboard]
56950. Number=8086
56951. Confirmed=U
56952. Filename=PrivacyKeyboard.exe
56953. Description=<a href="http://www.privacykeyboard.com/privacy-keyboard.html" target=_blank>PrivacyKeyboard</a> is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide"
56954. Source=Paul Collins Startup list
56955.  
56956. [PrivacyScanner]
56957. Number=8087
56958. Confirmed=X
56959. Filename=pscan.exe
56960. Description=Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to adult content websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase
56961.  
56962. Source=Paul Collins Startup list
56963.  
56964. [PrivateNet]
56965. Number=8088
56966. Confirmed=X
56967. Filename=[various filenames]
56968. Description=Premium rate adult content dialler
56969. Source=Paul Collins Startup list
56970.  
56971. [Privoxy]
56972. Number=8089
56973. Confirmed=U
56974. Filename=privoxy.exe
56975. Description=<a href="http://www.privoxy.org/" target="_blank">Privoxy</a> - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
56976. Source=Paul Collins Startup list
56977.  
56978. [PrizeSurfer]
56979. Number=8090
56980. Confirmed=X
56981. Filename=prizesurfer.exe
56982. Description="PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
56983. Source=Paul Collins Startup list
56984.  
56985. [prjtect]
56986. Number=8091
56987. Confirmed=X
56988. Filename=prjtect.exe
56989. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
56990. Source=Paul Collins Startup list
56991.  
56992. [prktect]
56993. Number=8092
56994. Confirmed=X
56995. Filename=prktect.exe
56996. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
56997. Source=Paul Collins Startup list
56998.  
56999. [prltect]
57000. Number=8093
57001. Confirmed=X
57002. Filename=prltect.exe
57003. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57004. Source=Paul Collins Startup list
57005.  
57006. [prmt]
57007. Number=8094
57008. Confirmed=X
57009. Filename=prmt.exe
57010. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=NetRatings%20Premeter&threatid=8994" target=_blank>NetRatings Premeter</a> spyware
57011. Source=Paul Collins Startup list
57012.  
57013. [prmtect]
57014. Number=8095
57015. Confirmed=X
57016. Filename=prmtect.exe
57017. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57018. Source=Paul Collins Startup list
57019.  
57020. [PrnSys Executable]
57021. Number=8096
57022. Confirmed=U
57023. Filename=PrnSys.exe
57024. Description=Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature
57025. Source=Paul Collins Startup list
57026.  
57027. [pro]
57028. Number=8097
57029. Confirmed=X
57030. Filename=[path to file]
57031. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspywadf.html" target=_blank>SPYWAD-F</a> TROJAN!
57032. Source=Paul Collins Startup list
57033.  
57034. [pro]
57035. Number=8098
57036. Confirmed=X
57037. Filename=SpySheriff.exe
57038. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspywadi.html" target=_blank>SPYWAD-I</a> TROJAN!
57039. Source=Paul Collins Startup list
57040.  
57041. [Pro PCL Status Monitor]
57042. Number=8099
57043. Confirmed=U
57044. Filename=PENGSS.EXE
57045. Description=Xerox printer/fax/copier status monitor (PCL = printer control language)
57046. Source=Paul Collins Startup list
57047.  
57048. [ProAntiVirus]
57049. Number=8100
57050. Confirmed=X
57051. Filename=ProAntiVirus.exe
57052. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftp.html" target="_blank">RBOT-FTP</a> WORM!
57053. Source=Paul Collins Startup list
57054.  
57055. [ProArt]
57056. Number=8101
57057. Confirmed=?
57058. Filename=ProArt.exe
57059. Description=<font color="#FF0000">??</font>
57060. Source=Paul Collins Startup list
57061.  
57062. [Proc992]
57063. Number=8102
57064. Confirmed=X
57065. Filename=[path to file]
57066. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotc.html" target=_blank>IXBOT-C</a> WORM!
57067. Source=Paul Collins Startup list
57068.  
57069. [Proc993]
57070. Number=8103
57071. Confirmed=X
57072. Filename=wqxfne.exe
57073. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ixbotd.html" target=_blank>IXBOT-D</a> WORM!
57074. Source=Paul Collins Startup list
57075.  
57076. [process.exe]
57077. Number=8104
57078. Confirmed=X
57079. Filename=process.exe
57080. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021316-4133-99" target=_blank>BANCOS.P</a> TROJAN!
57081. Source=Paul Collins Startup list
57082.  
57083. [ProcessGovernor]
57084. Number=8105
57085. Confirmed=U
57086. Filename=processgovernor.exe
57087. Description=<a href="http://www.symplasson.de/leistungen/standardsoftware/processgovernor/english" target="_blank">ProcessGuvernor</a> "helps regulate the CPU load on a computer running Microsoft Windows. It keeps single programs from hijacking the computer's performance and effectively causing a freeze for several minutes. ProcessGovernor automatically adjusts process priorities according to a predefined ruleset"
57088. Source=Paul Collins Startup list
57089.  
57090. [ProcessSupervisorGUI]
57091. Number=8106
57092. Confirmed=U
57093. Filename=ProcessSupervisor.exe
57094. Description=<a href="http://www.softpedia.com/get/Tweak/System-Tweak/Process-Supervisor.shtml" target="_blank">Process Supervisor</a> "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"
57095. Source=Paul Collins Startup list
57096.  
57097. [ProcessTamer]
57098. Number=8107
57099. Confirmed=U
57100. Filename=ProcessTamerTray.exe
57101. Description=Mouser's Software <a href="http://www.donationcoder.com/Software/Mouser/proctamer/index.html" target="_blank">Process Tamer</a> "is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes"
57102. Source=Paul Collins Startup list
57103.  
57104. [procmon]
57105. Number=8108
57106. Confirmed=X
57107. Filename=procmon.exe
57108. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-070414-0814-99" target="_blank">BIONET.40A</a> TROJAN!
57109. Source=Paul Collins Startup list
57110.  
57111. [Prodigy DSL]
57112. Number=8109
57113. Confirmed=?
57114. Filename=EnterNetDUN.Exe
57115. Description=Prodigy EnterNet DUN PPPoE Client - <font color="#FF0000">is it required?</font>
57116. Source=Paul Collins Startup list
57117.  
57118. [ProdikeysAutorun]
57119. Number=8110
57120. Confirmed=N
57121. Filename=Prodload.exe
57122. Description=Creative <a href="http://www.prodikeys.com/products/prodikeys/" target=_blank>Prodikeys</a> software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic ôQWERTYö keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"
57123. Source=Paul Collins Startup list
57124.  
57125. [ProDsl]
57126. Number=8111
57127. Confirmed=N
57128. Filename=ProDsl.exe
57129. Description=Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
57130. Source=Paul Collins Startup list
57131.  
57132. [Profile]
57133. Number=8112
57134. Confirmed=X
57135. Filename=Profile.vbs
57136. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99145.htm" target="_blank">WHITEHO</a> VIRUS or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-090709-3833-99" target="_blank">TRAPPY</a> WORM!
57137. Source=Paul Collins Startup list
57138.  
57139. [Profiler]
57140. Number=8113
57141. Confirmed=N
57142. Filename=Profiler.exe
57143. Description=Enables the "Profiler" to be launched from a System Tray icon for <a href="http://www.saitek.com/" target="_blank">Saitek</a>'s game controllers. Available via Start -> Programs
57144. Source=Paul Collins Startup list
57145.  
57146. [profiler]
57147. Number=8114
57148. Confirmed=X
57149. Filename=liteout.exe
57150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasg.html" target= blank>ZAPCHAS-G</a> WORM!
57151. Source=Paul Collins Startup list
57152.  
57153. [profiler]
57154. Number=8115
57155. Confirmed=X
57156. Filename=prof.exe
57157. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasg.html" target= blank>ZAPCHAS-G</a> WORM!
57158. Source=Paul Collins Startup list
57159.  
57160. [Prog]
57161. Number=8116
57162. Confirmed=X
57163. Filename=csrss.exe
57164. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
57165. Source=Paul Collins Startup list
57166.  
57167. [Prog]
57168. Number=8117
57169. Confirmed=X
57170. Filename=lsass.exe
57171. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
57172. Source=Paul Collins Startup list
57173.  
57174. [Program File]
57175. Number=8118
57176. Confirmed=X
57177. Filename=Progmon.exe
57178. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091918-3229-99" target="_blank">PEEPER</a> TROJAN!
57179. Source=Paul Collins Startup list
57180.  
57181. [Program in Windows]
57182. Number=8119
57183. Confirmed=X
57184. Filename=iexplore.exe
57185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System32 folder
57186. Source=Paul Collins Startup list
57187.  
57188. [Program Neighborhood Agent]
57189. Number=8120
57190. Confirmed=U
57191. Filename=pnagent.exe
57192. Description=Citrix <a href="http://www.citrix.com/site/SS/downloads/details.asp?dID=2755&downloadID=13025&pID=186" target=_blank>Program Neighborhood Agent</a>
57193. Source=Paul Collins Startup list
57194.  
57195. [ProgramWindow]
57196. Number=8121
57197. Confirmed=?
57198. Filename=more comp.exe
57199. Description=<font color="#FF0000">??</font>
57200. Source=Paul Collins Startup list
57201.  
57202. [projselector]
57203. Number=8122
57204. Confirmed=N
57205. Filename=projselector.exe
57206. Description=Roxio Project Selector - can be started manually
57207. Source=Paul Collins Startup list
57208.  
57209. [Promon.exe]
57210. Number=8123
57211. Confirmed=N
57212. Filename=promon.exe
57213. Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
57214. Source=Paul Collins Startup list
57215.  
57216. [PromulGate]
57217. Number=8124
57218. Confirmed=X
57219. Filename=PgMonitr.exe
57220. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
57221. Source=Paul Collins Startup list
57222.  
57223. [PRONoMgr.exe]
57224. Number=8125
57225. Confirmed=N
57226. Filename=PRONoMgr.exe
57227. Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
57228. Source=Paul Collins Startup list
57229.  
57230. [PRONoMgrWired]
57231. Number=8126
57232. Confirmed=U
57233. Filename=PRONoMgr.exe
57234. Description=Intel's Pro 100 Ethernet card manager
57235. Source=Paul Collins Startup list
57236.  
57237. [Propel Accelerator]
57238. Number=8127
57239. Confirmed=U
57240. Filename=PropelAC.exe
57241. Description=<a href="http://www.propel.com/" target="_blank">Propel</a> Internet Accelerator
57242. Source=Paul Collins Startup list
57243.  
57244. [ProPort Startup]
57245. Number=8128
57246. Confirmed=U
57247. Filename=ProPort.exe
57248. Description=<a href="http://www.tdupage.com/main.htm" target="_blank">Proport</a> is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving
57249. Source=Paul Collins Startup list
57250.  
57251. [ProSiteFinder]
57252. Number=8129
57253. Confirmed=X
57254. Filename=prositefinder.exe
57255. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
57256. Source=Paul Collins Startup list
57257.  
57258. [Proteτπo de tela]
57259. Number=8130
57260. Confirmed=X
57261. Filename=ssmaze.scr
57262. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfb.html" target=_blank>BANCBAN-FB</a> TROJAN!
57263. Source=Paul Collins Startup list
57264.  
57265. [Protect]
57266. Number=8131
57267. Confirmed=U
57268. Filename=SHVRTF.EXE
57269. Description=<a href="http://www.pcangelle.com/" target=_blank>PC Angel</a> takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry
57270. Source=Paul Collins Startup list
57271.  
57272. [protect]
57273. Number=8132
57274. Confirmed=X
57275. Filename=protect.scr
57276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertq.html" target=_blank>DLOADER-TQ</a> TROJAN!
57277. Source=Paul Collins Startup list
57278.  
57279. [Protected Storage]
57280. Number=8133
57281. Confirmed=X
57282. Filename=RUNDLL32.EXE MSSIGN30.DLL ondll_reg
57283. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
57284. Source=Paul Collins Startup list
57285.  
57286. [Protection]
57287. Number=8134
57288. Confirmed=X
57289. Filename=[path] runtask.exe [path] protection.exe
57290. Description=Added by a variant of the AGENT.3.AU TROJAN!
57291.  
57292. Source=Paul Collins Startup list
57293.  
57294. [Protection]
57295. Number=8135
57296. Confirmed=X
57297. Filename=Protection.exe
57298. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32febelnecka.html" target=_blank>FEBELNECK-A</a> WORM!
57299.  
57300. Source=Paul Collins Startup list
57301.  
57302. [Protection]
57303. Number=8136
57304. Confirmed=X
57305. Filename=Firewall.exe
57306. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
57307. Source=Paul Collins Startup list
57308.  
57309. [Protection]
57310. Number=8137
57311. Confirmed=X
57312. Filename=IExplore .exe
57313. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process as there is a space before the ".exe"
57314. Source=Paul Collins Startup list
57315.  
57316. [Protection]
57317. Number=8138
57318. Confirmed=X
57319. Filename=Norton Internet Security.exe
57320. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
57321. Source=Paul Collins Startup list
57322.  
57323. [ProtocolDiskChk]
57324. Number=8139
57325. Confirmed=X
57326. Filename=ssrms.exe
57327. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorml.html" target=_blank>ML</a> TROJAN!
57328. Source=Paul Collins Startup list
57329.  
57330. [ProtocolDiskChk]
57331. Number=8140
57332. Confirmed=X
57333. Filename=svcvlw32.exe
57334. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxy.html" target="_blank">STINX-Y</a> TROJAN!
57335. Source=Paul Collins Startup list
57336.  
57337. [ProtocolEventTsk]
57338. Number=8141
57339. Confirmed=X
57340. Filename=csrwjd.exe
57341. Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojstinxn.html" target=_blank>STINX-N</a> TROJAN!
57342. Source=Paul Collins Startup list
57343.  
57344. [Provan Security]
57345. Number=8142
57346. Confirmed=X
57347. Filename=psecure.exe
57348. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRV&VSect=P" target=_blank>RBOT.BRV</a> WORM!
57349. Source=Paul Collins Startup list
57350.  
57351. [proxim_orinoco_11abg]
57352. Number=8143
57353. Confirmed=Y
57354. Filename=orinoco.exe
57355. Description=Proxim <a href="http://www.proxim.com/products/cp/pci.html" target="_blank">ORiNOCO</a> 11a/b/g PCI Card wireless configuration utility
57356. Source=Paul Collins Startup list
57357.  
57358. [PROXOMITRON]
57359. Number=8144
57360. Confirmed=N
57361. Filename=PROXOMITRON.EXE
57362. Description=HTML proxy
57363. Source=Paul Collins Startup list
57364.  
57365. [PROXOMITRON]
57366. Number=8145
57367. Confirmed=N
57368. Filename=PROXOM~1.EXE
57369. Description=HTML proxy
57370. Source=Paul Collins Startup list
57371.  
57372. [ProxyWay]
57373. Number=8146
57374. Confirmed=U
57375. Filename=proxyway.exe
57376. Description=<a href="http://www.proxyway.com/www/downloads/" target= blank>ProxyWay</a> anonymous proxy surfing software
57377. Source=Paul Collins Startup list
57378.  
57379. [PRPCMonitor]
57380. Number=8147
57381. Confirmed=U
57382. Filename=PRPCUI.exe
57383. Description=Intel« SpeedStepÖ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%
57384. Source=Paul Collins Startup list
57385.  
57386. [prqtect]
57387. Number=8148
57388. Confirmed=X
57389. Filename=prqtect.exe
57390. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57391. Source=Paul Collins Startup list
57392.  
57393. [prrtect]
57394. Number=8149
57395. Confirmed=X
57396. Filename=prrtect.exe
57397. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57398. Source=Paul Collins Startup list
57399.  
57400. [prstect]
57401. Number=8150
57402. Confirmed=X
57403. Filename=prstect.exe
57404. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57405. Source=Paul Collins Startup list
57406.  
57407. [prtcct]
57408. Number=8151
57409. Confirmed=X
57410. Filename=prtcct.exe
57411. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57412. Source=Paul Collins Startup list
57413.  
57414. [prttect]
57415. Number=8152
57416. Confirmed=X
57417. Filename=prttect.exe
57418. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57419. Source=Paul Collins Startup list
57420.  
57421. [PrU Async Service]
57422. Number=8153
57423. Confirmed=X
57424. Filename=[path to worm]
57425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotug.html" target="_blank">IRCBot-UG</a> WORM!
57426. Source=Paul Collins Startup list
57427.  
57428. [prutcct]
57429. Number=8154
57430. Confirmed=X
57431. Filename=prutcct.exe
57432. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57433. Source=Paul Collins Startup list
57434.  
57435. [prutdct]
57436. Number=8155
57437. Confirmed=X
57438. Filename=prutdct.exe
57439. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57440. Source=Paul Collins Startup list
57441.  
57442. [prutgct]
57443. Number=8156
57444. Confirmed=X
57445. Filename=prutgct.exe
57446. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57447. Source=Paul Collins Startup list
57448.  
57449. [pruthct]
57450. Number=8157
57451. Confirmed=X
57452. Filename=pruthct.exe
57453. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57454. Source=Paul Collins Startup list
57455.  
57456. [prutict]
57457. Number=8158
57458. Confirmed=X
57459. Filename=prutict.exe
57460. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57461. Source=Paul Collins Startup list
57462.  
57463. [prutlct]
57464. Number=8159
57465. Confirmed=X
57466. Filename=prutlct.exe
57467. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57468. Source=Paul Collins Startup list
57469.  
57470. [prutpct]
57471. Number=8160
57472. Confirmed=X
57473. Filename=prutpct.exe
57474. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57475. Source=Paul Collins Startup list
57476.  
57477. [prutsct]
57478. Number=8161
57479. Confirmed=X
57480. Filename=prutsct.exe
57481. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57482. Source=Paul Collins Startup list
57483.  
57484. [prvtect]
57485. Number=8162
57486. Confirmed=X
57487. Filename=prvtect.exe
57488. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57489. Source=Paul Collins Startup list
57490.  
57491. [prxtect]
57492. Number=8163
57493. Confirmed=X
57494. Filename=prxtect.exe
57495. Description=Prutect malware from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-1006-99" target=_blank>e2Give</a> - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!
57496. Source=Paul Collins Startup list
57497.  
57498. [ps1]
57499. Number=8164
57500. Confirmed=X
57501. Filename=ps1.exe
57502. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware
57503. Source=Paul Collins Startup list
57504.  
57505. [PS2]
57506. Number=8165
57507. Confirmed=U
57508. Filename=ps2.exe
57509. Description=Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
57510. Source=Paul Collins Startup list
57511.  
57512. [psaload32]
57513. Number=8166
57514. Confirmed=X
57515. Filename=psaload32.exe
57516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadl.html" target=_blank>RBOT-ADL</a> WORM!
57517. Source=Paul Collins Startup list
57518.  
57519. [PSC main]
57520. Number=8167
57521. Confirmed=X
57522. Filename=sttool32.exe
57523. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.ev&threatid=128937" target="_blank">OBFUSCATED.EV</a> TROJAN!
57524. Source=Paul Collins Startup list
57525.  
57526. [PSCastor]
57527. Number=8168
57528. Confirmed=X
57529. Filename=PSCastor.exe
57530. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100501" target="_blank">PSCastor</a> TROJAN!
57531. Source=Paul Collins Startup list
57532.  
57533. [PSCMain]
57534. Number=8169
57535. Confirmed=X
57536. Filename=pscmain2.exe
57537. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.ev&threatid=128937" target="_blank">OBFUSCATED.EV</a> TROJAN!
57538. Source=Paul Collins Startup list
57539.  
57540. [PSD Tools Channel]
57541. Number=8170
57542. Confirmed=X
57543. Filename=ChannelUp.exe
57544. Description=<a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007" target="_blank">BuddyLinks</a> adware
57545. Source=Paul Collins Startup list
57546.  
57547. [PSDrvCheck]
57548. Number=8171
57549. Confirmed=Y
57550. Filename=PSDrvCheck.exe
57551. Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
57552. Source=Paul Collins Startup list
57553.  
57554. [PService]
57555. Number=8172
57556. Confirmed=X
57557. Filename=svcnow32.exe
57558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdj.html" target= blank>SPYBOT-DJ</a> TROJAN!
57559. Source=Paul Collins Startup list
57560.  
57561. [PSFree]
57562. Number=8173
57563. Confirmed=U
57564. Filename=PSFree.exe
57565. Description=<a href="http://www.panicware.com/product_psfree.html" target="_blank">Pop-Up Stopper Free</a> from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
57566. Source=Paul Collins Startup list
57567.  
57568. [PSGuard]
57569. Number=8174
57570. Confirmed=X
57571. Filename=PSGuard.exe
57572. Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
57573. Source=Paul Collins Startup list
57574.  
57575. [PSGuard spyware remover]
57576. Number=8175
57577. Confirmed=X
57578. Filename=PSGuard.exe
57579. Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
57580. Source=Paul Collins Startup list
57581.  
57582. [pshower]
57583. Number=8176
57584. Confirmed=X
57585. Filename=pshwr.exe
57586. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware variant
57587.  
57588. Source=Paul Collins Startup list
57589.  
57590. [PSIMSVC]
57591. Number=8177
57592. Confirmed=Y
57593. Filename=PSIMSVC.exe
57594. Description=<a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>
57595. Source=Paul Collins Startup list
57596.  
57597. [PSIWin2.3 Connection Server]
57598. Number=8178
57599. Confirmed=N
57600. Filename=Psconsv.exe
57601. Description=Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
57602. Source=Paul Collins Startup list
57603.  
57604. [pskl]
57605. Number=8179
57606. Confirmed=U
57607. Filename=keyspy.exe
57608. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.keyboardlogger.html" target=blank>KeyboardLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
57609.  
57610. Source=Paul Collins Startup list
57611.  
57612. [PSLister]
57613. Number=8180
57614. Confirmed=X
57615. Filename=PSLister.exe
57616. Description=Added by <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099577" target="_blank">PurityScan C</a> adware
57617. Source=Paul Collins Startup list
57618.  
57619. [PsMFCard]
57620. Number=8181
57621. Confirmed=U
57622. Filename=PsMFCard.exe
57623. Description=Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use
57624. Source=Paul Collins Startup list
57625.  
57626. [PSNotify]
57627. Number=8182
57628. Confirmed=Y
57629. Filename=psnotify.exe
57630. Description=<a href="http://www.pharos.com/" target="_blank">Pharos</a> SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"
57631. Source=Paul Collins Startup list
57632.  
57633. [PSof1]
57634. Number=8183
57635. Confirmed=X
57636. Filename=PSof1.exe
57637. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD Media/Pacimedia.com</a> adware installer
57638. Source=Paul Collins Startup list
57639.  
57640. [PSoft1]
57641. Number=8184
57642. Confirmed=X
57643. Filename=psoft1.exe
57644. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target= blank>PacerD Media/Pacimedia.com</a> adware installer
57645. Source=Paul Collins Startup list
57646.  
57647. [PsPCCard]
57648. Number=8185
57649. Confirmed=Y
57650. Filename=PsPCCard.EXE
57651. Description=Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF)
57652. Source=Paul Collins Startup list
57653.  
57654. [PspContr]
57655. Number=8186
57656. Confirmed=U
57657. Filename=pspcontr.exe
57658. Description=Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver
57659. Source=Paul Collins Startup list
57660.  
57661. [PSQLLauncher]
57662. Number=8187
57663. Confirmed=Y
57664. Filename=launcher.exe
57665. Description=IBM <a href="http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=TVAN-EAPFPR" target="_blank">ThinkVantage Fingerprint Software</a>
57666. Source=Paul Collins Startup list
57667.  
57668. [PsSound]
57669. Number=8188
57670. Confirmed=U
57671. Filename=PsSound.exe
57672. Description=On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay
57673. Source=Paul Collins Startup list
57674.  
57675. [pst]
57676. Number=8189
57677. Confirmed=U
57678. Filename=memaker2.exe
57679. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072016-3209-99" target="_blank">SpymodePCSpy</a> surveillance software. Uninstall this software unless you put it there yourself
57680. Source=Paul Collins Startup list
57681.  
57682. [PSTORES]
57683. Number=8190
57684. Confirmed=?
57685. Filename=PSTORES.EXE
57686. Description=<font color="#FF0000">Part of Windows Services Protected Storage?</font>
57687. Source=Paul Collins Startup list
57688.  
57689. [ptfb]
57690. Number=8191
57691. Confirmed=N
57692. Filename=ptfb.exe
57693. Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
57694. Source=Paul Collins Startup list
57695.  
57696. [Ptipbmf]
57697. Number=8192
57698. Confirmed=?
57699. Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
57700. Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller</font>
57701. Source=Paul Collins Startup list
57702.  
57703. [PtiuPbmd]
57704. Number=8193
57705. Confirmed=U
57706. Filename=Rundll32.exe ptipbm.dll, SetWriteBack
57707. Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller
57708.  
57709. Source=Paul Collins Startup list
57710.  
57711. [PTRGMYGK]
57712. Number=8194
57713. Confirmed=X
57714. Filename=rundll32.exe ptmg1v.dll, DllRunMain
57715. Description=Added by an unidentified TROJAN, WORM or other malware!
57716.  
57717. Source=Paul Collins Startup list
57718.  
57719. [ptrun32]
57720. Number=8195
57721. Confirmed=U
57722. Filename=ptrun32.exe
57723. Description=<a href="http://www.parent-tools.com/" target="_blank">Parent Tools</a> for AIM
57724. Source=Paul Collins Startup list
57725.  
57726. [PTRUN32]
57727. Number=8196
57728. Confirmed=U
57729. Filename=ptr32w.exe
57730. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.parenttools.html" target="_blank">ParentTools</a> surveillance software. Uninstall this software unless you put it there yourself
57731. Source=Paul Collins Startup list
57732.  
57733. [Ptsnoop]
57734. Number=8197
57735. Confirmed=N
57736. Filename=Ptsnoop.exe
57737. Description=These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see <a href="http://www.f-secure.com/v-descs/ptsnoop.shtml" target="_blank">here</a> for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's <a href="http://www.karenware.com/" target="_blank"> Snooper</a> - "logs the start and stop time of all programs run under Windows"
57738. Source=Paul Collins Startup list
57739.  
57740. [pttrun]
57741. Number=8198
57742. Confirmed=U
57743. Filename=pttrun.exe
57744. Description=Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"
57745. Source=Paul Collins Startup list
57746.  
57747. [PtUDFApp]
57748. Number=8199
57749. Confirmed=N
57750. Filename=PtUDFApp.exe
57751. Description=Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar
57752. Source=Paul Collins Startup list
57753.  
57754. [PUAC v2.0.7]
57755. Number=8200
57756. Confirmed=U
57757. Filename=Puac.exe
57758. Description=<a href="http://www.puac.net/index.html" target=_blank>"Peter's Ultimate Alarm Clock"</a>
57759. Source=Paul Collins Startup list
57760.  
57761. [Public Microsoft ODBC]
57762. Number=8201
57763. Confirmed=X
57764. Filename=ODBC32*.exe [* = random char]
57765. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MASLAN.D&VSect=T" target=_blank>MASLAN.D</a> WORM!
57766. Source=Paul Collins Startup list
57767.  
57768. [pumcfgp]
57769. Number=8202
57770. Confirmed=U
57771. Filename=proxycfg.exe
57772. Description="GuardWare <a href="http://www.guardwareinc.com/ishield/isaboutus.html" target="_blank">iShield</a> blocks pornographic images when you surf the Internet on your computer using a web browser"
57773. Source=Paul Collins Startup list
57774.  
57775. [Pure Networks Port Magic]
57776. Number=8203
57777. Confirmed=N
57778. Filename=PortAOL.exe
57779. Description=Pure Networks Port Magic, as available in the latest version of the AOL« 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See <a href="http://www.networkmagic.com/product/" target="_blank">here</a>
57780. Source=Paul Collins Startup list
57781.  
57782. [Purgative]
57783. Number=8204
57784. Confirmed=U
57785. Filename=PURGATIVE100.EXE
57786. Description=AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
57787. Source=Paul Collins Startup list
57788.  
57789. [Purgatory]
57790. Number=8205
57791. Confirmed=X
57792. Filename=Purga.exe
57793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32purgoryb.html" target=_blank>PORGORY-B</a> WORM!
57794. Source=Paul Collins Startup list
57795.  
57796. [Push Client]
57797. Number=8206
57798. Confirmed=N
57799. Filename=pull.exe
57800. Description=Client software from <a href="http://www.interwise.com/" target="_blank">Interwise</a> that MS use for their webcasts
57801. Source=Paul Collins Startup list
57802.  
57803. [Push The Freakin' Button]
57804. Number=8207
57805. Confirmed=N
57806. Filename=ptfb.exe
57807. Description=<a href="http://www.bobos.demon.co.uk/par/PTFB.htm" target="_blank">Push the Freakin' Button</a> - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
57808. Source=Paul Collins Startup list
57809.  
57810. [PUSH6599]
57811. Number=8208
57812. Confirmed=N
57813. Filename=PUSH6599.EXE
57814. Description=Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software
57815. Source=Paul Collins Startup list
57816.  
57817. [PutA!!]
57818. Number=8209
57819. Confirmed=X
57820. Filename=PutA!!.exe
57821. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.L" target="_blank">OPASERV.L</a> WORM!
57822. Source=Paul Collins Startup list
57823.  
57824. [PutAS!]
57825. Number=8210
57826. Confirmed=X
57827. Filename=PutA!!.com
57828. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Z" target="_blank">OPASERV.Z</a> WORM!
57829. Source=Paul Collins Startup list
57830.  
57831. [putil]
57832. Number=8211
57833. Confirmed=X
57834. Filename=[filename]
57835. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110315-5340-99" target="_blank">LDPINCH</a> TROJAN!
57836. Source=Paul Collins Startup list
57837.  
57838. [PV92TRAY]
57839. Number=8212
57840. Confirmed=U
57841. Filename=PV92Tray.exe
57842. Description=<a href="http://www.modemsite.com/56k/pctel.asp" target=_blank>PCtel</a> HSP V.92 modem configuration utility
57843. Source=Paul Collins Startup list
57844.  
57845. [PVModule]
57846. Number=8213
57847. Confirmed=X
57848. Filename=pvmodule.exe
57849. Description=Adperform.com/adoptim.com adware, file located in a Program Files\PrintView folder and detected by <a href="http://www.avira.com/" target="_blank">AntiVir</a> antivirus as TR/Dldr.Agent.alb. NOTE: the 'real' <a href="http://www.cbr.com.tr/print_man.htm" target="_blank">PrintView</a> installs in a C:\CBR folder instead!
57850. Source=Paul Collins Startup list
57851.  
57852. [PVR]
57853. Number=8214
57854. Confirmed=N
57855. Filename=PVR.exe
57856. Description=<a href="http://www.xemico.com/pvr/" target="_blank">Pocket Voice Recorder</a> - freeware sound recorder that records from microphone and any other input line available with your sound card
57857. Source=Paul Collins Startup list
57858.  
57859. [PVUnInst1]
57860. Number=8215
57861. Confirmed=U
57862. Filename=PVUnInst1.exe
57863. Description=<a href="http://www.privacyview.com/" target=_blank>Privacy View</a> - privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes
57864. Source=Paul Collins Startup list
57865.  
57866. [Pwr32ctr]
57867. Number=8216
57868. Confirmed=X
57869. Filename=Pwr32ctr.exe
57870. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
57871. Source=Paul Collins Startup list
57872.  
57873. [Pwr32ctrl]
57874. Number=8217
57875. Confirmed=X
57876. Filename=Pwr32ctrl.exe
57877. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
57878. Source=Paul Collins Startup list
57879.  
57880. [Pwr32mgt]
57881. Number=8218
57882. Confirmed=X
57883. Filename=Pwr32mgt.exe
57884. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
57885. Source=Paul Collins Startup list
57886.  
57887. [PWRESET]
57888. Number=8219
57889. Confirmed=U
57890. Filename=pwreset.exe
57891. Description=Related to the Avaya <a href="http://www.avaya.com/gcm/master-usa/en-us/products/offers/ip_softphone01.htm" target="_blank">IP Softphone</a>
57892. Source=Paul Collins Startup list
57893.  
57894. [PWRISOVM.EXE]
57895. Number=8220
57896. Confirmed=N
57897. Filename=PWRISOVM.EXE
57898. Description=<a href="http://www.poweriso.com/" target="_blank">PowerISO</a> - a powerful CD/DVD image file processing tool
57899. Source=Paul Collins Startup list
57900.  
57901. [PWRMGRTR]
57902. Number=8221
57903. Confirmed=Y
57904. Filename=PWRMGRTR.DLL
57905. Description=<a href="http://www.spyany.com/files/PWRMGRTR_dll.html" target=_blank>Power Manager</a> - background monitor module for IBM ThinkPad laptops. Leave it alone to ensure proper power management functions
57906.  
57907. Source=Paul Collins Startup list
57908.  
57909. [Pwrmonit]
57910. Number=8222
57911. Confirmed=Y
57912. Filename=Rundll32 PwrMonit.dll
57913. Description=IBM's proprietary 'battery maximiser' and power monitoring software for laptops
57914. Source=Paul Collins Startup list
57915.  
57916. [Pwroff]
57917. Number=8223
57918. Confirmed=X
57919. Filename=Pwroff.exe
57920. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
57921. Source=Paul Collins Startup list
57922.  
57923. [Pwrsave]
57924. Number=8224
57925. Confirmed=U
57926. Filename=Pwrsave.exe
57927. Description=Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
57928. Source=Paul Collins Startup list
57929.  
57930. [Pwruplogin]
57931. Number=8225
57932. Confirmed=?
57933. Filename=pulogin.exe
57934. Description=<font color="#FF0000">??</font>
57935. Source=Paul Collins Startup list
57936.  
57937. [PwrupTweakMe]
57938. Number=8226
57939. Confirmed=U
57940. Filename=PUPXPTWK.EXE
57941. Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> PowerUp XP is a "tool for fine-tuning your Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options won't work if disabled
57942. Source=Paul Collins Startup list
57943.  
57944. [PWS Tray]
57945. Number=8227
57946. Confirmed=U
57947. Filename=PwsTray.exe
57948. Description=Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs
57949. Source=Paul Collins Startup list
57950.  
57951. [p_981116]
57952. Number=8228
57953. Confirmed=N
57954. Filename=p_981116.exe
57955. Description=Win32 cabinet self extractor. More info <a href="http://groups.google.com/group/microsoft.public.win98.performance/browse_frm/thread/1bb6d199cdad3c95/24366de20a10c5d6?hl=en&rnum=18&prev=/groups%3Fq%3DP_981116.exe%26hl%3Den%26start%3D10%26sa%3DN#24366de20a10c5d6" target="_blank">here</a>
57956. Source=Paul Collins Startup list
57957.  
57958. [Q152404]
57959. Number=8229
57960. Confirmed=N
57961. Filename=wsript.exe Q152404.VBS
57962. Description=Appears to run Scandisk at bootup on NEC PCs
57963. Source=Paul Collins Startup list
57964.  
57965. [q36i36O]
57966. Number=8230
57967. Confirmed=X
57968. Filename=lms2cenu.exe
57969. Description=Added by the SECONDTHOUGHT VIRUS!
57970. Source=Paul Collins Startup list
57971.  
57972. [QAGENT]
57973. Number=8231
57974. Confirmed=N
57975. Filename=qagent.exe
57976. Description=Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet
57977. Source=Paul Collins Startup list
57978.  
57979. [qappsrvc32.exe]
57980. Number=8232
57981. Confirmed=X
57982. Filename=qappsrvc32.exe
57983. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Proxy.Win32.Webber.m
57984. Source=Paul Collins Startup list
57985.  
57986. [QBCD autorun]
57987. Number=8233
57988. Confirmed=N
57989. Filename=autorun.exe
57990. Description=Quick Books CD
57991. Source=Paul Collins Startup list
57992.  
57993. [qbkupdbs]
57994. Number=8234
57995. Confirmed=X
57996. Filename=mqbkup.exe
57997. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122416-1629-99" target="_blank">OPASERV.K</a> WORM!
57998. Source=Paul Collins Startup list
57999.  
58000. [qbotd]
58001. Number=8235
58002. Confirmed=X
58003. Filename=[random filename]
58004. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022317-3413-99" target="_blank">BOTTEN</a> TROJAN!
58005. Source=Paul Collins Startup list
58006.  
58007. [qBrowse]
58008. Number=8236
58009. Confirmed=?
58010. Filename=qbrowse.exe
58011. Description=<font color="#FF0000">??</font>
58012. Source=Paul Collins Startup list
58013.  
58014. [QBRSR]
58015. Number=8237
58016. Confirmed=X
58017. Filename=QuickBrowser.exe
58018. Description=top-banners.com adware
58019. Source=Paul Collins Startup list
58020.  
58021. [Qchex Tray Icon]
58022. Number=8238
58023. Confirmed=U
58024. Filename=Qchex.exe
58025. Description=Related to <a href="http://www.g7ps.com/" target=_blank>G7 Productivity Systems</a> Check Software
58026. Source=Paul Collins Startup list
58027.  
58028. [QCTRAY]
58029. Number=8239
58030. Confirmed=U
58031. Filename=Qctray.exe
58032. Description=System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN
58033. Source=Paul Collins Startup list
58034.  
58035. [QCWLICON]
58036. Number=8240
58037. Confirmed=U
58038. Filename=Qcwlicon.exe
58039. Description=Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off
58040. Source=Paul Collins Startup list
58041.  
58042. [QD FastAndSafe]
58043. Number=8241
58044. Confirmed=N
58045. Filename=QDCSFS.exe
58046. Description=Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually
58047. Source=Paul Collins Startup list
58048.  
58049. [QDM]
58050. Number=8242
58051. Confirmed=U
58052. Filename=QdmStart.exe
58053. Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
58054. Source=Paul Collins Startup list
58055.  
58056. [QDMStart]
58057. Number=8243
58058. Confirmed=U
58059. Filename=QdmStart.exe
58060. Description=QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
58061. Source=Paul Collins Startup list
58062.  
58063. [Qdsafe]
58064. Number=8244
58065. Confirmed=?
58066. Filename=??
58067. Description=<font color="#FF0000">??</font>
58068. Source=Paul Collins Startup list
58069.  
58070. [Qexplo]
58071. Number=8245
58072. Confirmed=?
58073. Filename=Qexplo.exe
58074. Description=<font color="#FF0000">??</font>
58075. Source=Paul Collins Startup list
58076.  
58077. [qgqqft]
58078. Number=8246
58079. Confirmed=X
58080. Filename=[path to Trojan]
58081. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030913-4611-99" target=_blank>RANKY.T</a> TROJAN!
58082. Source=Paul Collins Startup list
58083.  
58084. [QH Live Update Scheduler]
58085. Number=8247
58086. Confirmed=Y
58087. Filename=UPSCHD.EXE
58088. Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus
58089. Source=Paul Collins Startup list
58090.  
58091. [QH Office 2K Check]
58092. Number=8248
58093. Confirmed=Y
58094. Filename=O2KCHECK.EXE
58095. Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus MS Office documents virus checker
58096. Source=Paul Collins Startup list
58097.  
58098. [QlbCtrl]
58099. Number=8249
58100. Confirmed=U
58101. Filename=QlbCtrl.exe
58102. Description=HP <a href="http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&swItem=ob-45287-1&jumpid=reg_R1002_USEN" target="_blank">Quick Launch Buttons</a> control center on their laptops
58103. Source=Paul Collins Startup list
58104.  
58105. [QMusic]
58106. Number=8250
58107. Confirmed=?
58108. Filename=QMAgent.exe
58109. Description=<font color="#FF0000">??</font>
58110. Source=Paul Collins Startup list
58111.  
58112. [QNPlus]
58113. Number=8251
58114. Confirmed=N
58115. Filename=QNPlus.exe
58116. Description=<a href="http://www.conceptworld.com/QNP/default.asp" target="_blank">Quick Notes Plus</a> by Conceptworld - sticky notes tool
58117. Source=Paul Collins Startup list
58118.  
58119. [Qoeloader]
58120. Number=8252
58121. Confirmed=U
58122. Filename=Qoeloader.exe
58123. Description=<a href="http://www.qurb.com/" target="_blank">Qurb 2.0</a> anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs
58124. Source=Paul Collins Startup list
58125.  
58126. [QPService]
58127. Number=8253
58128. Confirmed=U
58129. Filename=QPService.exe
58130. Description=HP <a href="http://h71036.www7.hp.com/hho/cache/303777-0-0-225-121.html?jumpid=reg_R1002_USEN" target=_blank>QuickPlay</a> - "brings your favorite music and movies to life with the touch of a button"
58131.  
58132. Source=Paul Collins Startup list
58133.  
58134. [QQ]
58135. Number=8254
58136. Confirmed=X
58137. Filename=sendmess.exe
58138. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092510-2220-99" target="_blank">SEMES</a> TROJAN!
58139. Source=Paul Collins Startup list
58140.  
58141. [QQ.exe]
58142. Number=8255
58143. Confirmed=X
58144. Filename=QQ.exe
58145. Description=Added by a variant of the <a href="http://en.wikipedia.org/wiki/QQ" target="_blank">SDBOT</a> WORM! Note - this is not the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">Tencent QQ</a> Asian instant messanger program and resides in the Windows folder
58146. Source=Paul Collins Startup list
58147.  
58148. [QQKAV]
58149. Number=8256
58150. Confirmed=X
58151. Filename=scvhsot.exe
58152. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_QQROB.ARQ" target="_blank">QQROB.ARQ</a> WORM!
58153. Source=Paul Collins Startup list
58154.  
58155. [QQServer]
58156. Number=8257
58157. Confirmed=X
58158. Filename=QQ.exe
58159. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdownldran.html" target=_blank>DOWNLDR-AN</a> TROJAN!
58160. Source=Paul Collins Startup list
58161.  
58162. [qservices]
58163. Number=8258
58164. Confirmed=X
58165. Filename=qservice.exe
58166. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprogenta.html" target=_blank>PROGENT-A</a> TROJAN!
58167. Source=Paul Collins Startup list
58168.  
58169. [QSort2000]
58170. Number=8259
58171. Confirmed=N
58172. Filename=QSORT.EXE
58173. Description=Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name"
58174. Source=Paul Collins Startup list
58175.  
58176. [QT4HPOT]
58177. Number=8260
58178. Confirmed=U
58179. Filename=OneTouch.exe
58180. Description=Hewlett Packard One Touch keyboard driver. Required if you use the additional keys
58181. Source=Paul Collins Startup list
58182.  
58183. [QTaskStartup]
58184. Number=8261
58185. Confirmed=U
58186. Filename=qtask.exe
58187. Description=Feature of Quicken.com Brokerage to customize and display <a href="http://www.quicken.com/support/investments/email/help/?desktop.q.howdoi&pop" target="_blank">Desktop Alerts</a> and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature
58188. Source=Paul Collins Startup list
58189.  
58190. [QTime]
58191. Number=8262
58192. Confirmed=X
58193. Filename=nrchk.exe
58194. Description=Premium rate adult content dialler
58195. Source=Paul Collins Startup list
58196.  
58197. [QTSTUB.EXE]
58198. Number=8263
58199. Confirmed=N
58200. Filename=Qtstub.exe
58201. Description=Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders
58202. Source=Paul Collins Startup list
58203.  
58204. [QTSvc]
58205. Number=8264
58206. Confirmed=X
58207. Filename=msocfg.exe
58208. Description=Premium rate adult content dialler
58209. Source=Paul Collins Startup list
58210.  
58211. [QTSvc]
58212. Number=8265
58213. Confirmed=X
58214. Filename=navchk.exe
58215. Description=Premium rate adult content dialler
58216. Source=Paul Collins Startup list
58217.  
58218. [QTSvc]
58219. Number=8266
58220. Confirmed=X
58221. Filename=shman.exe
58222. Description=Premium rate adult content dialler
58223. Source=Paul Collins Startup list
58224.  
58225. [QTSvc]
58226. Number=8267
58227. Confirmed=X
58228. Filename=ssvr.exe
58229. Description=Premium rate adult content dialler
58230. Source=Paul Collins Startup list
58231.  
58232. [qttask]
58233. Number=8268
58234. Confirmed=N
58235. Filename=Qttask.exe
58236. Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
58237. Source=Paul Collins Startup list
58238.  
58239. [QtVprMtx]
58240. Number=8269
58241. Confirmed=U
58242. Filename=QTVPRMTX.EXE
58243. Description=Multimedia keyboard driver from <a href="http://www.dritek.com.tw/Dritek_Eng.htm" target="_blank">Dritek System Inc</a>
58244. Source=Paul Collins Startup list
58245.  
58246. [Quantifier Security]
58247. Number=8270
58248. Confirmed=X
58249. Filename=qsecue.exe
58250. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082215-2821-99" target=_blank>SPYBOT.UOL</a> WORM!
58251. Source=Paul Collins Startup list
58252.  
58253. [QUBCity]
58254. Number=8271
58255. Confirmed=?
58256. Filename=qtp.exe
58257. Description=<font color="#FF0000">??</font>
58258. Source=Paul Collins Startup list
58259.  
58260. [Queensla]
58261. Number=8272
58262. Confirmed=?
58263. Filename=Queensla.exe
58264. Description=<font color="#FF0000">??</font>
58265. Source=Paul Collins Startup list
58266.  
58267. [Quick Controls]
58268. Number=8273
58269. Confirmed=U
58270. Filename=Astrotoolbar.exe
58271. Description=Gateway Astro Screen and Sound Controls tray icon
58272. Source=Paul Collins Startup list
58273.  
58274. [Quick Heal Firewall Pro]
58275. Number=8274
58276. Confirmed=U
58277. Filename=qhfw.exe
58278. Description=<a href="http://www.quickheal.co.in/" target="_blank">Quick Heal</a> Firewall Pro
58279. Source=Paul Collins Startup list
58280.  
58281. [Quick Heal Messenger]
58282. Number=8275
58283. Confirmed=U
58284. Filename=QHM32.EXE
58285. Description=<a href="http://www.quickheal.co.in/public/products/homeuser.asp" target=_blank>Quick Heal</a> Anti-Virus Messenger - keeps you informed about the latest threats, hoaxes etc
58286. Source=Paul Collins Startup list
58287.  
58288. [Quick Heal On-Line Protection]
58289. Number=8276
58290. Confirmed=Y
58291. Filename=Cateye.exe
58292. Description=<a href="http://www.quickheal.com/qh95.htm" target="_blank">Quick Heal</a> - virus scanner
58293. Source=Paul Collins Startup list
58294.  
58295. [Quick Heal Startup Scan]
58296. Number=8277
58297. Confirmed=Y
58298. Filename=QHSTRT32.EXE
58299. Description=<a href="http://www.quickheal.com/qh95.htm" target="_blank">Quick Heal</a> - virus scanner
58300. Source=Paul Collins Startup list
58301.  
58302. [Quick Shelf xx]
58303. Number=8278
58304. Confirmed=N
58305. Filename=qushelfxx.exe
58306. Description=Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99
58307. Source=Paul Collins Startup list
58308.  
58309. [Quick Startup]
58310. Number=8279
58311. Confirmed=Y
58312. Filename=Fquick32.exe
58313. Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
58314. Source=Paul Collins Startup list
58315.  
58316. [Quick Time Task]
58317. Number=8280
58318. Confirmed=N
58319. Filename=qttask.exe
58320. Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
58321. Source=Paul Collins Startup list
58322.  
58323. [Quick View Plus]
58324. Number=8281
58325. Confirmed=N
58326. Filename=QVP32.EXE
58327. Description=Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
58328. Source=Paul Collins Startup list
58329.  
58330. [QuickBooks Delivery Agent]
58331. Number=8282
58332. Confirmed=N
58333. Filename=QBDAGENT.EXE
58334. Description=As far QAGENT but for QuickBooks. Can also have the version number in the name
58335. Source=Paul Collins Startup list
58336.  
58337. [Quickbooks Update Agent]
58338. Number=8283
58339. Confirmed=N
58340. Filename=qbupdate.exe
58341. Description=Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
58342. Source=Paul Collins Startup list
58343.  
58344. [QuickCamPro]
58345. Number=8284
58346. Confirmed=U
58347. Filename=QuickCamPro.exe
58348. Description=System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc
58349. Source=Paul Collins Startup list
58350.  
58351. [quicken]
58352. Number=8285
58353. Confirmed=X
58354. Filename=quicken.exe
58355. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant
58356. Source=Paul Collins Startup list
58357.  
58358. [quicken]
58359. Number=8286
58360. Confirmed=X
58361. Filename=Winrar.exe
58362. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>!
58363. Source=Paul Collins Startup list
58364.  
58365. [quicken]
58366. Number=8287
58367. Confirmed=X
58368. Filename=Waol.exe
58369. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant
58370. Source=Paul Collins Startup list
58371.  
58372. [Quicken Scheduled Updates]
58373. Number=8288
58374. Confirmed=N
58375. Filename=bagent.exe
58376. Description=Quicken background downloading module
58377. Source=Paul Collins Startup list
58378.  
58379. [Quicken Startup]
58380. Number=8289
58381. Confirmed=N
58382. Filename=QWDLLS.EXE
58383. Description=Quicken option to load DLLs at startup
58384. Source=Paul Collins Startup list
58385.  
58386. [QuickenSEMessage]
58387. Number=8290
58388. Confirmed=N
58389. Filename=Qsemsg.exe
58390. Description=Quicken option
58391. Source=Paul Collins Startup list
58392.  
58393. [QuickFinder Scheduler]
58394. Number=8291
58395. Confirmed=N
58396. Filename=QFSCHD100.exe
58397. Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
58398. Source=Paul Collins Startup list
58399.  
58400. [QuickFinder Scheduler]
58401. Number=8292
58402. Confirmed=N
58403. Filename=QFSched.exe
58404. Description=Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
58405. Source=Paul Collins Startup list
58406.  
58407. [QuickLaunchEr]
58408. Number=8293
58409. Confirmed=Y
58410. Filename=QuickLaunchEr.Exe
58411. Description=QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray
58412. Source=Paul Collins Startup list
58413.  
58414. [Quicklink III]
58415. Number=8294
58416. Confirmed=N
58417. Filename=QL.EXE
58418. Description=HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs
58419. Source=Paul Collins Startup list
58420.  
58421. [Quicknote]
58422. Number=8295
58423. Confirmed=N
58424. Filename=quicknote.exe
58425. Description=<a href="http://www.metz-furniere.de/jens/jcmb/quicknen.html" target="_blank">JC&MB Quicknote</a> Virtual Scrapbook
58426. Source=Paul Collins Startup list
58427.  
58428. [QuickPassword]
58429. Number=8296
58430. Confirmed=U
58431. Filename=agquickp.exe
58432. Description=Smart card-based authentication and digital signature client software
58433. Source=Paul Collins Startup list
58434.  
58435. [QuickRes]
58436. Number=8297
58437. Confirmed=N
58438. Filename=QUICKRES.EXE
58439. Description=Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis
58440. Source=Paul Collins Startup list
58441.  
58442. [quickset]
58443. Number=8298
58444. Confirmed=N
58445. Filename=quickset.exe
58446. Description=Dell taskbar icon allowing you to quickly change settings
58447. Source=Paul Collins Startup list
58448.  
58449. [Quicktime]
58450. Number=8299
58451. Confirmed=X
58452. Filename=qttasks.exe
58453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickak.html" target= blank>ADCLICK-AK</a> TROJAN!
58454. Source=Paul Collins Startup list
58455.  
58456. [Quicktime]
58457. Number=8300
58458. Confirmed=X
58459. Filename=shch.exe
58460. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
58461. Source=Paul Collins Startup list
58462.  
58463. [Quicktime Mediaplayer]
58464. Number=8301
58465. Confirmed=X
58466. Filename=winmplyer32.exe
58467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpm.html" target=_blank>RBOT-PM</a> WORM!
58468.  
58469. Source=Paul Collins Startup list
58470.  
58471. [Quicktime Mediaplayr]
58472. Number=8302
58473. Confirmed=X
58474. Filename=wnmplyr.exe
58475. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
58476. Source=Paul Collins Startup list
58477.  
58478. [Quicktime Pro 3.0]
58479. Number=8303
58480. Confirmed=X
58481. Filename=winuodps.exe
58482. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-0859-99" target="_blank">GAOBOT.BH</a> WORM!
58483. Source=Paul Collins Startup list
58484.  
58485. [QuickTime Task]
58486. Number=8304
58487. Confirmed=N
58488. Filename=Qttask.exe
58489. Description=System Tray access to Apple's "Quick Time" viewer from version 5 onwards
58490. Source=Paul Collins Startup list
58491.  
58492. [QuickTime Task]
58493. Number=8305
58494. Confirmed=X
58495. Filename=qttasks.exe
58496. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
58497. Source=Paul Collins Startup list
58498.  
58499. [Quicktime Task]
58500. Number=8306
58501. Confirmed=X
58502. Filename=[random filename]
58503. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-5031-99" target=_blank>Trafficadvance</a> dialer
58504. Source=Paul Collins Startup list
58505.  
58506. [QuickTime Update Completion x]
58507. Number=8307
58508. Confirmed=N
58509. Filename=quicktimeupdatehelper.exe
58510. Description=Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)
58511. Source=Paul Collins Startup list
58512.  
58513. [QuicktimeMngr]
58514. Number=8308
58515. Confirmed=X
58516. Filename=QUICKTIMEMNGR.EXE
58517. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AW" target="_blank">WOOTBOT.AW</a> WORM!
58518. Source=Paul Collins Startup list
58519.  
58520. [QuickTimeUpdate]
58521. Number=8309
58522. Confirmed=X
58523. Filename=QuickUpdate.exe
58524. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosecw.html" target=_blank>BIFROSE-CW</a> TROJAN!
58525. Source=Paul Collins Startup list
58526.  
58527. [Quicktlme]
58528. Number=8310
58529. Confirmed=X
58530. Filename=ru.exe
58531. Description=Adult content dialler
58532. Source=Paul Collins Startup list
58533.  
58534. [QuickTV]
58535. Number=8311
58536. Confirmed=U
58537. Filename=QuickTV.exe
58538. Description=Infra-red remote control driver for the <a href="http://www.aver.com/products/tvtuner_AVerTV_studio.shtml" target="_blank"> AVerTV Studio</a> TV tuner/personal video recoder from AVerMedia. Required if you use the remote control
58539. Source=Paul Collins Startup list
58540.  
58541. [Quickzip]
58542. Number=8312
58543. Confirmed=X
58544. Filename=Ls.exe
58545. Description=MsConnect browser hijacker and dialler
58546. Source=Paul Collins Startup list
58547.  
58548. [QuickZip]
58549. Number=8313
58550. Confirmed=X
58551. Filename=lu.exe
58552. Description=MsConnect browser hijacker and dialler
58553. Source=Paul Collins Startup list
58554.  
58555. [QuikShield]
58556. Number=8314
58557. Confirmed=N
58558. Filename=qkshield.exe
58559. Description=QuikShield popup blocker - reportedly stealth installed, see <a href="http://groups.google.com/groups?num=50&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=quikshield" target="_blank">here</a>
58560. Source=Paul Collins Startup list
58561.  
58562. [QuikSync]
58563. Number=8315
58564. Confirmed=N
58565. Filename=QUIKSYNC.EXE
58566. Description=Used by Iomega drives. Available via Start -> Programs
58567. Source=Paul Collins Startup list
58568.  
58569. [qwe]
58570. Number=8316
58571. Confirmed=X
58572. Filename=qwe.exe
58573. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagef.html" target= blank>LINEAGE-F</a> TROJAN!
58574. Source=Paul Collins Startup list
58575.  
58576. [QWERTY]
58577. Number=8317
58578. Confirmed=?
58579. Filename=qwerty.exe
58580. Description=Possibly adult content related adware
58581. Source=Paul Collins Startup list
58582.  
58583. [qwertybot.exe]
58584. Number=8318
58585. Confirmed=X
58586. Filename=qwertybot.exe
58587. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Agent.alf&threatid=124536" target="_blank">AGENT.ALF</a> TROJAN!
58588. Source=Paul Collins Startup list
58589.  
58590. [QWS3270 Sessions]
58591. Number=8319
58592. Confirmed=U
58593. Filename=sessions.exe
58594. Description=QWS3270 Secure terminal emulation software
58595. Source=Paul Collins Startup list
58596.  
58597. [R]
58598. Number=8320
58599. Confirmed=X
58600. Filename=[path] rundll32.exe msprt.dll
58601. Description=Chinese originated browser hijacker - redirecting to 4199.com
58602. Source=Paul Collins Startup list
58603.  
58604. [RA Server]
58605. Number=8321
58606. Confirmed=X
58607. Filename=Slave.exe
58608. Description=Added by the RA TROJAN!
58609. Source=Paul Collins Startup list
58610.  
58611. [RabbitWannaHome]
58612. Number=8322
58613. Confirmed=X
58614. Filename=rabbit.exe
58615. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012910-3640-99" target="_blank">MIMAIL.S</a> WORM!
58616. Source=Paul Collins Startup list
58617.  
58618. [Rabo Session Monitor]
58619. Number=8323
58620. Confirmed=Y
58621. Filename=RaboSessionMon.exe
58622. Description=Related to <a href="http://www.rabobank.com/" target="_blank">RaboBank</a> electronic banking software
58623. Source=Paul Collins Startup list
58624.  
58625. [RaConfig2500]
58626. Number=8324
58627. Confirmed=N
58628. Filename=RaConfig2500.exe
58629. Description=<a href="http://www.ralinktech.com/home.asp" target=_blank>RaLink</a> wireless LAN configuration utility
58630.  
58631. Source=Paul Collins Startup list
58632.  
58633. [RadarSync]
58634. Number=8325
58635. Confirmed=N
58636. Filename=RadarSync.exe
58637. Description=Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
58638. Source=Paul Collins Startup list
58639.  
58640. [RadBoot]
58641. Number=8326
58642. Confirmed=U
58643. Filename=RadBoot.exe
58644. Description=RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
58645. Source=Paul Collins Startup list
58646.  
58647. [Radio365Agent]
58648. Number=8327
58649. Confirmed=U
58650. Filename=Radio365TrayAgent.exe
58651. Description=<a href="http://www.live365.com/downloads/" target="_blank">Radio365</a> - create playlists and broadcast live straight from your PC!
58652. Source=Paul Collins Startup list
58653.  
58654. [RadioSvr]
58655. Number=8328
58656. Confirmed=U
58657. Filename=RadioSvr.EXE
58658. Description=Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
58659. Source=Paul Collins Startup list
58660.  
58661. [RAID Event Monitor]
58662. Number=8329
58663. Confirmed=U
58664. Filename=iaanotif.exe
58665. Description=IAA Event Monitor User Notification Tool - part of <a href="http://www.intel.com/support/chipsets/iaa/" target="_blank">Intel« Application Accelerator</a> - "a performance software package for desktop PCs using select Intel« chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
58666. Source=Paul Collins Startup list
58667.  
58668. [RaidTool]
58669. Number=8330
58670. Confirmed=U
58671. Filename=raid_tool.exe
58672. Description=VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability
58673.  
58674. Source=Paul Collins Startup list
58675.  
58676. [Rainlendar]
58677. Number=8331
58678. Confirmed=U
58679. Filename=Rainlendar.exe
58680. Description=<a href="http://www.rainlendar.net/" target="_blank">Rainlendar</a> is a customizable calendar that displays the current month
58681. Source=Paul Collins Startup list
58682.  
58683. [Rainlendar2]
58684. Number=8332
58685. Confirmed=U
58686. Filename=Rainlendar2.exe
58687. Description=<a href="http://www.rainlendar.net/" target="_blank">Rainlendar</a> is a customizable calendar that displays the current month
58688. Source=Paul Collins Startup list
58689.  
58690. [RAM Idle Professional]
58691. Number=8333
58692. Confirmed=U
58693. Filename=RAM_XP.exe
58694. Description=<a href="http://www.tweaknow.com/ramidleLE.html" target="_blank">RAM Idle LE</a> - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
58695. Source=Paul Collins Startup list
58696.  
58697. [RAMASST]
58698. Number=8334
58699. Confirmed=U
58700. Filename=RAMASST.exe
58701. Description=Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
58702. Source=Paul Collins Startup list
58703.  
58704. [RamBooster2]
58705. Number=8335
58706. Confirmed=X
58707. Filename=rb.exe
58708. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090212-3727-99" target="_blank">AKAK</a> TROJAN!
58709. Source=Paul Collins Startup list
58710.  
58711. [RAMDef]
58712. Number=8336
58713. Confirmed=U
58714. Filename=ramdef.exe
58715. Description=<a href="http://www.softpedia.com/get/Tweak/Memory-Tweak/RAM-Def-XTreme.shtml" target="_blank">Ram Def Xtreme</a> - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
58716. Source=Paul Collins Startup list
58717.  
58718. [RAMDrive]
58719. Number=8337
58720. Confirmed=U
58721. Filename=RDTask.exe
58722. Description=<a href="http://www.farstone.com/software/virtual-hard-drive.htm" target=_blank>Virtual Hard Drive</a> (Ram Drive) from Farstone - takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive
58723. Source=Paul Collins Startup list
58724.  
58725. [RamIdle]
58726. Number=8338
58727. Confirmed=U
58728. Filename=ramidle.exe
58729. Description=<a href="http://www.tweaknow.com/ramidleLE.html" target="_blank">RAM Idle LE</a> - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
58730. Source=Paul Collins Startup list
58731.  
58732. [RAMpage]
58733. Number=8339
58734. Confirmed=U
58735. Filename=RAMpage.exe
58736. Description=Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
58737. Source=Paul Collins Startup list
58738.  
58739. [Randex virus built for IRBMe]
58740. Number=8340
58741. Confirmed=X
58742. Filename=irbme.exe
58743. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051716-4252-99" target="_blank">RANDEX.RH</a> WORM!
58744. Source=Paul Collins Startup list
58745.  
58746. [random]
58747. Number=8341
58748. Confirmed=X
58749. Filename=random.exe
58750. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderkm.html" target=_blank>DLOADER-KM</a> TROJAN!
58751. Source=Paul Collins Startup list
58752.  
58753. [Random Interface Network]
58754. Number=8342
58755. Confirmed=X
58756. Filename=rst.exe
58757. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotp.html" target="_blank">DELBOT-P</a> WORM!
58758. Source=Paul Collins Startup list
58759.  
58760. [Random Interface Network Manager]
58761. Number=8343
58762. Confirmed=X
58763. Filename=rinsv.exe
58764. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotl.html" target="_blank">DELBOT-L</a> WORM!
58765. Source=Paul Collins Startup list
58766.  
58767. [Random Unique ID]
58768. Number=8344
58769. Confirmed=X
58770. Filename=[worm filename]
58771. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32xrovea.html" target=_blank>XROVE-A</a> WORM!
58772.  
58773. Source=Paul Collins Startup list
58774.  
58775. [RandomWin32]
58776. Number=8345
58777. Confirmed=X
58778. Filename=mgnwin32.exe
58779. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdv.html" target=_blank>SDBOT-DV</a> WORM!
58780. Source=Paul Collins Startup list
58781.  
58782. [rant]
58783. Number=8346
58784. Confirmed=Y
58785. Filename=rant.exe
58786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzb.html" target= blank>RBOT-ZB</a> WORM!
58787. Source=Paul Collins Startup list
58788.  
58789. [RapApp]
58790. Number=8347
58791. Confirmed=Y
58792. Filename=RAPAPP.EXE
58793. Description=Application protection component of <a href="http://blackice.iss.net/product_pc_protection.php" target="_blank">BlackICE PC Protection</a> (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
58794. Source=Paul Collins Startup list
58795.  
58796. [Rapdata]
58797. Number=8348
58798. Confirmed=X
58799. Filename=ravsecs.exe
58800. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassv.html" target=_blank>QQPASS-V</a> TROJAN!
58801. Source=Paul Collins Startup list
58802.  
58803. [Rapdatae]
58804. Number=8349
58805. Confirmed=X
58806. Filename=rabseuser.exe
58807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasss.html" target=_blank>QQPASS-S</a> TROJAN!
58808. Source=Paul Collins Startup list
58809.  
58810. [Rapdatybs]
58811. Number=8350
58812. Confirmed=X
58813. Filename=ravseteyns.exe
58814. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsacp.html" target="_blank">PWS-ACP</a> TROJAN!
58815. Source=Paul Collins Startup list
58816.  
58817. [Rapid Restore]
58818. Number=8351
58819. Confirmed=U
58820. Filename=rrpcsb.exe
58821. Description=<a href="http://www.xpointdirect.com/jp/IBMRRPC/XPRRPC_why.asp" target="_blank">XPoint</a> "Rapid Restore PC" - a "Managed RecoveryÖ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"
58822. Source=Paul Collins Startup list
58823.  
58824. [RapidBlaster]
58825. Number=8352
58826. Confirmed=X
58827. Filename=rb32.exe
58828. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> parasite. Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
58829. Source=Paul Collins Startup list
58830.  
58831. [Raptelnet]
58832. Number=8353
58833. Confirmed=X
58834. Filename=ravspeger.exe
58835. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassaa.html" target=_blank>QQPASS-AA</a> TROJAN!
58836. Source=Paul Collins Startup list
58837.  
58838. [Raptelt]
58839. Number=8354
58840. Confirmed=X
58841. Filename=ravspegtl.exe
58842. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassab.html" target=_blank>QQPASS-AB</a> TROJAN!
58843. Source=Paul Collins Startup list
58844.  
58845. [Raptor Mobile]
58846. Number=8355
58847. Confirmed=Y
58848. Filename=vpnservices.exe
58849. Description=<a href="http://www.symantec.com/" target="_blank">Symantec</a> VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking
58850. Source=Paul Collins Startup list
58851.  
58852. [RasCon Remote Access Service Manager]
58853. Number=8356
58854. Confirmed=X
58855. Filename=rasmngr.exe
58856. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EM&VSect=T" target="_blank">SPYBOT.EM</a> WORM!
58857. Source=Paul Collins Startup list
58858.  
58859. [rasctrs]
58860. Number=8357
58861. Confirmed=X
58862. Filename=rasctrs.exe
58863. Description=Hijacker, also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050218-0540-99" target="_blank">ADWAHECK</a> TROJAN!
58864. Source=Paul Collins Startup list
58865.  
58866. [Rase]
58867. Number=8358
58868. Confirmed=X
58869. Filename=boln.exe
58870. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
58871. Source=Paul Collins Startup list
58872.  
58873. [rasman]
58874. Number=8359
58875. Confirmed=X
58876. Filename=rasman32.exe
58877. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrqgn.html" target="_blank">BCKDR-QGN</a> TROJAN!
58878. Source=Paul Collins Startup list
58879.  
58880. [RasMan.exe]
58881. Number=8360
58882. Confirmed=X
58883. Filename=RasMan.exe
58884. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelh.html" target=_blank>FEUTEL-H</a> TROJAN!
58885. Source=Paul Collins Startup list
58886.  
58887. [rate.exe]
58888. Number=8361
58889. Confirmed=X
58890. Filename=i11r54n4.exe
58891. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022809-3232-99&tabid=1" target="_blank">BEAGLE.E</a> WORM and variants!
58892. Source=Paul Collins Startup list
58893.  
58894. [rate.exe]
58895. Number=8362
58896. Confirmed=X
58897. Filename=********.exe [* = random char]
58898. Description=Unidentified adware
58899.  
58900. Source=Paul Collins Startup list
58901.  
58902. [RAV8Tray]
58903. Number=8363
58904. Confirmed=Y
58905. Filename=ravtray8.exe
58906. Description=<a href="http://www.ravantivirus.com/index.php" target="_blank">RAV</a> anti-virus related
58907. Source=Paul Collins Startup list
58908.  
58909. [RavAv]
58910. Number=8364
58911. Confirmed=X
58912. Filename=RavMon.exe
58913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoordij.html" target="_blank">BDOOR-DIJ</a> TROJAN! Note - this file is located in the %WinDir% directory, and must NOT be confused with the legitimate <a href="http://www.ravantivirus.com/" target="_blank">RAV</a> antivirus file of the same name!
58914. Source=Paul Collins Startup list
58915.  
58916. [RavAv]
58917. Number=8365
58918. Confirmed=X
58919. Filename=RavMonE.exe
58920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rjumpf.html" target="_blank">RJUMPF-F</a> WORM!
58921. Source=Paul Collins Startup list
58922.  
58923. [RavAv]
58924. Number=8366
58925. Confirmed=X
58926. Filename=AdobeR.exe
58927. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RJUMP.D" target="_blank">RJUMP.D</a> WORM!
58928. Source=Paul Collins Startup list
58929.  
58930. [RAVEN_VLZS.EXE]
58931. Number=8367
58932. Confirmed=X
58933. Filename=RAVEN_VLZS.EXE
58934. Description=<a href="http://allentech.net/parasite/DownloadReceiver.html" target="_blank">DownloadReceiver</a> parasite - no longer in existence
58935. Source=Paul Collins Startup list
58936.  
58937. [RavMon]
58938. Number=8368
58939. Confirmed=Y
58940. Filename=RavMon.exe
58941. Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus
58942.  
58943. Source=Paul Collins Startup list
58944.  
58945. [ravshell]
58946. Number=8369
58947. Confirmed=X
58948. Filename=expl0rer.exe
58949. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.MAR" target="_blank">DLOADER.MAR</a> TROJAN!
58950. Source=Paul Collins Startup list
58951.  
58952. [Ravshell]
58953. Number=8370
58954. Confirmed=X
58955. Filename=explore3.exe
58956. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PAKES.HZ" target="_blank">PAKES.HZ</a> TROJAN!
58957. Source=Paul Collins Startup list
58958.  
58959. [Ravshell]
58960. Number=8371
58961. Confirmed=X
58962. Filename=IEXPLORER.EXE
58963. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.URZ" target="_blank">AGENT.URZ</a> TROJAN!
58964. Source=Paul Collins Startup list
58965.  
58966. [Ravshell]
58967. Number=8372
58968. Confirmed=X
58969. Filename=rund1132.exe
58970. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.OKZ" target="_blank">AGENT.OKZ</a> TROJAN!
58971. Source=Paul Collins Startup list
58972.  
58973. [Ravshell]
58974. Number=8373
58975. Confirmed=X
58976. Filename=svch0st.exe
58977. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NSPM.PU" target="_blank">NSPM.PU</a> TROJAN!
58978. Source=Paul Collins Startup list
58979.  
58980. [ravtask]
58981. Number=8374
58982. Confirmed=X
58983. Filename=rund1132.exe
58984. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.IYT" target="_blank">DLOADER.IYT</a> TROJAN!
58985. Source=Paul Collins Startup list
58986.  
58987. [ravtask]
58988. Number=8375
58989. Confirmed=X
58990. Filename=svch0st.exe
58991. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagain.html" target="_blank">LINEAG-AIN</a> TROJAN!
58992. Source=Paul Collins Startup list
58993.  
58994. [RavTime]
58995. Number=8376
58996. Confirmed=X
58997. Filename=Mstray.exe
58998. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WUKILL.A" target="_blank">WUKILL.A</a> WORM!
58999. Source=Paul Collins Startup list
59000.  
59001. [RavTimer]
59002. Number=8377
59003. Confirmed=X
59004. Filename=RavTimer.exe
59005. Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus
59006.  
59007. Source=Paul Collins Startup list
59008.  
59009. [RavTimer]
59010. Number=8378
59011. Confirmed=X
59012. Filename=explores.exe
59013. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhomeya.html" target=_blank>HOMEY-A</a> TROJAN!
59014. Source=Paul Collins Startup list
59015.  
59016. [RavTimeXP]
59017. Number=8379
59018. Confirmed=X
59019. Filename=[worm filename]
59020. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110607-0328-99" target="_blank">WULLIK.B</a> WORM!
59021. Source=Paul Collins Startup list
59022.  
59023. [RavTimeXP]
59024. Number=8380
59025. Confirmed=X
59026. Filename=Virus
59027. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
59028. Source=Paul Collins Startup list
59029.  
59030. [RavTimXP]
59031. Number=8381
59032. Confirmed=X
59033. Filename=[worm filename]
59034. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110607-0328-99" target="_blank">WULLIK.B</a> WORM!
59035. Source=Paul Collins Startup list
59036.  
59037. [RavUptets]
59038. Number=8382
59039. Confirmed=X
59040. Filename=agetlke.exe
59041. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassak.html" target=_blank>QQPASS-AK</a> TROJAN!
59042. Source=Paul Collins Startup list
59043.  
59044. [RavUptkt]
59045. Number=8383
59046. Confirmed=X
59047. Filename=agetlktz.exe
59048. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassaj.html" target=_blank>QQPASS-AJ</a> TROJAN!
59049. Source=Paul Collins Startup list
59050.  
59051. [RavUptpe]
59052. Number=8384
59053. Confirmed=X
59054. Filename=ravsesur.exe
59055. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasst.html" target=_blank>QQPASS-T</a> TROJAN!
59056. Source=Paul Collins Startup list
59057.  
59058. [rav_temp.exe]
59059. Number=8385
59060. Confirmed=?
59061. Filename=rav_temp.exe
59062. Description=<font color="#FF0000">??</font>
59063. Source=Paul Collins Startup list
59064.  
59065. [RAX SYSTEM]
59066. Number=8386
59067. Confirmed=X
59068. Filename=scrigz.exe
59069. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.KR&VSect=P" target=_blank>MYTOB.KR</a> WORM!
59070. Source=Paul Collins Startup list
59071.  
59072. [Ray Process Killer]
59073. Number=8387
59074. Confirmed=N
59075. Filename=Prkill.exe
59076. Description=<a href="http://www.delphi32.com/vcl/4248/" target="_blank">Ray Process Killer</a> - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead
59077. Source=Paul Collins Startup list
59078.  
59079. [razer]
59080. Number=8388
59081. Confirmed=U
59082. Filename=razerhid.exe
59083. Description=<a href="http://www.razerzone.com/" target=_blank>Razer</a> mouse driver
59084.  
59085. Source=Paul Collins Startup list
59086.  
59087. [rb32 lptt01]
59088. Number=8389
59089. Confirmed=X
59090. Filename=rb32.exe
59091. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
59092. Source=Paul Collins Startup list
59093.  
59094. [rb32 ml097e]
59095. Number=8390
59096. Confirmed=X
59097. Filename=rb32.exe
59098. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
59099. Source=Paul Collins Startup list
59100.  
59101. [rbenh ml***e]
59102. Number=8391
59103. Confirmed=X
59104. Filename=rbenh.exe
59105. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
59106. Source=Paul Collins Startup list
59107.  
59108. [RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server]
59109. Number=8392
59110. Confirmed=X
59111. Filename=glossary.exe
59112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotj.html" target="_blank">VANEBOT-J</a> WORM!
59113. Source=Paul Collins Startup list
59114.  
59115. [Rcf Driver]
59116. Number=8393
59117. Confirmed=X
59118. Filename=rcf.exe
59119. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092715-5310-99" target="_blank">RANDEX.BLD</a> WORM!
59120. Source=Paul Collins Startup list
59121.  
59122. [rCron]
59123. Number=8394
59124. Confirmed=X
59125. Filename=rcron.exe
59126. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchb.html" target=_blank>"Switch"</a> adult content dialler
59127. Source=Paul Collins Startup list
59128.  
59129. [rCron]
59130. Number=8395
59131. Confirmed=X
59132. Filename=dservice.exe
59133. Description=Switch  premium rate adult content dialer
59134. Source=Paul Collins Startup list
59135.  
59136. [RCScheduleCheck]
59137. Number=8396
59138. Confirmed=U
59139. Filename=RCSCHED.EXE
59140. Description=Scheduler for VCOM's <a href="http://www.v-com.com/product/Recovery_Commander_Home.html" target="_blank">Recovery Commander</a> - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
59141. Source=Paul Collins Startup list
59142.  
59143. [RCSync]
59144. Number=8397
59145. Confirmed=X
59146. Filename=RCSync.exe
59147. Description=PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
59148. Source=Paul Collins Startup list
59149.  
59150. [RCSystem]
59151. Number=8398
59152. Confirmed=U
59153. Filename=DLLML.exe RCSystem
59154. Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
59155. Source=Paul Collins Startup list
59156.  
59157. [RDClient]
59158. Number=8399
59159. Confirmed=U
59160. Filename=RDCLIENT.EXE
59161. Description=<a href="http://www.twiga.ltd.uk/rdu.asp" target="_blank">Remote Disconnection Utility</a> from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
59162. Source=Paul Collins Startup list
59163.  
59164. [RDLL]
59165. Number=8400
59166. Confirmed=X
59167. Filename=RunDll16.exe
59168. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040116-1651-99" target="_blank">SDBOT.F</a> TROJAN!
59169. Source=Paul Collins Startup list
59170.  
59171. [rdvs]
59172. Number=8401
59173. Confirmed=X
59174. Filename=[worm filename]
59175. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&VSect=T" target="_blank"> ULTIMAX</a> WORM!
59176. Source=Paul Collins Startup list
59177.  
59178. [Reactor3]
59179. Number=8402
59180. Confirmed=X
59181. Filename=[random name]32.exe
59182. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
59183. Source=Paul Collins Startup list
59184.  
59185. [Reactor5]
59186. Number=8403
59187. Confirmed=X
59188. Filename=[random name]32.exe
59189. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110911-3939-99" target=_blank>BOFRA.D</a> WORM!
59190. Source=Paul Collins Startup list
59191.  
59192. [Reactor6]
59193. Number=8404
59194. Confirmed=X
59195. Filename=[random name]32.exe
59196. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111113-3948-99" target=_blank>BOFRA.C</a> WORM!
59197. Source=Paul Collins Startup list
59198.  
59199. [Reactor7]
59200. Number=8405
59201. Confirmed=X
59202. Filename=[random name]32.exe
59203. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111015-1646-99" target=_blank>BOFRA.B</a> WORM!
59204. Source=Paul Collins Startup list
59205.  
59206. [Reactor8]
59207. Number=8406
59208. Confirmed=X
59209. Filename=[random name]32.exe
59210. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111213-5143-99" target=_blank>BOFRA.E</a> WORM!
59211. Source=Paul Collins Startup list
59212.  
59213. [Reactor9]
59214. Number=8407
59215. Confirmed=X
59216. Filename=[random name]32.exe
59217. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111213-5143-99" target=_blank>BOFRA.E</a> WORM!
59218. Source=Paul Collins Startup list
59219.  
59220. [readdb40]
59221. Number=8408
59222. Confirmed=X
59223. Filename=rundll32.exe [path] readdb40.dll, EnableRunDLL32
59224. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
59225. Source=Paul Collins Startup list
59226.  
59227. [REAL]
59228. Number=8409
59229. Confirmed=N
59230. Filename=realjbox.exe
59231. Description=<a href="http://www.real.com/" target=_blank>Real</a> Jukebox - MP3 and music files player
59232.  
59233. Source=Paul Collins Startup list
59234.  
59235. [Real Internet Player]
59236. Number=8410
59237. Confirmed=X
59238. Filename=Reaiplay.exe
59239. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
59240. Source=Paul Collins Startup list
59241.  
59242. [Real player updater]
59243. Number=8411
59244. Confirmed=X
59245. Filename=realupd.exe
59246. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> TROJAN!
59247. Source=Paul Collins Startup list
59248.  
59249. [real scheduler.hta]
59250. Number=8412
59251. Confirmed=X
59252. Filename=RealAudio.exe
59253. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-2849-99" target=_blank>CEEGAR</a> TROJAN! Note - this is not associated with the popular <a href="http://www.real.com/" target=_blank>RealPlayer</a> media player
59254. Source=Paul Collins Startup list
59255.  
59256. [Real Spy Monitor]
59257. Number=8413
59258. Confirmed=U
59259. Filename=Winrsm.exe
59260. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112917-4626-99" target= blank>Realspy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
59261. Source=Paul Collins Startup list
59262.  
59263. [Real Statics Agent]
59264. Number=8414
59265. Confirmed=X
59266. Filename=ccreal.exe
59267. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
59268. Source=Paul Collins Startup list
59269.  
59270. [Real-Tens]
59271. Number=8415
59272. Confirmed=X
59273. Filename=Real-Tens.exe
59274. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
59275. Source=Paul Collins Startup list
59276.  
59277. [RealAudio]
59278. Number=8416
59279. Confirmed=X
59280. Filename=RealAudio.exe
59281. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102612-2849-99" target=_blank>CEEGAR</a> TROJAN! Note - this is not associated with the popular <a href="http://www.real.com/" target=_blank>RealPlayer</a> media player
59282. Source=Paul Collins Startup list
59283.  
59284. [Realaudio Player]
59285. Number=8417
59286. Confirmed=X
59287. Filename=realaudio32.exe
59288. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AFR" target="_blank">AGOBOT.AFR</a> WORM!
59289. Source=Paul Collins Startup list
59290.  
59291. [RealDownload]
59292. Number=8418
59293. Confirmed=N
59294. Filename=RealPlay.exe
59295. Description=Download manager. Available via Start -> Programs
59296. Source=Paul Collins Startup list
59297.  
59298. [RealDownload Express]
59299. Number=8419
59300. Confirmed=X
59301. Filename=npnzdad.exe
59302. Description=Advertising spyware
59303. Source=Paul Collins Startup list
59304.  
59305. [Reality Fusion GameCam SE]
59306. Number=8420
59307. Confirmed=N
59308. Filename=RFTRay.exe
59309. Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
59310. Source=Paul Collins Startup list
59311.  
59312. [RealJukeboxSystray]
59313. Number=8421
59314. Confirmed=N
59315. Filename=tsystray.exe
59316. Description=System Tray icon for RealJukebox
59317. Source=Paul Collins Startup list
59318.  
59319. [realone_nt2003]
59320. Number=8422
59321. Confirmed=X
59322. Filename=moniker.exe
59323. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092114-4655-99" target="_blank">SNONE.A</a> WORM!
59324. Source=Paul Collins Startup list
59325.  
59326. [RealP1ayer]
59327. Number=8423
59328. Confirmed=X
59329. Filename=[path to file]
59330. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021416-2835-99" target=_blank>RPLAY.A</a> TROJAN! Note that the name has a number "1" in place of the second lower case "L"
59331. Source=Paul Collins Startup list
59332.  
59333. [realplay]
59334. Number=8424
59335. Confirmed=N
59336. Filename=realplay.exe
59337. Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
59338. Source=Paul Collins Startup list
59339.  
59340. [realplay lptt01]
59341. Number=8425
59342. Confirmed=X
59343. Filename=realplay.exe
59344. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not RealPlayer which can have the same executable name
59345. Source=Paul Collins Startup list
59346.  
59347. [realplay ml097e]
59348. Number=8426
59349. Confirmed=X
59350. Filename=realplay.exe
59351. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not RealPlayer which can have the same executable name
59352. Source=Paul Collins Startup list
59353.  
59354. [RealPlayer Ath Check]
59355. Number=8427
59356. Confirmed=X
59357. Filename=rnathchk.exe
59358. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041009-4908-99" target=_blank>MYTOB.AG</a> WORM!
59359. Source=Paul Collins Startup list
59360.  
59361. [Realplayer Codec Support]
59362. Number=8428
59363. Confirmed=X
59364. Filename=realsched.exe
59365. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaad.html" target= blank>AGOBOT-AAD</a> WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
59366. Source=Paul Collins Startup list
59367.  
59368. [Realplayer One]
59369. Number=8429
59370. Confirmed=X
59371. Filename=realplay.exe
59372. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnk.html" target=_blank>RBOT-NK</a> WORM!
59373.  
59374. Source=Paul Collins Startup list
59375.  
59376. [Realplayer.exe]
59377. Number=8430
59378. Confirmed=X
59379. Filename=Realplayer.exe
59380. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.CNV" target="_blank">DELF.CNV</a> TROJAN!
59381. Source=Paul Collins Startup list
59382.  
59383. [RealPlayer2]
59384. Number=8431
59385. Confirmed=N
59386. Filename=MsgCenterExe
59387. Description=RealNetworks <a href="http://www.real.com/" target=_blank>RealPlayer</a> related - disabling this application will not affect Real Player in any way
59388. Source=Paul Collins Startup list
59389.  
59390. [RealPlayerUpdater]
59391. Number=8432
59392. Confirmed=X
59393. Filename=realupd32.exe
59394. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavt.html" target=_blank>LOHAV-T</a> TROJAN!
59395. Source=Paul Collins Startup list
59396.  
59397. [Realpopup]
59398. Number=8433
59399. Confirmed=?
59400. Filename=Realpopup.exe
59401. Description=<a href="http://www.realpopup.it/" target="_blank">RealPopup</a> - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"
59402. Source=Paul Collins Startup list
59403.  
59404. [Realsched]
59405. Number=8434
59406. Confirmed=N
59407. Filename=realsched.exe
59408. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
59409. Source=Paul Collins Startup list
59410.  
59411. [RealSPEED]
59412. Number=8435
59413. Confirmed=U
59414. Filename=RealSPEED.Exe
59415. Description=<a href="http://www.semsoftware.com/" target=_blank>RealSPEED</a> - tweaking utility to speed-up your internet connection
59416.  
59417. Source=Paul Collins Startup list
59418.  
59419. [Realtime Audio Engine]
59420. Number=8436
59421. Confirmed=U
59422. Filename=mmrtkrnl.exe
59423. Description=Associated with ALCATech <a href="http://www.alcatech.com/html/rebuild.php?src=products_pro.html" target=_blank>BPM Studio</a>
59424. Source=Paul Collins Startup list
59425.  
59426. [Realtime Monitor]
59427. Number=8437
59428. Confirmed=Y
59429. Filename=realmon.exe
59430. Description=Realtime scanner part of <a href="http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f" target="_blank">eTrust Antivirus/InoculateIT</a> version 6 virus scanners from Computer Associates
59431. Source=Paul Collins Startup list
59432.  
59433. [RealTimeUpdate]
59434. Number=8438
59435. Confirmed=?
59436. Filename=RealTimeUpdate.exe
59437. Description=<font color="#FF0000">Product description in properties is "InternetExplorerCommunicationAgent Module" ?</font>
59438. Source=Paul Collins Startup list
59439.  
59440. [realtpsk]
59441. Number=8439
59442. Confirmed=X
59443. Filename=realsched.exe
59444. Description=Chinese originated adware - detected by <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda</a> antivirus as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
59445. Source=Paul Collins Startup list
59446.  
59447. [RealTray]
59448. Number=8440
59449. Confirmed=N
59450. Filename=RealPlay.exe
59451. Description=System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
59452. Source=Paul Collins Startup list
59453.  
59454. [RealUpdater]
59455. Number=8441
59456. Confirmed=X
59457. Filename=realupd.exe
59458. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100830.htm" target="_blank">PARLAY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041318-1322-99" target="_blank">MITGLIEDER.I</a> TROJANS!
59459. Source=Paul Collins Startup list
59460.  
59461. [RebateNation0]
59462. Number=8442
59463. Confirmed=X
59464. Filename=RebateNation0.exe
59465. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TopRebates.RebateNation&threatid=39730" target=_blank>RebateNation</a> adware
59466. Source=Paul Collins Startup list
59467.  
59468. [Reboot]
59469. Number=8443
59470. Confirmed=N
59471. Filename=Reboot.exe
59472. Description=MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
59473. Source=Paul Collins Startup list
59474.  
59475. [Recguard]
59476. Number=8444
59477. Confirmed=Y
59478. Filename=recguard.exe
59479. Description=On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
59480. Source=Paul Collins Startup list
59481.  
59482. [Reclip]
59483. Number=8445
59484. Confirmed=N
59485. Filename=reclip.exe
59486. Description=<a href="http://lockettefamily.com/reclip.htm" target="_blank">Reclip Popup Clipboard</a> manager
59487. Source=Paul Collins Startup list
59488.  
59489. [Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
59490. Number=8446
59491. Confirmed=X
59492. Filename=RH.DLL
59493. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074758" target="_blank">SmartPops</a> search hijacker
59494.  
59495. Source=Paul Collins Startup list
59496.  
59497. [Recover]
59498. Number=8447
59499. Confirmed=N
59500. Filename=N/A
59501. Description=Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
59502. Source=Paul Collins Startup list
59503.  
59504. [recover.bmp.exe]
59505. Number=8448
59506. Confirmed=X
59507. Filename=Rundll.exe
59508. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojanaftp01.html" target=_blank>ANAFTP-01</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
59509. Source=Paul Collins Startup list
59510.  
59511. [RecoverFromReboo]
59512. Number=8449
59513. Confirmed=N
59514. Filename=RECOVE~1.EXE
59515. Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
59516. Source=Paul Collins Startup list
59517.  
59518. [RecoverFromReboo]
59519. Number=8450
59520. Confirmed=N
59521. Filename=RecoverFromReboot.exe
59522. Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
59523. Source=Paul Collins Startup list
59524.  
59525. [RecoverFromReboot]
59526. Number=8451
59527. Confirmed=N
59528. Filename=RECOVE~1.EXE
59529. Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
59530. Source=Paul Collins Startup list
59531.  
59532. [RecoverFromReboot]
59533. Number=8452
59534. Confirmed=N
59535. Filename=RecoverFromReboot.exe
59536. Description=Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry
59537. Source=Paul Collins Startup list
59538.  
59539. [Recoveru system]
59540. Number=8453
59541. Confirmed=X
59542. Filename=svchast.exe
59543. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageav.html" target="_blank">LINEAGE-AV</a> TROJAN!
59544. Source=Paul Collins Startup list
59545.  
59546. [Recoveru systems]
59547. Number=8454
59548. Confirmed=X
59549. Filename=svchost.exe
59550. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in the "temp" folder
59551. Source=Paul Collins Startup list
59552.  
59553. [RecShe]
59554. Number=8455
59555. Confirmed=N
59556. Filename=RecSche.exe
59557. Description=Recording scheduler for WatchTV Capture Card (TV Tuner card)
59558. Source=Paul Collins Startup list
59559.  
59560. [Recycle Bin Handler]
59561. Number=8456
59562. Confirmed=X
59563. Filename=recycler.exe
59564. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshuckbota.html" target= blank>SHUCKBOT-A</a> TROJAN!
59565. Source=Paul Collins Startup list
59566.  
59567. [Recycle Bin Handler 2005]
59568. Number=8457
59569. Confirmed=X
59570. Filename=system.exe
59571. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorho.html" target= blank>HO</a> TROJAN!
59572. Source=Paul Collins Startup list
59573.  
59574. [RecycleSTR]
59575. Number=8458
59576. Confirmed=X
59577. Filename=msreg32.exe
59578. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottc.html" target=_blank>RBOT-TC</a> WORM!
59579. Source=Paul Collins Startup list
59580.  
59581. [Red Flag]
59582. Number=8459
59583. Confirmed=N
59584. Filename=redflag.exe
59585. Description=PMS prediction program with modes for guys and girls - no longer available
59586. Source=Paul Collins Startup list
59587.  
59588. [Red Swoosh EDN Client]
59589. Number=8460
59590. Confirmed=U
59591. Filename=RSEDNClient.exe
59592. Description=<a href="http://www.redswoosh.net/learn_more_overview.php" target="_blank">Red Swoosh</a> - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently via P2P. Note from the <a href="http://install.redswoosh.com/faq.html#EULA" target="_blank">license agreement</a> they automatically update the software, can download other published content that it feels may interest you without your knowledge and share non-personally identifiable information with others in the network - but you must agree to this when installing the software
59593. Source=Paul Collins Startup list
59594.  
59595. [redirect]
59596. Number=8461
59597. Confirmed=X
59598. Filename=redirect*.exe
59599. Description=Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
59600. Source=Paul Collins Startup list
59601.  
59602. [Redline Taskbar]
59603. Number=8462
59604. Confirmed=N
59605. Filename=taskbar.exe
59606. Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
59607. Source=Paul Collins Startup list
59608.  
59609. [REEGRUN]
59610. Number=8463
59611. Confirmed=X
59612. Filename=[path to file]
59613. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI" target=_blank>SECDROP.AI</a> TROJAN
59614.  
59615. Source=Paul Collins Startup list
59616.  
59617. [Reek 32 Server]
59618. Number=8464
59619. Confirmed=X
59620. Filename=reek32.exe
59621. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AL" target="_blank">RANDEX.AL</a> WORM!
59622. Source=Paul Collins Startup list
59623.  
59624. [Referee]
59625. Number=8465
59626. Confirmed=U
59627. Filename=referee.exe
59628. Description=<a href="http://www.mc1soft.com/" target="_blank">MediaComm's</a> monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
59629. Source=Paul Collins Startup list
59630.  
59631. [Refresh]
59632. Number=8466
59633. Confirmed=N
59634. Filename=Refresh.exe
59635. Description=(Iomega) Refresh - loads the Iomega desktop icons at startup
59636. Source=Paul Collins Startup list
59637.  
59638. [Reg]
59639. Number=8467
59640. Confirmed=X
59641. Filename=Reg.hta
59642. Description=<a href="https://www3.cai.com/securityadvisor/virusinfo/virus.aspx?ID=9065" target="_blank">Passon</a> homepage hi-jacker
59643. Source=Paul Collins Startup list
59644.  
59645. [Reg Check]
59646. Number=8468
59647. Confirmed=?
59648. Filename=lpt.exe
59649. Description=Related to <a href="http://www.supanet.com/" target=_blank>Supanet</a> ISP software - <font color="#FF0000">what does it do and is it required?</font>
59650. Source=Paul Collins Startup list
59651.  
59652. [reg run]
59653. Number=8469
59654. Confirmed=X
59655. Filename=Systen.exe
59656. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbs.html" target= blank>BANCOS-BS</a> TROJAN!
59657. Source=Paul Collins Startup list
59658.  
59659. [Reg Service]
59660. Number=8470
59661. Confirmed=X
59662. Filename=winsy.exe
59663. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
59664. Source=Paul Collins Startup list
59665.  
59666. [Reg Service]
59667. Number=8471
59668. Confirmed=X
59669. Filename=winslogon.exe
59670. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsc.html" target= blank>AGOBOT-SC</a> WORM!
59671. Source=Paul Collins Startup list
59672.  
59673. [Reg Service]
59674. Number=8472
59675. Confirmed=X
59676. Filename=ipcfg.exe
59677. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotso.html" target=_blank>AGOBOT-SO</a> WORM!
59678. Source=Paul Collins Startup list
59679.  
59680. [Reg Service]
59681. Number=8473
59682. Confirmed=X
59683. Filename=REGSRV32.EXE
59684. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZW&VSect=P" target=_blank>RBOT.ZW</a> WORM!
59685. Source=Paul Collins Startup list
59686.  
59687. [Reg Service]
59688. Number=8474
59689. Confirmed=X
59690. Filename=WinnConfig.exe
59691. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpf.html" target=_blank>AGOBOT-PF</a> WORM!
59692. Source=Paul Collins Startup list
59693.  
59694. [Reg Service]
59695. Number=8475
59696. Confirmed=X
59697. Filename=NT32.exe
59698. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGOBOT.G" target="_blank">AGOBOT.G</a> TROJAN!
59699. Source=Paul Collins Startup list
59700.  
59701. [Reg Services]
59702. Number=8476
59703. Confirmed=X
59704. Filename=Winboot32.exe
59705. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PB" target="_blank">RBOT.PB</a> WORM!
59706. Source=Paul Collins Startup list
59707.  
59708. [reg1.reg]
59709. Number=8477
59710. Confirmed=X
59711. Filename=vuamgard.exe
59712. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>IRC.BOT</a> TROJAN!
59713. Source=Paul Collins Startup list
59714.  
59715. [reg2.0]
59716. Number=8478
59717. Confirmed=U
59718. Filename=SVCH0ST.EXE
59719. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071517-0422-99" target="_blank">eSpyNow</a> surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase "o"
59720. Source=Paul Collins Startup list
59721.  
59722. [Reg32]
59723. Number=8479
59724. Confirmed=X
59725. Filename=Reg32.exe
59726. Description=Hijacker - redirecting to only-virgins.com
59727. Source=Paul Collins Startup list
59728.  
59729. [reg32]
59730. Number=8480
59731. Confirmed=X
59732. Filename=reg32.exe
59733. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032416-4744-99" target="_blank">NOUPDATE.B</a> TROJAN!
59734. Source=Paul Collins Startup list
59735.  
59736. [Reg32]
59737. Number=8481
59738. Confirmed=X
59739. Filename=reg33.exe
59740. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpam.html" target= blank>STARTPA-M</a> TROJAN!
59741. Source=Paul Collins Startup list
59742.  
59743. [Regcheck]
59744. Number=8482
59745. Confirmed=X
59746. Filename=~CAB001.EXE
59747. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A" target="_blank">CYBRSPY.13A</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13B" target="_blank">CYBRSPY.13B</a> TROJANS!
59748. Source=Paul Collins Startup list
59749.  
59750. [regcheck]
59751. Number=8483
59752. Confirmed=X
59753. Filename=[path to file]
59754. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-5101-99" target= blank>SERVPAM</a> TROJAN!
59755. Source=Paul Collins Startup list
59756.  
59757. [RegCleaner]
59758. Number=8484
59759. Confirmed=X
59760. Filename=SYSio32.exe
59761. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - do not confuse this with the popular RegCleaner registry cleaner freeware
59762. Source=Paul Collins Startup list
59763.  
59764. [RegCompres]
59765. Number=8485
59766. Confirmed=X
59767. Filename=Regcpm32.exe
59768. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012015-4719-99" target="_blank">POLDO.B</a> TROJAN!
59769. Source=Paul Collins Startup list
59770.  
59771. [RegCompres]
59772. Number=8486
59773. Confirmed=X
59774. Filename=REGCPM32.EXE
59775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdasmine.html" target=_blank>DASMIN-E</a> TROJAN!
59776.  
59777. Source=Paul Collins Startup list
59778.  
59779. [Regcxdinaf]
59780. Number=8487
59781. Confirmed=X
59782. Filename=REGCXDINAF.EXE
59783. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbw.html" target= blank>BANCOS-BW</a> TROJAN!
59784. Source=Paul Collins Startup list
59785.  
59786. [Regcxn]
59787. Number=8488
59788. Confirmed=X
59789. Filename=Regcxn.exe
59790. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcoiboad.html" target=_blank>COIBOA-D</a> TROJAN!
59791.  
59792. Source=Paul Collins Startup list
59793.  
59794. [regdefend]
59795. Number=8489
59796. Confirmed=U
59797. Filename=regdefend.exe
59798. Description="<a href="http://www.ghostsecurity.com/index.php?page=regdefend" target=_blank>RegDefend</a> is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"
59799. Source=Paul Collins Startup list
59800.  
59801. [RegDone]
59802. Number=8490
59803. Confirmed=X
59804. Filename=services.exe
59805. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
59806. Source=Paul Collins Startup list
59807.  
59808. [RegDone]
59809. Number=8491
59810. Confirmed=X
59811. Filename=winlogon.exe
59812. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
59813. Source=Paul Collins Startup list
59814.  
59815. [RegDone Ex]
59816. Number=8492
59817. Confirmed=X
59818. Filename=csrss.exe
59819. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
59820. Source=Paul Collins Startup list
59821.  
59822. [RegDoneEx]
59823. Number=8493
59824. Confirmed=X
59825. Filename=lsass.exe
59826. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target=_blank>WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
59827. Source=Paul Collins Startup list
59828.  
59829. [regedit]
59830. Number=8494
59831. Confirmed=X
59832. Filename=regedit.exe
59833. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110417-1631-99" target=_blank>BRID.A</a> WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder
59834. Source=Paul Collins Startup list
59835.  
59836. [REGEDIT]
59837. Number=8495
59838. Confirmed=X
59839. Filename=Regsrv32.com
59840. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112812-3725-99" target="_blank">SOUTHGHOST</a> WORM!
59841. Source=Paul Collins Startup list
59842.  
59843. [regedit]
59844. Number=8496
59845. Confirmed=X
59846. Filename=autoexe.exe
59847. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
59848. Source=Paul Collins Startup list
59849.  
59850. [regedit]
59851. Number=8497
59852. Confirmed=X
59853. Filename= svchost.exe ccRegVfy
59854. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053013-5106-99" target=_blank>HOTWORD.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
59855. Source=Paul Collins Startup list
59856.  
59857. [RegEdit32]
59858. Number=8498
59859. Confirmed=X
59860. Filename=RegEdit32.exe
59861. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
59862. Source=Paul Collins Startup list
59863.  
59864. [Regexit]
59865. Number=8499
59866. Confirmed=X
59867. Filename=runlli32.exe
59868. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
59869. Source=Paul Collins Startup list
59870.  
59871. [Regexit]
59872. Number=8500
59873. Confirmed=X
59874. Filename=Updadv.exe
59875. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
59876. Source=Paul Collins Startup list
59877.  
59878. [RegFreeze]
59879. Number=8501
59880. Confirmed=U
59881. Filename=regfreeze.exe
59882. Description=<a href="http://www.actualresearch.com/rf_overview.shtml" target=_blank>RegFreeze</a> anti-spyware software
59883. Source=Paul Collins Startup list
59884.  
59885. [reggsdg]
59886. Number=8502
59887. Confirmed=X
59888. Filename=spoolserv.exe
59889. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotms.html" target=_blank>SDBOT-MS</a> WORM!
59890. Source=Paul Collins Startup list
59891.  
59892. [RegHelp]
59893. Number=8503
59894. Confirmed=U
59895. Filename=svchosts.exe
59896. Description=<a href="http://www.cablehead.com/" target=_blank>SpyGraphica</a> spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."
59897. Source=Paul Collins Startup list
59898.  
59899. [reginfo32]
59900. Number=8504
59901. Confirmed=?
59902. Filename=reginfo32.exe
59903. Description=<font color="#FF0000">??</font>
59904. Source=Paul Collins Startup list
59905.  
59906. [Register Manager]
59907. Number=8505
59908. Confirmed=X
59909. Filename=RegistryManage.exe
59910. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYH&VSect=P" target=_blank>SDBOT.AYH</a> WORM!
59911. Source=Paul Collins Startup list
59912.  
59913. [Register MediaRing Talk]
59914. Number=8506
59915. Confirmed=N
59916. Filename=register.exe
59917. Description=If you don't want to register MediaRing and be reminded about it every bootup disable it
59918. Source=Paul Collins Startup list
59919.  
59920. [Register SeqChk]
59921. Number=8507
59922. Confirmed=?
59923. Filename=regsvr32.exe ..csseqchk.dll
59924. Description=<font color="#FF0000">??</font>
59925. Source=Paul Collins Startup list
59926.  
59927. [RegisterDropHandler]
59928. Number=8508
59929. Confirmed=U
59930. Filename=REGIST~1.EXE
59931. Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found <a href="http://www.nvdi.com/whertra/w950812.htm" target="_blank">here</a>. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
59932. Source=Paul Collins Startup list
59933.  
59934. [Registration Service]
59935. Number=8509
59936. Confirmed=X
59937. Filename=toker.exe
59938. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbb.html" target="_blank">SDBOT-BB</a> WORM!
59939. Source=Paul Collins Startup list
59940.  
59941. [Registration-Studio 8]
59942. Number=8510
59943. Confirmed=N
59944. Filename=RegTool.exe
59945. Description=Registration for <a href="http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=577&Langue_ID=2" target="_blank"> Pinnacle Studio Version 8</a> home video software from Pinnacle Systems
59946. Source=Paul Collins Startup list
59947.  
59948. [Registry]
59949. Number=8511
59950. Confirmed=X
59951. Filename=wscript.exe [path] ShakiraPics.jpg.vbs
59952. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_VBSWG.AQ" target="_blank">VBSWG.AQ</a> WORM!
59953. Source=Paul Collins Startup list
59954.  
59955. [Registry]
59956. Number=8512
59957. Confirmed=U
59958. Filename=class0117[random].exe
59959. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051317-2124-99" target=_blank>Blackbox</a> captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it
59960. Source=Paul Collins Startup list
59961.  
59962. [Registry Checkup]
59963. Number=8513
59964. Confirmed=X
59965. Filename=winreg.exe
59966. Description=Added by an unidentified WORM or TROJAN!
59967.  
59968. Source=Paul Collins Startup list
59969.  
59970. [Registry Checkup System326a Monitor]
59971. Number=8514
59972. Confirmed=X
59973. Filename=Winregs326a.exe
59974. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
59975. Source=Paul Collins Startup list
59976.  
59977. [Registry Integrity Checker]
59978. Number=8515
59979. Confirmed=X
59980. Filename=regintmon.exe
59981. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
59982. Source=Paul Collins Startup list
59983.  
59984. [Registry Integritycheck]
59985. Number=8516
59986. Confirmed=X
59987. Filename=WCPDT.EXE
59988. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrf.html" target=_blank>AGOBOT-RF</a> WORM!
59989. Source=Paul Collins Startup list
59990.  
59991. [Registry Loader]
59992. Number=8517
59993. Confirmed=X
59994. Filename=regloadr.exe
59995. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
59996. Source=Paul Collins Startup list
59997.  
59998. [Registry Loader]
59999. Number=8518
60000. Confirmed=X
60001. Filename=winhlpp32.exe
60002. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
60003. Source=Paul Collins Startup list
60004.  
60005. [Registry oidet]
60006. Number=8519
60007. Confirmed=X
60008. Filename=win32.exe
60009. Description=Added by the <a href="http://ae.trendmicro-middleeast.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_RBOT.BMT" target=_blank>RBOT.BMT</a> WORM!
60010. Source=Paul Collins Startup list
60011.  
60012. [Registry Protector]
60013. Number=8520
60014. Confirmed=X
60015. Filename=regprotect.exe
60016. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARIVER.A" target="_blank">ARIVER.A</a> WORM!
60017. Source=Paul Collins Startup list
60018.  
60019. [Registry Scanner]
60020. Number=8521
60021. Confirmed=X
60022. Filename=regscanr.exe
60023. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
60024. Source=Paul Collins Startup list
60025.  
60026. [Registry Server]
60027. Number=8522
60028. Confirmed=X
60029. Filename=regsrv32.exe
60030. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgm.html" target=_blank>RBOT-GM</a> WORM!
60031.  
60032. Source=Paul Collins Startup list
60033.  
60034. [Registry Service]
60035. Number=8523
60036. Confirmed=X
60037. Filename=REGSRV32.EXE
60038. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
60039. Source=Paul Collins Startup list
60040.  
60041. [Registry Service]
60042. Number=8524
60043. Confirmed=X
60044. Filename=resvs.exe
60045. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboti.html" target="_blank">DELBOT-I</a> WORM!
60046. Source=Paul Collins Startup list
60047.  
60048. [Registry Services]
60049. Number=8525
60050. Confirmed=X
60051. Filename=Registry.exe
60052. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121215-0104-99" target="_blank">CILE</a> TROJAN!
60053. Source=Paul Collins Startup list
60054.  
60055. [Registry Startup Check]
60056. Number=8526
60057. Confirmed=X
60058. Filename=checkreg.exe
60059. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremloada.html" target=_blank>REMLOAD-A</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdanmecb.html" target=_blank>DANMEC-B</a> TROJANS!
60060. Source=Paul Collins Startup list
60061.  
60062. [Registry System16 Checkup Monitor]
60063. Number=8527
60064. Confirmed=X
60065. Filename=SystemReg16.exe
60066. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
60067. Source=Paul Collins Startup list
60068.  
60069. [Registry System166 Checkup Monitor]
60070. Number=8528
60071. Confirmed=X
60072. Filename=SystemReg166.exe
60073. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
60074. Source=Paul Collins Startup list
60075.  
60076. [Registry Value Name]
60077. Number=8529
60078. Confirmed=X
60079. Filename=roses.exe
60080. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaft.html" target=_blank>RBOT-AFT</a> WORM!
60081. Source=Paul Collins Startup list
60082.  
60083. [Registry Value Name]
60084. Number=8530
60085. Confirmed=X
60086. Filename=service.exe
60087. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaht.html" target=_blank>RBOT-AHT</a> WORM!
60088. Source=Paul Collins Startup list
60089.  
60090. [Registry Value Name]
60091. Number=8531
60092. Confirmed=X
60093. Filename=winapi32.exe
60094. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
60095. Source=Paul Collins Startup list
60096.  
60097. [Registry Value Name Start]
60098. Number=8532
60099. Confirmed=X
60100. Filename=MsPMSPSa.exe
60101. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
60102. Source=Paul Collins Startup list
60103.  
60104. [RegistryCheck]
60105. Number=8533
60106. Confirmed=X
60107. Filename=rundll32.exe chkreg.dll, CheckRegistry
60108. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
60109. Source=Paul Collins Startup list
60110.  
60111. [RegistryChk]
60112. Number=8534
60113. Confirmed=X
60114. Filename=winbackup.exe
60115. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121117-0813-99" target="_blank">MERTIAN</a> WORM!
60116. Source=Paul Collins Startup list
60117.  
60118. [RegistryMechanic]
60119. Number=8535
60120. Confirmed=U
60121. Filename=RegMech.exe
60122. Description=<a href="http://www.pctools.com/registry-mechanic/" target="_blank">Registry Mechanic</a> - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
60123. Source=Paul Collins Startup list
60124.  
60125. [RegistryMonitor]
60126. Number=8536
60127. Confirmed=X
60128. Filename=registry.pif
60129. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
60130. Source=Paul Collins Startup list
60131.  
60132. [REGIST~1]
60133. Number=8537
60134. Confirmed=U
60135. Filename=REGIST~1.EXE
60136. Description=Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found <a href="http://www.nvdi.com/whertra/w950812.htm" target="_blank">here</a>. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
60137. Source=Paul Collins Startup list
60138.  
60139. [Regkey for autostart]
60140. Number=8538
60141. Confirmed=X
60142. Filename=winservice.exe
60143. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnu.html" target= blank>RBOT-NU</a> WORM!
60144. Source=Paul Collins Startup list
60145.  
60146. [RegKillTray]
60147. Number=8539
60148. Confirmed=U
60149. Filename=RegKillTray.exe
60150. Description=DVD region killer part of <a href="http://www.elby.ch/products/clone_dvd/index.html" target="_blank">CloneDVD</a> from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk
60151. Source=Paul Collins Startup list
60152.  
60153. [Regmonitor]
60154. Number=8540
60155. Confirmed=X
60156. Filename=regmaping.exe
60157. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021013-5042-99" target=_blank>BEAGLE.DO</a> WORM!
60158. Source=Paul Collins Startup list
60159.  
60160. [REGMSYS]
60161. Number=8541
60162. Confirmed=X
60163. Filename=[path to file]
60164. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html" target=_blank>LOWZONE-AX</a> TROJAN! 
60165. Source=Paul Collins Startup list
60166.  
60167. [RegMutex]
60168. Number=8542
60169. Confirmed=X
60170. Filename=lexplore_.exe
60171. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
60172. Source=Paul Collins Startup list
60173.  
60174. [RegPowerClean]
60175. Number=8543
60176. Confirmed=N
60177. Filename=RegPowerClean.exe
60178. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-021515-4552-99" target="_blank">RegistryPowerCleaner</a> is a security risk that may give exaggerated reports of errors in the registry of the compromised computer
60179. Source=Paul Collins Startup list
60180.  
60181. [RegProt]
60182. Number=8544
60183. Confirmed=Y
60184. Filename=Regprot.exe
60185. Description=<a href="http://www.diamondcs.com.au/index.php?page=regprot" target="_blank">RegistryProt</a> from Diamond Computer Systems - protects the system registry against changes
60186. Source=Paul Collins Startup list
60187.  
60188. [Regptmens]
60189. Number=8545
60190. Confirmed=X
60191. Filename=REGPTMENS.EXE
60192. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosed.html" target=_blank>BANCOS-ED</a> TROJAN!
60193. Source=Paul Collins Startup list
60194.  
60195. [Regro]
60196. Number=8546
60197. Confirmed=X
60198. Filename=rundll132.exe
60199. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092110-0056-99" target=_blank>OKARAG</a> TROJAN!
60200. Source=Paul Collins Startup list
60201.  
60202. [RegRun]
60203. Number=8547
60204. Confirmed=X
60205. Filename=mActiveX.exe
60206. Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
60207. Source=Paul Collins Startup list
60208.  
60209. [REGRUN]
60210. Number=8548
60211. Confirmed=X
60212. Filename=winfix22490.exe
60213. Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
60214. Source=Paul Collins Startup list
60215.  
60216. [REGRUN]
60217. Number=8549
60218. Confirmed=X
60219. Filename=[path to trojan]
60220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneah.html" target=_blank>LOWZONE-AH</a> TROJAN!
60221. Source=Paul Collins Startup list
60222.  
60223. [REGRUN]
60224. Number=8550
60225. Confirmed=X
60226. Filename=regeditt.exe
60227. Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
60228. Source=Paul Collins Startup list
60229.  
60230. [REGRUN]
60231. Number=8551
60232. Confirmed=X
60233. Filename=sory.exe
60234. Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
60235. Source=Paul Collins Startup list
60236.  
60237. [REGRUN]
60238. Number=8552
60239. Confirmed=X
60240. Filename=dialer.exe
60241. Description=Adware downloader - also detected as a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW" target="_blank">LOWZONES.BW</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.RD" target=_blank>AGENT.RD</a> TROJANS!
60242. Source=Paul Collins Startup list
60243.  
60244. [RegRun WinBait]
60245. Number=8553
60246. Confirmed=U
60247. Filename=winbait.exe
60248. Description=Part of <a href="http://www.regrun.com" target= blank>RegRun</a> - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..
60249. Source=Paul Collins Startup list
60250.  
60251. [Regrun2]
60252. Number=8554
60253. Confirmed=Y
60254. Filename=WatchDog.exe
60255. Description=Greatis Software's <a href="http://www.greatis.com/security/" target="_blank">RegRun</a> security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc
60256. Source=Paul Collins Startup list
60257.  
60258. [REGRUNM]
60259. Number=8555
60260. Confirmed=X
60261. Filename=autoprotect.exe
60262. Description=Added by an unidentified WORM or TROJAN!
60263. Source=Paul Collins Startup list
60264.  
60265. [Regrx]
60266. Number=8556
60267. Confirmed=X
60268. Filename=rundll32.exe
60269. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwayica.html" target=_blank>WAYIC-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). The file is located in C:\Windows
60270. Source=Paul Collins Startup list
60271.  
60272. [Regscan]
60273. Number=8557
60274. Confirmed=X
60275. Filename=regscanr.exe
60276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixse.html" target= blank>OPTIX-SE</a> TROJAN!
60277. Source=Paul Collins Startup list
60278.  
60279. [RegScan]
60280. Number=8558
60281. Confirmed=X
60282. Filename=DLLSRV32.EXE
60283. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEW&VSect=T" target=_blank>AGOBOT.AEW</a> WORM!
60284. Source=Paul Collins Startup list
60285.  
60286. [RegScan]
60287. Number=8559
60288. Confirmed=X
60289. Filename=Regscan.exe
60290. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012114-0753-99" target=_blank>TALEX</a> TROJAN!
60291. Source=Paul Collins Startup list
60292.  
60293. [RegServer]
60294. Number=8560
60295. Confirmed=?
60296. Filename=regserve.exe
60297. Description=Related to XGI Technology's <a href="http://www.xgitech.com/products/products_2.asp?P=4http://www.xgitech.com/products/products_2.asp?P=4" target=_blank>Volari</a> graphics cards - <font color="#FF0000">what does it do and is it required?</font>
60298. Source=Paul Collins Startup list
60299.  
60300. [regservices.exe]
60301. Number=8561
60302. Confirmed=X
60303. Filename=regservices.exe
60304. Description=Added by an unidentified VIRUS, WORM or TROJAN!
60305. Source=Paul Collins Startup list
60306.  
60307. [RegShave]
60308. Number=8562
60309. Confirmed=N
60310. Filename=regshave.exe
60311. Description=Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
60312.  
60313. Source=Paul Collins Startup list
60314.  
60315. [regsrv]
60316. Number=8563
60317. Confirmed=X
60318. Filename=regsrv.exe
60319. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.11" target="_blank">OPTIXPRO.11</a> TROJAN!
60320. Source=Paul Collins Startup list
60321.  
60322. [regsrv]
60323. Number=8564
60324. Confirmed=X
60325. Filename=scvhost.exe
60326. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGOBOT.E&VSect=P" target=_blank>AGOBOT.E</a> WORM!
60327. Source=Paul Collins Startup list
60328.  
60329. [regsrvc]
60330. Number=8565
60331. Confirmed=X
60332. Filename=regsrvc.exe
60333. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstopeda.html" target= blank>STOPED-A</a> TROJAN!
60334. Source=Paul Collins Startup list
60335.  
60336. [Regsv]
60337. Number=8566
60338. Confirmed=X
60339. Filename=regsv.exe
60340. Description=Search hijacker - redirecting to scheo.com
60341. Source=Paul Collins Startup list
60342.  
60343. [Regsvc]
60344. Number=8567
60345. Confirmed=X
60346. Filename=regsv.exe
60347. Description=Added by an unidentified TROJAN!
60348. Source=Paul Collins Startup list
60349.  
60350. [regsvc32]
60351. Number=8568
60352. Confirmed=X
60353. Filename=regsvc32.exe
60354. Description=Homepage hijacker that changes your homepage to an adult content site
60355. Source=Paul Collins Startup list
60356.  
60357. [regsvr]
60358. Number=8569
60359. Confirmed=X
60360. Filename=regsvr.exe
60361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwebmoneyg.html" target=_blank>WEBMONEY-G</a> TROJAN!
60362.  
60363. Source=Paul Collins Startup list
60364.  
60365. [REGSVR32]
60366. Number=8570
60367. Confirmed=U
60368. Filename=regsvr32.exe ctasio.dll
60369. Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
60370. Source=Paul Collins Startup list
60371.  
60372. [RegSvr32]
60373. Number=8571
60374. Confirmed=X
60375. Filename=msmsgs.exe
60376. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060712-1407-99" target=_blank>ZLOB.B</a> TROJAN!
60377. Source=Paul Collins Startup list
60378.  
60379. [regsync]
60380. Number=8572
60381. Confirmed=X
60382. Filename=regsync.exe
60383. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
60384. Source=Paul Collins Startup list
60385.  
60386. [regtmlp]
60387. Number=8573
60388. Confirmed=?
60389. Filename=N/A
60390. Description=<font color="#FF0000">??</font>
60391. Source=Paul Collins Startup list
60392.  
60393. [RegTweak]
60394. Number=8574
60395. Confirmed=U
60396. Filename=RegTwk.exe
60397. Description=<a href="http://www.rage3d.com/r3dtweak/" target="_blank">Rage3d Tweak</a> - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
60398. Source=Paul Collins Startup list
60399.  
60400. [RegVer]
60401. Number=8575
60402. Confirmed=X
60403. Filename=REGVER.EXE
60404. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.16" target="_blank">LATINUS.16</a> TROJAN!
60405. Source=Paul Collins Startup list
60406.  
60407. [RegVfy32]
60408. Number=8576
60409. Confirmed=X
60410. Filename=Regverif32.exe
60411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012115-5505-99" target=_blank>SYGYP.A</a> WORM!
60412. Source=Paul Collins Startup list
60413.  
60414. [RegWrite]
60415. Number=8577
60416. Confirmed=X
60417. Filename=csrss.exe
60418. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-083115-4755-99" target=_blank>SOKACAPS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Windows\Media folder
60419. Source=Paul Collins Startup list
60420.  
60421. [Regx10EXE]
60422. Number=8578
60423. Confirmed=Y
60424. Filename=atix10.exe
60425. Description=ATI <a href="http://www.ati.com/products/pc/remotewonder/" target="_blank">Remote WonderÖ</a> - PC wireless remote control driver. Required if you use it
60426. Source=Paul Collins Startup list
60427.  
60428. [reg_key]
60429. Number=8579
60430. Confirmed=X
60431. Filename=FUKULAMER.exe
60432. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072214-4513-99" target="_blank">BEAGLE.AH</a> WORM!
60433. Source=Paul Collins Startup list
60434.  
60435. [reg_key]
60436. Number=8580
60437. Confirmed=X
60438. Filename=loader_name.exe
60439. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070515-4756-99" target="_blank">BEAGLE.Y</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070515-0600-99" target="_blank">BEAGLE.Z</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071214-4817-99" target="_blank">BEAGLE.AA</a> WORMS!
60440. Source=Paul Collins Startup list
60441.  
60442. [Reg_WFT]
60443. Number=8581
60444. Confirmed=X
60445. Filename=Regsysw.com
60446. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121710-4804-99" target="_blank">WILSEF</a> VIRUS!
60447. Source=Paul Collins Startup list
60448.  
60449. [Reg_WFT]
60450. Number=8582
60451. Confirmed=X
60452. Filename=scanreg32.com
60453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsennaspyf.html" target=_blank>SENNASPY-F</a> TROJAN!
60454. Source=Paul Collins Startup list
60455.  
60456. [ReleaseRAM]
60457. Number=8583
60458. Confirmed=U
60459. Filename=RRAM.exe
60460. Description="<a href="http://www.releaseram.com/" target="_blank">Release RAM</a> allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
60461. Source=Paul Collins Startup list
60462.  
60463. [reload]
60464. Number=8584
60465. Confirmed=X
60466. Filename=reload.vbs
60467. Description=Added by the <a href="http://vil.nai.com/vil/content/v_98684.htm" target="_blank">LOVELETTER.AS</a> VIRUS!
60468. Source=Paul Collins Startup list
60469.  
60470. [Reload]
60471. Number=8585
60472. Confirmed=X
60473. Filename=reload.exe
60474. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
60475. Source=Paul Collins Startup list
60476.  
60477. [RemHelp]
60478. Number=8586
60479. Confirmed=N
60480. Filename=Remhelp.exe
60481. Description=BT Voyager ADSL Modem Help related
60482. Source=Paul Collins Startup list
60483.  
60484. [Reminder]
60485. Number=8587
60486. Confirmed=N
60487. Filename=reminder.exe
60488. Description=From MS Money. Reminds you of your bills
60489. Source=Paul Collins Startup list
60490.  
60491. [Reminder]
60492. Number=8588
60493. Confirmed=N
60494. Filename=Remind_XP.exe
60495. Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
60496. Source=Paul Collins Startup list
60497.  
60498. [Reminder-cpqXXXXX]
60499. Number=8589
60500. Confirmed=N
60501. Filename=remind32.exe
60502. Description=Compaq printer Registration
60503. Source=Paul Collins Startup list
60504.  
60505. [Reminder-hpcXXXXX]
60506. Number=8590
60507. Confirmed=N
60508. Filename=remind32.exe
60509. Description=HP CD-Writer Registration
60510. Source=Paul Collins Startup list
60511.  
60512. [Reminder-ranXXXXX]
60513. Number=8591
60514. Confirmed=N
60515. Filename=remind32.exe
60516. Description=Registration reminder widget for Rand Mcnally maps
60517. Source=Paul Collins Startup list
60518.  
60519. [reminder-ScanSoft Product Registration]
60520. Number=8592
60521. Confirmed=N
60522. Filename=remind32.exe
60523. Description=Registration reminder for ScanSoft products such as PaperPort
60524. Source=Paul Collins Startup list
60525.  
60526. [RemindMe]
60527. Number=8593
60528. Confirmed=U
60529. Filename=RemindMe.exe
60530. Description=<a href="http://www.beiley.com/remind-me/" target="_blank">Remind-Me</a> - calendar software
60531. Source=Paul Collins Startup list
60532.  
60533. [Remind_XP]
60534. Number=8594
60535. Confirmed=N
60536. Filename=Remind_XP.exe
60537. Description=HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list
60538. Source=Paul Collins Startup list
60539.  
60540. [Remndr]
60541. Number=8595
60542. Confirmed=X
60543. Filename=CsRemnd.exe
60544. Description=CasinoOnline foistware
60545. Source=Paul Collins Startup list
60546.  
60547. [Remote]
60548. Number=8596
60549. Confirmed=U
60550. Filename=Remote.exe
60551. Description=Remote Control driver for <a href="http://www.lifeview.com.tw/html/products/products.htm" target="_blank">LifeView</a> internal and external TV products
60552. Source=Paul Collins Startup list
60553.  
60554. [Remote Access]
60555. Number=8597
60556. Confirmed=U
60557. Filename=rnaapp.exe
60558. Description=Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
60559. Source=Paul Collins Startup list
60560.  
60561. [Remote Access Slave]
60562. Number=8598
60563. Confirmed=X
60564. Filename=Synchost.exe
60565. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112118-0605-99" target="_blank">RIPJAC</a> TROJAN!
60566. Source=Paul Collins Startup list
60567.  
60568. [Remote Control]
60569. Number=8599
60570. Confirmed=N
60571. Filename=Rc.exe
60572. Description=Hinet Hi-Five ISP software
60573. Source=Paul Collins Startup list
60574.  
60575. [Remote Controller]
60576. Number=8600
60577. Confirmed=N
60578. Filename=TVRMVCR.EXE
60579. Description=ProLink <a href="http://www.prolink-usa.com/english/product/mmpak/ppro.htm#title1" target=_blank>PlayTVpro</a> TV tuner software
60580. Source=Paul Collins Startup list
60581.  
60582. [Remote Desktop Computing]
60583. Number=8601
60584. Confirmed=U
60585. Filename=marspc.exe
60586. Description=<a href="http://www.downlinx.com/proghtml/345/34592.htm" target="_blank">Marspc</a> Remote Desktop Computing
60587. Source=Paul Collins Startup list
60588.  
60589. [Remote Desktop Help Session Manager]
60590. Number=8602
60591. Confirmed=X
60592. Filename=WinRDH.exe
60593. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
60594. Source=Paul Collins Startup list
60595.  
60596. [Remote Management Agent]
60597. Number=8603
60598. Confirmed=U
60599. Filename=zenrc32.exe
60600. Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZENworks</a> - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation
60601. Source=Paul Collins Startup list
60602.  
60603. [remote master]
60604. Number=8604
60605. Confirmed=U
60606. Filename=remote master.exe
60607. Description=Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
60608. Source=Paul Collins Startup list
60609.  
60610. [Remote Procedure Call]
60611. Number=8605
60612. Confirmed=X
60613. Filename=winrpc.exe
60614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkm.html" target="_blank">RBOT-KM</a> WORM!
60615. Source=Paul Collins Startup list
60616.  
60617. [Remote Procedure Call]
60618. Number=8606
60619. Confirmed=X
60620. Filename=winsysrpc.exe
60621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotps.html" target="_blank">SDBOT-PS</a> WORM!
60622. Source=Paul Collins Startup list
60623.  
60624. [Remote Procedure Call For Windows 32bit]
60625. Number=8607
60626. Confirmed=X
60627. Filename=rpc.exe
60628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmd.html" target="_blank">RBOT-MD</a> WORM!
60629. Source=Paul Collins Startup list
60630.  
60631. [Remote Procedure Call Locator]
60632. Number=8608
60633. Confirmed=X
60634. Filename=RUNDLL32.EXE reg678.dll ondll_reg
60635. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
60636. Source=Paul Collins Startup list
60637.  
60638. [Remote Procedure Calls]
60639. Number=8609
60640. Confirmed=X
60641. Filename=mswinrpc.exe
60642. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KJ" target="_blank">RBOT.KJ</a> WORM!
60643. Source=Paul Collins Startup list
60644.  
60645. [Remote Procedure Calls]
60646. Number=8610
60647. Confirmed=X
60648. Filename=mswinc.exe
60649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotit.html" target=_blank>RBOT-IT</a> WORM!
60650.  
60651. Source=Paul Collins Startup list
60652.  
60653. [Remote Procedure Calls]
60654. Number=8611
60655. Confirmed=X
60656. Filename=win.exe
60657. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqi.html" target=_blank>SDBOT-QI</a> WORM!
60658.  
60659. Source=Paul Collins Startup list
60660.  
60661. [Remote Update Monitor]
60662. Number=8612
60663. Confirmed=Y
60664. Filename=imonitor.exe
60665. Description=<a href="http://www.sophos.com/products/sav/" target=_blank>Sophos</a> Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer
60666. Source=Paul Collins Startup list
60667.  
60668. [RemoteAgent]
60669. Number=8613
60670. Confirmed=Y
60671. Filename=RAUAgent.exe
60672. Description=Trend Micro's Office Scan Client, see <a href="http://www.trendmicro-europe.com/relax/uk/" target=_blank>here</a> - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"
60673. Source=Paul Collins Startup list
60674.  
60675. [RemoteCenter]
60676. Number=8614
60677. Confirmed=U
60678. Filename=RcMan.exe
60679. Description=Remote control for Creative <a href="http://www.soundblaster.com/mediasource/" target="_blank">MediaSource</a> - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
60680. Source=Paul Collins Startup list
60681.  
60682. [RemoteControl]
60683. Number=8615
60684. Confirmed=U
60685. Filename=rmctrl.exe
60686. Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
60687.  
60688. Source=Paul Collins Startup list
60689.  
60690. [RemoteControl]
60691. Number=8616
60692. Confirmed=U
60693. Filename=PDVDServ.exe
60694. Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
60695.  
60696. Source=Paul Collins Startup list
60697.  
60698. [Remote_Agent]
60699. Number=8617
60700. Confirmed=N
60701. Filename=RemoteAgent.exe
60702. Description=<a href="http://www.cyberlink.com/" target=_blank>Cyberlink's</a> Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
60703.  
60704. Source=Paul Collins Startup list
60705.  
60706. [REMOVE ME]
60707. Number=8618
60708. Confirmed=X
60709. Filename=windos.exe
60710. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EE&VSect=P" target=_blank>SDBOT.EE</a> WORM!
60711. Source=Paul Collins Startup list
60712.  
60713. [Removecpl]
60714. Number=8619
60715. Confirmed=N
60716. Filename=Removecpl.exe
60717. Description=Related to a Belkin 54Mbps Wireless Utility Control Panel applet
60718. Source=Paul Collins Startup list
60719.  
60720. [Removed.exe]
60721. Number=8620
60722. Confirmed=X
60723. Filename=Removed.exe
60724. Description=GatorCheat - adware downloader
60725. Source=Paul Collins Startup list
60726.  
60727. [RemStart]
60728. Number=8621
60729. Confirmed=?
60730. Filename=remstart.exe
60731. Description=Part of McAfee's Remote Desktop 32 Agent application. <font color="#FF0000">What does it do and is it required?</font>
60732. Source=Paul Collins Startup list
60733.  
60734. [RenolB]
60735. Number=8622
60736. Confirmed=?
60737. Filename=ib.exe
60738. Description=<font color="#FF0000">??</font>
60739. Source=Paul Collins Startup list
60740.  
60741. [Replay Center]
60742. Number=8623
60743. Confirmed=U
60744. Filename=ReplayRadio.exe
60745. Description=<a href="http://www.applian.com/replay-radio/" target="_blank">Replay Radio</a> - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"
60746. Source=Paul Collins Startup list
60747.  
60748. [Replicator]
60749. Number=8624
60750. Confirmed=U
60751. Filename=PTReplicator.exe
60752. Description=<a href="http://www.karenware.com/powertools/ptreplicator.asp" target="_blank">Replicator</a> from Karen's powertools. "Automatically backup files, directories, even entire drives!"
60753. Source=Paul Collins Startup list
60754.  
60755. [RepliGo Assistant]
60756. Number=8625
60757. Confirmed=U
60758. Filename=RepliGoMon.exe
60759. Description=Cerience <a href="http://www.cerience.com/docs/ppc/docs/index.htm" target="_blank"> RepliGo</a> software - "any document you have on your PC can be transferred to your mobile device"
60760. Source=Paul Collins Startup list
60761.  
60762. [ReproPRD]
60763. Number=8626
60764. Confirmed=U
60765. Filename=PrdUsb.exe
60766. Description=Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work
60767. Source=Paul Collins Startup list
60768.  
60769. [requester]
60770. Number=8627
60771. Confirmed=X
60772. Filename=requester.*.exe
60773. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41000" target=_blank>MUQUEST.A</a> trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe
60774. Source=Paul Collins Startup list
60775.  
60776. [Requester]
60777. Number=8628
60778. Confirmed=X
60779. Filename=requester.11.exe
60780. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111517-1923-99" target=_blank>MUQUEST</a> TROJAN!
60781. Source=Paul Collins Startup list
60782.  
60783. [Required Service Drivers]
60784. Number=8629
60785. Confirmed=X
60786. Filename=micront.exe
60787. Description=Added by the <a href="http://www.sophos.co.nz/virusinfo/analyses/w32rbotabd.html" target= blank>RBOT-ABD</a> WORM!
60788. Source=Paul Collins Startup list
60789.  
60790. [resagnt]
60791. Number=8630
60792. Confirmed=X
60793. Filename=restun.exe
60794. Description=Adware downloader, identified by <a href="http://www.pandasoftware.com/" target="_blank">Panda</a> antivirus as Trojan.Downloader.ALQ
60795. Source=Paul Collins Startup list
60796.  
60797. [reseurce]
60798. Number=8631
60799. Confirmed=X
60800. Filename=[path to trojan]
60801. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageai.html" target=_blank>LINEAGE-AI</a> TROJAN!
60802. Source=Paul Collins Startup list
60803.  
60804. [reseurce]
60805. Number=8632
60806. Confirmed=X
60807. Filename=svchost.exe
60808. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagefv.html" target=_blank>LINEAGE-FV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
60809. Source=Paul Collins Startup list
60810.  
60811. [Resolution Assistant]
60812. Number=8633
60813. Confirmed=N
60814. Filename=matcli.exe
60815. Description=Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
60816. Source=Paul Collins Startup list
60817.  
60818. [Resource Meter]
60819. Number=8634
60820. Confirmed=N
60821. Filename=rsrcmtr.exe
60822. Description=Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
60823. Source=Paul Collins Startup list
60824.  
60825. [Restart Watch]
60826. Number=8635
60827. Confirmed=?
60828. Filename=Watch.exe
60829. Description=Associated with an <a href="http://www.eicon.com/worldwide/default.htm" target="_blank">Eicon Networks</a> Diva ISDN or ADSL modem. <font color="#FF0000">What does it do and is it required?</font>
60830. Source=Paul Collins Startup list
60831.  
60832. [Restart WSC Setting]
60833. Number=8636
60834. Confirmed=U
60835. Filename=wscrestp.exe
60836. Description=WinStart Commander - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes
60837. Source=Paul Collins Startup list
60838.  
60839. [Restart_VS]
60840. Number=8637
60841. Confirmed=?
60842. Filename=Viewsonic.exe
60843. Description=Could be a left-over from the installation of a Viewsonic flat panel display
60844. Source=Paul Collins Startup list
60845.  
60846. [RestoreDesktop]
60847. Number=8638
60848. Confirmed=U
60849. Filename=RestoreDesktop.exe
60850. Description=Softwarium <a href="http://www.softwarium.com/rdmac.html" target="_blank">Restore Desktop</a> "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"
60851. Source=Paul Collins Startup list
60852.  
60853. [RestoreIT!]
60854. Number=8639
60855. Confirmed=Y
60856. Filename=VBPTASK.EXE
60857. Description=<a href="http://www.farstone.com/software/restoreit.htm" target="_blank">RestoreIT!</a> from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure"
60858. Source=Paul Collins Startup list
60859.  
60860. [restory]
60861. Number=8640
60862. Confirmed=X
60863. Filename=restory.exe
60864. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
60865. Source=Paul Collins Startup list
60866.  
60867. [Resume Copy]
60868. Number=8641
60869. Confirmed=U
60870. Filename=copyfstq.exe
60871. Description=Part of <a href="http://ranvik.net/totalcopy/" target="_blank">Total Copy</a> - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function
60872. Source=Paul Collins Startup list
60873.  
60874. [ResumeFixClocks]
60875. Number=8642
60876. Confirmed=U
60877. Filename=resumefix.exe
60878. Description=Part of the <a href="http://radeontweaker.sourceforge.net/" target="_blank">RadeonTweaker</a> utility for overclocking ATI Radeon graphics cards
60879. Source=Paul Collins Startup list
60880.  
60881. [retime]
60882. Number=8643
60883. Confirmed=X
60884. Filename=retime.exe
60885. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031019-1413-99" target="_blank">GIPMA</a> TROJAN!
60886. Source=Paul Collins Startup list
60887.  
60888. [RetrieverScheduler]
60889. Number=8644
60890. Confirmed=U
60891. Filename=retrieverscheduler.exe
60892. Description=<a href="http://www.80-20.com/news/press-releases/2003_09_05.asp" target="_blank">80-20 Retriever</a> from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
60893. Source=Paul Collins Startup list
60894.  
60895. [RetroExpress]
60896. Number=8645
60897. Confirmed=U
60898. Filename=RetroExpress.exe
60899. Description=EMC (was Dantz) <a href="http://www.emcinsignia.com/products/homeandoffice/retroexpress/" target="_blank">Retrospect Express</a> - backup software for external hardware storage devices
60900. Source=Paul Collins Startup list
60901.  
60902. [RevoTaskbarApp]
60903. Number=8646
60904. Confirmed=U
60905. Filename=RevoTask.exe
60906. Description=Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
60907. Source=Paul Collins Startup list
60908.  
60909. [RexSyMon]
60910. Number=8647
60911. Confirmed=N
60912. Filename=rexsymon.exe
60913. Description=Intellisync for REX sychronization software for <a href="http://support.intel.com/support/peripherals/xc/pda/" target="_blank">Xircom REX MicroPDAs</a> for sharing information between the PDA and PC
60914. Source=Paul Collins Startup list
60915.  
60916. [RF]
60917. Number=8648
60918. Confirmed=X
60919. Filename=EC.exe
60920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageu.html" target=_blank>LINEAGE-U</a> TROJAN!
60921. Source=Paul Collins Startup list
60922.  
60923. [rfagent]
60924. Number=8649
60925. Confirmed=U
60926. Filename=rfagent.exe
60927. Description=<a href="http://www.rosecitysoftware.com/reg1aid/" target="_blank">Registry First Aid</a> - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
60928. Source=Paul Collins Startup list
60929.  
60930. [rforce]
60931. Number=8650
60932. Confirmed=X
60933. Filename=EXP1ORER.EXE
60934. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.KN&VSect=T" target=_blank>DROPPER.KN</a> TROJAN! Note the number "1" in the filename rather than letter "L". It also drops another file named DEVICEMAP.SYS which is the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ROOTKIT.O" target=_blank>ROOTKIT.O</a> TROJAN!
60935. Source=Paul Collins Startup list
60936.  
60937. [RFTray]
60938. Number=8651
60939. Confirmed=N
60940. Filename=RFTRay.exe
60941. Description=Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
60942. Source=Paul Collins Startup list
60943.  
60944. [rfw]
60945. Number=8652
60946. Confirmed=Y
60947. Filename=Rfw.exe
60948. Description=<a href="http://www.ravantivirus.com/" target=_blank>RAV</a> AntiVirus
60949.  
60950. Source=Paul Collins Startup list
60951.  
60952. [rfwydg]
60953. Number=8653
60954. Confirmed=?
60955. Filename=rfwydg.exe
60956. Description=<font color="#FF0000">??</font>
60957. Source=Paul Collins Startup list
60958.  
60959. [RFX_auto_upgrade]
60960. Number=8654
60961. Confirmed=N
60962. Filename=rundll32.exe npvpg005.dll
60963. Description=A browser plugin called the RichFX player. <a href="http://download.richfx.com/player/uninstall.exe">Here</a> is a link to download RichFX's solution to removing the auto upgrade
60964. Source=Paul Collins Startup list
60965.  
60966. [Rg2catbd]
60967. Number=8655
60968. Confirmed=X
60969. Filename=Rg2catbd.exe
60970. Description=Added by a variant of the BANLOAD family of TROJANS!
60971. Source=Paul Collins Startup list
60972.  
60973. [RH]
60974. Number=8656
60975. Confirmed=U
60976. Filename=rh32.exe
60977. Description=EuroFonts - adds Euro symbols to pre-Euro computers
60978. Source=Paul Collins Startup list
60979.  
60980. [Rhino]
60981. Number=8657
60982. Confirmed=X
60983. Filename=[random name]32.exe
60984. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110916-0038-99" target=_blank>BOFRA.A</a> WORM!
60985. Source=Paul Collins Startup list
60986.  
60987. [RhinoBlocker]
60988. Number=8658
60989. Confirmed=U
60990. Filename=RhinoBlocker.exe
60991. Description=<a href="http://www.rhinoblocker.com/" target="_blank">RhinoBlocker</a> - pop-up stopper
60992. Source=Paul Collins Startup list
60993.  
60994. [RHPTray]
60995. Number=8659
60996. Confirmed=N
60997. Filename=RHPTray.exe
60998. Description=System tray access to <a href="http://www.redhotpawn.com/" target=_blank>Red Hot Pawn</a> - online chess
60999.  
61000. Source=Paul Collins Startup list
61001.  
61002. [RHSI SHS]
61003. Number=8660
61004. Confirmed=N
61005. Filename=SHS.exe
61006. Description=<a href="http://www.rogershelp.com/help/content/download/software/softwareinfo.shtml" target="_blank">Rogers Hi-Speed Internet</a> software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"
61007. Source=Paul Collins Startup list
61008.  
61009. [RichMedia]
61010. Number=8661
61011. Confirmed=X
61012. Filename=HBHelper.dll
61013. Description=<a href="http://www.sophos.com/virusinfo/analyses/henbang.html" target="_blank">HenBang</a> adware
61014. Source=Paul Collins Startup list
61015.  
61016. [RichMedia]
61017. Number=8662
61018. Confirmed=X
61019. Filename=rundll32.exe [path] hbcast.dll, WaitWindows
61020. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121917-4147-99" target="_blank">Henbang</a> adware variant
61021. Source=Paul Collins Startup list
61022.  
61023. [richup]
61024. Number=8663
61025. Confirmed=X
61026. Filename=richup.exe
61027. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
61028.  
61029. Source=Paul Collins Startup list
61030.  
61031. [RightFAX Print-to-Fax Driver]
61032. Number=8664
61033. Confirmed=U
61034. Filename=FaxCtrl.exe
61035. Description=Part of <a href="http://www.captaris.com/rightfax/index.html" target="_blank">RightFAX</a> from Captaris - "the proven market leader in fax server and document delivery software"
61036. Source=Paul Collins Startup list
61037.  
61038. [Ring Central Fax]
61039. Number=8665
61040. Confirmed=U
61041. Filename=rcenterrll.exe
61042. Description=Only needed if you want a PC to answer faxes automatically
61043. Source=Paul Collins Startup list
61044.  
61045. [rIOphosIs]
61046. Number=8666
61047. Confirmed=X
61048. Filename=rIOPHosIs.vBS
61049. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090917-5916-99" target="_blank">RIOSYS</a> MACRO!
61050. Source=Paul Collins Startup list
61051.  
61052. [Riorad Manager]
61053. Number=8667
61054. Confirmed=N
61055. Filename=riomgr.exe
61056. Description="<a href="http://www.redchairsoftware.com/riorad/" target="_blank">Riorad Explorer</a> is hands-down the most advanced Windows software companion for your Rio MP3 player"
61057. Source=Paul Collins Startup list
61058.  
61059. [RivaTuner]
61060. Number=8668
61061. Confirmed=U
61062. Filename=RivaTuner.exe
61063. Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
61064. Source=Paul Collins Startup list
61065.  
61066. [RivaTunerStartupDaemon]
61067. Number=8669
61068. Confirmed=U
61069. Filename=RivaTuner.exe
61070. Description=<a href="http://guru3d.com/rivatuner/" target="_blank">RivaTuner</a> for tweaking nVidia graphics cards. Required if you make any changes
61071. Source=Paul Collins Startup list
61072.  
61073. [RjLyraInstaller]
61074. Number=8670
61075. Confirmed=?
61076. Filename=setup.exe
61077. Description=<font color="#FF0000">??</font>
61078. Source=Paul Collins Startup list
61079.  
61080. [rmalt]
61081. Number=8671
61082. Confirmed=X
61083. Filename=[random filename]
61084. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickercs.html" target="_blank">CLICKER-CS</a> TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more
61085. Source=Paul Collins Startup list
61086.  
61087. [rmctrl]
61088. Number=8672
61089. Confirmed=U
61090. Filename=rmctrl.exe
61091. Description=Remote Control background application for Cyberlink's <a href="http://www.cyberlink.com/multi/products/main_1_ENU.html" target=_blank>PowerDVD</a> version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
61092.  
61093. Source=Paul Collins Startup list
61094.  
61095. [rmdrfje.dll]
61096. Number=8673
61097. Confirmed=X
61098. Filename=rundll32.exe [path] rmdrfje.dll
61099. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadranm.html" target="_blank">DLOADR-ANM</a> TROJAN!
61100. Source=Paul Collins Startup list
61101.  
61102. [rmmon]
61103. Number=8674
61104. Confirmed=N
61105. Filename=mprmmon.exe
61106. Description=Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card
61107. Source=Paul Collins Startup list
61108.  
61109. [RMremote]
61110. Number=8675
61111. Confirmed=?
61112. Filename=RmRemote.exe
61113. Description=Remote control driver for <a href="http://www.sigmadesigns.com/products/xcard.htm" target="_blank">REALmagic Xcard</a>.<font color="#FF0000"> Is it required?</font>
61114. Source=Paul Collins Startup list
61115.  
61116. [rn4d]
61117. Number=8676
61118. Confirmed=X
61119. Filename=dirote.exe
61120. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_MAROON.A" target=_blank>MAROON.A</a> TROJAN!
61121. Source=Paul Collins Startup list
61122.  
61123. [Rnaomflt]
61124. Number=8677
61125. Confirmed=U
61126. Filename=naomf.exe
61127. Description=<a href="http://www.radiance.m6.net/" target=_blank>Naomi</a> internet filtering software
61128. Source=Paul Collins Startup list
61129.  
61130. [RNBc Test]
61131. Number=8678
61132. Confirmed=X
61133. Filename=wf32vbs.exe
61134. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagr.html" target=_blank>RBOT-AGR</a> WORM!
61135. Source=Paul Collins Startup list
61136.  
61137. [RNBc Test]
61138. Number=8679
61139. Confirmed=X
61140. Filename=bvldv32.exe
61141. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajf.html" target=_blank>RBOT-AJF</a> WORM!
61142. Source=Paul Collins Startup list
61143.  
61144. [RNBOStart]
61145. Number=8680
61146. Confirmed=U
61147. Filename=sentstrt.exe
61148. Description=Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools
61149. Source=Paul Collins Startup list
61150.  
61151. [RNBz Test]
61152. Number=8681
61153. Confirmed=X
61154. Filename=wf32vbc.exe
61155. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaey.html" target=_blank>RBOT-AEY</a> WORM!
61156. Source=Paul Collins Startup list
61157.  
61158. [RNDc Test]
61159. Number=8682
61160. Confirmed=X
61161. Filename=wf32b.exe
61162. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
61163. Source=Paul Collins Startup list
61164.  
61165. [rndll2]
61166. Number=8683
61167. Confirmed=?
61168. Filename=rndll2.exe
61169. Description=<font color="#FF0000">May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?</font>
61170. Source=Paul Collins Startup list
61171.  
61172. [rngmf]
61173. Number=8684
61174. Confirmed=X
61175. Filename=[path to trojan]
61176. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102714-5526-99" target="_blank">RANKY.C</a> TROJAN!
61177. Source=Paul Collins Startup list
61178.  
61179. [Rnudll32]
61180. Number=8685
61181. Confirmed=X
61182. Filename=tadxtr.exe
61183. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpasso.html" target=_blank>QQPASS-O</a> TROJAN!
61184. Source=Paul Collins Startup list
61185.  
61186. [rnxqh]
61187. Number=8686
61188. Confirmed=?
61189. Filename=rnxqh.exe
61190. Description=<font color="#FF0000">??</font>
61191. Source=Paul Collins Startup list
61192.  
61193. [Roam04]
61194. Number=8687
61195. Confirmed=X
61196. Filename=ActiveX.exe
61197. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojroamera.html" target=_blank>ROAMER-A</a> TROJAN!
61198. Source=Paul Collins Startup list
61199.  
61200. [RoboForm]
61201. Number=8688
61202. Confirmed=N
61203. Filename=RoboTaskBarIcon.exe
61204. Description=Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
61205. Source=Paul Collins Startup list
61206.  
61207. [RoboFormWatcher]
61208. Number=8689
61209. Confirmed=N
61210. Filename=RoboFormWatcher.exe
61211. Description=<a href="http://www.roboform.com/" target="_blank">Roboform</a> from Siber Systems. Automatically completes web forms. Available via Start -> Programs
61212. Source=Paul Collins Startup list
61213.  
61214. [Rocket.Time]
61215. Number=8690
61216. Confirmed=U
61217. Filename=RocketTime.exe
61218. Description=<a href="http://www.rocketsoftware.com/portfolio/rockettime" target="_blank">Rocket.Time</a> - time synchronization software from Rocket Software
61219. Source=Paul Collins Startup list
61220.  
61221. [Roflcopteur]
61222. Number=8691
61223. Confirmed=X
61224. Filename=seman.exe
61225. Description=Added by an unidentified WORM or TROJAN!
61226. Source=Paul Collins Startup list
61227.  
61228. [roketpipe]
61229. Number=8692
61230. Confirmed=?
61231. Filename=rpclient.exe
61232. Description=<font color="#FF0000">??</font>
61233. Source=Paul Collins Startup list
61234.  
61235. [Rollback]
61236. Number=8693
61237. Confirmed=U
61238. Filename=RollbackTray.exe
61239. Description=Added by the <a href="http://www.horizondatasys.com/169614.ihtml" target="_blank">RollBack Rx</a> system restore program
61240. Source=Paul Collins Startup list
61241.  
61242. [rollbk]
61243. Number=8694
61244. Confirmed=X
61245. Filename=dsm.exe
61246. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
61247. Source=Paul Collins Startup list
61248.  
61249. [rollbk]
61250. Number=8695
61251. Confirmed=X
61252. Filename=msmpatch.exe
61253. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
61254. Source=Paul Collins Startup list
61255.  
61256. [rollbk]
61257. Number=8696
61258. Confirmed=X
61259. Filename=svosm.exe
61260. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
61261. Source=Paul Collins Startup list
61262.  
61263. [rollbk]
61264. Number=8697
61265. Confirmed=X
61266. Filename=sysup.exe
61267. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030723-2605-99" target=_blank>SERFLOG.B</a> WORM!
61268. Source=Paul Collins Startup list
61269.  
61270. [romahere]
61271. Number=8698
61272. Confirmed=X
61273. Filename=matrixhere.exe
61274. Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
61275.  
61276. Source=Paul Collins Startup list
61277.  
61278. [romahere2]
61279. Number=8699
61280. Confirmed=X
61281. Filename=************.exe [* = random char]
61282. Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperae.html" target= blank>KREPPER-AE</a> TROJAN!
61283.  
61284. Source=Paul Collins Startup list
61285.  
61286. [romahere3]
61287. Number=8700
61288. Confirmed=X
61289. Filename=************.exe [* = random char]
61290. Description=<a href="http://allentech.net/parasite/SuperSpider.html" target=_blank>SuperSpider</a> hijacker - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperae.html" target= blank>KREPPER-AE</a> TROJAN!
61291.  
61292. Source=Paul Collins Startup list
61293.  
61294. [Root_Machine]
61295. Number=8701
61296. Confirmed=X
61297. Filename=[path to trojan]
61298. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandi.html" target=_blank>BANCBAN-DI</a> TROJAN!
61299. Source=Paul Collins Startup list
61300.  
61301. [ROOT_Machine]
61302. Number=8702
61303. Confirmed=X
61304. Filename=winlogon.exe
61305. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfi.html" target=_blank>BANKER-FI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windows\inf or Winnt\inf folder
61306. Source=Paul Collins Startup list
61307.  
61308. [ROUTD]
61309. Number=8703
61310. Confirmed=?
61311. Filename=ROUTD.exe
61312. Description=<font color="#FF0000">??</font>
61313. Source=Paul Collins Startup list
61314.  
61315. [RoxAssist]
61316. Number=8704
61317. Confirmed=N
61318. Filename=RoxAssist.exe
61319. Description=Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually
61320. Source=Paul Collins Startup list
61321.  
61322. [Roxio Engine]
61323. Number=8705
61324. Confirmed=?
61325. Filename=MSMNGR32.EXE
61326. Description=<font color="#FF0000">Not believed to be a valid Roxio program - more likely a variant on the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.A" target="_blank"> WOMANIZ.A</a> TROJAN!</font>
61327. Source=Paul Collins Startup list
61328.  
61329. [RoxioAudioCentral]
61330. Number=8706
61331. Confirmed=N
61332. Filename=RxMon.exe
61333. Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. 
61334. Source=Paul Collins Startup list
61335.  
61336. [RoxioDragToDisc]
61337. Number=8707
61338. Confirmed=N
61339. Filename=DrgToDsc.exe
61340. Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
61341. Source=Paul Collins Startup list
61342.  
61343. [RoxioEngineUtility]
61344. Number=8708
61345. Confirmed=Y
61346. Filename=EngUtil.exe
61347. Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
61348. Source=Paul Collins Startup list
61349.  
61350. [RoxWatchTray]
61351. Number=8709
61352. Confirmed=N
61353. Filename=RoxWatchTray.exe
61354. Description=System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the ôWatched Foldersö feature of Roxio ON or OFF
61355. Source=Paul Collins Startup list
61356.  
61357. [RP32]
61358. Number=8710
61359. Confirmed=U
61360. Filename=rp32.exe
61361. Description=<a href="http://www3.ca.com/solutions/Product.aspx?ID=228" target="_blank">Unicenter Remote Control</a> (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems
61362. Source=Paul Collins Startup list
61363.  
61364. [RPC]
61365. Number=8711
61366. Confirmed=X
61367. Filename=MSschost.exe
61368. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>GAOBOT/AGOBOT</a> WORM!
61369. Source=Paul Collins Startup list
61370.  
61371. [RPC Patcher]
61372. Number=8712
61373. Confirmed=X
61374. Filename=[path to worm]
61375. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112019-2425-99" target="_blank">BOLGI</a> WORM!
61376. Source=Paul Collins Startup list
61377.  
61378. [RPC Service]
61379. Number=8713
61380. Confirmed=X
61381. Filename=[random filename]
61382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooraad.html" target="_blank">AAD</a> TROJAN!
61383. Source=Paul Collins Startup list
61384.  
61385. [rpc Win32]
61386. Number=8714
61387. Confirmed=X
61388. Filename=shost32.exe
61389. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabl.html" target= blank>RBOT-ABL</a> WORM!
61390. Source=Paul Collins Startup list
61391.  
61392. [rpc Win32]
61393. Number=8715
61394. Confirmed=X
61395. Filename=spoolscv.exe
61396. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
61397. Source=Paul Collins Startup list
61398.  
61399. [rpcc]
61400. Number=8716
61401. Confirmed=X
61402. Filename=rpcc.exe
61403. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspammite.html" target="_blank">SPAMMIT-E</a> TROJAN!
61404. Source=Paul Collins Startup list
61405.  
61406. [rpcda Win32]
61407. Number=8717
61408. Confirmed=X
61409. Filename=rpcda.exe
61410. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaee.html" target=_blank>RBOT-AE</a> WORM!
61411. Source=Paul Collins Startup list
61412.  
61413. [RPCser32g]
61414. Number=8718
61415. Confirmed=X
61416. Filename=services.exe
61417. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ritdoorc.html" target=_blank>RITDOOR-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
61418. Source=Paul Collins Startup list
61419.  
61420. [RPCserr32g]
61421. Number=8719
61422. Confirmed=X
61423. Filename=winlogon.exe
61424. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ritdoorb.html" target=_blank>RITDOOR-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
61425. Source=Paul Collins Startup list
61426.  
61427. [RPCserv32]
61428. Number=8720
61429. Confirmed=X
61430. Filename=services.exe
61431. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012012-2236-99" target=_blank>MYDOOM.AL</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
61432. Source=Paul Collins Startup list
61433.  
61434. [RPCserv32g]
61435. Number=8721
61436. Confirmed=X
61437. Filename=services.exe
61438. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070416-3225-99" target=_blank>BOBAX.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
61439. Source=Paul Collins Startup list
61440.  
61441. [RPCserv32g]
61442. Number=8722
61443. Confirmed=X
61444. Filename=CSRSS.EXE
61445. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
61446. Source=Paul Collins Startup list
61447.  
61448. [RPCserv32g]
61449. Number=8723
61450. Confirmed=X
61451. Filename=MSDEFR.EXE
61452. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM!
61453. Source=Paul Collins Startup list
61454.  
61455. [RPCserv32g]
61456. Number=8724
61457. Confirmed=X
61458. Filename=NB32EXT2.EXE
61459. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM!
61460. Source=Paul Collins Startup list
61461.  
61462. [RPCserv32g]
61463. Number=8725
61464. Confirmed=X
61465. Filename=WINLOGON.EXE
61466. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.AD&VSect=P" target=_blank>BOBAX.AD</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
61467. Source=Paul Collins Startup list
61468.  
61469. [RPCSS.exe]
61470. Number=8726
61471. Confirmed=Y
61472. Filename=rpcss.exe
61473. Description=Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see <a href="http://www.cexx.org/rpc.htm" target="_blank">here</a>
61474. Source=Paul Collins Startup list
61475.  
61476. [RpcxWindows Extensions]
61477. Number=8727
61478. Confirmed=X
61479. Filename=rpcxwinex.exe
61480. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACP" target="_blank">RBOT.ACP</a> WORM!
61481. Source=Paul Collins Startup list
61482.  
61483. [Rr2]
61484. Number=8728
61485. Confirmed=X
61486. Filename=rundll32.exe
61487. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagadi.html" target="_blank">LINEAG-ADI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "addins" sub-folder
61488. Source=Paul Collins Startup list
61489.  
61490. [RRMedic]
61491. Number=8729
61492. Confirmed=X
61493. Filename=rrmedic.exe
61494. Description=Troubleshooting utility for the <a href="http://www.rr.com/rdrun/" target="_blank">RoadRunner</a> cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
61495. Source=Paul Collins Startup list
61496.  
61497. [rscmpt]
61498. Number=8730
61499. Confirmed=U
61500. Filename=rscmpt.exe
61501. Description=Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see <a href="http://www.guru3d.com/comments.php?category=1&id=673" target="_blank">here</a>. High CPU useage results - hence the U status
61502. Source=Paul Collins Startup list
61503.  
61504. [rsmb]
61505. Number=8731
61506. Confirmed=X
61507. Filename=rsmb.exe
61508. Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_c.shtml" target="_blank">WAREZOV.C</a> WORM!
61509. Source=Paul Collins Startup list
61510.  
61511. [rsMenu]
61512. Number=8732
61513. Confirmed=U
61514. Filename=rsMenu.exe
61515. Description=Synchronizes a Casio PDA with MS Outlook
61516. Source=Paul Collins Startup list
61517.  
61518. [RSPC Driver]
61519. Number=8733
61520. Confirmed=X
61521. Filename=[random filename].exe
61522. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsn.html" target=_blank>RBOT-SN</a> WORM!
61523. Source=Paul Collins Startup list
61524.  
61525. [RSPC Driver D]
61526. Number=8734
61527. Confirmed=X
61528. Filename=[random filename]
61529. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
61530. Source=Paul Collins Startup list
61531.  
61532. [RSRCMTZ]
61533. Number=8735
61534. Confirmed=?
61535. Filename=RSRCMTZ.exe
61536. Description=<font color="#FF0000">??</font>
61537. Source=Paul Collins Startup list
61538.  
61539. [RSS]
61540. Number=8736
61541. Confirmed=X
61542. Filename=rundll32 RSSToolbar.dll, DllRunMain
61543. Description="Related Sites" toolbar - SearchAndClick hijacker variant
61544. Source=Paul Collins Startup list
61545.  
61546. [RssReader]
61547. Number=8737
61548. Confirmed=U
61549. Filename=RssReader.exe
61550. Description=<a href="http://www.rssreader.com/" target="_blank">RssReader</a> - a free RSS reader able to display any RSS and Atom news feed (XML)
61551. Source=Paul Collins Startup list
61552.  
61553. [RSync]
61554. Number=8738
61555. Confirmed=X
61556. Filename=netsync.exe
61557. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050804-2316-99" target=_blank>SafeSurfing</a> adware
61558. Source=Paul Collins Startup list
61559.  
61560. [rtasks]
61561. Number=8739
61562. Confirmed=N
61563. Filename=rtasks.exe
61564. Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
61565. Source=Paul Collins Startup list
61566.  
61567. [rtcdll]
61568. Number=8740
61569. Confirmed=U
61570. Filename=rtcdll.exe
61571. Description=RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger.  Most people use MSN Messenger instead, so it is not required in those cases
61572. Source=Paul Collins Startup list
61573.  
61574. [RTHDCPL]
61575. Number=8741
61576. Confirmed=U
61577. Filename=RTHDCPL.EXE
61578. Description=Realtek HD Audio Sound Effect Manager
61579. Source=Paul Collins Startup list
61580.  
61581. [RtHDVCpl]
61582. Number=8742
61583. Confirmed=U
61584. Filename=RtHDVCpl.exe
61585. Description=High definition audio codec driver from Realtek Semiconductor
61586. Source=Paul Collins Startup list
61587.  
61588. [RtlMon.exe]
61589. Number=8743
61590. Confirmed=N
61591. Filename=RtlMon.exe
61592. Description=Monitor for RealTek network card
61593. Source=Paul Collins Startup list
61594.  
61595. [RTMonitor]
61596. Number=8744
61597. Confirmed=Y
61598. Filename=RTMonitor.exe
61599. Description=Cheyenne (now <a href="http://ca.com/" target=_blank>eTrust</a>) antivirus
61600. Source=Paul Collins Startup list
61601.  
61602. [rtos]
61603. Number=8745
61604. Confirmed=X
61605. Filename=rtos.exe
61606. Description=IRC trojan
61607. Source=Paul Collins Startup list
61608.  
61609. [RTStartMute]
61610. Number=8746
61611. Confirmed=?
61612. Filename=N/A
61613. Description=<font color="#FF0000">??</font>
61614. Source=Paul Collins Startup list
61615.  
61616. [rtvscn95]
61617. Number=8747
61618. Confirmed=Y
61619. Filename=RTVSCN95.EXE
61620. Description=Real-time virus scanner component of Norton Anti-Virus Corporate Edition
61621. Source=Paul Collins Startup list
61622.  
61623. [RtWLan]
61624. Number=8748
61625. Confirmed=U
61626. Filename=RtWLan.exe
61627. Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/GWirelessAdapters/WG111.aspx" target="_blank">WG111</a> 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
61628. Source=Paul Collins Startup list
61629.  
61630. [Ruby13]
61631. Number=8749
61632. Confirmed=X
61633. Filename=Ruby13.exe
61634. Description=Added by the <a href="http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2004-091516-4052-99&tabid=2" target="_blank">MEXER.E</a> WORM!
61635. Source=Paul Collins Startup list
61636.  
61637. [Ruby14]
61638. Number=8750
61639. Confirmed=X
61640. Filename=Ruby14.exe
61641. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fightruba.html" target=_blank>FIGHTRUB-A</a> WORM!
61642.  
61643. Source=Paul Collins Startup list
61644.  
61645. [ruin]
61646. Number=8751
61647. Confirmed=X
61648. Filename=system32.exe
61649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfjm.html" target= blank>DELF-JM</a> TROJAN!
61650. Source=Paul Collins Startup list
61651.  
61652. [RuLaunch]
61653. Number=8752
61654. Confirmed=U
61655. Filename=RuLaunch.exe
61656. Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
61657. Source=Paul Collins Startup list
61658.  
61659. [run]
61660. Number=8753
61661. Confirmed=X
61662. Filename=Autoexec.com
61663. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
61664. Source=Paul Collins Startup list
61665.  
61666. [run]
61667. Number=8754
61668. Confirmed=X
61669. Filename=inetinfo.exe
61670. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
61671. Source=Paul Collins Startup list
61672.  
61673. [Run]
61674. Number=8755
61675. Confirmed=X
61676. Filename=help.exe
61677. Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
61678. Source=Paul Collins Startup list
61679.  
61680. [run]
61681. Number=8756
61682. Confirmed=X
61683. Filename=[path] rundll32.exe rsrc.dll
61684. Description=Browser hijacker of Chinese origin, redirecting to 4199.com
61685. Source=Paul Collins Startup list
61686.  
61687. [Run Msn Messenger]
61688. Number=8757
61689. Confirmed=X
61690. Filename=msnmgr.exe
61691. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HA" target=_blank>AGOBOT.HA</a> WORM!
61692. Source=Paul Collins Startup list
61693.  
61694. [Run MSupdt32]
61695. Number=8758
61696. Confirmed=X
61697. Filename=wscript MSupdt32.vbs
61698. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022013-4140-99" target="_blank">CASER</a> WORM!
61699. Source=Paul Collins Startup list
61700.  
61701. [Run Nintendo Wi-Fi USB Connector Registration Tool]
61702. Number=8759
61703. Confirmed=U
61704. Filename=NintendoWFCReg.exe
61705. Description=Related to <a href="http://www.nintendowifi.com/global/index.jsp" target="_blank">Wi-Fi USB Connector</a> from Nintendo
61706. Source=Paul Collins Startup list
61707.  
61708. [Run POPFile in background]
61709. Number=8760
61710. Confirmed=U
61711. Filename=perl.exe
61712. Description=<a href="http://popfile.sourceforge.net/" target="_blank">POPFile</a> - E-mail spam blocker
61713. Source=Paul Collins Startup list
61714.  
61715. [Run POPFile in background]
61716. Number=8761
61717. Confirmed=U
61718. Filename=wperl.exe
61719. Description=<a href="http://popfile.sourceforge.net/" target="_blank">POPFile</a> - E-mail spam blocker
61720. Source=Paul Collins Startup list
61721.  
61722. [Run Services as Application]
61723. Number=8762
61724. Confirmed=X
61725. Filename=localsvc.exe
61726. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61727. Source=Paul Collins Startup list
61728.  
61729. [Run Services as Application]
61730. Number=8763
61731. Confirmed=X
61732. Filename=netsvc.exe
61733. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61734. Source=Paul Collins Startup list
61735.  
61736. [Run Services as Application]
61737. Number=8764
61738. Confirmed=X
61739. Filename=spoolsvc.exe
61740. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61741. Source=Paul Collins Startup list
61742.  
61743. [Run Services as Application]
61744. Number=8765
61745. Confirmed=X
61746. Filename=svcadmin.exe
61747. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61748. Source=Paul Collins Startup list
61749.  
61750. [Run Services as Application]
61751. Number=8766
61752. Confirmed=X
61753. Filename=svcman.exe
61754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61755. Source=Paul Collins Startup list
61756.  
61757. [Run Services as Application]
61758. Number=8767
61759. Confirmed=X
61760. Filename=svcrun.exe
61761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61762. Source=Paul Collins Startup list
61763.  
61764. [Run Services as Application]
61765. Number=8768
61766. Confirmed=X
61767. Filename=tcpsvc.exe
61768. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61769. Source=Paul Collins Startup list
61770.  
61771. [Run Services as Application]
61772. Number=8769
61773. Confirmed=X
61774. Filename=websvc.exe
61775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
61776. Source=Paul Collins Startup list
61777.  
61778. [Run StartupMonitor]
61779. Number=8770
61780. Confirmed=U
61781. Filename=StartupMonitor.exe
61782. Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
61783. Source=Paul Collins Startup list
61784.  
61785. [Run TaskMrg]
61786. Number=8771
61787. Confirmed=X
61788. Filename=csrss.exe
61789. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchw.html" target=_blank>LDPINCH-W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
61790. Source=Paul Collins Startup list
61791.  
61792. [run windows]
61793. Number=8772
61794. Confirmed=X
61795. Filename=servic.bat
61796. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135822.htm" target=_blank>REBOOT-AP</a> TROJAN!
61797. Source=Paul Collins Startup list
61798.  
61799. [Run XP Service Pack]
61800. Number=8773
61801. Confirmed=X
61802. Filename=xpservicepack.exe
61803. Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=51815" target="_blank">SDBOT.AQA</a> WORM!
61804. Source=Paul Collins Startup list
61805.  
61806. [Run05]
61807. Number=8774
61808. Confirmed=X
61809. Filename=rundll_32.exe
61810. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdt.html" target=_blank>BANCOS-DT</a> TROJAN!
61811. Source=Paul Collins Startup list
61812.  
61813. [run32]
61814. Number=8775
61815. Confirmed=X
61816. Filename=run32dll.exe
61817. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcwb.html" target="_blank">SDBOT-CWB</a> WORM!
61818. Source=Paul Collins Startup list
61819.  
61820. [run32dll]
61821. Number=8776
61822. Confirmed=X
61823. Filename=WINClock.exe
61824. Description=Added by an unidentified VIRUS, WORM or TROJAN!
61825. Source=Paul Collins Startup list
61826.  
61827. [run32dll]
61828. Number=8777
61829. Confirmed=X
61830. Filename=task32.exe
61831. Description=Added by an unidentified VIRUS, WORM or TROJAN!
61832. Source=Paul Collins Startup list
61833.  
61834. [Run32dll]
61835. Number=8778
61836. Confirmed=X
61837. Filename=ocxdll.exe
61838. Description=Added by an unidentified VIRUS, WORM or TROJAN!
61839. Source=Paul Collins Startup list
61840.  
61841. [run=]
61842. Number=8779
61843. Confirmed=N
61844. Filename=cmmpu.exe
61845. Description=MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
61846. Source=Paul Collins Startup list
61847.  
61848. [run=]
61849. Number=8780
61850. Confirmed=N
61851. Filename=hpfsched
61852. Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
61853. Source=Paul Collins Startup list
61854.  
61855. [run=]
61856. Number=8781
61857. Confirmed=N
61858. Filename=lxdboxcp.exe
61859. Description=Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
61860. Source=Paul Collins Startup list
61861.  
61862. [run=]
61863. Number=8782
61864. Confirmed=N
61865. Filename=pcfix2k.exe
61866. Description=pcfix2k splash screen
61867. Source=Paul Collins Startup list
61868.  
61869. [run=]
61870. Number=8783
61871. Confirmed=X
61872. Filename=ptlseq.cpl
61873. Description=PhoenixNet BIOS adware. See <a href="http://www.cexx.org/phoenix.htm" target="_blank">here</a>
61874. Source=Paul Collins Startup list
61875.  
61876. [run=]
61877. Number=8784
61878. Confirmed=U
61879. Filename=ramsys.exe
61880. Description=<a href="http://www.rayslab.com/startup_manager/startup_manager.html" target="_blank">Advanced Startup Manager</a> from Rays Lab
61881. Source=Paul Collins Startup list
61882.  
61883. [run=]
61884. Number=8785
61885. Confirmed=?
61886. Filename=wallflip.exe
61887. Description=<font color="#FF0000">Desktop wallpaper changer?</font>
61888. Source=Paul Collins Startup list
61889.  
61890. [run=]
61891. Number=8786
61892. Confirmed=X
61893. Filename=svcinit.exe
61894. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
61895. Source=Paul Collins Startup list
61896.  
61897. [run=]
61898. Number=8787
61899. Confirmed=X
61900. Filename=fntldr.exe
61901. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
61902. Source=Paul Collins Startup list
61903.  
61904. [run=]
61905. Number=8788
61906. Confirmed=Y
61907. Filename=smsrun16.exe
61908. Description=Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs
61909. Source=Paul Collins Startup list
61910.  
61911. [run=]
61912. Number=8789
61913. Confirmed=?
61914. Filename=win.ini
61915. Description=<font color="#FF0000">??</font>
61916. Source=Paul Collins Startup list
61917.  
61918. [run=]
61919. Number=8790
61920. Confirmed=X
61921. Filename=RAVMOND.exe
61922. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
61923. Source=Paul Collins Startup list
61924.  
61925. [run=]
61926. Number=8791
61927. Confirmed=X
61928. Filename=real.exe
61929. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
61930. Source=Paul Collins Startup list
61931.  
61932. [run=]
61933. Number=8792
61934. Confirmed=X
61935. Filename=dec25.exe
61936. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121515-3408-99" target=_blank>ATAK.F</a> WORM!
61937. Source=Paul Collins Startup list
61938.  
61939. [run=]
61940. Number=8793
61941. Confirmed=?
61942. Filename=LXBTppls.exe
61943. Description=Reportedly part of Lexmark printer software - <font color="#FF0000">what does it do and is it required?</font>
61944. Source=Paul Collins Startup list
61945.  
61946. [run=]
61947. Number=8794
61948. Confirmed=N
61949. Filename=fmedia.exe
61950. Description=FMedia FaxWorks related - can be run manually
61951. Source=Paul Collins Startup list
61952.  
61953. [run=]
61954. Number=8795
61955. Confirmed=Y
61956. Filename=wswpd.exe
61957. Description=Used with some models of Panasonic, Epson and NEC printers - required for printer to work
61958. Source=Paul Collins Startup list
61959.  
61960. [run=]
61961. Number=8796
61962. Confirmed=X
61963. Filename=cyxid98.exe
61964. Description=Unidentified malware
61965. Source=Paul Collins Startup list
61966.  
61967. [run=]
61968. Number=8797
61969. Confirmed=X
61970. Filename=info32.exe
61971. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
61972. Source=Paul Collins Startup list
61973.  
61974. [run=]
61975. Number=8798
61976. Confirmed=X
61977. Filename=mouse_configurator.win
61978. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070814-1115-99" target=_blank>GAGGLE.E</a> WORM!
61979. Source=Paul Collins Startup list
61980.  
61981. [run=]
61982. Number=8799
61983. Confirmed=X
61984. Filename=RegistryReminder.exe
61985. Description=Added by the <a href="http://vil.nai.com/vil/content/v_10232.htm" target=_blank>APSTROJAN.OB</a> TROJAN!
61986. Source=Paul Collins Startup list
61987.  
61988. [run=]
61989. Number=8800
61990. Confirmed=X
61991. Filename=sec5dec.exe
61992. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121710-1755-99" target=_blank>ATAK.G</a> WORM!
61993. Source=Paul Collins Startup list
61994.  
61995. [run=]
61996. Number=8801
61997. Confirmed=X
61998. Filename=wmplayer.exe
61999. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
62000. Source=Paul Collins Startup list
62001.  
62002. [run=]
62003. Number=8802
62004. Confirmed=X
62005. Filename=Autoexec.com
62006. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
62007. Source=Paul Collins Startup list
62008.  
62009. [run=]
62010. Number=8803
62011. Confirmed=X
62012. Filename=htmlsync.exe
62013. Description=Searchforfree.info browser hijacker
62014. Source=Paul Collins Startup list
62015.  
62016. [run=]
62017. Number=8804
62018. Confirmed=X
62019. Filename=msoffice.exe
62020. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031409-4054-99" target=_blank>ADWARELOADER</a> TROJAN! Note - do not confuse with the legitimate Microsoft Office file, which would typically be located in the Program Files\Microsoft Office\Office folder!
62021. Source=Paul Collins Startup list
62022.  
62023. [run=]
62024. Number=8805
62025. Confirmed=X
62026. Filename=DRDOOM.EXE
62027. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
62028. Source=Paul Collins Startup list
62029.  
62030. [run=]
62031. Number=8806
62032. Confirmed=X
62033. Filename=svhost.exe
62034. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042517-0213-99" target=_blank>ADMINCASH.B</a> TROJAN!
62035. Source=Paul Collins Startup list
62036.  
62037. [run=]
62038. Number=8807
62039. Confirmed=X
62040. Filename=dllreg.exe
62041. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdumarul.html" target=_blank>DUMARU-L</a> TROJAN!
62042. Source=Paul Collins Startup list
62043.  
62044. [run=]
62045. Number=8808
62046. Confirmed=X
62047. Filename=mdm.exe
62048. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxygg.html" target=_blank>PROXY-GG</a> TROJAN!
62049. Source=Paul Collins Startup list
62050.  
62051. [run=]
62052. Number=8809
62053. Confirmed=X
62054. Filename=Celine.scr
62055. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcelinea.html" target="_blank">CELINE-A</a> TROJAN!
62056. Source=Paul Collins Startup list
62057.  
62058. [run=]
62059. Number=8810
62060. Confirmed=X
62061. Filename=services.exe
62062. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkreppern.html" target="_blank">KREPPER-N</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "inet10066" subfolder of the Windows or Winnt folder
62063. Source=Paul Collins Startup list
62064.  
62065. [RunAlert]
62066. Number=8811
62067. Confirmed=U
62068. Filename=AService.exe
62069. Description=<a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php">MSI MOtherboard PC Alert III</a> - MSI motherboard monitoring software. Only required if you "overclock" your system
62070. Source=Paul Collins Startup list
62071.  
62072. [runAP]
62073. Number=8812
62074. Confirmed=N
62075. Filename=runAP.exe
62076. Description=<font color="#FF0000">Not required but what is it?</font>
62077. Source=Paul Collins Startup list
62078.  
62079. [runapp]
62080. Number=8813
62081. Confirmed=X
62082. Filename=icqchk.exe
62083. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012514-0250-99" target=_blank>BOMKA</a> TROJAN!
62084. Source=Paul Collins Startup list
62085.  
62086. [Runapp32]
62087. Number=8814
62088. Confirmed=X
62089. Filename=Runapp32.exe
62090. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110418-0037-99" target="_blank">NEODURK</a> TROJAN!
62091. Source=Paul Collins Startup list
62092.  
62093. [RunCA]
62094. Number=8815
62095. Confirmed=Y
62096. Filename=InvokeSvc3.exe
62097. Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
62098. Source=Paul Collins Startup list
62099.  
62100. [Rund11]
62101. Number=8816
62102. Confirmed=X
62103. Filename=Rund11.EXE
62104. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32marioc.html" target=_blank>MARIO-C</a> WORM!
62105. Source=Paul Collins Startup list
62106.  
62107. [rund1132]
62108. Number=8817
62109. Confirmed=X
62110. Filename=rund1132.exe
62111. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dopbota.html" target= blank>DOPBOT-A</a> WORM!
62112. Source=Paul Collins Startup list
62113.  
62114. [Rund1132.exe]
62115. Number=8818
62116. Confirmed=X
62117. Filename=Rund1132.exe
62118. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahs.html" target=_blank>STARTPA-HS</a> TROJAN!
62119. Source=Paul Collins Startup list
62120.  
62121. [Rund1l32]
62122. Number=8819
62123. Confirmed=X
62124. Filename=Winfi1e32.exe
62125. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121117-0813-99" target="_blank">MERTIAN</a> WORM!
62126. Source=Paul Collins Startup list
62127.  
62128. [Rundil32]
62129. Number=8820
62130. Confirmed=X
62131. Filename=runlli32.exe
62132. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassu.html" target=_blank>QQPASS-U</a> TROJAN!
62133. Source=Paul Collins Startup list
62134.  
62135. [Rundil32]
62136. Number=8821
62137. Confirmed=X
62138. Filename=Updadv.exe
62139. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
62140. Source=Paul Collins Startup list
62141.  
62142. [rundl332]
62143. Number=8822
62144. Confirmed=X
62145. Filename=math.exe ...pluged.exe
62146. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020909-2916-99" target="_blank">DOOMJUICE</a> WORM!
62147. Source=Paul Collins Startup list
62148.  
62149. [rundli32]
62150. Number=8823
62151. Confirmed=X
62152. Filename=rundli32.exe
62153. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082517-3522-99" target="_blank">LADE</a> WORM!
62154. Source=Paul Collins Startup list
62155.  
62156. [RunDLL]
62157. Number=8824
62158. Confirmed=X
62159. Filename=rundll32.exe bridge.dll, Load
62160. Description=Flingstone.com browser hijacker
62161. Source=Paul Collins Startup list
62162.  
62163. [Rundll]
62164. Number=8825
62165. Confirmed=X
62166. Filename=Rundll~.exe
62167. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfkt.html" target=_blank>DELF-KT</a> TROJAN!
62168. Source=Paul Collins Startup list
62169.  
62170. [Rundll]
62171. Number=8826
62172. Confirmed=X
62173. Filename=rundll32.exe [random file name].dll "taskmon"
62174. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.IG&VSect=P" target=_blank>MYTOB.IG</a> WORM!
62175. Source=Paul Collins Startup list
62176.  
62177. [RunDll]
62178. Number=8827
62179. Confirmed=X
62180. Filename=RunDll.exe
62181. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassah.html" target=_blank>QQPASS-AH</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
62182. Source=Paul Collins Startup list
62183.  
62184. [rundll***]
62185. Number=8828
62186. Confirmed=X
62187. Filename=die.exe [path] mdll.exe
62188. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
62189. Source=Paul Collins Startup list
62190.  
62191. [rundll***]
62192. Number=8829
62193. Confirmed=X
62194. Filename=die.exe [path] secure.bat
62195. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
62196. Source=Paul Collins Startup list
62197.  
62198. [rundll***]
62199. Number=8830
62200. Confirmed=X
62201. Filename=die.exe [path] secure.exe
62202. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
62203. Source=Paul Collins Startup list
62204.  
62205. [rundll***]
62206. Number=8831
62207. Confirmed=X
62208. Filename=die.exe [path] ttg.exe
62209. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080116-2904-99" target="_blank">SUMTAX</a> TROJAN! where *** is 134, 569, 777 or 946
62210. Source=Paul Collins Startup list
62211.  
62212. [Rundll16]
62213. Number=8832
62214. Confirmed=X
62215. Filename=Rundll16.exe
62216. Description=Added by a number of VIRUSES, WORMS and TROJANS!
62217. Source=Paul Collins Startup list
62218.  
62219. [Rundll32]
62220. Number=8833
62221. Confirmed=X
62222. Filename=Rundll32.exe
62223. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory
62224. Source=Paul Collins Startup list
62225.  
62226. [RUNDLL32]
62227. Number=8834
62228. Confirmed=N
62229. Filename=RUNDLL32.EXE NvQtwk, NvCplDaemon
62230. Description=System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see <a href="http://www.blackviper.com/WinXP/strangeservice.htm" target="_blank">here</a>)
62231. Source=Paul Collins Startup list
62232.  
62233. [RunDLL32]
62234. Number=8835
62235. Confirmed=N
62236. Filename=RunDLL32.exe NvMCTray.dll, NvTaskbarInit
62237. Description=System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
62238. Source=Paul Collins Startup list
62239.  
62240. [rundll32]
62241. Number=8836
62242. Confirmed=U
62243. Filename=Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings
62244. Description=Loads default settings for Leadtek Winfast graphics cards
62245. Source=Paul Collins Startup list
62246.  
62247. [RunDLL32]
62248. Number=8837
62249. Confirmed=X
62250. Filename=winupdate.exe
62251. Description=Added by an unidentified TROJAN! - possibly a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021418-3605-99" target="_blank">BMBOT</a> variant
62252. Source=Paul Collins Startup list
62253.  
62254. [Rundll32]
62255. Number=8838
62256. Confirmed=X
62257. Filename=Windows.exe
62258. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
62259. Source=Paul Collins Startup list
62260.  
62261. [Rundll32]
62262. Number=8839
62263. Confirmed=U
62264. Filename=Rundll32.exe ptipbm.dll, SetWriteBack
62265. Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller
62266.  
62267. Source=Paul Collins Startup list
62268.  
62269. [rundll32]
62270. Number=8840
62271. Confirmed=X
62272. Filename=[path to worm]
62273. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
62274. Source=Paul Collins Startup list
62275.  
62276. [rundll32]
62277. Number=8841
62278. Confirmed=?
62279. Filename=rundll32.exe ptipbmf.dll, SetWriteCacheMode
62280. Description=Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. <font color="#FF0000">May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller</font>
62281. Source=Paul Collins Startup list
62282.  
62283. [rundll32]
62284. Number=8842
62285. Confirmed=X
62286. Filename=rundll32.exe
62287. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012217-2400-99" target="_blank">SANKER</a> WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows
62288. Source=Paul Collins Startup list
62289.  
62290. [rundll32]
62291. Number=8843
62292. Confirmed=X
62293. Filename=csrss.exe
62294. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020914-0902-99" target=_blank>GUTTA</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows folder
62295. Source=Paul Collins Startup list
62296.  
62297. [rundll32]
62298. Number=8844
62299. Confirmed=U
62300. Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent
62301. Description=Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click <a href="http://www.winbookcorp.com/_technote/WBTA20000912.htm" target=_blank>here</a> here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
62302. Source=Paul Collins Startup list
62303.  
62304. [RUNDLL32]
62305. Number=8845
62306. Confirmed=X
62307. Filename=rundl32.exe
62308. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32demotrya.html" target=_blank>DEMOTRY-A</a> WORM!
62309. Source=Paul Collins Startup list
62310.  
62311. [rundll32]
62312. Number=8846
62313. Confirmed=X
62314. Filename=rundll32.exe
62315. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentez.html" target=_blank>AGENT-EZ</a> TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder
62316. Source=Paul Collins Startup list
62317.  
62318. [Rundll32]
62319. Number=8847
62320. Confirmed=X
62321. Filename=RUNDDLL32.EXE
62322. Description=Added by the STARTPAGE.AXH TROJAN!
62323. Source=Paul Collins Startup list
62324.  
62325. [Rundll32 cmicnfg]
62326. Number=8848
62327. Confirmed=N
62328. Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd
62329. Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
62330. Source=Paul Collins Startup list
62331.  
62332. [RunDll32 essprops]
62333. Number=8849
62334. Confirmed=Y
62335. Filename=RunDll32 essprops.cpl, TaskbarIconWnd
62336. Description=Associated with a Logitech mouse - required for proper operation
62337. Source=Paul Collins Startup list
62338.  
62339. [Rundll32 P17]
62340. Number=8850
62341. Confirmed=U
62342. Filename=Rundll32 P17.dll, P17Helper
62343. Description=<a href="http://www.soundblaster.com/resources/read.asp?articleid=53937&page=1&cat=2" target="_blank">ASIO</a> (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
62344. Source=Paul Collins Startup list
62345.  
62346. [Rundll32.exe]
62347. Number=8851
62348. Confirmed=X
62349. Filename=Proyecto1.exe
62350. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
62351. Source=Paul Collins Startup list
62352.  
62353. [Rundll32.exe]
62354. Number=8852
62355. Confirmed=X
62356. Filename=Root.exe
62357. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071316-1355-99" target="_blank">GRUEL</a> WORM!
62358. Source=Paul Collins Startup list
62359.  
62360. [Rundll32_7]
62361. Number=8853
62362. Confirmed=X
62363. Filename=rundll32.exe MSIEFR40.DLL, DllRunServer
62364. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
62365. Source=Paul Collins Startup list
62366.  
62367. [Rundll32_8]
62368. Number=8854
62369. Confirmed=X
62370. Filename=rundll32.exe inetp60.dll, DllRunServer
62371. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
62372. Source=Paul Collins Startup list
62373.  
62374. [Rundll32_8]
62375. Number=8855
62376. Confirmed=X
62377. Filename=rundll32.exe 1.dll, DllRunServer
62378. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342&search=browseraid" target=_blank>BrowserAid/BrowserPal</a> foistware
62379. Source=Paul Collins Startup list
62380.  
62381. [rundll64]
62382. Number=8856
62383. Confirmed=X
62384. Filename=[path to worm]
62385. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
62386. Source=Paul Collins Startup list
62387.  
62388. [RundllSvr]
62389. Number=8857
62390. Confirmed=X
62391. Filename=Rundll.exe
62392. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102516-3248-99" target=_blank>HUAYU</a> WORM! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
62393. Source=Paul Collins Startup list
62394.  
62395. [Rundllsystem32]
62396. Number=8858
62397. Confirmed=X
62398. Filename=Rundllsystem32.exe
62399. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.B" target="_blank"> NETDEVIL.B</a> TROJAN!
62400. Source=Paul Collins Startup list
62401.  
62402. [Rundnm]
62403. Number=8859
62404. Confirmed=X
62405. Filename=Rundnm.exe
62406. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfha.html" target=_blank>DELF-HA</a> TROJAN!
62407.  
62408. Source=Paul Collins Startup list
62409.  
62410. [RUNGogoTools]
62411. Number=8860
62412. Confirmed=X
62413. Filename=LaunchAdware.exe
62414. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061718-0516-99" target=_blank>GoGoTools</a> adware
62415.  
62416. Source=Paul Collins Startup list
62417.  
62418. [RUNGogoTools]
62419. Number=8861
62420. Confirmed=X
62421. Filename=GoGoLaunch.exe
62422. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061718-0516-99" target=_blank>GoGoTools</a> adware
62423. Source=Paul Collins Startup list
62424.  
62425. [RUNHYPER]
62426. Number=8862
62427. Confirmed=X
62428. Filename=hyperx.exe
62429. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
62430. Source=Paul Collins Startup list
62431.  
62432. [runing]
62433. Number=8863
62434. Confirmed=X
62435. Filename=win.exe
62436. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflc.html" target=_blank>DELF-LC</a> TROJAN!
62437. Source=Paul Collins Startup list
62438.  
62439. [RUNLOAD]
62440. Number=8864
62441. Confirmed=X
62442. Filename=l0ad.exe
62443. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
62444. Source=Paul Collins Startup list
62445.  
62446. [RUNLOUD]
62447. Number=8865
62448. Confirmed=X
62449. Filename=loud.exe
62450. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
62451. Source=Paul Collins Startup list
62452.  
62453. [Runmarc8mManager]
62454. Number=8866
62455. Confirmed=U
62456. Filename=marc8m95.exe
62457. Description=MARC Sound System Manager for the <a href="http://www.marian.de/en/products/marc_8_midi" target=_blank>Marc 8 MIDI</a> sound card - allows for easy adjustment of the settings
62458. Source=Paul Collins Startup list
62459.  
62460. [Runner]
62461. Number=8867
62462. Confirmed=X
62463. Filename=lsass.exe [trojan filename]
62464. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrowsyb.html" target=_blank>DROWSY-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located the Winnt or Windows folder
62465. Source=Paul Collins Startup list
62466.  
62467. [Runner]
62468. Number=8868
62469. Confirmed=X
62470. Filename=csrss.exe
62471. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
62472. Source=Paul Collins Startup list
62473.  
62474. [Runner]
62475. Number=8869
62476. Confirmed=X
62477. Filename=lsass.exe
62478. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
62479. Source=Paul Collins Startup list
62480.  
62481. [Runner]
62482. Number=8870
62483. Confirmed=X
62484. Filename=svchost.exe
62485. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
62486. Source=Paul Collins Startup list
62487.  
62488. [runner1]
62489. Number=8871
62490. Confirmed=X
62491. Filename=updater.exe
62492. Description=Added by the CRYPT.ULPM.GEN TROJAN!
62493. Source=Paul Collins Startup list
62494.  
62495. [RunOnce]
62496. Number=8872
62497. Confirmed=U
62498. Filename=RUNONCE.EXE
62499. Description=Part of MS Data Access Components - only required if you use these
62500. Source=Paul Collins Startup list
62501.  
62502. [RunOnceEx]
62503. Number=8873
62504. Confirmed=X
62505. Filename=sms.exe
62506. Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
62507. Source=Paul Collins Startup list
62508.  
62509. [RunProg]
62510. Number=8874
62511. Confirmed=X
62512. Filename=Server.exe
62513. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIX.04.A" target="_blank">OPTIX.04.A</a> TROJAN!
62514. Source=Paul Collins Startup list
62515.  
62516. [RunProg]
62517. Number=8875
62518. Confirmed=X
62519. Filename=wini.exe
62520. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021222-1854-99" target="_blank">OPTIX.04.D</a> TROJAN!
62521. Source=Paul Collins Startup list
62522.  
62523. [runreper]
62524. Number=8876
62525. Confirmed=X
62526. Filename=viewer.exe
62527. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122709-3359-99" target=_blank>REPER.A</a> VIRUS!
62528. Source=Paul Collins Startup list
62529.  
62530. [runs]
62531. Number=8877
62532. Confirmed=X
62533. Filename=run.exe
62534. Description=Added by the  <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbwf.html" target=_blank>RBOT-BWF</a> WORM!
62535. Source=Paul Collins Startup list
62536.  
62537. [RunSearvices]
62538. Number=8878
62539. Confirmed=X
62540. Filename=tread.exe
62541. Description=Identified as the DELF.LF by <a href="http://www.ewido.net/en/" target=_blank>Ewido Security Suite</a>
62542. Source=Paul Collins Startup list
62543.  
62544. [RunServices]
62545. Number=8879
62546. Confirmed=X
62547. Filename=runsvc32.exe
62548. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QJ" target=_blank>AGOBOT.QJ</a> WORM!
62549.  
62550. Source=Paul Collins Startup list
62551.  
62552. [runSubvalues]
62553. Number=8880
62554. Confirmed=X
62555. Filename=[path to file]
62556. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqy.html" target="_blank">DLOADER-QY</a> TROJAN!
62557. Source=Paul Collins Startup list
62558.  
62559. [RunSysd32]
62560. Number=8881
62561. Confirmed=U
62562. Filename=RunSysd32.exe
62563. Description=DesktopShield2000 by StΘphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
62564. Source=Paul Collins Startup list
62565.  
62566. [Runtime Process]
62567. Number=8882
62568. Confirmed=X
62569. Filename=Csrss.exe
62570. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorj.html" target=_blank>CIADOOR-J</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
62571. Source=Paul Collins Startup list
62572.  
62573. [Runtt1]
62574. Number=8883
62575. Confirmed=X
62576. Filename=Internat.exe
62577. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineager.html" target=_blank>LINEAGE-R</a> TROJAN!
62578. Source=Paul Collins Startup list
62579.  
62580. [Runtt1]
62581. Number=8884
62582. Confirmed=X
62583. Filename=Internet.exe
62584. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageq.html" target=_blank>LINEAGE-Q</a> TROJAN!
62585. Source=Paul Collins Startup list
62586.  
62587. [RunWin]
62588. Number=8885
62589. Confirmed=X
62590. Filename=[path to file]
62591. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankeres.html" target=_blank>BANKER-ES</a> TROJAN!
62592. Source=Paul Collins Startup list
62593.  
62594. [runwin32]
62595. Number=8886
62596. Confirmed=X
62597. Filename=runwin32.exe
62598. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojesearcha.html" target="_blank">ESEARCH-A</a> TROJAN!
62599. Source=Paul Collins Startup list
62600.  
62601. [RUNWIN32]
62602. Number=8887
62603. Confirmed=X
62604. Filename=runwin32.exe
62605. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbaet.html" target=_blank>VB-AET</a> TROJAN!
62606. Source=Paul Collins Startup list
62607.  
62608. [RunWindowsUpdate]
62609. Number=8888
62610. Confirmed=X
62611. Filename=uptodate.exe
62612. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
62613. Source=Paul Collins Startup list
62614.  
62615. [Run[0]]
62616. Number=8889
62617. Confirmed=X
62618. Filename=syscnfg.exe
62619. Description=Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
62620. Source=Paul Collins Startup list
62621.  
62622. [Run_cd]
62623. Number=8890
62624. Confirmed=X
62625. Filename=Run_cd.exe
62626. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GHOST.23" target="_blank">GHOST.23</a> TROJAN!
62627.  
62628. Source=Paul Collins Startup list
62629.  
62630. [run_pbnext]
62631. Number=8891
62632. Confirmed=Y
62633. Filename=PBNext.exe
62634. Description=<a href="http://www.pbnext.com/" target=_blank>PBNext</a> is virtual phone system which offers the same functionality as expensive PBX hardware
62635. Source=Paul Collins Startup list
62636.  
62637. [Rupsw32]
62638. Number=8892
62639. Confirmed=U
62640. Filename=Rupsw32.exe
62641. Description=<a href="http://www.megatec.com.tw/" target= blank>MegaTec</a> Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems
62642. Source=Paul Collins Startup list
62643.  
62644. [RUSBHOLoader]
62645. Number=8893
62646. Confirmed=?
62647. Filename=rundll32.exe RUSBHOLoader.dll, AutoRegister
62648. Description=<font color="#FF0000">??</font>
62649. Source=Paul Collins Startup list
62650.  
62651. [RVC6Player]
62652. Number=8894
62653. Confirmed=X
62654. Filename=tskdbg.exe
62655. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasm.html" target=_blank>ZAPCHAS-M</a> TROJAN!
62656. Source=Paul Collins Startup list
62657.  
62658. [rvde]
62659. Number=8895
62660. Confirmed=X
62661. Filename=N/A
62662. Description=Related to li-speed****
62663. Source=Paul Collins Startup list
62664.  
62665. [RVP]
62666. Number=8896
62667. Confirmed=X
62668. Filename=bpc.exe
62669. Description=Spyware included with the latest version of Grokster. Also see <a href="http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=0" target="_blank">here</a>
62670. Source=Paul Collins Startup list
62671.  
62672. [rx]
62673. Number=8897
62674. Confirmed=X
62675. Filename=rundll32.exe
62676. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagebp.html" target=_blank>Lineage-BP</a> TROJAN! Note - this is not the legitimate Windows process (Which is found in the Windows folder for 9x\Me and the System32 folder for NT\2K\XP). This file is found in the Windows or Winnt folder
62677. Source=Paul Collins Startup list
62678.  
62679. [rx]
62680. Number=8898
62681. Confirmed=X
62682. Filename=explore.exe
62683. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzhengtua.html" target="_blank">ZHENGTU-A</a> TROJAN!
62684. Source=Paul Collins Startup list
62685.  
62686. [RxMon]
62687. Number=8899
62688. Confirmed=N
62689. Filename=rxmon9x.exe
62690. Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
62691. Source=Paul Collins Startup list
62692.  
62693. [RxUser]
62694. Number=8900
62695. Confirmed=N
62696. Filename=RxUser.exe
62697. Description=Part of <a href="http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&l=en&s=gen&dn=FA1033021#1" target="_blank">Dell Resolution Assistant</a> - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
62698. Source=Paul Collins Startup list
62699.  
62700. [rzt]
62701. Number=8901
62702. Confirmed=X
62703. Filename=rundll32.exe
62704. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_LINEAGE.BDP" target="_blank">LINEAGE.BDP</a> TROJAN!
62705. Source=Paul Collins Startup list
62706.  
62707. [r_server]
62708. Number=8902
62709. Confirmed=Y
62710. Filename=r_server.exe
62711. Description=<a href="http://www.antivirus.com.au/radmin/default.htm" target="_blank">Radmin</a> - remote admistrator server
62712. Source=Paul Collins Startup list
62713.  
62714. [r_server]
62715. Number=8903
62716. Confirmed=X
62717. Filename=service.exe
62718. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrcp.html" target= blank>MULTIDR-CP</a> TROJAN!
62719. Source=Paul Collins Startup list
62720.  
62721. [S]
62722. Number=8904
62723. Confirmed=X
62724. Filename=svhost.exe
62725. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotln.html" target="_blank">AGOBOT-LN</a> WORM!
62726. Source=Paul Collins Startup list
62727.  
62728. [S0undMan]
62729. Number=8905
62730. Confirmed=X
62731. Filename=svch0st.exe
62732. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070809-3902-99" target=_blank>LOVGATE.AB</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
62733. Source=Paul Collins Startup list
62734.  
62735. [S24EvMon]
62736. Number=8906
62737. Confirmed=?
62738. Filename=S24EvMon.exe
62739. Description=Event Monitor - supports driver extensions to NIC Driver for wireless adapters.<font color="#FF0000"> Is it required?</font>
62740. Source=Paul Collins Startup list
62741.  
62742. [S3 Internal Chip]
62743. Number=8907
62744. Confirmed=X
62745. Filename=s3serv.exe
62746. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdd.html" target=_blank>AGOBOT-DD</a> WORM!
62747. Source=Paul Collins Startup list
62748.  
62749. [S3apphk]
62750. Number=8908
62751. Confirmed=N
62752. Filename=S3apphk.exe
62753. Description=A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems
62754. Source=Paul Collins Startup list
62755.  
62756. [S3Hotkey]
62757. Number=8909
62758. Confirmed=U
62759. Filename=s3hotkey.exe
62760. Description=Hotkey system tray icon to enable switching between monitors. Found on laptops with an S3 Twister integrated graphics card
62761. Source=Paul Collins Startup list
62762.  
62763. [S3Mon]
62764. Number=8910
62765. Confirmed=?
62766. Filename=S3Mon.exe
62767. Description=S3DuoVue multi-monitor taskbar helper by S3 Graphics. <font color="#FF0000">What does it do and is it required?</font>
62768. Source=Paul Collins Startup list
62769.  
62770. [S3TRAY]
62771. Number=8911
62772. Confirmed=N
62773. Filename=S3Tray.exe
62774. Description=S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display
62775. Source=Paul Collins Startup list
62776.  
62777. [s3tray2]
62778. Number=8912
62779. Confirmed=?
62780. Filename=s3tray2.exe
62781. Description=<font color="#FF0000">Same as the s3tray entry in this table?</font>
62782. Source=Paul Collins Startup list
62783.  
62784. [S3TRAYHP]
62785. Number=8913
62786. Confirmed=?
62787. Filename=S3trayhp.exe
62788. Description=S3 Video driver related. <font color="#FF0000">What does it do and is it required?</font>
62789. Source=Paul Collins Startup list
62790.  
62791. [S4F]
62792. Number=8914
62793. Confirmed=U
62794. Filename=S4F.exe
62795. Description=<a href="http://www.familyconnect.com/products.html" target="_blank">FilterPak</a> from S4F, Inc - internet filtering software
62796. Source=Paul Collins Startup list
62797.  
62798. [s4helper]
62799. Number=8915
62800. Confirmed=X
62801. Filename=s4helper.exe
62802. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
62803. Source=Paul Collins Startup list
62804.  
62805. [SA]
62806. Number=8916
62807. Confirmed=?
62808. Filename=Sa3.exe
62809. Description=Logitech QuickCam driver.<font color="#FF0000"> Is it required?</font>
62810. Source=Paul Collins Startup list
62811.  
62812. [SA Service]
62813. Number=8917
62814. Confirmed=?
62815. Filename=SAservice.exe
62816. Description=Associated with Cyber Trio and Warner troubleshooting software from<font color="#FF0000"> </font>G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. <font color="#FF0000">What function does this perform and is it required?</font>
62817. Source=Paul Collins Startup list
62818.  
62819. [Sa3dsrv]
62820. Number=8918
62821. Confirmed=N
62822. Filename=Sa3dsrv.exe
62823. Description=3D sound extension for Windows
62824. Source=Paul Collins Startup list
62825.  
62826. [saap]
62827. Number=8919
62828. Confirmed=X
62829. Filename=saap.exe
62830. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
62831. Source=Paul Collins Startup list
62832.  
62833. [Sabreserver]
62834. Number=8920
62835. Confirmed=N
62836. Filename=SABSERV.EXE
62837. Description=Airline reservation software from Sabre. Available via Start -> Programs
62838. Source=Paul Collins Startup list
62839.  
62840. [sac]
62841. Number=8921
62842. Confirmed=X
62843. Filename=sac.exe
62844. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
62845. Source=Paul Collins Startup list
62846.  
62847. [SACC]
62848. Number=8922
62849. Confirmed=X
62850. Filename=sacc.exe
62851. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99" target=_blank>SurfAccuracy</a> adware
62852. Source=Paul Collins Startup list
62853.  
62854. [SAClient]
62855. Number=8923
62856. Confirmed=N
62857. Filename=RegCon.exe
62858. Description=AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging
62859. Source=Paul Collins Startup list
62860.  
62861. [Safe]
62862. Number=8924
62863. Confirmed=X
62864. Filename=SafeWin.exe
62865. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092915-0555-99" target="_blank">FOCOSENHA</a> TROJAN!
62866. Source=Paul Collins Startup list
62867.  
62868. [Safe]
62869. Number=8925
62870. Confirmed=X
62871. Filename=[path to trojan]
62872. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdt.html" target=_blank>BANKER-DT</a> TROJAN!
62873. Source=Paul Collins Startup list
62874.  
62875. [SafeGuard Popup Blocker Updater]
62876. Number=8926
62877. Confirmed=X
62878. Filename=regsvr32 [path] sfgupd.dll
62879. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
62880. Source=Paul Collins Startup list
62881.  
62882. [SafeGuard Popup Blocker Updater (required)]
62883. Number=8927
62884. Confirmed=X
62885. Filename=regsvr32 [path] sfg****.dll [* = ramdom char]
62886. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
62887. Source=Paul Collins Startup list
62888.  
62889. [SafeGuard Popup Updater (required)]
62890. Number=8928
62891. Confirmed=X
62892. Filename=regsvr32 [path] sfg****.dll [* = random char]
62893. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
62894. Source=Paul Collins Startup list
62895.  
62896. [SafeGuard Popup Updater (required)]
62897. Number=8929
62898. Confirmed=X
62899. Filename=regsvr32 [path] PDF****.dll [* = random char]
62900. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082734" target="_blank">SafeguardProtect/Veevo</a> hijacker
62901. Source=Paul Collins Startup list
62902.  
62903. [SafeHouseSystemTray]
62904. Number=8930
62905. Confirmed=U
62906. Filename=SDWTRAY.EXE
62907. Description=<a href="http://www.pcdynamics.com/SafeHousePP/" target=_blank>SafeHouse</a> "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted
62908. Source=Paul Collins Startup list
62909.  
62910. [SafeInstall.exe]
62911. Number=8931
62912. Confirmed=N
62913. Filename=SAFEIN~1.EXE
62914. Description=Monitors a download and ensures an newer version of a file isn't replaced by an older one
62915. Source=Paul Collins Startup list
62916.  
62917. [SafeOFF]
62918. Number=8932
62919. Confirmed=N
62920. Filename=SafeOff.exe
62921. Description=Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation
62922. Source=Paul Collins Startup list
62923.  
62924. [SafeSearch]
62925. Number=8933
62926. Confirmed=X
62927. Filename=safesearch.exe
62928. Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=ADW%5FSAFESEARCH%2EA" target="_blank">SafeSearch.A</a> adware
62929.  
62930. Source=Paul Collins Startup list
62931.  
62932. [SafeSurfingUpdate]
62933. Number=8934
62934. Confirmed=X
62935. Filename=SSUpdate.exe
62936. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072536" target="_blank">MoneyTree</a> parasite - ActiveX control used to download premium-rate dialers
62937.  
62938. Source=Paul Collins Startup list
62939.  
62940. [SafetyNet]
62941. Number=8935
62942. Confirmed=U
62943. Filename=ipcTray.exe
62944. Description=<a href="http://www.netveda.com/consumer/safetynet.htm" target=_blank>Safety.Net</a> from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"
62945.  
62946. Source=Paul Collins Startup list
62947.  
62948. [SafetyNet_Notifier]
62949. Number=8936
62950. Confirmed=U
62951. Filename=ipcLn.exe
62952. Description=<a href="http://www.netveda.com/consumer/safetynet.htm" target=_blank>Safety.Net</a> from Netveda - "offers Internet security, content security and advanced Internet firewall protection for all your LAN computers, and trust controls to block unwanted or harmful applications from accessing the network"
62953.  
62954. Source=Paul Collins Startup list
62955.  
62956. [Safeworld]
62957. Number=8937
62958. Confirmed=U
62959. Filename=Freedom.exe
62960. Description=SafeWorld Internet Security - now no longer available
62961. Source=Paul Collins Startup list
62962.  
62963. [Sagate Security Firewall]
62964. Number=8938
62965. Confirmed=X
62966. Filename=sagate.exe
62967. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102715-1124-99" target=_blank>GAOBOT.BOW</a> WORM!
62968. Source=Paul Collins Startup list
62969.  
62970. [SAgent2ExePath]
62971. Number=8939
62972. Confirmed=N
62973. Filename=SAgent2.exe
62974. Description=Seiko Epson printer status agent. Disable if printer is not used often
62975. Source=Paul Collins Startup list
62976.  
62977. [SAGENTSERVICE]
62978. Number=8940
62979. Confirmed=U
62980. Filename=Sagent.exe
62981. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092015-4548-99" target=_blank>TinySpyAgent</a> commercial keystroke logger. Uninstall this software if you did not install it yourself
62982. Source=Paul Collins Startup list
62983.  
62984. [sagnt]
62985. Number=8941
62986. Confirmed=X
62987. Filename=sagnt.exe
62988. Description=Adware web downloader
62989. Source=Paul Collins Startup list
62990.  
62991. [SAHagent]
62992. Number=8942
62993. Confirmed=X
62994. Filename=Sahagent.exe
62995. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
62996. Source=Paul Collins Startup list
62997.  
62998. [SAHBundle]
62999. Number=8943
63000. Confirmed=X
63001. Filename=bundle.exe
63002. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
63003. Source=Paul Collins Startup list
63004.  
63005. [SAHBundle]
63006. Number=8944
63007. Confirmed=X
63008. Filename=shop1003.exe
63009. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">ShopAtHomeSelect</a> parasite
63010. Source=Paul Collins Startup list
63011.  
63012. [saie]
63013. Number=8945
63014. Confirmed=X
63015. Filename=saie.exe
63016. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
63017. Source=Paul Collins Startup list
63018.  
63019. [SAIMON]
63020. Number=8946
63021. Confirmed=U
63022. Filename=SaiMon.exe
63023. Description=<a href="http://www.saitek.com/" target="_blank">Saitek</a> joystick driver
63024. Source=Paul Collins Startup list
63025.  
63026. [sain]
63027. Number=8947
63028. Confirmed=X
63029. Filename=sain.exe
63030. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
63031. Source=Paul Collins Startup list
63032.  
63033. [sais]
63034. Number=8948
63035. Confirmed=X
63036. Filename=sais.exe
63037. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
63038. Source=Paul Collins Startup list
63039.  
63040. [SaiSmart]
63041. Number=8949
63042. Confirmed=?
63043. Filename=SaiSmart.exe
63044. Description="Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button and gives gamers extra features on the buttons. Only required if you use this feature
63045. Source=Paul Collins Startup list
63046.  
63047. [SaitekAutoConfigure]
63048. Number=8950
63049. Confirmed=U
63050. Filename=saicnfig.exe
63051. Description=Configuration for <a href="http://www.saitek.com/" target="_blank">Saitek</a> game controllers
63052. Source=Paul Collins Startup list
63053.  
63054. [Sakemsneql]
63055. Number=8951
63056. Confirmed=X
63057. Filename=simenu.exe
63058. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTO&VSect=P" target=_blank>SDBOT.BTO</a> WORM!
63059. Source=Paul Collins Startup list
63060.  
63061. [salm]
63062. Number=8952
63063. Confirmed=X
63064. Filename=salm.exe
63065. Description=180Search adware
63066. Source=Paul Collins Startup list
63067.  
63068. [salm]
63069. Number=8953
63070. Confirmed=X
63071. Filename=salm.exe
63072. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
63073. Source=Paul Collins Startup list
63074.  
63075. [Sam-sung]
63076. Number=8954
63077. Confirmed=X
63078. Filename=Sam-sung.exe
63079. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
63080. Source=Paul Collins Startup list
63081.  
63082. [SAMcal]
63083. Number=8955
63084. Confirmed=U
63085. Filename=SAMcal.exe
63086. Description=<a href="http://home.houston.rr.com/samware/samcal_body.htm" target="_blank">SamCal</a> - calendar/reminder program
63087. Source=Paul Collins Startup list
63088.  
63089. [Sametime Connect]
63090. Number=8956
63091. Confirmed=U
63092. Filename=Connect.exe
63093. Description=IBM Lotus <a href="http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home/" target="_blank">Sametime</a> - instant messaging and Web conferencing software
63094. Source=Paul Collins Startup list
63095.  
63096. [Samsong]
63097. Number=8957
63098. Confirmed=X
63099. Filename=Samsong.exe
63100. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BNE&VSect=P" target=_blank>SDBOT.BNE</a> WORM!
63101. Source=Paul Collins Startup list
63102.  
63103. [Samsung]
63104. Number=8958
63105. Confirmed=X
63106. Filename=Samsungs.exe
63107. Description=Added by an <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-3147-99" target= blank>IRC TROJAN</a> variant!
63108. Source=Paul Collins Startup list
63109.  
63110. [SandboxieControl]
63111. Number=8959
63112. Confirmed=U
63113. Filename=Control.exe
63114. Description=<a href="http://www.sandboxie.com/" target="_blank">SandBoxie</a> - allows data to be read from the hard drive by an application but never written back unless you allow it
63115. Source=Paul Collins Startup list
63116.  
63117. [SandIcon]
63118. Number=8960
63119. Confirmed=N
63120. Filename=SandIcon.exe
63121. Description=SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources
63122. Source=Paul Collins Startup list
63123.  
63124. [SANS Service]
63125. Number=8961
63126. Confirmed=X
63127. Filename=sansv.exe
63128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotah.html" target="_blank">VANEBOT-AH</a> WORM!
63129. Source=Paul Collins Startup list
63130.  
63131. [sapp]
63132. Number=8962
63133. Confirmed=X
63134. Filename=sapp.exe
63135. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
63136. Source=Paul Collins Startup list
63137.  
63138. [SaskTel Accelerated Dial-up]
63139. Number=8963
63140. Confirmed=U
63141. Filename=sasktelgui.exe
63142. Description="Experience faster surfing, downloading and e-mail by adding <a href="http://www.sasktel.com/" target="_blank">SaskTel</a> Accelerated Dial-up Internet</a>"
63143. Source=Paul Collins Startup list
63144.  
63145. [saSyncMgr]
63146. Number=8964
63147. Confirmed=X
63148. Filename=rundll32.exe sasync.dll, SyncWait
63149. Description=Browser hijacker - redirecting to Searchant.com
63150. Source=Paul Collins Startup list
63151.  
63152. [SATARaid]
63153. Number=8965
63154. Confirmed=U
63155. Filename=SATARaid.exe
63156. Description=RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
63157. Source=Paul Collins Startup list
63158.  
63159. [satmat]
63160. Number=8966
63161. Confirmed=X
63162. Filename=satmat.exe
63163. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
63164. Source=Paul Collins Startup list
63165.  
63166. [sau]
63167. Number=8967
63168. Confirmed=X
63169. Filename=sau.exe
63170. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
63171. Source=Paul Collins Startup list
63172.  
63173. [SAUpdate]
63174. Number=8968
63175. Confirmed=U
63176. Filename=SAUpdate.exe
63177. Description=<a href="http://bb4.com/" target="_blank">Big Brother</a> from Quest Software. System and network monitor
63178. Source=Paul Collins Startup list
63179.  
63180. [SAutoLaunchExe]
63181. Number=8969
63182. Confirmed=U
63183. Filename=SAutoLaunchExe.exe
63184. Description=Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook
63185. Source=Paul Collins Startup list
63186.  
63187. [SAVAgent]
63188. Number=8970
63189. Confirmed=Y
63190. Filename=SAVAgent.exe
63191. Description=Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users
63192. Source=Paul Collins Startup list
63193.  
63194. [Save]
63195. Number=8971
63196. Confirmed=X
63197. Filename=Save.exe
63198. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
63199.  
63200. Source=Paul Collins Startup list
63201.  
63202. [SaveDate]
63203. Number=8972
63204. Confirmed=X
63205. Filename=SaveStartDate.Exe
63206. Description=Unidentified adware
63207. Source=Paul Collins Startup list
63208.  
63209. [Savenow]
63210. Number=8973
63211. Confirmed=X
63212. Filename=SaveNow.exe
63213. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
63214.  
63215. Source=Paul Collins Startup list
63216.  
63217. [Savenow]
63218. Number=8974
63219. Confirmed=X
63220. Filename=savenow.exe
63221. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092620-2739-99" target="_blank">SPREDA.B</a> VIRUS!
63222. Source=Paul Collins Startup list
63223.  
63224. [SAW]
63225. Number=8975
63226. Confirmed=X
63227. Filename=saw.exe
63228. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051312-2501-99" target=_blank>SmartAdware</a> adware
63229. Source=Paul Collins Startup list
63230.  
63231. [Say The Time 5.0]
63232. Number=8976
63233. Confirmed=U
63234. Filename=SAYTIME.EXE
63235. Description=This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly
63236. Source=Paul Collins Startup list
63237.  
63238. [SB]
63239. Number=8977
63240. Confirmed=U
63241. Filename=SB.exe
63242. Description=Acer Soft Button on Acer Tablet PCs
63243.  
63244. Source=Paul Collins Startup list
63245.  
63246. [SB Audigy 2 Startup Menu]
63247. Number=8978
63248. Confirmed=N
63249. Filename=/l:eng
63250. Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
63251. Source=Paul Collins Startup list
63252.  
63253. [SB Watchdog]
63254. Number=8979
63255. Confirmed=X
63256. Filename=SBWatchdog.exe
63257. Description=Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank
63258. Source=Paul Collins Startup list
63259.  
63260. [SB13mini]
63261. Number=8980
63262. Confirmed=X
63263. Filename=RYZO32.EXE
63264. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotej.html" target=_blank>SPYBOT-EJ</a> WORM!
63265. Source=Paul Collins Startup list
63266.  
63267. [SBAutoUpdate]
63268. Number=8981
63269. Confirmed=U
63270. Filename=sbautoupdate.exe
63271. Description=SpywareBlaster <a href="http://www.javacoolsoftware.com/spywareblaster.html" target="_blank">auto-updater</a>
63272. Source=Paul Collins Startup list
63273.  
63274. [SBC Self Support Tool]
63275. Number=8982
63276. Confirmed=U
63277. Filename=matcli.exe
63278. Description=matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
63279. Source=Paul Collins Startup list
63280.  
63281. [SBC Yahoo! Connection Manager]
63282. Number=8983
63283. Confirmed=N
63284. Filename=ConnectionManager.exe
63285. Description=Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection
63286. Source=Paul Collins Startup list
63287.  
63288. [SBCSTray]
63289. Number=8984
63290. Confirmed=U
63291. Filename=SBCSTray.exe
63292. Description=System Tray access to <a href="http://www.sunbelt-software.com/Home-Home-Office/CounterSpy/" target="_blank">CounterSpy</a> anti-spyware from Sunbelt Software
63293. Source=Paul Collins Startup list
63294.  
63295. [SBDrvDet]
63296. Number=8985
63297. Confirmed=U
63298. Filename=SBDrv.exe
63299. Description=Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one
63300. Source=Paul Collins Startup list
63301.  
63302. [sbdrvdet]
63303. Number=8986
63304. Confirmed=N
63305. Filename=sbdrvdet.exe
63306. Description=Checks to see if Creative sound card driver should be updated
63307. Source=Paul Collins Startup list
63308.  
63309. [SBHC]
63310. Number=8987
63311. Confirmed=X
63312. Filename=sbhc.exe
63313. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075466" target="_blank">SuperBar</a> parasite - uninstall available <a href="http://www.gigatechsoftware.com/superbaruninstall.html" target="_blank">here</a>
63314.  
63315. Source=Paul Collins Startup list
63316.  
63317. [SBMPOP]
63318. Number=8988
63319. Confirmed=X
63320. Filename=SBMPop.exe
63321. Description=SearchByMedia adware
63322. Source=Paul Collins Startup list
63323.  
63324. [SBMX]
63325. Number=8989
63326. Confirmed=N
63327. Filename=sbmx.exe
63328. Description=SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)
63329. Source=Paul Collins Startup list
63330.  
63331. [sbss Launcher]
63332. Number=8990
63333. Confirmed=X
63334. Filename=sbss.exe
63335. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-070514-5200-99" target=_blank>SideBySide</a> adware
63336. Source=Paul Collins Startup list
63337.  
63338. [SbUsb AudCtrl]
63339. Number=8991
63340. Confirmed=U
63341. Filename=RunDll32 sbusbdll.dll, RCMonitor
63342. Description=Control for Soundblaster MP3 external (USB) sound card
63343. Source=Paul Collins Startup list
63344.  
63345. [sc]
63346. Number=8992
63347. Confirmed=N
63348. Filename=scrubxp.exe
63349. Description=<a href="http://www.bartdart.com/" target="_blank">ScrubXP</a> - utility that deletes safe to remove files, cookies, browsing history, etc
63350. Source=Paul Collins Startup list
63351.  
63352. [sc]
63353. Number=8993
63354. Confirmed=U
63355. Filename=sc.exe
63356. Description=<a href="http://www.rhombustechnologies.com/main.asp?page=WatchDog" target="_blank">Watchdog 2.0 Software</a> - monitoring program
63357. Source=Paul Collins Startup list
63358.  
63359. [sc]
63360. Number=8994
63361. Confirmed=U
63362. Filename=run.exe
63363. Description=<a href="http://www.allinonespy.com/" target=_blank>All-In-One_SPY</a> stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file
63364. Source=Paul Collins Startup list
63365.  
63366. [sc23exec]
63367. Number=8995
63368. Confirmed=?
63369. Filename=sc23exec.exe
63370. Description=<font color="#FF0000">Possibly related to a digital camera</font>
63371. Source=Paul Collins Startup list
63372.  
63373. [SC3300CC]
63374. Number=8996
63375. Confirmed=Y
63376. Filename=SC3300CC.exe
63377. Description=SiPix digital camera Twain device driver
63378. Source=Paul Collins Startup list
63379.  
63380. [scain]
63381. Number=8997
63382. Confirmed=X
63383. Filename=s030109.Stub.exe
63384. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
63385. Source=Paul Collins Startup list
63386.  
63387. [ScamDisk]
63388. Number=8998
63389. Confirmed=X
63390. Filename=SVOHOST.exe
63391. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LEWOR.D&VSect=P" target=_blank>LEWOR.D</a> WORM!
63392. Source=Paul Collins Startup list
63393.  
63394. [scan]
63395. Number=8999
63396. Confirmed=X
63397. Filename=mscman.exe
63398. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
63399. Source=Paul Collins Startup list
63400.  
63401. [Scan Detector]
63402. Number=9000
63403. Confirmed=?
63404. Filename=Pmxdetect.exe
63405. Description=Associated with <a href="http://www.primascan.com/" target="_blank">PrimaScan</a> scanners.<font color="#FF0000"> Is it required?</font>
63406. Source=Paul Collins Startup list
63407.  
63408. [Scan Register]
63409. Number=9001
63410. Confirmed=X
63411. Filename=ssms.exe
63412. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotat.html" target=_blank>RBOT-AT</a> WORM!
63413. Source=Paul Collins Startup list
63414.  
63415. [Scan Wizard]
63416. Number=9002
63417. Confirmed=?
63418. Filename=button.exe
63419. Description=Associated with ScanWizard as supplied with Microtek scanners - see also <a href="#Scanner%20Detector"> Scanner Detector</a> or <a href="#SDetect">SDetect</a>.<font color="#FF0000"> What does it do and is it required?</font>
63420. Source=Paul Collins Startup list
63421.  
63422. [ScanDisc]
63423. Number=9003
63424. Confirmed=X
63425. Filename=satan.exe
63426. Description=Added by the GREGSTAR TROJAN!
63427. Source=Paul Collins Startup list
63428.  
63429. [ScanDisk]
63430. Number=9004
63431. Confirmed=X
63432. Filename=ScanDisk.exe
63433. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031706-4103-99" target="_blank">GANDA.A</a> WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker
63434. Source=Paul Collins Startup list
63435.  
63436. [scands32.exe]
63437. Number=9005
63438. Confirmed=X
63439. Filename=scands32.exe
63440. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99" target=_blank>ADCLICKER</a> TROJAN!
63441. Source=Paul Collins Startup list
63442.  
63443. [Scandsk2]
63444. Number=9006
63445. Confirmed=X
63446. Filename=scandsk2.exe
63447. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpk.html" target="_blank">AGOBOT-PK</a> WORM!
63448. Source=Paul Collins Startup list
63449.  
63450. [scandskx.exe]
63451. Number=9007
63452. Confirmed=X
63453. Filename=scandskx.exe
63454. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrarm.html" target="_blank">DLOADR-ARM</a> TROJAN!
63455. Source=Paul Collins Startup list
63456.  
63457. [ScanFile]
63458. Number=9008
63459. Confirmed=?
63460. Filename=??
63461. Description=<font color="#FF0000">??</font>
63462. Source=Paul Collins Startup list
63463.  
63464. [ScanInicio]
63465. Number=9009
63466. Confirmed=Y
63467. Filename=Inicio.exe
63468. Description=Part of <a href="http://www.pandasoftware.com/home/particulares/default" target="_blank">Panda Antivirus</a>. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active
63469. Source=Paul Collins Startup list
63470.  
63471. [Scanner Detector]
63472. Number=9010
63473. Confirmed=N
63474. Filename=SDetect.exe
63475. Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
63476. Source=Paul Collins Startup list
63477.  
63478. [Scanner File Utility]
63479. Number=9011
63480. Confirmed=Y
63481. Filename=NsCatCom.exe
63482. Description=<a href="http://www.kyoceramita.com/" target=_blank>Kycocera Mita</a> network copier/printer/scanner process to dump scanned documents onto a workstation
63483.  
63484. Source=Paul Collins Startup list
63485.  
63486. [ScanPanel]
63487. Number=9012
63488. Confirmed=?
63489. Filename=ScanPanel.exe
63490. Description=Trust <a href="http://www.trust.com/products/product.aspx?artnr=12919" target="_blank">Easy Webscan</a> scanner related - <font color="#FF0000">what does it do and is it required?</font>
63491. Source=Paul Collins Startup list
63492.  
63493. [Scanreg]
63494. Number=9013
63495. Confirmed=X
63496. Filename=[filename]
63497. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
63498. Source=Paul Collins Startup list
63499.  
63500. [ScanRegistry]
63501. Number=9014
63502. Confirmed=X
63503. Filename=nsrvnt.exe
63504. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-110909-3147-99" target="_blank">NERTE</a> TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe
63505. Source=Paul Collins Startup list
63506.  
63507. [ScanRegistry]
63508. Number=9015
63509. Confirmed=X
63510. Filename=scanregv.exe
63511. Description=Added by the <a href="http://vil.nai.com/vil/content/v_98023.htm" target="_blank">MASTERLOCK</a> TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe
63512. Source=Paul Collins Startup list
63513.  
63514. [ScanRegistry]
63515. Number=9016
63516. Confirmed=Y
63517. Filename=Scanregw.exe
63518. Description=Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable "Scanregw.exe" is located in %windir% (where %windir% is the Windows directory - C:\Windows or C:\Winnt)
63519. Source=Paul Collins Startup list
63520.  
63521. [ScanRegistry]
63522. Number=9017
63523. Confirmed=X
63524. Filename=Scanregw.exe
63525. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-042016-4611-99" target=_blank>STATOR</a> WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key
63526. Source=Paul Collins Startup list
63527.  
63528. [ScanRegistry]
63529. Number=9018
63530. Confirmed=X
63531. Filename=N/A
63532. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.html" target=_blank>DINOXI</a> or <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.b.html" target=_blank>DINOXI.B</a> WORMS!
63533. Source=Paul Collins Startup list
63534.  
63535. [ScanRegistry]
63536. Number=9019
63537. Confirmed=X
63538. Filename=scanregw.exe
63539. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nyxemd.html" target=_blank>NYXEM-D</a> WORM! Note - do not confuse this with the legitimate Windows process scanregw.exe which is always found in the Windows folder on Win9x/ME machines. This worm file is found in the System (9x/ME) or System32 (NT/2K/XP) folder
63540. Source=Paul Collins Startup list
63541.  
63542. [ScanRegistry]
63543. Number=9020
63544. Confirmed=X
63545. Filename=update.exe
63546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfzy.html" target="_blank">DWNLDR-FZY</a> TROJAN!
63547. Source=Paul Collins Startup list
63548.  
63549. [ScanSpyware v *]
63550. Number=9021
63551. Confirmed=N
63552. Filename=Scanner.exe
63553. Description=Spyware remover (where * = the version number) - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
63554. Source=Paul Collins Startup list
63555.  
63556. [scApp]
63557. Number=9022
63558. Confirmed=X
63559. Filename=scApp.exe
63560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32standoe.html" target=_blank>STANDO-E</a> WORM!
63561. Source=Paul Collins Startup list
63562.  
63563. [SCardSvr]
63564. Number=9023
63565. Confirmed=N
63566. Filename=scardsvr.exe
63567. Description=Related to SmartCard readers and sometimes uses lots of system resources
63568. Source=Paul Collins Startup list
63569.  
63570. [SCardSvr]
63571. Number=9024
63572. Confirmed=X
63573. Filename=SCardSvr32.Exe
63574. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B" target="_blank">MOFEI.B</a> WORM!
63575. Source=Paul Collins Startup list
63576.  
63577. [SCDEmuApp.exe]
63578. Number=9025
63579. Confirmed=U
63580. Filename=SCDEmuApp.exe
63581. Description=Related to <a href="http://www.poweriso.com/" target=_blank>PowerISO</a> - CD/DVD image file processing tool
63582. Source=Paul Collins Startup list
63583.  
63584. [scheck45]
63585. Number=9026
63586. Confirmed=X
63587. Filename=scheck45.exe
63588. Description=Related to unknown malware - hidden installer associated with it
63589. Source=Paul Collins Startup list
63590.  
63591. [schedm]
63592. Number=9027
63593. Confirmed=U
63594. Filename=schedm.exe
63595. Description=Part of <a href="http://www.free-av.com/" target="_blank">Antivir PersonalEdition Classic</a> anti-virus
63596. Source=Paul Collins Startup list
63597.  
63598. [ScheduIe]
63599. Number=9028
63600. Confirmed=X
63601. Filename=nrchk.exe
63602. Description=Premium rate adult content dialler
63603. Source=Paul Collins Startup list
63604.  
63605. [ScheduIr]
63606. Number=9029
63607. Confirmed=X
63608. Filename=msexploren.exe
63609. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
63610. Source=Paul Collins Startup list
63611.  
63612. [ScheduIr]
63613. Number=9030
63614. Confirmed=X
63615. Filename=shch.exe
63616. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
63617. Source=Paul Collins Startup list
63618.  
63619. [ScheduIr]
63620. Number=9031
63621. Confirmed=X
63622. Filename=svchst.exe
63623. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
63624. Source=Paul Collins Startup list
63625.  
63626. [ScheduIr]
63627. Number=9032
63628. Confirmed=X
63629. Filename=winagent.exe
63630. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
63631. Source=Paul Collins Startup list
63632.  
63633. [Schedule]
63634. Number=9033
63635. Confirmed=U
63636. Filename=Schedule.exe
63637. Description=Scheduler for <a href="http://www.mercury-pc.com/product-detail.php?link=p-addcards&subtitle=Add-On%20Cards&productid=653" target="_blank">Mercury Ez View</a> TV Tuner Card
63638. Source=Paul Collins Startup list
63639.  
63640. [Scheduled Maintenance]
63641. Number=9034
63642. Confirmed=N
63643. Filename=Scheduled_Maintenance.exe
63644. Description=Scheduler for Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs
63645. Source=Paul Collins Startup list
63646.  
63647. [Scheduler]
63648. Number=9035
63649. Confirmed=X
63650. Filename=expIorer.exe
63651. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
63652. Source=Paul Collins Startup list
63653.  
63654. [Scheduler]
63655. Number=9036
63656. Confirmed=X
63657. Filename=MSMSGS.EXE
63658. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhostbanka.html" target= blank>HOSTBANK-A</a> TROJAN! Note - this particular msmsgs.exe file is located in the Windows\System32\Config or Winnt\System32\Config folder, and should not be mistaken for the MSN Messenger file of the same name!
63659. Source=Paul Collins Startup list
63660.  
63661. [Scheduler]
63662. Number=9037
63663. Confirmed=X
63664. Filename=outIook.exe
63665. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
63666. Source=Paul Collins Startup list
63667.  
63668. [Scheduler]
63669. Number=9038
63670. Confirmed=X
63671. Filename=svcrhost.exe
63672. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
63673. Source=Paul Collins Startup list
63674.  
63675. [Scheduler]
63676. Number=9039
63677. Confirmed=X
63678. Filename=svcshost.exe
63679. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.A</a> TROJAN!
63680. Source=Paul Collins Startup list
63681.  
63682. [Scheduler]
63683. Number=9040
63684. Confirmed=X
63685. Filename=winagent.exe
63686. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.B</a> TROJAN!
63687. Source=Paul Collins Startup list
63688.  
63689. [Scheduler]
63690. Number=9041
63691. Confirmed=U
63692. Filename=Scheduler daemon.exe
63693. Description=<a href="http://www.tenebril.com/consumer/" target=_blank>Tenebril</a> GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings
63694. Source=Paul Collins Startup list
63695.  
63696. [Scheduler]
63697. Number=9042
63698. Confirmed=X
63699. Filename=msnexploren.exe
63700. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
63701. Source=Paul Collins Startup list
63702.  
63703. [Scheduler]
63704. Number=9043
63705. Confirmed=X
63706. Filename=sdhch.exe
63707. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
63708. Source=Paul Collins Startup list
63709.  
63710. [Scheduler]
63711. Number=9044
63712. Confirmed=X
63713. Filename=svchst.exe
63714. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
63715. Source=Paul Collins Startup list
63716.  
63717. [Scheduler Service]
63718. Number=9045
63719. Confirmed=X
63720. Filename=wsass.exe
63721. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42167" target=_blank>LIOTEN.KX</a> WORM!
63722. Source=Paul Collins Startup list
63723.  
63724. [SchedulerMgr]
63725. Number=9046
63726. Confirmed=X
63727. Filename=navchk.exe
63728. Description=Premium rate adult content dialer
63729. Source=Paul Collins Startup list
63730.  
63731. [Scheduling Agent]
63732. Number=9047
63733. Confirmed=X
63734. Filename=Scheduler.exe
63735. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-022017-5551-99" target="_blank">SUBWOOFER</a> TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect
63736. Source=Paul Collins Startup list
63737.  
63738. [SchedulingAgant]
63739. Number=9048
63740. Confirmed=X
63741. Filename=MMTASK.EXE
63742. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN! Not the valid MusicMatch Jukebox which has the same filename
63743. Source=Paul Collins Startup list
63744.  
63745. [SchedulingAgent]
63746. Number=9049
63747. Confirmed=U
63748. Filename=mstask.exe
63749. Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
63750. Source=Paul Collins Startup list
63751.  
63752. [SchedulingAgent]
63753. Number=9050
63754. Confirmed=U
63755. Filename=mstinit.exe
63756. Description=MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
63757. Source=Paul Collins Startup list
63758.  
63759. [SchedulingAgent]
63760. Number=9051
63761. Confirmed=X
63762. Filename=N/A
63763. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.html" target=_blank>DINOXI</a> or <a href="http://www.sarc.com/avcenter/venc/data/w32.dinoxi.b.html" target=_blank>DINOXI.B</a> WORMS!
63764. Source=Paul Collins Startup list
63765.  
63766. [Schmaili]
63767. Number=9052
63768. Confirmed=U
63769. Filename=Schmaili.exe
63770. Description=<a href="http://www.schmaili.com/index.htm" target="_blank">Schmaili</a> - insert animated smilies into your e-mail
63771. Source=Paul Collins Startup list
63772.  
63773. [schost]
63774. Number=9053
63775. Confirmed=X
63776. Filename=[path to trojan]
63777. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100415-4002-99" target=_blank>TJSERV.D</a> TROJAN!
63778. Source=Paul Collins Startup list
63779.  
63780. [SchSvr]
63781. Number=9054
63782. Confirmed=N
63783. Filename=SchSvr.exe
63784. Description=<a href="http://www.intervideo.com" target=_blank>WinScheduler</a> is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
63785. Source=Paul Collins Startup list
63786.  
63787. [SCHWIZEX]
63788. Number=9055
63789. Confirmed=Y
63790. Filename=SCHWIZEX.EXE
63791. Description=Part of <a href="http://www.imaginelan.com/configsafe/index.html" target="_blank"> ConfigSafe</a> - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
63792. Source=Paul Collins Startup list
63793.  
63794. [ScManager]
63795. Number=9056
63796. Confirmed=X
63797. Filename=scman.exe
63798. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcw.html" target=_blank>FORBOT-CW</a> WORM!
63799. Source=Paul Collins Startup list
63800.  
63801. [scopedll]
63802. Number=9057
63803. Confirmed=X
63804. Filename=scopedll.exe
63805. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
63806. Source=Paul Collins Startup list
63807.  
63808. [Scotia OnLine Recovery]
63809. Number=9058
63810. Confirmed=N
63811. Filename=etdirrcv.exe
63812. Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
63813. Source=Paul Collins Startup list
63814.  
63815. [Scotia OnLine Security v*.* Recovery]
63816. Number=9059
63817. Confirmed=N
63818. Filename=etdirrcv.exe
63819. Description=Scotia OnLine Security Software provided by <a href="http://www.entrust.com/index.cfm" target="_blank">Entrust</a> for <a href="http://www.scotiabank.com/cda/index/0,,LIDen,00.html" target="_blank">Scotiabank</a>. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process
63820. Source=Paul Collins Startup list
63821.  
63822. [Scr]
63823. Number=9060
63824. Confirmed=X
63825. Filename=scr.scr
63826. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
63827. Source=Paul Collins Startup list
63828.  
63829. [ScrapPad]
63830. Number=9061
63831. Confirmed=N
63832. Filename=Scrappad.exe
63833. Description=ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper
63834. Source=Paul Collins Startup list
63835.  
63836. [scrbmk]
63837. Number=9062
63838. Confirmed=X
63839. Filename=[path to trojan]
63840. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadervp.html" target=_blank>DLOADER-VP</a> TROJAN!
63841. Source=Paul Collins Startup list
63842.  
63843. [Screen Calendar]
63844. Number=9063
63845. Confirmed=U
63846. Filename=scrcal.exe
63847. Description=<a href="http://www.screencalendar.com/" target=_blank>Screen Calendar</a> allows you to create custom desktop wallpapers with built in active calendar and scheduler
63848. Source=Paul Collins Startup list
63849.  
63850. [Screen Guard]
63851. Number=9064
63852. Confirmed=U
63853. Filename=launch.exe
63854. Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
63855. Source=Paul Collins Startup list
63856.  
63857. [Screen Guard Message Scan]
63858. Number=9065
63859. Confirmed=U
63860. Filename=sgms.exe
63861. Description=Part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software
63862. Source=Paul Collins Startup list
63863.  
63864. [Screen Saver]
63865. Number=9066
63866. Confirmed=X
63867. Filename=scrnsaver.scr
63868. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagp.html" target=_blank>RBOT-AGP</a> WORM!
63869. Source=Paul Collins Startup list
63870.  
63871. [Screen Saver Control]
63872. Number=9067
63873. Confirmed=N
63874. Filename=FSScrCtl.exe
63875. Description=Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
63876. Source=Paul Collins Startup list
63877.  
63878. [ScreenHunter 4.0 Free]
63879. Number=9068
63880. Confirmed=N
63881. Filename=ScreenHunter.exe
63882. Description="<a href="http://www.wisdom-soft.com/products/screenhunter_free.htm" target="_blank">ScreenHunter 4.0 Free</a> is a completely free screen capture software for you to easily take screenshots"
63883. Source=Paul Collins Startup list
63884.  
63885. [ScreenPrint32]
63886. Number=9069
63887. Confirmed=N
63888. Filename=ScreenPrint32.exe
63889. Description=<a href="http://www.provtech.co.uk/software/screenprint32.asp" target=_blank>ScreenPrint32</a> screen capture software - can be launched manually
63890. Source=Paul Collins Startup list
63891.  
63892. [screxe]
63893. Number=9070
63894. Confirmed=?
63895. Filename=scruser2k.exe
63896. Description=<font color="#FF0000">??</font>
63897. Source=Paul Collins Startup list
63898.  
63899. [script]
63900. Number=9071
63901. Confirmed=?
63902. Filename=script.bat
63903. Description=<font color="#FF0000">Maybe associated with DOS on a Win9x machine</font>
63904. Source=Paul Collins Startup list
63905.  
63906. [ScriptBlocking]
63907. Number=9072
63908. Confirmed=Y
63909. Filename=SBServ.exe
63910. Description=Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer <a href="http://www.symantec.com/search/" target="_blank">here</a> for more information
63911. Source=Paul Collins Startup list
63912.  
63913. [ScriptSentry]
63914. Number=9073
63915. Confirmed=Y
63916. Filename=Scriptsentry.exe
63917. Description=<a href="http://www.jasons-toolbox.com/scriptsentry.asp" target="_blank">Script Sentry</a> from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly
63918. Source=Paul Collins Startup list
63919.  
63920. [Scroll-In-Mouse V2.0]
63921. Number=9074
63922. Confirmed=U
63923. Filename=SCROLL.EXE
63924. Description=Toolkit for the <a href="http://www.qtronix.com/Lynx3dnet.html" target="_blank">Lynx-3D Net</a> scroll mouse from QTronix. Required if you use the special features
63925. Source=Paul Collins Startup list
63926.  
63927. [scrss]
63928. Number=9075
63929. Confirmed=X
63930. Filename=scrss.exe
63931. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhacdefr.html" target="_blank">HACDEF-R</a> TROJAN!
63932. Source=Paul Collins Startup list
63933.  
63934. [scrsvc]
63935. Number=9076
63936. Confirmed=X
63937. Filename=scrsvc.exe
63938. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentds.html" target=_blank>AGENT-DS</a> TROJAN!
63939. Source=Paul Collins Startup list
63940.  
63941. [ScrSvr]
63942. Number=9077
63943. Confirmed=X
63944. Filename=ScrSvr.exe
63945. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-093011-2800-99" target="_blank">OPASERV</a> WORM!
63946. Source=Paul Collins Startup list
63947.  
63948. [ScrSvrOld]
63949. Number=9078
63950. Confirmed=X
63951. Filename=[worm filename]
63952. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-093011-2800-99" target="_blank">OPASERV</a> WORM!
63953. Source=Paul Collins Startup list
63954.  
63955. [Scsi]
63956. Number=9079
63957. Confirmed=Y
63958. Filename=Scsi.exe
63959. Description=SCSI Miniport driver
63960. Source=Paul Collins Startup list
63961.  
63962. [sctrlmgr]
63963. Number=9080
63964. Confirmed=X
63965. Filename=sescmgr.exe
63966. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgah.html" target="_blank">DWNLDR-GAH</a> TROJAN!
63967. Source=Paul Collins Startup list
63968.  
63969. [scvhost]
63970. Number=9081
63971. Confirmed=X
63972. Filename=svzhost.exe
63973. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
63974. Source=Paul Collins Startup list
63975.  
63976. [scvhost]
63977. Number=9082
63978. Confirmed=U
63979. Filename=scvhost.exe
63980. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.wiretap.html" target="_blank">Wiretap</a> surveillance software. Uninstall this software unless you put it there yourself
63981. Source=Paul Collins Startup list
63982.  
63983. [scvhost loader]
63984. Number=9083
63985. Confirmed=X
63986. Filename=ixplore.exe
63987. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html" target=_blank>SDBOT-CY</a> TROJAN!
63988. Source=Paul Collins Startup list
63989.  
63990. [scvhost.exe]
63991. Number=9084
63992. Confirmed=X
63993. Filename=scvhost.exe
63994. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavn.html" target="_blank">LOHAV-N</a> TROJAN!
63995. Source=Paul Collins Startup list
63996.  
63997. [sd32info]
63998. Number=9085
63999. Confirmed=X
64000. Filename=sd32info.exe
64001. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
64002. Source=Paul Collins Startup list
64003.  
64004. [SDaemon]
64005. Number=9086
64006. Confirmed=U
64007. Filename=sdaemon.exe
64008. Description=PC Security from Tropical Software. 'PC SecurityÖ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC SecurityÖ offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'
64009. Source=Paul Collins Startup list
64010.  
64011. [SDAutoLiveupdate]
64012. Number=9087
64013. Confirmed=U
64014. Filename=LiveUpdateSD.exe
64015. Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
64016. Source=Paul Collins Startup list
64017.  
64018. [SDAv]
64019. Number=9088
64020. Confirmed=X
64021. Filename=csnss.exe
64022. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
64023. Source=Paul Collins Startup list
64024.  
64025. [SDAv]
64026. Number=9089
64027. Confirmed=X
64028. Filename=svhost.exe
64029. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031500-0556-99" target=_blank>SERFLOG.C</a> WORM!
64030. Source=Paul Collins Startup list
64031.  
64032. [sdchosts32]
64033. Number=9090
64034. Confirmed=X
64035. Filename=vbdd.exe
64036. Description=Added by the RANKY.AG TROJAN!
64037. Source=Paul Collins Startup list
64038.  
64039. [SDClientMonitor]
64040. Number=9091
64041. Confirmed=?
64042. Filename=sdclientmonitor.exe
64043. Description=Related to LANDesk Management Suite from <a href="http://www.landesk.com/" target="_blank">LANDesk Software Ltd</a>. <font color="#FF0000">What does it do and is it required?</font>
64044. Source=Paul Collins Startup list
64045.  
64046. [SDetect]
64047. Number=9092
64048. Confirmed=N
64049. Filename=SDetect.exe
64050. Description=ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
64051. Source=Paul Collins Startup list
64052.  
64053. [sdfsdfsdf]
64054. Number=9093
64055. Confirmed=X
64056. Filename=sp2update.exe
64057. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
64058. Source=Paul Collins Startup list
64059.  
64060. [SDIN Adapter]
64061. Number=9094
64062. Confirmed=X
64063. Filename=sdin.exe
64064. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotap.html" target="_blank">FORBOT-AP</a> WORM!
64065. Source=Paul Collins Startup list
64066.  
64067. [SDJobCheck]
64068. Number=9095
64069. Confirmed=?
64070. Filename=triggusr.exe
64071. Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
64072. Source=Paul Collins Startup list
64073.  
64074. [SDK Codre Function22]
64075. Number=9096
64076. Confirmed=X
64077. Filename=sdkimddprovment2.exe
64078. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyj.html" target=_blank>SDBOT-YJ</a> WORM!
64079. Source=Paul Collins Startup list
64080.  
64081. [SDK Core Component]
64082. Number=9097
64083. Confirmed=X
64084. Filename=sdkcore.exe
64085. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwc.html" target=_blank>SDBOT-WC</a> WORM!
64086. Source=Paul Collins Startup list
64087.  
64088. [SDK Core Function]
64089. Number=9098
64090. Confirmed=X
64091. Filename=sdkimprovment.exe
64092. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHL&VSect=P" target=_blank>RBOT.BHL</a> WORM!
64093. Source=Paul Collins Startup list
64094.  
64095. [SDK Core Function2]
64096. Number=9099
64097. Confirmed=X
64098. Filename=sdkimprovment2.exe
64099. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050217-0724-99" target= blank>SPYBOT.OGX</a> WORM!
64100. Source=Paul Collins Startup list
64101.  
64102. [Sdk**.exe [* = random char]]
64103. Number=9100
64104. Confirmed=X
64105. Filename=Sdk**.exe [* = random char]
64106. Description=Sdk**.exe [* = random char]
64107.  
64108. Source=Paul Collins Startup list
64109.  
64110. [Sdk**.exe [* = random char]]
64111. Number=9101
64112. Confirmed=X
64113. Filename=Sdk**.exe [* = random char]
64114. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
64115. Source=Paul Collins Startup list
64116.  
64117. [Sdk**32.exe [* = random char]]
64118. Number=9102
64119. Confirmed=X
64120. Filename=Sdk**32.exe [* = random char]
64121. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
64122. Source=Paul Collins Startup list
64123.  
64124. [SDKcore Update Components2]
64125. Number=9103
64126. Confirmed=X
64127. Filename=SDKC0R3.exe
64128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaba.html" target= blank>RBOT-ABA</a> WORM!
64129. Source=Paul Collins Startup list
64130.  
64131. [sdkupdate22]
64132. Number=9104
64133. Confirmed=X
64134. Filename=SDK0mCORE.exe
64135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdt.html" target=_blank>FORBOT-DT</a> WORM!
64136. Source=Paul Collins Startup list
64137.  
64138. [SDPhotoBar.exe]
64139. Number=9105
64140. Confirmed=N
64141. Filename=SDPhotoBar.exe
64142. Description=SmartDraw Photo (now <a href="http://www.fotofinish.com/products/photo/index.htm" target="_blank">FotoFinsh</a>) - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"
64143. Source=Paul Collins Startup list
64144.  
64145. [SDR6_Check]
64146. Number=9106
64147. Confirmed=N
64148. Filename=udcsdr.exe
64149. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
64150. Source=Paul Collins Startup list
64151.  
64152. [sdrss]
64153. Number=9107
64154. Confirmed=X
64155. Filename=sdrss.exe
64156. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsq.html" target=_blank>SDBOT-SQ</a> WORM!
64157. Source=Paul Collins Startup list
64158.  
64159. [sds20]
64160. Number=9108
64161. Confirmed=U
64162. Filename=svchost.exe
64163. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.inlookexpress.html" target=_blank>InlookExpress</a> logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this should not be confused with the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> system process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder! This file is located in a "sds20" folder
64164.  
64165. Source=Paul Collins Startup list
64166.  
64167. [SDTray]
64168. Number=9109
64169. Confirmed=U
64170. Filename=sdtray.exe
64171. Description=RSA Keon <a href="http://www.rsasecurity.com/node.asp?id=1230" target=_blank>Web PassPort</a> - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed
64172. Source=Paul Collins Startup list
64173.  
64174. [SDTray]
64175. Number=9110
64176. Confirmed=U
64177. Filename=SDTrayApp.exe
64178. Description=<a href="http://www.pctools.com/spyware-doctor/" target="_blank">Spyware Doctor</a> spyware remover - system tray access
64179. Source=Paul Collins Startup list
64180.  
64181. [sdxsys32]
64182. Number=9111
64183. Confirmed=X
64184. Filename=sdxsys32.exe
64185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggera.html" target=_blank>BROGGER-A</a> TROJAN!
64186. Source=Paul Collins Startup list
64187.  
64188. [sealmon]
64189. Number=9112
64190. Confirmed=U
64191. Filename=sealmon.exe
64192. Description=<a href="http://www.sealedmedia.com/solutions/default.asp" target=_blank>SealedMedia</a> enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email
64193.  
64194. Source=Paul Collins Startup list
64195.  
64196. [Search Bar]
64197. Number=9113
64198. Confirmed=X
64199. Filename=taskbar.exe
64200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankif.html" target="_blank">OPANKI-F</a> WORM!
64201. Source=Paul Collins Startup list
64202.  
64203. [Search Hook]
64204. Number=9114
64205. Confirmed=?
64206. Filename=srchhook.exe
64207. Description=<font color="#FF0000">??</font>
64208. Source=Paul Collins Startup list
64209.  
64210. [Search Page]
64211. Number=9115
64212. Confirmed=X
64213. Filename=http://find.naupoint.com
64214. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
64215. Source=Paul Collins Startup list
64216.  
64217. [Search-Exe]
64218. Number=9116
64219. Confirmed=X
64220. Filename=SE.exe
64221. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076619" target="_blank">Search-Exe</a> hijacker
64222. Source=Paul Collins Startup list
64223.  
64224. [Search.vbs]
64225. Number=9117
64226. Confirmed=X
64227. Filename=
64228. Description=Hijacker
64229. Source=Paul Collins Startup list
64230.  
64231. [searchbar]
64232. Number=9118
64233. Confirmed=X
64234. Filename=vnmispoisn downloader.exe
64235. Description=SearchBarCash adware variant
64236. Source=Paul Collins Startup list
64237.  
64238. [SearchEnhancement]
64239. Number=9119
64240. Confirmed=X
64241. Filename=scbar.exe
64242. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079937" target="_blank">SCBar</a> foistware
64243.  
64244. Source=Paul Collins Startup list
64245.  
64246. [searchnav]
64247. Number=9120
64248. Confirmed=X
64249. Filename=searchnav.exe
64250. Description=SearchNav adware - IEFeatures/Popnav variant
64251. Source=Paul Collins Startup list
64252.  
64253. [SearchNavVersion]
64254. Number=9121
64255. Confirmed=X
64256. Filename=searchnavversion.exe
64257. Description=SearchNav adware - IEFeatures/Popnav variant
64258. Source=Paul Collins Startup list
64259.  
64260. [SearchNet_Up]
64261. Number=9122
64262. Confirmed=X
64263. Filename=ServeUp.exe
64264. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071912-4640-99&tabid=1" target="_blank">SearchNet</a> adware
64265. Source=Paul Collins Startup list
64266.  
64267. [SearchSetter]
64268. Number=9123
64269. Confirmed=X
64270. Filename=searchsetter[1].exe
64271. Description=Browser hijacker - redirecting to FindWhateverNow.com
64272.  
64273. Source=Paul Collins Startup list
64274.  
64275. [SearchSquire[number]]
64276. Number=9124
64277. Confirmed=X
64278. Filename=SearchSquire[number].exe
64279. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011416-1519-99" target="_blank">SearchSquire</a> adware
64280. Source=Paul Collins Startup list
64281.  
64282. [SearchUpgrader]
64283. Number=9125
64284. Confirmed=X
64285. Filename=SearchUpgrader.exe
64286. Description=Hijacker
64287. Source=Paul Collins Startup list
64288.  
64289. [Secboot]
64290. Number=9126
64291. Confirmed=X
64292. Filename=w32tm.exe
64293. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012411-2332-99" target=_blank>HAXDOOR.D</a> TROJAN!
64294. Source=Paul Collins Startup list
64295.  
64296. [secboot]
64297. Number=9127
64298. Confirmed=X
64299. Filename=mszx23.exe
64300. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.BC" target=_blank>HAXDOOR.BC</a> TROJAN!
64301. Source=Paul Collins Startup list
64302.  
64303. [secboot]
64304. Number=9128
64305. Confirmed=X
64306. Filename=vtd 16.exe
64307. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhaxdoorae.html" target= blank>HAXDOOR-AE</a> TROJAN!
64308. Source=Paul Collins Startup list
64309.  
64310. [Second Copy 2000]
64311. Number=9129
64312. Confirmed=U
64313. Filename=SecCopy.exe
64314. Description=Related to <a href="http://www.centered.com/" target=_blank>Second Copy«</a> - a files/folders backup utility
64315. Source=Paul Collins Startup list
64316.  
64317. [SecondChance]
64318. Number=9130
64319. Confirmed=U
64320. Filename=sctray.exe
64321. Description=<a href="http://www.pcug-colorado.org/newsletter/pcoc0200/2ndchanc.htm" target="_blank">Power Quest Second Chance</a>. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash
64322. Source=Paul Collins Startup list
64323.  
64324. [Secret]
64325. Number=9131
64326. Confirmed=X
64327. Filename=Secret.exe
64328. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflw.html" target=_blank>DELF-LW</a> TROJAN!
64329. Source=Paul Collins Startup list
64330.  
64331. [Secret-Crush]
64332. Number=9132
64333. Confirmed=X
64334. Filename=start.exe
64335. Description=Hijacker that may reset your browser's home page and/or search settings to point to undesired sites
64336. Source=Paul Collins Startup list
64337.  
64338. [SECRETMAKER]
64339. Number=9133
64340. Confirmed=U
64341. Filename=secretmaker.exe
64342. Description=<a href="http://www.secretmaker.com/" target= blank>Secretmaker</a> is a combonation of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner
64343. Source=Paul Collins Startup list
64344.  
64345. [SecretSmileys]
64346. Number=9134
64347. Confirmed=U
64348. Filename=ss.exe
64349. Description="<a href="http://www.secretsmileys.com/index.html" target=_blank>Secret Smileys</a> is an add-on for AIM that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window"
64350. Source=Paul Collins Startup list
64351.  
64352. [secserv.exe]
64353. Number=9135
64354. Confirmed=X
64355. Filename=secserv.exe
64356. Description=Reported by Panda as an EasySearch Adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer
64357. Source=Paul Collins Startup list
64358.  
64359. [secsvc32]
64360. Number=9136
64361. Confirmed=X
64362. Filename=secsvcnt.exe
64363. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076716" target=_blank>GLOBAL PATROL</a> TROJAN!
64364. Source=Paul Collins Startup list
64365.  
64366. [Secsys]
64367. Number=9137
64368. Confirmed=U
64369. Filename=Secsys.exe
64370. Description=UltraSoft <a href="http://www.pcadvisor.co.uk/downloads/index.cfm?categoryID=1443&itemID=22391" target="_blank">Key Interceptor</a> surveillance software - uninstall this unless you put it there yourself!
64371. Source=Paul Collins Startup list
64372.  
64373. [secure]
64374. Number=9138
64375. Confirmed=X
64376. Filename=secure.exe
64377. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware
64378. Source=Paul Collins Startup list
64379.  
64380. [secure]
64381. Number=9139
64382. Confirmed=X
64383. Filename=svshost.exe
64384. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafo.html" target=_blank>RBOT-AFO</a> WORM!
64385. Source=Paul Collins Startup list
64386.  
64387. [secure socket layer]
64388. Number=9140
64389. Confirmed=X
64390. Filename=wins32a.exe
64391. Description=Added by an <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=ec2b32028997" target="_blank">IRCBOT</a> TROJAN!
64392. Source=Paul Collins Startup list
64393.  
64394. [Secure Socket Layer Certification]
64395. Number=9141
64396. Confirmed=X
64397. Filename=sslcert.exe
64398. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotan.html" target="_blank">VANEBOT-AN</a> WORM!
64399. Source=Paul Collins Startup list
64400.  
64401. [Secure System]
64402. Number=9142
64403. Confirmed=X
64404. Filename=integitor.exe
64405. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACI" target="_blank">AGOBOT.ACI</a> WORM!
64406. Source=Paul Collins Startup list
64407.  
64408. [SecureClean4RegManager]
64409. Number=9143
64410. Confirmed=N
64411. Filename=scregmanager4.exe
64412. Description=WhiteCanyon <a href="http://www.whitecanyon.com/secureclean-clean-hard-drive.php" target=_blank>SecureClean 4</a> disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
64413. Source=Paul Collins Startup list
64414.  
64415. [SecureClean4Tray]
64416. Number=9144
64417. Confirmed=N
64418. Filename=sctray4.exe
64419. Description=WhiteCanyon <a href="http://www.whitecanyon.com/secureclean-clean-hard-drive.php" target=_blank>SecureClean 4</a> disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
64420. Source=Paul Collins Startup list
64421.  
64422. [SecureCleanIEClean]
64423. Number=9145
64424. Confirmed=N
64425. Filename=SCIEClean.exe
64426. Description=SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches
64427. Source=Paul Collins Startup list
64428.  
64429. [SecureItPro]
64430. Number=9146
64431. Confirmed=U
64432. Filename=Secureitpro470p.exe
64433. Description=<a href="http://members.optusnet.com.au/quantrixnet/products/secureitpro.htm" target="_blank">SecureIt Pro</a> - lock your computer when you're not there, to stop malicious users from accessing your desktop
64434. Source=Paul Collins Startup list
64435.  
64436. [SecureLogin]
64437. Number=9147
64438. Confirmed=X
64439. Filename=Mslg32.exe
64440. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061116-5357-99" target="_blank">REDZED</a> WORM!
64441. Source=Paul Collins Startup list
64442.  
64443. [SecureOnlineAccountNumbers]
64444. Number=9148
64445. Confirmed=U
64446. Filename=SOAN.exe
64447. Description=Related to <a href="http://www.orbiscom.com/" target="_blank">Secure Online Account Numbers</a> by Discover(R) Card from Orbiscom Ltd. Secure and innovative payment solutions
64448. Source=Paul Collins Startup list
64449.  
64450. [Security]
64451. Number=9149
64452. Confirmed=X
64453. Filename=WindowsSecurityUpdate.exe
64454. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
64455. Source=Paul Collins Startup list
64456.  
64457. [Security Accounts Manager SM]
64458. Number=9150
64459. Confirmed=X
64460. Filename=samsm.exe
64461. Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
64462. Source=Paul Collins Startup list
64463.  
64464. [Security Agent]
64465. Number=9151
64466. Confirmed=X
64467. Filename=securag.exe
64468. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanf.html" target=_blank>BANCBAN-F</a> TROJAN!
64469. Source=Paul Collins Startup list
64470.  
64471. [Security Agent Manager]
64472. Number=9152
64473. Confirmed=X
64474. Filename=mssams.exe
64475. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsv.html" target=_blank>RBOT-SV</a> WORM!
64476. Source=Paul Collins Startup list
64477.  
64478. [Security Center]
64479. Number=9153
64480. Confirmed=X
64481. Filename=AppControl.exe
64482. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CFT&VSect=T" target=_blank>SDBOT.CFT</a> WORM!
64483. Source=Paul Collins Startup list
64484.  
64485. [Security iGuard]
64486. Number=9154
64487. Confirmed=N
64488. Filename=Security iGuard.exe
64489. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
64490. Source=Paul Collins Startup list
64491.  
64492. [Security Manager]
64493. Number=9155
64494. Confirmed=U
64495. Filename=SecurityManager.exe
64496. Description=A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private
64497.  
64498. Source=Paul Collins Startup list
64499.  
64500. [Security Patch]
64501. Number=9156
64502. Confirmed=X
64503. Filename=scmss.exe
64504. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzw.html" target=_blank>RBOT-ZW</a> WORM!
64505. Source=Paul Collins Startup list
64506.  
64507. [Security Patch]
64508. Number=9157
64509. Confirmed=X
64510. Filename=WinUpdate32.exe
64511. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbm.html" target= blank>SDBOT-BM</a> WORM!
64512. Source=Paul Collins Startup list
64513.  
64514. [Security Patches]
64515. Number=9158
64516. Confirmed=X
64517. Filename=msnkn.exe
64518. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WW" target=_blank>RBOT.WW</a> WORM!
64519. Source=Paul Collins Startup list
64520.  
64521. [Security Patches]
64522. Number=9159
64523. Confirmed=X
64524. Filename=WinLab32.exe
64525. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkb.html" target= blank>SDBOT-KB</a> WORM!
64526. Source=Paul Collins Startup list
64527.  
64528. [security service]
64529. Number=9160
64530. Confirmed=X
64531. Filename=syss.exe
64532. Description=Added by an unidentified WORM or TROJAN!
64533. Source=Paul Collins Startup list
64534.  
64535. [Security Service]
64536. Number=9161
64537. Confirmed=X
64538. Filename=secsvc.exe
64539. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggf.html" target="_blank">RBOT-GGF</a> WORM!
64540. Source=Paul Collins Startup list
64541.  
64542. [Security Service Process]
64543. Number=9162
64544. Confirmed=X
64545. Filename=svhost.exe
64546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlc.html" target="_blank">AGOBOT-LC</a> WORM!
64547. Source=Paul Collins Startup list
64548.  
64549. [securw]
64550. Number=9163
64551. Confirmed=X
64552. Filename=Nctrup.exe
64553. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042715-4734-99" target= blank>NOPIR.A</a> WORM!
64554. Source=Paul Collins Startup list
64555.  
64556. [SECWIZ98]
64557. Number=9164
64558. Confirmed=Y
64559. Filename=SECWIZ98.EXE
64560. Description=Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available <a href="http://utilities.softlandmark.com/access_control_utilities/Security_Wizard_98_Info.html" target="_blank">here</a>
64561. Source=Paul Collins Startup list
64562.  
64563. [seekmo]
64564. Number=9165
64565. Confirmed=X
64566. Filename=seekmo.exe
64567. Description=Seekmo Search, a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083106-0253-99" target=_blank>180Solutions</a> adware variant - also see <a href="http://www.mvps.org/winhelp2002/temp/seekmo/seekmo.htm" target=_blank>here</a>
64568. Source=Paul Collins Startup list
64569.  
64570. [seeve]
64571. Number=9166
64572. Confirmed=X
64573. Filename=seeve.exe
64574. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
64575. Source=Paul Collins Startup list
64576.  
64577. [Select server]
64578. Number=9167
64579. Confirmed=X
64580. Filename=slcsvr.exe
64581. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderwd.html" target=_blank>DLOADER-WD</a> TROJAN!
64582. Source=Paul Collins Startup list
64583.  
64584. [SelfHostUtil]
64585. Number=9168
64586. Confirmed=?
64587. Filename=slefhost.exe
64588. Description=<font color="#FF0000">??</font>
64589. Source=Paul Collins Startup list
64590.  
64591. [seli]
64592. Number=9169
64593. Confirmed=X
64594. Filename=[path to file]
64595. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneas.html" target=_blank>LOWZONE-AS</a> TROJAN!
64596. Source=Paul Collins Startup list
64597.  
64598. [SemanticInsight]
64599. Number=9170
64600. Confirmed=X
64601. Filename=SemanticInsight.exe
64602. Description=Added by <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094367" target=_blank>RXToolbar</a> ADAWARE! Software that displays pop-up/pop-under advertisements when the primary user interface is not visible
64603.  
64604. Source=Paul Collins Startup list
64605.  
64606. [SeMS]
64607. Number=9171
64608. Confirmed=U
64609. Filename=SeMS.exe
64610. Description=<a href="http://www.bostock.com/pcsms.htm" target="_blank">PCsms</a> - tool that enables you to send sms text messages from your PC to any UK mobile phone
64611. Source=Paul Collins Startup list
64612.  
64613. [Sen]
64614. Number=9172
64615. Confirmed=X
64616. Filename=tlii.exe
64617. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Win32.PurityScan.ah. This file is usually found in the Program Files\bama folder
64618. Source=Paul Collins Startup list
64619.  
64620. [Sensiva]
64621. Number=9173
64622. Confirmed=U
64623. Filename=Sensiva.exe
64624. Description=<a href="http://www.sensiva.com/symbolcommander/" target=_blank>Symbol Commander</a> makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly
64625.  
64626. Source=Paul Collins Startup list
64627.  
64628. [SENTRY]
64629. Number=9174
64630. Confirmed=X
64631. Filename=SENTRY.exe
64632. Description=From <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=IPInsight&threatid=7223" target="_blank">IP Insight</a>. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it
64633. Source=Paul Collins Startup list
64634.  
64635. [Sepate Security Firewall]
64636. Number=9175
64637. Confirmed=X
64638. Filename=sepate.exe
64639. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
64640. Source=Paul Collins Startup list
64641.  
64642. [septpop06apsept]
64643. Number=9176
64644. Confirmed=X
64645. Filename=septpop06apsept.exe
64646. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor.Popupwithcast&threatid=53436" target="_blank">MediaMotor.Popupwithcast</a> adware
64647. Source=Paul Collins Startup list
64648.  
64649. [Serials]
64650. Number=9177
64651. Confirmed=X
64652. Filename=serials.exe
64653. Description=Any one of a variety of worms and trojans
64654. Source=Paul Collins Startup list
64655.  
64656. [SernellApp.pcx]
64657. Number=9178
64658. Confirmed=X
64659. Filename=csrss.exe
64660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html" target=_blank>BANCBAN-BJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "D5133" subfolder
64661. Source=Paul Collins Startup list
64662.  
64663. [serpe]
64664. Number=9179
64665. Confirmed=X
64666. Filename=formatsys.exe
64667. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
64668. Source=Paul Collins Startup list
64669.  
64670. [serpe]
64671. Number=9180
64672. Confirmed=X
64673. Filename=msmbw.exe
64674. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
64675. Source=Paul Collins Startup list
64676.  
64677. [serpe]
64678. Number=9181
64679. Confirmed=X
64680. Filename=serbw.exe
64681. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030709-3841-99" target=_blank>SERFLOG.A</a> WORM!
64682. Source=Paul Collins Startup list
64683.  
64684. [serrdctl.exe]
64685. Number=9182
64686. Confirmed=Y
64687. Filename=serrdctl.exe
64688. Description="Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems
64689. Source=Paul Collins Startup list
64690.  
64691. [serrv]
64692. Number=9183
64693. Confirmed=X
64694. Filename=serrv.exe
64695. Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_dc.shtml" target="_blank">WAREZOV.DC</a> WORM!
64696. Source=Paul Collins Startup list
64697.  
64698. [SERV PacK2]
64699. Number=9184
64700. Confirmed=X
64701. Filename=nerx.exe
64702. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacp.html" target=_blank>SDBOT-ACP</a> WORM!
64703. Source=Paul Collins Startup list
64704.  
64705. [Serv-U]
64706. Number=9185
64707. Confirmed=N
64708. Filename=serv-u32.exe
64709. Description=FTP server
64710. Source=Paul Collins Startup list
64711.  
64712. [Serv-U]
64713. Number=9186
64714. Confirmed=X
64715. Filename=wssdsu.exe
64716. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-4025-99" target="_blank">MANIFEST</a> TROJAN!
64717. Source=Paul Collins Startup list
64718.  
64719. [server]
64720. Number=9187
64721. Confirmed=X
64722. Filename=server.exe
64723. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
64724. Source=Paul Collins Startup list
64725.  
64726. [server]
64727. Number=9188
64728. Confirmed=X
64729. Filename=system.exe
64730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmethsa.html" target=_blank>METHS-A</a> TROJAN!
64731. Source=Paul Collins Startup list
64732.  
64733. [server]
64734. Number=9189
64735. Confirmed=X
64736. Filename=server.exe
64737. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinguq.html" target=_blank>SINGU-Q</a> TROJAN!
64738.  
64739. Source=Paul Collins Startup list
64740.  
64741. [Server Backbone]
64742. Number=9190
64743. Confirmed=X
64744. Filename=server05.exe
64745. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzm.html" target=_blank>RBOT-ZM</a> WORM!
64746. Source=Paul Collins Startup list
64747.  
64748. [Server Runtime Process]
64749. Number=9191
64750. Confirmed=X
64751. Filename=wbemstest.exe
64752. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotddb.html" target="_blank">SDBOT-DDB</a> WORM!
64753. Source=Paul Collins Startup list
64754.  
64755. [SERVER.EXE]
64756. Number=9192
64757. Confirmed=X
64758. Filename=SERVER.EXE
64759. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100614-0437-99" target="_blank">SMOKODOOR</a> TROJANS!
64760. Source=Paul Collins Startup list
64761.  
64762. [serverex]
64763. Number=9193
64764. Confirmed=X
64765. Filename=Server.txt.vbs
64766. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
64767. Source=Paul Collins Startup list
64768.  
64769. [Service]
64770. Number=9194
64771. Confirmed=X
64772. Filename=service.exe
64773. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011718-5244-99" target="_blank">ALADINZ.H</a> TROJAN!
64774. Source=Paul Collins Startup list
64775.  
64776. [Service]
64777. Number=9195
64778. Confirmed=X
64779. Filename=[trojan filename]
64780. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022014-5559-99" target="_blank">KAITEX.E</a> TROJAN!
64781. Source=Paul Collins Startup list
64782.  
64783. [Service]
64784. Number=9196
64785. Confirmed=X
64786. Filename=services.exe
64787. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021615-4827-99" target=_blank>NETSKY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021812-2454-99" target=_blank>NETSKY.B</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
64788. Source=Paul Collins Startup list
64789.  
64790. [Service]
64791. Number=9197
64792. Confirmed=X
64793. Filename=SYSNT.exe
64794. Description=Added by the <a href="http://vil.nai.com/vil/content/v_127364.htm" target=_blank>CHA</a> TROJAN!
64795. Source=Paul Collins Startup list
64796.  
64797. [Service]
64798. Number=9198
64799. Confirmed=X
64800. Filename=Service.pif
64801. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32assiralc.html" target= blank>ASSIRAL-C</a> WORM!
64802. Source=Paul Collins Startup list
64803.  
64804. [service]
64805. Number=9199
64806. Confirmed=X
64807. Filename=wN2S.exe
64808. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
64809. Source=Paul Collins Startup list
64810.  
64811. [Service Cleaner]
64812. Number=9200
64813. Confirmed=X
64814. Filename=filen.exe
64815. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRH&VSect=T" target=_blank>RBOT.BRH</a> WORM!
64816. Source=Paul Collins Startup list
64817.  
64818. [Service Connection]
64819. Number=9201
64820. Confirmed=N
64821. Filename=sccenter.exe
64822. Description=For Compaq PC's. Part of Backweb
64823. Source=Paul Collins Startup list
64824.  
64825. [Service Connection]
64826. Number=9202
64827. Confirmed=N
64828. Filename=bwtray.exe
64829. Description=For Compaq PC's. Part of Backweb
64830. Source=Paul Collins Startup list
64831.  
64832. [Service Controller]
64833. Number=9203
64834. Confirmed=X
64835. Filename=Csrrs.exe
64836. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
64837. Source=Paul Collins Startup list
64838.  
64839. [Service Controller]
64840. Number=9204
64841. Confirmed=X
64842. Filename=service.exe
64843. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032116-3802-99" target=_blank>PREVERT</a> TROJAN!
64844. Source=Paul Collins Startup list
64845.  
64846. [Service Drivers]
64847. Number=9205
64848. Confirmed=X
64849. Filename=msnpg.exe
64850. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_RBOT.BMD" target=_blank>RBOT.BMD</a> WORM!
64851. Source=Paul Collins Startup list
64852.  
64853. [Service Drivers]
64854. Number=9206
64855. Confirmed=X
64856. Filename=PC.EXE
64857. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwk.html" target= blank>SDBOT-WK</a> WORM!
64858. Source=Paul Collins Startup list
64859.  
64860. [Service Drivers]
64861. Number=9207
64862. Confirmed=X
64863. Filename=Compt.exe
64864. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzj.html" target=_blank>RBOT-ZJ</a> WORM!
64865. Source=Paul Collins Startup list
64866.  
64867. [Service Drivers]
64868. Number=9208
64869. Confirmed=X
64870. Filename=abl.exe
64871. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html" target=_blank>SDBOT-YX</a> WORM!
64872. Source=Paul Collins Startup list
64873.  
64874. [Service Drivers]
64875. Number=9209
64876. Confirmed=X
64877. Filename=MSNMEssenger.exe
64878. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
64879. Source=Paul Collins Startup list
64880.  
64881. [Service Host]
64882. Number=9210
64883. Confirmed=X
64884. Filename=[filename].exe
64885. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101216-2559-99" target="_blank">TORVEL.B</a> WORM!
64886. Source=Paul Collins Startup list
64887.  
64888. [Service Host]
64889. Number=9211
64890. Confirmed=X
64891. Filename=spoolxx.exe
64892. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091811-4203-99" target=_blank>TORVEL</a> WORM!
64893. Source=Paul Collins Startup list
64894.  
64895. [Service Host]
64896. Number=9212
64897. Confirmed=X
64898. Filename=svchost.exe
64899. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaosera.html" target=_blank>DAOSER-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\{C922CCC4-CF61-4589-A0D1-828160704853} subfolder
64900. Source=Paul Collins Startup list
64901.  
64902. [Service Host]
64903. Number=9213
64904. Confirmed=X
64905. Filename=svchost.exe
64906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaoserc.html" target=_blank>DAOSER-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Services\[random] subfolder
64907. Source=Paul Collins Startup list
64908.  
64909. [Service Host ]
64910. Number=9214
64911. Confirmed=X
64912. Filename=svchost.exe
64913. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091811-4203-99" target=_blank>TORVEL</a> WORM! Note - this is not the legitimate <a ref="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
64914. Source=Paul Collins Startup list
64915.  
64916. [Service Host Driver]
64917. Number=9215
64918. Confirmed=X
64919. Filename=svchost.exe
64920. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030214-0403-99" target=_blank>HITON</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
64921. Source=Paul Collins Startup list
64922.  
64923. [Service Host Process]
64924. Number=9216
64925. Confirmed=X
64926. Filename=spoolsvc.exe
64927. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
64928. Source=Paul Collins Startup list
64929.  
64930. [Service Manager]
64931. Number=9217
64932. Confirmed=N
64933. Filename=sqlmangr.exe
64934. Description=SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start -> Programs
64935. Source=Paul Collins Startup list
64936.  
64937. [Service Manager]
64938. Number=9218
64939. Confirmed=X
64940. Filename=SERVICEMGR.EXE
64941. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32passmaild.html" target= blank>PASSMAIL-D</a> VIRUS!
64942. Source=Paul Collins Startup list
64943.  
64944. [Service Manager]
64945. Number=9219
64946. Confirmed=X
64947. Filename=dxsound.exe
64948. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100886" target="_blank">PROXY-GRIC</a> TROJAN!
64949. Source=Paul Collins Startup list
64950.  
64951. [service manager]
64952. Number=9220
64953. Confirmed=X
64954. Filename=service.exe
64955. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
64956. Source=Paul Collins Startup list
64957.  
64958. [Service Monitor]
64959. Number=9221
64960. Confirmed=X
64961. Filename=msnfilen.exe
64962. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotale.html" target=_blank>RBOT-ALE</a> WORM!
64963. Source=Paul Collins Startup list
64964.  
64965. [Service Monitor]
64966. Number=9222
64967. Confirmed=X
64968. Filename=javams32.exe
64969. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfnk.html" target=_blank>DELF-NK</a> TROJAN!
64970. Source=Paul Collins Startup list
64971.  
64972. [Service Monitor]
64973. Number=9223
64974. Confirmed=X
64975. Filename=javams64.exe
64976. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafo.html" target=_blank>SDBOT-AFO</a> WORM!
64977. Source=Paul Collins Startup list
64978.  
64979. [Service Monitor]
64980. Number=9224
64981. Confirmed=X
64982. Filename=msnserve.exe
64983. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101515-4844-99" target=_blank>SPYBOT.YQW</a> WORM!
64984. Source=Paul Collins Startup list
64985.  
64986. [Service Monitor]
64987. Number=9225
64988. Confirmed=X
64989. Filename=WinOcx.exe
64990. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqj.html" target=_blank>RBOT-AQJ</a> WORM!
64991. Source=Paul Collins Startup list
64992.  
64993. [Service Monitor]
64994. Number=9226
64995. Confirmed=X
64996. Filename=csnss.exe
64997. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=49714" target="_blank">RBOT.EEH</a> WORM!
64998. Source=Paul Collins Startup list
64999.  
65000. [Service Monitor]
65001. Number=9227
65002. Confirmed=X
65003. Filename=filen.exe
65004. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
65005. Source=Paul Collins Startup list
65006.  
65007. [Service Pack]
65008. Number=9228
65009. Confirmed=X
65010. Filename=[various filenames]
65011. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
65012. Source=Paul Collins Startup list
65013.  
65014. [Service Pack DLL Runtime]
65015. Number=9229
65016. Confirmed=X
65017. Filename=spdll32.exe
65018. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
65019. Source=Paul Collins Startup list
65020.  
65021. [Service Process]
65022. Number=9230
65023. Confirmed=X
65024. Filename=SVCHOST.EXE
65025. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110414-0845-99" target=_blank>DARKER</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
65026. Source=Paul Collins Startup list
65027.  
65028. [Service Process]
65029. Number=9231
65030. Confirmed=X
65031. Filename=winset.exe
65032. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
65033. Source=Paul Collins Startup list
65034.  
65035. [Service Process]
65036. Number=9232
65037. Confirmed=X
65038. Filename=service.exe
65039. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbotc.html" target=_blank>DCMBOT-C</a> TROJAN!
65040. Source=Paul Collins Startup list
65041.  
65042. [Service Process]
65043. Number=9233
65044. Confirmed=X
65045. Filename=smss.exe
65046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbote.html" target=_blank>DCMBOT-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
65047. Source=Paul Collins Startup list
65048.  
65049. [Service Process]
65050. Number=9234
65051. Confirmed=X
65052. Filename=smss.exe
65053. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbote.html" target=_blank>DCMBOT-E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in "config" subfolder
65054. Source=Paul Collins Startup list
65055.  
65056. [Service Process]
65057. Number=9235
65058. Confirmed=X
65059. Filename=svchost.exe
65060. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdcmbota.html" target=_blank>DCMBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
65061. Source=Paul Collins Startup list
65062.  
65063. [Service Registry NT Save]
65064. Number=9236
65065. Confirmed=X
65066. Filename=jdbgmgrnt.exe
65067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscg.html" target=_blank>BANCOS-CG</a> TROJAN!
65068. Source=Paul Collins Startup list
65069.  
65070. [Service Registry NT Save]
65071. Number=9237
65072. Confirmed=X
65073. Filename=taskmgrnt.exe
65074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosby.html" target=_blank>BANCOS-BY</a> TROJAN!
65075. Source=Paul Collins Startup list
65076.  
65077. [Service Registry NT Save]
65078. Number=9238
65079. Confirmed=X
65080. Filename=regeditnt.exe
65081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbm.html" target= blank>BANCOS-BM</a> TROJAN!
65082. Source=Paul Collins Startup list
65083.  
65084. [Service Scheduler]
65085. Number=9239
65086. Confirmed=X
65087. Filename=scheduler.exe
65088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotph.html" target= blank>AGOBOT-PH</a> WORM!
65089. Source=Paul Collins Startup list
65090.  
65091. [Service System]
65092. Number=9240
65093. Confirmed=X
65094. Filename=kernels32.exe
65095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosda.html" target=_blank>BANCOS-DA</a> TROJAN!
65096. Source=Paul Collins Startup list
65097.  
65098. [Service System]
65099. Number=9241
65100. Confirmed=X
65101. Filename=windowsXP.exe
65102. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosel.html" target=_blank>BANCOS-EL</a> TROJAN!
65103. Source=Paul Collins Startup list
65104.  
65105. [Service System]
65106. Number=9242
65107. Confirmed=X
65108. Filename=kgbfsm344.exe
65109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfs.html" target=_blank>BANCOS-FS</a> TROJAN!
65110. Source=Paul Collins Startup list
65111.  
65112. [Service System]
65113. Number=9243
65114. Confirmed=X
65115. Filename=wernell87.exe
65116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfj.html" target=_blank>BANCOS-FJ</a> TROJAN!
65117. Source=Paul Collins Startup list
65118.  
65119. [service updaer]
65120. Number=9244
65121. Confirmed=X
65122. Filename=qualityz.exe
65123. Description=Added by an unidentified VIRUS, WORM or TROJAN! - probably a <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> variant
65124. Source=Paul Collins Startup list
65125.  
65126. [Service.exe]
65127. Number=9245
65128. Confirmed=X
65129. Filename=Service.exe
65130. Description="servedby.advertising" popup generator
65131. Source=Paul Collins Startup list
65132.  
65133. [service32]
65134. Number=9246
65135. Confirmed=X
65136. Filename=service32.exe
65137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotst.html" target="_blank">AGOBOT-ST</a> WORM!
65138. Source=Paul Collins Startup list
65139.  
65140. [ServiceConfig]
65141. Number=9247
65142. Confirmed=U
65143. Filename=ispbeg.exe
65144. Description=Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation
65145. Source=Paul Collins Startup list
65146.  
65147. [serviceconnect]
65148. Number=9248
65149. Confirmed=X
65150. Filename=serviceconnect.exe
65151. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIR" target="_blank">AGOBOT.AIR</a> WORM!
65152. Source=Paul Collins Startup list
65153.  
65154. [ServiceLayer]
65155. Number=9249
65156. Confirmed=Y
65157. Filename=ServiceLayer.exe
65158. Description=Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly
65159. Source=Paul Collins Startup list
65160.  
65161. [servicemng]
65162. Number=9250
65163. Confirmed=X
65164. Filename=service.exe
65165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
65166. Source=Paul Collins Startup list
65167.  
65168. [services]
65169. Number=9251
65170. Confirmed=X
65171. Filename=start.bat
65172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzcrew.html" target="_blank">ZCREW</a> TROJAN!
65173. Source=Paul Collins Startup list
65174.  
65175. [Services]
65176. Number=9252
65177. Confirmed=X
65178. Filename=[path to trojan]
65179. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101407-2313-99" target="_blank"> METEORSHELL</a> TROJAN!
65180. Source=Paul Collins Startup list
65181.  
65182. [Services]
65183. Number=9253
65184. Confirmed=X
65185. Filename=back32.exe ...service.exe
65186. Description=Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe
65187. Source=Paul Collins Startup list
65188.  
65189. [Services]
65190. Number=9254
65191. Confirmed=X
65192. Filename=services.exe
65193. Description=Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which should NOT appear in Msconfig/Startup!
65194. Source=Paul Collins Startup list
65195.  
65196. [Services]
65197. Number=9255
65198. Confirmed=X
65199. Filename=winread.exe
65200. Description=Added by an unidentified VIRUS, WORM or TROJAN!
65201. Source=Paul Collins Startup list
65202.  
65203. [Services]
65204. Number=9256
65205. Confirmed=X
65206. Filename=windns.exe
65207. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
65208. Source=Paul Collins Startup list
65209.  
65210. [Services]
65211. Number=9257
65212. Confirmed=X
65213. Filename=mshost.exe
65214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlanfiltj.html" target= blank>LANFILT-J</a> TROJAN!
65215. Source=Paul Collins Startup list
65216.  
65217. [services]
65218. Number=9258
65219. Confirmed=X
65220. Filename=Svchosts.exe
65221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotn.html" target= blank>SDBOT.N</a> WORM!
65222. Source=Paul Collins Startup list
65223.  
65224. [Services]
65225. Number=9259
65226. Confirmed=X
65227. Filename=csrss.exe
65228. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-063016-3358-99" target=_blank>RANKY.U</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
65229. Source=Paul Collins Startup list
65230.  
65231. [Services]
65232. Number=9260
65233. Confirmed=X
65234. Filename=scks32.exe
65235. Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
65236. Source=Paul Collins Startup list
65237.  
65238. [Services]
65239. Number=9261
65240. Confirmed=X
65241. Filename=sockys32.exe
65242. Description=Added by the RANKY.L TROJAN!
65243. Source=Paul Collins Startup list
65244.  
65245. [Services]
65246. Number=9262
65247. Confirmed=X
65248. Filename=sys.exe
65249. Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
65250. Source=Paul Collins Startup list
65251.  
65252. [services]
65253. Number=9263
65254. Confirmed=X
65255. Filename=windows32.exe
65256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32flyvbc.html" target=_blank>FLYVB-C</a> WORM!
65257. Source=Paul Collins Startup list
65258.  
65259. [services]
65260. Number=9264
65261. Confirmed=X
65262. Filename=socks.exe
65263. Description=Added by the WIN32.SMALL.N TROJAN!
65264. Source=Paul Collins Startup list
65265.  
65266. [Services]
65267. Number=9265
65268. Confirmed=X
65269. Filename=services.exe
65270. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072615-3305-99" target=_blank>ZINCITE.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
65271. Source=Paul Collins Startup list
65272.  
65273. [Services]
65274. Number=9266
65275. Confirmed=X
65276. Filename=[path to trojan]
65277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckdb.html" target=_blank>RANCK-DB</a> TROJAN!
65278. Source=Paul Collins Startup list
65279.  
65280. [Services]
65281. Number=9267
65282. Confirmed=X
65283. Filename=iexplore.exe
65284. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112117-1320-99" target=_blank>MOGI</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
65285. Source=Paul Collins Startup list
65286.  
65287. [Services]
65288. Number=9268
65289. Confirmed=X
65290. Filename=svchost.exe
65291. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32reperb.html" target=_blank>REPER-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
65292. Source=Paul Collins Startup list
65293.  
65294. [Services]
65295. Number=9269
65296. Confirmed=X
65297. Filename=sysamp.exe
65298. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
65299. Source=Paul Collins Startup list
65300.  
65301. [Services]
65302. Number=9270
65303. Confirmed=X
65304. Filename=prosys32.exe
65305. Description=Added by an unidentified WORM or TROJAN!
65306. Source=Paul Collins Startup list
65307.  
65308. [Services]
65309. Number=9271
65310. Confirmed=X
65311. Filename=iexplorer.exe
65312. Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
65313. Source=Paul Collins Startup list
65314.  
65315. [Services]
65316. Number=9272
65317. Confirmed=X
65318. Filename=iexploler.exe
65319. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453107025" target="_blank">RANCK-LT</a> TROJAN!
65320. Source=Paul Collins Startup list
65321.  
65322. [Services]
65323. Number=9273
65324. Confirmed=X
65325. Filename=iexpolere.exe
65326. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453107026" target="_blank">RANCK.LU</a> TROJAN!
65327. Source=Paul Collins Startup list
65328.  
65329. [Services Administrator]
65330. Number=9274
65331. Confirmed=X
65332. Filename=localsvc.exe
65333. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65334. Source=Paul Collins Startup list
65335.  
65336. [Services Administrator]
65337. Number=9275
65338. Confirmed=X
65339. Filename=netsvc.exe
65340. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65341. Source=Paul Collins Startup list
65342.  
65343. [Services Administrator]
65344. Number=9276
65345. Confirmed=X
65346. Filename=spoolsvc.exe
65347. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65348. Source=Paul Collins Startup list
65349.  
65350. [Services Administrator]
65351. Number=9277
65352. Confirmed=X
65353. Filename=svcadmin.exe
65354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65355. Source=Paul Collins Startup list
65356.  
65357. [Services Administrator]
65358. Number=9278
65359. Confirmed=X
65360. Filename=svcman.exe
65361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65362. Source=Paul Collins Startup list
65363.  
65364. [Services Administrator]
65365. Number=9279
65366. Confirmed=X
65367. Filename=svcrun.exe
65368. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65369. Source=Paul Collins Startup list
65370.  
65371. [Services Administrator]
65372. Number=9280
65373. Confirmed=X
65374. Filename=tcpsvc.exe
65375. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65376. Source=Paul Collins Startup list
65377.  
65378. [Services Administrator]
65379. Number=9281
65380. Confirmed=X
65381. Filename=websvc.exe
65382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
65383. Source=Paul Collins Startup list
65384.  
65385. [Services Controller]
65386. Number=9282
65387. Confirmed=X
65388. Filename=lsassa.exe
65389. Description=Added by the CIADOOR.122 VIRUS!
65390. Source=Paul Collins Startup list
65391.  
65392. [Services Controller]
65393. Number=9283
65394. Confirmed=X
65395. Filename=services.exe
65396. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorf.html" target= blank>CIADOOR-F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
65397. Source=Paul Collins Startup list
65398.  
65399. [Services Host]
65400. Number=9284
65401. Confirmed=X
65402. Filename=Scchost.exe
65403. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-043013-2626-99" target="_blank">DONK</a> WORM!
65404. Source=Paul Collins Startup list
65405.  
65406. [Services Host]
65407. Number=9285
65408. Confirmed=X
65409. Filename=svchost32.exe
65410. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottg.html" target=_blank>AGOBOT-TG</a> WORM!
65411. Source=Paul Collins Startup list
65412.  
65413. [Services Logon]
65414. Number=9286
65415. Confirmed=X
65416. Filename=services.exe
65417. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012310-2158-99" target=_blank>CROWT.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
65418. Source=Paul Collins Startup list
65419.  
65420. [Services Process]
65421. Number=9287
65422. Confirmed=X
65423. Filename=services.exe
65424. Description=Spyware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Small.X TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
65425. Source=Paul Collins Startup list
65426.  
65427. [Services Process]
65428. Number=9288
65429. Confirmed=X
65430. Filename=smss.exe
65431. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallek.html" target=_blank>SMALL-EK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder
65432. Source=Paul Collins Startup list
65433.  
65434. [Services Startup]
65435. Number=9289
65436. Confirmed=X
65437. Filename=services.exe
65438. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012310-2158-99" target=_blank>CROWT.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! By default this file is located in Documents and Settings\[user name]\Templates
65439. Source=Paul Collins Startup list
65440.  
65441. [Services Startup]
65442. Number=9290
65443. Confirmed=X
65444. Filename=svhost33.exe
65445. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
65446. Source=Paul Collins Startup list
65447.  
65448. [Services.dll]
65449. Number=9291
65450. Confirmed=X
65451. Filename=smss.exe
65452. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberl.html" target=_blank>SOBER-L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\system subfolder of the Winnt or Windows folder
65453. Source=Paul Collins Startup list
65454.  
65455. [Services.EXE]
65456. Number=9292
65457. Confirmed=X
65458. Filename=services.exe
65459. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051220-5250-99" target="_blank">KAZPING</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
65460. Source=Paul Collins Startup list
65461.  
65462. [services.exe]
65463. Number=9293
65464. Confirmed=X
65465. Filename=Services.exe
65466. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorf.html" target= blank>CIADOOR-F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
65467. Source=Paul Collins Startup list
65468.  
65469. [Services004]
65470. Number=9294
65471. Confirmed=X
65472. Filename=[worm filename]
65473. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010215-0626-99" target="_blank">BUGBROS</a> WORM!
65474. Source=Paul Collins Startup list
65475.  
65476. [services32]
65477. Number=9295
65478. Confirmed=X
65479. Filename=mc-110-12-0000079.exe
65480. Description=Added by the TrojanDownloader.Agent.rv TROJAN!
65481. Source=Paul Collins Startup list
65482.  
65483. [services32]
65484. Number=9296
65485. Confirmed=X
65486. Filename=mc-58-12-0000120.exe
65487. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>"Shorty"</a> adware - also detected as the AGENT.FD TROJAN!
65488. Source=Paul Collins Startup list
65489.  
65490. [services32]
65491. Number=9297
65492. Confirmed=X
65493. Filename=mc-58-12-0000140.exe
65494. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060715-4527-99" target=_blank>"Shorty"</a> adware - also detected as the AGENT.FD TROJAN!
65495. Source=Paul Collins Startup list
65496.  
65497. [Services32 Startup]
65498. Number=9298
65499. Confirmed=X
65500. Filename=win32dll.exe
65501. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxo.html" target= blank>SDBOT-XO</a> WORM!
65502. Source=Paul Collins Startup list
65503.  
65504. [ServicesLoad]
65505. Number=9299
65506. Confirmed=X
65507. Filename=lsass.exe
65508. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdearisa.html" target=_blank>DEARIS-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
65509. Source=Paul Collins Startup list
65510.  
65511. [ServicesLog]
65512. Number=9300
65513. Confirmed=X
65514. Filename=ccapp32.exe
65515. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamx.html" target=_blank>RBOT-AMX</a> WORM!
65516. Source=Paul Collins Startup list
65517.  
65518. [Servicewin]
65519. Number=9301
65520. Confirmed=X
65521. Filename=Hide32.exe
65522. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
65523. Source=Paul Collins Startup list
65524.  
65525. [Servicing]
65526. Number=9302
65527. Confirmed=X
65528. Filename=hostd.exe
65529. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BUI&VSect=P" target=_blank>SDBOT.BUI</a> WORM!
65530. Source=Paul Collins Startup list
65531.  
65532. [Servicio Local]
65533. Number=9303
65534. Confirmed=X
65535. Filename=svhost.exe
65536. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BGX" target="_blank">SPYBOT.BGX</a> WORM!
65537. Source=Paul Collins Startup list
65538.  
65539. [servics]
65540. Number=9304
65541. Confirmed=X
65542. Filename=servics.exe
65543. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsinguj.html" target=_blank>SINGU-J</a> TROJAN!
65544. Source=Paul Collins Startup list
65545.  
65546. [SERVlCE]
65547. Number=9305
65548. Confirmed=X
65549. Filename=SERVlCE.EXE
65550. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotub.html" target=_blank>AGOBOT-UB</a> WORM!
65551. Source=Paul Collins Startup list
65552.  
65553. [ServUTrayIcon]
65554. Number=9306
65555. Confirmed=?
65556. Filename=ServUTray.exe
65557. Description=System Tray icon for Serv-U FTP server.<font color="#FF0000"> </font><font color="#FF0000">Is it required?</font>
65558. Source=Paul Collins Startup list
65559.  
65560. [SES Service]
65561. Number=9307
65562. Confirmed=X
65563. Filename=sesvc.exe
65564. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczu.html" target="_blank">SDBOT-CZU</a> WORM!
65565. Source=Paul Collins Startup list
65566.  
65567. [Session Client]
65568. Number=9308
65569. Confirmed=U
65570. Filename=sescli.exe
65571. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071412-1348-99" target= blank>SurfSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
65572. Source=Paul Collins Startup list
65573.  
65574. [Session Manager Subsystem]
65575. Number=9309
65576. Confirmed=X
65577. Filename=smssa.exe
65578. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotags.html" target=_blank>RBOT-AGS</a> WORM!
65579. Source=Paul Collins Startup list
65580.  
65581. [SESync]
65582. Number=9310
65583. Confirmed=X
65584. Filename=sed.exe
65585. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DownloadWare&threatid=4620" target=_blank>DownloadWare</a> adware
65586. Source=Paul Collins Startup list
65587.  
65588. [SetDefaultMIDI]
65589. Number=9311
65590. Confirmed=?
65591. Filename=MIDIDef.exe
65592. Description=Related to a Soundblaster Audigy soundcards.<font color="#FF0000"> What does it do and is it required?</font>
65593. Source=Paul Collins Startup list
65594.  
65595. [SetDefaultPrinter]
65596. Number=9312
65597. Confirmed=Y
65598. Filename=cloaker.exe
65599. Description=Used by HP and Compaq computers to hide the windows of programs passed as arguments to it
65600. Source=Paul Collins Startup list
65601.  
65602. [setdefprt]
65603. Number=9313
65604. Confirmed=N
65605. Filename=setdefprt.exe
65606. Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
65607. Source=Paul Collins Startup list
65608.  
65609. [SetDefPrt]
65610. Number=9314
65611. Confirmed=N
65612. Filename=BrStDvPt.exe
65613. Description=Used to set a Brother MFC printer/copier/scanner as the default printer after installation
65614. Source=Paul Collins Startup list
65615.  
65616. [SetecCertUtil]
65617. Number=9315
65618. Confirmed=U
65619. Filename=Certutil.exe
65620. Description=Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV
65621. Source=Paul Collins Startup list
65622.  
65623. [setFTPBack]
65624. Number=9316
65625. Confirmed=X
65626. Filename=createsw.exe
65627. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061015-4747-99" target="_blank">FTP_BMAIL</a> TROJAN!
65628. Source=Paul Collins Startup list
65629.  
65630. [SetHook]
65631. Number=9317
65632. Confirmed=N
65633. Filename=SetHook.exe
65634. Description=Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
65635. Source=Paul Collins Startup list
65636.  
65637. [SETI@home]
65638. Number=9318
65639. Confirmed=N
65640. Filename=SETI@home.exe
65641. Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
65642. Source=Paul Collins Startup list
65643.  
65644. [seticlient]
65645. Number=9319
65646. Confirmed=N
65647. Filename=SETI@home.exe
65648. Description=SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
65649. Source=Paul Collins Startup list
65650.  
65651. [SetIcon]
65652. Number=9320
65653. Confirmed=N
65654. Filename=SetIcon.exe
65655. Description=Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog
65656. Source=Paul Collins Startup list
65657.  
65658. [SetiQueue]
65659. Number=9321
65660. Confirmed=N
65661. Filename=Setiqu~1.exe
65662. Description=Provides work unit buffering for Seti@Home clients - see <a href="http://www.setiqueue.org/" target="_blank">here</a> for more details
65663. Source=Paul Collins Startup list
65664.  
65665. [SetiSpy]
65666. Number=9322
65667. Confirmed=N
65668. Filename=SetiSpy.exe
65669. Description=<a href="http://members.shaw.ca/bbrseti/spyscreen.html" target="_blank">SETI Spy</a> is a little program to "spy" on the progress and performance of the SETI@home client. Called a "spy" because it is unobtrusive as possible
65670. Source=Paul Collins Startup list
65671.  
65672. [SetPoint]
65673. Number=9323
65674. Confirmed=X
65675. Filename=SetPoint.exe
65676. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbwi.html" target="_blank">RBOT-BWI</a> WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in the Logitech\Setpoint sub-folder of Program Files. This file is located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder
65677. Source=Paul Collins Startup list
65678.  
65679. [SetPoint]
65680. Number=9324
65681. Confirmed=U
65682. Filename=Setpoint.exe
65683. Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files
65684. Source=Paul Collins Startup list
65685.  
65686. [SETPOINT Logitech Inc]
65687. Number=9325
65688. Confirmed=X
65689. Filename=KHALMNP.exe
65690. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaax.html" target= blank>RBOT-AAX</a> WORM!
65691. Source=Paul Collins Startup list
65692.  
65693. [SetRefresh]
65694. Number=9326
65695. Confirmed=?
65696. Filename=SetRefresh.exe
65697. Description=Found on a Compaq PC. <font color="#FF0000">Video refresh rate utility? Is it required?</font>
65698. Source=Paul Collins Startup list
65699.  
65700. [Setting]
65701. Number=9327
65702. Confirmed=X
65703. Filename=sysweb.exe
65704. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
65705. Source=Paul Collins Startup list
65706.  
65707. [setup]
65708. Number=9328
65709. Confirmed=N
65710. Filename=hphprld.exe ....setup.exe
65711. Description=HP DeskJet Setup - printers function normally without it
65712. Source=Paul Collins Startup list
65713.  
65714. [Setup experation]
65715. Number=9329
65716. Confirmed=X
65717. Filename=svchost.exe
65718. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeraw.html" target=_blank>TOFGER-AW</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
65719. Source=Paul Collins Startup list
65720.  
65721. [setupa]
65722. Number=9330
65723. Confirmed=X
65724. Filename=runt32.exe
65725. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassk.html" target=_blank>QQPASS-K</a> TROJAN!
65726. Source=Paul Collins Startup list
65727.  
65728. [setupdata]
65729. Number=9331
65730. Confirmed=X
65731. Filename=rnll32.exe
65732. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassac.html" target=_blank>QQPASS-AC</a> TROJAN!
65733. Source=Paul Collins Startup list
65734.  
65735. [SetupICWDesktop]
65736. Number=9332
65737. Confirmed=N
65738. Filename=icwconn1.exe
65739. Description=Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
65740. Source=Paul Collins Startup list
65741.  
65742. [setupuser]
65743. Number=9333
65744. Confirmed=X
65745. Filename=regedit.exe setupuser.log
65746. Description=Regfile in disguise - another <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
65747. Source=Paul Collins Startup list
65748.  
65749. [setuzp]
65750. Number=9334
65751. Confirmed=?
65752. Filename=setuzp.exe
65753. Description=<font color="#FF0000">??</font>
65754. Source=Paul Collins Startup list
65755.  
65756. [SetVrc]
65757. Number=9335
65758. Confirmed=X
65759. Filename=setvrc.exe
65760. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072921-1418-99" target="_blank">HUNTOCX</a> WORM!
65761. Source=Paul Collins Startup list
65762.  
65763. [Sex Teris]
65764. Number=9336
65765. Confirmed=X
65766. Filename=st01b.exe
65767. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090817-4709-99" target="_blank">REPAD</a> WORM!
65768. Source=Paul Collins Startup list
65769.  
65770. [Sexnow]
65771. Number=9337
65772. Confirmed=X
65773. Filename=Sexnow.exe
65774. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialsenowb.html" target= blank>SENOW-B</a> premium rate adult content dialler
65775.  
65776. Source=Paul Collins Startup list
65777.  
65778. [Sexy_Blondes]
65779. Number=9338
65780. Confirmed=X
65781. Filename=Sexy_Blondes.exe
65782. Description=Added by the <a href="http://virusinfo.prevx.com/viruscenter.asp?GRP=4766100024" target=_blank>Sexy</a> DIALER!. Related also to <a href="http://www.superadblocker.com/definition/sexy_blondes/" target=_blank>Hot Tarts</a> DIALER!
65783.  
65784. Source=Paul Collins Startup list
65785.  
65786. [Sexy_sg]
65787. Number=9339
65788. Confirmed=X
65789. Filename=Sexy_sg.exe
65790. Description=Premium rate adult content dialler
65791. Source=Paul Collins Startup list
65792.  
65793. [sf]
65794. Number=9340
65795. Confirmed=X
65796. Filename=sf.exe
65797. Description=<a href="http://www.surfenhance.com/" target=_blank>SurfEnhance</a> adware component
65798. Source=Paul Collins Startup list
65799.  
65800. [SFIGUI]
65801. Number=9341
65802. Confirmed=N
65803. Filename=SFIGUI.EXE
65804. Description=<a href="http://www.sonicfocus.com/products/index.htm#" target=_blank>Sonic Focus</a> - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"
65805. Source=Paul Collins Startup list
65806.  
65807. [sfita]
65808. Number=9342
65809. Confirmed=X
65810. Filename=sfita.exe
65811. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfavaddh.html" target=_blank>FAVADD-H</a> TROJAN! Also known as <a href="http://www.surfenhance.com/" target=_blank>SurfEnhance</a> adware
65812. Source=Paul Collins Startup list
65813.  
65814. [SFP]
65815. Number=9343
65816. Confirmed=N
65817. Filename=vzSFPWin.EXE
65818. Description=Verizon Online Support Center - prompts for online updates
65819. Source=Paul Collins Startup list
65820.  
65821. [sfpc]
65822. Number=9344
65823. Confirmed=U
65824. Filename=sfpc.exe
65825. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spy4pc.html" target="_blank">Spy4PC</a> surveillance software. Uninstall this software unless you put it there yourself
65826. Source=Paul Collins Startup list
65827.  
65828. [SFtrb Service]
65829. Number=9345
65830. Confirmed=X
65831. Filename=cftrb32.exe
65832. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061817-3111-99" target="_blank">SOBIG.D</a> WORM!
65833. Source=Paul Collins Startup list
65834.  
65835. [SfWinStartInfo]
65836. Number=9346
65837. Confirmed=U
65838. Filename=sfWinStartupInfo.exe
65839. Description=<p align=left>SFIRM32 Online Banking software
65840. Source=Paul Collins Startup list
65841.  
65842. [Sgecrypt]
65843. Number=9347
65844. Confirmed=U
65845. Filename=Sgecrypt.exe
65846. Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
65847. Source=Paul Collins Startup list
65848.  
65849. [Sgeecview]
65850. Number=9348
65851. Confirmed=U
65852. Filename=Ecview.exe
65853. Description=<a href="http://www.ediport.hu/_sgeasy.html" target="_blank">SafeGuard Easy</a> - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
65854. Source=Paul Collins Startup list
65855.  
65856. [sginst]
65857. Number=9349
65858. Confirmed=U
65859. Filename=sginst.exe
65860. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
65861. Source=Paul Collins Startup list
65862.  
65863. [SGTBox]
65864. Number=9350
65865. Confirmed=?
65866. Filename=SGTBox.exe
65867. Description=Canon scanner driver.<font color="#FF0000"> Is it required?</font>
65868. Source=Paul Collins Startup list
65869.  
65870. [sgtray]
65871. Number=9351
65872. Confirmed=U
65873. Filename=sgtray.exe
65874. Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
65875. Source=Paul Collins Startup list
65876.  
65877. [Shadow]
65878. Number=9352
65879. Confirmed=Y
65880. Filename=Shadow.exe
65881. Description="<a href="http://www.ntius.com/shadow.asp" target="_blank">NTI Shadow 3</a> is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another"
65882. Source=Paul Collins Startup list
65883.  
65884. [ShadowUser Pro Edition]
65885. Number=9353
65886. Confirmed=U
65887. Filename=ShadowUser.exe
65888. Description="StorageCraftÖ <a href="http://www.storagecraft.com/products/ShadowUser/" target="_blank">ShadowUserÖ</a> provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to  PCs and laptops"
65889. Source=Paul Collins Startup list
65890.  
65891. [shambl3r]
65892. Number=9354
65893. Confirmed=X
65894. Filename=cnf.bat
65895. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM!
65896. Source=Paul Collins Startup list
65897.  
65898. [shambl3r*]
65899. Number=9355
65900. Confirmed=X
65901. Filename=shambl3r.exe
65902. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101611-1053-99" target="_blank">REMABL</a> WORM! where * is 2 to 11
65903. Source=Paul Collins Startup list
65904.  
65905. [Shania]
65906. Number=9356
65907. Confirmed=X
65908. Filename=Shania.vbs
65909. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020217-3141-99" target=_blank>SHANIA</a> VIRUS! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
65910. Source=Paul Collins Startup list
65911.  
65912. [Share-to-Web Namespace Daemon]
65913. Number=9357
65914. Confirmed=N
65915. Filename=hpgs2wnd.exe
65916. Description=HP's exclusive <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?docname=bps05210&cc=us&dlc=en&lc=en&jumpid=reg_R1002_USEN" target="_blank">Share-to-Web</a> software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
65917. Source=Paul Collins Startup list
65918.  
65919. [Shareaza]
65920. Number=9358
65921. Confirmed=N
65922. Filename=Shareaza.exe
65923. Description=<a href="http://www.shareaza.com/" target=_blank>Shareaza</a> P2P client
65924. Source=Paul Collins Startup list
65925.  
65926. [Shareaza]
65927. Number=9359
65928. Confirmed=U
65929. Filename=bindata.exe
65930. Description=<a href="http://www.shareaza.com/" target=_blank>Shareaza</a> P2P client related
65931. Source=Paul Collins Startup list
65932.  
65933. [sharedprem]
65934. Number=9360
65935. Confirmed=X
65936. Filename=sharedprem.exe
65937. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040311-3929-99" target="_blank">MAKECALL</a> TROJAN!
65938. Source=Paul Collins Startup list
65939.  
65940. [Sharing and Mapping Software]
65941. Number=9361
65942. Confirmed=Y
65943. Filename=DShmap.exe
65944. Description=<a target="_blank" href="http://www.intel.com/support/network/anypoint/">Intel AnyPoint</a> internet sharing software. Now discontinued
65945. Source=Paul Collins Startup list
65946.  
65947. [SharkEject]
65948. Number=9362
65949. Confirmed=N
65950. Filename=AEJCT32.exe
65951. Description=Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
65952. Source=Paul Collins Startup list
65953.  
65954. [SharpTray]
65955. Number=9363
65956. Confirmed=U
65957. Filename=SharpTray.exe
65958. Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
65959. Source=Paul Collins Startup list
65960.  
65961. [Shcenter]
65962. Number=9364
65963. Confirmed=N
65964. Filename=chcenter.exe
65965. Description=IMSI <a href="http://www.imsisoft.com/prodinfo.asp?t=1&mcid=100" target="_blank">HiJaak</a> - "the easiest way to convert, capture, and manage all your graphic files"
65966. Source=Paul Collins Startup list
65967.  
65968. [SheduIer]
65969. Number=9365
65970. Confirmed=X
65971. Filename=svchst.exe
65972. Description=Premium rate adult content dialler
65973. Source=Paul Collins Startup list
65974.  
65975. [SheduIer]
65976. Number=9366
65977. Confirmed=X
65978. Filename=shch.exe
65979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
65980. Source=Paul Collins Startup list
65981.  
65982. [SheduIer]
65983. Number=9367
65984. Confirmed=X
65985. Filename=winagent.exe
65986. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target= blank>EB</a> TROJAN!
65987. Source=Paul Collins Startup list
65988.  
65989. [Shedule Connection]
65990. Number=9368
65991. Confirmed=X
65992. Filename=arpo412.exe
65993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ppdoorr.html" target=_blank>PPDOOR-R</a> WORM!
65994. Source=Paul Collins Startup list
65995.  
65996. [Sheduler]
65997. Number=9369
65998. Confirmed=X
65999. Filename=nerocheck.exe
66000. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target=_blank>TACTSLAY.B</a> TROJAN!
66001. Source=Paul Collins Startup list
66002.  
66003. [Shell]
66004. Number=9370
66005. Confirmed=X
66006. Filename=Shell32.exe
66007. Description=Added by the <a href="http://www.f-secure.com/v-descs/badsec.shtml" target="_blank">BADSECTOR</a> TROJAN!
66008. Source=Paul Collins Startup list
66009.  
66010. [Shell]
66011. Number=9371
66012. Confirmed=X
66013. Filename=ray.exe
66014. Description=Homepage hijacker re-directing browsers to adult content websites
66015. Source=Paul Collins Startup list
66016.  
66017. [Shell]
66018. Number=9372
66019. Confirmed=X
66020. Filename=Tray.exe
66021. Description=Homepage hijacker re-directing browsers to adult content websites
66022. Source=Paul Collins Startup list
66023.  
66024. [Shell]
66025. Number=9373
66026. Confirmed=X
66027. Filename=wmedia16.exe
66028. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010715-5330-99" target=_blank>GOLDUN</a> TROJAN!
66029. Source=Paul Collins Startup list
66030.  
66031. [Shell]
66032. Number=9374
66033. Confirmed=X
66034. Filename=Open32.exe
66035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldl.html" target= blank>SMALL-DL</a> TROJAN!
66036. Source=Paul Collins Startup list
66037.  
66038. [Shell]
66039. Number=9375
66040. Confirmed=X
66041. Filename=Explorer.exe sound_drive16.exe
66042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html" target="_blank">GP</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
66043. Source=Paul Collins Startup list
66044.  
66045. [Shell]
66046. Number=9376
66047. Confirmed=X
66048. Filename=Explorer.exe, msmsgs.exe
66049. Description=Added by the <a href=" http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99" target="_blank">ZLOB</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
66050. Source=Paul Collins Startup list
66051.  
66052. [Shell]
66053. Number=9377
66054. Confirmed=X
66055. Filename=Explorer.exe [path] svchost.exe
66056. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050114-4234-99" target=_blank>DOYORG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
66057. Source=Paul Collins Startup list
66058.  
66059. [shell]
66060. Number=9378
66061. Confirmed=X
66062. Filename=explorer.exe
66063. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061100-3940-99" target="_blank">KAKKEYS</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
66064. Source=Paul Collins Startup list
66065.  
66066. [Shell]
66067. Number=9379
66068. Confirmed=X
66069. Filename=iexplore.exe
66070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kipisu.html" target=_blank>KIPIS-U</a> TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
66071. Source=Paul Collins Startup list
66072.  
66073. [Shell]
66074. Number=9380
66075. Confirmed=X
66076. Filename=ibm0000*.exe [* = digit]
66077. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigc.html" target=_blank>TORPIG-C</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigj.html" target=_blank>TORPIG-J</a> TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on
66078. Source=Paul Collins Startup list
66079.  
66080. [Shell]
66081. Number=9381
66082. Confirmed=X
66083. Filename=taskmrg.exe
66084. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanft.html" target=_blank>BANCBAN-FT</a> TROJAN!
66085. Source=Paul Collins Startup list
66086.  
66087. [Shell]
66088. Number=9382
66089. Confirmed=X
66090. Filename=Explorer.exe winupdate.exe
66091. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentfd.html" target=_blank>AGENT-FD</a> TROJAN!
66092. Source=Paul Collins Startup list
66093.  
66094. [Shell]
66095. Number=9383
66096. Confirmed=X
66097. Filename=ibm[RANDOM 5 DIGIT NUMBER].exe
66098. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-112315-0608-99" target=_blank>ANSERIN</a> TROJAN!
66099. Source=Paul Collins Startup list
66100.  
66101. [Shell]
66102. Number=9384
66103. Confirmed=X
66104. Filename=svchost.exe
66105. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgoldspyb.html" target=_blank>GOLDSPY-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
66106. Source=Paul Collins Startup list
66107.  
66108. [Shell]
66109. Number=9385
66110. Confirmed=X
66111. Filename=ibm00001.dll
66112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpigq.html" target="_blank">TORPIG-Q</a> TROJAN!
66113. Source=Paul Collins Startup list
66114.  
66115. [Shell API32]
66116. Number=9386
66117. Confirmed=X
66118. Filename=svcnet.exe
66119. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41429" target= blank>TIBICK.C</a> WORM!
66120. Source=Paul Collins Startup list
66121.  
66122. [Shell Extension]
66123. Number=9387
66124. Confirmed=X
66125. Filename=spollsv.exe
66126. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
66127. Source=Paul Collins Startup list
66128.  
66129. [Shell Tray Window]
66130. Number=9388
66131. Confirmed=X
66132. Filename=ShellTraywnd.exe
66133. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstultdora.html" target=_blank>STULTDOR-A</a> TROJAN!
66134. Source=Paul Collins Startup list
66135.  
66136. [shell update]
66137. Number=9389
66138. Confirmed=X
66139. Filename=shellexec.exe
66140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanc.html" target=_blank>AGOBOT-TH</a> WORM!
66141. Source=Paul Collins Startup list
66142.  
66143. [Shell32]
66144. Number=9390
66145. Confirmed=X
66146. Filename=Shell32.vbs
66147. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031515-4025-99" target=_blank>SCAFENE</a> WORM!
66148. Source=Paul Collins Startup list
66149.  
66150. [shell32]
66151. Number=9391
66152. Confirmed=X
66153. Filename=ntldrt.exe
66154. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
66155. Source=Paul Collins Startup list
66156.  
66157. [Shell32]
66158. Number=9392
66159. Confirmed=X
66160. Filename=iexplore.exe
66161. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotay.html" target=_blank>IRCBOT-AY</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
66162. Source=Paul Collins Startup list
66163.  
66164. [ShellApi]
66165. Number=9393
66166. Confirmed=X
66167. Filename=SHELLMSN.EXE
66168. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEV.B" target="_blank">NETDEV.B</a> TROJAN!
66169. Source=Paul Collins Startup list
66170.  
66171. [Shellapi32]
66172. Number=9394
66173. Confirmed=X
66174. Filename=Shellapi32.exe
66175. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99" target="_blank">NETDEVIL</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NERTE.76.B" target="_blank">NERTE</a>) TROJAN!
66176. Source=Paul Collins Startup list
66177.  
66178. [Shellapi32]
66179. Number=9395
66180. Confirmed=X
66181. Filename=mcvsrte.exe
66182. Description=Added by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name
66183. Source=Paul Collins Startup list
66184.  
66185. [ShellCommand]
66186. Number=9396
66187. Confirmed=X
66188. Filename=[path to file]
66189. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremcona.html" target=_blank>REMCON-A</a> TROJAN!
66190.  
66191. Source=Paul Collins Startup list
66192.  
66193. [Shelldaemon]
66194. Number=9397
66195. Confirmed=X
66196. Filename=Shelldaemon.exe
66197. Description=Added by a variant of the AGENT.ALN TROJAN!
66198. Source=Paul Collins Startup list
66199.  
66200. [ShellEx]
66201. Number=9398
66202. Confirmed=X
66203. Filename=ShellEx.exe
66204. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062615-5626-99" target="_blank">ANAKHA</a> TROJAN!
66205. Source=Paul Collins Startup list
66206.  
66207. [ShellN]
66208. Number=9399
66209. Confirmed=X
66210. Filename=isca.exe
66211. Description=Added by the <a href="http://www.avira.com/en/threats/section/fulldetails/id_vir/3554/tr_dldr.ibill.z.html" target="_blank">IBILL.Z</a> TROJAN!
66212. Source=Paul Collins Startup list
66213.  
66214. [ShellOS]
66215. Number=9400
66216. Confirmed=X
66217. Filename=A+++.exe
66218. Description=Added by the AV TROJAN!
66219. Source=Paul Collins Startup list
66220.  
66221. [ShellRun]
66222. Number=9401
66223. Confirmed=X
66224. Filename=lexplore_.exe
66225. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
66226. Source=Paul Collins Startup list
66227.  
66228. [ShellRun32]
66229. Number=9402
66230. Confirmed=X
66231. Filename=iexplore.exe
66232. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotay.html" target=_blank>IRCBOT-AY</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
66233. Source=Paul Collins Startup list
66234.  
66235. [Shellspl]
66236. Number=9403
66237. Confirmed=X
66238. Filename=lsas.exe
66239. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojyalera.html" target= blank>YALER-A</a> TROJAN!
66240. Source=Paul Collins Startup list
66241.  
66242. [Shellspl]
66243. Number=9404
66244. Confirmed=X
66245. Filename=spools.exe
66246. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxagea.html" target=_blank>PROXAGE-A</a> TROJAN!
66247. Source=Paul Collins Startup list
66248.  
66249. [shellsystem]
66250. Number=9405
66251. Confirmed=X
66252. Filename=shellsystem.exe
66253. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092312-3316-99" target="_blank">UPCHAN</a> TROJAN!
66254. Source=Paul Collins Startup list
66255.  
66256. [shhost]
66257. Number=9406
66258. Confirmed=X
66259. Filename=shhost.exe
66260. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088611" target=_blank>AGENT.CE</a> TROJAN!
66261. Source=Paul Collins Startup list
66262.  
66263. [shicoxp]
66264. Number=9407
66265. Confirmed=N
66266. Filename=shicoxp.exe
66267. Description=Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
66268. Source=Paul Collins Startup list
66269.  
66270. [Shine]
66271. Number=9408
66272. Confirmed=X
66273. Filename=Shine.exe
66274. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090919-4618-99" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
66275. Source=Paul Collins Startup list
66276.  
66277. [SHINITV]
66278. Number=9409
66279. Confirmed=?
66280. Filename=shinitv.exe
66281. Description=<font color="#FF0000">??</font>
66282. Source=Paul Collins Startup list
66283.  
66284. [Shmgrate.exe]
66285. Number=9410
66286. Confirmed=X
66287. Filename=ibot4.exe
66288. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122909-2907-99" target="_blank">GASTER</a> TROJAN!
66289. Source=Paul Collins Startup list
66290.  
66291. [ShockmachineReminder]
66292. Number=9411
66293. Confirmed=N
66294. Filename=SmReminder.exe
66295. Description="<a href="http://www.adobe.com/support/flash/publishexport/shockmachine_flash4/shockmachine_flash402.html" target="_blank">Shockmachine</a> is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline". <font color="#FF0000">Could be a registration reminder for the trial version</font>
66296. Source=Paul Collins Startup list
66297.  
66298. [Shockwave]
66299. Number=9412
66300. Confirmed=X
66301. Filename=csrss.exe
66302. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092009-4537-99" target=_blank>SNDOG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
66303. Source=Paul Collins Startup list
66304.  
66305. [Shockwave Init]
66306. Number=9413
66307. Confirmed=N
66308. Filename=SWINIT.EXE
66309. Description=Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
66310. Source=Paul Collins Startup list
66311.  
66312. [Shockwave Support]
66313. Number=9414
66314. Confirmed=X
66315. Filename=FlashPlayer.exe
66316. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
66317. Source=Paul Collins Startup list
66318.  
66319. [ShortKeys 99]
66320. Number=9415
66321. Confirmed=N
66322. Filename=SHORTKEY.EXE
66323. Description=<a href="http://www.shortkeys.com/" target="_blank">ShortKeys</a> from Insight Software Solutions - allows you to program keys with text strings
66324. Source=Paul Collins Startup list
66325.  
66326. [sHotKey]
66327. Number=9416
66328. Confirmed=Y
66329. Filename=sHotKey.exe
66330. Description=Special function key manager for Chicony keyboards - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/shotkey/" target=_blank>here</a>
66331.  
66332. Source=Paul Collins Startup list
66333.  
66334. [Showbehind]
66335. Number=9417
66336. Confirmed=X
66337. Filename=SHOWBEHIND.EXE
66338. Description=Advertisement display which can be stopped <a href="http://www.showbehind.com/adremove.exe" target="_blank">here</a>
66339. Source=Paul Collins Startup list
66340.  
66341. [ShowFF]
66342. Number=9418
66343. Confirmed=X
66344. Filename=ShowFF.exe
66345. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html" target=_blank>Adware.FFToolBar</a> adware toolbar
66346. Source=Paul Collins Startup list
66347.  
66348. [ShowIcon_Justrams_USB Product Driver v2.12r012]
66349. Number=9419
66350. Confirmed=?
66351. Filename=shwicon.exe
66352. Description=Related to <a href="http://www.justrams.com/" target=_blank>Just Rams</a> USB product driver. <font color=#FF0000>Is it required?</font>
66353.  
66354. Source=Paul Collins Startup list
66355.  
66356. [ShowIcon_PNY_PNY AttachΘ]
66357. Number=9420
66358. Confirmed=U
66359. Filename=shwicon.exe
66360. Description=<a href="http://www2.pny.com/Categories/UsbFlashDrives.aspx?Category_ID=12" target="_blank">PNY AttachΘ</a> USB flash memory stick System Tray icon - shows when the device is plugged in
66361. Source=Paul Collins Startup list
66362.  
66363. [ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051]
66364. Number=9421
66365. Confirmed=?
66366. Filename=shwicon.exe
66367. Description=Card reader for memory cards from digital cameras.<font color="#FF0000"> Is it required? </font>
66368. Source=Paul Collins Startup list
66369.  
66370. [ShowLOMControl]
66371. Number=9422
66372. Confirmed=U
66373. Filename=[strange symbol]
66374. Description=Note that there is a strange symbol in the command field. HKLM\Software\Microsoft\Windows\Current Version\Run\ShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It mean Show "LAN on Motherboard" Control.On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems
66375.  
66376. Source=Paul Collins Startup list
66377.  
66378. [Showme]
66379. Number=9423
66380. Confirmed=X
66381. Filename=Ruden.vbs
66382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/wm97handlea.html" target=_blank>HANDLE-A</a> VIRUS!
66383. Source=Paul Collins Startup list
66384.  
66385. [ShowWnd]
66386. Number=9424
66387. Confirmed=U
66388. Filename=ShowWnd.exe
66389. Description=Found on Gateway computers (and maybe others) - see <a href="http://support.gateway.com/s/issues/2-1945178247.shtml" target=_blank>here</a>. "Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software, however if you wish it can be removed through Add or Remove Programs"
66390. Source=Paul Collins Startup list
66391.  
66392. [SHPC32]
66393. Number=9425
66394. Confirmed=U
66395. Filename=SHPC32.exe
66396. Description=Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
66397. Source=Paul Collins Startup list
66398.  
66399. [ShStatEXE]
66400. Number=9426
66401. Confirmed=Y
66402. Filename=SHSTAT.EXE
66403. Description=From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs
66404. Source=Paul Collins Startup list
66405.  
66406. [Shutdownaware]
66407. Number=9427
66408. Confirmed=U
66409. Filename=shutdownaware.exe
66410. Description=Loaded by the <a href="http://www.sweexeurope.com/product.asp?pid=98" target="_blank">SWEEX 6-in-1 Media Card Reader</a> to properly manage the reader while it is connected to your system
66411. Source=Paul Collins Startup list
66412.  
66413. [ShutDownPro]
66414. Number=9428
66415. Confirmed=U
66416. Filename=ShutDownPro.exe
66417. Description=<a href="http://home.tiscali.de/zdata/shutdownpro_e.htm" target="_blank">ShutDownPro</a> - shutdown, reboot, logoff your System with one mouse click
66418. Source=Paul Collins Startup list
66419.  
66420. [Si Meter]
66421. Number=9429
66422. Confirmed=N
66423. Filename=SIMETER.EXE
66424. Description=<a href="http://downloads.zdnet.co.uk/0,39025604,39066984s,00.htm" target="_blank">Si Meter</a> - keep track of things like CPU activity, network activity and speed, hard-drive activity, hard-drive space, system memory, running processes, or just date and time
66425. Source=Paul Collins Startup list
66426.  
66427. [si91e44b]
66428. Number=9430
66429. Confirmed=X
66430. Filename=rundll32.exe [path] si91e44b.dll, EnableRunDLL32
66431. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
66432. Source=Paul Collins Startup list
66433.  
66434. [SIA2006]
66435. Number=9431
66436. Confirmed=U
66437. Filename=SIA2006.exe
66438. Description=Part of Steganos <a href="https://www.steganos.com/en/products/siavpn/" target="_blank">Internet Anonym</a> privacy software
66439. Source=Paul Collins Startup list
66440.  
66441. [SIAPRO6]
66442. Number=9432
66443. Confirmed=U
66444. Filename=sia.exe
66445. Description=Steganos <a href="http://www.steganos.com/?product=SIA2006&language=en&layout=web2005" target=_blank>Internet Anonym</a> privacy software
66446. Source=Paul Collins Startup list
66447.  
66448. [Sicom]
66449. Number=9433
66450. Confirmed=X
66451. Filename=Sicom.exe
66452. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-072917-4037-99" target="_blank">NETLIP</a> WORM!
66453. Source=Paul Collins Startup list
66454.  
66455. [SideACT]
66456. Number=9434
66457. Confirmed=U
66458. Filename=SideACT.exe
66459. Description=<a href="http://www.actaddons.com/products/jm_getorg.asp" target="_blank">SideACT</a> organizer software
66460. Source=Paul Collins Startup list
66461.  
66462. [Sidebar]
66463. Number=9435
66464. Confirmed=U
66465. Filename=Sidebar.exe
66466. Description=If you are running Windows Vista it is a part of the operating system. But on other versions of Windows it can be a part of
66467.  
66468. <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
66469.  
66470. Source=Paul Collins Startup list
66471.  
66472. [SIDEBAR]
66473. Number=9436
66474. Confirmed=N
66475. Filename=dsidebar.exe
66476. Description="<a href="http://www.desktopsidebar.com/" target=_blank>Desktop Sidebar</a> provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control"
66477.  
66478. Source=Paul Collins Startup list
66479.  
66480. [Sidebar]
66481. Number=9437
66482. Confirmed=U
66483. Filename=sidebar.exe
66484. Description=Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available
66485. Source=Paul Collins Startup list
66486.  
66487. [SideWinderTrayV4]
66488. Number=9438
66489. Confirmed=N
66490. Filename=SWTrayV4.exe
66491. Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
66492. Source=Paul Collins Startup list
66493.  
66494. [SigmaTel Audio]
66495. Number=9439
66496. Confirmed=N
66497. Filename=setup.exe
66498. Description=<a href="http://www.sigmatel.com/" target="_blank">Sigmatel</a> audio driver
66499. Source=Paul Collins Startup list
66500.  
66501. [SigmatelSysTrayApp]
66502. Number=9440
66503. Confirmed=N
66504. Filename=stsystra.exe
66505. Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
66506. Source=Paul Collins Startup list
66507.  
66508. [SigmatelSysTrayApp]
66509. Number=9441
66510. Confirmed=N
66511. Filename=sttray.exe
66512. Description=System tray program for the Sigmatel Audio sound card. Often found on Dell computers
66513. Source=Paul Collins Startup list
66514.  
66515. [SigX]
66516. Number=9442
66517. Confirmed=?
66518. Filename=sigx.exe
66519. Description=<font color="#FF0000">??</font>
66520. Source=Paul Collins Startup list
66521.  
66522. [SigXC]
66523. Number=9443
66524. Confirmed=X
66525. Filename=SigX.exe
66526. Description=<a href="http://sigx.yuriy.net/" target="_blank">SigX</a> is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"
66527. Source=Paul Collins Startup list
66528.  
66529. [Simcast]
66530. Number=9444
66531. Confirmed=N
66532. Filename=SimcastAlerts.exe
66533. Description=<a href="http://www.simcast.com.au/index.jsp" target="_blank">Simcast</a> is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say
66534. Source=Paul Collins Startup list
66535.  
66536. [SimpLite-MSN]
66537. Number=9445
66538. Confirmed=U
66539. Filename=SimpLite-MSN.exe
66540. Description=Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
66541. Source=Paul Collins Startup list
66542.  
66543. [Singapore]
66544. Number=9446
66545. Confirmed=X
66546. Filename=singapore.exe
66547. Description=Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See <a href="http://groups.google.com/group/soc.culture.singapore/msg/1f27820def4eaf8c?q=singapore+singapore.exe&hl=en&lr=&safe=off&rnum=1" target="_blank">here</a> for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself
66548. Source=Paul Collins Startup list
66549.  
66550. [SIPPS]
66551. Number=9447
66552. Confirmed=U
66553. Filename=SIPPS\SIPPS.exe
66554. Description=Web.de Internet phone utility
66555. Source=Paul Collins Startup list
66556.  
66557. [SiS Dns]
66558. Number=9448
66559. Confirmed=X
66560. Filename=dnssvc.exe
66561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderue.html" target=_blank>DLOADER-UE</a> TROJAN!
66562. Source=Paul Collins Startup list
66563.  
66564. [SiS KHooker]
66565. Number=9449
66566. Confirmed=N
66567. Filename=khooker.exe
66568. Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
66569. Source=Paul Collins Startup list
66570.  
66571. [SiS Mpc Service]
66572. Number=9450
66573. Confirmed=X
66574. Filename=mpcsvc.exe
66575. Description=Added by an unidentified WORM or TROJAN!
66576. Source=Paul Collins Startup list
66577.  
66578. [SiS Mpc Service]
66579. Number=9451
66580. Confirmed=X
66581. Filename=mpcsvc.exe
66582. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorcj.html" target="_blank">CIAFOOR-CJ</a> TROJAN!
66583. Source=Paul Collins Startup list
66584.  
66585. [SiS Tray]
66586. Number=9452
66587. Confirmed=U
66588. Filename=sistray.exe
66589. Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
66590. Source=Paul Collins Startup list
66591.  
66592. [SiS Windows KeyHook]
66593. Number=9453
66594. Confirmed=U
66595. Filename=keyhook.exe
66596. Description=SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
66597. Source=Paul Collins Startup list
66598.  
66599. [SiS7012Utility]
66600. Number=9454
66601. Confirmed=Y
66602. Filename=SiSAudUt.exe
66603. Description=SiS Corporation sound card driver
66604. Source=Paul Collins Startup list
66605.  
66606. [SISAM10M]
66607. Number=9455
66608. Confirmed=?
66609. Filename=SISAM10M.exe
66610. Description=<font color="#FF0000">??</font>
66611. Source=Paul Collins Startup list
66612.  
66613. [SiSAudio]
66614. Number=9456
66615. Confirmed=N
66616. Filename=MP_S3.exe
66617. Description=WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems
66618. Source=Paul Collins Startup list
66619.  
66620. [siscolor]
66621. Number=9457
66622. Confirmed=U
66623. Filename=color.exe
66624. Description=Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board
66625. Source=Paul Collins Startup list
66626.  
66627. [siService.exe]
66628. Number=9458
66629. Confirmed=U
66630. Filename=siService.exe
66631. Description=<a href="http://www.giantcompany.com/" target=_blank>Spam Inspector</a> - anti email spam software
66632. Source=Paul Collins Startup list
66633.  
66634. [SiSPower]
66635. Number=9459
66636. Confirmed=?
66637. Filename=Rundll32.exe SiSPower.dll, ModeAgent
66638. Description=Responsible for power management for SIS chipsets - <font color="#FF0000">is it required?</font>
66639. Source=Paul Collins Startup list
66640.  
66641. [SiSRaid]
66642. Number=9460
66643. Confirmed=U
66644. Filename=SRaid.exe
66645. Description=Related to the <a href="http://www.sis.com/" target=_blank>SIS Raid</a> system from Silicon Integrated Systems
66646. Source=Paul Collins Startup list
66647.  
66648. [SiSSetCDfmt]
66649. Number=9461
66650. Confirmed=?
66651. Filename=SiSSetCDfmt.exe
66652. Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
66653. Source=Paul Collins Startup list
66654.  
66655. [SISSoundman]
66656. Number=9462
66657. Confirmed=?
66658. Filename=Soundman.exe
66659. Description=<font color="#FF0000">Related to a Silicon Integrated Systems Corp (SiS) product?</font>
66660. Source=Paul Collins Startup list
66661.  
66662. [SiSSWLED]
66663. Number=9463
66664. Confirmed=U
66665. Filename=sisswled.exe
66666. Description=System Tray utility for SiS 900 network cards
66667. Source=Paul Collins Startup list
66668.  
66669. [sistrai.exe]
66670. Number=9464
66671. Confirmed=X
66672. Filename=sistrai.exe
66673. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-050212-3451-99" target="_blank"> PROVA</a> TROJAN!
66674. Source=Paul Collins Startup list
66675.  
66676. [sistray]
66677. Number=9465
66678. Confirmed=X
66679. Filename=sistray.exe
66680. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-050212-3451-99" target="_blank">PROVA</a> TROJAN!
66681. Source=Paul Collins Startup list
66682.  
66683. [sistray]
66684. Number=9466
66685. Confirmed=U
66686. Filename=sistray.exe
66687. Description=System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
66688. Source=Paul Collins Startup list
66689.  
66690. [Sistray32]
66691. Number=9467
66692. Confirmed=X
66693. Filename=remotehost.pif
66694. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022714-4020-99" target=_blank>HOLCAS.A</a> WORM!
66695. Source=Paul Collins Startup list
66696.  
66697. [Sistray32]
66698. Number=9468
66699. Confirmed=X
66700. Filename=win.bat
66701. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021815-3302-99" target=_blank>JUMPRED.A</a> WORM!
66702. Source=Paul Collins Startup list
66703.  
66704. [Sistray32]
66705. Number=9469
66706. Confirmed=X
66707. Filename=virus.exe
66708. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtometac.html" target=_blank>TOMETA-C</a> TROJAN!
66709. Source=Paul Collins Startup list
66710.  
66711. [sistry]
66712. Number=9470
66713. Confirmed=X
66714. Filename=sistry.exe
66715. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111211-1414-99" target="_blank">CEBE</a> WORM!
66716. Source=Paul Collins Startup list
66717.  
66718. [SiSUSBRG]
66719. Number=9471
66720. Confirmed=N
66721. Filename=SiSUSBrg.exe
66722. Description=SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
66723. Source=Paul Collins Startup list
66724.  
66725. [SiteAdvisor]
66726. Number=9472
66727. Confirmed=U
66728. Filename=SiteAdv.exe
66729. Description=<a href="http://www.siteadvisor.com/" target="_blank">SiteAdvisor</a> from McAfee warns you before you interact with a dangerous Web site
66730. Source=Paul Collins Startup list
66731.  
66732. [sixtysix]
66733. Number=9473
66734. Confirmed=X
66735. Filename=sixtypopsix.exe
66736. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120718-0513-99" target="_blank">Medload</a> adware
66737. Source=Paul Collins Startup list
66738.  
66739. [SK51]
66740. Number=9474
66741. Confirmed=U
66742. Filename=SK51.EXE
66743. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080614-0603-99" target= blank>SaveKeys</a> keystroke logger/monitoring program - remove unless you installed it yourself!
66744. Source=Paul Collins Startup list
66745.  
66746. [SK60]
66747. Number=9475
66748. Confirmed=U
66749. Filename=SK60.EXE
66750. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080614-0603-99" target= blank>SaveKeys</a> keystroke logger/monitoring program - remove unless you installed it yourself!
66751. Source=Paul Collins Startup list
66752.  
66753. [SK9910DM]
66754. Number=9476
66755. Confirmed=U
66756. Filename=SK9910DM.EXE
66757. Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
66758. Source=Paul Collins Startup list
66759.  
66760. [SKDAEMON]
66761. Number=9477
66762. Confirmed=U
66763. Filename=SKDAEMON.EXE
66764. Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 
66765. Source=Paul Collins Startup list
66766.  
66767. [skinkers]
66768. Number=9478
66769. Confirmed=U
66770. Filename=skinkers.exe
66771. Description=Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see <a href="http://www.skinkers.com/clients.html" target="_blank">here</a>. Leave enabled if you want to receive messages
66772. Source=Paul Collins Startup list
66773.  
66774. [sks-32]
66775. Number=9479
66776. Confirmed=X
66777. Filename=SKS32P~1.EXE
66778. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spykeyspy.html" target=_blank>SpyKeySpy</a> logs keystrokes and sends the stolen information to a configurable email address
66779. Source=Paul Collins Startup list
66780.  
66781. [Skunk]
66782. Number=9480
66783. Confirmed=X
66784. Filename=Skunk.exe
66785. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sunka.html" target=_blank>SUNK-A</a> WORM! Note - this file is found in the root folder (C:\), (D:\), etc
66786. Source=Paul Collins Startup list
66787.  
66788. [SkyBlaster Scheduler]
66789. Number=9481
66790. Confirmed=Y
66791. Filename=SSFSch.exe
66792. Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
66793. Source=Paul Collins Startup list
66794.  
66795. [skynetave.exe]
66796. Number=9482
66797. Confirmed=X
66798. Filename=skynetave.exe
66799. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050315-1907-99" target="_blank">SASSER.D</a> WORM!
66800. Source=Paul Collins Startup list
66801.  
66802. [SkynetRevenge]
66803. Number=9483
66804. Confirmed=X
66805. Filename=winlogon.scr
66806. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042717-0804-99" target="_blank">NETSKY.AA</a> WORM!
66807. Source=Paul Collins Startup list
66808.  
66809. [Skype]
66810. Number=9484
66811. Confirmed=N
66812. Filename=Skype.exe
66813. Description="<a href="http://www.skype.com/" target="_blank">Skype</a> is free and simple software that will enable you to make free calls anywhere in the world in minutes"
66814. Source=Paul Collins Startup list
66815.  
66816. [SkypeMate]
66817. Number=9485
66818. Confirmed=N
66819. Filename=SkypeMate.exe
66820. Description=<a href="http://www.yealink.com/en/index.asp" target="_blank">SkypeMate</a> acts as a bridge between networks of VoIP and PSTN
66821. Source=Paul Collins Startup list
66822.  
66823. [SkypeStartup]
66824. Number=9486
66825. Confirmed=X
66826. Filename=Skype.exe
66827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/malpyksea.html" target="_blank">PYKSE-A</a> WORM!
66828. Source=Paul Collins Startup list
66829.  
66830. [SkySurfer Management Service]
66831. Number=9487
66832. Confirmed=Y
66833. Filename=SmaServ.exe
66834. Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
66835. Source=Paul Collins Startup list
66836.  
66837. [SkyTel]
66838. Number=9488
66839. Confirmed=U
66840. Filename=SkyTel.exe
66841. Description=Process associated with <a href="http://www.realtek.com.tw/" target="_blank">Realtek</a> Voice Manager for some of their audio chipsets
66842. Source=Paul Collins Startup list
66843.  
66844. [sl4 rules]
66845. Number=9489
66846. Confirmed=X
66847. Filename=rbot32.exe
66848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqc.html" target= blank>SDBOT-QC</a> WORM!
66849. Source=Paul Collins Startup list
66850.  
66851. [slack12]
66852. Number=9490
66853. Confirmed=X
66854. Filename=mfcee.exe
66855. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
66856. Source=Paul Collins Startup list
66857.  
66858. [Slayhacker734]
66859. Number=9491
66860. Confirmed=X
66861. Filename=slay7383.exe
66862. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsikbota.html" target=_blank>SIKBOT-A</a> TROJAN!
66863. Source=Paul Collins Startup list
66864.  
66865. [SleepManager]
66866. Number=9492
66867. Confirmed=N
66868. Filename=SleepMgr.exe
66869. Description=This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode
66870. Source=Paul Collins Startup list
66871.  
66872. [Slibe.com]
66873. Number=9493
66874. Confirmed=U
66875. Filename=Sliber.EXE
66876. Description=<a href="http://www.sliber.com/" target="_blank">Sliber</a> - freeware screen capturing & online sharing tool
66877. Source=Paul Collins Startup list
66878.  
66879. [SlickRun]
66880. Number=9494
66881. Confirmed=U
66882. Filename=sr.exe
66883. Description="<a href="http://www.bayden.com/SlickRun/" target="_blank">SlickRun</a> is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"
66884. Source=Paul Collins Startup list
66885.  
66886. [slide]
66887. Number=9495
66888. Confirmed=X
66889. Filename=Iexplore.exe
66890. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082609-2823-99" target="_blank">GASLIDE</a> TROJAN! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a>) process, which should not appear in Msconfig/Startup unless you add it manually!
66891. Source=Paul Collins Startup list
66892.  
66893. [slimp3]
66894. Number=9496
66895. Confirmed=N
66896. Filename=SliMP3 Server.exe
66897. Description=<a href="http://www.macupdate.com/info.php/id/8973" target="_blank">Slimp3 Server</a> - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"
66898. Source=Paul Collins Startup list
66899.  
66900. [Slingshot]
66901. Number=9497
66902. Confirmed=N
66903. Filename=SLINGS~1.EXE
66904. Description=Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more". Now superseed by <a href="http://www.answers.com/main/download_answers_win.jsp" target="_blank">1-Click Answers</a>
66905. Source=Paul Collins Startup list
66906.  
66907. [slipcore]
66908. Number=9498
66909. Confirmed=Y
66910. Filename=slipcore.exe
66911. Description=Core module for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
66912. Source=Paul Collins Startup list
66913.  
66914. [slipgui]
66915. Number=9499
66916. Confirmed=Y
66917. Filename=slipgui.exe
66918. Description=User interface for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
66919. Source=Paul Collins Startup list
66920.  
66921. [SlipStream]
66922. Number=9500
66923. Confirmed=Y
66924. Filename=slipcore.exe
66925. Description=Core module for <a href="http://www.slipstream.com/our_solutions/value-added.html" target=_blank>Slipstream</a> - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
66926. Source=Paul Collins Startup list
66927.  
66928. [slmss]
66929. Number=9501
66930. Confirmed=X
66931. Filename=slmss.exe
66932. Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>
66933.  
66934. Source=Paul Collins Startup list
66935.  
66936. [sload]
66937. Number=9502
66938. Confirmed=X
66939. Filename=sload.exe
66940. Description=Win SynchroAd adware, also detected as <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqg.html" target=_blank>DLOADER-QG</a> TROJAN!
66941. Source=Paul Collins Startup list
66942.  
66943. [slvchost32]
66944. Number=9503
66945. Confirmed=X
66946. Filename=slvchost32.exe
66947. Description=Added by an unidentified VIRUS, WORM or TROJAN!
66948. Source=Paul Collins Startup list
66949.  
66950. [sm]
66951. Number=9504
66952. Confirmed=X
66953. Filename=sa_exe.exe
66954. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
66955. Source=Paul Collins Startup list
66956.  
66957. [sm]
66958. Number=9505
66959. Confirmed=X
66960. Filename=sf_exe.exe
66961. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
66962. Source=Paul Collins Startup list
66963.  
66964. [sm]
66965. Number=9506
66966. Confirmed=X
66967. Filename=sm_exe.exe
66968. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051310-2147-99" target= blank>OLFEB.A</a> TROJAN!
66969. Source=Paul Collins Startup list
66970.  
66971. [sm]
66972. Number=9507
66973. Confirmed=X
66974. Filename=sr_exe.exe
66975. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051112-1035-99" target= blank>LUKUSPAM</a> TROJAN!
66976. Source=Paul Collins Startup list
66977.  
66978. [SM1BG]
66979. Number=9508
66980. Confirmed=N
66981. Filename=SM1BG.EXE
66982. Description=USB driver for downloading from within Napster to portable MP3 players. Only required at startup if you use it all the time - otherwise start it manually when required
66983. Source=Paul Collins Startup list
66984.  
66985. [SM1NINT]
66986. Number=9509
66987. Confirmed=N
66988. Filename=SM1NINT.exe
66989. Description=Cypress USB Mass Storage Driver Notification Icon Application - tray notification for Cypress base memory sticks and external storage devices for Win98
66990. Source=Paul Collins Startup list
66991.  
66992. [SM56 Helper Win32 Utility]
66993. Number=9510
66994. Confirmed=N
66995. Filename=sm56hlpr.exe
66996. Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
66997. Source=Paul Collins Startup list
66998.  
66999. [Sm56acl]
67000. Number=9511
67001. Confirmed=N
67002. Filename=sm56hlpr.exe
67003. Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
67004. Source=Paul Collins Startup list
67005.  
67006. [sman]
67007. Number=9512
67008. Confirmed=X
67009. Filename=app***.tmp [* = digit]
67010. Description=Unidentified adware
67011. Source=Paul Collins Startup list
67012.  
67013. [Smapp]
67014. Number=9513
67015. Confirmed=N
67016. Filename=smtray.exe
67017. Description=System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller
67018. Source=Paul Collins Startup list
67019.  
67020. [Smart Card Service]
67021. Number=9514
67022. Confirmed=N
67023. Filename=ScardSvr.exe
67024. Description=For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see <a href="http://support.microsoft.com/kb/q293507/" target="_blank">here</a>. Probably not required unless you use such a device regularly
67025. Source=Paul Collins Startup list
67026.  
67027. [Smart Connect Monitor]
67028. Number=9515
67029. Confirmed=U
67030. Filename=SCMon.exe
67031. Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
67032. Source=Paul Collins Startup list
67033.  
67034. [Smart Connect Setup]
67035. Number=9516
67036. Confirmed=U
67037. Filename=SCSetup.exe
67038. Description=Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
67039. Source=Paul Collins Startup list
67040.  
67041. [Smart Keyboard]
67042. Number=9517
67043. Confirmed=U
67044. Filename=Smartkbd.exe
67045. Description=Netropa Smart Keyboard driver
67046. Source=Paul Collins Startup list
67047.  
67048. [Smart Label O Server]
67049. Number=9518
67050. Confirmed=N
67051. Filename=ssloserv.exe
67052. Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
67053. Source=Paul Collins Startup list
67054.  
67055. [Smart Label RFViewer]
67056. Number=9519
67057. Confirmed=N
67058. Filename=SSLFVIEW.EXE
67059. Description=Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
67060. Source=Paul Collins Startup list
67061.  
67062. [Smart Start UP]
67063. Number=9520
67064. Confirmed=N
67065. Filename=PnPDetect.exe
67066. Description=Part of Presto! <a href="http://www.newsoftinc.com/" target=_blank>Mr.Photo</a> - "an ideal program for creating, sharing, and manag-ing digital images and videos"
67067.  
67068. Source=Paul Collins Startup list
67069.  
67070. [Smart Touch]
67071. Number=9521
67072. Confirmed=U
67073. Filename=STouch.exe
67074. Description=Related to Plustek <a href="http://www.plustek.com/product/opticslim.asp" target="_blank">OpticSlim</a> scanner
67075. Source=Paul Collins Startup list
67076.  
67077. [Smart Type Assistant]
67078. Number=9522
67079. Confirmed=N
67080. Filename=sta.exe
67081. Description=<a href="http://www.blazingtools.com/sta.html" target="_blank">Smart Type Assistant</a> - a complex typing automation tool, intended to make your work faster and safer
67082. Source=Paul Collins Startup list
67083.  
67084. [Smartalec]
67085. Number=9523
67086. Confirmed=U
67087. Filename=pcaccel.exe
67088. Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
67089. Source=Paul Collins Startup list
67090.  
67091. [SmartBarXP]
67092. Number=9524
67093. Confirmed=N
67094. Filename=SmartBarXP.exe
67095. Description=<a href="http://www.smartbarxp.com/cgi-bin/cws/home.php?page=desc" target="_blank">SmartBarXP</a> is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few
67096. Source=Paul Collins Startup list
67097.  
67098. [sMaRTcaPs]
67099. Number=9525
67100. Confirmed=N
67101. Filename=SMARTC~1.EXE
67102. Description=<a href="http://www.phoebusllc.com/index.htm#SC%20Description" target="_blank">sMaRTcaPs</a> from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys
67103. Source=Paul Collins Startup list
67104.  
67105. [Smarthruengine]
67106. Number=9526
67107. Confirmed=U
67108. Filename=QS.exe
67109. Description=Samsung smarthru software, used with Lexmark Z82 or Samsung multifunction printers
67110. Source=Paul Collins Startup list
67111.  
67112. [SmartPCXL]
67113. Number=9527
67114. Confirmed=U
67115. Filename=pcaccel.exe
67116. Description=<a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml">Smartalec PC Accelerator</a> - system optimization utility
67117. Source=Paul Collins Startup list
67118.  
67119. [SmartSync Pro]
67120. Number=9528
67121. Confirmed=U
67122. Filename=SmartSync.exe
67123. Description=Related to <a href="http://www.companionlink.com/" target=_blank>CompanionLink</a> Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook
67124. Source=Paul Collins Startup list
67125.  
67126. [SMax4]
67127. Number=9529
67128. Confirmed=N
67129. Filename=SMax4.exe
67130. Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
67131. Source=Paul Collins Startup list
67132.  
67133. [SMax4PNP]
67134. Number=9530
67135. Confirmed=U
67136. Filename=SMax4PNP.exe
67137. Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
67138. Source=Paul Collins Startup list
67139.  
67140. [smbdpmi]
67141. Number=9531
67142. Confirmed=?
67143. Filename=smbdpmi.exe
67144. Description=IBM Netfinity Director and Universal Management Services related. <font color="#FF0000">What does it do and is it required?</font>
67145. Source=Paul Collins Startup list
67146.  
67147. [smc]
67148. Number=9532
67149. Confirmed=Y
67150. Filename=smc.exe
67151. Description=Sygate Firewall
67152. Source=Paul Collins Startup list
67153.  
67154. [smc]
67155. Number=9533
67156. Confirmed=Y
67157. Filename=spfsmc.exe
67158. Description=Sygate Firewall
67159. Source=Paul Collins Startup list
67160.  
67161. [SMC Service]
67162. Number=9534
67163. Confirmed=Y
67164. Filename=smc.exe
67165. Description=Sygate Firewall
67166. Source=Paul Collins Startup list
67167.  
67168. [SMC Service]
67169. Number=9535
67170. Confirmed=Y
67171. Filename=spfsmc.exe
67172. Description=Sygate Firewall
67173. Source=Paul Collins Startup list
67174.  
67175. [smcserv]
67176. Number=9536
67177. Confirmed=X
67178. Filename=winsrv.exe
67179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotou.html" target=_blank>AGOBOT-OU</a> WORM!
67180. Source=Paul Collins Startup list
67181.  
67182. [SmcService]
67183. Number=9537
67184. Confirmed=Y
67185. Filename=smc.exe
67186. Description=Sygate Firewall
67187. Source=Paul Collins Startup list
67188.  
67189. [SmcServices]
67190. Number=9538
67191. Confirmed=Y
67192. Filename=smc.exe
67193. Description=Sygate Firewall
67194. Source=Paul Collins Startup list
67195.  
67196. [SmcServices]
67197. Number=9539
67198. Confirmed=Y
67199. Filename=spfsmc.exe
67200. Description=Sygate Firewall
67201. Source=Paul Collins Startup list
67202.  
67203. [Smcsta.exe]
67204. Number=9540
67205. Confirmed=?
67206. Filename=Smcsta.exe
67207. Description=SMC Networks wireless PCI card driver. <font color="#FF0000"> Is it required?</font>
67208. Source=Paul Collins Startup list
67209.  
67210. [SmcSVR]
67211. Number=9541
67212. Confirmed=X
67213. Filename=SmcSVR.exe
67214. Description=Added by the <a href="http://se.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_LEGMIR.JU" target=_blank>LEGMIR.JU</a> TROJAN!
67215. Source=Paul Collins Startup list
67216.  
67217. [Smiley District]
67218. Number=9542
67219. Confirmed=X
67220. Filename=plugin.exe
67221. Description=<a href="http://www.spyany.com/files/insmile_dll.html" target="_blank">Smiley District</a> adware
67222. Source=Paul Collins Startup list
67223.  
67224. [Smith Micro try]
67225. Number=9543
67226. Confirmed=N
67227. Filename=smiptray.exe
67228. Description=Smith Micro shared files. Comes with D-Link web cam
67229. Source=Paul Collins Startup list
67230.  
67231. [smodul]
67232. Number=9544
67233. Confirmed=U
67234. Filename=smodule.exe
67235. Description=<a href="http://www.neuber.com/usermonitor/index.html" target="_blank">UserMonitor</a> from Neuber. Teachers can broadcast screen to other screens, see students screens in a network and detect unauthorized software
67236. Source=Paul Collins Startup list
67237.  
67238. [SmoothView]
67239. Number=9545
67240. Confirmed=X
67241. Filename=SmoothView.exe
67242. Description=TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe Reader and also desktop icons
67243. Source=Paul Collins Startup list
67244.  
67245. [SMPAutoStart]
67246. Number=9546
67247. Confirmed=U
67248. Filename=smpdemo.exe
67249. Description=<a href="http://www.kengolf.com/en/download.htm" target=_blank>Smart Phone Recorder</a> demo from KenGolf.com. Answering Machine, Caller ID, Call Recording
67250.  
67251. Source=Paul Collins Startup list
67252.  
67253. [smres]
67254. Number=9547
67255. Confirmed=X
67256. Filename=smres.exe
67257. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotua.html" target=_blank>AGOBOT-UA</a> WORM!
67258. Source=Paul Collins Startup list
67259.  
67260. [SMS Application Launcher]
67261. Number=9548
67262. Confirmed=U
67263. Filename=LAUNCH32.EXE
67264. Description=Microsoft <a href="http://www.microsoft.com/smserver/default.asp" target="_blank">Systems Management Server</a> - used to manage computers on a network remotely
67265. Source=Paul Collins Startup list
67266.  
67267. [SMS Client Service]
67268. Number=9549
67269. Confirmed=U
67270. Filename=clisvc95.exe
67271. Description=When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)
67272. Source=Paul Collins Startup list
67273.  
67274. [Sms System32]
67275. Number=9550
67276. Confirmed=X
67277. Filename=SmsSystem32.exe
67278. Description=Unidentified malware
67279. Source=Paul Collins Startup list
67280.  
67281. [SMS Win9x Message Agent]
67282. Number=9551
67283. Confirmed=U
67284. Filename=??
67285. Description=This program assigns a user to a Systems Management Server site
67286. Source=Paul Collins Startup list
67287.  
67288. [SMS Win9x Message Agent]
67289. Number=9552
67290. Confirmed=U
67291. Filename=SMSMsg.exe
67292. Description=This program assigns a user to a Systems Management Server site
67293. Source=Paul Collins Startup list
67294.  
67295. [Smserial]
67296. Number=9553
67297. Confirmed=N
67298. Filename=sm56hlpr.exe
67299. Description=Helper utility for Motorola based SM56 software modems - resides in the System Tray
67300. Source=Paul Collins Startup list
67301.  
67302. [SMSI Loader]
67303. Number=9554
67304. Confirmed=N
67305. Filename=SMLoader.exe
67306. Description=Smith Micro <a href="http://www.smithmicro.com/default.tpl?group=product_full&sku=HMCWA0SESMS1250" target="_blank">HotFax</a> - fax software
67307. Source=Paul Collins Startup list
67308.  
67309. [smsm]
67310. Number=9555
67311. Confirmed=X
67312. Filename=smsm.exe
67313. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerco.html" target=_blank>BANKER-CO</a> TROJAN!
67314. Source=Paul Collins Startup list
67315.  
67316. [smsrv]
67317. Number=9556
67318. Confirmed=X
67319. Filename=smsrv.exe
67320. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsx.html" target=_blank>AGOBOT-SX</a> WORM!
67321. Source=Paul Collins Startup list
67322.  
67323. [SMSS]
67324. Number=9557
67325. Confirmed=X
67326. Filename=smss.exe
67327. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080411-0612-99" target=_blank>FLOOD.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Catroot" subfolder
67328. Source=Paul Collins Startup list
67329.  
67330. [smss]
67331. Number=9558
67332. Confirmed=X
67333. Filename=[path to smss.exe]
67334. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010114-3236-99" target="_blank">ALADINZ.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
67335. Source=Paul Collins Startup list
67336.  
67337. [smss]
67338. Number=9559
67339. Confirmed=X
67340. Filename=smss.exe
67341. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenttr.html" target=_blank>AGENT-TR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
67342. Source=Paul Collins Startup list
67343.  
67344. [smss]
67345. Number=9560
67346. Confirmed=X
67347. Filename=smss.exe
67348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojborobotj.html" target=_blank>BOROBOT-J</a> TROJAN and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which should not normally figure in Msconfig/Startup!
67349. Source=Paul Collins Startup list
67350.  
67351. [Smss]
67352. Number=9561
67353. Confirmed=X
67354. Filename=ssms.exe
67355. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.OP" target="_blank">RBOT.OP</a> WORM!
67356. Source=Paul Collins Startup list
67357.  
67358. [smss.exe]
67359. Number=9562
67360. Confirmed=X
67361. Filename=csrss.exe
67362. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070603-2351-99" target=_blank>DALBUG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
67363. Source=Paul Collins Startup list
67364.  
67365. [smssLevel4]
67366. Number=9563
67367. Confirmed=X
67368. Filename=smss.exe
67369. Description=Unidentified malware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in Program Files\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 folder
67370. Source=Paul Collins Startup list
67371.  
67372. [SMSSS]
67373. Number=9564
67374. Confirmed=X
67375. Filename=smsss.exe
67376. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
67377. Source=Paul Collins Startup list
67378.  
67379. [SMSSS Loader]
67380. Number=9565
67381. Confirmed=X
67382. Filename=smsss.exe
67383. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MQ" target=_blank>AGOBOT.MQ</a> WORM!
67384. Source=Paul Collins Startup list
67385.  
67386. [SMSSU]
67387. Number=9566
67388. Confirmed=X
67389. Filename=SMSSU.EXE
67390. Description=Hijacker, detected by Norton antivirus as <a href="http://www.sarc.com/avcenter/venc/data/pf/trojan.startpage.o.html" target= blank>Trojan.StartPage.O</a>
67391. Source=Paul Collins Startup list
67392.  
67393. [smsys]
67394. Number=9567
67395. Confirmed=X
67396. Filename=Explorer.exe
67397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickerc.html" target="_blank">CLICKER-C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "Template" subfolder
67398. Source=Paul Collins Startup list
67399.  
67400. [smsys]
67401. Number=9568
67402. Confirmed=X
67403. Filename=vi.exe
67404. Description=Adult content dialler
67405. Source=Paul Collins Startup list
67406.  
67407. [SMSystemAnalyzer]
67408. Number=9569
67409. Confirmed=U
67410. Filename=SMSystemAnalyzer.exe
67411. Description=Part of the Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> optimization tool
67412. Source=Paul Collins Startup list
67413.  
67414. [sms_msn]
67415. Number=9570
67416. Confirmed=X
67417. Filename=sms_msn.exe
67418. Description=Added by an unknown WORM or TROJAN!
67419. Source=Paul Collins Startup list
67420.  
67421. [sms_msn40]
67422. Number=9571
67423. Confirmed=X
67424. Filename=sms_msn40.exe
67425. Description=Added by an unknown WORM or TROJAN infection
67426. Source=Paul Collins Startup list
67427.  
67428. [Smt]
67429. Number=9572
67430. Confirmed=U
67431. Filename=SMT.exe
67432. Description=<a href="http://www.win-spy.com/" target=_blank>Win-Spy</a> keyboard logger/monitoring software - remove unless you installed it yourself
67433. Source=Paul Collins Startup list
67434.  
67435. [SMToolbar]
67436. Number=9573
67437. Confirmed=N
67438. Filename=SMToolbar.exe
67439. Description=StartMake.com toolbar
67440. Source=Paul Collins Startup list
67441.  
67442. [SMTP32 Mailing Protocol]
67443. Number=9574
67444. Confirmed=X
67445. Filename=smtp32.exe
67446. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
67447. Source=Paul Collins Startup list
67448.  
67449. [SmWizard]
67450. Number=9575
67451. Confirmed=?
67452. Filename=SmWizard.exe
67453. Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. <font color="#FF0000">What does it do and is it required?</font>
67454. Source=Paul Collins Startup list
67455.  
67456. [SN Messenger]
67457. Number=9576
67458. Confirmed=X
67459. Filename=msnmsgr.exe
67460. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavp.html" target=_blank>RBOT-AVP</a> WORM!
67461. Source=Paul Collins Startup list
67462.  
67463. [snapple]
67464. Number=9577
67465. Confirmed=X
67466. Filename=snapple.exe
67467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteg.html" target=_blank>FORBOT-EG</a> WORM!
67468. Source=Paul Collins Startup list
67469.  
67470. [snbr]
67471. Number=9578
67472. Confirmed=?
67473. Filename=snbr.exe
67474. Description=<font color="#FF0000">??</font>
67475. Source=Paul Collins Startup list
67476.  
67477. [snbupt]
67478. Number=9579
67479. Confirmed=X
67480. Filename=snbupt.exe
67481. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041417-3506-99" target=_blank>UpSpiralBar</a> adware
67482. Source=Paul Collins Startup list
67483.  
67484. [sncntr]
67485. Number=9580
67486. Confirmed=X
67487. Filename=sncntr.exe
67488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucai.html" target=_blank>DLUCA-I</a> TROJAN!
67489. Source=Paul Collins Startup list
67490.  
67491. [SNCT511]
67492. Number=9581
67493. Confirmed=?
67494. Filename=vsnct511.exe
67495. Description=Unidentified "Snapshot Viewer"- <font color="#FF0000">what does it do and is it required?</font>
67496. Source=Paul Collins Startup list
67497.  
67498. [snd332]
67499. Number=9582
67500. Confirmed=X
67501. Filename=snd332.exe
67502. Description=Added by the <a href="http://www.jayloden.com/Bildo.htm" target=_blank>B1LD0</a> AIM WORM! 
67503. Source=Paul Collins Startup list
67504.  
67505. [Sndcompat]
67506. Number=9583
67507. Confirmed=X
67508. Filename=Sndcompat.exe
67509. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
67510. Source=Paul Collins Startup list
67511.  
67512. [sndmi13]
67513. Number=9584
67514. Confirmed=U
67515. Filename=vsndmi13.exe
67516. Description=Driver for <a href="http://www.amazon.com/Logitech-961308-0403-ClickSmart-820-DualCam/dp/B00006OMZ6" target="_blank">DualCam</a> cameras - that combine the best features of a digital still camera and a webcam
67517. Source=Paul Collins Startup list
67518.  
67519. [SNDMon]
67520. Number=9585
67521. Confirmed=U
67522. Filename=SNDMon.exe
67523. Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
67524. Source=Paul Collins Startup list
67525.  
67526. [Sndsaver]
67527. Number=9586
67528. Confirmed=X
67529. Filename=Sndsaver.exe
67530. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
67531. Source=Paul Collins Startup list
67532.  
67533. [sndsrvc]
67534. Number=9587
67535. Confirmed=?
67536. Filename=SNDSRVC.EXE
67537. Description=Part of Norton Personal Firewall and Norton Internet Security - <font color="#FF0000">what does it do and is it required?</font>
67538. Source=Paul Collins Startup list
67539.  
67540. [SNInstall]
67541. Number=9588
67542. Confirmed=X
67543. Filename=[various filenames]
67544. Description=Spy Sheriff/SpywareNO malware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html" target=_blank>SPYHOAX-A</a> TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe 
67545. Source=Paul Collins Startup list
67546.  
67547. [Snippet]
67548. Number=9589
67549. Confirmed=U
67550. Filename=SnippingTool.exe
67551. Description=The Snipping Tool (part of the <a href="http://www.microsoft.com/windowsxp/downloads/tabletpc/experiencepack/default.mspx" target= blank>Experience Pack</a> for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an E-mail message
67552. Source=Paul Collins Startup list
67553.  
67554. [SNM]
67555. Number=9590
67556. Confirmed=U
67557. Filename=SNM.exe
67558. Description=<a href="http://www.spynomore.com/" target="_blank">SpyNoMore</a> anti-spyware
67559. Source=Paul Collins Startup list
67560.  
67561. [SnoopFreeUI]
67562. Number=9591
67563. Confirmed=U
67564. Filename=SnoopFreeUI.exe
67565. Description=Anti-keylogging software made by <a href="http://www.snoopfree.com/" target=_blank>SnoopFree Software</a>
67566. Source=Paul Collins Startup list
67567.  
67568. [SNP Generic Host Process]
67569. Number=9592
67570. Confirmed=X
67571. Filename=svchost.exe
67572. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchaso.html" target=_blank>ZAPCHAS-O</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
67573. Source=Paul Collins Startup list
67574.  
67575. [snp2std]
67576. Number=9593
67577. Confirmed=N
67578. Filename=vsnp2std.exe
67579. Description=Digital camera related
67580. Source=Paul Collins Startup list
67581.  
67582. [snpstd]
67583. Number=9594
67584. Confirmed=?
67585. Filename=vsnpstd.exe
67586. Description=<a href="http://www.sonix.com.tw/" target=_blank>Sonix</a> PC Camera Monitor MFC Application. <font color="#FF0000">What does it do and is it required?</font>
67587. Source=Paul Collins Startup list
67588.  
67589. [SNPSTD2]
67590. Number=9595
67591. Confirmed=?
67592. Filename=vsnpstd2.exe
67593. Description=CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -<font color="#FF0000">is it required?</font>
67594. Source=Paul Collins Startup list
67595.  
67596. [snpstd3]
67597. Number=9596
67598. Confirmed=Y
67599. Filename=vsnpstd3.exe
67600. Description=<a href="http://www.sonix.com/" target=_blank>Sonix Inc.</a> Camera Monitor MFC Application
67601.  
67602. Source=Paul Collins Startup list
67603.  
67604. [Snsicon]
67605. Number=9597
67606. Confirmed=N
67607. Filename=Snsicon.exe
67608. Description=Launches a screensaver program from Second Nature
67609. Source=Paul Collins Startup list
67610.  
67611. [SNSS.EXE]
67612. Number=9598
67613. Confirmed=X
67614. Filename=SNSS.EXE
67615. Description=Added by the <a href="http://www.sarc.com/avcenter/venc/data/dialer.nunci.html" target=_blank>Nunci</a> premium rate dialer
67616. Source=Paul Collins Startup list
67617.  
67618. [snvc]
67619. Number=9599
67620. Confirmed=X
67621. Filename=snvc.exe
67622. Description=Added by an unidentified WORM or TROJAN!
67623. Source=Paul Collins Startup list
67624.  
67625. [SO5 Integrator Pass One]
67626. Number=9600
67627. Confirmed=?
67628. Filename=sointgr.exe
67629. Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
67630. Source=Paul Collins Startup list
67631.  
67632. [SO5 Integrator Pass Two]
67633. Number=9601
67634. Confirmed=?
67635. Filename=sointgr.exe
67636. Description=StarOffice 5.<font color="#FF0000"> See <a href="http://www.pathtech.org/staroffice/faq/faq.html" target="_blank">here</a> for more details</font>
67637. Source=Paul Collins Startup list
67638.  
67639. [Soar]
67640. Number=9602
67641. Confirmed=X
67642. Filename=Rwon.exe
67643. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
67644. Source=Paul Collins Startup list
67645.  
67646. [Social Security Agency]
67647. Number=9603
67648. Confirmed=X
67649. Filename=rpcxsocsa.exe
67650. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
67651. Source=Paul Collins Startup list
67652.  
67653. [Sock32]
67654. Number=9604
67655. Confirmed=X
67656. Filename=sock32.exe
67657. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
67658. Source=Paul Collins Startup list
67659.  
67660. [Socket Utility]
67661. Number=9605
67662. Confirmed=X
67663. Filename=svchostz.exe
67664. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target="_blank">DAEMONI-E</a> TROJAN!
67665. Source=Paul Collins Startup list
67666.  
67667. [Socket Utility]
67668. Number=9606
67669. Confirmed=X
67670. Filename=socket.exe
67671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target=_blank>DAEMONI-E</a> TROJAN!
67672. Source=Paul Collins Startup list
67673.  
67674. [Socket Utility]
67675. Number=9607
67676. Confirmed=X
67677. Filename=svchostz.exe
67678. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonie.html" target=_blank>DAEMONI-E</a> TROJAN!
67679. Source=Paul Collins Startup list
67680.  
67681. [SoDA Startup]
67682. Number=9608
67683. Confirmed=Y
67684. Filename=SodaStartup.exe
67685. Description=Used by the <a href="http://www-306.ibm.com/software/awdtools/soda/index.html" target="_blank">IBM Rational SoDA</a> project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software
67686. Source=Paul Collins Startup list
67687.  
67688. [soffice]
67689. Number=9609
67690. Confirmed=N
67691. Filename=SOFFICE.EXE
67692. Description=Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory).
67693. Source=Paul Collins Startup list
67694.  
67695. [Soft Profile Inc]
67696. Number=9610
67697. Confirmed=X
67698. Filename=hxdef.exe...
67699. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
67700. Source=Paul Collins Startup list
67701.  
67702. [softIce Update 32]
67703. Number=9611
67704. Confirmed=X
67705. Filename=wininits.exe
67706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanb.html" target=_blank>RBOT-ANB</a> WORM!
67707. Source=Paul Collins Startup list
67708.  
67709. [SoftickPPP]
67710. Number=9612
67711. Confirmed=U
67712. Filename=PPPGate.exe
67713. Description=<a href="http://www.softick.com/ppp/" target=_blank>Softick PPP</a> is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer
67714. Source=Paul Collins Startup list
67715.  
67716. [SOFTinst]
67717. Number=9613
67718. Confirmed=Y
67719. Filename=N/A
67720. Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
67721. Source=Paul Collins Startup list
67722.  
67723. [SoftStuff Wallpaper Changer]
67724. Number=9614
67725. Confirmed=U
67726. Filename=softstrt.exe
67727. Description=<a href="http://www.azurebay.com/" target="_blank">AzureBay</a> wallpaper changer
67728. Source=Paul Collins Startup list
67729.  
67730. [Software]
67731. Number=9615
67732. Confirmed=X
67733. Filename=software.exe
67734. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html" target=_blank>CRABTON-B</a> TROJAN!
67735. Source=Paul Collins Startup list
67736.  
67737. [SoftwareStation]
67738. Number=9616
67739. Confirmed=U
67740. Filename=station.exe
67741. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
67742. Source=Paul Collins Startup list
67743.  
67744. [Solo Sentry]
67745. Number=9617
67746. Confirmed=Y
67747. Filename=Solosent.exe
67748. Description=<a target="_blank" href="http://www.srnmicro.com/">Solo Antivirus</a>
67749. Source=Paul Collins Startup list
67750.  
67751. [SoloSchedule]
67752. Number=9618
67753. Confirmed=U
67754. Filename=Solocfg.exe
67755. Description=Scheduler for <a target="_blank" href="http://www.srnmicro.com/">Solo Antivirus</a>. Leave enabled unless you scan manually on a regular basis
67756. Source=Paul Collins Startup list
67757.  
67758. [SoloSysCheck]
67759. Number=9619
67760. Confirmed=U
67761. Filename=Syscheck.exe
67762. Description=<a href="http://www.srnmicro.com/" target=_blank>Solo antivirus</a> System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors
67763. Source=Paul Collins Startup list
67764.  
67765. [somatic]
67766. Number=9620
67767. Confirmed=X
67768. Filename=somatic.exe
67769. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
67770. Source=Paul Collins Startup list
67771.  
67772. [Sonic A3D Control]
67773. Number=9621
67774. Confirmed=N
67775. Filename=vrtxctrl.exe
67776. Description=Sound related options
67777. Source=Paul Collins Startup list
67778.  
67779. [Sonic RecordNow!]
67780. Number=9622
67781. Confirmed=X
67782. Filename=smsc.exe
67783. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
67784. Source=Paul Collins Startup list
67785.  
67786. [SoniqueQuickStart]
67787. Number=9623
67788. Confirmed=N
67789. Filename=sqstart.exe
67790. Description=Quickstart for the discontinued <a href="http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Sonique-2.shtml" target="_blank">Sonique</a> audio player. Available via Start -> Programs
67791. Source=Paul Collins Startup list
67792.  
67793. [SonnReg]
67794. Number=9624
67795. Confirmed=?
67796. Filename=SonnReg.exe
67797. Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games. <font color="#FF0000">Possibly a registration reminder?</font>
67798. Source=Paul Collins Startup list
67799.  
67800. [SonudMan]
67801. Number=9625
67802. Confirmed=X
67803. Filename=SonudMan.exe
67804. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-093010-0049-99" target=_blank>STARTPAGE.Q</a> TROJAN!
67805. Source=Paul Collins Startup list
67806.  
67807. [SonudMan]
67808. Number=9626
67809. Confirmed=X
67810. Filename=WNILOGON.exe
67811. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobdc.html" target="_blank">QQROB-DC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
67812. Source=Paul Collins Startup list
67813.  
67814. [SonudMon]
67815. Number=9627
67816. Confirmed=X
67817. Filename=SonudMon.exe
67818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojleworj.html" target=_blank>LEWOR-J</a> TROJAN!
67819. Source=Paul Collins Startup list
67820.  
67821. [SonyPowerCfg]
67822. Number=9628
67823. Confirmed=U
67824. Filename=SPMgr.exe
67825. Description=Related to Sony VAIO Power Management Module installed on laptops and provides additional configuration options for these devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
67826. Source=Paul Collins Startup list
67827.  
67828. [Soot]
67829. Number=9629
67830. Confirmed=?
67831. Filename=rcea.exe
67832. Description=<font color="#FF0000">??</font>
67833. Source=Paul Collins Startup list
67834.  
67835. [sophagnt]
67836. Number=9630
67837. Confirmed=?
67838. Filename=sophagnt.exe
67839. Description=<font color="#FF0000">Possibly related to <a href="http://www.sophocles.net/" target="_blank">Sophocles Screenwriting Software</a>?</font>
67840. Source=Paul Collins Startup list
67841.  
67842. [SOProc_RegSoAlertWxLiteNnAj]
67843. Number=9631
67844. Confirmed=X
67845. Filename=rundll32 shell32.dll, ShellExec_RunDLL [path] soproc.exe
67846. Description=Advertising by SoftwareOnline - monitors your browsing habits and distributes the data back to the author's servers for analysis
67847. Source=Paul Collins Startup list
67848.  
67849. [SOS]
67850. Number=9632
67851. Confirmed=X
67852. Filename=SOS.exe
67853. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032612-5504-99" target="_blank">PHILIS</a> VIRUS!
67854. Source=Paul Collins Startup list
67855.  
67856. [SoSyncMonitor]
67857. Number=9633
67858. Confirmed=?
67859. Filename=SoSyncMonitor.exe
67860. Description=<a href="http://www.superoffice.com/en/" target="_blank">SuperOffice</a> related. <font color="#FF0000">What does it do and is it required?</font>
67861. Source=Paul Collins Startup list
67862.  
67863. [Sound Loader]
67864. Number=9634
67865. Confirmed=X
67866. Filename=sndloader.exe
67867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbv.html" target="_blank">AGOBOT-BV</a> WORM!
67868. Source=Paul Collins Startup list
67869.  
67870. [Sound services]
67871. Number=9635
67872. Confirmed=X
67873. Filename=SOUND32.EXE
67874. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GG" target="_blank">AGOBOT.GG</a> WORM!
67875. Source=Paul Collins Startup list
67876.  
67877. [Sound System]
67878. Number=9636
67879. Confirmed=X
67880. Filename=WinSound1.exe
67881. Description=Added by an unidentified VIRUS, WORM or TROJAN!
67882. Source=Paul Collins Startup list
67883.  
67884. [soundcontrl]
67885. Number=9637
67886. Confirmed=X
67887. Filename=soundcontrl.exe
67888. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
67889. Source=Paul Collins Startup list
67890.  
67891. [sounddrv]
67892. Number=9638
67893. Confirmed=X
67894. Filename=sndbdrv3104.exe
67895. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
67896. Source=Paul Collins Startup list
67897.  
67898. [SoundFusion]
67899. Number=9639
67900. Confirmed=?
67901. Filename=rundll32 cwcprops.cpl
67902. Description=Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
67903. Source=Paul Collins Startup list
67904.  
67905. [SoundFusion]
67906. Number=9640
67907. Confirmed=?
67908. Filename=rundll32 hercplgs.cpl, BootEntryPoint
67909. Description=Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
67910. Source=Paul Collins Startup list
67911.  
67912. [SoundFusion]
67913. Number=9641
67914. Confirmed=?
67915. Filename=RunDll32 cwaprops.cpl, C25CrystalControlWnd
67916. Description=Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. <font color="#FF0000">Does it need to run at start-up every time?</font>
67917. Source=Paul Collins Startup list
67918.  
67919. [SoundMam]
67920. Number=9642
67921. Confirmed=X
67922. Filename=SVOHOST.exe
67923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobaal.html" target="_blank">QQROB-AAL</a> TROJAN!
67924. Source=Paul Collins Startup list
67925.  
67926. [soundman]
67927. Number=9643
67928. Confirmed=N
67929. Filename=soundman.exe
67930. Description=System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
67931. Source=Paul Collins Startup list
67932.  
67933. [SOUNDMAN Microsoft Help]
67934. Number=9644
67935. Confirmed=X
67936. Filename=soun.pif
67937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaiu.html" target=_blank>RBOT-AIU</a> WORM!
67938. Source=Paul Collins Startup list
67939.  
67940. [SoundMAX]
67941. Number=9645
67942. Confirmed=N
67943. Filename=SMax4.exe
67944. Description=System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
67945. Source=Paul Collins Startup list
67946.  
67947. [SoundMAX]
67948. Number=9646
67949. Confirmed=X
67950. Filename=SoundMAX.exe
67951. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rizona.html" target= blank>RIZON-A</a> WORM! Note - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards!
67952. Source=Paul Collins Startup list
67953.  
67954. [SoundMax Audio Drivers]
67955. Number=9647
67956. Confirmed=X
67957. Filename=SndMAX.exe
67958. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
67959. Source=Paul Collins Startup list
67960.  
67961. [SoundMAXPnP]
67962. Number=9648
67963. Confirmed=U
67964. Filename=SMax4PNP.exe
67965. Description=SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
67966. Source=Paul Collins Startup list
67967.  
67968. [soundmix]
67969. Number=9649
67970. Confirmed=X
67971. Filename=soundmix.exe
67972. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGENT.PGV" target="_blank">AGENT.PGV</a> WORM!
67973. Source=Paul Collins Startup list
67974.  
67975. [SoundMixer]
67976. Number=9650
67977. Confirmed=X
67978. Filename=smvss.exe
67979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
67980. Source=Paul Collins Startup list
67981.  
67982. [Soundmx]
67983. Number=9651
67984. Confirmed=X
67985. Filename=Soundmx.exe
67986. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
67987. Source=Paul Collins Startup list
67988.  
67989. [soundtask]
67990. Number=9652
67991. Confirmed=X
67992. Filename=soundtask.exe
67993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmd.html" target=_blank>AGOBOT-MD</a> WORM!
67994. Source=Paul Collins Startup list
67995.  
67996. [soundtasks]
67997. Number=9653
67998. Confirmed=X
67999. Filename=soundtasks.exe
68000. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
68001. Source=Paul Collins Startup list
68002.  
68003. [soundtctrls]
68004. Number=9654
68005. Confirmed=X
68006. Filename=soundtctrls.exe
68007. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzv.html" target="_blank">AGOBOT-ZV</a> WORM!
68008. Source=Paul Collins Startup list
68009.  
68010. [SoundView]
68011. Number=9655
68012. Confirmed=X
68013. Filename=msdview32.exe
68014. Description=Trojan downloader
68015. Source=Paul Collins Startup list
68016.  
68017. [sounofts]
68018. Number=9656
68019. Confirmed=X
68020. Filename=sounofts.exe
68021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target="_blank">AGOBOT-ND</a> WORM!
68022. Source=Paul Collins Startup list
68023.  
68024. [sountskmanager]
68025. Number=9657
68026. Confirmed=X
68027. Filename=sountaskmgr
68028. Description=Added by an unidentified WORM or TROJAN!
68029. Source=Paul Collins Startup list
68030.  
68031. [SourcePath]
68032. Number=9658
68033. Confirmed=N
68034. Filename=gwreg.exe
68035. Description=Used to update Gateway registry settings for System Restoration Kit and Web update programs
68036. Source=Paul Collins Startup list
68037.  
68038. [sp]
68039. Number=9659
68040. Confirmed=X
68041. Filename=sp.reg
68042. Description=IE search hijacker - changes the default search to http://www.gocybersearch.com/
68043. Source=Paul Collins Startup list
68044.  
68045. [sp]
68046. Number=9660
68047. Confirmed=X
68048. Filename=regedit-s .... sp.dll
68049. Description=Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See <a href="http://groups.google.com/group/24hoursupport.helpdesk/msg/254b5607908a83a8?q=sp.dll%2Bregedit&hl=en&rnum=3" target="_blank">here</a> for more and a fix
68050. Source=Paul Collins Startup list
68051.  
68052. [sp]
68053. Number=9661
68054. Confirmed=X
68055. Filename=se.dll, DllInstall
68056. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031516-3051-99" target=_blank>Startpage.M</a> hijacker
68057. Source=Paul Collins Startup list
68058.  
68059. [sp]
68060. Number=9662
68061. Confirmed=X
68062. Filename=rundll32 (Path to Trojan DLL), DllInstall
68063. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojablankw.html" target=_blank>ABLANK-W</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojablankz.html" target=_blank>ABLANK-Z</a> TROJANS!
68064. Source=Paul Collins Startup list
68065.  
68066. [SP TimeSync]
68067. Number=9663
68068. Confirmed=U
68069. Filename=SP TimeSync.exe
68070. Description=SP <a href="http://www.spdialer.com/timesync/" target="_blank">TimeSync</a> lets you synchronize your computer's clock with any Internet atomic clock (time server)
68071. Source=Paul Collins Startup list
68072.  
68073. [SP00LSV]
68074. Number=9664
68075. Confirmed=X
68076. Filename=Sp00lsv.exe
68077. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081407-2316-99" target="_blank">GRAYBIRD.E</a> TROJAN!
68078. Source=Paul Collins Startup list
68079.  
68080. [SP2 Connection Patcher]
68081. Number=9665
68082. Confirmed=U
68083. Filename=SP2ConnPatcher.exe
68084. Description=Changes limit of concurrent TCP connections of Windows Service Pack 2
68085. Source=Paul Collins Startup list
68086.  
68087. [SP2 data]
68088. Number=9666
68089. Confirmed=X
68090. Filename=[path] repcale.exe [path] apc.exe
68091. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
68092. Source=Paul Collins Startup list
68093.  
68094. [SP2 Firewall/Internet Updater]
68095. Number=9667
68096. Confirmed=X
68097. Filename=crssrs.exe
68098. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJO&VSect=P" target=_blank>RBOT.BJO</a> WORM!
68099. Source=Paul Collins Startup list
68100.  
68101. [sp2chk.exe]
68102. Number=9668
68103. Confirmed=X
68104. Filename=sp2chk.exe
68105. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41372" target=_blank>ALUROOT.A</a> TROJAN!
68106. Source=Paul Collins Startup list
68107.  
68108. [sp2ctr]
68109. Number=9669
68110. Confirmed=X
68111. Filename=sp2ctr.exe
68112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucam.html" target="_blank">DLUCA-M</a> TROJAN!
68113. Source=Paul Collins Startup list
68114.  
68115. [sp2fwxp]
68116. Number=9670
68117. Confirmed=X
68118. Filename=sp2fwxp.exe
68119. Description=Added by the SMALL.ABW TROJAN!
68120. Source=Paul Collins Startup list
68121.  
68122. [sp2update]
68123. Number=9671
68124. Confirmed=X
68125. Filename=sp2update.exe
68126. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080811-4648-99" target=_blank>SP2Update</a> adware! Tracks URLs visited and search terms entered into Internet Explorer
68127. Source=Paul Collins Startup list
68128.  
68129. [Spam Blocker for Outlook Express]
68130. Number=9672
68131. Confirmed=X
68132. Filename=SBInst.exe
68133. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075474" target=_blank>HotBar</a> related
68134. Source=Paul Collins Startup list
68135.  
68136. [SPAM FIREWALL]
68137. Number=9673
68138. Confirmed=X
68139. Filename=mfirewall.exe
68140. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AOU&VSect=T" target=_blank>SDBOT.AOU</a> WORM!
68141. Source=Paul Collins Startup list
68142.  
68143. [Spam Sleuth]
68144. Number=9674
68145. Confirmed=U
68146. Filename=SpamSleuth.exe
68147. Description=Spam Sleuth E-mail spam detection program
68148. Source=Paul Collins Startup list
68149.  
68150. [SpamBlocker]
68151. Number=9675
68152. Confirmed=X
68153. Filename=SbOEAddOn.exe
68154. Description=Related to <a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar's</a> Weather Forecast tool for your desktop
68155. Source=Paul Collins Startup list
68156.  
68157. [SPAMfighter Agent]
68158. Number=9676
68159. Confirmed=U
68160. Filename=SFAgent.exe
68161. Description=<a href="http://www.spamfighter.com/" target= blank>SPAMfighter</a> anti email spam filter
68162. Source=Paul Collins Startup list
68163.  
68164. [spamihilator]
68165. Number=9677
68166. Confirmed=U
68167. Filename=spamihilator.exe
68168. Description=<a href="http://www.spamihilator.com/" target="_blank">Spamihilator</a> - spam filter
68169. Source=Paul Collins Startup list
68170.  
68171. [SpamPal]
68172. Number=9678
68173. Confirmed=U
68174. Filename=spampal.exe
68175. Description=<a href="http://www.spampal.org/" target="_blank">SpamPal</a> - anti-spam tool
68176. Source=Paul Collins Startup list
68177.  
68178. [SpamSubtract]
68179. Number=9679
68180. Confirmed=U
68181. Filename=SpamSubtract.exe
68182. Description=Intermute <a href="http://www.intermute.com/spamsubtract/" target="_blank">SpamSubtract</a> - junk email detection and removal program
68183. Source=Paul Collins Startup list
68184.  
68185. [Spark]
68186. Number=9680
68187. Confirmed=U
68188. Filename=Spark.exe
68189. Description=<a href="http://www.igniterealtime.org/downloads/index.jsp#spark" target="_blank">Spark</a> instant messaging server
68190. Source=Paul Collins Startup list
68191.  
68192. [spc_w]
68193. Number=9681
68194. Confirmed=N
68195. Filename=hcm.exe
68196. Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target=_blank>NetZero</a> Search Enhancement related
68197. Source=Paul Collins Startup list
68198.  
68199. [spc_w]
68200. Number=9682
68201. Confirmed=N
68202. Filename=blspc.exe
68203. Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target=_blank>NetZero</a> Search Enhancement related
68204. Source=Paul Collins Startup list
68205.  
68206. [spc_w]
68207. Number=9683
68208. Confirmed=N
68209. Filename=nzspc.exe
68210. Description=<a href="http://www.netzero.net/support/info/search-enhance.html" target="_blank">NetZero</a> Search Enhancement related
68211. Source=Paul Collins Startup list
68212.  
68213. [Spdstart]
68214. Number=9684
68215. Confirmed=N
68216. Filename=Spdstart.exe
68217. Description=Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel."
68218. Source=Paul Collins Startup list
68219.  
68220. [Speaking Clock Deluxe]
68221. Number=9685
68222. Confirmed=U
68223. Filename=SpClDlx.exe
68224. Description=<a href="http://www.lux-aeterna.com/clock/" target="_blank">Speaking Clock Deluxe</a> - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly
68225. Source=Paul Collins Startup list
68226.  
68227. [Special Firewall Service]
68228. Number=9686
68229. Confirmed=X
68230. Filename=avguard.exe
68231. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030415-2336-99" target="_blank">NETSKY.G</a> WORM!
68232. Source=Paul Collins Startup list
68233.  
68234. [SpecialOffers]
68235. Number=9687
68236. Confirmed=X
68237. Filename=SpecialOffers*.exe [* = digit]
68238. Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453088690" target=_blank>SpecialOffers</a> adware
68239.  
68240. Source=Paul Collins Startup list
68241.  
68242. [SpecialOffers]
68243. Number=9688
68244. Confirmed=X
68245. Filename=SpecialOffers.exe
68246. Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453088690" target=_blank>SpecialOffers</a> adware
68247.  
68248. Source=Paul Collins Startup list
68249.  
68250. [specific]
68251. Number=9689
68252. Confirmed=X
68253. Filename=specixic.exe
68254. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
68255. Source=Paul Collins Startup list
68256.  
68257. [Speed racer]
68258. Number=9690
68259. Confirmed=N
68260. Filename=CTSRReg.exe
68261. Description=Software for a Creative sound card
68262. Source=Paul Collins Startup list
68263.  
68264. [Speed Tec]
68265. Number=9691
68266. Confirmed=U
68267. Filename=speedtec.exe
68268. Description=<a href="http://www.montanasoft.com/speedtec/index.php" target="_blank">Accel SpeedTec</a> from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled
68269. Source=Paul Collins Startup list
68270.  
68271. [SpeedBoss]
68272. Number=9692
68273. Confirmed=X
68274. Filename=[worm filename]
68275. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100318-3337-99" target="_blank">OPASERV.AD</a> WORM!
68276. Source=Paul Collins Startup list
68277.  
68278. [SpeedItUp]
68279. Number=9693
68280. Confirmed=U
68281. Filename=SPEEDITUP.EXE
68282. Description=<a href="http://www.microsmartsllc.com/speeditup.html" target=_blank>Speed It Up</a> - "all in one Speed Booster designed to significantly increase the speed of your computer and boost your PC available memory"
68283.  
68284. Source=Paul Collins Startup list
68285.  
68286. [Speedkey]
68287. Number=9694
68288. Confirmed=U
68289. Filename=SPEEDKEY.EXE
68290. Description=Additional keyboard shortcuts on MS programmable keyboard
68291. Source=Paul Collins Startup list
68292.  
68293. [SpeedMeter]
68294. Number=9695
68295. Confirmed=U
68296. Filename=SpeedMeter.exe
68297. Description=Application measuring upload and download speed
68298. Source=Paul Collins Startup list
68299.  
68300. [SpeedOptimizer]
68301. Number=9696
68302. Confirmed=U
68303. Filename=spo.exe
68304. Description=<a href="http://www.speedoptimizer.com/" target=_blank>SpeedOptimizer</a> is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication
68305. Source=Paul Collins Startup list
68306.  
68307. [SpeedswitchXP]
68308. Number=9697
68309. Confirmed=U
68310. Filename=SpeedswitchXP.exe
68311. Description=<a href="http://www.diefer.de/speedswitchxp/" target=_blank>SpeedswitchXP</a> is a CPU frequency control for notebooks running Windows XP
68312. Source=Paul Collins Startup list
68313.  
68314. [Speedtouch USB Diagnostics]
68315. Number=9698
68316. Confirmed=U
68317. Filename=Dragdiag.exe
68318. Description=For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)
68319. Source=Paul Collins Startup list
68320.  
68321. [SpeedUpMyPC]
68322. Number=9699
68323. Confirmed=U
68324. Filename=SpeedUpMyPC.exe
68325. Description=<a href="http://www.lidownloads.com/partners/sites/pacsportal/speedup/" target= blank>SpeedUpMyPC</a> "automatically fine-tunes all your resources including hardware, system settings and internet usage to operate at peak performance at all times"
68326. Source=Paul Collins Startup list
68327.  
68328. [Spees1]
68329. Number=9700
68330. Confirmed=X
68331. Filename=speedy.scr
68332. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Y" target="_blank">OPASERV.Y</a> WORM!
68333. Source=Paul Collins Startup list
68334.  
68335. [Spees2]
68336. Number=9701
68337. Confirmed=X
68338. Filename=Speedy.bat
68339. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100318-3337-99" target="_blank">OPASERV.AD</a> WORM!
68340. Source=Paul Collins Startup list
68341.  
68342. [Spees3]
68343. Number=9702
68344. Confirmed=X
68345. Filename=SPEEDY.PIF
68346. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD" target="_blank">OPASERV.AD</a> WORM!
68347. Source=Paul Collins Startup list
68348.  
68349. [Spellex Anywhere]
68350. Number=9703
68351. Confirmed=N
68352. Filename=sa.exe
68353. Description=<a href="http://www.spellex.com/Spellex-Anywhere/default.htm" target="_blank">Spellex-Anywhere</a> - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used
68354. Source=Paul Collins Startup list
68355.  
68356. [SpIDerMail]
68357. Number=9704
68358. Confirmed=Y
68359. Filename=spiderml.exe
68360. Description=<a href="http://www.drweb.com/" target="_blank">DrWeb</a> antivirus Spider Mail e-mail scanner
68361. Source=Paul Collins Startup list
68362.  
68363. [Spinner Plus]
68364. Number=9705
68365. Confirmed=N
68366. Filename=spinner.exe
68367. Description="Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs
68368. Source=Paul Collins Startup list
68369.  
68370. [SPINX]
68371. Number=9706
68372. Confirmed=X
68373. Filename=Wscript.exe OXNEY.B.VBS
68374. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110112-5735-99" target=_blank>YENO.B</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110113-0557-99" target=_blank>YENO.C</a> WORMS!
68375.  
68376. Source=Paul Collins Startup list
68377.  
68378. [SPnt]
68379. Number=9707
68380. Confirmed=X
68381. Filename=SPnt.exe
68382. Description=Premium rate adult content dialler
68383. Source=Paul Collins Startup list
68384.  
68385. [SpokeSysTray]
68386. Number=9708
68387. Confirmed=U
68388. Filename=SpokeSysTray.exe
68389. Description=<a href="http://www.spoke.com/" target="_blank">Spoke Software</a> client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"
68390. Source=Paul Collins Startup list
68391.  
68392. [spolsvr2]
68393. Number=9709
68394. Confirmed=X
68395. Filename=spolsvr2.exe
68396. Description=Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
68397. Source=Paul Collins Startup list
68398.  
68399. [spoo1sv]
68400. Number=9710
68401. Confirmed=X
68402. Filename=spoo1sv.exe
68403. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040313-4813-99" target="_blank">SOULJET</a> TROJAN!
68404. Source=Paul Collins Startup list
68405.  
68406. [Spool]
68407. Number=9711
68408. Confirmed=X
68409. Filename=[path to trojan]
68410. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011209-1429-99" target=_blank>RANKY.R</a> TROJAN!
68411. Source=Paul Collins Startup list
68412.  
68413. [Spool]
68414. Number=9712
68415. Confirmed=X
68416. Filename=wys.exe
68417. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041704-3813-99" target=_blank>WhileUSurf</a> adware
68418. Source=Paul Collins Startup list
68419.  
68420. [SPOOL Configuration]
68421. Number=9713
68422. Confirmed=X
68423. Filename=spoolsvc.exe
68424. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotkd.html" target="_blank">SDBOT-KD</a> WORM!
68425. Source=Paul Collins Startup list
68426.  
68427. [Spool Loader]
68428. Number=9714
68429. Confirmed=N
68430. Filename=spool.exe
68431. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
68432. Source=Paul Collins Startup list
68433.  
68434. [Spool LoadKIt]
68435. Number=9715
68436. Confirmed=X
68437. Filename=spoolv.exe
68438. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
68439. Source=Paul Collins Startup list
68440.  
68441. [Spool lptt01]
68442. Number=9716
68443. Confirmed=X
68444. Filename=spool.exe
68445. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
68446. Source=Paul Collins Startup list
68447.  
68448. [Spool Manager]
68449. Number=9717
68450. Confirmed=X
68451. Filename=spoolsrv.exe
68452. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfr.html" target=_blank>BANKER-FR</a> TROJAN!
68453. Source=Paul Collins Startup list
68454.  
68455. [Spool ml097e]
68456. Number=9718
68457. Confirmed=X
68458. Filename=spool.exe
68459. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "spool" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
68460. Source=Paul Collins Startup list
68461.  
68462. [Spool32]
68463. Number=9719
68464. Confirmed=X
68465. Filename=pool32.exe
68466. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasinf.html" target= blank>ASSASIN-F</a> TROJAN!
68467. Source=Paul Collins Startup list
68468.  
68469. [spoolax]
68470. Number=9720
68471. Confirmed=X
68472. Filename=[path to trojan]
68473. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdad.html" target=_blank>PERDA-D</a> TROJAN!
68474. Source=Paul Collins Startup list
68475.  
68476. [Spooler Service]
68477. Number=9721
68478. Confirmed=X
68479. Filename=Spoolsrv.exe
68480. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JOINER.C1" target="_blank">JOINER.C1</a> TROJAN!
68481. Source=Paul Collins Startup list
68482.  
68483. [Spooler Sub System Process]
68484. Number=9722
68485. Confirmed=X
68486. Filename=SPOOL32.EXE
68487. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A" target="_blank">YAB.A</a> TROJAN!
68488. Source=Paul Collins Startup list
68489.  
68490. [Spooler Subsystem]
68491. Number=9723
68492. Confirmed=X
68493. Filename=spoolsub.exe
68494. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabg.html" target=_blank>SDBOT-ABG</a> TROJAN!
68495. Source=Paul Collins Startup list
68496.  
68497. [Spooler SubSystem App]
68498. Number=9724
68499. Confirmed=X
68500. Filename=spoolsvc.exe
68501. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
68502. Source=Paul Collins Startup list
68503.  
68504. [Spooler SubSystem App]
68505. Number=9725
68506. Confirmed=X
68507. Filename=spooIsv.exe
68508. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
68509. Source=Paul Collins Startup list
68510.  
68511. [Spooler SubSystem Application]
68512. Number=9726
68513. Confirmed=X
68514. Filename=localsvc.exe
68515. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68516. Source=Paul Collins Startup list
68517.  
68518. [Spooler SubSystem Application]
68519. Number=9727
68520. Confirmed=X
68521. Filename=netsvc.exe
68522. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68523. Source=Paul Collins Startup list
68524.  
68525. [Spooler SubSystem Application]
68526. Number=9728
68527. Confirmed=X
68528. Filename=spoolsvc.exe
68529. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68530. Source=Paul Collins Startup list
68531.  
68532. [Spooler SubSystem Application]
68533. Number=9729
68534. Confirmed=X
68535. Filename=svcadmin.exe
68536. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68537. Source=Paul Collins Startup list
68538.  
68539. [Spooler SubSystem Application]
68540. Number=9730
68541. Confirmed=X
68542. Filename=svcman.exe
68543. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68544. Source=Paul Collins Startup list
68545.  
68546. [Spooler SubSystem Application]
68547. Number=9731
68548. Confirmed=X
68549. Filename=svcrun.exe
68550. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68551. Source=Paul Collins Startup list
68552.  
68553. [Spooler SubSystem Application]
68554. Number=9732
68555. Confirmed=X
68556. Filename=tcpsvc.exe
68557. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68558. Source=Paul Collins Startup list
68559.  
68560. [Spooler SubSystem Application]
68561. Number=9733
68562. Confirmed=X
68563. Filename=websvc.exe
68564. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
68565. Source=Paul Collins Startup list
68566.  
68567. [Spooler Subsytem App]
68568. Number=9734
68569. Confirmed=X
68570. Filename=spoolsvc.exe
68571. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotmm.html" target=_blank>SDBOT-MM</a> WORM!
68572. Source=Paul Collins Startup list
68573.  
68574. [SpoolerSubSystemProcess]
68575. Number=9735
68576. Confirmed=X
68577. Filename=SpooI32.exe
68578. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073000" target="_blank">EHKS.21</a> keylogger! Note - the "I" between "o" and "3" is a capital "i" not a lower case "L"
68579. Source=Paul Collins Startup list
68580.  
68581. [Spools Service Controller]
68582. Number=9736
68583. Confirmed=X
68584. Filename=spools.exe
68585. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kassbotc.html" target= blank>KASSBOT-C</a> WORM!
68586. Source=Paul Collins Startup list
68587.  
68588. [spoolserv]
68589. Number=9737
68590. Confirmed=X
68591. Filename=spoolserv.exe
68592. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html" target="_blank">SDBOT-PN</a> WORM!
68593. Source=Paul Collins Startup list
68594.  
68595. [SpoolService]
68596. Number=9738
68597. Confirmed=X
68598. Filename=spolsv.exe
68599. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotcs.html" target=_blank>AGOBOT-CS</a> WORM!
68600.  
68601. Source=Paul Collins Startup list
68602.  
68603. [Spoolsv]
68604. Number=9739
68605. Confirmed=X
68606. Filename=Spoolsv.exe
68607. Description=Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
68608. Source=Paul Collins Startup list
68609.  
68610. [spoolsv]
68611. Number=9740
68612. Confirmed=X
68613. Filename=scvhosts.exe
68614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaw.html" target=_blank>SMALL-AW</a> TROJAN!
68615. Source=Paul Collins Startup list
68616.  
68617. [spoolsv]
68618. Number=9741
68619. Confirmed=X
68620. Filename=svchost.exe
68621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfi.html" target=_blank>DLOADER-FI</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Winnt or Windows folder
68622. Source=Paul Collins Startup list
68623.  
68624. [spoolsv]
68625. Number=9742
68626. Confirmed=X
68627. Filename=spoclsv.exe
68628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksm.html" target="_blank">Fujacks-M</a> WORM!
68629. Source=Paul Collins Startup list
68630.  
68631. [spoolsv manager]
68632. Number=9743
68633. Confirmed=X
68634. Filename=SpoolMgr.exe
68635. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022300-0309-99" target=_blank>ASSIRAL</a> WORM!
68636. Source=Paul Collins Startup list
68637.  
68638. [spoolsv service]
68639. Number=9744
68640. Confirmed=X
68641. Filename=spoolsv32.exe
68642. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahp.html" target=_blank>RBOT-AHP</a> WORM!
68643. Source=Paul Collins Startup list
68644.  
68645. [SPOOLSV32]
68646. Number=9745
68647. Confirmed=X
68648. Filename=SPOOLSV32.EXE
68649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsi.html" target=_blank>CWS-I</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojhazifb.html" target=_blank>HAZIF-B</a> TROJANS!
68650. Source=Paul Collins Startup list
68651.  
68652. [spoolsvc]
68653. Number=9746
68654. Confirmed=X
68655. Filename=spoolsvc.exe
68656. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdropperat.html" target= blank>DROPPER-AT</a> TROJAN!
68657. Source=Paul Collins Startup list
68658.  
68659. [spoolsvr32]
68660. Number=9747
68661. Confirmed=X
68662. Filename=csmss.exe
68663. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!
68664.  
68665. Source=Paul Collins Startup list
68666.  
68667. [spoolsvr32]
68668. Number=9748
68669. Confirmed=X
68670. Filename=csmss32.exe
68671. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentau.html" target=_blank>AGENT-AU</a> TROJAN!
68672. Source=Paul Collins Startup list
68673.  
68674. [spoolsvs.exe]
68675. Number=9749
68676. Confirmed=X
68677. Filename=spoolsvs.exe
68678. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderrk.html" target=_blank>DLOADER-RK</a> TROJAN!
68679. Source=Paul Collins Startup list
68680.  
68681. [SPOOLSVU]
68682. Number=9750
68683. Confirmed=X
68684. Filename=SPOOLSVU.EXE
68685. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031109-3305-99" target=_blank>STARTPAGE.K</a> hijacker
68686. Source=Paul Collins Startup list
68687.  
68688. [spoolsvv]
68689. Number=9751
68690. Confirmed=X
68691. Filename=spoolsvv.exe
68692. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
68693. Source=Paul Collins Startup list
68694.  
68695. [Spoolvs]
68696. Number=9752
68697. Confirmed=X
68698. Filename=spoolvs.exe
68699. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AUS&VSect=P" target=_blank>SDBOT.AUS</a> WORM!
68700. Source=Paul Collins Startup list
68701.  
68702. [Spore]
68703. Number=9753
68704. Confirmed=X
68705. Filename=MsNews.vbs
68706. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121410-0858-99" target=_blank>SPORE.A</a> WORM!
68707. Source=Paul Collins Startup list
68708.  
68709. [Spore.b]
68710. Number=9754
68711. Confirmed=X
68712. Filename=Scmhlpr.vbs
68713. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121511-2555-99" target=_blank>SPORE.B</a> WORM!
68714. Source=Paul Collins Startup list
68715.  
68716. [SPP]
68717. Number=9755
68718. Confirmed=?
68719. Filename=run.exe
68720. Description=<font color="#FF0000">??</font>
68721. Source=Paul Collins Startup list
68722.  
68723. [spp]
68724. Number=9756
68725. Confirmed=X
68726. Filename=regedit -s spp.reg
68727. Description=IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
68728. Source=Paul Collins Startup list
68729.  
68730. [sppbridge]
68731. Number=9757
68732. Confirmed=?
68733. Filename=sppbridge.exe
68734. Description=Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example.<font color="#FF0000"> Is it required or can it be started manually? </font>
68735. Source=Paul Collins Startup list
68736.  
68737. [SprintPort]
68738. Number=9758
68739. Confirmed=?
68740. Filename=SprintPortA.exe
68741. Description=Novatel wireless modem related. <font color="#FF0000"> What does it do and is it required?</font>
68742. Source=Paul Collins Startup list
68743.  
68744. [SpriteService]
68745. Number=9759
68746. Confirmed=U
68747. Filename=SpriteService.exe
68748. Description=<a href="http://www.spritesoftware.com/" target="_blank">Sprite Backup</a> is a backup application for Windows Mobile Pocket PC or Smartphone
68749. Source=Paul Collins Startup list
68750.  
68751. [SPSTEALT]
68752. Number=9760
68753. Confirmed=U
68754. Filename=SmartProtectorPro.exe
68755. Description=<a href="http://smartprotector.com/eraser/index.htm" target="_blank">Smart Protector Pro</a> - internet privacy tool that erases tracks, MRU lists, etc
68756. Source=Paul Collins Startup list
68757.  
68758. [spstore]
68759. Number=9761
68760. Confirmed=?
68761. Filename=storesp.exe
68762. Description=<a href="http://www.softprobe.com/" target="_blank">Softprobe</a> - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup
68763.  
68764. Source=Paul Collins Startup list
68765.  
68766. [Spy Blocker]
68767. Number=9762
68768. Confirmed=U
68769. Filename=spyblocker.exe
68770. Description=<a href="http://www.spyblocker-software.com/spyblocker/sb.shtm" target="_blank">SpyBlocker</a> blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> that some applications containing spyware subsystems may not run correctly or at all
68771. Source=Paul Collins Startup list
68772.  
68773. [Spy Protector]
68774. Number=9763
68775. Confirmed=U
68776. Filename=SpyProtector.exe
68777. Description=Included in the full version of Security Task Manager, <a href="http://www.neuber.com/taskmanager/" target="_blank">Spy Protector</a> prevents keyboard and mouse monitoring, warns when the registry is changed and eliminates internet activity and work traces
68778. Source=Paul Collins Startup list
68779.  
68780. [Spy-Control]
68781. Number=9764
68782. Confirmed=N
68783. Filename=Spy-Control.exe
68784. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
68785. Source=Paul Collins Startup list
68786.  
68787. [Spy-Keylogger]
68788. Number=9765
68789. Confirmed=U
68790. Filename=skl.exe
68791. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spykeylogger.html" target=blank>SpyKeylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
68792.  
68793. Source=Paul Collins Startup list
68794.  
68795. [SpyAxe]
68796. Number=9766
68797. Confirmed=N
68798. Filename=spyaxe.exe
68799. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>. For removal instructions see <a href="http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal" target=_blank>here</a>
68800. Source=Paul Collins Startup list
68801.  
68802. [SpyBan]
68803. Number=9767
68804. Confirmed=N
68805. Filename=SpyBan.exe
68806. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
68807. Source=Paul Collins Startup list
68808.  
68809. [SpyBlast]
68810. Number=9768
68811. Confirmed=X
68812. Filename=SpyBlast.exe
68813. Description=Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others
68814. Source=Paul Collins Startup list
68815.  
68816. [SpyBlocker]
68817. Number=9769
68818. Confirmed=U
68819. Filename=spyblocker.exe
68820. Description=<a href="http://www.spyblocker-software.com/spyblocker/sb.shtm" target="_blank">SpyBlocker</a> blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> that some applications containing spyware subsystems may not run correctly or at all
68821. Source=Paul Collins Startup list
68822.  
68823. [SpyBlocs]
68824. Number=9770
68825. Confirmed=N
68826. Filename=SpyBlocs.exe
68827. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68828. Source=Paul Collins Startup list
68829.  
68830. [SpyBlocs3.0]
68831. Number=9771
68832. Confirmed=N
68833. Filename=SpyBlocs3.0.exe
68834. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68835. Source=Paul Collins Startup list
68836.  
68837. [SpybotSD TeaTimer]
68838. Number=9772
68839. Confirmed=Y
68840. Filename=TeaTimer.exe
68841. Description=TeaTimer is a permanent process and registry monitor of the <a href="http://www.safer-networking.org/" target="_blank">Spybot S&D</a> system protector which perpetually monitors the processes called/initiated. Detects processes wanting to start and gives you options on how to deal with this process in the future
68842. Source=Paul Collins Startup list
68843.  
68844. [SpyBotSnD]
68845. Number=9773
68846. Confirmed=U
68847. Filename=Spybotsd.exe
68848. Description=<a href="http://www.safer-networking.org/" target="_blank">Spybot - Search & Destroy</a> - free multi-spyware removal tool from Safer Networking Ltd.
68849. Source=Paul Collins Startup list
68850.  
68851. [Spybott lptt01]
68852. Number=9774
68853. Confirmed=X
68854. Filename=spybott.exe
68855. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
68856. Source=Paul Collins Startup list
68857.  
68858. [Spybott ml097e]
68859. Number=9775
68860. Confirmed=X
68861. Filename=spybott.exe
68862. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spybott" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
68863. Source=Paul Collins Startup list
68864.  
68865. [SpyClean]
68866. Number=9776
68867. Confirmed=X
68868. Filename=1ClickSpyClean.exe
68869. Description=1 Click Spy Clean uses a database that was stolen from <a href="http://www.safer-networking.org/en/download/index.html" target=_blank>SpybotS&D</a>. Not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
68870. Source=Paul Collins Startup list
68871.  
68872. [SpyCop ScanCheck]
68873. Number=9777
68874. Confirmed=U
68875. Filename=MAIN.EXE
68876. Description=<a href="http://www.spycop.com/" target="_blank">SpyCop</a> surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
68877. Source=Paul Collins Startup list
68878.  
68879. [SpyEmergency]
68880. Number=9778
68881. Confirmed=U
68882. Filename=SpyEmergency.exe
68883. Description=<a href="http://www.netgate.sk/index.php?option=com_content&task=view&id=18&Itemid=41" target="_blank">SpyEmergency</a> security software from Netgate
68884. Source=Paul Collins Startup list
68885.  
68886. [SpyEx]
68887. Number=9779
68888. Confirmed=X
68889. Filename=Winllogo.exe
68890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32prskeya.html" target=_blank>PRSKEY-A</a> WORM!
68891. Source=Paul Collins Startup list
68892.  
68893. [SpyFighterMonitor]
68894. Number=9780
68895. Confirmed=N
68896. Filename=SpyFighter.exe
68897. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a> 
68898. Source=Paul Collins Startup list
68899.  
68900. [SpyFighterUpdate]
68901. Number=9781
68902. Confirmed=N
68903. Filename=AutoUpdate.exe
68904. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
68905. Source=Paul Collins Startup list
68906.  
68907. [SpyHealer]
68908. Number=9782
68909. Confirmed=N
68910. Filename=SpyHealer.exe
68911. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68912. Source=Paul Collins Startup list
68913.  
68914. [SpyHeals]
68915. Number=9783
68916. Confirmed=X
68917. Filename=SpyHeals.exe
68918. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
68919. Source=Paul Collins Startup list
68920.  
68921. [SpyHunter]
68922. Number=9784
68923. Confirmed=N
68924. Filename=SpyHunter.exe
68925. Description=Enigma SpyHunter - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note" target="_blank">note</a>
68926. Source=Paul Collins Startup list
68927.  
68928. [Spykiller]
68929. Number=9785
68930. Confirmed=U
68931. Filename=Spykiller.exe
68932. Description=Spyware remover - older versions are not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#maxion_note" target="_blank">here</a>
68933. Source=Paul Collins Startup list
68934.  
68935. [SpyNuker]
68936. Number=9786
68937. Confirmed=X
68938. Filename=Spynuker.exe
68939. Description=A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers 'TrekData' and 'Blue Haven Media', who distribute spyware through ActiveX drive-by-download on web pages
68940. Source=Paul Collins Startup list
68941.  
68942. [SpyOnThis Monitor]
68943. Number=9787
68944. Confirmed=N
68945. Filename=SpyOnThisMonitor.exe
68946. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68947. Source=Paul Collins Startup list
68948.  
68949. [SpyQuake2.com]
68950. Number=9788
68951. Confirmed=N
68952. Filename=Spy-Quake2.exe
68953. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68954. Source=Paul Collins Startup list
68955.  
68956. [SpySheriff]
68957. Number=9789
68958. Confirmed=X
68959. Filename=SpySheriff.exe
68960. Description=<a href="http://www.bleepingcomputer.com/forums/topic22402.html" target="_blank">SpySheriff</a> malware
68961. Source=Paul Collins Startup list
68962.  
68963. [SpySpotter]
68964. Number=9790
68965. Confirmed=N
68966. Filename=SpySpotter.exe
68967. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
68968. Source=Paul Collins Startup list
68969.  
68970. [SpyStopper]
68971. Number=9791
68972. Confirmed=U
68973. Filename=spystopper.exe
68974. Description=<a href="http://www.itcompany.com/Privacy.htm" target="_blank">SpyStopper</a> - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked
68975. Source=Paul Collins Startup list
68976.  
68977. [SpySubtract]
68978. Number=9792
68979. Confirmed=U
68980. Filename=SpySub.exe
68981. Description=<a href="http://www.intermute.com/spysubtract/" target=_blank>SpySubtract</a> - multi spyware removal tool
68982. Source=Paul Collins Startup list
68983.  
68984. [SpySweeper]
68985. Number=9793
68986. Confirmed=U
68987. Filename=SpySweeper.exe
68988. Description=<a href="http://www.webroot.com/consumer/products/spysweeper/" target="_blank">Spy Sweeper</a> - detects and removes spyware
68989. Source=Paul Collins Startup list
68990.  
68991. [SpySweeperEnterprise]
68992. Number=9794
68993. Confirmed=U
68994. Filename=SpySweeperUI.exe
68995. Description=User interface for <a href="http://www.webroot.com/business/products/spysweeperenterprise/" target="_blank">Spy Sweeper Enterprise</a> edition - "a centrally managed, scalable enterprise solution that provides best of breed protection against all types of malicious spyware, adware, and other harmful intruders"
68996. Source=Paul Collins Startup list
68997.  
68998. [SpyTrooper]
68999. Number=9795
69000. Confirmed=X
69001. Filename=SpyTrooper.exe
69002. Description=SpyTrooper - malware posing as a spyware remover, see <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=89503&sind=0" target="_blank">here</a>
69003. Source=Paul Collins Startup list
69004.  
69005. [Spyware]
69006. Number=9796
69007. Confirmed=N
69008. Filename=Spyware.exe
69009. Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69010. Source=Paul Collins Startup list
69011.  
69012. [Spyware Begone]
69013. Number=9797
69014. Confirmed=U
69015. Filename=SpywareBeGone.exe
69016. Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware BeGone</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
69017. Source=Paul Collins Startup list
69018.  
69019. [Spyware Begone]
69020. Number=9798
69021. Confirmed=U
69022. Filename=freescan.exe
69023. Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware BeGone</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
69024. Source=Paul Collins Startup list
69025.  
69026. [Spyware Doctor]
69027. Number=9799
69028. Confirmed=U
69029. Filename=spydoctor.exe
69030. Description=<a href="http://www.pctools.com/spyware-doctor/" target=_blank>Spyware Doctor</a> spyware remover
69031. Source=Paul Collins Startup list
69032.  
69033. [Spyware Doctor]
69034. Number=9800
69035. Confirmed=U
69036. Filename=swdoctor.exe
69037. Description=<a href="http://www.pctools.com/spyware-doctor/" target=_blank>Spyware Doctor</a> spyware remover
69038. Source=Paul Collins Startup list
69039.  
69040. [Spyware Guard Control Panel]
69041. Number=9801
69042. Confirmed=U
69043. Filename=spywar~1.exe
69044. Description=<p align=left>"<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
69045. Source=Paul Collins Startup list
69046.  
69047. [Spyware Nuker]
69048. Number=9802
69049. Confirmed=U
69050. Filename=swn2.exe
69051. Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
69052.  
69053. Source=Paul Collins Startup list
69054.  
69055. [Spyware Nuker Installer]
69056. Number=9803
69057. Confirmed=U
69058. Filename=SpywareNukerInstaller.exe
69059. Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
69060.  
69061. Source=Paul Collins Startup list
69062.  
69063. [Spyware remover]
69064. Number=9804
69065. Confirmed=X
69066. Filename=Remove_spyware.exe
69067. Description=Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!
69068.  
69069. Source=Paul Collins Startup list
69070.  
69071. [Spyware Scanner]
69072. Number=9805
69073. Confirmed=U
69074. Filename=AseScanner.exe
69075. Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see <a href="http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/" target=_blank>here</a> and <a href="http://netrn.net/spywareblog/archives/2004/11/06/aluria-confused/" target=_blank>here</a>
69076. Source=Paul Collins Startup list
69077.  
69078. [SpyWare Shield]
69079. Number=9806
69080. Confirmed=U
69081. Filename=Shield.exe
69082. Description=Acronis Privacy Expert <a href="http://www.acronis.com/enterprise/products/privacyexpert/spyware-shield.html" target=_blank>Spyware Shield</a> prevents spyware and other suspicious programs from being installed on PCs
69083. Source=Paul Collins Startup list
69084.  
69085. [Spyware Slayer]
69086. Number=9807
69087. Confirmed=N
69088. Filename=SpywareSlayer.Exe
69089. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69090. Source=Paul Collins Startup list
69091.  
69092. [Spyware Soft Stop]
69093. Number=9808
69094. Confirmed=N
69095. Filename=Spyware Soft Stop.exe
69096. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69097. Source=Paul Collins Startup list
69098.  
69099. [Spyware Stormer]
69100. Number=9809
69101. Confirmed=N
69102. Filename=SpywareStormer.Exe
69103. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69104. Source=Paul Collins Startup list
69105.  
69106. [Spyware Vanisher]
69107. Number=9810
69108. Confirmed=U
69109. Filename=FreeScanner.exe
69110. Description=<a href="http://www.spywarebegone.com" target="_blank">Spyware Vanisher</a> - spyware removal utility. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#spybegone_note" target="_blank">here</a>
69111. Source=Paul Collins Startup list
69112.  
69113. [Spyware X-terminator]
69114. Number=9811
69115. Confirmed=U
69116. Filename=SpywareX.exe
69117. Description=<a href="http://www.stompsoft.com/spywarexterminator.html" target=_blank>Spyware X-terminator</a> - spyware remover
69118. Source=Paul Collins Startup list
69119.  
69120. [Spyware-Cop]
69121. Number=9812
69122. Confirmed=N
69123. Filename=Spyware-Cop.exe
69124. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69125. Source=Paul Collins Startup list
69126.  
69127. [SpywareBot]
69128. Number=9813
69129. Confirmed=N
69130. Filename=SpywareBot.exe
69131. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>note</a>
69132.  
69133. Source=Paul Collins Startup list
69134.  
69135. [spywarefighterguard]
69136. Number=9814
69137. Confirmed=U
69138. Filename=spfprc.exe
69139. Description=Spyware Fighter - anti spyware program
69140.  
69141. Source=Paul Collins Startup list
69142.  
69143. [SpywareGuard]
69144. Number=9815
69145. Confirmed=U
69146. Filename=sgmain.exe
69147. Description=<p align=left>"<a href="http://www.wilderssecurity.net/spywareguard.html" target="_blank">SpywareGuard</a> provides a real-time protection solution against spyware"
69148. Source=Paul Collins Startup list
69149.  
69150. [SpywareGuard]
69151. Number=9816
69152. Confirmed=X
69153. Filename=winproc32.exe
69154. Description=<a href="http://www.sophos.com/virusinfo/analyses/trojstartpadl.html" target="_blank">Startpage</a> adware Trojan
69155. Source=Paul Collins Startup list
69156.  
69157. [SpywareGuard]
69158. Number=9817
69159. Confirmed=X
69160. Filename=deinst_qfe001.exe
69161. Description=Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate <a href="http://www.javacoolsoftware.com/spywareguard.html" target="_blank">SpywareGuard</a> application
69162. Source=Paul Collins Startup list
69163.  
69164. [Spywareguard lptt01]
69165. Number=9818
69166. Confirmed=X
69167. Filename=Spywareguard.exe
69168. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
69169. Source=Paul Collins Startup list
69170.  
69171. [Spywareguard ml097e]
69172. Number=9819
69173. Confirmed=X
69174. Filename=Spywareguard.exe
69175. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Spyguard" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
69176. Source=Paul Collins Startup list
69177.  
69178. [SpywareGuardPlus]
69179. Number=9820
69180. Confirmed=X
69181. Filename=winmm64.exe
69182. Description=StartPage.ht homepage hijacker
69183. Source=Paul Collins Startup list
69184.  
69185. [SpywareKilla]
69186. Number=9821
69187. Confirmed=N
69188. Filename=SpywareKilla.exe
69189. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69190. Source=Paul Collins Startup list
69191.  
69192. [SpywareLocked]
69193. Number=9822
69194. Confirmed=N
69195. Filename=SpywareLocked.exe
69196. Description=Spyware remover - not recommended, see <a href="http://www.bleepingcomputer.com/forums/topic85376.html" target="_blank">here</a>
69197. Source=Paul Collins Startup list
69198.  
69199. [SpywareLocked 3.5]
69200. Number=9823
69201. Confirmed=N
69202. Filename=SpywareLocked 3.5.exe
69203. Description=Spyware remover - not recommended, see <a href="http://www.bleepingcomputer.com/forums/topic85376.html" target="_blank">here</a>
69204. Source=Paul Collins Startup list
69205.  
69206. [SpywareNo]
69207. Number=9824
69208. Confirmed=N
69209. Filename=SpywareNo.exe
69210. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
69211. Source=Paul Collins Startup list
69212.  
69213. [SpywareQuake]
69214. Number=9825
69215. Confirmed=N
69216. Filename=SpywareQuake.exe
69217. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
69218.  
69219. Source=Paul Collins Startup list
69220.  
69221. [SpywareStrike]
69222. Number=9826
69223. Confirmed=N
69224. Filename=SpywareStrike.exe
69225. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
69226. Source=Paul Collins Startup list
69227.  
69228. [SPYWATCH]
69229. Number=9827
69230. Confirmed=N
69231. Filename=SpyWatch.exe
69232. Description=BPS spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
69233. Source=Paul Collins Startup list
69234.  
69235. [SQConfigChecker]
69236. Number=9828
69237. Confirmed=X
69238. Filename=cc.exe
69239. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
69240. Source=Paul Collins Startup list
69241.  
69242. [SQInstaller]
69243. Number=9829
69244. Confirmed=X
69245. Filename=SQInstaller.exe
69246. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
69247. Source=Paul Collins Startup list
69248.  
69249. [SQL Server]
69250. Number=9830
69251. Confirmed=N
69252. Filename=scm.exe
69253. Description=SQL Server Service Control Manager. Available via Start -> Programs
69254. Source=Paul Collins Startup list
69255.  
69256. [SQL Server Service]
69257. Number=9831
69258. Confirmed=X
69259. Filename=sql.exe
69260. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadf.html" target=_blank>RBOT-ADF</a>
69261. Source=Paul Collins Startup list
69262.  
69263. [sqservices]
69264. Number=9832
69265. Confirmed=X
69266. Filename=wins32.exe
69267. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprogentb.html" target=_blank>PROGENT-B</a> TROJAN!
69268. Source=Paul Collins Startup list
69269.  
69270. [SQUpdatesChecker]
69271. Number=9833
69272. Confirmed=X
69273. Filename=uc.exe
69274. Description=Xupiter <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>SQWire</a> toolbar related. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
69275. Source=Paul Collins Startup list
69276.  
69277. [sqvynikp]
69278. Number=9834
69279. Confirmed=X
69280. Filename=sqvynikp.exe
69281. Description=Free_Scratch_Cards foistware
69282. Source=Paul Collins Startup list
69283.  
69284. [SR Agent]
69285. Number=9835
69286. Confirmed=Y
69287. Filename=AGENTSVC.EXE
69288. Description=Related to <a href="http://www.secureresolutions.com/" target=_blank>Secure Resolutions</a> - desktop virus protection
69289.  
69290. Source=Paul Collins Startup list
69291.  
69292. [Sr Agent]
69293. Number=9836
69294. Confirmed=Y
69295. Filename=SrLogon.exe
69296. Description=Related to <a href="http://www.secureresolutions.com/" target=_blank>Secure Resolutions</a> - desktop virus protection
69297.  
69298. Source=Paul Collins Startup list
69299.  
69300. [sr1exe]
69301. Number=9837
69302. Confirmed=?
69303. Filename=updtSup3.exe
69304. Description=<font color="#FF0000">Found on a Dell computer, in a Documents and SettingsAll UsersApplication DataDellAlert2 subfolder</font>
69305. Source=Paul Collins Startup list
69306.  
69307. [sr64]
69308. Number=9838
69309. Confirmed=X
69310. Filename=[path to trojan]
69311. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=41042" target="_blank">AGENT.X</a> TROJAN!
69312. Source=Paul Collins Startup list
69313.  
69314. [SrchfstUpdate]
69315. Number=9839
69316. Confirmed=X
69317. Filename=srchupdt.exe
69318. Description=SearchFast adware downloader
69319.  
69320. Source=Paul Collins Startup list
69321.  
69322. [sre]
69323. Number=9840
69324. Confirmed=X
69325. Filename=rundll32.exe sre.dll, Register
69326. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as Trojan.Downloader.Agent.Fc
69327. Source=Paul Collins Startup list
69328.  
69329. [srePostpone]
69330. Number=9841
69331. Confirmed=?
69332. Filename=rundll32.exe [path] srescan.dll, DoSpecialAction
69333. Description=Related to <a href="http://www.zonelabs.com/" target=_blank>ZoneAlarm</a>. <font color=#FF0000>What does it do and is it required?</font>
69334.  
69335. Source=Paul Collins Startup list
69336.  
69337. [SRFirstRun]
69338. Number=9842
69339. Confirmed=?
69340. Filename=rundll32 srclient.dll, CreateFirstRunRp
69341. Description=Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. <font color="#FF0000">Does this indeed need to run at every bootup?</font>
69342. Source=Paul Collins Startup list
69343.  
69344. [Srmclean]
69345. Number=9843
69346. Confirmed=U
69347. Filename=srmclean.exe
69348. Description=Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"
69349. Source=Paul Collins Startup list
69350.  
69351. [SRNG]
69352. Number=9844
69353. Confirmed=X
69354. Filename=srng.exe
69355. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079092" target="_blank">ShopNavSearch.Srng</a> search hijacker
69356.  
69357. Source=Paul Collins Startup list
69358.  
69359. [SRP Startup]
69360. Number=9845
69361. Confirmed=U
69362. Filename=srrpro.exe
69363. Description=<a href="http://www.majorgeeks.com/download516.html" target="_blank">System Restore Remover Pro</a> allows you to safely and easily remove System Restore and various other Windows Millennium "features". This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel
69364. Source=Paul Collins Startup list
69365.  
69366. [SRS Applet]
69367. Number=9846
69368. Confirmed=Y
69369. Filename=SrsTray.Exe
69370. Description=S3 Sonic Vibes sound card drivers - if disabled you loose sound
69371. Source=Paul Collins Startup list
69372.  
69373. [SRS Audio Sandbox]
69374. Number=9847
69375. Confirmed=U
69376. Filename=SRSSSC.exe
69377. Description=<a href="http://www.srs-store.com/store-plugins/mall/sas-plugin.asp" target="_blank">SRS Audio Sandbox</a> "provide amazing audio immersion and maximum thump for a personalized audio experience!"
69378. Source=Paul Collins Startup list
69379.  
69380. [srshost.exe]
69381. Number=9848
69382. Confirmed=X
69383. Filename=srshost.exe
69384. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasw.html" target=_blank>RBOT-ASW</a> WORM!
69385. Source=Paul Collins Startup list
69386.  
69387. [Srv RPCrom]
69388. Number=9849
69389. Confirmed=X
69390. Filename=NClienti386.exe
69391. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-4208-99" target=_blank>WATSOON.A</a> TROJAN!
69392.  
69393. Source=Paul Collins Startup list
69394.  
69395. [Srv32]
69396. Number=9850
69397. Confirmed=X
69398. Filename=Srv32.exe
69399. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122010-5921-99" target="_blank">OPASERV.J</a> WORM!
69400. Source=Paul Collins Startup list
69401.  
69402. [Srv32]
69403. Number=9851
69404. Confirmed=X
69405. Filename=Srv32.exe
69406. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.S" target="_blank">OPASERV.S</a> WORM!
69407. Source=Paul Collins Startup list
69408.  
69409. [Srv32 spool service]
69410. Number=9852
69411. Confirmed=X
69412. Filename=runsrv32.exe
69413. Description=Topantispyware.com malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Win32.Spyre.b
69414. Source=Paul Collins Startup list
69415.  
69416. [Srv32 spool service]
69417. Number=9853
69418. Confirmed=X
69419. Filename=spoolsrv32.exe
69420. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspyreb.html" target=_blank>SPYRE.B</a> TROJAN!
69421. Source=Paul Collins Startup list
69422.  
69423. [Srv32 spool service]
69424. Number=9854
69425. Confirmed=X
69426. Filename=[path to trojan]
69427. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlb.html" target=_blank>DLOADER-LB</a> TROJAN!
69428. Source=Paul Collins Startup list
69429.  
69430. [Srv325]
69431. Number=9855
69432. Confirmed=X
69433. Filename=Srv325.exe
69434. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotpr.html" target= blank>AGOBOT-PR</a> WORM!
69435. Source=Paul Collins Startup list
69436.  
69437. [Srv32Old]
69438. Number=9856
69439. Confirmed=X
69440. Filename=[worm filename].PIF
69441. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122010-5921-99" target="_blank">OPASERV.J</a> WORM!
69442. Source=Paul Collins Startup list
69443.  
69444. [Srv32Win]
69445. Number=9857
69446. Confirmed=U
69447. Filename=SpyAgent4.exe
69448. Description=<a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
69449. Source=Paul Collins Startup list
69450.  
69451. [Srv32Win]
69452. Number=9858
69453. Confirmed=U
69454. Filename=Svchost.exe
69455. Description=<a href="http://www.realtime-spy.com/" target=blank>Realtime-Spy</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
69456.  
69457. Source=Paul Collins Startup list
69458.  
69459. [Srv32Win]
69460. Number=9859
69461. Confirmed=U
69462. Filename=sysdiag.exe
69463. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
69464. Source=Paul Collins Startup list
69465.  
69466. [srv32win]
69467. Number=9860
69468. Confirmed=U
69469. Filename=win16dll.exe
69470. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.screenspy.html" target=_blank>Screenspy</a> captures screenshots silently. If you didn't install this yourself remove it
69471. Source=Paul Collins Startup list
69472.  
69473. [Srvce Pack Updte]
69474. Number=9861
69475. Confirmed=X
69476. Filename=svcpack.exe
69477. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
69478. Source=Paul Collins Startup list
69479.  
69480. [srvexc.exe]
69481. Number=9862
69482. Confirmed=X
69483. Filename=srvexc.exe
69484. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122317-3835-99" target=_blank>SERVSAX</a> TROJAN!
69485. Source=Paul Collins Startup list
69486.  
69487. [srvprc]
69488. Number=9863
69489. Confirmed=U
69490. Filename=srvprc.exe
69491. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.actmon.html" target="_blank">ActMon</a> surveillance software. Uninstall this software unless you put it there yourself
69492. Source=Paul Collins Startup list
69493.  
69494. [srxTray]
69495. Number=9864
69496. Confirmed=N
69497. Filename=srxTray.exe
69498. Description=<a href="http://www.southrivertech.com/" target="_blank">Titan FTP Server</a> - FTP server
69499. Source=Paul Collins Startup list
69500.  
69501. [SsAAD.exe]
69502. Number=9865
69503. Confirmed=?
69504. Filename=SsAAD.exe
69505. Description=Sony SonicStage software related - "Atrac Hard Disk Monitor". <font color="#FF0000">What does it do and is it required?</font>
69506. Source=Paul Collins Startup list
69507.  
69508. [ssate.exe]
69509. Number=9866
69510. Confirmed=X
69511. Filename=irun4.exe
69512. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030214-1700-99" target="_blank">BEAGLE.J</a> WORM!
69513. Source=Paul Collins Startup list
69514.  
69515. [ssate.exe]
69516. Number=9867
69517. Confirmed=X
69518. Filename=winsys.exe
69519. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030312-0201-99" target="_blank">BEAGLE.K</a> WORM!
69520. Source=Paul Collins Startup list
69521.  
69522. [SSBkgdUpdate]
69523. Number=9868
69524. Confirmed=N
69525. Filename=SSBkgdupdate.exe
69526. Description=ScanSoft OmniPage auto updater. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your soundsystem is turned on extremely high disabling this will solve the problem
69527. Source=Paul Collins Startup list
69528.  
69529. [SSC Service Utility]
69530. Number=9869
69531. Confirmed=U
69532. Filename=ssc_serv.exe
69533. Description=<a href="http://www.ssclg.com/epsone.shtml" target= blank>SSC Service Utility</a> is a printer utility for refilled Epson cartridges
69534. Source=Paul Collins Startup list
69535.  
69536. [SSCFBTN.EXE]
69537. Number=9870
69538. Confirmed=U
69539. Filename=SSCFBTN.EXE
69540. Description=Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers
69541. Source=Paul Collins Startup list
69542.  
69543. [sscRun]
69544. Number=9871
69545. Confirmed=Y
69546. Filename=SSCRun.exe
69547. Description=AOL's firewall
69548.  
69549. Source=Paul Collins Startup list
69550.  
69551. [SSC_UserPrompt]
69552. Number=9872
69553. Confirmed=Y
69554. Filename=UsrPrmpt.exe
69555. Description=Part of Symantec's AntiVirus suite and comes usually with a product update, if not on the system already. Required for essential applications to work properly
69556.  
69557. Source=Paul Collins Startup list
69558.  
69559. [Ssd]
69560. Number=9873
69561. Confirmed=Y
69562. Filename=Std.exe
69563. Description=<a href="http://www.stealthdisk.com/" target="_blank">Stealthdisk</a> - file and folder hiding/locking utility
69564. Source=Paul Collins Startup list
69565.  
69566. [ssdiag]
69567. Number=9874
69568. Confirmed=?
69569. Filename=ssdiag.exe
69570. Description=Equinox (now <a href="http://www.avocent.com/" target="_blank">Avocent</a>) "Configuration and DOS Diagnostic for DOS and Windows platforms"
69571. Source=Paul Collins Startup list
69572.  
69573. [SSDPSRV]
69574. Number=9875
69575. Confirmed=N
69576. Filename=ssdpsrv.exe
69577. Description=Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
69578. Source=Paul Collins Startup list
69579.  
69580. [ssgrate.exe]
69581. Number=9876
69582. Confirmed=X
69583. Filename=system.exe
69584. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012012-0813-99" target="_blank">MITGLIEDER.C</a> TROJAN!
69585. Source=Paul Collins Startup list
69586.  
69587. [ssgrate.exe]
69588. Number=9877
69589. Confirmed=X
69590. Filename=irun.exe
69591. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031310-5644-99" target="_blank">MITGLIEDER.D</a> TROJAN!
69592. Source=Paul Collins Startup list
69593.  
69594. [ssgrate.exe]
69595. Number=9878
69596. Confirmed=X
69597. Filename=irun4.exe
69598. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040514-3126-99" target="_blank">MITGLIEDER.F</a> TROJAN!
69599. Source=Paul Collins Startup list
69600.  
69601. [ssgrate.exe]
69602. Number=9879
69603. Confirmed=X
69604. Filename=sysdoor.exe
69605. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082115-0935-99" target="_blank">MITGLIEDER.N</a> TROJAN!
69606. Source=Paul Collins Startup list
69607.  
69608. [ssgrate.exe]
69609. Number=9880
69610. Confirmed=X
69611. Filename=winerdir.exe
69612. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082110-3039-99" target="_blank">MITGLIEDER.O</a> TROJAN!
69613. Source=Paul Collins Startup list
69614.  
69615. [ssgrate.exe]
69616. Number=9881
69617. Confirmed=X
69618. Filename=winsystems.exe
69619. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlj.html" target=_blank>BAGLEDL-J</a> TROJAN!
69620. Source=Paul Collins Startup list
69621.  
69622. [ssgrate.exe]
69623. Number=9882
69624. Confirmed=X
69625. Filename=wintems.exe
69626. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061215-3130-99" target=_blank>MITGLIEDER.Q</a> TROJAN!
69627. Source=Paul Collins Startup list
69628.  
69629. [SSh32]
69630. Number=9883
69631. Confirmed=U
69632. Filename=SSh32.exe
69633. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122013-2514-99" target= blank>2Spy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
69634. Source=Paul Collins Startup list
69635.  
69636. [SSK Service]
69637. Number=9884
69638. Confirmed=X
69639. Filename=winssk32.exe
69640. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062509-2344-99" target="_blank">SOBIG.E</a> WORM!
69641. Source=Paul Collins Startup list
69642.  
69643. [SSL]
69644. Number=9885
69645. Confirmed=X
69646. Filename=svchost.exe
69647. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
69648. Source=Paul Collins Startup list
69649.  
69650. [SSL Manager]
69651. Number=9886
69652. Confirmed=X
69653. Filename=amsnmsgs.exe
69654. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
69655. Source=Paul Collins Startup list
69656.  
69657. [ssmmgr]
69658. Number=9887
69659. Confirmed=U
69660. Filename=ssmmgr.exe
69661. Description=Samsung printer monitor - for checking ink levels, etc.
69662. Source=Paul Collins Startup list
69663.  
69664. [ssms.exe]
69665. Number=9888
69666. Confirmed=X
69667. Filename=SSMS.EXE
69668. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090415-1839-99" target=_blank>GISMOR</a> WORM!
69669. Source=Paul Collins Startup list
69670.  
69671. [SSPY]
69672. Number=9889
69673. Confirmed=U
69674. Filename=SSYTEM.EXE
69675. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120120-3620-99" target= blank>SurfingSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
69676. Source=Paul Collins Startup list
69677.  
69678. [sssasasb32]
69679. Number=9890
69680. Confirmed=X
69681. Filename=sssasasb32.exe
69682. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY.F</a> TROJAN!
69683. Source=Paul Collins Startup list
69684.  
69685. [sssasasb32]
69686. Number=9891
69687. Confirmed=X
69688. Filename=msnmsgq32.exe
69689. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.F</a> TROJAN!
69690. Source=Paul Collins Startup list
69691.  
69692. [sstata]
69693. Number=9892
69694. Confirmed=X
69695. Filename=dwdas.exe
69696. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090916-5115-99" target="_blank">DASDA</a> TROJAN!
69697. Source=Paul Collins Startup list
69698.  
69699. [sstata]
69700. Number=9893
69701. Confirmed=X
69702. Filename=[path to trojan]
69703. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckdf.html" target=_blank>RANCK-DF</a> TROJAN!
69704. Source=Paul Collins Startup list
69705.  
69706. [SStb.exe]
69707. Number=9894
69708. Confirmed=X
69709. Filename=SStb.exe
69710. Description=Adpowerzone.com "ServerSide" keyword hijacker
69711. Source=Paul Collins Startup list
69712.  
69713. [sstray]
69714. Number=9895
69715. Confirmed=N
69716. Filename=sstray.exe
69717. Description=nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
69718. Source=Paul Collins Startup list
69719.  
69720. [SSUpdate]
69721. Number=9896
69722. Confirmed=X
69723. Filename=SSUpdate.exe
69724. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072536" target="_blank">MoneyTree</a> parasite - ActiveX control used to download premium-rate dialers
69725.  
69726. Source=Paul Collins Startup list
69727.  
69728. [ssvchost]
69729. Number=9897
69730. Confirmed=X
69731. Filename=ssvchost.exe
69732. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111214-2948-99" target="_blank">HELIOS.B</a> TROJAN!
69733. Source=Paul Collins Startup list
69734.  
69735. [SSWPlauncher]
69736. Number=9898
69737. Confirmed=X
69738. Filename=comet.exe
69739. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Comet%20Cursor&threatid=29168" target=_blank>Comet Cursor</a> adware
69740. Source=Paul Collins Startup list
69741.  
69742. [Stacmon]
69743. Number=9899
69744. Confirmed=N
69745. Filename=Stacmon.exe
69746. Description=Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
69747. Source=Paul Collins Startup list
69748.  
69749. [StacSysTray]
69750. Number=9900
69751. Confirmed=N
69752. Filename=StacSysTray.exe
69753. Description=System Tray control panel for SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs
69754. Source=Paul Collins Startup list
69755.  
69756. [staeck12]
69757. Number=9901
69758. Confirmed=X
69759. Filename=mfcee.exe
69760. Description=Added by an unidentified WORM or TROJAN!
69761. Source=Paul Collins Startup list
69762.  
69763. [standalone.exe]
69764. Number=9902
69765. Confirmed=X
69766. Filename=standalone.exe
69767. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotads.html" target=_blank>AGOBOT-ADS</a> WORM!
69768. Source=Paul Collins Startup list
69769.  
69770. [StarSkin]
69771. Number=9903
69772. Confirmed=U
69773. Filename=starskin.exe
69774. Description=<a href="http://www.rocketdivision.com/skin.html" target=_blank>StarSkin</a> allows you to change the view and appearance of your Windows XP box with the use of publically available themes
69775. Source=Paul Collins Startup list
69776.  
69777. [Start]
69778. Number=9904
69779. Confirmed=Y
69780. Filename=Quick95.exe
69781. Description=For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
69782. Source=Paul Collins Startup list
69783.  
69784. [Start]
69785. Number=9905
69786. Confirmed=X
69787. Filename=windows.vbs
69788. Description=Homepage hijacker
69789. Source=Paul Collins Startup list
69790.  
69791. [start]
69792. Number=9906
69793. Confirmed=?
69794. Filename=start.exe
69795. Description=<font color="#FF0000">??</font>
69796. Source=Paul Collins Startup list
69797.  
69798. [start]
69799. Number=9907
69800. Confirmed=X
69801. Filename=sdcc.exe
69802. Description=Added by the AGENT.CSX TROJAN!
69803. Source=Paul Collins Startup list
69804.  
69805. [Start aThx Roll]
69806. Number=9908
69807. Confirmed=X
69808. Filename=f0mered.exe
69809. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AAV&VSect=P" target=_blank>RBOT.AAV</a> WORM!
69810. Source=Paul Collins Startup list
69811.  
69812. [start extracting]
69813. Number=9909
69814. Confirmed=X
69815. Filename=spoolvse.exe
69816. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxf.html" target=_blank>RBOT-XF</a> WORM!
69817. Source=Paul Collins Startup list
69818.  
69819. [start extracting]
69820. Number=9910
69821. Confirmed=X
69822. Filename=spoolvs.exe
69823. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKC&VSect=P" target=_blank>RBOT.AKC</a> WORM!
69824. Source=Paul Collins Startup list
69825.  
69826. [Start Getright]
69827. Number=9911
69828. Confirmed=N
69829. Filename=getright.exe
69830. Description=See Getright Tray Icon
69831. Source=Paul Collins Startup list
69832.  
69833. [Start It Upping]
69834. Number=9912
69835. Confirmed=X
69836. Filename=svchosets.exe
69837. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
69838. Source=Paul Collins Startup list
69839.  
69840. [Start Network Scanner Tool]
69841. Number=9913
69842. Confirmed=U
69843. Filename=sdFTP.exe
69844. Description=Part of <a href="http://www.sharpusa.com/products/applications/sharpdesk/1,2693,3-3,00.html" target="_blank">Sharpdesk</a> from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
69845. Source=Paul Collins Startup list
69846.  
69847. [Start Page]
69848. Number=9914
69849. Confirmed=X
69850. Filename=http://find.naupoint.com
69851. Description=<a href="http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx" target=_blank>Naupoint</a> browser hijacker
69852. Source=Paul Collins Startup list
69853.  
69854. [Start Page]
69855. Number=9915
69856. Confirmed=X
69857. Filename=svcnt32.exe
69858. Description=Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks
69859. Source=Paul Collins Startup list
69860.  
69861. [Start RF Wireless Keyboard]
69862. Number=9916
69863. Confirmed=Y
69864. Filename=ktrexe.exe
69865. Description=Yuanxun Electronics RF wireless keyboard driver
69866. Source=Paul Collins Startup list
69867.  
69868. [Start RF Wireless Mouse]
69869. Number=9917
69870. Confirmed=Y
69871. Filename=cm20.exe
69872. Description=Yuanxun Electronics RF wireless mouse driver
69873. Source=Paul Collins Startup list
69874.  
69875. [Start Service]
69876. Number=9918
69877. Confirmed=U
69878. Filename=upssrv.exe
69879. Description=Cyber Power <a href="http://www.cyberpowersystems.com/pplus_2.asp" target="_blank">PowerPanelPlus</a> software. "During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer"
69880. Source=Paul Collins Startup list
69881.  
69882. [Start Up Cop]
69883. Number=9919
69884. Confirmed=U
69885. Filename=startcop.exe
69886. Description=<a href="http://www.pcmag.com/article2/0,4149,897438,00.asp" target="_blank">StartUp Cop</a> - startup manager
69887. Source=Paul Collins Startup list
69888.  
69889. [start uploading]
69890. Number=9920
69891. Confirmed=X
69892. Filename=smsss.exe
69893. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
69894. Source=Paul Collins Startup list
69895.  
69896. [Start Upping]
69897. Number=9921
69898. Confirmed=X
69899. Filename=taskmrg.exe
69900. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotma.html" target="_blank">RBOT-MA</a> WORM!
69901. Source=Paul Collins Startup list
69902.  
69903. [Start Upping]
69904. Number=9922
69905. Confirmed=X
69906. Filename=SVCHOSTES.EXE
69907. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnb.html" target=_blank>RBOT-NB</a> WORM!
69908.  
69909. Source=Paul Collins Startup list
69910.  
69911. [Start Upping]
69912. Number=9923
69913. Confirmed=X
69914. Filename=taksmgr.exe
69915. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqk.html" target=_blank>RBOT-QK</a> WORM!
69916. Source=Paul Collins Startup list
69917.  
69918. [Start Upping]
69919. Number=9924
69920. Confirmed=X
69921. Filename=mcrt32.exe
69922. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
69923. Source=Paul Collins Startup list
69924.  
69925. [Start Upping]
69926. Number=9925
69927. Confirmed=X
69928. Filename=windupds.exe
69929. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFH&VSect=P" target=_blank>SDBOT.AFH</a> WORM!
69930. Source=Paul Collins Startup list
69931.  
69932. [Start Upping]
69933. Number=9926
69934. Confirmed=X
69935. Filename=windupdts.exe
69936. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
69937. Source=Paul Collins Startup list
69938.  
69939. [Start Upping]
69940. Number=9927
69941. Confirmed=X
69942. Filename=xdcc.exe
69943. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.OY" target="_blank">SPYBOT.OY</a> WORM!
69944. Source=Paul Collins Startup list
69945.  
69946. [Start Upping]
69947. Number=9928
69948. Confirmed=X
69949. Filename=spoolnt.exe
69950. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottm.html" target="_blank">RBOT-TM</a> WORM!
69951. Source=Paul Collins Startup list
69952.  
69953. [Start Uppings]
69954. Number=9929
69955. Confirmed=X
69956. Filename=svcchosts.exe
69957. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VY" target="_blank">SDBOT.VY</a> WORM!
69958. Source=Paul Collins Startup list
69959.  
69960. [Start Uppings]
69961. Number=9930
69962. Confirmed=X
69963. Filename=mssupdate.exe
69964. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
69965. Source=Paul Collins Startup list
69966.  
69967. [Start Wingman Profiler]
69968. Number=9931
69969. Confirmed=N
69970. Filename=lwtest.exe
69971. Description=Logitech Wingman software required to operate Logitech joysticks and gamepads.  Unless you're a hard-core gamer, it's best to leave it unchecked
69972. Source=Paul Collins Startup list
69973.  
69974. [Start Wingman Profiler]
69975. Number=9932
69976. Confirmed=N
69977. Filename=lwemon.exeááá
69978. Description=Logitech Wingman software required to operate Logitech joysticks and gamepads.  Unless you're a hard-core gamer, it's best to leave it unchecked
69979. Source=Paul Collins Startup list
69980.  
69981. [Startacc]
69982. Number=9933
69983. Confirmed=U
69984. Filename=startacc.exe
69985. Description=Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection
69986. Source=Paul Collins Startup list
69987.  
69988. [StartCCC]
69989. Number=9934
69990. Confirmed=N
69991. Filename=CLIStart.exe
69992. Description=Puts the ATI CatalystÖ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
69993. Source=Paul Collins Startup list
69994.  
69995. [StartEAK]
69996. Number=9935
69997. Confirmed=Y
69998. Filename=StartEAK.exe
69999. Description=<a href="http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html" target="_blank">Easy Access</a> Button Support for Compaq PCs. Required if you use these
70000. Source=Paul Collins Startup list
70001.  
70002. [startemdoit]
70003. Number=9936
70004. Confirmed=X
70005. Filename=[path to trojan]
70006. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadravp.html" target="_blank">DLOADR-AVP</a> TROJAN!
70007. Source=Paul Collins Startup list
70008.  
70009. [Starter]
70010. Number=9937
70011. Confirmed=X
70012. Filename=scvhosting.exe
70013. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RU" target="_blank">SDBOT.RU</a> WORM!
70014. Source=Paul Collins Startup list
70015.  
70016. [starter]
70017. Number=9938
70018. Confirmed=X
70019. Filename=scvhostingg.exe
70020. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfb.html" target=_blank>FORBOT-FB</a> WORM!
70021. Source=Paul Collins Startup list
70022.  
70023. [starter]
70024. Number=9939
70025. Confirmed=X
70026. Filename=iexplore.exe
70027. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdu.html" target=_blank>FORBOT-DU</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
70028. Source=Paul Collins Startup list
70029.  
70030. [StartFoxie]
70031. Number=9940
70032. Confirmed=U
70033. Filename=StartFoxie.exe
70034. Description=<a href="http://en.softonic.com/ie/43356/Foxie_Privacy__Security_&_Productivity_Suite" target=_blank>Foxie Suite</a> from Softonic International. "This suite of free tools comes in the form of an Internet Explorer add-on and includes a mix of powerful security enhancements"
70035.  
70036. Source=Paul Collins Startup list
70037.  
70038. [startkey]
70039. Number=9941
70040. Confirmed=X
70041. Filename=svcmgr.exe
70042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhipperb.html" target=_blank>HIPPER-B</a> TROJAN!
70043. Source=Paul Collins Startup list
70044.  
70045. [startkey]
70046. Number=9942
70047. Confirmed=X
70048. Filename=update.exe
70049. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosedg.html" target=_blank>BIFROSE-DG</a> TROJAN!
70050. Source=Paul Collins Startup list
70051.  
70052. [startkey]
70053. Number=9943
70054. Confirmed=X
70055. Filename=XMCHAI.EXE
70056. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseao.html" target=_blank>BIFROSE-AO</a> TROJAN!
70057. Source=Paul Collins Startup list
70058.  
70059. [startkey]
70060. Number=9944
70061. Confirmed=X
70062. Filename=explore32.exe
70063. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormt.html" target=_blank>MT</a> TROJAN!
70064. Source=Paul Collins Startup list
70065.  
70066. [startkey]
70067. Number=9945
70068. Confirmed=X
70069. Filename=CKOTS.exe
70070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosehm.html" target=_blank>BIFROSE-HM</a> TROJAN!
70071. Source=Paul Collins Startup list
70072.  
70073. [StartKey]
70074. Number=9946
70075. Confirmed=X
70076. Filename=pligde.exe
70077. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022716-2959-99" target=_blank>BIFROSE.E</a> TROJAN!
70078. Source=Paul Collins Startup list
70079.  
70080. [startkey]
70081. Number=9947
70082. Confirmed=X
70083. Filename=RunWinRaR.exe
70084. Description=Added by a variant of the BIFROSE-LV TROJAN!
70085. Source=Paul Collins Startup list
70086.  
70087. [startkey]
70088. Number=9948
70089. Confirmed=X
70090. Filename=Mysia.exe
70091. Description=Added by the CEP TROJAN!
70092. Source=Paul Collins Startup list
70093.  
70094. [startkey]
70095. Number=9949
70096. Confirmed=X
70097. Filename=explorer.exe
70098. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrmld.html" target="_blank">MLD</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
70099. Source=Paul Collins Startup list
70100.  
70101. [startkey]
70102. Number=9950
70103. Confirmed=X
70104. Filename=furzi.exe
70105. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseok.html" target="_blank">BIFROSE-OK</a> TROJAN!
70106. Source=Paul Collins Startup list
70107.  
70108. [startkey]
70109. Number=9951
70110. Confirmed=X
70111. Filename=krnl.exe
70112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroses.html" target="_blank">BIFROSE-S</a> TROJAN!
70113. Source=Paul Collins Startup list
70114.  
70115. [startkey]
70116. Number=9952
70117. Confirmed=X
70118. Filename=royale.exe
70119. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
70120. Source=Paul Collins Startup list
70121.  
70122. [startkey]
70123. Number=9953
70124. Confirmed=X
70125. Filename=rtfmsv.exe
70126. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojedepolc.html" target="_blank">EDEPOL-C</a> TROJAN!
70127. Source=Paul Collins Startup list
70128.  
70129. [startkey]
70130. Number=9954
70131. Confirmed=X
70132. Filename=scvhost.exe
70133. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
70134. Source=Paul Collins Startup list
70135.  
70136. [startkey]
70137. Number=9955
70138. Confirmed=X
70139. Filename=server.exe
70140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosedb.html" target="_blank">BIFROSE-DB</a> TROJAN!
70141. Source=Paul Collins Startup list
70142.  
70143. [startkey]
70144. Number=9956
70145. Confirmed=X
70146. Filename=win32i.exe
70147. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroser.html" target="_blank">BIFROSE-R</a> TROJAN!
70148. Source=Paul Collins Startup list
70149.  
70150. [startkey]
70151. Number=9957
70152. Confirmed=X
70153. Filename=winampXP.exe
70154. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseoy.html" target="_blank">BIFROSE-OY</a> TROJAN!
70155. Source=Paul Collins Startup list
70156.  
70157. [startkey]
70158. Number=9958
70159. Confirmed=X
70160. Filename=svchost32.exe
70161. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
70162. Source=Paul Collins Startup list
70163.  
70164. [startkey]
70165. Number=9959
70166. Confirmed=X
70167. Filename=winlogin.exe
70168. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
70169. Source=Paul Collins Startup list
70170.  
70171. [startkey]
70172. Number=9960
70173. Confirmed=X
70174. Filename=winlogin.exe
70175. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosepm.html" target="_blank">BIFROSE-PM</a> TROJAN!
70176. Source=Paul Collins Startup list
70177.  
70178. [startkey]
70179. Number=9961
70180. Confirmed=X
70181. Filename=antivir.exe
70182. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifroseto.html" target="_blank">BIFROSE-TO</a> TROJAN!
70183. Source=Paul Collins Startup list
70184.  
70185. [startl.exe]
70186. Number=9962
70187. Confirmed=N
70188. Filename=startl.exe
70189. Description=<a href="http://www.lingoware.com/english/" target="_blank">Lingocom LingoWare</a> - translates any application into your language
70190. Source=Paul Collins Startup list
70191.  
70192. [StartMenu]
70193. Number=9963
70194. Confirmed=X
70195. Filename=deamon.exe
70196. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
70197. Source=Paul Collins Startup list
70198.  
70199. [StartMenu]
70200. Number=9964
70201. Confirmed=X
70202. Filename=msgaol.exe
70203. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
70204. Source=Paul Collins Startup list
70205.  
70206. [StartMenu]
70207. Number=9965
70208. Confirmed=X
70209. Filename=s_menu.exe
70210. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.C</a> TROJAN!
70211. Source=Paul Collins Startup list
70212.  
70213. [StartMenu]
70214. Number=9966
70215. Confirmed=X
70216. Filename=browse.exe
70217. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdrowsyc.html" target=_blank>DROWSY-C</a> TROJAN!
70218. Source=Paul Collins Startup list
70219.  
70220. [startpage]
70221. Number=9967
70222. Confirmed=X
70223. Filename=startpage.exe
70224. Description=Browser hijacker - redirecting to pages2start.com
70225. Source=Paul Collins Startup list
70226.  
70227. [STARTPAGE]
70228. Number=9968
70229. Confirmed=U
70230. Filename=start1.exe
70231. Description=<a href="http://www.nospy.org/1/" target=_blank>NoSpy.org</a> - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder
70232. Source=Paul Collins Startup list
70233.  
70234. [StartStop]
70235. Number=9969
70236. Confirmed=U
70237. Filename=STARTSTOP.EXE
70238. Description=<a href="http://www.tfi-technology.com/startstop/default.htm" target="_blank">StartStop</a> from TFI Technology - startup manager
70239. Source=Paul Collins Startup list
70240.  
70241. [StartSurfing]
70242. Number=9970
70243. Confirmed=U
70244. Filename=STARTS.exe
70245. Description=<a href="http://www.startsurfing.com" target="_blank">Start Surfing</a> allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs
70246. Source=Paul Collins Startup list
70247.  
70248. [Startup]
70249. Number=9971
70250. Confirmed=N
70251. Filename=??
70252. Description=Related to an Iomega drive
70253. Source=Paul Collins Startup list
70254.  
70255. [Startup]
70256. Number=9972
70257. Confirmed=X
70258. Filename=WinlogonStartup
70259. Description=Unidentified malware
70260. Source=Paul Collins Startup list
70261.  
70262. [Startup]
70263. Number=9973
70264. Confirmed=X
70265. Filename=mirc.exe
70266. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodeu.html" target=_blank>FLOOD-EU</a> TROJAN! An uninstall option for mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder
70267. Source=Paul Collins Startup list
70268.  
70269. [Startup Configuration]
70270. Number=9974
70271. Confirmed=X
70272. Filename=[six character filename]
70273. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarv.html" target=_blank>RBOT-ARV</a> WORM!
70274. Source=Paul Collins Startup list
70275.  
70276. [Startup Configuration]
70277. Number=9975
70278. Confirmed=X
70279. Filename=wztoid.exe
70280. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasd.html" target=_blank>RBOT-ASD</a> WORM!
70281. Source=Paul Collins Startup list
70282.  
70283. [Startup Launcher GUI]
70284. Number=9976
70285. Confirmed=?
70286. Filename=GUI.exe
70287. Description=<font color="#FF0000">Startup manager?</font>
70288. Source=Paul Collins Startup list
70289.  
70290. [Startup Manager Scanner]
70291. Number=9977
70292. Confirmed=U
70293. Filename=StartupMonitor.exe
70294. Description=<a href="http://www.startupmechanic.com/" target=_blank>Startup-Mechanic</a> Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware
70295. Source=Paul Collins Startup list
70296.  
70297. [Startup Scan]
70298. Number=9978
70299. Confirmed=Y
70300. Filename=Sensor.EXE
70301. Description=<a href="http://www.quickheal.co.in/" target="_blank">AntiVirus Quick Heal</a> - scheduling agent
70302. Source=Paul Collins Startup list
70303.  
70304. [Startup Update]
70305. Number=9979
70306. Confirmed=X
70307. Filename=Cvshost.exe
70308. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
70309. Source=Paul Collins Startup list
70310.  
70311. [StartupBin]
70312. Number=9980
70313. Confirmed=X
70314. Filename=iwnujdss.exe
70315. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxz.html" target= blank>SDBOT-XZ</a> WORM!
70316. Source=Paul Collins Startup list
70317.  
70318. [StartupMonitor]
70319. Number=9981
70320. Confirmed=U
70321. Filename=StartupMonitor.exe
70322. Description=Mike Lin's <a href="http://www.mlin.net/StartupMonitor.shtml" target="_blank"> StartupMonitor</a>, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
70323. Source=Paul Collins Startup list
70324.  
70325. [startwin]
70326. Number=9982
70327. Confirmed=X
70328. Filename=startwin.exe
70329. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042516-2104-99" target= blank>ANTIMAN.A</a> WORM!
70330. Source=Paul Collins Startup list
70331.  
70332. [startwindowskeyuser]
70333. Number=9983
70334. Confirmed=X
70335. Filename=rundle2.exe
70336. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-101114-0924-99" target="_blank">JAVAKILLER</a> TROJAN!
70337. Source=Paul Collins Startup list
70338.  
70339. [Stat 'n' Perf]
70340. Number=9984
70341. Confirmed=N
70342. Filename=StatnPerf.exe
70343. Description=<a href="http://www.soft4ever.com/StatnPerf/En/" target="_blank">Stat 'n' Perf </a>monitors your internet connection and displays information about sent and received bytes
70344. Source=Paul Collins Startup list
70345.  
70346. [StatBar]
70347. Number=9985
70348. Confirmed=X
70349. Filename=STATBAR.exe
70350. Description=<a href="http://www.statbar.nl/" target="_blank">StatBar</a> (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me
70351. Source=Paul Collins Startup list
70352.  
70353. [State Service]
70354. Number=9986
70355. Confirmed=X
70356. Filename=csrss.exe
70357. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobracp.html" target=_blank>DADOBRA-CP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
70358. Source=Paul Collins Startup list
70359.  
70360. [StationPlaylistStudio]
70361. Number=9987
70362. Confirmed=U
70363. Filename=SPLStudio.exe
70364. Description=<a href="http://www.stationplaylist.com/studio.html" target="_blank">StationPlaylist Studio</a> - "simple to use on-air broadcast playback software for the studio and/or DJ" for small to medium sized radio broadcasters, and internet webcasters
70365. Source=Paul Collins Startup list
70366.  
70367. [Statistics]
70368. Number=9988
70369. Confirmed=X
70370. Filename=statslist.exe
70371. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankis.html" target=_blank>OPANKI-S</a> WORM!
70372. Source=Paul Collins Startup list
70373.  
70374. [Status Monitor]
70375. Number=9989
70376. Confirmed=N
70377. Filename=BrMfcWnd.exe
70378. Description=Brother scanner status monitor - can be started manually
70379.  
70380. Source=Paul Collins Startup list
70381.  
70382. [Status Monitor XE]
70383. Number=9990
70384. Confirmed=N
70385. Filename=ENGSS.EXE
70386. Description=The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
70387. Source=Paul Collins Startup list
70388.  
70389. [StatusClient]
70390. Number=9991
70391. Confirmed=?
70392. Filename=StatusClient.exe
70393. Description=Part of Hewlett Packard network printer drivers
70394. Source=Paul Collins Startup list
70395.  
70396. [StatusClient 2.6]
70397. Number=9992
70398. Confirmed=?
70399. Filename=StatusClient.exe
70400. Description=Part of Hewlett Packard network printer drivers
70401. Source=Paul Collins Startup list
70402.  
70403. [StatusView]
70404. Number=9993
70405. Confirmed=N
70406. Filename=StatusView.exe
70407. Description=<a href="http://www.idpcorp.com/sv/index.html" target=_blank>Status View</a> intra-office messaging
70408.  
70409. Source=Paul Collins Startup list
70410.  
70411. [Stay Connected!]
70412. Number=9994
70413. Confirmed=N
70414. Filename=StayCon.exe
70415. Description=More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs
70416. Source=Paul Collins Startup list
70417.  
70418. [StayAlive]
70419. Number=9995
70420. Confirmed=U
70421. Filename=StayAlive.Exe
70422. Description=Part of <a href="http://www.semsoftware.com/" target=_blank>RealSPEED</a> - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net
70423.  
70424. Source=Paul Collins Startup list
70425.  
70426. [StayAlive]
70427. Number=9996
70428. Confirmed=U
70429. Filename=sa.exe
70430. Description=<a href="http://www.tfi-technology.com/stayalive.htm" target="_blank">StayAlive</a> from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."
70431. Source=Paul Collins Startup list
70432.  
70433. [STBVision]
70434. Number=9997
70435. Confirmed=?
70436. Filename=STBVisn.exe
70437. Description=Related to the STB Velocity graphics card. <font color="#FF0000">What does it do and is it required?</font>
70438. Source=Paul Collins Startup list
70439.  
70440. [STBWEBTV]
70441. Number=9998
70442. Confirmed=N
70443. Filename=STBWEBTV.EXE
70444. Description=Used to display TV on your PC
70445. Source=Paul Collins Startup list
70446.  
70447. [stcinstaller]
70448. Number=9999
70449. Confirmed=X
70450. Filename=id53.exe
70451. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L" target=_blank>SCTHOUGHT.L</a> TROJAN! 
70452. Source=Paul Collins Startup list
70453.  
70454. [stcloader]
70455. Number=10000
70456. Confirmed=X
70457. Filename=stcloader.exe
70458. Description=Popup adware by 2ndThought software
70459. Source=Paul Collins Startup list
70460.  
70461. [stcloader]
70462. Number=10001
70463. Confirmed=X
70464. Filename=STCLOA~1.exe
70465. Description=Popup adware by 2ndThought software
70466. Source=Paul Collins Startup list
70467.  
70468. [STCLOA~1]
70469. Number=10002
70470. Confirmed=X
70471. Filename=stcloader.exe
70472. Description=Popup adware by 2ndThought software
70473. Source=Paul Collins Startup list
70474.  
70475. [STCLOA~1]
70476. Number=10003
70477. Confirmed=X
70478. Filename=STCLOA~1.exe
70479. Description=Popup adware by 2ndThought software
70480. Source=Paul Collins Startup list
70481.  
70482. [STCPO]
70483. Number=10004
70484. Confirmed=Y
70485. Filename=STCPO.exe
70486. Description=Sophos Sweep antivirus software
70487. Source=Paul Collins Startup list
70488.  
70489. [StdAFX]
70490. Number=10005
70491. Confirmed=X
70492. Filename=stdafx.exe
70493. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotaf.html" target="_blank">DELBOT-AF</a> WORM!
70494. Source=Paul Collins Startup list
70495.  
70496. [stdlib]
70497. Number=10006
70498. Confirmed=X
70499. Filename=[filename]
70500. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojperdae.html" target=_blank>PERDA-E</a> TROJAN!
70501. Source=Paul Collins Startup list
70502.  
70503. [STDSB]
70504. Number=10007
70505. Confirmed=Y
70506. Filename=STDSB.exe
70507. Description=Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling
70508. Source=Paul Collins Startup list
70509.  
70510. [Stealth Anonymizer 2.5]
70511. Number=10008
70512. Confirmed=U
70513. Filename=stealth25.exe
70514. Description=Now named <a href="http://www.securityconfig.com/software/desktopsecurity/stealther.html" target="_blank">Stealther</a> - proxy server agent that lets you travel the Internet with maximum possible privacy
70515. Source=Paul Collins Startup list
70516.  
70517. [stealth.dcom.exe]
70518. Number=10009
70519. Confirmed=X
70520. Filename=stealth.dcom.exe
70521. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70522. Source=Paul Collins Startup list
70523.  
70524. [stealth.ddos.exe]
70525. Number=10010
70526. Confirmed=X
70527. Filename=stealth.ddos.exe
70528. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70529. Source=Paul Collins Startup list
70530.  
70531. [stealth.exe]
70532. Number=10011
70533. Confirmed=X
70534. Filename=stealth.exe
70535. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70536. Source=Paul Collins Startup list
70537.  
70538. [stealth.injector.exe]
70539. Number=10012
70540. Confirmed=X
70541. Filename=stealth.injector.exe
70542. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70543. Source=Paul Collins Startup list
70544.  
70545. [stealth.stat.exe]
70546. Number=10013
70547. Confirmed=X
70548. Filename=stealth.stat.exe
70549. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70550. Source=Paul Collins Startup list
70551.  
70552. [stealth.wm.exe]
70553. Number=10014
70554. Confirmed=X
70555. Filename=stealth.wm.exe
70556. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70557. Source=Paul Collins Startup list
70558.  
70559. [stealth.worm.exe]
70560. Number=10015
70561. Confirmed=X
70562. Filename=stealth.worm.exe
70563. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090610-3305-99" target=_blank>THEALS.A</a> WORM!
70564. Source=Paul Collins Startup list
70565.  
70566. [Steam]
70567. Number=10016
70568. Confirmed=N
70569. Filename=steam.exe
70570. Description=Valve Software's <a href="http://www.steampowered.com/" target="_blank">STEAM</a> broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game
70571. Source=Paul Collins Startup list
70572.  
70573. [steam]
70574. Number=10017
70575. Confirmed=X
70576. Filename=steam.exe
70577. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajt.html" target=_blank>RBOT-AJT</a> WORM! Note - the file steam.exe will be found in the Windows\System folder and is not associated with Valve Software's game client
70578. Source=Paul Collins Startup list
70579.  
70580. [SteFanie]
70581. Number=10018
70582. Confirmed=X
70583. Filename=SteFanie.vbs
70584. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092216-3721-99" target=_blank>STEFAN</a> WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
70585. Source=Paul Collins Startup list
70586.  
70587. [stgclean]
70588. Number=10019
70589. Confirmed=?
70590. Filename=w32main2.exe
70591. Description=Related to IBM Standard Software Installer.  <font color="#FF0000">What does it do and is it required?</font>
70592. Source=Paul Collins Startup list
70593.  
70594. [Stickies]
70595. Number=10020
70596. Confirmed=N
70597. Filename=STICKIES.EXE
70598. Description=<a href="http://www.btinternet.com/~tom.revell/" target="_blank">Stickies</a> - utility that allows you to put yellow "Post-It" type messages on your desktop and can be used to set reminders. Available via Start -> Programs
70599. Source=Paul Collins Startup list
70600.  
70601. [Sticky Notes]
70602. Number=10021
70603. Confirmed=N
70604. Filename=stikynot.exe
70605. Description=Microsoft Sticky Notes - virtual sticky notes tool
70606. Source=Paul Collins Startup list
70607.  
70608. [Sticky Pad]
70609. Number=10022
70610. Confirmed=U
70611. Filename=StickyPad.exe
70612. Description=<a href="http://www.greeneclipsesoftware.com/" target="_blank">Sticky Pad</a> from Green Eclipse. Place sticky notes on your desktop
70613. Source=Paul Collins Startup list
70614.  
70615. [StickyNote]
70616. Number=10023
70617. Confirmed=N
70618. Filename=StickyNote.exe
70619. Description=Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs
70620. Source=Paul Collins Startup list
70621.  
70622. [StillImageMonitor]
70623. Number=10024
70624. Confirmed=U
70625. Filename=Stimon.exe
70626. Description=Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners
70627. Source=Paul Collins Startup list
70628.  
70629. [stisrv]
70630. Number=10025
70631. Confirmed=X
70632. Filename=stisrv.exe
70633. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQF&VSect=P" target=_blank>RBOT.BQF</a> WORM!
70634. Source=Paul Collins Startup list
70635.  
70636. [stlbdist]
70637. Number=10026
70638. Confirmed=X
70639. Filename=rundll32exe stlbdist.DLL, DllRunMain
70640. Description=Hijacker pointing to www.searchandclick.com
70641. Source=Paul Collins Startup list
70642.  
70643. [stlbupdt]
70644. Number=10027
70645. Confirmed=X
70646. Filename=rundll32.exe stlbupdt.DLL, DllRunMain
70647. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
70648. Source=Paul Collins Startup list
70649.  
70650. [STManager]
70651. Number=10028
70652. Confirmed=N
70653. Filename=drst.exe
70654. Description=Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see <a href="http://flr.free.fr/spip/article.php?id_article=56" target=_blank>here</a>
70655. Source=Paul Collins Startup list
70656.  
70657. [stmha]
70658. Number=10029
70659. Confirmed=X
70660. Filename=wkfxi.js
70661. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120915-5126-99" target=_blank>SPETH</a> WORM!
70662. Source=Paul Collins Startup list
70663.  
70664. [stonedrv]
70665. Number=10030
70666. Confirmed=X
70667. Filename=stonedrv.exe
70668. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiamk.html" target="_blank">COSIMA-K</a> TROJAN!
70669. Source=Paul Collins Startup list
70670.  
70671. [StopSignSsTsMon]
70672. Number=10031
70673. Confirmed=U
70674. Filename=sstsmon.dll, VerifyStatus
70675. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
70676. Source=Paul Collins Startup list
70677.  
70678. [StopSignStatus]
70679. Number=10032
70680. Confirmed=U
70681. Filename=stopsinfo.dll
70682. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
70683. Source=Paul Collins Startup list
70684.  
70685. [STOPzilla]
70686. Number=10033
70687. Confirmed=U
70688. Filename=Stopzilla.exe
70689. Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&AAID=&type=&topic=&source=&dd=&SID=350721059-200314-2-15-54-54&dre=" target="_blank">StopZilla!</a> - pop-up killer
70690.  
70691. Source=Paul Collins Startup list
70692.  
70693. [STOPzilla Service]
70694. Number=10034
70695. Confirmed=U
70696. Filename=SZNTSVC.EXE
70697. Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&AAID=&type=&topic=&source=&dd=&SID=350721059-200314-2-15-54-54&dre=" target="_blank">StopZilla!</a> - pop-up killer
70698.  
70699. Source=Paul Collins Startup list
70700.  
70701. [StorageGuard]
70702. Number=10035
70703. Confirmed=U
70704. Filename=sgtray.exe
70705. Description=<a href="http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard" target="_blank">StorageGuard</a> from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups 
70706. Source=Paul Collins Startup list
70707.  
70708. [STPMGR]
70709. Number=10036
70710. Confirmed=?
70711. Filename=STPMGR.EXE
70712. Description=<font color="#FF0000">Part of <a href="http://safetp.cs.berkeley.edu/" target="_blank">SafeTP</a> which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs</font>
70713. Source=Paul Collins Startup list
70714.  
70715. [stratas]
70716. Number=10037
70717. Confirmed=X
70718. Filename=xmconfig.exe
70719. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahr.html" target=_blank>RBOT-AHR</a> WORM!
70720. Source=Paul Collins Startup list
70721.  
70722. [stratas]
70723. Number=10038
70724. Confirmed=X
70725. Filename=lockx.exe
70726. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadd.html" target=_blank>SDBOT-ADD</a> WORM!
70727. Source=Paul Collins Startup list
70728.  
70729. [Stratas]
70730. Number=10039
70731. Confirmed=X
70732. Filename=ggfig.exe
70733. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.W" target=_blank>OPANKI.W</a> WORM!
70734. Source=Paul Collins Startup list
70735.  
70736. [StreamAppliance]
70737. Number=10040
70738. Confirmed=X
70739. Filename=wuauclt14.exe
70740. Description=Added by the <a href="http://www.sophos.com/security/analyses/w32rbotgmb.html" target="_blank">RBOT-GMB</a> WORM!
70741. Source=Paul Collins Startup list
70742.  
70743. [StreamAppliance]
70744. Number=10041
70745. Confirmed=X
70746. Filename=wuauclt16.exe
70747. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgme.html" target="_blank">RBOT-GME</a> WORM!
70748. Source=Paul Collins Startup list
70749.  
70750. [Streamload Downloader]
70751. Number=10042
70752. Confirmed=N
70753. Filename=SlDB.exe
70754. Description=Downloader for <a href="http://www.mediamax.com/" target="_blank">MediaMax</a> (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
70755. Source=Paul Collins Startup list
70756.  
70757. [Streamload Uploader]
70758. Number=10043
70759. Confirmed=N
70760. Filename=StreamMgr.exe
70761. Description=Uploader for <a href="http://www.mediamax.com/" target="_blank">MediaMax</a> (was Streamload) - "gives you a private and secure place to upload, store, access, and share your personal videos, photos, movies, music, and files"
70762. Source=Paul Collins Startup list
70763.  
70764. [StreamZap Remote]
70765. Number=10044
70766. Confirmed=U
70767. Filename=zremote.exe
70768. Description=<a href="http://www.streamzap.com/" target=_blank>StreamZap PC Remote</a> - control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications
70769. Source=Paul Collins Startup list
70770.  
70771. [StrgSync.exe]
70772. Number=10045
70773. Confirmed=U
70774. Filename=StrgSync.exe
70775. Description=SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders
70776. Source=Paul Collins Startup list
70777.  
70778. [strmsnmgrs]
70779. Number=10046
70780. Confirmed=X
70781. Filename=msnxmsgrsc.exe
70782. Description=Added by the <a href="http://sandbox.norman.no/live_5.html?logfile=276607&menulang=" target=_blank>SDBOT.JDR</a> WORM!
70783.  
70784. Source=Paul Collins Startup list
70785.  
70786. [strmsnmsgr]
70787. Number=10047
70788. Confirmed=X
70789. Filename=msnmsgrs.exe
70790. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacq.html" target= blank>RBOT-ACQ</a> WORM!
70791. Source=Paul Collins Startup list
70792.  
70793. [strmsnmsgrs]
70794. Number=10048
70795. Confirmed=X
70796. Filename=msnmsgrsc.exe
70797. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
70798. Source=Paul Collins Startup list
70799.  
70800. [strmsnnms]
70801. Number=10049
70802. Confirmed=X
70803. Filename=msnmegrs.exe
70804. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotyu.html" target=_blank>SDBOT-YU</a> TROJAN!
70805. Source=Paul Collins Startup list
70806.  
70807. [strmsnnrs]
70808. Number=10050
70809. Confirmed=X
70810. Filename=msnmcgrs.exe
70811. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrbotact.html" target=_blank>RBOT-ACT</a> TROJAN!
70812. Source=Paul Collins Startup list
70813.  
70814. [strmsoums]
70815. Number=10051
70816. Confirmed=X
70817. Filename=msnmegrse.exe
70818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotzk.html" target=_blank>SDBOT-ZK</a> TROJAN!
70819. Source=Paul Collins Startup list
70820.  
70821. [Strng32]
70822. Number=10052
70823. Confirmed=X
70824. Filename=strngbox.exe
70825. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090512-2651-99" target="_blank">STRANO</a> WORM!
70826. Source=Paul Collins Startup list
70827.  
70828. [StrokeIt]
70829. Number=10053
70830. Confirmed=U
70831. Filename=strokeit.exe
70832. Description=<a href="http://www.tcbmi.com/strokeit/" target=_blank>StrokeIt</a> is an "advanced mouse gesture recognition engine and command processor"
70833. Source=Paul Collins Startup list
70834.  
70835. [strtas]
70836. Number=10054
70837. Confirmed=X
70838. Filename=lock1.exe
70839. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html" target=_blank>SDBOT-ADQ</a> WORM!
70840. Source=Paul Collins Startup list
70841.  
70842. [strtas]
70843. Number=10055
70844. Confirmed=X
70845. Filename=lockx.exe
70846. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaeb.html" target=_blank>SDBOT-AEB</a> WORM!
70847. Source=Paul Collins Startup list
70848.  
70849. [strtas]
70850. Number=10056
70851. Confirmed=X
70852. Filename=l074.exe
70853. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentii.html" target=_blank>AGENT-II</a> TROJAN!
70854. Source=Paul Collins Startup list
70855.  
70856. [strtas]
70857. Number=10057
70858. Confirmed=X
70859. Filename=loc1.exe
70860. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazu.html" target=_blank>RBOT-AZU</a> TROJAN!
70861. Source=Paul Collins Startup list
70862.  
70863. [strto]
70864. Number=10058
70865. Confirmed=X
70866. Filename=strto.exe
70867. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillprocf.html" target= blank>KILLPROC-F</a> TROJAN!
70868. Source=Paul Collins Startup list
70869.  
70870. [strto]
70871. Number=10059
70872. Confirmed=X
70873. Filename=[path to trojan]
70874. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillavap.html" target=_blank>KILLAV-AP</a> TROJAN!
70875. Source=Paul Collins Startup list
70876.  
70877. [Sts]
70878. Number=10060
70879. Confirmed=X
70880. Filename=iwnujdss2.exe
70881. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyi.html" target=_blank>SDBOT-YI</a> WORM!
70882. Source=Paul Collins Startup list
70883.  
70884. [Stubbish]
70885. Number=10061
70886. Confirmed=X
70887. Filename=Stubbish.exe
70888. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbota.html" target=_blank>STUBBOT-A</a> WORM!
70889. Source=Paul Collins Startup list
70890.  
70891. [StubPath]
70892. Number=10062
70893. Confirmed=X
70894. Filename=Sservice.exe
70895. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99" target="_blank">PRORAT</a> TROJAN!
70896. Source=Paul Collins Startup list
70897.  
70898. [stup]
70899. Number=10063
70900. Confirmed=X
70901. Filename=138762763.exe
70902. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfirespya.html" target="_blank">FIRESPY-A</a> TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms
70903. Source=Paul Collins Startup list
70904.  
70905. [StupAssist]
70906. Number=10064
70907. Confirmed=N
70908. Filename=StupAssist.exe
70909. Description=Associated with Nikon digital cameras
70910. Source=Paul Collins Startup list
70911.  
70912. [stxrmsgms]
70913. Number=10065
70914. Confirmed=X
70915. Filename=mstats.exe
70916. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotae.html" target=_blank>IRCBOT-AE</a> TROJAN!
70917. Source=Paul Collins Startup list
70918.  
70919. [StyleXP]
70920. Number=10066
70921. Confirmed=U
70922. Filename=StyleXP.exe
70923. Description=<a href="http://www.tgtsoft.com/prod_sxp.php" target="_blank">StyleXP</a> allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it
70924. Source=Paul Collins Startup list
70925.  
70926. [SubAH]
70927. Number=10067
70928. Confirmed=X
70929. Filename=SubAH.exe
70930. Description=Added by the SUBAH TROJAN!
70931. Source=Paul Collins Startup list
70932.  
70933. [Subliminal Power]
70934. Number=10068
70935. Confirmed=U
70936. Filename=Subliminal.exe
70937. Description=<a href="http://www.subliminal-power.com/mind/" target="_blank">Subliminal Power</a> - displays subliminal messages of your choice on your computer screen
70938. Source=Paul Collins Startup list
70939.  
70940. [Subtract the Ads]
70941. Number=10069
70942. Confirmed=N
70943. Filename=AdSub.exe
70944. Description=Removes adverts from web pages. Although useful - not required
70945. Source=Paul Collins Startup list
70946.  
70947. [suck]
70948. Number=10070
70949. Confirmed=X
70950. Filename=l0ad.exe
70951. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
70952. Source=Paul Collins Startup list
70953.  
70954. [Suitcase Startup]
70955. Number=10071
70956. Confirmed=U
70957. Filename=Suitcase.exe
70958. Description=<a href="http://www.extensis.com/en/products/font_management/index.jsp?locale=en_US" target="_blank">Suitcase</a> - system font manager start up utility. Used for dynamic managment of fonts on your system
70959. Source=Paul Collins Startup list
70960.  
70961. [Suite]
70962. Number=10072
70963. Confirmed=X
70964. Filename=SuiteOffices.exe
70965. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022716-1619-99" target=_blank>LAZAR</a> TROJAN!
70966. Source=Paul Collins Startup list
70967.  
70968. [SULFNBJ.EXE]
70969. Number=10073
70970. Confirmed=X
70971. Filename=SULFNBJ.EXE
70972. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.DAM" target="_blank">PE_MAGISTR.DAM</a> VIRUS!
70973. Source=Paul Collins Startup list
70974.  
70975. [Sun Java Console for Windows NT & XP]
70976. Number=10074
70977. Confirmed=X
70978. Filename=jconsole.exe
70979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotc.html" target="_blank">VANEBOT-C</a> WORM!
70980. Source=Paul Collins Startup list
70981.  
70982. [Sunasdtserv]
70983. Number=10075
70984. Confirmed=U
70985. Filename=Sunasdtserv.exe
70986. Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> by Sunbelt Software - adware/spyware protection
70987. Source=Paul Collins Startup list
70988.  
70989. [sunasServ]
70990. Number=10076
70991. Confirmed=U
70992. Filename=sunasServ.exe
70993. Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> by Sunbelt Software - adware/spyware protection
70994. Source=Paul Collins Startup list
70995.  
70996. [SunJavaSched]
70997. Number=10077
70998. Confirmed=X
70999. Filename=ccEvtMngr.exe
71000. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyp.html" target=_blank>SDBOT-YP</a> WORM!
71001. Source=Paul Collins Startup list
71002.  
71003. [SunJavaSched Updater]
71004. Number=10078
71005. Confirmed=X
71006. Filename=avamx.exe
71007. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabj.html" target= blank>RBOT-ABJ</a> WORM!
71008. Source=Paul Collins Startup list
71009.  
71010. [SunJavaUpdate]
71011. Number=10079
71012. Confirmed=X
71013. Filename=smvss.exe
71014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerg.html" target=_blank>DEDLER-G</a> TROJAN!
71015. Source=Paul Collins Startup list
71016.  
71017. [SunJavaUpdateSched]
71018. Number=10080
71019. Confirmed=N
71020. Filename=jusched.exe
71021. Description=Checks with Sun's Java updates site to see if newer Java versions are available. Visit <a href="http://java.sun.com" target="_blank"> http://java.sun.com</a> or just run the Java Plug-In Control Panel
71022. Source=Paul Collins Startup list
71023.  
71024. [SunJavaUpdateSched]
71025. Number=10081
71026. Confirmed=X
71027. Filename=scvhost.exe
71028. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotavx.html" target=_blank>SDBOT-AVX</a> WORM!
71029. Source=Paul Collins Startup list
71030.  
71031. [SunJavaUpdateSched]
71032. Number=10082
71033. Confirmed=X
71034. Filename=javamx.exe
71035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwi.html" target= blank>SDBOT-WI</a> WORM!
71036. Source=Paul Collins Startup list
71037.  
71038. [Sunkist]
71039. Number=10083
71040. Confirmed=U
71041. Filename=shwicon98.exe
71042. Description=Card reader for memory cards from digital cameras, etc
71043. Source=Paul Collins Startup list
71044.  
71045. [Sunkist2k]
71046. Number=10084
71047. Confirmed=U
71048. Filename=shwicon2k.exe
71049. Description=Card reader for memory cards from digital cameras, etc
71050. Source=Paul Collins Startup list
71051.  
71052. [SunKistEM]
71053. Number=10085
71054. Confirmed=U
71055. Filename=shwiconem.exe
71056. Description=Used by your computer to communicate with your <a href="http://www.alcormicro.com/products_list.php?main_id=5" target=_blank>Alcor Micro</a> Multimedia Card Reader - necessary if you're using this software
71057. Source=Paul Collins Startup list
71058.  
71059. [SuNotification]
71060. Number=10086
71061. Confirmed=U
71062. Filename=suatshut.exe
71063. Description=<a href="http://www.shadowstor.com/products/ShadowSurfer/" target=_blank>ShadowSurfer</a> - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC"
71064. Source=Paul Collins Startup list
71065.  
71066. [SunProtectionServer]
71067. Number=10087
71068. Confirmed=U
71069. Filename=SunProtectionServer.exe
71070. Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> antispyware software
71071. Source=Paul Collins Startup list
71072.  
71073. [SunServer]
71074. Number=10088
71075. Confirmed=U
71076. Filename=SunServer.exe
71077. Description=<a href="http://www.sunbelt-software.com/CounterSpy.cfm" target="_blank">CounterSpy</a> antispyware software
71078. Source=Paul Collins Startup list
71079.  
71080. [SupaDial]
71081. Number=10089
71082. Confirmed=?
71083. Filename=SupaDial.exe
71084. Description=SupaNet.com modem driver related - <font color="#FF0000">is it required?</font>
71085. Source=Paul Collins Startup list
71086.  
71087. [Supastatus]
71088. Number=10090
71089. Confirmed=N
71090. Filename=status.exe
71091. Description=<a href="http://www.supanet.com/" target="_blank">Supanet</a> ISP software
71092. Source=Paul Collins Startup list
71093.  
71094. [supdate2.dll]
71095. Number=10091
71096. Confirmed=X
71097. Filename=rundll32.exe [path] supdate2.dll
71098. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzlobvl.html" target="_blank">ZLOB-VL</a> TROJAN!
71099. Source=Paul Collins Startup list
71100.  
71101. [super]
71102. Number=10092
71103. Confirmed=X
71104. Filename=fuckbx.exe
71105. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageh.html" target=_blank>LINEAGE-H</a> TROJAN!
71106. Source=Paul Collins Startup list
71107.  
71108. [super]
71109. Number=10093
71110. Confirmed=X
71111. Filename=super.exe
71112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqt.html" target= blank>AGOBOT-QT</a> WORM!
71113. Source=Paul Collins Startup list
71114.  
71115. [Super Popup Blocker]
71116. Number=10094
71117. Confirmed=U
71118. Filename=popkill.exe
71119. Description=Saga <a href="http://www.zg2008.com/" target="_blank">Super Popup Blocker</a> - pop-up stopper
71120. Source=Paul Collins Startup list
71121.  
71122. [Super X Desktop Version 3.4]
71123. Number=10095
71124. Confirmed=U
71125. Filename=SXDesk.exe
71126. Description=<a href="http://www.ajivasoft.com/super-x-desktop.htm" target=_blank>Super X Desktop</a> - virtual desktop manager
71127. Source=Paul Collins Startup list
71128.  
71129. [SuperAdBlocker]
71130. Number=10096
71131. Confirmed=U
71132. Filename=SAdBlock.exe
71133. Description=<a href="http://superadblocker.com/" target="_blank">SuperAdBlocker</a>
71134. Source=Paul Collins Startup list
71135.  
71136. [SUPERAntiSpyware]
71137. Number=10097
71138. Confirmed=U
71139. Filename=SUPERAntiSpyware.exe
71140. Description="<a href="http://www.superantispyware.com/" target="_blank">SUPERAntiSpyware</a> is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!"
71141. Source=Paul Collins Startup list
71142.  
71143. [SuperBar.Component]
71144. Number=10098
71145. Confirmed=X
71146. Filename=[path to services.exe]
71147. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target="_blank">SMALL-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
71148. Source=Paul Collins Startup list
71149.  
71150. [SuperBar.Component]
71151. Number=10099
71152. Confirmed=X
71153. Filename=services.exe
71154. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99" target="_blank">FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
71155. Source=Paul Collins Startup list
71156.  
71157. [Supercleaner]
71158. Number=10100
71159. Confirmed=U
71160. Filename=Supercleaner.exe
71161. Description=<a href="http://www.softandco.com/redir.html?u=http://www.SouthBayPC.com/SuperCleaner&pn=SuperCleaner" target="_blank">Supercleaner</a> - all in one disk cleaner for your computer
71162. Source=Paul Collins Startup list
71163.  
71164. [SuperCool Compress Backup]
71165. Number=10101
71166. Confirmed=U
71167. Filename=Main.exe
71168. Description="<a href="http://www.supercoolbookmark.com/zipbackup/">SuperCool Zip Backup</a> software is a data backup,restore and file synchronization program"
71169. Source=Paul Collins Startup list
71170.  
71171. [SuperHeissSex]
71172. Number=10102
71173. Confirmed=X
71174. Filename=SuperHeissSex.exe
71175. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021514-1458-99" target=_blank>HeissSex</a> premium rate adult content dialer!
71176. Source=Paul Collins Startup list
71177.  
71178. [supernews12]
71179. Number=10103
71180. Confirmed=X
71181. Filename=newsd32.exe
71182. Description=Adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjn.html" target= blank>DLOADER-JN</a> TROJAN!
71183. Source=Paul Collins Startup list
71184.  
71185. [Supernova]
71186. Number=10104
71187. Confirmed=X
71188. Filename=[worm filename]
71189. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A" target="_blank">SURNOVA</a> (or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-071014-3341-99" target="_blank">SUPOVA</a>) WORM!
71190. Source=Paul Collins Startup list
71191.  
71192. [superproxy]
71193. Number=10105
71194. Confirmed=X
71195. Filename=superproxy.exe
71196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelbackb.html" target="_blank">DELBACK-B</a> TROJAN!
71197. Source=Paul Collins Startup list
71198.  
71199. [SuperRam]
71200. Number=10106
71201. Confirmed=U
71202. Filename=SuperRam.exe
71203. Description=<a href="http://www.pgware.com/downloads/" target=_blank>SuperRam</a> memory manager. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target=_blank>SuperRam</a> article and make up your own mind
71204. Source=Paul Collins Startup list
71205.  
71206. [superslut]
71207. Number=10107
71208. Confirmed=X
71209. Filename=msslut32.exe
71210. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32slutera.html" target="_blank">SLUTER-A</a> WORM!
71211. Source=Paul Collins Startup list
71212.  
71213. [SuperSpamKiller Pro]
71214. Number=10108
71215. Confirmed=U
71216. Filename=Ssk.exe
71217. Description=<a href="http://www.superspamkiller.de/" target=_blank>SuperSpamKiller Pro</a> email spam blocker
71218.  
71219. Source=Paul Collins Startup list
71220.  
71221. [Supervisor.exe]
71222. Number=10109
71223. Confirmed=X
71224. Filename=Supervisor.exe
71225. Description=Has been reported to be associated with various antitrojan software like <a href="http://www.atshield.com/" target=_blank>ATS</a> and <a href="http://www.astonsoft.com/" target=_blank>PC Doorguard</a>. If so it's required in Startup - any further information is welcome
71226. Source=Paul Collins Startup list
71227.  
71228. [support-reverse-smileys]
71229. Number=10110
71230. Confirmed=X
71231. Filename=[trojan filename]
71232. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082314-0316-99" target=_blank>LITEBOT</a> TROJAN!
71233. Source=Paul Collins Startup list
71234.  
71235. [supporter5]
71236. Number=10111
71237. Confirmed=X
71238. Filename=supporter5.exe
71239. Description=Part of <a href="http://www.escorcher.com/" target="_blank">eScorcher</a> anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
71240. Source=Paul Collins Startup list
71241.  
71242. [SureCleanProfessional]
71243. Number=10112
71244. Confirmed=U
71245. Filename=SRClean.exe
71246. Description=<a href="http://www.panicware.com/product_sureclean.html" target=_blank>SureClean</a> PC and Internet tracks cleaner
71247.  
71248. Source=Paul Collins Startup list
71249.  
71250. [Sureshotpopupkiller]
71251. Number=10113
71252. Confirmed=U
71253. Filename=Stopthepop.exe
71254. Description=<a href="http://www.bysoft.se/sureshot/stopthepop/" target="_blank">Stop-the-Pop-Up</a> popup blocker
71255. Source=Paul Collins Startup list
71256.  
71257. [Sureshotpopupkiller]
71258. Number=10114
71259. Confirmed=U
71260. Filename=pusak.exe
71261. Description=<a href="http://www.bysoft.se/sureshot/stopthepop/" target="_blank">Stop-the-Pop-Up</a> popup blocker
71262. Source=Paul Collins Startup list
71263.  
71264. [SurfAccuracy]
71265. Number=10115
71266. Confirmed=X
71267. Filename=sacc.exe
71268. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99" target=_blank>SurfAccuracy</a> adware
71269. Source=Paul Collins Startup list
71270.  
71271. [SurfBuddy]
71272. Number=10116
71273. Confirmed=X
71274. Filename=rundll32 [path] sbuddy.dll
71275. Description=SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by <a href="http://www.surfapps.com/surfbuddy/index.html" target=_blank>SurfApps!</a>
71276. Source=Paul Collins Startup list
71277.  
71278. [SurfChoice]
71279. Number=10117
71280. Confirmed=U
71281. Filename=SCMan.exe
71282. Description=SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa
71283. Source=Paul Collins Startup list
71284.  
71285. [Surfer lptt01]
71286. Number=10118
71287. Confirmed=X
71288. Filename=surfer.exe
71289. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
71290. Source=Paul Collins Startup list
71291.  
71292. [Surfer ml097e]
71293. Number=10119
71294. Confirmed=X
71295. Filename=surfer.exe
71296. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "mssurfer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
71297. Source=Paul Collins Startup list
71298.  
71299. [SurfHelper]
71300. Number=10120
71301. Confirmed=U
71302. Filename=SurfHelp.exe
71303. Description=Related to <a href="http://www.codeproject.com/shell/surfhelper.asp" target=_blank>SurfHelper</a> - a free tool to remove popup windows, clear history, control window properties of IE, and more
71304. Source=Paul Collins Startup list
71305.  
71306. [SurfinGuard Pro]
71307. Number=10121
71308. Confirmed=U
71309. Filename=winsfcm.exe
71310. Description=SurfinGuard Pro from <a href="http://www.finjan.com/" target="_blank">Finjan</a> - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
71311. Source=Paul Collins Startup list
71312.  
71313. [SurfSecret]
71314. Number=10122
71315. Confirmed=U
71316. Filename=ss2-full.exe
71317. Description="House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache"
71318. Source=Paul Collins Startup list
71319.  
71320. [SurfSideKick 2]
71321. Number=10123
71322. Confirmed=X
71323. Filename=Ssk.exe
71324. Description=<a href="http://www.spynet.com/spyware/spyware-SurfSideKick.aspx" target=_blank>SurfSideKick</a> adware
71325. Source=Paul Collins Startup list
71326.  
71327. [SurfSideKick 3]
71328. Number=10124
71329. Confirmed=X
71330. Filename=Ssk.exe
71331. Description=<a href="http://sarc.com/avcenter/venc/data/adware.surfsidekick.html" target=_blank>SurfSideKick</a> adware
71332. Source=Paul Collins Startup list
71333.  
71334. [SurfStream]
71335. Number=10125
71336. Confirmed=U
71337. Filename=SurfStream.exe
71338. Description=Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings"
71339. Source=Paul Collins Startup list
71340.  
71341. [Surs]
71342. Number=10126
71343. Confirmed=X
71344. Filename=awab.exe
71345. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
71346. Source=Paul Collins Startup list
71347.  
71348. [Surveysa]
71349. Number=10127
71350. Confirmed=N
71351. Filename=surveysa.exe
71352. Description=Found on Sony laptops, it brings up a prompt to take a survey. It goes away if you fill out the survey or you choose "never prompt me again" but keeps popping if you either exit out of it or select "take survey later"
71353. Source=Paul Collins Startup list
71354.  
71355. [suScheduler]
71356. Number=10128
71357. Confirmed=U
71358. Filename=UCLauncher.exe
71359. Description=Related to Lenovo ThinkVantage Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs less dependent on IT staff
71360.  
71361. Source=Paul Collins Startup list
71362.  
71363. [Susp]
71364. Number=10129
71365. Confirmed=X
71366. Filename=Susp.exe
71367. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
71368. Source=Paul Collins Startup list
71369.  
71370. [susse]
71371. Number=10130
71372. Confirmed=X
71373. Filename=hpsw.exe
71374. Description=<a href="http://vil.nai.com/vil/content/v_133315.htm" target="_blank">LinkMaker</a> adware
71375. Source=Paul Collins Startup list
71376.  
71377. [Sustem]
71378. Number=10131
71379. Confirmed=X
71380. Filename=explorer.exe
71381. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
71382. Source=Paul Collins Startup list
71383.  
71384. [SustemUpdate]
71385. Number=10132
71386. Confirmed=X
71387. Filename=explorer.exe
71388. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
71389. Source=Paul Collins Startup list
71390.  
71391. [SV00LSV]
71392. Number=10133
71393. Confirmed=X
71394. Filename=SV00LSV.EXE
71395. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybirdc.html" target=_blank>GRAYBIRD-C</a> TROJAN!
71396. Source=Paul Collins Startup list
71397.  
71398. [SVA Player]
71399. Number=10134
71400. Confirmed=X
71401. Filename=SVAplayer.exe
71402. Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453073164="_blank">QuickFlicks Streaming Player</a> malware
71403. Source=Paul Collins Startup list
71404.  
71405. [Svc]
71406. Number=10135
71407. Confirmed=X
71408. Filename=svc.exe
71409. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClientMan&threatid=3754" target=_blank>ClientMan</a> parasite variant
71410. Source=Paul Collins Startup list
71411.  
71412. [SVC]
71413. Number=10136
71414. Confirmed=U
71415. Filename=svchost.exe
71416. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042211-0621-99" target=blank>ElfSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
71417. Source=Paul Collins Startup list
71418.  
71419. [SVC Service]
71420. Number=10137
71421. Confirmed=X
71422. Filename=svcinit.exe
71423. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100910-5701-99" target="_blank">SINIT</a> TROJAN!
71424. Source=Paul Collins Startup list
71425.  
71426. [SVC Service]
71427. Number=10138
71428. Confirmed=X
71429. Filename=svcinit.exe
71430. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
71431. Source=Paul Collins Startup list
71432.  
71433. [SVC Service]
71434. Number=10139
71435. Confirmed=X
71436. Filename=svcpack.exe
71437. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#svcinit" target=_blank>Svcinit</a> parasite variant
71438. Source=Paul Collins Startup list
71439.  
71440. [SVC Service]
71441. Number=10140
71442. Confirmed=X
71443. Filename=svc32.pif
71444. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasc.html" target=_blank>RBOT-ASC</a> WORM!
71445. Source=Paul Collins Startup list
71446.  
71447. [SVC Socks]
71448. Number=10141
71449. Confirmed=X
71450. Filename=mstaskm.exe
71451. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
71452. Source=Paul Collins Startup list
71453.  
71454. [Svced]
71455. Number=10142
71456. Confirmed=X
71457. Filename=Svced.exe
71458. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040117-4857-99" target="_blank">DELF.F</a> TROJAN!
71459. Source=Paul Collins Startup list
71460.  
71461. [SvcH0st]
71462. Number=10143
71463. Confirmed=X
71464. Filename=msexploren.exe
71465. Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_127365.htm" target="_blank">BACKDOOR-CGZ</a> TROJAN!
71466. Source=Paul Collins Startup list
71467.  
71468. [SvcH0st]
71469. Number=10144
71470. Confirmed=X
71471. Filename=SHCH.EXE
71472. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
71473. Source=Paul Collins Startup list
71474.  
71475. [SvcH0st]
71476. Number=10145
71477. Confirmed=X
71478. Filename=SVCHST.EXE
71479. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
71480. Source=Paul Collins Startup list
71481.  
71482. [SvcH0st]
71483. Number=10146
71484. Confirmed=X
71485. Filename=WINAGENT.EXE
71486. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN!
71487. Source=Paul Collins Startup list
71488.  
71489. [SVCH0ST]
71490. Number=10147
71491. Confirmed=X
71492. Filename=spoo1sv.exe
71493. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbhf.html" target=_blank>HF</a> TROJAN!
71494. Source=Paul Collins Startup list
71495.  
71496. [SVCH0ST]
71497. Number=10148
71498. Confirmed=X
71499. Filename=SVCH0ST.EXE
71500. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbik.html" target=_blank>IK</a> TROJAN! Note - the filename has the digit 0 rather then the uppercase "o"
71501. Source=Paul Collins Startup list
71502.  
71503. [SvcH0st]
71504. Number=10149
71505. Confirmed=X
71506. Filename=msnexploren.exe
71507. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
71508. Source=Paul Collins Startup list
71509.  
71510. [SvcH0st]
71511. Number=10150
71512. Confirmed=X
71513. Filename=sdhch.exe
71514. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
71515. Source=Paul Collins Startup list
71516.  
71517. [SVCH0TS]
71518. Number=10151
71519. Confirmed=X
71520. Filename=sp00lvs.exe
71521. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageaz.html" target=_blank>LINEAGE-AZ</a> TROJAN!
71522. Source=Paul Collins Startup list
71523.  
71524. [svchast]
71525. Number=10152
71526. Confirmed=X
71527. Filename=svchast.exe
71528. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageav.html" target=_blank>LINEAGE-AV</a> TROJAN!
71529. Source=Paul Collins Startup list
71530.  
71531. [svchctrl]
71532. Number=10153
71533. Confirmed=X
71534. Filename=svchctrl.exe
71535. Description=Added by the <a href="http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453098610" target="_blank">COBFINN</a> TROJAN!
71536. Source=Paul Collins Startup list
71537.  
71538. [svchos]
71539. Number=10154
71540. Confirmed=X
71541. Filename=svchos.exe
71542. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojezibotb.html" target="_blank">EZIBOT-B</a> TROJAN!
71543. Source=Paul Collins Startup list
71544.  
71545. [SVCHOST]
71546. Number=10155
71547. Confirmed=X
71548. Filename=svchost.exe
71549. Description=System1060 homepage hi-jacker. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "System1060" subfolder of the Winnt or Windows folder
71550. Source=Paul Collins Startup list
71551.  
71552. [svchost]
71553. Number=10156
71554. Confirmed=X
71555. Filename=svchost.exe
71556. Description=Added by many TROJANS amd WORMS, such as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041112-5839-99" target=_blank>MORB</a> or  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103014-5816-99" target=_blank>TARNO</a>. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
71557. Source=Paul Collins Startup list
71558.  
71559. [SVCHOST]
71560. Number=10157
71561. Confirmed=X
71562. Filename=mrowyekdc.exe
71563. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073115-5150-99" target="_blank">GOTORM</a> WORM!
71564. Source=Paul Collins Startup list
71565.  
71566. [svchost]
71567. Number=10158
71568. Confirmed=X
71569. Filename=Svch0st.exe
71570. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99" target="_blank">GRAYBIRD</a> and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041011-1708-99" target="_blank">GRAYBIRD.B</a> TROJANS! Note - the filename has the digit 0 rather then the uppercase "o"
71571. Source=Paul Collins Startup list
71572.  
71573. [svchost]
71574. Number=10159
71575. Confirmed=X
71576. Filename=[path to trojan]
71577. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091906-4732-99" target="_blank">HAZZER</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
71578. Source=Paul Collins Startup list
71579.  
71580. [svchost]
71581. Number=10160
71582. Confirmed=X
71583. Filename=ADMAGIC.EXE
71584. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092614-0933-99" target="_blank">SMIBAG</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
71585. Source=Paul Collins Startup list
71586.  
71587. [Svchost]
71588. Number=10161
71589. Confirmed=X
71590. Filename=winhost.exe
71591. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.A" target="_blank">LOLAWEB.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
71592. Source=Paul Collins Startup list
71593.  
71594. [Svchost]
71595. Number=10162
71596. Confirmed=X
71597. Filename=svchost.exe
71598. Description=Added by the <a href ="http://www.sophos.com/virusinfo/analyses/w32mozea.html" target=_blank>MOZE-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
71599. Source=Paul Collins Startup list
71600.  
71601. [SVCHOST]
71602. Number=10163
71603. Confirmed=X
71604. Filename=var.txt.exe
71605. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100416-1738-99" target="_blank">LDPINCH.C</a> TROJAN!
71606. Source=Paul Collins Startup list
71607.  
71608. [Svchost]
71609. Number=10164
71610. Confirmed=X
71611. Filename=svchosl.pif
71612. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112220-0246-99" target=_blank>INZAE.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112319-1247-99" target=_blank>INZAE.B</a> WORMS!
71613. Source=Paul Collins Startup list
71614.  
71615. [svchost]
71616. Number=10165
71617. Confirmed=X
71618. Filename=[path] SETUP.EXE
71619. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112913-5842-99" target=_blank>SETCLO</a> WORM!
71620. Source=Paul Collins Startup list
71621.  
71622. [SVCHOST]
71623. Number=10166
71624. Confirmed=X
71625. Filename=scvhost.exe
71626. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031314-0239-99" target=_blank>MYTOB.E</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031410-4821-99" target=_blank>MYTOB.G</a> WORMS!
71627. Source=Paul Collins Startup list
71628.  
71629. [SVCHOST]
71630. Number=10167
71631. Confirmed=X
71632. Filename=taskgmr.exe
71633. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031414-3100-99" target=_blank>MYTOB.F</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031615-3531-99" target=_blank>MYTOB.H</a> WORMS!
71634. Source=Paul Collins Startup list
71635.  
71636. [svchost]
71637. Number=10168
71638. Confirmed=X
71639. Filename=olehelp.exe
71640. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-3240-99" target=_blank>BOOKMARKER.G</a> TROJAN!
71641. Source=Paul Collins Startup list
71642.  
71643. [SVCHOST]
71644. Number=10169
71645. Confirmed=X
71646. Filename=updater32.exe
71647. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071019-0647-99" target=_blank>RANTS.A</a> WORM!
71648. Source=Paul Collins Startup list
71649.  
71650. [SVCHOST]
71651. Number=10170
71652. Confirmed=X
71653. Filename=SPOOLSV.EXE
71654. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baitapa.html" target=_blank>BAITAP-A</a> WORM! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
71655. Source=Paul Collins Startup list
71656.  
71657. [SvcHost]
71658. Number=10171
71659. Confirmed=X
71660. Filename=svchost32.exe
71661. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottm.html" target=_blank>AGOBOT-TM</a> WORM!
71662. Source=Paul Collins Startup list
71663.  
71664. [svchost]
71665. Number=10172
71666. Confirmed=X
71667. Filename=svchost.exe
71668. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhl.html" target=_blank>BANCBAN-HL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
71669. Source=Paul Collins Startup list
71670.  
71671. [svchost]
71672. Number=10173
71673. Confirmed=X
71674. Filename=[path to explorer.exe]
71675. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojunreala.html" target=_blank>UNREAL-A</a> TROJAN!
71676. Source=Paul Collins Startup list
71677.  
71678. [svchost]
71679. Number=10174
71680. Confirmed=X
71681. Filename=rundll16.exe
71682. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpapb.html" target=_blank>STARTPA-PB</a> TROJAN!
71683. Source=Paul Collins Startup list
71684.  
71685. [Svchost]
71686. Number=10175
71687. Confirmed=X
71688. Filename=svchost.exe
71689. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickax.html" target=_blank>ADCLICK-AX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Internet Explorer folder
71690. Source=Paul Collins Startup list
71691.  
71692. [svchost]
71693. Number=10176
71694. Confirmed=X
71695. Filename=svchost.exe
71696. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoores.html" target=_blank>ES</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
71697. Source=Paul Collins Startup list
71698.  
71699. [svchost]
71700. Number=10177
71701. Confirmed=X
71702. Filename=svchost.exe
71703. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderev.html" target=_blank>DLOADER-EV</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas" folder
71704. Source=Paul Collins Startup list
71705.  
71706. [svchost]
71707. Number=10178
71708. Confirmed=X
71709. Filename=winhelp.exe
71710. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
71711. Source=Paul Collins Startup list
71712.  
71713. [SVCHOST]
71714. Number=10179
71715. Confirmed=X
71716. Filename=MDM.EXE
71717. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lcjumpa.html" target="_blank">LCJUMP-A</a> WORM! Note - this is not the valid Machine Debug Manager which shares the same filename
71718. Source=Paul Collins Startup list
71719.  
71720. [Svchost]
71721. Number=10180
71722. Confirmed=X
71723. Filename=svchots.exe
71724. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADK" target="_blank">RBOT.ADK</a> WORM!
71725. Source=Paul Collins Startup list
71726.  
71727. [svchost]
71728. Number=10181
71729. Confirmed=X
71730. Filename=ying.exe
71731. Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
71732. Source=Paul Collins Startup list
71733.  
71734. [SVCHOST Generic application]
71735. Number=10182
71736. Confirmed=X
71737. Filename=svchost.exe
71738. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdaemonik.html" target=_blank>DAEMONI-K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
71739. Source=Paul Collins Startup list
71740.  
71741. [svchost Netware Manager]
71742. Number=10183
71743. Confirmed=X
71744. Filename=svchost.exe
71745. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-021317-3755-99" target=_blank>EXVID.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
71746. Source=Paul Collins Startup list
71747.  
71748. [Svchost Windows Remote Services]
71749. Number=10184
71750. Confirmed=X
71751. Filename=svhost.exe
71752. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbotiv.html" target=_blank>IRCBOT-IV</a> WORM!
71753. Source=Paul Collins Startup list
71754.  
71755. [svchost.exe]
71756. Number=10185
71757. Confirmed=X
71758. Filename=svchost32.exe
71759. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#svchost32" target=_blank>Svchost32</a> parasite variant
71760. Source=Paul Collins Startup list
71761.  
71762. [SVCHOST.EXE]
71763. Number=10186
71764. Confirmed=X
71765. Filename=SVCHOST.EXE
71766. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwrmscana.html" target=_blank>WRMSCAN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
71767. Source=Paul Collins Startup list
71768.  
71769. [svchost.exe]
71770. Number=10187
71771. Confirmed=X
71772. Filename=[path to executeable]
71773. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankermo.html" target=_blank>BANKER-MO</a> TROJAN!
71774. Source=Paul Collins Startup list
71775.  
71776. [svchost.exe]
71777. Number=10188
71778. Confirmed=X
71779. Filename=svchost.exe
71780. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasv.html" target=_blank>ZAPCHAS-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
71781. Source=Paul Collins Startup list
71782.  
71783. [svchost.exe]
71784. Number=10189
71785. Confirmed=X
71786. Filename=swchost.exe
71787. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsadelphia.html" target="_blank">SADELPHI-A</a> TROJAN!
71788. Source=Paul Collins Startup list
71789.  
71790. [svchost1]
71791. Number=10190
71792. Confirmed=X
71793. Filename=svchost1.exe
71794. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZZ" target=_blank>AGOBOT.ZZ</a> WORM!
71795. Source=Paul Collins Startup list
71796.  
71797. [SvcHost32]
71798. Number=10191
71799. Confirmed=X
71800. Filename=svchost32.exe
71801. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111317-1701-99" target="_blank">MIMAIL.I</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111710-5127-99" target="_blank">MIMAIL.J</a> WORMS!
71802. Source=Paul Collins Startup list
71803.  
71804. [svchost64]
71805. Number=10192
71806. Confirmed=X
71807. Filename=svchost64.exe
71808. Description=Added by the SDBOTER.G VIRUS!
71809. Source=Paul Collins Startup list
71810.  
71811. [svchosta]
71812. Number=10193
71813. Confirmed=X
71814. Filename=svchosta.exe
71815. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsnifferi.html" target= blank>SNIFFER-I</a> TROJAN!
71816. Source=Paul Collins Startup list
71817.  
71818. [svchostb]
71819. Number=10194
71820. Confirmed=X
71821. Filename=svchostb.exe
71822. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsnifferj.html" target= blank>SNIFFER-J</a> TROJAN!
71823. Source=Paul Collins Startup list
71824.  
71825. [svchostdll.scr]
71826. Number=10195
71827. Confirmed=X
71828. Filename=svchostdll.scr
71829. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfm.html" target=_blank>BANCBAN-FM</a> TROJAN!
71830. Source=Paul Collins Startup list
71831.  
71832. [SvcHosto]
71833. Number=10196
71834. Confirmed=X
71835. Filename=v1rg1n.exe
71836. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottk.html" target=_blank>AGOBOT-TK</a> WORM!
71837. Source=Paul Collins Startup list
71838.  
71839. [svchostr]
71840. Number=10197
71841. Confirmed=X
71842. Filename=svchostr.exe
71843. Description=Added by an unidentified WORM or TROJAN!
71844.  
71845. Source=Paul Collins Startup list
71846.  
71847. [svchosts]
71848. Number=10198
71849. Confirmed=X
71850. Filename=svchosts.exe
71851. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandc.html" target=_blank>BANCBAN-DC</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojbankered.html" target=_blank>BANKER-ED</a> TROJANS!
71852. Source=Paul Collins Startup list
71853.  
71854. [svchosts.exe]
71855. Number=10199
71856. Confirmed=X
71857. Filename=svchosts.exe
71858. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjn.html" target= blank>AGOBOT-JN</a> WORM!
71859. Source=Paul Collins Startup list
71860.  
71861. [svchosts.scr]
71862. Number=10200
71863. Confirmed=X
71864. Filename=svchosts.scr
71865. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbandq.html" target=_blank>BANCBAN-DQ</a> TROJAN and variants!
71866. Source=Paul Collins Startup list
71867.  
71868. [SVCHOT]
71869. Number=10201
71870. Confirmed=X
71871. Filename=SVCHOT.exe
71872. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqrobu.html" target=_blank>QQROB-U</a> TROJAN!
71873. Source=Paul Collins Startup list
71874.  
71875. [svchst]
71876. Number=10202
71877. Confirmed=X
71878. Filename=svchst.exe
71879. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboted.html" target=_blank>KBROY-C</a> TROJAN!
71880. Source=Paul Collins Startup list
71881.  
71882. [svcinfo]
71883. Number=10203
71884. Confirmed=X
71885. Filename=svcinfo.exe
71886. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
71887. Source=Paul Collins Startup list
71888.  
71889. [Svclhost]
71890. Number=10204
71891. Confirmed=X
71892. Filename=svcchost.exe
71893. Description=Added by an unidentified WORM or TROJAN!
71894. Source=Paul Collins Startup list
71895.  
71896. [SvcManager]
71897. Number=10205
71898. Confirmed=X
71899. Filename=restore3.exe
71900. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdss.html" target="_blank">AGENT-DSS</a> TROJAN!
71901. Source=Paul Collins Startup list
71902.  
71903. [svcmon]
71904. Number=10206
71905. Confirmed=U
71906. Filename=svcmon.exe
71907. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.personinspect.html" target="_blank">PersonInspect</a> surveillance software. Uninstall this software unless you put it there yourself
71908. Source=Paul Collins Startup list
71909.  
71910. [svcroot]
71911. Number=10207
71912. Confirmed=X
71913. Filename=svcroot.exe
71914. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogac.html" target=_blank>KEYLOG-AC</a> TROJAN!
71915. Source=Paul Collins Startup list
71916.  
71917. [svcshare]
71918. Number=10208
71919. Confirmed=X
71920. Filename=winampXP.exe
71921. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksj.html" target="_blank">FUJACKS-J</a> VIRUS!
71922. Source=Paul Collins Startup list
71923.  
71924. [svcshare]
71925. Number=10209
71926. Confirmed=X
71927. Filename=spoclsv.exe
71928. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fujacksa.html" target="_blank">FUJACKS-A</a> VIRUS!
71929. Source=Paul Collins Startup list
71930.  
71931. [SvcSys]
71932. Number=10210
71933. Confirmed=X
71934. Filename=[path to file]
71935. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071315-3418-99" target=_blank>BANCOS.Z</a> TROJAN!
71936. Source=Paul Collins Startup list
71937.  
71938. [Svcsys Registry Manager]
71939. Number=10211
71940. Confirmed=X
71941. Filename=svcsysreg.exe
71942. Description=Recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Agent.cv
71943. Source=Paul Collins Startup list
71944.  
71945. [svcsys32]
71946. Number=10212
71947. Confirmed=X
71948. Filename=svcsys32.exe
71949. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotll.html" target=_blank>AGOBOT-LL</a> WORM!
71950. Source=Paul Collins Startup list
71951.  
71952. [svctask]
71953. Number=10213
71954. Confirmed=X
71955. Filename=svctask.exe
71956. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchuckyba.html" target=_blank>CHUCKYB-A</a> TROJAN!
71957. Source=Paul Collins Startup list
71958.  
71959. [svcwinprocess32]
71960. Number=10214
71961. Confirmed=X
71962. Filename=[path to worm]
71963. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073012-2202-99" target="_blank">UPERING</a> WORM!
71964. Source=Paul Collins Startup list
71965.  
71966. [svhoost]
71967. Number=10215
71968. Confirmed=X
71969. Filename=checksys.exe
71970. Description=Added by a downloader TROJAN of Chinese origin!
71971. Source=Paul Collins Startup list
71972.  
71973. [SVHOST]
71974. Number=10216
71975. Confirmed=X
71976. Filename=svhost.exe
71977. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041516-1209-99" target="_blank">MYDOOM.I</a> WORM!
71978. Source=Paul Collins Startup list
71979.  
71980. [SVHOST]
71981. Number=10217
71982. Confirmed=X
71983. Filename=SVHOST.EXE
71984. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031116-5414-99" target=_blank>ZORI.A</a> VIRUS!
71985. Source=Paul Collins Startup list
71986.  
71987. [Svhost Loader]
71988. Number=10218
71989. Confirmed=X
71990. Filename=svshost.exe
71991. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.G" target=_blank>AGOBOT.G</a> WORM!
71992.  
71993. Source=Paul Collins Startup list
71994.  
71995. [svhost updates]
71996. Number=10219
71997. Confirmed=X
71998. Filename=Svhost.exe
71999. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72000. Source=Paul Collins Startup list
72001.  
72002. [svhost windows services]
72003. Number=10220
72004. Confirmed=X
72005. Filename=svhost8.exe
72006. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwq.html" target= blank>RBOT-WQ</a> WORM!
72007. Source=Paul Collins Startup list
72008.  
72009. [SVIDC32M]
72010. Number=10221
72011. Confirmed=?
72012. Filename=SVIDC32M.exe
72013. Description=<font color="#FF0000">??</font>
72014. Source=Paul Collins Startup list
72015.  
72016. [sVideo2]
72017. Number=10222
72018. Confirmed=X
72019. Filename=vxdrun6.exe
72020. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialswitchd.html" target= blank>"Switch"</a> premium rate adult content dialler
72021. Source=Paul Collins Startup list
72022.  
72023. [sviload32]
72024. Number=10223
72025. Confirmed=X
72026. Filename=sviload32.exe
72027. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaas.html" target=_blank>RBOT-AAS</a> WORM!
72028. Source=Paul Collins Startup list
72029.  
72030. [SVM Pop]
72031. Number=10224
72032. Confirmed=?
72033. Filename=svmpop.exe
72034. Description=<font color="#FF0000">??</font>
72035. Source=Paul Collins Startup list
72036.  
72037. [svnlitup32]
72038. Number=10225
72039. Confirmed=X
72040. Filename=svnlitup32.exe
72041. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBJ&VSect=P" target=_blank>RBOT.CBJ</a> WORM!
72042. Source=Paul Collins Startup list
72043.  
72044. [svnloader]
72045. Number=10226
72046. Confirmed=X
72047. Filename=svnload32.exe
72048. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacu.html" target=_blank>RBOT-ACU</a> WORM!
72049. Source=Paul Collins Startup list
72050.  
72051. [svphost.exe]
72052. Number=10227
72053. Confirmed=X
72054. Filename=svphost.exe
72055. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CS&VSect=T" target=_blank>AGENT.CS</a> TROJAN!
72056. Source=Paul Collins Startup list
72057.  
72058. [SVPWUTIL]
72059. Number=10228
72060. Confirmed=U
72061. Filename=SVPWUTIL.exe SVPwUTIL
72062. Description=Part of Toshiba Hardware Setup
72063. Source=Paul Collins Startup list
72064.  
72065. [svrrun]
72066. Number=10229
72067. Confirmed=X
72068. Filename=svrrun.exe
72069. Description=Adware hailing from Deskwizz.com
72070.  
72071. Source=Paul Collins Startup list
72072.  
72073. [svsekin]
72074. Number=10230
72075. Confirmed=X
72076. Filename=svsekt.exe
72077. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050913-5746-99" target= blank>QQPASS.G</a> TROJAN!
72078. Source=Paul Collins Startup list
72079.  
72080. [svshost]
72081. Number=10231
72082. Confirmed=X
72083. Filename=svshost.exe
72084. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32chodeh.html" target=_blank>CHODE-H</a> WORM!
72085. Source=Paul Collins Startup list
72086.  
72087. [svshost]
72088. Number=10232
72089. Confirmed=X
72090. Filename=messenger.exe
72091. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyg.html" target="_blank">LOONY-G</a> TROJAN!
72092. Source=Paul Collins Startup list
72093.  
72094. [Svshost Update Service]
72095. Number=10233
72096. Confirmed=X
72097. Filename=svcbind.exe
72098. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LH&VSect=P" target=_blank>MYTOB.LH</a> WORM!
72099. Source=Paul Collins Startup list
72100.  
72101. [svshost32]
72102. Number=10234
72103. Confirmed=X
72104. Filename=msgrsv32.exe
72105. Description=Added by the RANKY.AJ TROJAN!
72106. Source=Paul Collins Startup list
72107.  
72108. [svshost32]
72109. Number=10235
72110. Confirmed=X
72111. Filename=svshost32.exe
72112. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
72113. Source=Paul Collins Startup list
72114.  
72115. [svshostdriver]
72116. Number=10236
72117. Confirmed=X
72118. Filename=svshost.exe
72119. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbothn.html" target=_blank>SDBOT-HN</a> TROJAN!
72120.  
72121. Source=Paul Collins Startup list
72122.  
72123. [svtcin]
72124. Number=10237
72125. Confirmed=X
72126. Filename=n20050308.a.Stub.EXE
72127. Description=Added by the <a href="http://www.superadblocker.com/definition/n20050308/" target=_blank>N20050308</a> TROJAN!
72128.  
72129. Source=Paul Collins Startup list
72130.  
72131. [svwin32]
72132. Number=10238
72133. Confirmed=X
72134. Filename=unninst32.exe
72135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnf.html" target=_blank>AGOBOT-NF</a> WORM!
72136.  
72137. Source=Paul Collins Startup list
72138.  
72139. [SVX Control Service]
72140. Number=10239
72141. Confirmed=X
72142. Filename=svxhost.exe
72143. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotk.html" target="_blank">FORBOT-K</a> WORM!
72144. Source=Paul Collins Startup list
72145.  
72146. [SW20]
72147. Number=10240
72148. Confirmed=U
72149. Filename=sw20.exe
72150. Description=Related to MSI's <a href="http://www.hardocp.com/article.html?art=ODAwLDI=" target=_blank>Dynamic Overclocking Technology</a>
72151. Source=Paul Collins Startup list
72152.  
72153. [SW24]
72154. Number=10241
72155. Confirmed=U
72156. Filename=sw24.exe
72157. Description=Related to MSI's <a href="http://www.hardocp.com/article.html?art=ODAwLDI=" target=_blank>Dynamic Overclocking Technology</a>
72158. Source=Paul Collins Startup list
72159.  
72160. [Swap Nut]
72161. Number=10242
72162. Confirmed=N
72163. Filename=javaw.exe
72164. Description=javaw.exe can be loaded by other programs at startup but in this instance it's SwapNut, a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network
72165. Source=Paul Collins Startup list
72166.  
72167. [SWCaller]
72168. Number=10243
72169. Confirmed=X
72170. Filename=SWcaller.exe
72171. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062810-5527-99" target="_blank">Swporta</a> homepage hijacker
72172. Source=Paul Collins Startup list
72173.  
72174. [SWCaller]
72175. Number=10244
72176. Confirmed=X
72177. Filename=Swcaller2.exe
72178. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062810-5527-99" target="_blank">Swporta</a> homepage hijacker
72179. Source=Paul Collins Startup list
72180.  
72181. [Swchost]
72182. Number=10245
72183. Confirmed=X
72184. Filename=Swhost.exe
72185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoormp.html" target=_blank>MP</a> TROJAN!
72186. Source=Paul Collins Startup list
72187.  
72188. [SWClient]
72189. Number=10246
72190. Confirmed=U
72191. Filename=swsys.exe
72192. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062215-5847-99" target=_blank>ActivMonAgent</a> keyboard logger/monitoring program - remove unless you installed it yourself
72193. Source=Paul Collins Startup list
72194.  
72195. [swcroot]
72196. Number=10247
72197. Confirmed=X
72198. Filename=swcroot.exe
72199. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsolenoa.html" target=_blank>SOLENO-A</a> TROJAN!
72200. Source=Paul Collins Startup list
72201.  
72202. [SWd]
72203. Number=10248
72204. Confirmed=N
72205. Filename=winwd.exe
72206. Description=<a href="http://www.tropsoft.com/pcsecurity/index.htm" target="_blank">PC Security</a> from Tropical Software - lock files, password protect, etc
72207. Source=Paul Collins Startup list
72208.  
72209. [Sweep95]
72210. Number=10249
72211. Confirmed=Y
72212. Filename=ICLOAD95.EXE
72213. Description=Part of <a href="http://www.sophos.com/products/software/" target="_blank">Sophos</a> ant-virus sofware
72214. Source=Paul Collins Startup list
72215.  
72216. [SweetIM]
72217. Number=10250
72218. Confirmed=N
72219. Filename=SweetIM.exe
72220. Description=v<a href="http://www.sweetim.com/" target=_blank>SweetIM</a> - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed
72221. Source=Paul Collins Startup list
72222.  
72223. [Swf32]
72224. Number=10251
72225. Confirmed=X
72226. Filename=AVupdate.exe
72227. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062815-2337-99" target="_blank">MERKUR.E</a> WORM!
72228. Source=Paul Collins Startup list
72229.  
72230. [Swf32]
72231. Number=10252
72232. Confirmed=X
72233. Filename=_backup.exe
72234. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071717-0325-99" target="_blank">SYMTEN</a> WORM!
72235. Source=Paul Collins Startup list
72236.  
72237. [swg]
72238. Number=10253
72239. Confirmed=U
72240. Filename=GoogleToolbarNotifier.exe
72241. Description=Companion to the <a href="http://toolbar.google.com/T4/intl/en-GB/?utm_source=en_GB-et-more&utm_medium=et&utm_campaign=en_GB" target="_blank">Google Toolbar</a> that lets you keep Google as your default search engine and prevents this setting from being changed without your consent. Shouldn't remain in memory after the feature is disabled as it's a bug - see <a href="http://googlesystem.blogspot.com/2006/07/google-is-your-default-search.html" target="_blank">here</a>
72242. Source=Paul Collins Startup list
72243.  
72244. [SwimSuitNetwork]
72245. Number=10254
72246. Confirmed=X
72247. Filename=SwimSuitNetwork.exe
72248. Description=Advertising spyware
72249. Source=Paul Collins Startup list
72250.  
72251. [swingsys]
72252. Number=10255
72253. Confirmed=X
72254. Filename=SWINGSYS.EXE
72255. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancoscx.html" target=_blank>BANCOS-CX</a> TROJAN!
72256. Source=Paul Collins Startup list
72257.  
72258. [Switch Off]
72259. Number=10256
72260. Confirmed=U
72261. Filename=swoff.exe
72262. Description=<a href="http://www.download.com/Switch-Off/3000-2344_4-10154101.html?tag=pub" target="_blank">Switch Off</a> - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc
72263. Source=Paul Collins Startup list
72264.  
72265. [Switchboard.com Toolbar]
72266. Number=10257
72267. Confirmed=N
72268. Filename=AtHoc.exe
72269. Description=Toolbar for the on-line version of Yellow Pages in the US - <a href="http://www.switchboard.com/" target="_blank">Switchboard.com</a>
72270. Source=Paul Collins Startup list
72271.  
72272. [Switcher]
72273. Number=10258
72274. Confirmed=U
72275. Filename=Switcher.exe
72276. Description="On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)"
72277. Source=Paul Collins Startup list
72278.  
72279. [switp]
72280. Number=10259
72281. Confirmed=X
72282. Filename=switpa.exe
72283. Description=<a href="http://sarc.com/avcenter/venc/data/adware.offeragent.html" target=_blank>OfferAgent</a> adware component
72284. Source=Paul Collins Startup list
72285.  
72286. [SWL]
72287. Number=10260
72288. Confirmed=U
72289. Filename=rundll32.exe [path] SWL.dll rdl
72290. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071818-0017-99" target="_blank">StealthWeblog</a> surveillance software. Uninstall this software unless you put it there yourself
72291. Source=Paul Collins Startup list
72292.  
72293. [SWN2]
72294. Number=10261
72295. Confirmed=U
72296. Filename=swnxt.exe
72297. Description=Spyware removal program by TrekBlue. Previously not recommended but the latest version was delisted <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
72298.  
72299. Source=Paul Collins Startup list
72300.  
72301. [sws.exe]
72302. Number=10262
72303. Confirmed=X
72304. Filename=[random filename]
72305. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091621-1604-99" target="_blank">Haldex</a> type adult content dialler
72306. Source=Paul Collins Startup list
72307.  
72308. [sws.exe]
72309. Number=10263
72310. Confirmed=X
72311. Filename=gd-dial.exe
72312. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101315-1143-99" target=_blank>Globaldialer</a> adult content premium rate dialer
72313. Source=Paul Collins Startup list
72314.  
72315. [SwTray]
72316. Number=10264
72317. Confirmed=N
72318. Filename=SWTRAY.EXE
72319. Description=MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it
72320. Source=Paul Collins Startup list
72321.  
72322. [SWTrayV4]
72323. Number=10265
72324. Confirmed=N
72325. Filename=SWTrayV4.exe
72326. Description=MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
72327. Source=Paul Collins Startup list
72328.  
72329. [SXGDSENU]
72330. Number=10266
72331. Confirmed=?
72332. Filename=sxgdsenu.exe
72333. Description=<font color="#FF0000">Yamaha SXG soundcard driver</font>
72334. Source=Paul Collins Startup list
72335.  
72336. [SxgTkBar]
72337. Number=10267
72338. Confirmed=N
72339. Filename=sxgtkbar.exe
72340. Description=Yamaha SXG soundcard utility - gives quick and easy access via the system tray bar to diagnostics and configuration
72341.  
72342. Source=Paul Collins Startup list
72343.  
72344. [Sxplog]
72345. Number=10268
72346. Confirmed=?
72347. Filename=sxpstub.exe
72348. Description=Part of <a href="http://www3.ca.com/Solutions/Product.asp?ID=234" target=_blank>CA Unicenter</a> Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - <font color="#FF0000">is it required at startup?</font>
72349. Source=Paul Collins Startup list
72350.  
72351. [sxrrv]
72352. Number=10269
72353. Confirmed=X
72354. Filename=sxrrv.pif
72355. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvaxa.html" target=_blank>VAX-A</a> TROJAN!
72356. Source=Paul Collins Startup list
72357.  
72358. [SyBot v2.1 By Sky-Dancer]
72359. Number=10270
72360. Confirmed=X
72361. Filename=HPSV.exe
72362. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.I&VSect=P" target=_blank>ZOTOB.I</a> WORM!
72363. Source=Paul Collins Startup list
72364.  
72365. [SYDNEY]
72366. Number=10271
72367. Confirmed=X
72368. Filename=[file path]
72369. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090916-2243-99" target="_blank">SYNEY</a> WORM!
72370. Source=Paul Collins Startup list
72371.  
72372. [syelimS-esreveR-troppuS]
72373. Number=10272
72374. Confirmed=X
72375. Filename=[filename]
72376. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITBOT.C&VSect=P" target=_blank>LITBOT.C</a> TROJAN!
72377. Source=Paul Collins Startup list
72378.  
72379. [Syga432te Pe432rsonal Firewall]
72380. Number=10273
72381. Confirmed=X
72382. Filename=MrNo4236.exe
72383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqy.html" target=_blank>RBOT-AQY</a> WORM!
72384. Source=Paul Collins Startup list
72385.  
72386. [Sygaete Personal Firewall]
72387. Number=10274
72388. Confirmed=X
72389. Filename=SyGate.exe
72390. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglx.html" target="_blank">RBOT-GLX</a> WORM!
72391. Source=Paul Collins Startup list
72392.  
72393. [Sygate Peral Firewall]
72394. Number=10275
72395. Confirmed=X
72396. Filename=Syga.exe
72397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqk.html" target=_blank>RBOT-AQK</a> WORM!
72398. Source=Paul Collins Startup list
72399.  
72400. [Sygate Personal 3]
72401. Number=10276
72402. Confirmed=X
72403. Filename=svrv.exe
72404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxd.html" target= blank>RBOT-XD</a> WORM!
72405. Source=Paul Collins Startup list
72406.  
72407. [Sygate Personal Block]
72408. Number=10277
72409. Confirmed=X
72410. Filename=Studio.exe
72411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottw.html" target=_blank>RBOT-TW</a> WORM!
72412. Source=Paul Collins Startup list
72413.  
72414. [Sygate Personal Firewall]
72415. Number=10278
72416. Confirmed=X
72417. Filename=Win32x.exe
72418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkz.html" target="_blank">RBOT-KZ</a> WORM!
72419. Source=Paul Collins Startup list
72420.  
72421. [Sygate Personal Firewall]
72422. Number=10279
72423. Confirmed=X
72424. Filename=system32.exe
72425. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VI" target=_blank>RBOT.VI</a> WORM!
72426. Source=Paul Collins Startup list
72427.  
72428. [Sygate Personal Firewall]
72429. Number=10280
72430. Confirmed=X
72431. Filename=sysgut.exe
72432. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WM&Vsect=T" target=_blank>SDBOT.WM</a> WORM!
72433.  
72434. Source=Paul Collins Startup list
72435.  
72436. [Sygate Personal Firewall]
72437. Number=10281
72438. Confirmed=X
72439. Filename=Sygate.exe
72440. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpn.html" target=_blank>RBOT-PN</a> WORM!
72441.  
72442. Source=Paul Collins Startup list
72443.  
72444. [Sygate Personal Firewall]
72445. Number=10282
72446. Confirmed=X
72447. Filename=Mcafeeupdate.exe
72448. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.YN" target="_blank">RBOT.YN</a> WORM!
72449. Source=Paul Collins Startup list
72450.  
72451. [Sygate Personal Firewall]
72452. Number=10283
72453. Confirmed=X
72454. Filename=Sygate32.exe
72455. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATW" target="_blank">RBOT.ATW</a> WORM!
72456. Source=Paul Collins Startup list
72457.  
72458. [Sygate Personal Firewall]
72459. Number=10284
72460. Confirmed=X
72461. Filename=MSNSRV32.exe
72462. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72463. Source=Paul Collins Startup list
72464.  
72465. [Sygate Personal Firewall]
72466. Number=10285
72467. Confirmed=X
72468. Filename=service.exe
72469. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72470. Source=Paul Collins Startup list
72471.  
72472. [Sygate Personal Firewall]
72473. Number=10286
72474. Confirmed=X
72475. Filename=t1ktik.exe
72476. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvp.html" target=_blank>RBOT-VP</a> WORM!
72477. Source=Paul Collins Startup list
72478.  
72479. [Sygate Personal Firewall]
72480. Number=10287
72481. Confirmed=X
72482. Filename=host32.exe
72483. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=41525" target= blank>RBOT.ALD</a> WORM!
72484. Source=Paul Collins Startup list
72485.  
72486. [Sygate Personal Firewall]
72487. Number=10288
72488. Confirmed=X
72489. Filename=sexy.exe
72490. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxy.html" target= blank>RBOT-XY</a> WORM!
72491. Source=Paul Collins Startup list
72492.  
72493. [Sygate Personal Firewall]
72494. Number=10289
72495. Confirmed=X
72496. Filename=sys.exe
72497. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzc.html" target= blank>RBOT-ZC</a> WORM!
72498. Source=Paul Collins Startup list
72499.  
72500. [Sygate Personal Firewall]
72501. Number=10290
72502. Confirmed=X
72503. Filename=syserror.exe
72504. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UC" target="_blank">RBOT.UC</a> WORM!
72505. Source=Paul Collins Startup list
72506.  
72507. [Sygate Personal Firewall]
72508. Number=10291
72509. Confirmed=X
72510. Filename=hostserv.exe
72511. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BKO&VSect=P" target=_blank>RBOT.BKO</a> WORM!
72512. Source=Paul Collins Startup list
72513.  
72514. [Sygate Personal Firewall]
72515. Number=10292
72516. Confirmed=X
72517. Filename=msnmsgrs.exe
72518. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XN&VSect=P" target=_blank>RBOT.XN</a> WORM!
72519. Source=Paul Collins Startup list
72520.  
72521. [Sygate Personal Firewall]
72522. Number=10293
72523. Confirmed=X
72524. Filename=Sygat.exe
72525. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72526. Source=Paul Collins Startup list
72527.  
72528. [Sygate Personal Firewall]
72529. Number=10294
72530. Confirmed=X
72531. Filename=wins.exe
72532. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOB&VSect=P" target=_blank>RBOT.AOB</a> WORM!
72533. Source=Paul Collins Startup list
72534.  
72535. [Sygate Personal Firewall]
72536. Number=10295
72537. Confirmed=X
72538. Filename=winxpstat.exe
72539. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72540. Source=Paul Collins Startup list
72541.  
72542. [Sygate Personal Firewall]
72543. Number=10296
72544. Confirmed=X
72545. Filename=Syga.exe
72546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqd.html" target=_blank>RBOT-AQD</a> WORM!
72547. Source=Paul Collins Startup list
72548.  
72549. [Sygate Personal Firewall]
72550. Number=10297
72551. Confirmed=X
72552. Filename=svchots.exe
72553. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABT" target="_blank">RBOT.ABT</a> WORM!
72554. Source=Paul Collins Startup list
72555.  
72556. [Sygate Personal Firewall Start]
72557. Number=10298
72558. Confirmed=X
72559. Filename=services32.exe
72560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmb.html" target="_blank">RBOT-MB</a> WORM!
72561. Source=Paul Collins Startup list
72562.  
72563. [Sygate Personal Firewall Start]
72564. Number=10299
72565. Confirmed=X
72566. Filename=servic.exe
72567. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotry.html" target=_blank>RBOT-RY</a> WORM!
72568. Source=Paul Collins Startup list
72569.  
72570. [Sygate Personal Port]
72571. Number=10300
72572. Confirmed=X
72573. Filename=crss.exe
72574. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpx.html" target=_blank>RBOT-PX</a> WORM!
72575. Source=Paul Collins Startup list
72576.  
72577. [Sygate Personal Port Blocker]
72578. Number=10301
72579. Confirmed=X
72580. Filename=volume.exe
72581. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72582. Source=Paul Collins Startup list
72583.  
72584. [Sygate Personal Port Blocker]
72585. Number=10302
72586. Confirmed=X
72587. Filename=winupdate.exe
72588. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72589. Source=Paul Collins Startup list
72590.  
72591. [Sygate Personals Firewalls]
72592. Number=10303
72593. Confirmed=X
72594. Filename=ccsrn.exe
72595. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
72596. Source=Paul Collins Startup list
72597.  
72598. [SyGateService]
72599. Number=10304
72600. Confirmed=U
72601. Filename=sgserv95.exe
72602. Description=<a href="http://www.sygate.com/" target="_blank">SyGate</a> is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs
72603. Source=Paul Collins Startup list
72604.  
72605. [Symantec]
72606. Number=10305
72607. Confirmed=X
72608. Filename=ccapp.exe
72609. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071510-0336-99" target=_blank>REATLE</a> WORM! Note - this is not a Symantec file
72610. Source=Paul Collins Startup list
72611.  
72612. [Symantec Anti Virus]
72613. Number=10306
72614. Confirmed=X
72615. Filename=symantec32.exe
72616. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
72617. Source=Paul Collins Startup list
72618.  
72619. [Symantec Antivirus professional]
72620. Number=10307
72621. Confirmed=X
72622. Filename=dfrgfrat.exe
72623. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
72624. Source=Paul Collins Startup list
72625.  
72626. [Symantec Autoscan]
72627. Number=10308
72628. Confirmed=X
72629. Filename=[random filename]
72630. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajo.html" target=_blank>RBOT-AJO</a> WORM!
72631. Source=Paul Collins Startup list
72632.  
72633. [Symantec Configuration Loader]
72634. Number=10309
72635. Confirmed=X
72636. Filename=ccApp32.exe
72637. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112112-1102-99" target="_blank">GAOBOT</a> WORM!
72638. Source=Paul Collins Startup list
72639.  
72640. [Symantec Core LC]
72641. Number=10310
72642. Confirmed=Y
72643. Filename=symlcsvc.exe
72644. Description=Part of Norton AntiVirus 2004. <font color="#FF0000"> What does it do?</font>
72645. Source=Paul Collins Startup list
72646.  
72647. [Symantec Fax Starter Edition Port]
72648. Number=10311
72649. Confirmed=N
72650. Filename=OLFSNT40.EXE
72651. Description=Offers a virtual printer as a fax machine. Can be run via a desktop shortcut
72652. Source=Paul Collins Startup list
72653.  
72654. [Symantec NetDriver Monitor]
72655. Number=10312
72656. Confirmed=U
72657. Filename=SNDMon.exe
72658. Description=Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual updates but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers û then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation
72659. Source=Paul Collins Startup list
72660.  
72661. [Symantec NetDriver Warning]
72662. Number=10313
72663. Confirmed=U
72664. Filename=SNDWarn.exe
72665. Description=Part of Symantec Live Update - displays the warning when you need to update the firewall database
72666. Source=Paul Collins Startup list
72667.  
72668. [Symantec Secure Server]
72669. Number=10314
72670. Confirmed=X
72671. Filename=svrhost.exe
72672. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotub.html" target="_blank">IRCBOT-UB</a> TROJAN!
72673. Source=Paul Collins Startup list
72674.  
72675. [Symantec Security]
72676. Number=10315
72677. Confirmed=X
72678. Filename=symantec32.exe
72679. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-033018-3637-99" target="_blank">RANDEX.PR</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042009-1946-99" target="_blank">RANDEX.YR</a> WORMS!
72680. Source=Paul Collins Startup list
72681.  
72682. [Symantec Security Addon]
72683. Number=10316
72684. Confirmed=X
72685. Filename=nvsvc.exe
72686. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM! Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described <a href="http://www.sysinfo.org/startuplist.php?filter=nvsvc.exe" target=_blank>here</a>
72687. Source=Paul Collins Startup list
72688.  
72689. [Symantec Security Routine Addon for Microsoft Windows]
72690. Number=10317
72691. Confirmed=X
72692. Filename=navpxaw32.exe
72693. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqj.html" target=_blank>AGOBOT-GJ</a> TROJAN!
72694. Source=Paul Collins Startup list
72695.  
72696. [Symantec Service]
72697. Number=10318
72698. Confirmed=X
72699. Filename=ccApp.exe
72700. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021610-0732-99" target=_blank>AKHER.D</a> WORM! Note - this is also not the valid Norton AV file with the same filename
72701. Source=Paul Collins Startup list
72702.  
72703. [SymantecFilterCheck]
72704. Number=10319
72705. Confirmed=X
72706. Filename=svhost.exe
72707. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereeo.html" target="_blank">BANKER-EEO</a> TROJAN!
72708. Source=Paul Collins Startup list
72709.  
72710. [SymAV]
72711. Number=10320
72712. Confirmed=X
72713. Filename=SymAV.exe
72714. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040716-2838-99" target="_blank">NETSKY.U</a> WORM!
72715. Source=Paul Collins Startup list
72716.  
72717. [SymKeepAlive]
72718. Number=10321
72719. Confirmed=U
72720. Filename=CKA.exe
72721. Description=Part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2003</a> - keeps a dial-up modem connection alive
72722. Source=Paul Collins Startup list
72723.  
72724. [Symlcs]
72725. Number=10322
72726. Confirmed=X
72727. Filename=[path to file]
72728. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojyaspya.html" target=_blank>YASPY-A</a> TROJAN!
72729. Source=Paul Collins Startup list
72730.  
72731. [Symmetrical Network]
72732. Number=10323
72733. Confirmed=X
72734. Filename=symmec.exe
72735. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotn.html" target="_blank">DELBOT-N</a> WORM!
72736. Source=Paul Collins Startup list
72737.  
72738. [SymRun]
72739. Number=10324
72740. Confirmed=X
72741. Filename=N/A
72742. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kangarooa.html" target=_blank>KANGAROO-A</a> TROJAN!
72743. Source=Paul Collins Startup list
72744.  
72745. [SymRun]
72746. Number=10325
72747. Confirmed=X
72748. Filename=ccApps.exe
72749. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkagena.html" target=_blank>KAGEN-A</a> TROJAN!
72750. Source=Paul Collins Startup list
72751.  
72752. [SymTray - Norton SystemWorks]
72753. Number=10326
72754. Confirmed=N
72755. Filename=SYMTRAY.EXE
72756. Description=Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray
72757. Source=Paul Collins Startup list
72758.  
72759. [Synaptics Pointing Device Driver]
72760. Number=10327
72761. Confirmed=U
72762. Filename=SynTPEnh.exe
72763. Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
72764. Source=Paul Collins Startup list
72765.  
72766. [Sync Data]
72767. Number=10328
72768. Confirmed=U
72769. Filename=Hndsync.exe
72770. Description=<a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp">Pocket Real Estate</a> - mobile synchronization manager
72771. Source=Paul Collins Startup list
72772.  
72773. [Sync Server]
72774. Number=10329
72775. Confirmed=X
72776. Filename=drwatsoon.exe
72777. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-4208-99" target=_blank>WATSOON.A</a> TROJAN!
72778. Source=Paul Collins Startup list
72779.  
72780. [Sync-It]
72781. Number=10330
72782. Confirmed=U
72783. Filename=Syncit.exe
72784. Description=<a href="http://www.tolvanen.com/syncit/" target="_blank">Sync-It</a> - synchronizes the system clock with time servers on the internet
72785. Source=Paul Collins Startup list
72786.  
72787. [SyncAgent]
72788. Number=10331
72789. Confirmed=U
72790. Filename=syncagent.exe
72791. Description=<a href="http://www.keylogger.net/" target=blank>Ghost Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
72792.  
72793. Source=Paul Collins Startup list
72794.  
72795. [Synchronization Manage]
72796. Number=10332
72797. Confirmed=X
72798. Filename=rservers.exe
72799. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfm.html" target=_blank>FORBOT-FM</a> WORM!
72800. Source=Paul Collins Startup list
72801.  
72802. [Synchronization Manager]
72803. Number=10333
72804. Confirmed=N
72805. Filename=mobsync.exe
72806. Description=Find more information about its use <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;256139" target="_blank">here</a>
72807. Source=Paul Collins Startup list
72808.  
72809. [syncman]
72810. Number=10334
72811. Confirmed=X
72812. Filename=winsync.exe
72813. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmancsyna.html" target=_blank>MANCSYN-A</a> TROJAN!
72814. Source=Paul Collins Startup list
72815.  
72816. [SyncManager]
72817. Number=10335
72818. Confirmed=X
72819. Filename=msorunner.exe
72820. Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
72821. Source=Paul Collins Startup list
72822.  
72823. [SyncMon]
72824. Number=10336
72825. Confirmed=X
72826. Filename=adslcomdos.exe
72827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclunkya.html" target= blank>CLUNKY-A</a> TROJAN!
72828. Source=Paul Collins Startup list
72829.  
72830. [SyncMon]
72831. Number=10337
72832. Confirmed=X
72833. Filename=fixcomdos.exe
72834. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclunkyb.html" target=_blank>CLUNKY-B</a> TROJAN!
72835. Source=Paul Collins Startup list
72836.  
72837. [SynSetup]
72838. Number=10338
72839. Confirmed=?
72840. Filename=SynTP.tmp RunOnce.exe
72841. Description=<font color="#FF0000">Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?</font>
72842. Source=Paul Collins Startup list
72843.  
72844. [Syntax]
72845. Number=10339
72846. Confirmed=X
72847. Filename=windows32.exe
72848. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CQ" target=_blank>SDBOT.CQ</a> WORM!
72849. Source=Paul Collins Startup list
72850.  
72851. [Syntax Script]
72852. Number=10340
72853. Confirmed=X
72854. Filename=systacq.exe
72855. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010309-3226-99" target=_blank>SDBOT.AI</a> WORM!
72856. Source=Paul Collins Startup list
72857.  
72858. [SynTPEnh]
72859. Number=10341
72860. Confirmed=U
72861. Filename=syntpenh.exe
72862. Description=Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
72863. Source=Paul Collins Startup list
72864.  
72865. [SynTPLpr]
72866. Number=10342
72867. Confirmed=Y
72868. Filename=syntplpr.exe
72869. Description=Synaptics touchpad driver helper. Required for touchpad features to work
72870. Source=Paul Collins Startup list
72871.  
72872. [sys]
72873. Number=10343
72874. Confirmed=X
72875. Filename=regedit /s sys.reg
72876. Description=Hijacker
72877. Source=Paul Collins Startup list
72878.  
72879. [sys]
72880. Number=10344
72881. Confirmed=X
72882. Filename=regedit sysdllwm.reg
72883. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojfemadl.html" target= blank>FEMAD-L</a> TROJAN!
72884. Source=Paul Collins Startup list
72885.  
72886. [Sys Ren]
72887. Number=10345
72888. Confirmed=X
72889. Filename=SysRen.exe
72890. Description=Part of <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=FlashEnhancer&threatid=14959" target="_blank">FlashEnhancer</a> adware
72891. Source=Paul Collins Startup list
72892.  
72893. [sys************* [* = random digit]]
72894. Number=10346
72895. Confirmed=X
72896. Filename=sys*************.exe [* = random digit]
72897. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
72898. Source=Paul Collins Startup list
72899.  
72900. [Sys**.exe [* = random char]]
72901. Number=10347
72902. Confirmed=X
72903. Filename=Sys**.exe [* = random char]
72904. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
72905. Source=Paul Collins Startup list
72906.  
72907. [Sys**32.exe [* = random char]]
72908. Number=10348
72909. Confirmed=X
72910. Filename=Sys**32.exe [* = random char]
72911. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
72912. Source=Paul Collins Startup list
72913.  
72914. [Sys-Stat]
72915. Number=10349
72916. Confirmed=X
72917. Filename=wuapdxe.exe
72918. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HK" target="_blank">SDBOT.HK</a> WORM!
72919. Source=Paul Collins Startup list
72920.  
72921. [sys008]
72922. Number=10350
72923. Confirmed=X
72924. Filename=sys008.exe
72925. Description=Hijacker, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagk.html" target=_blank>STARTPA-GK</a> TROJAN!
72926. Source=Paul Collins Startup list
72927.  
72928. [sys009]
72929. Number=10351
72930. Confirmed=X
72931. Filename=sys009.exe
72932. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpazb.html" target=_blank>STARTPA-ZB</a> TROJAN!
72933. Source=Paul Collins Startup list
72934.  
72935. [sys201]
72936. Number=10352
72937. Confirmed=X
72938. Filename=sys209.exe
72939. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpazy.html" target=_blank>STARTPA-ZY</a> TROJAN!
72940. Source=Paul Collins Startup list
72941.  
72942. [Sys29]
72943. Number=10353
72944. Confirmed=X
72945. Filename=win***32.exe [* = random char]
72946. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
72947. Source=Paul Collins Startup list
72948.  
72949. [sys32]
72950. Number=10354
72951. Confirmed=X
72952. Filename=sys32.exe
72953. Description=Added by the <a href="http://fr.trendmicro-europe.com/smb/security_info/ve_detail.php?VName=BKDR_FLUX.E" target=_blank>FLUX.E</a> TROJAN!
72954.  
72955. Source=Paul Collins Startup list
72956.  
72957. [sys32]
72958. Number=10355
72959. Confirmed=X
72960. Filename=sysx32.exe
72961. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kvexa.html" target=_blank>KVEX-A</a> VIRUS!
72962. Source=Paul Collins Startup list
72963.  
72964. [sys32cmd]
72965. Number=10356
72966. Confirmed=U
72967. Filename=sys32win.exe
72968. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
72969.  
72970. Source=Paul Collins Startup list
72971.  
72972. [sys32dll]
72973. Number=10357
72974. Confirmed=X
72975. Filename=sys32dll.exe
72976. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021614-4255-99" target=_blank>AIMDES.B</a> WORM!
72977. Source=Paul Collins Startup list
72978.  
72979. [sys32sql]
72980. Number=10358
72981. Confirmed=U
72982. Filename=sys32win.exe
72983. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
72984. Source=Paul Collins Startup list
72985.  
72986. [sys33]
72987. Number=10359
72988. Confirmed=X
72989. Filename=sys33.exe
72990. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwj.html" target="_blank">AGOBOT-WJ</a> WORM!
72991. Source=Paul Collins Startup list
72992.  
72993. [SysA]
72994. Number=10360
72995. Confirmed=X
72996. Filename=win***32.exe [* = random char]
72997. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware
72998. Source=Paul Collins Startup list
72999.  
73000. [SysAgent]
73001. Number=10361
73002. Confirmed=U
73003. Filename=SysAgent.exe
73004. Description=SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
73005. Source=Paul Collins Startup list
73006.  
73007. [SysAI]
73008. Number=10362
73009. Confirmed=X
73010. Filename=SysAI.exe
73011. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
73012. Source=Paul Collins Startup list
73013.  
73014. [SysATW]
73015. Number=10363
73016. Confirmed=X
73017. Filename=sysatw.exe
73018. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotam.html" target="_blank">VANEBOT-AM</a> WORM!
73019. Source=Paul Collins Startup list
73020.  
73021. [SysBkup]
73022. Number=10364
73023. Confirmed=U
73024. Filename=[path to file]
73025. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-101215-0327-99" target=blank>Keyspy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
73026. Source=Paul Collins Startup list
73027.  
73028. [Sysbot]
73029. Number=10365
73030. Confirmed=U
73031. Filename=sysbot.exe
73032. Description=<a href="http://www.spectorsoft.com/products/Spector_Windows/index.html" target="_blank">Spector</a> - spying (or monitoring) software to record internet activity
73033. Source=Paul Collins Startup list
73034.  
73035. [syscfg]
73036. Number=10366
73037. Confirmed=X
73038. Filename=syscfg32.exe
73039. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120215-1248-99" target="_blank">KWBOT.S</a> WORM!
73040. Source=Paul Collins Startup list
73041.  
73042. [syscfg34.exe]
73043. Number=10367
73044. Confirmed=X
73045. Filename=syscfg34.exe
73046. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-081509-0110-99" target="_blank">ELECTRON</a> WORM!
73047. Source=Paul Collins Startup list
73048.  
73049. [Syscheck]
73050. Number=10368
73051. Confirmed=X
73052. Filename=win.hta
73053. Description=Browser hijacker
73054. Source=Paul Collins Startup list
73055.  
73056. [syscheck]
73057. Number=10369
73058. Confirmed=X
73059. Filename=iexplorer.exe
73060. Description=Added by the AGENT.DM TROJAN!
73061. Source=Paul Collins Startup list
73062.  
73063. [sysclx]
73064. Number=10370
73065. Confirmed=X
73066. Filename=ntldrt.exe
73067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jloka.html" target=_blank>JLOK-A</a> WORM!
73068. Source=Paul Collins Startup list
73069.  
73070. [syscm]
73071. Number=10371
73072. Confirmed=X
73073. Filename=Syscm.exe
73074. Description=<a href="http://sarc.com/avcenter/venc/data/adware.vanish.html" target="_blank">Vanish</a> adware
73075. Source=Paul Collins Startup list
73076.  
73077. [SysComp]
73078. Number=10372
73079. Confirmed=?
73080. Filename=mssdnl.com
73081. Description=<font color="#FF0000">Unknown but suspect as *.com are not usually run at start up and the name isn't recognized</font>
73082. Source=Paul Collins Startup list
73083.  
73084. [syscon]
73085. Number=10373
73086. Confirmed=X
73087. Filename=syscon.exe
73088. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040815-0934-99" target=_blank>APRILCONE.A</a> WORM!
73089. Source=Paul Collins Startup list
73090.  
73091. [syscon lptt01]
73092. Number=10374
73093. Confirmed=X
73094. Filename=syscon.exe
73095. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
73096. Source=Paul Collins Startup list
73097.  
73098. [syscon ml097e]
73099. Number=10375
73100. Confirmed=X
73101. Filename=syscon.exe
73102. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syscon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
73103. Source=Paul Collins Startup list
73104.  
73105. [sysconfig]
73106. Number=10376
73107. Confirmed=X
73108. Filename=iexplorer.exe
73109. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040212-0414-99" target="_blank">CULT.C</a> WORM!
73110. Source=Paul Collins Startup list
73111.  
73112. [SysConfig]
73113. Number=10377
73114. Confirmed=X
73115. Filename=syscfg35.exe
73116. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-080210-2141-99" target="_blank">KAZMOR.C</a> WORM!
73117. Source=Paul Collins Startup list
73118.  
73119. [sysconfig]
73120. Number=10378
73121. Confirmed=X
73122. Filename=iexplorer.exe
73123. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082110-1254-99" target="_blank">CULT.H</a> WORM!
73124. Source=Paul Collins Startup list
73125.  
73126. [SysConfig]
73127. Number=10379
73128. Confirmed=X
73129. Filename=wincfg32.exe
73130. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD" target=_blank>SDBOT.ZD</a> WORM!
73131. Source=Paul Collins Startup list
73132.  
73133. [Sysconfig]
73134. Number=10380
73135. Confirmed=U
73136. Filename=Stealth KeySpy.exe
73137. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120312-0214-99" target= blank>StealthKeySpy</a> - keystroke logger/monitoring program - remove unless you installed it yourself!
73138. Source=Paul Collins Startup list
73139.  
73140. [Syscpy]
73141. Number=10381
73142. Confirmed=X
73143. Filename=Syscpy.exe
73144. Description=Firewall-bypassing, proxied spam relayer. Detected by Symantec as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102817-2820-99" target="_blank"> HOGLE</a> TROJAN!
73145. Source=Paul Collins Startup list
73146.  
73147. [SysCtl]
73148. Number=10382
73149. Confirmed=X
73150. Filename=sysctl.exe
73151. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99942.htm" target="_blank">AOK</a> TROJAN!
73152. Source=Paul Collins Startup list
73153.  
73154. [Sysctrls]
73155. Number=10383
73156. Confirmed=X
73157. Filename=procdll.exe
73158. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WEEDBOTZ.14&VSect=T" target="_blank">WEEDBOTZ.14</a> TROJAN!
73159. Source=Paul Collins Startup list
73160.  
73161. [Sysctrls]
73162. Number=10384
73163. Confirmed=X
73164. Filename=winupdate.exe
73165. Description=Added by an unidentified WORM or TROJAN!
73166. Source=Paul Collins Startup list
73167.  
73168. [sysdat.dll]
73169. Number=10385
73170. Confirmed=X
73171. Filename=sysdat.dll.exe
73172. Description=Added by the NISHICA 1.1 TROJAN!
73173. Source=Paul Collins Startup list
73174.  
73175. [SysData]
73176. Number=10386
73177. Confirmed=X
73178. Filename=[path to file]
73179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckba.html" target=_blank>RANCK-BA</a> TROJAN!
73180. Source=Paul Collins Startup list
73181.  
73182. [SysDeskqqfx]
73183. Number=10387
73184. Confirmed=X
73185. Filename=qqfx.exe
73186. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011817-0936-99" target=_blank>QQPASS.H</a> TROJAN!
73187. Source=Paul Collins Startup list
73188.  
73189. [SysDeskqqfx]
73190. Number=10388
73191. Confirmed=X
73192. Filename=Runddll32.exe
73193. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011817-4556-99" target=_blank>CHANGGAME</a> TROJAN!
73194. Source=Paul Collins Startup list
73195.  
73196. [SysDesktop]
73197. Number=10389
73198. Confirmed=X
73199. Filename=fswanQQ.exe
73200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqsenda.html" target=_blank>QQSEND-A</a> TROJAN!
73201. Source=Paul Collins Startup list
73202.  
73203. [sysdir]
73204. Number=10390
73205. Confirmed=X
73206. Filename=winrun.exe
73207. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
73208. Source=Paul Collins Startup list
73209.  
73210. [sysdll]
73211. Number=10391
73212. Confirmed=X
73213. Filename=[trojan filename]
73214. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-091110-1633-99" target=_blank>HUGESOT</a> TROJAN!
73215. Source=Paul Collins Startup list
73216.  
73217. [Sysdpt]
73218. Number=10392
73219. Confirmed=X
73220. Filename=sysdpt.exe
73221. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088371" target="_blank">CRYPT</a> trojan downloader
73222. Source=Paul Collins Startup list
73223.  
73224. [sysdxvid]
73225. Number=10393
73226. Confirmed=X
73227. Filename=sysdxvid.exe
73228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdlucas.html" target=_blank>DLUCA-S</a> TROJAN!
73229. Source=Paul Collins Startup list
73230.  
73231. [sysemls]
73232. Number=10394
73233. Confirmed=X
73234. Filename=sysem.exe
73235. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
73236. Source=Paul Collins Startup list
73237.  
73238. [SysEQ]
73239. Number=10395
73240. Confirmed=X
73241. Filename=svclgx32.exe
73242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotac.html" target=_blank>IRCBOT-AC</a> TROJAN!
73243. Source=Paul Collins Startup list
73244.  
73245. [sysfiler]
73246. Number=10396
73247. Confirmed=X
73248. Filename=sysfiler.exe
73249. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102615-0959-99" target="_blank">RETSAM</a> TROJAN!
73250. Source=Paul Collins Startup list
73251.  
73252. [SYSfit]
73253. Number=10397
73254. Confirmed=X
73255. Filename=SYSfit.exe
73256. Description=<a href="http://sarc.com/avcenter/venc/data/adware.adshooter.html" target=_blank>AdShooter</a> adware variant
73257. Source=Paul Collins Startup list
73258.  
73259. [sysflg32]
73260. Number=10398
73261. Confirmed=X
73262. Filename=sysflg32.exe
73263. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
73264. Source=Paul Collins Startup list
73265.  
73266. [sysformat]
73267. Number=10399
73268. Confirmed=X
73269. Filename=sysformat.exe
73270. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32baglebk.html" target=_blank>BAGLE-BK</a> WORM!
73271. Source=Paul Collins Startup list
73272.  
73273. [sysfrcx]
73274. Number=10400
73275. Confirmed=X
73276. Filename=sysfrcx.exe
73277. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99916.htm" target=_blank>KEYLOG-SCLOG</a> TROJAN!
73278. Source=Paul Collins Startup list
73279.  
73280. [syshelp]
73281. Number=10401
73282. Confirmed=X
73283. Filename=syshelp.exe
73284. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
73285. Source=Paul Collins Startup list
73286.  
73287. [sysin]
73288. Number=10402
73289. Confirmed=X
73290. Filename=[path to file]
73291. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdsrca.html" target=_blank>DSRC-A</a> TROJAN!
73292. Source=Paul Collins Startup list
73293.  
73294. [sysinfo]
73295. Number=10403
73296. Confirmed=X
73297. Filename=sysinfo.exe
73298. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-2958-99" target="_blank">BEDRILL</a> TROJAN!
73299. Source=Paul Collins Startup list
73300.  
73301. [sysinfo.exe]
73302. Number=10404
73303. Confirmed=X
73304. Filename=sysinfo.exe
73305. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032917-3237-99" target="_blank">BEAGLE.V</a> WORM!
73306. Source=Paul Collins Startup list
73307.  
73308. [SysInit]
73309. Number=10405
73310. Confirmed=X
73311. Filename=wininit32.exe
73312. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110912-5623-99" target="_blank">XABOT</a> WORM!
73313. Source=Paul Collins Startup list
73314.  
73315. [sysinit]
73316. Number=10406
73317. Confirmed=X
73318. Filename=services.exe
73319. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnewifrma.html" target="_blank">NEWLFRM-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "golumm" subfolder
73320. Source=Paul Collins Startup list
73321.  
73322. [Sysino]
73323. Number=10407
73324. Confirmed=X
73325. Filename=lsess.exe
73326. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbf.html" target=_blank>FORBOT-BF</a> WORM!
73327. Source=Paul Collins Startup list
73328.  
73329. [sysint16]
73330. Number=10408
73331. Confirmed=X
73332. Filename=sysint16.exe
73333. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcryptera.html" target="_blank">CRYPTER.A</a> TROJAN!
73334. Source=Paul Collins Startup list
73335.  
73336. [Syskey]
73337. Number=10409
73338. Confirmed=X
73339. Filename=sysinit.exe
73340. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111612-2714-99" target=_blank>BEAGLE.AX</a> WORM!
73341. Source=Paul Collins Startup list
73342.  
73343. [Syslib]
73344. Number=10410
73345. Confirmed=X
73346. Filename=Syslib.exe
73347. Description=Adult content related downloader trojan
73348. Source=Paul Collins Startup list
73349.  
73350. [Syslog lptt01]
73351. Number=10411
73352. Confirmed=X
73353. Filename=Syslog.exe
73354. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
73355. Source=Paul Collins Startup list
73356.  
73357. [Syslog ml097e]
73358. Number=10412
73359. Confirmed=X
73360. Filename=Syslog.exe
73361. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Syslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
73362. Source=Paul Collins Startup list
73363.  
73364. [syslogin.exe]
73365. Number=10413
73366. Confirmed=X
73367. Filename=syslogin.exe
73368. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagzb.html" target="_blank">BAGZ-B</a> WORM!
73369. Source=Paul Collins Startup list
73370.  
73371. [Sysman]
73372. Number=10414
73373. Confirmed=U
73374. Filename=Sysman.exe
73375. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060113-5958-99" target="_blank">KeyTrap</a> is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
73376. Source=Paul Collins Startup list
73377.  
73378. [sysme]
73379. Number=10415
73380. Confirmed=X
73381. Filename=sysme.exe
73382. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453080472" target=_blank>PSW_STEALER_C</a> TROJAN!
73383.  
73384. Source=Paul Collins Startup list
73385.  
73386. [sysmem]
73387. Number=10416
73388. Confirmed=X
73389. Filename=mmsete.exe
73390. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060416-5102-99" target=_blank>NOPIR.C</a> WORM!
73391. Source=Paul Collins Startup list
73392.  
73393. [sysmem]
73394. Number=10417
73395. Confirmed=X
73396. Filename=outlookrem.exe
73397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nopirc.html" target=_blank>NOPIR-C</a> WORM!
73398. Source=Paul Collins Startup list
73399.  
73400. [SysMemory manager]
73401. Number=10418
73402. Confirmed=X
73403. Filename=mdms.exe
73404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcimuzd.html" target=_blank>CIMUZ-D</a> TROJAN!
73405. Source=Paul Collins Startup list
73406.  
73407. [SysMetrix]
73408. Number=10419
73409. Confirmed=U
73410. Filename=SysMetrix.exe
73411. Description=<a href="http://www.xymantix.com/sysmetrix/" target="_blank">SysMetrix</a> - skinnable clock and metering application. It monitors and reports on a great number of statistics
73412. Source=Paul Collins Startup list
73413.  
73414. [sysMett1]
73415. Number=10420
73416. Confirmed=X
73417. Filename=explorer.exe
73418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiry.html" target=_blank>LEGMIR-Y</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
73419. Source=Paul Collins Startup list
73420.  
73421. [sysmini]
73422. Number=10421
73423. Confirmed=X
73424. Filename=sysmini.exe
73425. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098988" target="_blank">ADLOAD.DD</a> TROJAN!
73426. Source=Paul Collins Startup list
73427.  
73428. [sysmngr32]
73429. Number=10422
73430. Confirmed=X
73431. Filename=sys64mnger.exe
73432. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
73433. Source=Paul Collins Startup list
73434.  
73435. [sysmntrc]
73436. Number=10423
73437. Confirmed=X
73438. Filename=sysmntrc.exe
73439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosfx.html" target=_blank>BANCOS-FX</a> TROJAN!
73440. Source=Paul Collins Startup list
73441.  
73442. [sysmod]
73443. Number=10424
73444. Confirmed=X
73445. Filename=sysmod.exe
73446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdu.html" target=_blank>SPYBOT-DU</a> WORM!
73447. Source=Paul Collins Startup list
73448.  
73449. [sysmon]
73450. Number=10425
73451. Confirmed=X
73452. Filename=sysmon.exe
73453. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022410-5040-99" target="_blank">BIZEX</a> WORM!
73454. Source=Paul Collins Startup list
73455.  
73456. [Sysmon]
73457. Number=10426
73458. Confirmed=X
73459. Filename=rpcmon.exe
73460. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062812-2127-99" target="_blank">RANDEX.ATX</a> WORM!
73461. Source=Paul Collins Startup list
73462.  
73463. [sysmon]
73464. Number=10427
73465. Confirmed=X
73466. Filename=sysmon44.exe
73467. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_122468.htm" target=_blank>BACKDOOR-CBA</a> TROJAN!
73468. Source=Paul Collins Startup list
73469.  
73470. [SysMon]
73471. Number=10428
73472. Confirmed=X
73473. Filename=wowexece.exe
73474. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmulana.html" target="_blank">MULAN-A</a> TROJAN!
73475. Source=Paul Collins Startup list
73476.  
73477. [Sysmon]
73478. Number=10429
73479. Confirmed=X
73480. Filename=SystemMonitor.exe
73481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nujamaa.html" target="_blank">NUJAMA-A</a> WORM!
73482. Source=Paul Collins Startup list
73483.  
73484. [sysmon12]
73485. Number=10430
73486. Confirmed=X
73487. Filename=[various filenames]
73488. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
73489. Source=Paul Collins Startup list
73490.  
73491. [SysmonLog]
73492. Number=10431
73493. Confirmed=X
73494. Filename=mslog.exe
73495. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.AOV" target="_blank">AGENT.AOV</a> TROJAN!
73496. Source=Paul Collins Startup list
73497.  
73498. [sysmonnt]
73499. Number=10432
73500. Confirmed=X
73501. Filename=sysmonnt.exe
73502. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.searchpounder.html" target=_blank>SearchPounder</a> sends keywords typed into HTML forms and popular Internet search engines to a remote server
73503. Source=Paul Collins Startup list
73504.  
73505. [SysMonXP]
73506. Number=10433
73507. Confirmed=X
73508. Filename=SysMonXP.exe
73509. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032913-5722-99" target="_blank">NETSKY.Q</a> WORM!
73510. Source=Paul Collins Startup list
73511.  
73512. [sysnate]
73513. Number=10434
73514. Confirmed=X
73515. Filename=sysnate.exe
73516. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032713-0001-99" target="_blank">MEDIAS</a> TROJAN!
73517. Source=Paul Collins Startup list
73518.  
73519. [Sysnet]
73520. Number=10435
73521. Confirmed=X
73522. Filename=snuninst.exe
73523. Description=Unidentified adware
73524. Source=Paul Collins Startup list
73525.  
73526. [sysnet]
73527. Number=10436
73528. Confirmed=X
73529. Filename=sysnet.exe
73530. Description=CasClient adware - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
73531. Source=Paul Collins Startup list
73532.  
73533. [sysobj.exe]
73534. Number=10437
73535. Confirmed=X
73536. Filename=sysobj.exe
73537. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
73538. Source=Paul Collins Startup list
73539.  
73540. [SysOps]
73541. Number=10438
73542. Confirmed=X
73543. Filename=SysOps
73544. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031015-0733-99" target="_blank">MSNCORRUPT</a> TROJAN!
73545. Source=Paul Collins Startup list
73546.  
73547. [syspare]
73548. Number=10439
73549. Confirmed=X
73550. Filename=syspare.exe
73551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbifrosean.html" target=_blank>BIFROSE-AN</a> TROJAN!
73552. Source=Paul Collins Startup list
73553.  
73554. [syspath]
73555. Number=10440
73556. Confirmed=X
73557. Filename=drv.exe
73558. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102410-5713-99" target="_blank">SOBER</a> WORM!
73559. Source=Paul Collins Startup list
73560.  
73561. [sysPersonalFirewall]
73562. Number=10441
73563. Confirmed=X
73564. Filename=msnmssgr.exe
73565. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
73566. Source=Paul Collins Startup list
73567.  
73568. [sysPersonalFirewall]
73569. Number=10442
73570. Confirmed=X
73571. Filename=system.exe
73572. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.FH&VSect=P" target=_blank>WOOTBOT.FH</a> WORM!
73573. Source=Paul Collins Startup list
73574.  
73575. [sysPersonalFirewall]
73576. Number=10443
73577. Confirmed=X
73578. Filename=tskm0nitor.exe
73579. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
73580. Source=Paul Collins Startup list
73581.  
73582. [SysPilot]
73583. Number=10444
73584. Confirmed=U
73585. Filename=fdxxl.exe
73586. Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see <a href="http://archiv.chip.de/artikel/c1_archiv_artikel_17080599.html" target="_blank">here</a>. Disable/remove if you didn't install it yourself!
73587. Source=Paul Collins Startup list
73588.  
73589. [sysPnP]
73590. Number=10445
73591. Confirmed=X
73592. Filename=bootconf.exe
73593. Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example <a href="http://boards.cexx.org/viewtopic.php?p=2464#2464" target="_blank"> here</a>
73594. Source=Paul Collins Startup list
73595.  
73596. [SysPnP]
73597. Number=10446
73598. Confirmed=X
73599. Filename=rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf
73600. Description=Search hijacker - see <a href="http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=8643&st=0&#entry60560" target="_blank"> here</a>
73601. Source=Paul Collins Startup list
73602.  
73603. [syspol]
73604. Number=10447
73605. Confirmed=X
73606. Filename=syspol.exe
73607. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdremnb.html" target=_blank>DREMN-B</a> TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
73608. Source=Paul Collins Startup list
73609.  
73610. [SysPool]
73611. Number=10448
73612. Confirmed=Y
73613. Filename=Mssvc.exe
73614. Description=<a href="http://www.invisicom.com/index.asp" target="_blank">StealthDisk</a> - hides folders, files and applications. Will also encrypt them for better protection
73615. Source=Paul Collins Startup list
73616.  
73617. [SysPool]
73618. Number=10449
73619. Confirmed=X
73620. Filename=MSSVC32.EXE
73621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanio.html" target=_blank>BANCBAN-IO</a> TROJAN!
73622. Source=Paul Collins Startup list
73623.  
73624. [SysProtect]
73625. Number=10450
73626. Confirmed=X
73627. Filename=System.exe
73628. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY" target="_blank">NETSPY</a> TROJAN!
73629. Source=Paul Collins Startup list
73630.  
73631. [SysProtect]
73632. Number=10451
73633. Confirmed=X
73634. Filename=syp.exe
73635. Description=SysProtect is detected as a "potentially unwanted program". It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed. Many of the "invalid" items found appear suspect. This has been reported to be distributed in wild via trojan Vundo. Other incarnations of this software exist with the same model and similar web presences (for example WinFixer). For more information see <a href="http://vil.nai.com/vil/content/v_139167.htm" target=_blank>here</a>
73636.  
73637. Source=Paul Collins Startup list
73638.  
73639. [syspw32.exe]
73640. Number=10452
73641. Confirmed=X
73642. Filename=syspw32.exe
73643. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060216-0504-99" target=_blank>APPFLET.A</a> WORM!
73644. Source=Paul Collins Startup list
73645.  
73646. [Sysqq]
73647. Number=10453
73648. Confirmed=X
73649. Filename=LSESS.exe
73650. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbf.html" target=_blank>FORBOT-BF</a> WORM!
73651. Source=Paul Collins Startup list
73652.  
73653. [SysR]
73654. Number=10454
73655. Confirmed=X
73656. Filename=sysmd.exe
73657. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042610-2151-99" target=_blank>Ulubione</a> adult content dialer
73658. Source=Paul Collins Startup list
73659.  
73660. [SysReg]
73661. Number=10455
73662. Confirmed=X
73663. Filename=SysReg.exe
73664. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062413-1325-99" target="_blank">CHEKIN</a> TROJAN!
73665. Source=Paul Collins Startup list
73666.  
73667. [SysReg]
73668. Number=10456
73669. Confirmed=X
73670. Filename=SysReg.exe
73671. Description=<a href="http://searchseekfind.com/" target="_blank">SearchSeekFind</a> textual marketing foistware
73672. Source=Paul Collins Startup list
73673.  
73674. [Sysres]
73675. Number=10457
73676. Confirmed=X
73677. Filename=Sysres.exe
73678. Description=Added by the <a href="httphttp://www.viruslist.com/en/viruslist.html?id=51465" target="_blank">LOGMOD.A</a> TROJAN!
73679. Source=Paul Collins Startup list
73680.  
73681. [SysRes]
73682. Number=10458
73683. Confirmed=X
73684. Filename=TASKMANAGER.exe
73685. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022718-0647-99" target= blank>ELIPTER.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031010-2242-99" target= blank>ELIPTER.B</a> WORMS!
73686. Source=Paul Collins Startup list
73687.  
73688. [SysRes]
73689. Number=10459
73690. Confirmed=X
73691. Filename=WWE DIVAS.exe
73692. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4252-99" target=_blank>ELIPTER.D</a> WORM!
73693. Source=Paul Collins Startup list
73694.  
73695. [SysRes]
73696. Number=10460
73697. Confirmed=X
73698. Filename=IExpIore .exe
73699. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032516-4935-99" target=_blank>ELITPER.E</a> WORM!
73700. Source=Paul Collins Startup list
73701.  
73702. [Syss]
73703. Number=10461
73704. Confirmed=X
73705. Filename=ehuupdate.exe
73706. Description=<a href="http://www.sophos.com/virusinfo/analyses/ehu.html" target="_blank">EHU</a> adware
73707. Source=Paul Collins Startup list
73708.  
73709. [SysScan]
73710. Number=10462
73711. Confirmed=X
73712. Filename=bvt.exe
73713. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
73714. Source=Paul Collins Startup list
73715.  
73716. [SysSearch]
73717. Number=10463
73718. Confirmed=X
73719. Filename=Regedit.exe -s [path] pcsearch.reg
73720. Description=Added by the <a href="http://vil.nai.com/vil/content/v_130084.htm" target=_blank>StartPage-FN</a> browser hijacker
73721. Source=Paul Collins Startup list
73722.  
73723. [SysSearch]
73724. Number=10464
73725. Confirmed=X
73726. Filename=REGEDIT.EXE -s [path] sysreg.reg
73727. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpame.html" target=_blank>STARTPA-ME</a> TROJAN!
73728. Source=Paul Collins Startup list
73729.  
73730. [SysSense]
73731. Number=10465
73732. Confirmed=U
73733. Filename=SysSense.exe
73734. Description="<a href="http://www.singerscreations.com/AboutSysSense.asp" target="_blank">SysSense</a> is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray". Google AdSense account required
73735. Source=Paul Collins Startup list
73736.  
73737. [sysser]
73738. Number=10466
73739. Confirmed=X
73740. Filename=[path to file]
73741. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010614-1404-99" target=_blank>RAHACK</a> WORM!
73742. Source=Paul Collins Startup list
73743.  
73744. [SysService]
73745. Number=10467
73746. Confirmed=X
73747. Filename=SysService.exe
73748. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050207-0707-99" target="_blank">DELF</a> family of TROJANS!
73749. Source=Paul Collins Startup list
73750.  
73751. [SysService]
73752. Number=10468
73753. Confirmed=U
73754. Filename=SERVICES.EXE
73755. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-2510-99" target=blank>NSKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
73756. Source=Paul Collins Startup list
73757.  
73758. [SysService32]
73759. Number=10469
73760. Confirmed=X
73761. Filename=SysService32.exe
73762. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
73763. Source=Paul Collins Startup list
73764.  
73765. [SysService32]
73766. Number=10470
73767. Confirmed=X
73768. Filename=ln32k.dll
73769. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100207.htm" target="_blank">KINDAL</a> VIRUS!
73770. Source=Paul Collins Startup list
73771.  
73772. [SysService32l]
73773. Number=10471
73774. Confirmed=X
73775. Filename=systask32l.exe
73776. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102515-4749-99" target="_blank">THEUG</a> WORM!
73777. Source=Paul Collins Startup list
73778.  
73779. [SYSsfitb]
73780. Number=10472
73781. Confirmed=X
73782. Filename=SYSsfitb.exe
73783. Description=Searchforit browser hijacker
73784. Source=Paul Collins Startup list
73785.  
73786. [SySSL]
73787. Number=10473
73788. Confirmed=X
73789. Filename=sysl.exe
73790. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotckh.html" target="_blank">RBOT-CKH</a> WORM!
73791. Source=Paul Collins Startup list
73792.  
73793. [SysStart]
73794. Number=10474
73795. Confirmed=X
73796. Filename=***sysi6.exe [* = random char]
73797. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be jdisysi6.exe, hjisysi6.exe, ffgsysi6.exe but there are others
73798. Source=Paul Collins Startup list
73799.  
73800. [SysStart]
73801. Number=10475
73802. Confirmed=X
73803. Filename=1.exe
73804. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
73805. Source=Paul Collins Startup list
73806.  
73807. [SysStart]
73808. Number=10476
73809. Confirmed=X
73810. Filename=[adware filename]
73811. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
73812. Source=Paul Collins Startup list
73813.  
73814. [SysStrt]
73815. Number=10477
73816. Confirmed=X
73817. Filename=systemc.exe
73818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqa.html" target=_blank>AGOBOT-QA</a> TROJAN!
73819. Source=Paul Collins Startup list
73820.  
73821. [syst]
73822. Number=10478
73823. Confirmed=X
73824. Filename=syst.exe
73825. Description=Added by the <a href="http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_DUMB.A" target=_blank>DUMB.A</a> "Joke" virus
73826. Source=Paul Collins Startup list
73827.  
73828. [System]
73829. Number=10479
73830. Confirmed=X
73831. Filename=run322.exe
73832. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112018-0550-99" target="_blank">LANFILT</a> TROJAN!
73833. Source=Paul Collins Startup list
73834.  
73835. [System]
73836. Number=10480
73837. Confirmed=X
73838. Filename=system.exe
73839. Description=Added by various WORMS and TROJANS!
73840. Source=Paul Collins Startup list
73841.  
73842. [system]
73843. Number=10481
73844. Confirmed=X
73845. Filename=regedit -s system.dll
73846. Description=Homepage hijacker
73847. Source=Paul Collins Startup list
73848.  
73849. [system]
73850. Number=10482
73851. Confirmed=X
73852. Filename=systemsearch.hta
73853. Description=Jetseeker.com hijacker
73854. Source=Paul Collins Startup list
73855.  
73856. [System]
73857. Number=10483
73858. Confirmed=X
73859. Filename=dcomx.exe
73860. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080214-3019-99" target="_blank">CIREBOT</a> TROJAN!
73861. Source=Paul Collins Startup list
73862.  
73863. [system]
73864. Number=10484
73865. Confirmed=X
73866. Filename=Explorer.exe
73867. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99" target="_blank">GRAYBIRD</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
73868. Source=Paul Collins Startup list
73869.  
73870. [System]
73871. Number=10485
73872. Confirmed=X
73873. Filename=YPager.exe
73874. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K" target="_blank">JUNTADOR.K</a> TROJAN! Note - this is not Yahoo! Messenger
73875. Source=Paul Collins Startup list
73876.  
73877. [system]
73878. Number=10486
73879. Confirmed=X
73880. Filename=outlook.exe
73881. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012614-3738-99" target=_blank>MIMAIL.Q</a> WORM! Note that the valid MS Outlook executeable is located in the Program Files\Microsoft Office\Office directory wheras this one is found in the Windows or Winnt directory
73882. Source=Paul Collins Startup list
73883.  
73884. [System]
73885. Number=10487
73886. Confirmed=X
73887. Filename=Atira.exe
73888. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041311-1933-99" target="_blank">KOTIRA</a> VIRUS!
73889. Source=Paul Collins Startup list
73890.  
73891. [SYSTEM]
73892. Number=10488
73893. Confirmed=X
73894. Filename=lsas.exe
73895. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ" target="_blank">SPYBOT.CJ</a> WORM!
73896. Source=Paul Collins Startup list
73897.  
73898. [System]
73899. Number=10489
73900. Confirmed=X
73901. Filename=kernels32.exe
73902. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html" target="_blank">DLOADER-FC</a> TROJAN!
73903. Source=Paul Collins Startup list
73904.  
73905. [System]
73906. Number=10490
73907. Confirmed=U
73908. Filename=sysctrl.exe
73909. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080913-4600-99" target=_blank>WinGuardian</a>. Note - this <a href="http://www.spywareguide.com/product_show.php?id=27" target=_blank>commercial keylogger</a> is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware
73910. Source=Paul Collins Startup list
73911.  
73912. [System]
73913. Number=10491
73914. Confirmed=X
73915. Filename=csrss.exe
73916. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032309-2945-99" target=_blank>LDPINCH.E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
73917. Source=Paul Collins Startup list
73918.  
73919. [System]
73920. Number=10492
73921. Confirmed=X
73922. Filename=svchost.exe
73923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchau.html" target=_blank>LDPINCH-AU</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
73924. Source=Paul Collins Startup list
73925.  
73926. [system]
73927. Number=10493
73928. Confirmed=X
73929. Filename=lsasse.exe
73930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyl.html" target= blank>RBOT-YL</a> WORM!
73931. Source=Paul Collins Startup list
73932.  
73933. [System]
73934. Number=10494
73935. Confirmed=X
73936. Filename=systray.exe
73937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpisaboya.html" target= blank>PISABOY-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
73938. Source=Paul Collins Startup list
73939.  
73940. [System]
73941. Number=10495
73942. Confirmed=X
73943. Filename=abcdefg.exe
73944. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32harwigb.html" target=_blank>HARWIG-B</a> WORM!
73945. Source=Paul Collins Startup list
73946.  
73947. [System]
73948. Number=10496
73949. Confirmed=X
73950. Filename=cber.exe
73951. Description=Added by an unidentified TROJAN!
73952. Source=Paul Collins Startup list
73953.  
73954. [System]
73955. Number=10497
73956. Confirmed=X
73957. Filename=serwin.exe
73958. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbn.html" target=_blank>LDPINCH-BN</a> TROJAN!
73959. Source=Paul Collins Startup list
73960.  
73961. [System]
73962. Number=10498
73963. Confirmed=X
73964. Filename=svchεst.exe
73965. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchbf.html" target=_blank>LDPINCH-BF</a> TROJAN!
73966. Source=Paul Collins Startup list
73967.  
73968. [System]
73969. Number=10499
73970. Confirmed=X
73971. Filename=system.exe (74295303)
73972. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbiu.html" target=_blank>IU</a> WORM!
73973. Source=Paul Collins Startup list
73974.  
73975. [System]
73976. Number=10500
73977. Confirmed=X
73978. Filename=WINL0G0N.EXE
73979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdb.html" target=_blank>BANCOS-DB</a> TROJAN!
73980. Source=Paul Collins Startup list
73981.  
73982. [System]
73983. Number=10501
73984. Confirmed=X
73985. Filename=wumgrd32.exe
73986. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
73987. Source=Paul Collins Startup list
73988.  
73989. [System]
73990. Number=10502
73991. Confirmed=X
73992. Filename=SPOOLSU.EXE
73993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfc.html" target=_blank>BANKER-FC</a> TROJAN!
73994. Source=Paul Collins Startup list
73995.  
73996. [System]
73997. Number=10503
73998. Confirmed=X
73999. Filename=system23.exe
74000. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lebreatd.html" target=_blank>LEBREAT-D</a> WORM!
74001. Source=Paul Collins Startup list
74002.  
74003. [System]
74004. Number=10504
74005. Confirmed=X
74006. Filename=windowsps.exe
74007. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74008. Source=Paul Collins Startup list
74009.  
74010. [SYSTEM]
74011. Number=10505
74012. Confirmed=X
74013. Filename=d.exe
74014. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LP&VSect=P" target=_blank>MYTOB.LP</a> WORM!
74015. Source=Paul Collins Startup list
74016.  
74017. [System]
74018. Number=10506
74019. Confirmed=X
74020. Filename=inetinfo.exe
74021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpardropa.html" target=_blank>PARDROP-A</a> TROJAN!
74022. Source=Paul Collins Startup list
74023.  
74024. [system]
74025. Number=10507
74026. Confirmed=X
74027. Filename=services.exe
74028. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelflq.html" target=_blank>DELF-LQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "HELP" subfolder of the Windows or Winnt folder
74029. Source=Paul Collins Startup list
74030.  
74031. [SYSTEM]
74032. Number=10508
74033. Confirmed=X
74034. Filename=VSSMON.exe
74035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaww.html" target=_blank>RBOT-AWW</a> TROJAN!
74036. Source=Paul Collins Startup list
74037.  
74038. [SYSTEM]
74039. Number=10509
74040. Confirmed=X
74041. Filename=wiinlogon.exe
74042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavh.html" target=_blank>RBOT-AVG</a> WORM!
74043. Source=Paul Collins Startup list
74044.  
74045. [System]
74046. Number=10510
74047. Confirmed=X
74048. Filename=kernels64.exe
74049. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvixups.html" target=_blank>VIXUP-S</a> TROJAN!
74050. Source=Paul Collins Startup list
74051.  
74052. [system]
74053. Number=10511
74054. Confirmed=X
74055. Filename=lsass.exe
74056. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-010416-2601-99" target=_blank>SATILOLER.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\system folder
74057. Source=Paul Collins Startup list
74058.  
74059. [System]
74060. Number=10512
74061. Confirmed=X
74062. Filename=smss.exe
74063. Description=Added by the AGENT.AEP TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
74064. Source=Paul Collins Startup list
74065.  
74066. [System]
74067. Number=10513
74068. Confirmed=X
74069. Filename=winupd.exe
74070. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
74071. Source=Paul Collins Startup list
74072.  
74073. [system]
74074. Number=10514
74075. Confirmed=X
74076. Filename=messenger.exe
74077. Description=Added by an unidentified WORM or TROJAN!
74078. Source=Paul Collins Startup list
74079.  
74080. [System]
74081. Number=10515
74082. Confirmed=X
74083. Filename=kernels1118.exe
74084. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
74085. Source=Paul Collins Startup list
74086.  
74087. [System]
74088. Number=10516
74089. Confirmed=X
74090. Filename=wsscntfy.exe
74091. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
74092. Source=Paul Collins Startup list
74093.  
74094. [SYSTEM]
74095. Number=10517
74096. Confirmed=X
74097. Filename=windmupdr.exe
74098. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
74099. Source=Paul Collins Startup list
74100.  
74101. [system]
74102. Number=10518
74103. Confirmed=X
74104. Filename=svcr.exe
74105. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.SpyOne&threatid=48351" target="_blank">SPYONE</a> TROJAN!
74106. Source=Paul Collins Startup list
74107.  
74108. [System]
74109. Number=10519
74110. Confirmed=X
74111. Filename=kernels88.exe
74112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibspp.html" target="_blank">TIBS-PP</a> TROJAN!
74113. Source=Paul Collins Startup list
74114.  
74115. [System]
74116. Number=10520
74117. Confirmed=X
74118. Filename=kernels8.exe
74119. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_TIBS.AI" target="_blank">TIBS.AI</a> TROJAN!
74120. Source=Paul Collins Startup list
74121.  
74122. [System]
74123. Number=10521
74124. Confirmed=X
74125. Filename=OeApi.vbs 
74126. Description=Added by the <a href="http://vil.nai.com/vil/content/v_141677.htm" target="_blank">AGUI</a> WORM!
74127. Source=Paul Collins Startup list
74128.  
74129. [System]
74130. Number=10522
74131. Confirmed=X
74132. Filename=Updaterun.exe
74133. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqhelpdx.html" target="_blank">QQHELP-DX</a> TROJAN!
74134. Source=Paul Collins Startup list
74135.  
74136. [System]
74137. Number=10523
74138. Confirmed=X
74139. Filename=Zap.exe
74140. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
74141. Source=Paul Collins Startup list
74142.  
74143. [System 64 Driver for Games]
74144. Number=10524
74145. Confirmed=X
74146. Filename=sys64dvr.exe
74147. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
74148. Source=Paul Collins Startup list
74149.  
74150. [System Applications Profile]
74151. Number=10525
74152. Confirmed=X
74153. Filename=sap.exe
74154. Description=Added by the <a href="http://www.sophos.com.au/virusinfo/analyses/w32rbotqf.html" target=_blank>RBOT-QF</a> WORM!
74155. Source=Paul Collins Startup list
74156.  
74157. [System Backup]
74158. Number=10526
74159. Confirmed=X
74160. Filename=msystem.exe
74161. Description=Adult content dialler
74162. Source=Paul Collins Startup list
74163.  
74164. [System backup]
74165. Number=10527
74166. Confirmed=X
74167. Filename=[random filename]
74168. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042517-0213-99" target=_blank>ADMINCASH.B</a> TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on
74169. Source=Paul Collins Startup list
74170.  
74171. [System Backup Services]
74172. Number=10528
74173. Confirmed=X
74174. Filename=backups32.exe
74175. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74176. Source=Paul Collins Startup list
74177.  
74178. [System Boot Check]
74179. Number=10529
74180. Confirmed=X
74181. Filename=sysload3.exe
74182. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-040106-1154-99" target="_blank">FUBALCA</a> WORM!
74183. Source=Paul Collins Startup list
74184.  
74185. [System Buffer Application]
74186. Number=10530
74187. Confirmed=X
74188. Filename=buffer32.exe
74189. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotud.html" target=_blank>SDBOT-UD</a> WORM!
74190. Source=Paul Collins Startup list
74191.  
74192. [System Cache]
74193. Number=10531
74194. Confirmed=X
74195. Filename=SysCache.exe
74196. Description=Added by an unidentified VIRUS, WORM or TROJAN!
74197. Source=Paul Collins Startup list
74198.  
74199. [System Check]
74200. Number=10532
74201. Confirmed=U
74202. Filename=Rundll32.exe SysDll32.dll, SystemCheck
74203. Description=<a href="http://www.x-pcsoft.com/" target=blank>XPCSpy Pro</a> keystroke logger/monitoring program - remove unless you installed it yourself!
74204.  
74205. Source=Paul Collins Startup list
74206.  
74207. [system check]
74208. Number=10533
74209. Confirmed=X
74210. Filename=updater.exe
74211. Description=Unidentified adware downloader
74212. Source=Paul Collins Startup list
74213.  
74214. [System Check]
74215. Number=10534
74216. Confirmed=X
74217. Filename=win_klr32.exe
74218. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delfdra.html" target="_blank">DELF-DRA</a> WORM!
74219. Source=Paul Collins Startup list
74220.  
74221. [System Checking]
74222. Number=10535
74223. Confirmed=X
74224. Filename=wasul.exe
74225. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHM&VSect=P" target=_blank>RBOT.BHM</a> WORM!
74226. Source=Paul Collins Startup list
74227.  
74228. [System Config]
74229. Number=10536
74230. Confirmed=X
74231. Filename=BF3.EXE
74232. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdt.html" target=_blank>SPYBOT-DT</a> WORM!
74233. Source=Paul Collins Startup list
74234.  
74235. [System Config Manager]
74236. Number=10537
74237. Confirmed=X
74238. Filename=crss.exe
74239. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH" target="_blank">AGOBOT.GH</a> WORM!
74240. Source=Paul Collins Startup list
74241.  
74242. [System Config Manager]
74243. Number=10538
74244. Confirmed=X
74245. Filename=smssl.exe
74246. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzj.html" target=_blank>AGOBOT-ZJ</a> WORM!
74247. Source=Paul Collins Startup list
74248.  
74249. [System Configuration]
74250. Number=10539
74251. Confirmed=X
74252. Filename=iexplore.exe
74253. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111016-1733-99" target=_blank>RANDEX.AD</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
74254. Source=Paul Collins Startup list
74255.  
74256. [System Configuration]
74257. Number=10540
74258. Confirmed=X
74259. Filename=syscfg32.exe
74260. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061019-1318-99" target=_blank>MYTOB.EA</a> WORM!
74261. Source=Paul Collins Startup list
74262.  
74263. [system configure]
74264. Number=10541
74265. Confirmed=X
74266. Filename=svchost.exe
74267. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target=_blank>LINEAGE-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
74268. Source=Paul Collins Startup list
74269.  
74270. [System CPL manager]
74271. Number=10542
74272. Confirmed=X
74273. Filename=[random filename]
74274. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsr.html" target= blank>RBOT-SR</a> WORM!
74275. Source=Paul Collins Startup list
74276.  
74277. [System CSRSS Patch]
74278. Number=10543
74279. Confirmed=X
74280. Filename=scrtkfg.exe
74281. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotada.html" target=_blank>RBOT-ADA</a> WORM!
74282. Source=Paul Collins Startup list
74283.  
74284. [System Database administration]
74285. Number=10544
74286. Confirmed=X
74287. Filename=systemDA.exe
74288. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021913-2154-99" target=_blank>DERDERO.B</a> WORM!
74289. Source=Paul Collins Startup list
74290.  
74291. [System Database Administration Support Process]
74292. Number=10545
74293. Confirmed=X
74294. Filename=sysdasp.exe
74295. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021916-1802-99" target=_blank>DERDERO.C</a> WORM!
74296. Source=Paul Collins Startup list
74297.  
74298. [System Diagnostics]
74299. Number=10546
74300. Confirmed=X
74301. Filename=sysdiag32.exe
74302. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN!
74303. Source=Paul Collins Startup list
74304.  
74305. [System DLF]
74306. Number=10547
74307. Confirmed=N
74308. Filename=cpqdiaga.exe
74309. Description=Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
74310. Source=Paul Collins Startup list
74311.  
74312. [System DLL Resources]
74313. Number=10548
74314. Confirmed=U
74315. Filename=sysdll.exe
74316. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.snapkey.html" target=_blank>SnapKey</a> is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself
74317. Source=Paul Collins Startup list
74318.  
74319. [System Document Application]
74320. Number=10549
74321. Confirmed=X
74322. Filename=nmod.exe
74323. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html" target=_blank>SDBOT-ABB</a> WORM!
74324. Source=Paul Collins Startup list
74325.  
74326. [System Document Application]
74327. Number=10550
74328. Confirmed=X
74329. Filename=msdocument.exe
74330. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021416-0418-99" target=_blank>RANDEX.COX</a> WORM!
74331. Source=Paul Collins Startup list
74332.  
74333. [System Document Application]
74334. Number=10551
74335. Confirmed=X
74336. Filename=wins.exe
74337. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AUB&VSect=T" target=_blank>SDBOT.AUB</a> WORM!
74338. Source=Paul Collins Startup list
74339.  
74340. [System Download Manager]
74341. Number=10552
74342. Confirmed=X
74343. Filename=SysMgr.exe
74344. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CIG" target="_blank">RBOT.CIG</a> WORM!
74345. Source=Paul Collins Startup list
74346.  
74347. [System driver]
74348. Number=10553
74349. Confirmed=X
74350. Filename=Messenger.exe
74351. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GI" target="_blank">WOOTBOT.GI</a> WORM!
74352. Source=Paul Collins Startup list
74353.  
74354. [System Drivers]
74355. Number=10554
74356. Confirmed=X
74357. Filename=wingmt.exe
74358. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotmg.html" target=_blank>SDBOT-MG</a> WORM!
74359. Source=Paul Collins Startup list
74360.  
74361. [System Drivers]
74362. Number=10555
74363. Confirmed=X
74364. Filename=cpsq32.exe
74365. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXH&VSect=T" target=_blank>SDBOT.AXH</a> WORM!
74366. Source=Paul Collins Startup list
74367.  
74368. [System Efficiency Monitor]
74369. Number=10556
74370. Confirmed=X
74371. Filename=mscedit32.exe
74372. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081909-4452-99" target="_blank">SDBOT.P</a> TROJAN!
74373. Source=Paul Collins Startup list
74374.  
74375. [System Efficiency Monitor]
74376. Number=10557
74377. Confirmed=X
74378. Filename=mscommand.exe
74379. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082716-2317-99" target="_blank">KWBOT.P</a> WORM!
74380. Source=Paul Collins Startup list
74381.  
74382. [System Efficiency Monitor]
74383. Number=10558
74384. Confirmed=X
74385. Filename=msedit32.exe
74386. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stephb.html" target="_blank">STEPH-B</a> WORM!
74387. Source=Paul Collins Startup list
74388.  
74389. [System Event Manager]
74390. Number=10559
74391. Confirmed=X
74392. Filename=secsvc.exe
74393. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMY&VSect=T" target=_blank>RBOT.BMY</a> WORM!
74394. Source=Paul Collins Startup list
74395.  
74396. [System Executable DLL Library]
74397. Number=10560
74398. Confirmed=X
74399. Filename=EXECDLL32.exe
74400. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120410-0857-99" target="_blank">RANDEX.AZ</a> WORM!
74401. Source=Paul Collins Startup list
74402.  
74403. [System Failure Statistic]
74404. Number=10561
74405. Confirmed=X
74406. Filename=cnstat.exe
74407. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlf.html" target="_blank">RBOT-LF</a> WORM!
74408. Source=Paul Collins Startup list
74409.  
74410. [System File Drivers]
74411. Number=10562
74412. Confirmed=X
74413. Filename=nvsysvc32.exe
74414. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WJ" target="_blank">AGOBOT.WJ</a> WORM!
74415. Source=Paul Collins Startup list
74416.  
74417. [system firewall]
74418. Number=10563
74419. Confirmed=X
74420. Filename=makeini32.exe
74421. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotps.html" target= blank>AGOBOT-PS</a> WORM!
74422. Source=Paul Collins Startup list
74423.  
74424. [System Firewalls]
74425. Number=10564
74426. Confirmed=X
74427. Filename=commandprompt32.exe
74428. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJT" target="_blank">RBOT.BJT</a> WORM!
74429. Source=Paul Collins Startup list
74430.  
74431. [System Guard]
74432. Number=10565
74433. Confirmed=X
74434. Filename=mhguard.exe
74435. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagu.html" target=_blank>RBOT-AGU</a> WORM!
74436. Source=Paul Collins Startup list
74437.  
74438. [System Handler]
74439. Number=10566
74440. Confirmed=X
74441. Filename=LSASS.EXE
74442. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031913-3938-99" target=_blank>NIMOS</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
74443. Source=Paul Collins Startup list
74444.  
74445. [system handler]
74446. Number=10567
74447. Confirmed=X
74448. Filename=srvhandle.exe
74449. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3251-99" target=_blank>REDPLUT</a> VIRUS!
74450. Source=Paul Collins Startup list
74451.  
74452. [System Host Manager]
74453. Number=10568
74454. Confirmed=X
74455. Filename=syshost.exe
74456. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32banwormc.html" target="_blank">BANWORM-C</a> WORM!
74457. Source=Paul Collins Startup list
74458.  
74459. [System Host Service]
74460. Number=10569
74461. Confirmed=X
74462. Filename=svchost.exe
74463. Description=Added by the <a href "http://www.symantec.com/security_response/writeup.jsp?docid=2004-031414-1207-99" target=_blank>CONE.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
74464. Source=Paul Collins Startup list
74465.  
74466. [System Information Manager]
74467. Number=10570
74468. Confirmed=X
74469. Filename=Navcpe.exe
74470. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqb.html" target="_blank">SDBOT-QB</a> WORM!
74471. Source=Paul Collins Startup list
74472.  
74473. [System Information Manager]
74474. Number=10571
74475. Confirmed=X
74476. Filename=Msbb.exe
74477. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
74478. Source=Paul Collins Startup list
74479.  
74480. [System Initialization]
74481. Number=10572
74482. Confirmed=X
74483. Filename=msmsgri32.exe
74484. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank"> RANDEX.D</a> WORM or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073107-5705-99" target="_blank">ROXY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092218-1108-99" target="_blank">ROXY.B</a> TROJANS!
74485. Source=Paul Collins Startup list
74486.  
74487. [System Initialization]
74488. Number=10573
74489. Confirmed=X
74490. Filename=payload.dat
74491. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-062715-3031-99" target="_blank"> RANDEX.D</a> WORM or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073107-5705-99" target="_blank">ROXY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092218-1108-99" target="_blank">ROXY.B</a> TROJANS!
74492. Source=Paul Collins Startup list
74493.  
74494. [System Kernal Support]
74495. Number=10574
74496. Confirmed=X
74497. Filename=system.exe
74498. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BWV&VSect=T" target=_blank>SDBOT.BWV</a> WORM!
74499. Source=Paul Collins Startup list
74500.  
74501. [System Kernel]
74502. Number=10575
74503. Confirmed=X
74504. Filename=lsass.exe
74505. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbbotg.html" target=_blank>VBBOT-G</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
74506. Source=Paul Collins Startup list
74507.  
74508. [System LifeGuard Scheduler]
74509. Number=10576
74510. Confirmed=U
74511. Filename=Slsched.exe
74512. Description=<a href="http://www.bmtmicro.com/BMTCatalog/win/syslifeguard.html" target="_blank">System LifeGuard</a> scheduler
74513. Source=Paul Collins Startup list
74514.  
74515. [System Log Event]
74516. Number=10577
74517. Confirmed=X
74518. Filename=csrss32.exe
74519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotji.html" target="_blank">AGOBOT-JI</a> WORM!
74520. Source=Paul Collins Startup list
74521.  
74522. [System Management Service]
74523. Number=10578
74524. Confirmed=X
74525. Filename=smsc.exe
74526. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotann.html" target=_blank>RBOT-ANN</a> WORM!
74527. Source=Paul Collins Startup list
74528.  
74529. [System Manager]
74530. Number=10579
74531. Confirmed=X
74532. Filename=svchost.exe
74533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerae.html" target=_blank>BANKER-AE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
74534. Source=Paul Collins Startup list
74535.  
74536. [system manager]
74537. Number=10580
74538. Confirmed=X
74539. Filename=System.exe
74540. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbo.html" target=_blank>FORBOT-BO</a> WORM!
74541.  
74542. Source=Paul Collins Startup list
74543.  
74544. [System Manager]
74545. Number=10581
74546. Confirmed=X
74547. Filename=winsrv32.exe
74548. Description=Added by an unidentified WORM or TROJAN!
74549. Source=Paul Collins Startup list
74550.  
74551. [System Manager]
74552. Number=10582
74553. Confirmed=X
74554. Filename=sysmng.exe
74555. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tamec.html" target=_blank>TAME-C</a> WORM!
74556. Source=Paul Collins Startup list
74557.  
74558. [System Manager Updates]
74559. Number=10583
74560. Confirmed=X
74561. Filename=winsvc.exe
74562. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEM&VSect=P" target=_blank>AGOBOT.AEM</a> WORM!
74563. Source=Paul Collins Startup list
74564.  
74565. [System Mechanic Popup Blocker]
74566. Number=10584
74567. Confirmed=U
74568. Filename=PopupBlocker.exe
74569. Description=Popup blocker part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> utility suite
74570. Source=Paul Collins Startup list
74571.  
74572. [System Mechanic Popup Stopper]
74573. Number=10585
74574. Confirmed=U
74575. Filename=Popupstopper.exe
74576. Description=Popup stopper part of Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> utility suite
74577. Source=Paul Collins Startup list
74578.  
74579. [System Mechanic Professional Update [Incinerator.dll]]
74580. Number=10586
74581. Confirmed=N
74582. Filename=SysMech4.exe /REREG: [path] Incinerator.dll
74583. Description=Iolo <a href="http://www.iolo.com/sm/4pro/tutorials.cfm" target="_blank">System Mechanic</a> "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again
74584. Source=Paul Collins Startup list
74585.  
74586. [SYSTEM MESSAGER]
74587. Number=10587
74588. Confirmed=X
74589. Filename=wmisg.exe
74590. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061514-4935-99" target=_blank>MYTOB.ES</a> WORM!
74591. Source=Paul Collins Startup list
74592.  
74593. [System Messaging Queue]
74594. Number=10588
74595. Confirmed=X
74596. Filename=SMCSS.EXE
74597. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74598. Source=Paul Collins Startup list
74599.  
74600. [System Messenger]
74601. Number=10589
74602. Confirmed=X
74603. Filename=SYSMSG32.EXE
74604. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdk.html" target= blank>SPYBOT-DK</a> WORM!
74605. Source=Paul Collins Startup list
74606.  
74607. [System Monitor]
74608. Number=10590
74609. Confirmed=U
74610. Filename=SYSMON.EXE
74611. Description=Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal
74612. Source=Paul Collins Startup list
74613.  
74614. [System Monitor]
74615. Number=10591
74616. Confirmed=X
74617. Filename=Sysmon16.exe
74618. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
74619. Source=Paul Collins Startup list
74620.  
74621. [System MScvb]
74622. Number=10592
74623. Confirmed=X
74624. Filename=mscvb32.exe
74625. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053113-3948-99" target="_blank">SOBIG.C</a> WORM!
74626. Source=Paul Collins Startup list
74627.  
74628. [System Net]
74629. Number=10593
74630. Confirmed=X
74631. Filename=sys32.exe
74632. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfx.html" target= blank>FORBOT-FX</a> WORM!
74633. Source=Paul Collins Startup list
74634.  
74635. [System Net Database]
74636. Number=10594
74637. Confirmed=X
74638. Filename=sysnd.exe
74639. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaw.html" target= blank>RBOT-AAW</a> WORM!
74640. Source=Paul Collins Startup list
74641.  
74642. [System Networking]
74643. Number=10595
74644. Confirmed=X
74645. Filename=sysnet.exe
74646. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.API" target="_blank">RBOT.API</a> WORM!
74647. Source=Paul Collins Startup list
74648.  
74649. [System Power Managment]
74650. Number=10596
74651. Confirmed=X
74652. Filename=svcnost.exe
74653. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefi.html" target=_blank>DREF-I</a> WORM!
74654. Source=Paul Collins Startup list
74655.  
74656. [System Process]
74657. Number=10597
74658. Confirmed=X
74659. Filename=csrss.exe
74660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
74661. Source=Paul Collins Startup list
74662.  
74663. [System Process]
74664. Number=10598
74665. Confirmed=X
74666. Filename=lsass.exe
74667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
74668. Source=Paul Collins Startup list
74669.  
74670. [System Process]
74671. Number=10599
74672. Confirmed=X
74673. Filename=svchost.exe
74674. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
74675. Source=Paul Collins Startup list
74676.  
74677. [System Process]
74678. Number=10600
74679. Confirmed=X
74680. Filename=CSRSR.exe
74681. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsq.html" target=_blank>AGOBOT-SQ</a> WORM!
74682. Source=Paul Collins Startup list
74683.  
74684. [System Profile]
74685. Number=10601
74686. Confirmed=X
74687. Filename=Regsrv.exe
74688. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=16106" target="_blank">OPTIX</a> TROJAN!
74689. Source=Paul Collins Startup list
74690.  
74691. [System Reboot]
74692. Number=10602
74693. Confirmed=X
74694. Filename=rebootsys.exe
74695. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwu.html" target= blank>RBOT-WU</a> WORM!
74696. Source=Paul Collins Startup list
74697.  
74698. [System Redirect]
74699. Number=10603
74700. Confirmed=X
74701. Filename=sysbho.exe
74702. Description=Downloader trojan, "Melkosoft" adware related
74703. Source=Paul Collins Startup list
74704.  
74705. [System Restore]
74706. Number=10604
74707. Confirmed=X
74708. Filename=svcnet.exe
74709. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072620-2821-99" target="_blank">TIBICK</a> WORM!
74710. Source=Paul Collins Startup list
74711.  
74712. [System Restore Data]
74713. Number=10605
74714. Confirmed=X
74715. Filename=[path] repcale.exe [path] beird.exe
74716. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDON.AN" target="_blank">RANDON.AN</a> WORM!
74717. Source=Paul Collins Startup list
74718.  
74719. [System Service]
74720. Number=10606
74721. Confirmed=X
74722. Filename=MSREXE.EXE
74723. Description=Added by the <a href="http://vil.nai.com/vil/content/v_99793.htm" target="_blank">AML</a> TROJAN!
74724. Source=Paul Collins Startup list
74725.  
74726. [system service]
74727. Number=10607
74728. Confirmed=X
74729. Filename=spoolcrv.cpl
74730. Description=Added by the INSPIR.11 TROJAN!
74731. Source=Paul Collins Startup list
74732.  
74733. [System Service]
74734. Number=10608
74735. Confirmed=X
74736. Filename=systems.exe
74737. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VZ" target="_blank">AGOBOT.VZ</a> WORM!
74738. Source=Paul Collins Startup list
74739.  
74740. [System Service]
74741. Number=10609
74742. Confirmed=X
74743. Filename=coderxt.exe
74744. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotald.html" target=_blank>RBOT-ALD</a> WORM!
74745. Source=Paul Collins Startup list
74746.  
74747. [System Service]
74748. Number=10610
74749. Confirmed=X
74750. Filename=exp0lrer.exe
74751. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74752. Source=Paul Collins Startup list
74753.  
74754. [System Service]
74755. Number=10611
74756. Confirmed=X
74757. Filename=servicent.exe
74758. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajv.html" target=_blank>RBOT-AJI</a> WORM!
74759. Source=Paul Collins Startup list
74760.  
74761. [System service]
74762. Number=10612
74763. Confirmed=X
74764. Filename=system.exe
74765. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080314-0053-99" target=_blank>BANCOS.AA</a> TROJAN!
74766. Source=Paul Collins Startup list
74767.  
74768. [System Service]
74769. Number=10613
74770. Confirmed=X
74771. Filename=msnwindows.exe
74772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100416-5735-99" target=_blank>SPYBOT.YCL</a> WORM!
74773. Source=Paul Collins Startup list
74774.  
74775. [System Service]
74776. Number=10614
74777. Confirmed=X
74778. Filename=servicez.exe
74779. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaoy.html" target=_blank>RBOT-AOY</a> WORM!
74780. Source=Paul Collins Startup list
74781.  
74782. [System Service]
74783. Number=10615
74784. Confirmed=X
74785. Filename=msnxpexe.exe
74786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaua.html" target=_blank>RBOT-AUA</a> WORM!
74787. Source=Paul Collins Startup list
74788.  
74789. [System Service]
74790. Number=10616
74791. Confirmed=X
74792. Filename=teskmangr.exe
74793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauv.html" target=_blank>RBOT-AUV</a> WORM!
74794. Source=Paul Collins Startup list
74795.  
74796. [System Service]
74797. Number=10617
74798. Confirmed=X
74799. Filename=backup.exe
74800. Description=Added by the PACKBOT.AA WORM!
74801. Source=Paul Collins Startup list
74802.  
74803. [System Service]
74804. Number=10618
74805. Confirmed=X
74806. Filename=serious.exe
74807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmv.html" target="_blank">RBOT-FMV</a> WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)
74808. Source=Paul Collins Startup list
74809.  
74810. [SYSTEM service helper]
74811. Number=10619
74812. Confirmed=X
74813. Filename=svchelper.exe
74814. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32monkbda.html" target=_blank>MONKBD-A</a> WORM!
74815. Source=Paul Collins Startup list
74816.  
74817. [SYSTEM service helper]
74818. Number=10620
74819. Confirmed=X
74820. Filename=syshelp.exe
74821. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32monkbda.html" target=_blank>MONKBD-A</a> WORM!
74822. Source=Paul Collins Startup list
74823.  
74824. [System service**]
74825. Number=10621
74826. Confirmed=X
74827. Filename=pokapoka**.exe
74828. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083109-1455-99" target=_blank>EliteBar</a> adware - where ** represents the numbers 61 to 79
74829. Source=Paul Collins Startup list
74830.  
74831. [System service62]
74832. Number=10622
74833. Confirmed=X
74834. Filename=System service62
74835. Description=pokapoka62.exe
74836. Source=Paul Collins Startup list
74837.  
74838. [System service78]
74839. Number=10623
74840. Confirmed=X
74841. Filename=[path to file]
74842. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelitebart.html" target=_blank>ELITEBAR-T</a> and <a href="http://www.sophos.com/virusinfo/analyses/trojelitebaru.html" target=_blank>ELITEBAR-U</a> TROJANS!
74843. Source=Paul Collins Startup list
74844.  
74845. [System service79]
74846. Number=10624
74847. Confirmed=X
74848. Filename=[path to file]
74849. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojelitebarv.html" target=_blank>ELITEBAR-V</a> TROJAN!
74850. Source=Paul Collins Startup list
74851.  
74852. [System Services]
74853. Number=10625
74854. Confirmed=X
74855. Filename=[random file name]
74856. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74857. Source=Paul Collins Startup list
74858.  
74859. [System Services]
74860. Number=10626
74861. Confirmed=X
74862. Filename=connection.exe
74863. Description=Added by an unidentified WORM or TROJAN!
74864. Source=Paul Collins Startup list
74865.  
74866. [System Services]
74867. Number=10627
74868. Confirmed=X
74869. Filename=svcsenes.exe
74870. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
74871. Source=Paul Collins Startup list
74872.  
74873. [System Services]
74874. Number=10628
74875. Confirmed=X
74876. Filename=svcsenes32a.exe
74877. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafg.html" target=_blank>RBOT-AFG</a> WORM!
74878. Source=Paul Collins Startup list
74879.  
74880. [System Services]
74881. Number=10629
74882. Confirmed=X
74883. Filename=ssms.exe
74884. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
74885. Source=Paul Collins Startup list
74886.  
74887. [System Session Manager]
74888. Number=10630
74889. Confirmed=X
74890. Filename=smss.exe
74891. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalele.html" target=_blank>KALEL-E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
74892. Source=Paul Collins Startup list
74893.  
74894. [System settings]
74895. Number=10631
74896. Confirmed=X
74897. Filename=burndl32.exe
74898. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzo.html" target=_blank>SDBOT-ZO</a> WORM!
74899. Source=Paul Collins Startup list
74900.  
74901. [System Setup]
74902. Number=10632
74903. Confirmed=X
74904. Filename=rpcxcmod.exe
74905. Description=Added by an unidentified WORM or TROJAN!
74906. Source=Paul Collins Startup list
74907.  
74908. [System Soap Pro]
74909. Number=10633
74910. Confirmed=X
74911. Filename=soap.exe
74912. Description=<a href="http://www.systemsoap.com/" target="_blank">System Soap Pro</a> internet cleaning software. Bundles foistware like <a href="http://allentech.net/parasite/Httper.html" target="_blank">Httper</a> and <a href="http://allentech.net/parasite/Zipclix.html" target="_blank">Zipclix</a> - best avoided
74913.  
74914. Source=Paul Collins Startup list
74915.  
74916. [system spool]
74917. Number=10634
74918. Confirmed=X
74919. Filename=syspools.exe
74920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dreft.html" target="_blank">DREF-T</a> WORM/VIRUS!
74921. Source=Paul Collins Startup list
74922.  
74923. [System startup]
74924. Number=10635
74925. Confirmed=U
74926. Filename=charmapx.exe
74927. Description=Only required if using an oriental language
74928. Source=Paul Collins Startup list
74929.  
74930. [System Startup]
74931. Number=10636
74932. Confirmed=X
74933. Filename=Voltio.exe
74934. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.NJ" target="_blank">RBOT.NJ</a> WORM!
74935. Source=Paul Collins Startup list
74936.  
74937. [System Startup]
74938. Number=10637
74939. Confirmed=X
74940. Filename=kimochi.exe
74941. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
74942. Source=Paul Collins Startup list
74943.  
74944. [System Startup Manager]
74945. Number=10638
74946. Confirmed=X
74947. Filename=smcss.exe
74948. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AMD&VSect=P" target=_blank>RBOT.AMD</a> WORM!
74949. Source=Paul Collins Startup list
74950.  
74951. [System Stats]
74952. Number=10639
74953. Confirmed=X
74954. Filename=SystemStats.exe
74955. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
74956. Source=Paul Collins Startup list
74957.  
74958. [System Support]
74959. Number=10640
74960. Confirmed=X
74961. Filename=syscfg.exe
74962. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagq.html" target=_blank>RBOT-AGQ</a> WORM!
74963. Source=Paul Collins Startup list
74964.  
74965. [System Support]
74966. Number=10641
74967. Confirmed=X
74968. Filename=system32.exe
74969. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaha.html" target=_blank>RBOT-AHA</a> WORM!
74970. Source=Paul Collins Startup list
74971.  
74972. [System Support]
74973. Number=10642
74974. Confirmed=X
74975. Filename=syssql.exe
74976. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauh.html" target=_blank>RBOT-AUH</a> WORM!
74977. Source=Paul Collins Startup list
74978.  
74979. [System Support]
74980. Number=10643
74981. Confirmed=X
74982. Filename=torrent.exe
74983. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
74984. Source=Paul Collins Startup list
74985.  
74986. [System Terminal]
74987. Number=10644
74988. Confirmed=X
74989. Filename=SYSTEM2.EXE
74990. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotbz.html" target="_blank">SPYBOT-BZ</a> TROJAN!
74991. Source=Paul Collins Startup list
74992.  
74993. [System time updator]
74994. Number=10645
74995. Confirmed=X
74996. Filename=CSysTime.exe
74997. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102910-5348-99" target="_blank">RANDEX.S</a> WORM!
74998. Source=Paul Collins Startup list
74999.  
75000. [System Toolkit]
75001. Number=10646
75002. Confirmed=X
75003. Filename=Systools.exe
75004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ronoperg.html" target="_blank">RONOPER-G</a> WORM!
75005. Source=Paul Collins Startup list
75006.  
75007. [System Tray]
75008. Number=10647
75009. Confirmed=X
75010. Filename=msccn32.exe
75011. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100307.htm" target="_blank">SOBIG.B</a> WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
75012. Source=Paul Collins Startup list
75013.  
75014. [System Tray]
75015. Number=10648
75016. Confirmed=X
75017. Filename=systray.exe
75018. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32fana.html" target=_blank>FAN-A</a> WORM!
75019. Source=Paul Collins Startup list
75020.  
75021. [System Tray Services]
75022. Number=10649
75023. Confirmed=X
75024. Filename=spooles32.exe
75025. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T" target=_blank>AGOBOT.ZH</a> WORM!
75026. Source=Paul Collins Startup list
75027.  
75028. [System Tray32]
75029. Number=10650
75030. Confirmed=X
75031. Filename=SysTray32.exe
75032. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090817-4709-99" target="_blank">REPAD</a> WORM!
75033. Source=Paul Collins Startup list
75034.  
75035. [System Unix]
75036. Number=10651
75037. Confirmed=X
75038. Filename=syscfg32.exe
75039. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzd.html" target= blank>RBOT-ZD</a> WORM!
75040. Source=Paul Collins Startup list
75041.  
75042. [system updata]
75043. Number=10652
75044. Confirmed=X
75045. Filename=updata.exe
75046. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagec.html" target=_blank>LINEAGE-C</a> TROJAN!
75047. Source=Paul Collins Startup list
75048.  
75049. [System Update]
75050. Number=10653
75051. Confirmed=X
75052. Filename=[filename].exe
75053. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
75054. Source=Paul Collins Startup list
75055.  
75056. [System Update]
75057. Number=10654
75058. Confirmed=X
75059. Filename=[random filename]
75060. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070217-1202-99" target="_blank">KORGO.W</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080213-0953-99" target="_blank">KORGO.X</a> WORMS!
75061. Source=Paul Collins Startup list
75062.  
75063. [System Update]
75064. Number=10655
75065. Confirmed=X
75066. Filename=wupdmgr.exe
75067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoromoa.html" target="_blank">SOROMO-A</a> TROJAN!
75068. Source=Paul Collins Startup list
75069.  
75070. [System Update]
75071. Number=10656
75072. Confirmed=X
75073. Filename=[random filename]
75074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoromoa.html" target=_blank>SOROMO-A</a> TROJAN!
75075. Source=Paul Collins Startup list
75076.  
75077. [System Update]
75078. Number=10657
75079. Confirmed=X
75080. Filename=wauluclt.exe
75081. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EF" target="_blank">SDBOT.EF</a> WORM!
75082. Source=Paul Collins Startup list
75083.  
75084. [System Update]
75085. Number=10658
75086. Confirmed=X
75087. Filename=[path to trojan]
75088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojd.html" target=_blank>AUTOTROJ-D</a> TROJAN!
75089. Source=Paul Collins Startup list
75090.  
75091. [System Update]
75092. Number=10659
75093. Confirmed=X
75094. Filename=mssetupconf.exe
75095. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DLC" target="_blank">RBOT.DLC</a> WORM!
75096. Source=Paul Collins Startup list
75097.  
75098. [System Update Application]
75099. Number=10660
75100. Confirmed=Y
75101. Filename=msbuffer.exe
75102. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFF" target="_blank">SDBOT.AFF</a> WORM!
75103. Source=Paul Collins Startup list
75104.  
75105. [System Update Service]
75106. Number=10661
75107. Confirmed=X
75108. Filename=wmiprvsa.exe
75109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrg.html" target=_blank>AGOBOT-RG</a> TROJAN!
75110. Source=Paul Collins Startup list
75111.  
75112. [System Update Service]
75113. Number=10662
75114. Confirmed=X
75115. Filename=winupd32.exe
75116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadtodaa.html" target=_blank>ADTODA-A</a> TROJAN!
75117. Source=Paul Collins Startup list
75118.  
75119. [System Update Service]
75120. Number=10663
75121. Confirmed=X
75122. Filename=system.pif
75123. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotall.html" target=_blank>RBOT-ALL</a> WORM!
75124. Source=Paul Collins Startup list
75125.  
75126. [System Update Service]
75127. Number=10664
75128. Confirmed=X
75129. Filename=update.pif
75130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090612-1341-99" target=_blank>SPYBOT.WOE</a> WORM!
75131. Source=Paul Collins Startup list
75132.  
75133. [System Update2]
75134. Number=10665
75135. Confirmed=X
75136. Filename=explorer.exe
75137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target="_blank">AUTOTROJ-C</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
75138. Source=Paul Collins Startup list
75139.  
75140. [System Update2]
75141. Number=10666
75142. Confirmed=X
75143. Filename=services.exe
75144. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
75145. Source=Paul Collins Startup list
75146.  
75147. [System Update2]
75148. Number=10667
75149. Confirmed=X
75150. Filename=svchost.exe
75151. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
75152. Source=Paul Collins Startup list
75153.  
75154. [System Update2]
75155. Number=10668
75156. Confirmed=X
75157. Filename=system.exe
75158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75159. Source=Paul Collins Startup list
75160.  
75161. [System Update2]
75162. Number=10669
75163. Confirmed=X
75164. Filename=taskman.exe
75165. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75166. Source=Paul Collins Startup list
75167.  
75168. [System Update2]
75169. Number=10670
75170. Confirmed=X
75171. Filename=taskmon.exe
75172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75173. Source=Paul Collins Startup list
75174.  
75175. [System Update2]
75176. Number=10671
75177. Confirmed=X
75178. Filename=update.exe
75179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75180. Source=Paul Collins Startup list
75181.  
75182. [System Update2]
75183. Number=10672
75184. Confirmed=X
75185. Filename=webcheck.exe
75186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75187. Source=Paul Collins Startup list
75188.  
75189. [System Update2]
75190. Number=10673
75191. Confirmed=X
75192. Filename=wininet.exe
75193. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75194. Source=Paul Collins Startup list
75195.  
75196. [System Update2]
75197. Number=10674
75198. Confirmed=X
75199. Filename=winlogon.exe
75200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup!
75201. Source=Paul Collins Startup list
75202.  
75203. [System Update2]
75204. Number=10675
75205. Confirmed=X
75206. Filename=winspool.exe
75207. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75208. Source=Paul Collins Startup list
75209.  
75210. [System Update2]
75211. Number=10676
75212. Confirmed=X
75213. Filename=wupdmgr.exe
75214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojautotrojc.html" target=_blank>AUTOTROJ-C</a> TROJAN!
75215. Source=Paul Collins Startup list
75216.  
75217. [System Updater Service]
75218. Number=10677
75219. Confirmed=X
75220. Filename=wmiprvsw.exe
75221. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042913-2859-99" target="_blank">GAOBOT.AFC</a> WORM!
75222. Source=Paul Collins Startup list
75223.  
75224. [System Updates]
75225. Number=10678
75226. Confirmed=X
75227. Filename=winsci.exe
75228. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
75229. Source=Paul Collins Startup list
75230.  
75231. [System Updates]
75232. Number=10679
75233. Confirmed=X
75234. Filename=szwi.exe
75235. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxe.html" target=_blank>RBOT-AXE</a> WORM!
75236. Source=Paul Collins Startup list
75237.  
75238. [System Updates]
75239. Number=10680
75240. Confirmed=U
75241. Filename=unve.exe
75242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawg.html" target=_blank>RBOT-AWG</a> TROJAN!
75243. Source=Paul Collins Startup list
75244.  
75245. [System Updates]
75246. Number=10681
75247. Confirmed=X
75248. Filename=wmkl.exe
75249. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayj.html" target=_blank>RBOT-AYJ</a> WORM!
75250. Source=Paul Collins Startup list
75251.  
75252. [System Updates 4]
75253. Number=10682
75254. Confirmed=X
75255. Filename=mssysfix.exe
75256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadu.html" target=_blank>RBOT-ADU</a> WORM!
75257. Source=Paul Collins Startup list
75258.  
75259. [System Updates Manager]
75260. Number=10683
75261. Confirmed=X
75262. Filename=winserv32.exe
75263. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaga.html" target=_blank>AGOBOT-AGA</a> WORM!
75264. Source=Paul Collins Startup list
75265.  
75266. [System Updates Service]
75267. Number=10684
75268. Confirmed=X
75269. Filename=updates.pif
75270. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotama.html" target=_blank>RBOT-AMA</a> WORM!
75271. Source=Paul Collins Startup list
75272.  
75273. [System Uptime Server]
75274. Number=10685
75275. Confirmed=X
75276. Filename=SYSENTRY.EXE
75277. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
75278. Source=Paul Collins Startup list
75279.  
75280. [System Uptime Server]
75281. Number=10686
75282. Confirmed=X
75283. Filename=SYSENTRY32.EXE
75284. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LK" target="_blank">RBOT.LK</a> WORM!
75285. Source=Paul Collins Startup list
75286.  
75287. [system xp]
75288. Number=10687
75289. Confirmed=X
75290. Filename=acdsee demo.exe
75291. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113010-0605-99" target=_blank>SALGA.A</a> WORM!
75292. Source=Paul Collins Startup list
75293.  
75294. [System-Config]
75295. Number=10688
75296. Confirmed=X
75297. Filename=msptmf32.com
75298. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39429" target="_blank">LIOTEN.FA</a> WORM!
75299. Source=Paul Collins Startup list
75300.  
75301. [System-Service]
75302. Number=10689
75303. Confirmed=X
75304. Filename=EXPLORER.SCR
75305. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A" target="_blank">BENJAMIN.A</a> WORM! KaZaA file-sharing users beware!
75306. Source=Paul Collins Startup list
75307.  
75308. [System-Stat]
75309. Number=10690
75310. Confirmed=X
75311. Filename=systats.exe
75312. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RA" target="_blank">SDBOT.RA</a> WORM!
75313. Source=Paul Collins Startup list
75314.  
75315. [system.]
75316. Number=10691
75317. Confirmed=X
75318. Filename=system..exe
75319. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020615-3137-99" target="_blank">OPTIXPRO.13.C</a> TROJAN!
75320. Source=Paul Collins Startup list
75321.  
75322. [system...]
75323. Number=10692
75324. Confirmed=X
75325. Filename=system...exe
75326. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020615-3137-99" target="_blank">OPTIXPRO.13.C</a> TROJAN!
75327. Source=Paul Collins Startup list
75328.  
75329. [System.exe]
75330. Number=10693
75331. Confirmed=X
75332. Filename=System.exe
75333. Description=Added by various WORMS and TROJANS!
75334. Source=Paul Collins Startup list
75335.  
75336. [System132]
75337. Number=10694
75338. Confirmed=X
75339. Filename=Csrtss.exe
75340. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlanfilti.html" target=_blank>LANFILT-I</a> TROJAN!
75341. Source=Paul Collins Startup list
75342.  
75343. [system23]
75344. Number=10695
75345. Confirmed=X
75346. Filename=notPad.exe
75347. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051615-2304-99" target= blank>ESTEEMS.D</a> TROJAN!
75348. Source=Paul Collins Startup list
75349.  
75350. [System32]
75351. Number=10696
75352. Confirmed=X
75353. Filename=system.exe
75354. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbushtro122.html" target="_blank">BUSHTRO122</a> TROJAN!
75355. Source=Paul Collins Startup list
75356.  
75357. [System32]
75358. Number=10697
75359. Confirmed=X
75360. Filename=System32.exe
75361. Description=Added by any number of WORMS or TROJANS!
75362. Source=Paul Collins Startup list
75363.  
75364. [System32]
75365. Number=10698
75366. Confirmed=U
75367. Filename=sysdiag.exe
75368. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
75369. Source=Paul Collins Startup list
75370.  
75371. [System32]
75372. Number=10699
75373. Confirmed=X
75374. Filename=system32,1.exe
75375. Description=Added by an unidentified VIRUS, WORM or TROJAN!
75376. Source=Paul Collins Startup list
75377.  
75378. [system32]
75379. Number=10700
75380. Confirmed=X
75381. Filename=NeT-BoT.exe
75382. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlj.html" target=_blank>AGOBOT-LJ</a> WORM!
75383.  
75384. Source=Paul Collins Startup list
75385.  
75386. [System32]
75387. Number=10701
75388. Confirmed=X
75389. Filename=lsasss.exe
75390. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxw.html" target= blank>RBOT-XW</a> WORM!
75391. Source=Paul Collins Startup list
75392.  
75393. [System32]
75394. Number=10702
75395. Confirmed=X
75396. Filename=crsvvc.exe
75397. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLY&VSect=P" target=_blank>RBOT.BLY</a> WORM!
75398. Source=Paul Collins Startup list
75399.  
75400. [system32]
75401. Number=10703
75402. Confirmed=X
75403. Filename=QQGame.exe
75404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassac.html" target=_blank>QQPASS-AC</a> TROJAN!
75405. Source=Paul Collins Startup list
75406.  
75407. [System32]
75408. Number=10704
75409. Confirmed=X
75410. Filename=[worm filename]
75411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nauticala.html" target="_blank">NAUTICAL-A</a> TROJAN!
75412. Source=Paul Collins Startup list
75413.  
75414. [System32 PCI Manager]
75415. Number=10705
75416. Confirmed=X
75417. Filename=syspci32.exe
75418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafr.html" target=_blank>RBOT-AFR</a> WORM!
75419. Source=Paul Collins Startup list
75420.  
75421. [System32 PCI Manager]
75422. Number=10706
75423. Confirmed=X
75424. Filename=syspci32.exe
75425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafr.html" target=_blank>RBOT-AFR</a> WORM!
75426. Source=Paul Collins Startup list
75427.  
75428. [System32 TCP Manager]
75429. Number=10707
75430. Confirmed=X
75431. Filename=systcpm.exe
75432. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
75433. Source=Paul Collins Startup list
75434.  
75435. [System32 TCP Manager]
75436. Number=10708
75437. Confirmed=X
75438. Filename=systerm.exe
75439. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AFD&VSect=T" target=_blank>RBOT.AFD</a> WORM!
75440. Source=Paul Collins Startup list
75441.  
75442. [System32 Temp Service]
75443. Number=10709
75444. Confirmed=X
75445. Filename=systmp.exe
75446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaet.html" target=_blank>RBOT-AET</a> WORM!
75447. Source=Paul Collins Startup list
75448.  
75449. [system32.dll]
75450. Number=10710
75451. Confirmed=X
75452. Filename=systeminit.exe
75453. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - re-directing to your-search.info
75454. Source=Paul Collins Startup list
75455.  
75456. [system32.dll]
75457. Number=10711
75458. Confirmed=X
75459. Filename=sysdll32.exe
75460. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Redirecting to wholeworldmarket.com, most likely other domains as well
75461. Source=Paul Collins Startup list
75462.  
75463. [system32.exe]
75464. Number=10712
75465. Confirmed=X
75466. Filename=services32.exe
75467. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
75468. Source=Paul Collins Startup list
75469.  
75470. [system32.exe]
75471. Number=10713
75472. Confirmed=X
75473. Filename=system32.exe
75474. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090514-4559-99" target=_blank>GRAYBIRD.P</a> TROJAN!
75475. Source=Paul Collins Startup list
75476.  
75477. [System32Check]
75478. Number=10714
75479. Confirmed=X
75480. Filename=[random].exe
75481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojchasta.html" target=_blank>CHAST-A</a> TROJAN!
75482. Source=Paul Collins Startup list
75483.  
75484. [System32Dll]
75485. Number=10715
75486. Confirmed=X
75487. Filename=DLL32SYS.EXE
75488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcz.html" target="_blank">SPYBOT-CZ</a> WORM!
75489. Source=Paul Collins Startup list
75490.  
75491. [System32Ex]
75492. Number=10716
75493. Confirmed=X
75494. Filename=System32Ex.exe
75495. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target="_blank">IRCCONTACT</a> TROJAN!
75496. Source=Paul Collins Startup list
75497.  
75498. [System32kfvw╞]
75499. Number=10717
75500. Confirmed=U
75501. Filename=sysdiag.exe
75502. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051211-3023-99" target="_blank">SpyAgent</a> surveillance software. Uninstall this software unless you put it there yourself
75503. Source=Paul Collins Startup list
75504.  
75505. [System33]
75506. Number=10718
75507. Confirmed=X
75508. Filename=FB_PNU.EXE
75509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html" target="_blank">NICHELLO-A</a> WORM!
75510. Source=Paul Collins Startup list
75511.  
75512. [system34.exe]
75513. Number=10719
75514. Confirmed=X
75515. Filename=system34.exe
75516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfxy.html" target="_blank">DWNLDR-FXY</a> TROJAN!
75517. Source=Paul Collins Startup list
75518.  
75519. [System4224411]
75520. Number=10720
75521. Confirmed=X
75522. Filename=Virus
75523. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CAGER.A&VSect=P" target=_blank>CAGER.A</a> WORM!
75524. Source=Paul Collins Startup list
75525.  
75526. [System4224411]
75527. Number=10721
75528. Confirmed=X
75529. Filename=Systemdll.exe
75530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yusufalib.html" target=_blank>YUSUFALI-B</a> WORM!
75531. Source=Paul Collins Startup list
75532.  
75533. [system43.exe]
75534. Number=10722
75535. Confirmed=X
75536. Filename=system43.exe
75537. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
75538. Source=Paul Collins Startup list
75539.  
75540. [System64]
75541. Number=10723
75542. Confirmed=X
75543. Filename=inet.exe
75544. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdenglea.html" target="_blank">DENGLE-A</a> TROJAN!
75545. Source=Paul Collins Startup list
75546.  
75547. [SystemAdministration]
75548. Number=10724
75549. Confirmed=X
75550. Filename=Wincmp32.exe
75551. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121815-0609-99" target="_blank">ASYLUM</a> TROJAN!
75552. Source=Paul Collins Startup list
75553.  
75554. [SystemAgent]
75555. Number=10725
75556. Confirmed=U
75557. Filename=Sage.exe
75558. Description="Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"
75559. Source=Paul Collins Startup list
75560.  
75561. [SystemB]
75562. Number=10726
75563. Confirmed=X
75564. Filename=MessengerStopper.exe
75565. Description=<a href="http://sarc.com/avcenter/venc/data/adware.messstopper.html" target=_blank>MessStopper</a> adware
75566. Source=Paul Collins Startup list
75567.  
75568. [SystemBackup]
75569. Number=10727
75570. Confirmed=X
75571. Filename=mtx.exe
75572. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-121510-4820-99" target="_blank">MTX</a> VIRUS/WORM!
75573. Source=Paul Collins Startup list
75574.  
75575. [SystemBackup]
75576. Number=10728
75577. Confirmed=X
75578. Filename=MicroLog.exe
75579. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MICROLOG.A" target="_blank">MICROLOG.A</a> TROJAN!
75580. Source=Paul Collins Startup list
75581.  
75582. [SystemBoot]
75583. Number=10729
75584. Confirmed=?
75585. Filename=ladies.htm
75586. Description=<font color="#FF0000">Unknown but sounds very suspicious??</font>
75587. Source=Paul Collins Startup list
75588.  
75589. [SystemBoot]
75590. Number=10730
75591. Confirmed=X
75592. Filename=Mshta.exe ...filename.hta
75593. Description=Adult content dialler
75594. Source=Paul Collins Startup list
75595.  
75596. [Systemboot]
75597. Number=10731
75598. Confirmed=X
75599. Filename=msnsngr.exe
75600. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
75601. Source=Paul Collins Startup list
75602.  
75603. [SystemCheck]
75604. Number=10732
75605. Confirmed=X
75606. Filename=Systemcheck.exe
75607. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-060409-0414-99" target="_blank">LAVITS</a> WORM!
75608. Source=Paul Collins Startup list
75609.  
75610. [SystemCheck]
75611. Number=10733
75612. Confirmed=X
75613. Filename=services.exe
75614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberm.html" target= blank>SOBER-M</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Config\system subfolder of the Windows or Winnt folder
75615. Source=Paul Collins Startup list
75616.  
75617. [SystemCheck]
75618. Number=10734
75619. Confirmed=X
75620. Filename=svchost.exe
75621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
75622. Source=Paul Collins Startup list
75623.  
75624. [SystemCheck]
75625. Number=10735
75626. Confirmed=X
75627. Filename=SysCheckBop32.exe
75628. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
75629. Source=Paul Collins Startup list
75630.  
75631. [SystemChecker]
75632. Number=10736
75633. Confirmed=X
75634. Filename=Syschk.exe
75635. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020214-1126-99" target="_blank">GALIL.F</a> WORM!
75636. Source=Paul Collins Startup list
75637.  
75638. [SystemCONF98i]
75639. Number=10737
75640. Confirmed=X
75641. Filename=SystemCONF98i.exe
75642. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=54418" target="_blank">GLITCH</a> TROJAN!
75643. Source=Paul Collins Startup list
75644.  
75645. [SystemDebug]
75646. Number=10738
75647. Confirmed=X
75648. Filename=Sysdeb32.exe
75649. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112517-2455-99" target="_blank">SYSBUG</a> TROJAN!
75650. Source=Paul Collins Startup list
75651.  
75652. [SystemDll]
75653. Number=10739
75654. Confirmed=X
75655. Filename=SystemDll.exe
75656. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112217-2953-99" target="_blank">LOXOSCAM</a> TROJAN!
75657. Source=Paul Collins Startup list
75658.  
75659. [systemdll32.exe]
75660. Number=10740
75661. Confirmed=X
75662. Filename=systemdll32.exe
75663. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfeutelf.html" target= blank>FEUTEL-F</a> TROJAN!
75664. Source=Paul Collins Startup list
75665.  
75666. [SystemDoctor 2006 Free]
75667. Number=10741
75668. Confirmed=N
75669. Filename=sd2006.exe
75670. Description=<a href="http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-062015-2622-99" target="_blank">SystemDoctor</a> is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
75671. Source=Paul Collins Startup list
75672.  
75673. [SystemDriver]
75674. Number=10742
75675. Confirmed=X
75676. Filename=csrss.exe
75677. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-3150-99" target=_blank>ASCETIC.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
75678. Source=Paul Collins Startup list
75679.  
75680. [SystemDriverCheck]
75681. Number=10743
75682. Confirmed=X
75683. Filename=svchost.exe
75684. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
75685. Source=Paul Collins Startup list
75686.  
75687. [SystemDriverLoad]
75688. Number=10744
75689. Confirmed=X
75690. Filename=svchost.exe
75691. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkr.html" target=_blank>DELF-KR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder
75692. Source=Paul Collins Startup list
75693.  
75694. [systemdrv]
75695. Number=10745
75696. Confirmed=X
75697. Filename=ms32sys.exe
75698. Description=Added by an unidentified WORM or TROJAN - most likely <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102419-1801-99" target="_blank">GAOBOT</a> variant
75699. Source=Paul Collins Startup list
75700.  
75701. [SystemEmergency]
75702. Number=10746
75703. Confirmed=X
75704. Filename=[various filenames]
75705. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant
75706. Source=Paul Collins Startup list
75707.  
75708. [SystemExplorer]
75709. Number=10747
75710. Confirmed=X
75711. Filename=explore.exe
75712. Description=Homepage hijacker - file located in the "Services" folder in Common Files
75713. Source=Paul Collins Startup list
75714.  
75715. [SystemFile]
75716. Number=10748
75717. Confirmed=X
75718. Filename=SystemFile.exe
75719. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdulldoora.html" target=_blank>DULLDOOR-A</a> TROJAN!
75720. Source=Paul Collins Startup list
75721.  
75722. [SystemFTP]
75723. Number=10749
75724. Confirmed=X
75725. Filename=VSENMB.exe
75726. Description=Malware (ie, <u>mal</u>icious soft<u>ware</u>).  Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well
75727. Source=Paul Collins Startup list
75728.  
75729. [SystemGent]
75730. Number=10750
75731. Confirmed=X
75732. Filename=CVT.exe
75733. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokh.html" target=_blank>BRONTOK-H</a> WORM!
75734. Source=Paul Collins Startup list
75735.  
75736. [SystemGuardAlerter]
75737. Number=10751
75738. Confirmed=?
75739. Filename=SystemGuardAlerter.exe
75740. Description=Part of the Iolo <a href="http://www.iolo.com/sm/index.cfm" target="_blank">System Mechanic</a> maintenance software. <font color="#FF0000">What does it do?</font>
75741. Source=Paul Collins Startup list
75742.  
75743. [SystemInit]
75744. Number=10752
75745. Confirmed=X
75746. Filename=iservc.exe
75747. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050821-0316-99" target="_blank">FIZZER</a> WORM!
75748. Source=Paul Collins Startup list
75749.  
75750. [Systemiom Updater]
75751. Number=10753
75752. Confirmed=X
75753. Filename=Systemiom.exe
75754. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.TY" target="_blank">SPYBOT.TY</a> WORM!
75755. Source=Paul Collins Startup list
75756.  
75757. [SystemKey]
75758. Number=10754
75759. Confirmed=U
75760. Filename=rundll32.exe [path] SystemKey.dll rdl
75761. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071816-1110-99" target=_blank>Stealth Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
75762. Source=Paul Collins Startup list
75763.  
75764. [SystemLoad32]
75765. Number=10755
75766. Confirmed=X
75767. Filename=sysload32.exe
75768. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110215-2433-99" target="_blank">MIMAIL.E</a> WORM!
75769. Source=Paul Collins Startup list
75770.  
75771. [SystemManager]
75772. Number=10756
75773. Confirmed=X
75774. Filename=Sysman32.exe
75775. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100164.htm" target="_blank">DOWNLOADER-BW.B</a> TROJAN!
75776. Source=Paul Collins Startup list
75777.  
75778. [SystemMap32]
75779. Number=10757
75780. Confirmed=X
75781. Filename=Netisp32.vbs
75782. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071009-5318-99" target="_blank">REDIST.C</a> WORM!
75783. Source=Paul Collins Startup list
75784.  
75785. [SystemMD]
75786. Number=10758
75787. Confirmed=X
75788. Filename=md.exe
75789. Description=Homepage hijacker
75790. Source=Paul Collins Startup list
75791.  
75792. [SystemMgr]
75793. Number=10759
75794. Confirmed=X
75795. Filename=Ir32_a.exe
75796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmaganiaou.html" target="_blank">MAGANIA-OU</a> TROJAN!
75797. Source=Paul Collins Startup list
75798.  
75799. [SystemMonitor]
75800. Number=10760
75801. Confirmed=X
75802. Filename=Sysmon32.exe
75803. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AIDID.A" target="_blank">AIDID.A</a> WORM!
75804. Source=Paul Collins Startup list
75805.  
75806. [SystemNetwork]
75807. Number=10761
75808. Confirmed=X
75809. Filename=NETSERV.EXE
75810. Description=Added by the NETCONTROL VIRUS!
75811. Source=Paul Collins Startup list
75812.  
75813. [SystemNetwork]
75814. Number=10762
75815. Confirmed=X
75816. Filename=sysnet.exe
75817. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
75818. Source=Paul Collins Startup list
75819.  
75820. [SystemNT]
75821. Number=10763
75822. Confirmed=X
75823. Filename=SystemNT.exe
75824. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsvbeg.html" target=_blank>PWSVB-EG</a> TROJAN!
75825. Source=Paul Collins Startup list
75826.  
75827. [SystemProcEvent]
75828. Number=10764
75829. Confirmed=X
75830. Filename=csrwnd.exe
75831. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013116-4032-99" target=_blank>IRCBOT.I</a> TROJAN!
75832. Source=Paul Collins Startup list
75833.  
75834. [systemr]
75835. Number=10765
75836. Confirmed=X
75837. Filename=d11host.exe
75838. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbgx.html" target=_blank>GX</a> TROJAN!
75839. Source=Paul Collins Startup list
75840.  
75841. [systemr]
75842. Number=10766
75843. Confirmed=X
75844. Filename=gedit.exe
75845. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickaq.html" target=_blank>ADCLICK-AQ</a> TROJAN!
75846. Source=Paul Collins Startup list
75847.  
75848. [SystemReg]
75849. Number=10767
75850. Confirmed=?
75851. Filename=PROCES.EXE
75852. Description=<font color="#FF0000">??</font>
75853. Source=Paul Collins Startup list
75854.  
75855. [SystemReg]
75856. Number=10768
75857. Confirmed=X
75858. Filename=svchost.exe
75859. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.E" target=_blank>DEWIN.E</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
75860. Source=Paul Collins Startup list
75861.  
75862. [SystemReg]
75863. Number=10769
75864. Confirmed=X
75865. Filename=WINREG.EXE
75866. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.A" target="_blank">DEWIN.A</a> TROJAN!
75867. Source=Paul Collins Startup list
75868.  
75869. [Systems]
75870. Number=10770
75871. Confirmed=X
75872. Filename=scchost.exe
75873. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN!
75874. Source=Paul Collins Startup list
75875.  
75876. [Systems]
75877. Number=10771
75878. Confirmed=X
75879. Filename=svch0st.exe
75880. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040112-4708-99" target=_blank>MYDOOM.BI</a> WORM!
75881. Source=Paul Collins Startup list
75882.  
75883. [Systems]
75884. Number=10772
75885. Confirmed=X
75886. Filename=Systems.exe
75887. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankboaa.html" target= blank>BANKBOA-A</a> TROJAN!
75888. Source=Paul Collins Startup list
75889.  
75890. [Systems]
75891. Number=10773
75892. Confirmed=X
75893. Filename=itDDD.exe
75894. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpp.html" target=_blank>DLOADER-PP</a> TROJAN!
75895. Source=Paul Collins Startup list
75896.  
75897. [Systems]
75898. Number=10774
75899. Confirmed=X
75900. Filename=sescmgr.exe
75901. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgah.html" target="_blank">DWNLDR-GAH</a> TROJAN!
75902. Source=Paul Collins Startup list
75903.  
75904. [Systems]
75905. Number=10775
75906. Confirmed=X
75907. Filename=spoolsvc.exe
75908. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrsw.html" target="_blank">DLOADR-SW</a> TROJAN!
75909. Source=Paul Collins Startup list
75910.  
75911. [Systems]
75912. Number=10776
75913. Confirmed=X
75914. Filename=sysmon.exe
75915. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvixupbi.html" target="_blank">VIXUP-BI</a> WORM!
75916. Source=Paul Collins Startup list
75917.  
75918. [Systems Backups]
75919. Number=10777
75920. Confirmed=X
75921. Filename=windrives.exe
75922. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrb.html" target=_blank>AGOBOT-RB</a> WORM!
75923. Source=Paul Collins Startup list
75924.  
75925. [Systems Restart]
75926. Number=10778
75927. Confirmed=X
75928. Filename=slchost.exe
75929. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MULTIDROP.C" target=_blank>MULTIDROP.C</a> TROJAN!
75930.  
75931. Source=Paul Collins Startup list
75932.  
75933. [Systems Restart]
75934. Number=10779
75935. Confirmed=X
75936. Filename=spchost.exe
75937. Description=Added by an unidentified WORM or TROJAN!
75938.  
75939. Source=Paul Collins Startup list
75940.  
75941. [Systems Restart]
75942. Number=10780
75943. Confirmed=X
75944. Filename=Rundll32.exe beem.dll, DllRegisterServer
75945. Description=Browser hijacker - the file serves to register a dll implemented as a browser plugin
75946. Source=Paul Collins Startup list
75947.  
75948. [Systems Restart]
75949. Number=10781
75950. Confirmed=X
75951. Filename=Rundll32.exe snim.dll, DllRegisterServer
75952. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021713-2508-99" target=_blank>Startpage.I</a> hijacker
75953. Source=Paul Collins Startup list
75954.  
75955. [Systems Restart]
75956. Number=10782
75957. Confirmed=X
75958. Filename=Rundll32.exe zolk.dll, DllRegisterServer
75959. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030719-0319-99" target="_blank">STARTPAGE.J</a> TROJAN!
75960. Source=Paul Collins Startup list
75961.  
75962. [Systems.exe]
75963. Number=10783
75964. Confirmed=U
75965. Filename=Systems.exe
75966. Description=<a href="http://www.refog.com/download.htm" target="_blank">Keyboard Spectator</a> - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
75967. Source=Paul Collins Startup list
75968.  
75969. [systems.exe]
75970. Number=10784
75971. Confirmed=U
75972. Filename=systems.exe
75973. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.kgbspy.html" target="_blank">KGBSpy</a> is a commercial surveillance software program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode
75974. Source=Paul Collins Startup list
75975.  
75976. [SystemSafe]
75977. Number=10785
75978. Confirmed=U
75979. Filename=Syssafe.exe
75980. Description=<a href="http://www.webattack.com/get/systemsafety.shtml" target="_blank">System Safety Monitor</a> - system monitoring tool with additional application firewalling
75981. Source=Paul Collins Startup list
75982.  
75983. [SYSTEMSars32]
75984. Number=10786
75985. Confirmed=X
75986. Filename=csrss.exe
75987. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051914-5016-99" target=_blank>AHLEM.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
75988. Source=Paul Collins Startup list
75989.  
75990. [SystemSAS]
75991. Number=10787
75992. Confirmed=X
75993. Filename=System32.exe
75994. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.C" target="_blank">KWBOT.C</a> WORM!
75995. Source=Paul Collins Startup list
75996.  
75997. [systemscroot]
75998. Number=10788
75999. Confirmed=X
76000. Filename=systembin.exe
76001. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
76002. Source=Paul Collins Startup list
76003.  
76004. [SystemSearch]
76005. Number=10789
76006. Confirmed=X
76007. Filename=regedit.exe -s c:\ie.reg
76008. Description=Installs a Seachxl.com browser page hijack
76009. Source=Paul Collins Startup list
76010.  
76011. [SystemSearch]
76012. Number=10790
76013. Confirmed=X
76014. Filename=regedit.exe -s c:\sys.reg
76015. Description=Installs a i--search.com browser page hijack
76016. Source=Paul Collins Startup list
76017.  
76018. [SystemService]
76019. Number=10791
76020. Confirmed=X
76021. Filename=msocfg.exe
76022. Description=Premium rate adult content dialler
76023. Source=Paul Collins Startup list
76024.  
76025. [SystemService]
76026. Number=10792
76027. Confirmed=X
76028. Filename=navchk.exe
76029. Description=Premium rate adult content dialler
76030. Source=Paul Collins Startup list
76031.  
76032. [SystemService]
76033. Number=10793
76034. Confirmed=X
76035. Filename=qservice.exe
76036. Description=Premium rate adult content dialler
76037. Source=Paul Collins Startup list
76038.  
76039. [SystemService]
76040. Number=10794
76041. Confirmed=X
76042. Filename=shman.exe
76043. Description=Premium rate adult content dialler
76044. Source=Paul Collins Startup list
76045.  
76046. [SystemService]
76047. Number=10795
76048. Confirmed=U
76049. Filename=nsserver.exe
76050. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050715-2623-99" target= blank>NiceSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
76051. Source=Paul Collins Startup list
76052.  
76053. [SystemSettingf]
76054. Number=10796
76055. Confirmed=X
76056. Filename=TRUG.vbs
76057. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030915-3512-99" target="_blank">TRUG.B</a> MACRO!
76058. Source=Paul Collins Startup list
76059.  
76060. [SystemSuite Task Manager]
76061. Number=10797
76062. Confirmed=U
76063. Filename=MXTASK.EXE
76064. Description=vcom (nee Ontrack) <a href="http://www.v-com.com/product/ss_ind.html" target="_blank">SystemSuite</a> - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro
76065. Source=Paul Collins Startup list
76066.  
76067. [SystemTasks]
76068. Number=10798
76069. Confirmed=X
76070. Filename=filez.exe
76071. Description=Adult content dialler
76072. Source=Paul Collins Startup list
76073.  
76074. [SystemTasks]
76075. Number=10799
76076. Confirmed=X
76077. Filename=sexypicz.exe
76078. Description=Adult content dialler
76079. Source=Paul Collins Startup list
76080.  
76081. [SystemTasks]
76082. Number=10800
76083. Confirmed=X
76084. Filename=loaded.exe
76085. Description=Adult content dialler
76086. Source=Paul Collins Startup list
76087.  
76088. [SystemTools]
76089. Number=10801
76090. Confirmed=X
76091. Filename=kernels32.exe
76092. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html" target="_blank">DLOADER-FC</a> TROJAN!
76093. Source=Paul Collins Startup list
76094.  
76095. [SystemTools]
76096. Number=10802
76097. Confirmed=X
76098. Filename=kernels1118.exe
76099. Description=Added by the <a href="http://207.230.103.11/public/ALERTS/small_dgk.asp" target="_blank">SMALL.DGK</a> TROJAN!
76100. Source=Paul Collins Startup list
76101.  
76102. [SystemTools]
76103. Number=10803
76104. Confirmed=X
76105. Filename=kernels8.exe
76106. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfng.html" target="_blank">FNG</a> TROJAN!
76107. Source=Paul Collins Startup list
76108.  
76109. [SystemTools]
76110. Number=10804
76111. Confirmed=X
76112. Filename=kernels88.exe
76113. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtibspp.html" target="_blank">TIBS-PP</a> TROJAN!
76114. Source=Paul Collins Startup list
76115.  
76116. [Systemtra]
76117. Number=10805
76118. Confirmed=X
76119. Filename=Systra.exe
76120. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
76121. Source=Paul Collins Startup list
76122.  
76123. [SystemTra]
76124. Number=10806
76125. Confirmed=X
76126. Filename=CDPlay.EXE
76127. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
76128. Source=Paul Collins Startup list
76129.  
76130. [SystemTray]
76131. Number=10807
76132. Confirmed=U
76133. Filename=SysTray.Exe
76134. Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
76135. Source=Paul Collins Startup list
76136.  
76137. [SystemTray]
76138. Number=10808
76139. Confirmed=X
76140. Filename=SystemTray.exe
76141. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050116-1402-99" target="_blank">BIGFOOT</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
76142. Source=Paul Collins Startup list
76143.  
76144. [SystemTray]
76145. Number=10809
76146. Confirmed=X
76147. Filename=SysTray.exe
76148. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target=_blank>systray.exe</a> process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
76149. Source=Paul Collins Startup list
76150.  
76151. [SystemTraySD]
76152. Number=10810
76153. Confirmed=U
76154. Filename=SDSystemTray.exe
76155. Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
76156. Source=Paul Collins Startup list
76157.  
76158. [SystemTraySR]
76159. Number=10811
76160. Confirmed=U
76161. Filename=SRSystemTray.exe
76162. Description=Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see  <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#swdetect_note" target=_blank>here</a>
76163. Source=Paul Collins Startup list
76164.  
76165. [SystemUpd]
76166. Number=10812
76167. Confirmed=N
76168. Filename=SystemUpd.exe
76169. Description=Updater for Swapoo.com, a kind of Napster for games
76170. Source=Paul Collins Startup list
76171.  
76172. [SystemWideHook for Windows NT]
76173. Number=10813
76174. Confirmed=X
76175. Filename=%WinHook32.exe
76176. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092818-5251-99" target="_blank">MYDOOM.AC</a> WORM!
76177. Source=Paul Collins Startup list
76178.  
76179. [SystemWizard Sniffer]
76180. Number=10814
76181. Confirmed=U
76182. Filename=Sniffer.exe
76183. Description=<a href="http://www.systemsoft.com/l-2/l-3/products-systemwizard.htm" target="_blank">SystemWizard</a> for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC
76184. Source=Paul Collins Startup list
76185.  
76186. [systemyom Updater]
76187. Number=10815
76188. Confirmed=X
76189. Filename=systemyom.exe
76190. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>BACKDOOR.IRC.BOT</a> TROJAN!
76191. Source=Paul Collins Startup list
76192.  
76193. [SYSTEMZ Patch]
76194. Number=10816
76195. Confirmed=X
76196. Filename=SYSZ.exe
76197. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041019-1534-99" target=_blank>ALADINZ.P</a> TROJAN!
76198. Source=Paul Collins Startup list
76199.  
76200. [System_Messages]
76201. Number=10817
76202. Confirmed=U
76203. Filename=pprsen.exe
76204. Description=<a href="http://www.plevna.f9.co.uk/" target="_blank">TerminatorX</a> - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"
76205. Source=Paul Collins Startup list
76206.  
76207. [systen32.exe]
76208. Number=10818
76209. Confirmed=X
76210. Filename=systen32.exe
76211. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqp.html" target="_blank">AQP</a> TROJAN!
76212. Source=Paul Collins Startup list
76213.  
76214. [Systes]
76215. Number=10819
76216. Confirmed=X
76217. Filename=jrdtifkkxbbsa.exe
76218. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadc.html" target=_blank>RBOT-ADC</a> WORM!
76219. Source=Paul Collins Startup list
76220.  
76221. [Systesms.exe]
76222. Number=10820
76223. Confirmed=X
76224. Filename=systesms.exe
76225. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothi.html" target="_blank">RBOT-HI</a> WORM!
76226. Source=Paul Collins Startup list
76227.  
76228. [Systest]
76229. Number=10821
76230. Confirmed=U
76231. Filename=Systest.exe
76232. Description=<a href="http://www.teosoft.com/site/index.html" target="_blank">Clean Space</a> internet evidence eliminator
76233. Source=Paul Collins Startup list
76234.  
76235. [systhread]
76236. Number=10822
76237. Confirmed=X
76238. Filename=winkernal.exe
76239. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072420-0923-99" target="_blank">LIAMED</a> WORM!
76240. Source=Paul Collins Startup list
76241.  
76242. [SysTime]
76243. Number=10823
76244. Confirmed=X
76245. Filename=systime.exe
76246. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpafl.html" target= blank>STARTPA-FL</a> TROJAN!
76247. Source=Paul Collins Startup list
76248.  
76249. [Systmesy]
76250. Number=10824
76251. Confirmed=X
76252. Filename=Systmesy.exe
76253. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkq.html" target="_blank">RBOT-KQ</a> WORM!
76254. Source=Paul Collins Startup list
76255.  
76256. [Systoan32]
76257. Number=10825
76258. Confirmed=X
76259. Filename=systoan.exe
76260. Description=Added by an unidentified VIRUS, WORM or TROJAN!
76261. Source=Paul Collins Startup list
76262.  
76263. [systr]
76264. Number=10826
76265. Confirmed=X
76266. Filename=SYSERVER.exe
76267. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdqy.html" target="_blank">VB-DQY</a> WORM!
76268. Source=Paul Collins Startup list
76269.  
76270. [systr2]
76271. Number=10827
76272. Confirmed=X
76273. Filename=SERVICE.exe
76274. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbdqy.html" target="_blank">VB-DQY</a> WORM!
76275. Source=Paul Collins Startup list
76276.  
76277. [systr32]
76278. Number=10828
76279. Confirmed=?
76280. Filename=systr32.exe
76281. Description=<font color="#FF0000">??</font>
76282. Source=Paul Collins Startup list
76283.  
76284. [systrans]
76285. Number=10829
76286. Confirmed=X
76287. Filename=[path to trojan]
76288. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagz.html" target=_blank>STARTPA-GZ</a> TROJAN!
76289. Source=Paul Collins Startup list
76290.  
76291. [systrax]
76292. Number=10830
76293. Confirmed=?
76294. Filename=systrax.exe
76295. Description=<font color="#FF0000">??</font>
76296. Source=Paul Collins Startup list
76297.  
76298. [Systray]
76299. Number=10831
76300. Confirmed=X
76301. Filename=Systray_.Exe
76302. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080513-2747-99" target="_blank">KERGEZ.A</a> WORM!
76303. Source=Paul Collins Startup list
76304.  
76305. [Systray]
76306. Number=10832
76307. Confirmed=X
76308. Filename=[filename.exe]
76309. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012016-2102-99" target="_blank">Winfavorites</a> adware
76310. Source=Paul Collins Startup list
76311.  
76312. [SYSTRAY]
76313. Number=10833
76314. Confirmed=X
76315. Filename=UNMT.EXE
76316. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderlq.html" target=_blank>DLOADER-LQ</a> TROJAN!
76317. Source=Paul Collins Startup list
76318.  
76319. [SysTray]
76320. Number=10834
76321. Confirmed=U
76322. Filename=SysTray.Exe
76323. Description=SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;128129" target="_blank">here</a>). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they're available via Start -> Settings -> Control Panel
76324. Source=Paul Collins Startup list
76325.  
76326. [SysTray]
76327. Number=10835
76328. Confirmed=X
76329. Filename=Snnpapi.exe
76330. Description=Added by an unidentified TROJAN!
76331. Source=Paul Collins Startup list
76332.  
76333. [Systray]
76334. Number=10836
76335. Confirmed=X
76336. Filename=w32explorer.exe
76337. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajy.html" target=_blank>RBOT-AJY</a> WORM!
76338. Source=Paul Collins Startup list
76339.  
76340. [Systray]
76341. Number=10837
76342. Confirmed=X
76343. Filename=SteFanie.vbs
76344. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092216-3721-99" target=_blank>STEFAN</a> WORM! Note - make sure you check the hyperlink as this one copies it's self to numerous dirves and folders
76345. Source=Paul Collins Startup list
76346.  
76347. [Systray]
76348. Number=10838
76349. Confirmed=X
76350. Filename=KAT.vbs
76351. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbssoadd.html" target="_blank">SOAD-D</a> WORM!
76352. Source=Paul Collins Startup list
76353.  
76354. [SysTray]
76355. Number=10839
76356. Confirmed=X
76357. Filename=svhost.exe
76358. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rajiloa.html" target="_blank">RAJILO-A</a> WORM!
76359. Source=Paul Collins Startup list
76360.  
76361. [Systray driver]
76362. Number=10840
76363. Confirmed=X
76364. Filename=systray.exe
76365. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040320-4732-99" target="_blank">MUTEBOT</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/systray/" target="_blank">systray.exe</a> process
76366. Source=Paul Collins Startup list
76367.  
76368. [SystrayServices]
76369. Number=10841
76370. Confirmed=X
76371. Filename=Msxpw.exe
76372. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031316-3656-99" target="_blank">CITOR</a> WORM!
76373. Source=Paul Collins Startup list
76374.  
76375. [systree]
76376. Number=10842
76377. Confirmed=X
76378. Filename=systree
76379. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090816-2453-99" target="_blank">BANCOS.L</a> TROJAN!
76380. Source=Paul Collins Startup list
76381.  
76382. [Systrsy]
76383. Number=10843
76384. Confirmed=X
76385. Filename=Systrsy.exe
76386. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-083015-3732-99" target=_blank>CDTRAY</a> TROJAN! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
76387. Source=Paul Collins Startup list
76388.  
76389. [Systry]
76390. Number=10844
76391. Confirmed=X
76392. Filename=[path to worm]
76393. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
76394. Source=Paul Collins Startup list
76395.  
76396. [SYStry]
76397. Number=10845
76398. Confirmed=X
76399. Filename=spoolsvr.exe
76400. Description=Added by the <a href="http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=42984" target="_blank">SDBOT.GN</a> WORM!
76401. Source=Paul Collins Startup list
76402.  
76403. [Systryt]
76404. Number=10846
76405. Confirmed=X
76406. Filename=[path to worm]
76407. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111308-1926-99" target="_blank">AUTEX</a> WORM!
76408. Source=Paul Collins Startup list
76409.  
76410. [SystUphes]
76411. Number=10847
76412. Confirmed=X
76413. Filename=algesetp.exe
76414. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassam.html" target=_blank>QQPASS-AM</a> TROJAN!
76415. Source=Paul Collins Startup list
76416.  
76417. [Systweak Ad and Popup Blocker]
76418. Number=10848
76419. Confirmed=U
76420. Filename=adblock.exe
76421. Description=Ad and popup blocker part of <a href="http://www.systweak.com/asov2/" target="_blank">Advanced System Optimizer</a> from Systweak
76422. Source=Paul Collins Startup list
76423.  
76424. [Systweak Memory Optimizer]
76425. Number=10849
76426. Confirmed=U
76427. Filename=memtuneup.exe
76428. Description=Part of <a href="http://www.systweak.com/asov2/" target=_blank>SysTweak</a> Advanced System Optimizer
76429. Source=Paul Collins Startup list
76430.  
76431. [sysu]
76432. Number=10850
76433. Confirmed=X
76434. Filename=sysu.exe
76435. Description=Dynamic Desktop Media adware - see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112718-0040-99" target="_blank">here</a>
76436. Source=Paul Collins Startup list
76437.  
76438. [sysug32.exe]
76439. Number=10851
76440. Confirmed=X
76441. Filename=sysug32.exe
76442. Description=Added by an unidentified TROJAN or WORM!
76443. Source=Paul Collins Startup list
76444.  
76445. [SysUpd]
76446. Number=10852
76447. Confirmed=X
76448. Filename=Sysupd.exe
76449. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target=_blank>VirtuMonde</a> adware
76450. Source=Paul Collins Startup list
76451.  
76452. [sysupdate]
76453. Number=10853
76454. Confirmed=X
76455. Filename=cmman32.exe
76456. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
76457. Source=Paul Collins Startup list
76458.  
76459. [Sysvupex]
76460. Number=10854
76461. Confirmed=X
76462. Filename=Sysvupex.exe
76463. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032713-0001-99" target="_blank">MEDIAS</a> TROJAN!
76464. Source=Paul Collins Startup list
76465.  
76466. [sysvx]
76467. Number=10855
76468. Confirmed=X
76469. Filename=sysvx_.exe
76470. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlooskybx.html" target="_blank">LOOSKY-BX</a> TROJAN!
76471. Source=Paul Collins Startup list
76472.  
76473. [SysW8]
76474. Number=10856
76475. Confirmed=U
76476. Filename=csta.exe
76477. Description=<a href="http://www.teosoft.com/site/index.html" target="_blank">Clean Space</a> internet evidence eliminator
76478. Source=Paul Collins Startup list
76479.  
76480. [SYSWB6]
76481. Number=10857
76482. Confirmed=U
76483. Filename=SYSWB6.exe
76484. Description=Part of <a href="http://weblocker.fameleads.com/" target="_blank">We-Blocker</a> - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with <a href="http://www.sysinfo.org/startuplist.php?filter=Winkb6" target="_blank">Winkb6</a> and both files are needed to run We-Blocker
76485. Source=Paul Collins Startup list
76486.  
76487. [SysWin]
76488. Number=10858
76489. Confirmed=X
76490. Filename=SysWin.exe
76491. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-111818-3014-99" target="_blank">IRCCONTACT</a> TROJAN!
76492. Source=Paul Collins Startup list
76493.  
76494. [syswin]
76495. Number=10859
76496. Confirmed=X
76497. Filename=v6.exe
76498. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentecm.html" target="_blank">AGENT-ECM</a> TROJAN!
76499. Source=Paul Collins Startup list
76500.  
76501. [syswin32]
76502. Number=10860
76503. Confirmed=X
76504. Filename=syswin32.exe
76505. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
76506. Source=Paul Collins Startup list
76507.  
76508. [Syswindow]
76509. Number=10861
76510. Confirmed=X
76511. Filename=Syswindow.exe
76512. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122713-0716-99" target="_blank">COW</a> TROJAN!
76513. Source=Paul Collins Startup list
76514.  
76515. [SysWy]
76516. Number=10862
76517. Confirmed=X
76518. Filename=rundll32.exe
76519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagejh.html" target=_blank>LINEAGE-JH</a> TROJAN! Note - this file is found in the C:\Windows\System folder, and is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file, always located in the Windows folder on Win98/ME systems, and in the Winnt\System32 or Windows\System32 folder in WinXP/NT/2K!
76520. Source=Paul Collins Startup list
76521.  
76522. [sysX3]
76523. Number=10863
76524. Confirmed=X
76525. Filename=sys22.exe
76526. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072515-0033-99" target=_blank>RANTS.C</a> WORM!
76527. Source=Paul Collins Startup list
76528.  
76529. [sysygm32]
76530. Number=10864
76531. Confirmed=X
76532. Filename=syscxd32.exe
76533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotpc.html" target="_blank">IRCBOT-PC</a> TROJAN!
76534. Source=Paul Collins Startup list
76535.  
76536. [sysygm64]
76537. Number=10865
76538. Confirmed=X
76539. Filename=winrxd64.exe
76540. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotrk.html" target="_blank">IRCBOT-RK</a> TROJAN!
76541. Source=Paul Collins Startup list
76542.  
76543. [SYS_CLEAN]
76544. Number=10866
76545. Confirmed=X
76546. Filename=Service.exe
76547. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110909-2214-99" target="_blank">FLOPCOPY</a> WORM!
76548. Source=Paul Collins Startup list
76549.  
76550. [Sys_Run]
76551. Number=10867
76552. Confirmed=X
76553. Filename=ghost.exe
76554. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagen.html" target=_blank>LINEAGE-N</a> TROJAN!
76555. Source=Paul Collins Startup list
76556.  
76557. [sys_Runtt1]
76558. Number=10868
76559. Confirmed=X
76560. Filename=explorer.exe
76561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineageam.html" target="_blank">LINEAGE-M</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
76562. Source=Paul Collins Startup list
76563.  
76564. [SyztMy]
76565. Number=10869
76566. Confirmed=X
76567. Filename=expiorer.exe
76568. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagain.html" target="_blank">LINEAG-AIN</a> TROJAN!
76569. Source=Paul Collins Startup list
76570.  
76571. [SZMsgSvc.exe]
76572. Number=10870
76573. Confirmed=U
76574. Filename=SZMsgSvc.exe
76575. Description=<a href="http://www.stopzilla.com/site/default.asp?AID=10000&AAID=&type=&topic=&source=&dd=&SID=350721059-200314-2-15-54-54&dre=" target="_blank">StopZilla!</a> - pop-up killer
76576. Source=Paul Collins Startup list
76577.  
76578. [t]
76579. Number=10871
76580. Confirmed=X
76581. Filename=xclean.exe
76582. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081815-0829-99" target="_blank">FlashEnhancer</a> adware
76583. Source=Paul Collins Startup list
76584.  
76585. [T-DSL SpeedMgr]
76586. Number=10872
76587. Confirmed=N
76588. Filename=speedmgr.exe
76589. Description=T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically
76590. Source=Paul Collins Startup list
76591.  
76592. [T3Console]
76593. Number=10873
76594. Confirmed=U
76595. Filename=T3Console.exe
76596. Description=Related to <a href="http://www.tiss-msc.com/" target=_blank>T3 Security Suite</a> - prevents unauthorized or inappropriate access to your PC and data
76597. Source=Paul Collins Startup list
76598.  
76599. [Taakcontrole]
76600. Number=10874
76601. Confirmed=U
76602. Filename=taskmon.exe
76603. Description=Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
76604. Source=Paul Collins Startup list
76605.  
76606. [Taba]
76607. Number=10875
76608. Confirmed=X
76609. Filename=stte.exe
76610. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
76611. Source=Paul Collins Startup list
76612.  
76613. [Tablet]
76614. Number=10876
76615. Confirmed=N
76616. Filename=Tablet.exe
76617. Description=Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)
76618. Source=Paul Collins Startup list
76619.  
76620. [tablet s]
76621. Number=10877
76622. Confirmed=Y
76623. Filename=tablet s
76624. Description=Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)
76625. Source=Paul Collins Startup list
76626.  
76627. [Tablet Task]
76628. Number=10878
76629. Confirmed=X
76630. Filename=tabletsk32.exe
76631. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajb.html" target=_blank>RBOT-AJB</a> WORM!
76632. Source=Paul Collins Startup list
76633.  
76634. [TabletTip]
76635. Number=10879
76636. Confirmed=U
76637. Filename=tabtip.exe
76638. Description=The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text
76639. Source=Paul Collins Startup list
76640.  
76641. [TabletWizard]
76642. Number=10880
76643. Confirmed=U
76644. Filename=SPLSHWRP.EXE
76645. Description=Microsoft Tablet PC Component
76646. Source=Paul Collins Startup list
76647.  
76648. [TabUserW]
76649. Number=10881
76650. Confirmed=Y
76651. Filename=TabUserW.exe
76652. Description=Wacom pen tablet driver
76653. Source=Paul Collins Startup list
76654.  
76655. [TAcelMgr]
76656. Number=10882
76657. Confirmed=?
76658. Filename=TAcelMgr.exe
76659. Description=TOSHIBA Acceleration Utilities related. <font color="#FF0000">What does it do and is it required?</font>
76660. Source=Paul Collins Startup list
76661.  
76662. [Tad]
76663. Number=10883
76664. Confirmed=N
76665. Filename=tad.exe
76666. Description=From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute
76667. Source=Paul Collins Startup list
76668.  
76669. [Taesk managers]
76670. Number=10884
76671. Confirmed=X
76672. Filename=tase.pif
76673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayk.html" target=_blank>RBOT-AYK</a> TROJAN!
76674. Source=Paul Collins Startup list
76675.  
76676. [TAG]
76677. Number=10885
76678. Confirmed=?
76679. Filename=tag.exe
76680. Description=<font color="#FF0000">??</font>
76681. Source=Paul Collins Startup list
76682.  
76683. [Tahni Deskmate]
76684. Number=10886
76685. Confirmed=N
76686. Filename=Tahni.exe
76687. Description=<a href="http://www.tahni.com/" target="_blank">Tahni Deskmate</a> - "Interactive cartoon character that lives on your Windows desktop"
76688. Source=Paul Collins Startup list
76689.  
76690. [TakeMP3]
76691. Number=10887
76692. Confirmed=X
76693. Filename=rundll32.exe MSA64CHK.dll, DllMostrar
76694. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MatrixDialer&threatid=14914&search=MatrixDialer" target=_blank>MatrixDialer</a> related
76695. Source=Paul Collins Startup list
76696.  
76697. [TAKSMGN]
76698. Number=10888
76699. Confirmed=X
76700. Filename=taskmr.exe
76701. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahs.html" target=_blank>RBOT-AHS</a> WORM!
76702. Source=Paul Collins Startup list
76703.  
76704. [talk]
76705. Number=10889
76706. Confirmed=X
76707. Filename=talk.bat
76708. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tiotuag.html" target="_blank">TIOTUA-G</a> WORM!
76709. Source=Paul Collins Startup list
76710.  
76711. [TalkingReminder]
76712. Number=10890
76713. Confirmed=N
76714. Filename=TALKINGREMINDER.EXE
76715. Description=<a href="http://www.softwareriver.com/html/talking_reminder.html" target="_blank">Talking Reminder</a> from Software River Solutions - talking calendar reminder
76716. Source=Paul Collins Startup list
76717.  
76718. [talknow]
76719. Number=10891
76720. Confirmed=?
76721. Filename=talknow.exe
76722. Description=<font color="#FF0000">Could it be related to <a href="http://www.multilingualbooks.com/talknow.html" target="_blank">this</a> or something similar?</font>
76723. Source=Paul Collins Startup list
76724.  
76725. [Tango]
76726. Number=10892
76727. Confirmed=?
76728. Filename=Setup.exe
76729. Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
76730. Source=Paul Collins Startup list
76731.  
76732. [TangoManager]
76733. Number=10893
76734. Confirmed=?
76735. Filename=TangoManager.exe
76736. Description=Tango Broadband access software. <font color="#FF0000"> Is it required?</font>
76737. Source=Paul Collins Startup list
76738.  
76739. [TANG_INA_MO]
76740. Number=10894
76741. Confirmed=X
76742. Filename=AutoRun.bat
76743. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062709-3249-99" target=_blank>FILUKIN.A</a> WORM!
76744. Source=Paul Collins Startup list
76745.  
76746. [Tapicfg]
76747. Number=10895
76748. Confirmed=X
76749. Filename=Tapicfg.exe
76750. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#tapicfg" target=_blank>Tapicfg</a> parasite variant
76751. Source=Paul Collins Startup list
76752.  
76753. [Tapisys]
76754. Number=10896
76755. Confirmed=X
76756. Filename=tss.exe
76757. Description=Added by the SMALL TROJAN!
76758. Source=Paul Collins Startup list
76759.  
76760. [TapiTNA]
76761. Number=10897
76762. Confirmed=U
76763. Filename=TapiTNA.exe
76764. Description=Telephony Location Selector allowing mobile users to change dialling locations - part of the <a href="http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp" target="_blank">Win95 Power Toys</a>
76765. Source=Paul Collins Startup list
76766.  
76767. [Tardis]
76768. Number=10898
76769. Confirmed=U
76770. Filename=Tardis.exe
76771. Description=<a href="http://www.kaska.demon.co.uk/" target="_blank">Tardis</a> - time synchronization software
76772. Source=Paul Collins Startup list
76773.  
76774. [Task]
76775. Number=10899
76776. Confirmed=X
76777. Filename=tasker.exe
76778. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090317-5337-99" target="_blank">MYDOOM.R</a> WORM!
76779. Source=Paul Collins Startup list
76780.  
76781. [Task Bar]
76782. Number=10900
76783. Confirmed=X
76784. Filename=TASKBAR.EXE
76785. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.J" target="_blank">FRETHEM.J</a> WORM!
76786. Source=Paul Collins Startup list
76787.  
76788. [Task BarClient]
76789. Number=10901
76790. Confirmed=?
76791. Filename=TaskBarClient.exe
76792. Description=Responsible for creating the System Tray icon and associated display system for the<font color="#FF0000"> <a href="http://www.starband.com/" target="_blank">Starband</a> </font> satellite always on internet service
76793. Source=Paul Collins Startup list
76794.  
76795. [Task BarSvr]
76796. Number=10902
76797. Confirmed=?
76798. Filename=TaskBarSvr.exe
76799. Description=<font color="#FF0000">Part of the <a href="http://www.starband.com/" target="_blank">Starband</a> satellite always on internet service. Not included on the current system. What does it do and is it needed?</font>
76800. Source=Paul Collins Startup list
76801.  
76802. [Task Catcher]
76803. Number=10903
76804. Confirmed=U
76805. Filename=tasktrap.exe
76806. Description=<a href="http://www.taskcatcher.com/" target=_blank>Task Catcher</a> - utility that will block unwanted programs from running
76807. Source=Paul Collins Startup list
76808.  
76809. [Task Catcher Real-Time Detector]
76810. Number=10904
76811. Confirmed=U
76812. Filename=tasktrap.exe
76813. Description=<a href="http://www.taskcatcher.com/" target=_blank>Task Catcher</a> - utility that will block unwanted programs from running
76814. Source=Paul Collins Startup list
76815.  
76816. [Task Commander]
76817. Number=10905
76818. Confirmed=X
76819. Filename=regsvc32.exe
76820. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrx.html" target= blank>AGOBOT-RX</a> WORM!
76821. Source=Paul Collins Startup list
76822.  
76823. [Task Debugger]
76824. Number=10906
76825. Confirmed=X
76826. Filename=sysdll.exe
76827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcq.html" target=_blank>RBOT-CQ</a> WORM!
76828. Source=Paul Collins Startup list
76829.  
76830. [Task Help]
76831. Number=10907
76832. Confirmed=X
76833. Filename=wualcts.exe
76834. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
76835. Source=Paul Collins Startup list
76836.  
76837. [Task Manager]
76838. Number=10908
76839. Confirmed=X
76840. Filename=taskmngr.exe
76841. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.Y" target="_blank">RBOT.Y</a> WORM!
76842. Source=Paul Collins Startup list
76843.  
76844. [Task Manager]
76845. Number=10909
76846. Confirmed=X
76847. Filename=taskman.exe
76848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbott.html" target=_blank>FORBOT-T</a> WORM!
76849. Source=Paul Collins Startup list
76850.  
76851. [Task Manager]
76852. Number=10910
76853. Confirmed=X
76854. Filename=prcview.exe
76855. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrt.html" target= blank>AGOBOT-RT</a> WORM!
76856. Source=Paul Collins Startup list
76857.  
76858. [Task manager]
76859. Number=10911
76860. Confirmed=X
76861. Filename=taskemngr.exe
76862. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaga.html" target=_blank>RBOT-AGA</a> WORM!
76863. Source=Paul Collins Startup list
76864.  
76865. [Task manager]
76866. Number=10912
76867. Confirmed=X
76868. Filename=TikTo.exe
76869. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LV&VSect=P" target=_blank>RBOT.LV</a> WORM!
76870. Source=Paul Collins Startup list
76871.  
76872. [Task manager]
76873. Number=10913
76874. Confirmed=X
76875. Filename=taskmngr.exe
76876. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayz.html" target=_blank>RBOT-AYZ</a> WORM!
76877. Source=Paul Collins Startup list
76878.  
76879. [Task Manager]
76880. Number=10914
76881. Confirmed=X
76882. Filename=svchost.exe
76883. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanap.html" target="_blank">SOHANA-P</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should not normally figure in Msconfig/Startup!
76884. Source=Paul Collins Startup list
76885.  
76886. [Task Manager]
76887. Number=10915
76888. Confirmed=X
76889. Filename=taskmng.exe
76890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtiotuae.html" target="_blank">TIOTUA-E</a> WORM!
76891. Source=Paul Collins Startup list
76892.  
76893. [Task Monitoring Service]
76894. Number=10916
76895. Confirmed=X
76896. Filename=svchost.exe
76897. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031016-3315-99" target=_blank>CONE.D</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
76898. Source=Paul Collins Startup list
76899.  
76900. [Task Scheduler Engine]
76901. Number=10917
76902. Confirmed=X
76903. Filename=schedsvc32.exe
76904. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasj.html" target=_blank>RBOT-ASJ</a> WORM!
76905. Source=Paul Collins Startup list
76906.  
76907. [task service]
76908. Number=10918
76909. Confirmed=X
76910. Filename=taskservices.exe
76911. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
76912. Source=Paul Collins Startup list
76913.  
76914. [Task service]
76915. Number=10919
76916. Confirmed=X
76917. Filename=taskmgs.exe
76918. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
76919. Source=Paul Collins Startup list
76920.  
76921. [TASK SETUP]
76922. Number=10920
76923. Confirmed=X
76924. Filename=tasksetup.exe
76925. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyr.html" target= blank>RBOT-YR</a> WORM!
76926. Source=Paul Collins Startup list
76927.  
76928. [Taskbar]
76929. Number=10921
76930. Confirmed=N
76931. Filename=Taskbar.exe
76932. Description=Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
76933. Source=Paul Collins Startup list
76934.  
76935. [TaskBar]
76936. Number=10922
76937. Confirmed=N
76938. Filename=CTLTask.exe
76939. Description=Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see <a href="http://support.microsoft.com/?kbid=321969" target=_blank>this</a> Microsoft Knowledge Base article
76940. Source=Paul Collins Startup list
76941.  
76942. [Taskbar Display Controls]
76943. Number=10923
76944. Confirmed=N
76945. Filename=RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY
76946. Description=Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed
76947. Source=Paul Collins Startup list
76948.  
76949. [Taskbar Service]
76950. Number=10924
76951. Confirmed=X
76952. Filename=taskbar.svc
76953. Description=Unidentified adware
76954. Source=Paul Collins Startup list
76955.  
76956. [Taskbar System]
76957. Number=10925
76958. Confirmed=X
76959. Filename=tasksys.exe
76960. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
76961. Source=Paul Collins Startup list
76962.  
76963. [Taskbar++]
76964. Number=10926
76965. Confirmed=N
76966. Filename=TaskbarPP.exe
76967. Description=<a href="http://www.ghacks.net/2005/12/08/freeware-taskbar/" target="_blank">Taskbar++</a> is a software that allows you to sort (move) the buttons of the Windows taskbar by Drag & Drop
76968. Source=Paul Collins Startup list
76969.  
76970. [Taskbell.exe]
76971. Number=10927
76972. Confirmed=X
76973. Filename=Rund1.exe
76974. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090210-4059-99" target="_blank">YIPID</a> TROJAN!
76975. Source=Paul Collins Startup list
76976.  
76977. [taskdir]
76978. Number=10928
76979. Confirmed=X
76980. Filename=taskdir.exe
76981. Description=Added by the <a href="http://www.eset.com/msgs/trojanproxylageraq.htm" target=_blank>LAGER.AQ</a> TROJAN!
76982.  
76983. Source=Paul Collins Startup list
76984.  
76985. [TaskList]
76986. Number=10929
76987. Confirmed=X
76988. Filename=tasklist32.exe
76989. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdx.html" target=_blank>BANCOS-DX</a> TROJAN!
76990. Source=Paul Collins Startup list
76991.  
76992. [TaskMan]
76993. Number=10930
76994. Confirmed=X
76995. Filename=rundll32.exe
76996. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031016-5849-99" target="_blank">DVLDR</a> TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory
76997. Source=Paul Collins Startup list
76998.  
76999. [taskmanager]
77000. Number=10931
77001. Confirmed=X
77002. Filename=taskmgr.com
77003. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111315-1022-99" target="_blank">BEREB</a> WORM!
77004. Source=Paul Collins Startup list
77005.  
77006. [taskmanager]
77007. Number=10932
77008. Confirmed=X
77009. Filename=taskmanager.exe
77010. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottf.html" target=_blank>AGOBOT-TF</a> WORM!
77011. Source=Paul Collins Startup list
77012.  
77013. [TaskManager]
77014. Number=10933
77015. Confirmed=X
77016. Filename=[path to trojan]
77017. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchcf.html" target=_blank>LDPINCH-CF</a> TROJAN!
77018. Source=Paul Collins Startup list
77019.  
77020. [taskmanger]
77021. Number=10934
77022. Confirmed=X
77023. Filename=taskmanger.exe
77024. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
77025. Source=Paul Collins Startup list
77026.  
77027. [Taskmgo]
77028. Number=10935
77029. Confirmed=X
77030. Filename=[path to file]
77031. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbant.html" target=_blank>BANCBAN-T</a> TROJAN!
77032.  
77033. Source=Paul Collins Startup list
77034.  
77035. [Taskmgr]
77036. Number=10936
77037. Confirmed=X
77038. Filename=Taskmgr.exe
77039. Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
77040. Source=Paul Collins Startup list
77041.  
77042. [Taskmgr]
77043. Number=10937
77044. Confirmed=X
77045. Filename=tskmgr32.exe
77046. Description=Homepage hi-jacker
77047. Source=Paul Collins Startup list
77048.  
77049. [taskmgr]
77050. Number=10938
77051. Confirmed=X
77052. Filename=taskmgr.exe
77053. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080910-5958-99" target=_blank>Startpage.G</a> hijacker. Note - this is NOT the Windows Task Manager file!
77054. Source=Paul Collins Startup list
77055.  
77056. [Taskmgr]
77057. Number=10939
77058. Confirmed=X
77059. Filename=system.exe
77060. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PAKES.G&VSect=P" target=_blank>PAKES.G</a> TROJAN!
77061. Source=Paul Collins Startup list
77062.  
77063. [taskmgr]
77064. Number=10940
77065. Confirmed=X
77066. Filename=explorer.exe
77067. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchasac.html" target=_blank>ZAPCHAS-AC</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
77068. Source=Paul Collins Startup list
77069.  
77070. [taskmgr]
77071. Number=10941
77072. Confirmed=X
77073. Filename=[path to trojan]
77074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentenv.html" target="_blank">AGENT-ENV</a> TROJAN!
77075. Source=Paul Collins Startup list
77076.  
77077. [taskmgr]
77078. Number=10942
77079. Confirmed=X
77080. Filename=taskmanager.exe
77081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrqht.html" target="_blank">BCKDR-QHT</a> TROJAN!
77082. Source=Paul Collins Startup list
77083.  
77084. [taskmgr.exe]
77085. Number=10943
77086. Confirmed=N
77087. Filename=taskmgr.exe
77088. Description=Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut
77089. Source=Paul Collins Startup list
77090.  
77091. [taskmgr.exe]
77092. Number=10944
77093. Confirmed=X
77094. Filename=paint.exe
77095. Description=Added by a variant of the AGENT.AH downloader TROJAN!
77096. Source=Paul Collins Startup list
77097.  
77098. [taskmgr.exe]
77099. Number=10945
77100. Confirmed=X
77101. Filename=mirc.exe
77102. Description=Added by a variant of the AGENT.AH TROJAN!
77103. Source=Paul Collins Startup list
77104.  
77105. [taskmgr.exe]
77106. Number=10946
77107. Confirmed=X
77108. Filename=paintms.exe
77109. Description=Added by a variant of the AGENT.AH TROJAN!
77110. Source=Paul Collins Startup list
77111.  
77112. [TASKMGRU]
77113. Number=10947
77114. Confirmed=X
77115. Filename=TASKMGRU.EXE
77116. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcwsm.html" target=_blank>CWS-M</a> TROJAN!
77117. Source=Paul Collins Startup list
77118.  
77119. [taskmngr]
77120. Number=10948
77121. Confirmed=X
77122. Filename=[path] msnve.exe [path] task.exe
77123. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfloodek.html" target=_blank>FLOOD-EK</a> TROJAN!
77124. Source=Paul Collins Startup list
77125.  
77126. [taskmngr lptt01]
77127. Number=10949
77128. Confirmed=X
77129. Filename=taskmngr.exe
77130. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
77131. Source=Paul Collins Startup list
77132.  
77133. [taskmngr ml097e]
77134. Number=10950
77135. Confirmed=X
77136. Filename=taskmngr.exe
77137. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Taskmngr" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
77138. Source=Paul Collins Startup list
77139.  
77140. [TaskMon]
77141. Number=10951
77142. Confirmed=X
77143. Filename=taskmon.exe
77144. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012612-5422-99" target="_blank">MYDOOM.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042015-1844-99" target="_blank">MYDOOM.J</a> WORMS! Note - this is not the legitimate Win9x/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system
77145. Source=Paul Collins Startup list
77146.  
77147. [Taskmon driver]
77148. Number=10952
77149. Confirmed=X
77150. Filename=winampa.exe
77151. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyi.html" target="_blank">LOONY-I</a> TROJAN! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
77152. Source=Paul Collins Startup list
77153.  
77154. [taskmone]
77155. Number=10953
77156. Confirmed=X
77157. Filename=taskmone.exe
77158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingus.html" target=_blank>SINGU-S</a> TROJAN!
77159. Source=Paul Collins Startup list
77160.  
77161. [TaskMonitor]
77162. Number=10954
77163. Confirmed=U
77164. Filename=taskmon.exe
77165. Description=The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
77166. Source=Paul Collins Startup list
77167.  
77168. [TaskMrg]
77169. Number=10955
77170. Confirmed=X
77171. Filename=csrss.exe
77172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchw.html" target=_blank>LDPINCH-W</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
77173. Source=Paul Collins Startup list
77174.  
77175. [taskmrg.exe]
77176. Number=10956
77177. Confirmed=X
77178. Filename=taskimg.exe
77179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderqz.html" target=_blank>DLOADER-QZ</a> TROJAN!
77180. Source=Paul Collins Startup list
77181.  
77182. [taskopen.exe]
77183. Number=10957
77184. Confirmed=X
77185. Filename=taskopen.exe
77186. Description=Added by the HIDD.C TROJAN!
77187. Source=Paul Collins Startup list
77188.  
77189. [TaskPlus]
77190. Number=10958
77191. Confirmed=N
77192. Filename=TASKPLUS0.EXE
77193. Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
77194. Source=Paul Collins Startup list
77195.  
77196. [TaskPlus]
77197. Number=10959
77198. Confirmed=N
77199. Filename=TASKPL~1.EXE
77200. Description=Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
77201. Source=Paul Collins Startup list
77202.  
77203. [TaskReg]
77204. Number=10960
77205. Confirmed=X
77206. Filename=[random filename]
77207. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A" target="_blank">CBLAD</a> WORM!
77208. Source=Paul Collins Startup list
77209.  
77210. [TaskS manager]
77211. Number=10961
77212. Confirmed=X
77213. Filename=taskmgrs.exe
77214. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QU&VSect=P" target=_blank>AGOBOT.QU</a> WORM!
77215. Source=Paul Collins Startup list
77216.  
77217. [Taskschd]
77218. Number=10962
77219. Confirmed=X
77220. Filename=TRAYWND.EXE
77221. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.002" target="_blank">LITMUS.002</a> TROJAN!
77222. Source=Paul Collins Startup list
77223.  
77224. [TaskScheduler]
77225. Number=10963
77226. Confirmed=U
77227. Filename=TaskSch.exe
77228. Description=<a href="http://www.proseries.com/" target="_blank">ProSeries</a> accounting software related
77229. Source=Paul Collins Startup list
77230.  
77231. [taskswitch]
77232. Number=10964
77233. Confirmed=N
77234. Filename=taskswitch.exe
77235. Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
77236. Source=Paul Collins Startup list
77237.  
77238. [TaskSwitchXP]
77239. Number=10965
77240. Confirmed=U
77241. Filename=TaskSwitchXP.exe
77242. Description="<a href="http://www.ntwind.com/software/taskswitchxp.html" target="_blank">TaskSwitchXP</a> from NTWind Software. Advanced task management utility that picks up where the standard Windows Alt Tab switcher leaves off. It provides the same functionality, and adds visual styles to the dialog and also enhances it by displaying thumbnail preview of the application that will be switched to"
77243. Source=Paul Collins Startup list
77244.  
77245. [tasksys]
77246. Number=10966
77247. Confirmed=X
77248. Filename=tasksys.vbs
77249. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111314-3449-99" target="_blank">BYRON</a> WORM!
77250. Source=Paul Collins Startup list
77251.  
77252. [Tasktray]
77253. Number=10967
77254. Confirmed=N
77255. Filename=CTLTray.exe
77256. Description=Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon.  Also allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray can be accessed via Start -> Programs -> Creative -> Sound Blaster Audigy -> Taskbar
77257. Source=Paul Collins Startup list
77258.  
77259. [Tasmgr]
77260. Number=10968
77261. Confirmed=X
77262. Filename=Taskmgr.bat
77263. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061716-0240-99" target=_blank>YPSAN.G</a> WORM!
77264. Source=Paul Collins Startup list
77265.  
77266. [tat]
77267. Number=10969
77268. Confirmed=X
77269. Filename=tatss.exe
77270. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target="_blank">Delfin Promulgate</a> adware variant
77271. Source=Paul Collins Startup list
77272.  
77273. [Tau monitor]
77274. Number=10970
77275. Confirmed=Y
77276. Filename=Taumon.exe
77277. Description="<a href="http://www.agnitum.com/products/tauscan/download.php" target="_blank">Tauscan</a> is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system"
77278. Source=Paul Collins Startup list
77279.  
77280. [TAudEffect]
77281. Number=10971
77282. Confirmed=?
77283. Filename=TAudEff.exe
77284. Description=TOSHIBA Notebook related. <font color="#FF0000">What does it do and is it required?</font>
77285. Source=Paul Collins Startup list
77286.  
77287. [TB2PROEXE]
77288. Number=10972
77289. Confirmed=U
77290. Filename=tb2start.exe
77291. Description=<a href="http://www.netopia.com/software/products/tb2/" target="_blank">Timbuktu Pro</a> - remote desktop access software
77292. Source=Paul Collins Startup list
77293.  
77294. [TBC Pro]
77295. Number=10973
77296. Confirmed=U
77297. Filename=tbcpro.exe
77298. Description=<a href="http://www.wfcravener.com/tbcpro.html" target="_blank">TitleBarClock Pro</a> - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus
77299. Source=Paul Collins Startup list
77300.  
77301. [TBC.exe]
77302. Number=10974
77303. Confirmed=U
77304. Filename=TBC.exe
77305. Description=<a href="http://www.wfcravener.com/tbcpro.html" target=_blank>TitleBarClock</a> software
77306. Source=Paul Collins Startup list
77307.  
77308. [tbctray]
77309. Number=10975
77310. Confirmed=N
77311. Filename=tbctray.exe
77312. Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
77313. Source=Paul Collins Startup list
77314.  
77315. [TBLFUNC]
77316. Number=10976
77317. Confirmed=Y
77318. Filename=tblmouse.exe
77319. Description=Aiptek <a href="http://www.aiptek.de/index.php?lan=2&mapid=32&katid1=10" target="_blank">HyperPen</a> graphics tablet driver
77320. Source=Paul Collins Startup list
77321.  
77322. [tbon]
77323. Number=10977
77324. Confirmed=X
77325. Filename=tbon.exe
77326. Description=<a href="http://vil.nai.com/vil/content/v_136251.htm" target=_blank>BestOffers</a> adware
77327. Source=Paul Collins Startup list
77328.  
77329. [TBPanel]
77330. Number=10978
77331. Confirmed=U
77332. Filename=TBPanel.exe
77333. Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
77334. Source=Paul Collins Startup list
77335.  
77336. [TBPS]
77337. Number=10979
77338. Confirmed=X
77339. Filename=TBPS.exe
77340. Description=WebSearch Toolbar - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer variant
77341.  
77342. Source=Paul Collins Startup list
77343.  
77344. [TBTray]
77345. Number=10980
77346. Confirmed=N
77347. Filename=tbtray.exe
77348. Description=VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel
77349. Source=Paul Collins Startup list
77350.  
77351. [TB_setup]
77352. Number=10981
77353. Confirmed=?
77354. Filename=TB_ANI~1.EXE
77355. Description=<font color="#FF0000">??</font>
77356. Source=Paul Collins Startup list
77357.  
77358. [TB_setup]
77359. Number=10982
77360. Confirmed=X
77361. Filename=tb_setup.exe
77362. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer
77363.  
77364. Source=Paul Collins Startup list
77365.  
77366. [tcactive]
77367. Number=10983
77368. Confirmed=Y
77369. Filename=tca.exe
77370. Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - stops virus trojans before they can do any damage
77371. Source=Paul Collins Startup list
77372.  
77373. [TCASUTIEXE]
77374. Number=10984
77375. Confirmed=N
77376. Filename=tcaudiag.exe
77377. Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
77378. Source=Paul Collins Startup list
77379.  
77380. [TCASUTIEXE]
77381. Number=10985
77382. Confirmed=N
77383. Filename=TCASUTI.exe
77384. Description=Associated with the 3COM diagnostic module (3COM NIC Doctor).áNo further information is available
77385. Source=Paul Collins Startup list
77386.  
77387. [TCAUDIAG -off]
77388. Number=10986
77389. Confirmed=N
77390. Filename=tcaudiag.exe
77391. Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
77392. Source=Paul Collins Startup list
77393.  
77394. [TCDPbtn]
77395. Number=10987
77396. Confirmed=?
77397. Filename=TCDPbtn.exe
77398. Description=<font color="#FF0000">Found on a Toshiba laptop</font>
77399. Source=Paul Collins Startup list
77400.  
77401. [TCDPlay]
77402. Number=10988
77403. Confirmed=?
77404. Filename=TCDPlay.drv
77405. Description=<font color="#FF0000">Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?</font>
77406. Source=Paul Collins Startup list
77407.  
77408. [TClock]
77409. Number=10989
77410. Confirmed=U
77411. Filename=TCLOCK.EXE
77412. Description=Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs
77413. Source=Paul Collins Startup list
77414.  
77415. [TClock.exe]
77416. Number=10990
77417. Confirmed=X
77418. Filename=tclock_install.exe
77419. Description=<a href="http://www.superadblocker.com/definition/tclock_install/" target="_blank">TClock</a> - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness, it should be terminated and removed if detected
77420. Source=Paul Collins Startup list
77421.  
77422. [TClockEx]
77423. Number=10991
77424. Confirmed=U
77425. Filename=TCLOCKEX.EXE
77426. Description=Puts a configurable time/date display in the tray (and other features). Freeware by <a href="http://www.rcis.co.za/dale/tclockex/index.htm" target="_blank">Dale Nurden</a> and is popular on cover disks
77427. Source=Paul Collins Startup list
77428.  
77429. [tcmonitor]
77430. Number=10992
77431. Confirmed=U
77432. Filename=tcm.exe
77433. Description=Part of <a href="http://www.moosoft.com/thecleaner/" target="_blank">The Cleaner</a> from MooSoft - warns of changes to the registry
77434. Source=Paul Collins Startup list
77435.  
77436. [TCOYFReminder]
77437. Number=10993
77438. Confirmed=U
77439. Filename=tcoyftray.exe
77440. Description=<a href="http://www.myparentime.com/features/tcoyfscreenshots.shtml" target=_blank>My ParenTime</a> Fertility Planner Reminder. The calendar provides a quick overview of the status of your fertility
77441. Source=Paul Collins Startup list
77442.  
77443. [Tcp Application Manager]
77444. Number=10994
77445. Confirmed=X
77446. Filename=localsvc.exe
77447. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77448. Source=Paul Collins Startup list
77449.  
77450. [Tcp Application Manager]
77451. Number=10995
77452. Confirmed=X
77453. Filename=netsvc.exe
77454. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77455. Source=Paul Collins Startup list
77456.  
77457. [Tcp Application Manager]
77458. Number=10996
77459. Confirmed=X
77460. Filename=spoolsvc.exe
77461. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77462. Source=Paul Collins Startup list
77463.  
77464. [Tcp Application Manager]
77465. Number=10997
77466. Confirmed=X
77467. Filename=svcadmin.exe
77468. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77469. Source=Paul Collins Startup list
77470.  
77471. [Tcp Application Manager]
77472. Number=10998
77473. Confirmed=X
77474. Filename=svcman.exe
77475. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77476. Source=Paul Collins Startup list
77477.  
77478. [Tcp Application Manager]
77479. Number=10999
77480. Confirmed=X
77481. Filename=svcrun.exe
77482. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77483. Source=Paul Collins Startup list
77484.  
77485. [Tcp Application Manager]
77486. Number=11000
77487. Confirmed=X
77488. Filename=tcpsvc.exe
77489. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77490. Source=Paul Collins Startup list
77491.  
77492. [Tcp Application Manager]
77493. Number=11001
77494. Confirmed=X
77495. Filename=websvc.exe
77496. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
77497. Source=Paul Collins Startup list
77498.  
77499. [tcp checker]
77500. Number=11002
77501. Confirmed=X
77502. Filename=tcpcheck.exe
77503. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbbota.html" target=_blank>VBBOT-A</a> TROJAN!
77504. Source=Paul Collins Startup list
77505.  
77506. [TCP Internet Services]
77507. Number=11003
77508. Confirmed=X
77509. Filename=TCPSVC32.EXE
77510. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SPYBOT.X" target="_blank">SPYBOT.X</a> TROJAN!
77511. Source=Paul Collins Startup list
77512.  
77513. [TCP Monitoring]
77514. Number=11004
77515. Confirmed=X
77516. Filename=LanNSvc.exe
77517. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042218-4731-99" target="_blank">RANDEX.AAS</a> WORM!
77518. Source=Paul Collins Startup list
77519.  
77520. [tcpipmon]
77521. Number=11005
77522. Confirmed=X
77523. Filename=tcpipmon.exe
77524. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickeref.html" target="_blank">CLICKER-EF</a> TROJAN!
77525. Source=Paul Collins Startup list
77526.  
77527. [tcpippui]
77528. Number=11006
77529. Confirmed=X
77530. Filename=tcpippui.exe
77531. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaps.html" target=_blank>RBOT-APS</a> WORM!
77532. Source=Paul Collins Startup list
77533.  
77534. [tcpippui32]
77535. Number=11007
77536. Confirmed=X
77537. Filename=tcpippui32.exe
77538. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotart.html" target=_blank>RBOT-ART</a> WORM!
77539. Source=Paul Collins Startup list
77540.  
77541. [TCPServer]
77542. Number=11008
77543. Confirmed=X
77544. Filename=TCPServer.exe
77545. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
77546. Source=Paul Collins Startup list
77547.  
77548. [TCPXP Update]
77549. Number=11009
77550. Confirmed=X
77551. Filename=tcpxp.exe
77552. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotul.html" target=_blank>RBOT-UL</a> WORM!
77553. Source=Paul Collins Startup list
77554.  
77555. [TCtryIOHook]
77556. Number=11010
77557. Confirmed=?
77558. Filename=TCtrlIOHook.exe
77559. Description=Toshiba laptop related. <font color="#FF0000">What does it do and is it required?</font>
77560. Source=Paul Collins Startup list
77561.  
77562. [tcupdater]
77563. Number=11011
77564. Confirmed=X
77565. Filename=tcupdater.exe
77566. Description=Topconverting.com/180Search adware updater
77567.  
77568. Source=Paul Collins Startup list
77569.  
77570. [TDispVol]
77571. Number=11012
77572. Confirmed=U
77573. Filename=TDispVol.exe
77574. Description=Used on Toshiba computers to make the Fn key have control over the volume on/off
77575. Source=Paul Collins Startup list
77576.  
77577. [TDKSTART]
77578. Number=11013
77579. Confirmed=U
77580. Filename=TDKSTART.EXE
77581. Description=Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
77582. Source=Paul Collins Startup list
77583.  
77584. [TDKTASK]
77585. Number=11014
77586. Confirmed=N
77587. Filename=TDKTASK.EXE
77588. Description=Taskbar utility for a "control panel" for a CD-RW
77589. Source=Paul Collins Startup list
77590.  
77591. [TDockNUndock]
77592. Number=11015
77593. Confirmed=?
77594. Filename=N/A
77595. Description=<font color="#FF0000">Found on a Toshiba laptop - for use with a docking station?</font>
77596. Source=Paul Collins Startup list
77597.  
77598. [TDS3]
77599. Number=11016
77600. Confirmed=U
77601. Filename=TDS-3.exe
77602. Description=<a href="http://www.diamondcs.com.au/" target="_blank">DiamondCS</a> TDS-3 antitrojan. Can be used to scan on demand, but required in startup if you prefer real time protection
77603. Source=Paul Collins Startup list
77604.  
77605. [TDspOff]
77606. Number=11017
77607. Confirmed=?
77608. Filename=Tdspoff.exe
77609. Description=<font color="#FF0000">Found on a Toshiba laptop</font>
77610. Source=Paul Collins Startup list
77611.  
77612. [Teach In Box]
77613. Number=11018
77614. Confirmed=N
77615. Filename=teachbox.exe
77616. Description=Tutoring program that comes with a SystemAX Computer
77617. Source=Paul Collins Startup list
77618.  
77619. [Tech-In-A-Box]
77620. Number=11019
77621. Confirmed=Y
77622. Filename=techbox.exe
77623. Description=<a href="http://tools.supportforyourpc.com/tiab.html" target="_parent">Tech-in-a-Box</a> "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"
77624. Source=Paul Collins Startup list
77625.  
77626. [Telechips,Mass]
77627. Number=11020
77628. Confirmed=U
77629. Filename=patch.exe
77630. Description=Removable disk driver for the <a href="http://www.muro.co.kr/english/" target=_blank>Muro</a> MP3 player
77631. Source=Paul Collins Startup list
77632.  
77633. [Telemeter 3.0]
77634. Number=11021
77635. Confirmed=N
77636. Filename=telemeter3.exe
77637. Description=Internet connection bandwidth meter from a user ISP
77638. Source=Paul Collins Startup list
77639.  
77640. [Telepath]
77641. Number=11022
77642. Confirmed=Y
77643. Filename=telepath.exe
77644. Description=Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
77645. Source=Paul Collins Startup list
77646.  
77647. [Telnet]
77648. Number=11023
77649. Confirmed=X
77650. Filename=Telnet.exe
77651. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate telnet.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
77652. Source=Paul Collins Startup list
77653.  
77654. [Telnet24]
77655. Number=11024
77656. Confirmed=X
77657. Filename=[random filename]
77658. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotard.html" target=_blank>RBOT-ARD</a> WORM!
77659. Source=Paul Collins Startup list
77660.  
77661. [TELUS Security service]
77662. Number=11025
77663. Confirmed=Y
77664. Filename=freedom.exe
77665. Description=<a href="http://www.freedom.net/" target="_blank">Freedom</a> Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
77666. Source=Paul Collins Startup list
77667.  
77668. [TempCom]
77669. Number=11026
77670. Confirmed=X
77671. Filename=[randomname].com
77672. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042617-1508-99" target="_blank">TRAXG</a> WORM!
77673. Source=Paul Collins Startup list
77674.  
77675. [tempx]
77676. Number=11027
77677. Confirmed=X
77678. Filename=tempx.exe
77679. Description=Added by the TEMPEX.A TROJAN!
77680.  
77681. Source=Paul Collins Startup list
77682.  
77683. [Tencent QQ]
77684. Number=11028
77685. Confirmed=X
77686. Filename=Rund1132.exe qq.dll, Rundll32
77687. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021212-0258-99" target="_blank">QQPASS.F</a> TROJAN!
77688. Source=Paul Collins Startup list
77689.  
77690. [Terminal Services]
77691. Number=11029
77692. Confirmed=X
77693. Filename=mstscc.exe
77694. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczw.html" target="_blank">SDBOT-CZW</a> WORM!
77695. Source=Paul Collins Startup list
77696.  
77697. [Terminal Update]
77698. Number=11030
77699. Confirmed=X
77700. Filename=biosefui.exe
77701. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojppdooro.html" target=_blank>PPDOOR-O</a> TROJAN!
77702. Source=Paul Collins Startup list
77703.  
77704. [Terminate Popup]
77705. Number=11031
77706. Confirmed=X
77707. Filename=ZPU.exe
77708. Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
77709. Source=Paul Collins Startup list
77710.  
77711. [Terminate Popup]
77712. Number=11032
77713. Confirmed=X
77714. Filename=FPUK.exe
77715. Description=<a target="_blank" href="http://www.free-popup-killer.com/">Free Popup Killer</a> - foistware proven to install the Regsvc32 homepage hijacker. Also see <a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411">here</a>
77716. Source=Paul Collins Startup list
77717.  
77718. [TEscKey]
77719. Number=11033
77720. Confirmed=U
77721. Filename=TEscKey.exe
77722. Description=Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function
77723. Source=Paul Collins Startup list
77724.  
77725. [Tesco.net]
77726. Number=11034
77727. Confirmed=N
77728. Filename=rundll32 [path] RyDial.dll, QuickStart
77729. Description=<a href="https://register.tesco.net/online/" target="_blank">Tesco.net</a> dial-up ISP software - not required
77730. Source=Paul Collins Startup list
77731.  
77732. [Tesla]
77733. Number=11035
77734. Confirmed=?
77735. Filename=TESLA.EXE
77736. Description=<font color="#FF0000">??</font>
77737. Source=Paul Collins Startup list
77738.  
77739. [test]
77740. Number=11036
77741. Confirmed=X
77742. Filename=i love you.exe
77743. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsingut.html" target=_blank>SINGU-T</a> TROJAN!
77744. Source=Paul Collins Startup list
77745.  
77746. [Testing 123]
77747. Number=11037
77748. Confirmed=X
77749. Filename=msdata.dat
77750. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101416-1539-99" target=_blank>NITS.A</a> WORM!
77751. Source=Paul Collins Startup list
77752.  
77753. [testit.exe]
77754. Number=11038
77755. Confirmed=X
77756. Filename=testit.exe
77757. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
77758.  
77759. Source=Paul Collins Startup list
77760.  
77761. [TExBUtil Registry]
77762. Number=11039
77763. Confirmed=?
77764. Filename=TExBUtil.exe
77765. Description=<font color="#FF0000">??</font>
77766. Source=Paul Collins Startup list
77767.  
77768. [TextAloud]
77769. Number=11040
77770. Confirmed=N
77771. Filename=TextAloudMP3.exe
77772. Description=<a href="http://www.nextuptech.com/TextAloud/index.html" target="_blank">TextAloud MP3</a> - convert text into spoken words and MP3s
77773. Source=Paul Collins Startup list
77774.  
77775. [Textbridge Instant Access OCR]
77776. Number=11041
77777. Confirmed=N
77778. Filename=telepath.exe
77779. Description=<a href="http://www.nuance.com/textbridge/" target="_blank">TextBridge</a> from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs
77780. Source=Paul Collins Startup list
77781.  
77782. [TEXTCONV]
77783. Number=11042
77784. Confirmed=X
77785. Filename=services.exe
77786. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
77787. Source=Paul Collins Startup list
77788.  
77789. [TEXTCONV]
77790. Number=11043
77791. Confirmed=X
77792. Filename=winlogon.exe
77793. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
77794. Source=Paul Collins Startup list
77795.  
77796. [TFncKy]
77797. Number=11044
77798. Confirmed=U
77799. Filename=TFncky.exe
77800. Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
77801. Source=Paul Collins Startup list
77802.  
77803. [TFNF5]
77804. Number=11045
77805. Confirmed=U
77806. Filename=TFNF5.exe
77807. Description=Toshiba Hotkey Utility for Display Devices. By pressing <FN> + <F5>, a window appears showing the displays that can be chosen û LCD, LCD + CRT, CRT, TV
77808. Source=Paul Collins Startup list
77809.  
77810. [tfswctrl]
77811. Number=11046
77812. Confirmed=Y
77813. Filename=tfswctrl.exe
77814. Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
77815. Source=Paul Collins Startup list
77816.  
77817. [TFTP***]
77818. Number=11047
77819. Confirmed=X
77820. Filename=tftp***
77821. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM! where *** can be any number
77822. Source=Paul Collins Startup list
77823.  
77824. [TFunckey]
77825. Number=11048
77826. Confirmed=U
77827. Filename=TFuncKey.exe
77828. Description=Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
77829. Source=Paul Collins Startup list
77830.  
77831. [TgAddServer]
77832. Number=11049
77833. Confirmed=N
77834. Filename=tgfix.exe
77835. Description=Software from <a href="http://www.support.com/" target="_blank">SupportSoft</a> (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (<a href="http://virtualtech.answerteam.com/home/default.asp" target="_blank">Virtual Tech</a>)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see <a href="http://www.interesting-people.org/archives/interesting-people/200202/msg00164.html" target="_blank">here</a>). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove try <a href="http://www.practicallynetworked.com/support/sticky_proxy.htm" target="_blank">here</a>
77836. Source=Paul Collins Startup list
77837.  
77838. [tgbcde]
77839. Number=11050
77840. Confirmed=X
77841. Filename=module32.exe
77842. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40098" target=_blank>REIGN.R</a> TROJAN!
77843.  
77844. Source=Paul Collins Startup list
77845.  
77846. [Tgcmd]
77847. Number=11051
77848. Confirmed=U
77849. Filename=tgcmd.exe
77850. Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
77851. Source=Paul Collins Startup list
77852.  
77853. [tgcmdprovidersbc]
77854. Number=11052
77855. Confirmed=U
77856. Filename=tgcmd.exe
77857. Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
77858. Source=Paul Collins Startup list
77859.  
77860. [TGCMG]
77861. Number=11053
77862. Confirmed=N
77863. Filename=??
77864. Description=Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work
77865. Source=Paul Collins Startup list
77866.  
77867. [TGDC IE Plugin]
77868. Number=11054
77869. Confirmed=X
77870. Filename=tgdc.exe
77871. Description=ShopForGood spyware - see <a href="http://www.spywareguide.com/spydet_424_tgdc.html" target="_blank">here</a>
77872. Source=Paul Collins Startup list
77873.  
77874. [tgkill]
77875. Number=11055
77876. Confirmed=X
77877. Filename=tgkill.exe
77878. Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
77879. Source=Paul Collins Startup list
77880.  
77881. [Tgsetsite]
77882. Number=11056
77883. Confirmed=U
77884. Filename=tgfix.exe
77885. Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by <a href="http://www.cox.com/policy/#pp_1" target="_blank">Cox</a> Regarded as spyware by <a href="http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm" target="_blank">some</a> as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
77886. Source=Paul Collins Startup list
77887.  
77888. [Thdetrf]
77889. Number=11057
77890. Confirmed=N
77891. Filename=thdetr32.exe
77892. Description=<font color="#FF0000">Appears to be related to Lycos advertising</font>
77893. Source=Paul Collins Startup list
77894.  
77895. [ThE]
77896. Number=11058
77897. Confirmed=X
77898. Filename=wind0s.exe
77899. Description=Added by an unidentified WORM or TROJAN!
77900. Source=Paul Collins Startup list
77901.  
77902. [The Easy Bee's Hive]
77903. Number=11059
77904. Confirmed=U
77905. Filename=ATCEgSvr.exe
77906. Description=The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence
77907. Source=Paul Collins Startup list
77908.  
77909. [The Ethernet]
77910. Number=11060
77911. Confirmed=X
77912. Filename=ethernet.exe
77913. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
77914. Source=Paul Collins Startup list
77915.  
77916. [The Intranet]
77917. Number=11061
77918. Confirmed=X
77919. Filename=intranet.exe
77920. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
77921. Source=Paul Collins Startup list
77922.  
77923. [TheMainStart]
77924. Number=11062
77925. Confirmed=?
77926. Filename=N/A
77927. Description=<font color="#FF0000">??</font>
77928. Source=Paul Collins Startup list
77929.  
77930. [TheMonitor]
77931. Number=11063
77932. Confirmed=X
77933. Filename=[path to trojan]
77934. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrlo.html" target=_blank>DLOADR-LO</a> TROJAN!
77935. Source=Paul Collins Startup list
77936.  
77937. [TheMonitor]
77938. Number=11064
77939. Confirmed=X
77940. Filename=Duce6.exe
77941. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097585" target="_blank">YourEnhancement</a> downloader
77942. Source=Paul Collins Startup list
77943.  
77944. [THGuard]
77945. Number=11065
77946. Confirmed=U
77947. Filename=TH_Guard.exe
77948. Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target="_blank">TrojanHunter</a>
77949. Source=Paul Collins Startup list
77950.  
77951. [THGuard]
77952. Number=11066
77953. Confirmed=U
77954. Filename=THGuard.exe
77955. Description=Resident memory scanning for <a href="http://www.mischel.dhs.org/trojanhunter.jsp" target=_blank>TrojanHunter</a>
77956. Source=Paul Collins Startup list
77957.  
77958. [Think-Adz]
77959. Number=11067
77960. Confirmed=X
77961. Filename=[random filename].exe
77962. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
77963. Source=Paul Collins Startup list
77964.  
77965. [This is a virus, please delete it]
77966. Number=11068
77967. Confirmed=X
77968. Filename=bigbadvirus.exe
77969. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081412-2646-99" target="_blank">RANDEX.F</a> WORM!
77970. Source=Paul Collins Startup list
77971.  
77972. [THOTKEY]
77973. Number=11069
77974. Confirmed=U
77975. Filename=THotkey.exe
77976. Description=Associated with the Fn+ keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen
77977. Source=Paul Collins Startup list
77978.  
77979. [ThpSrv]
77980. Number=11070
77981. Confirmed=Y
77982. Filename=thpsrv.exe
77983. Description=Toshiba Hard Drive Protection Utility - moves the Hard Drive head to a safe position in case of shock or vibration to reduce the risk of damage that could be caused by head-to-disk contact
77984.  
77985. Source=Paul Collins Startup list
77986.  
77987. [Threaded]
77988. Number=11071
77989. Confirmed=X
77990. Filename=intcp32.exe
77991. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042216-3909-99" target="_blank">RANDEX.UG</a> WORM!
77992. Source=Paul Collins Startup list
77993.  
77994. [ThrustTSR]
77995. Number=11072
77996. Confirmed=U
77997. Filename=TMTMTSR.exe
77998. Description=<a href="http://www.thrustmaster.com/Default.aspx" target="_blank">Thrustmaster</a> Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
77999. Source=Paul Collins Startup list
78000.  
78001. [Thumbs Plus *.*]
78002. Number=11073
78003. Confirmed=X
78004. Filename=thmbplus**.exe
78005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaaf.html" target=_blank>AGOBOT-AAF</a> WORM! ** is a combination of a random digits and characters
78006. Source=Paul Collins Startup list
78007.  
78008. [TI WLAN]
78009. Number=11074
78010. Confirmed=U
78011. Filename=TIWLANCu.exe
78012. Description=<a href="http://www.ti.com" target=_blank>Texas Instruments</a> TI wireless LAN products
78013. Source=Paul Collins Startup list
78014.  
78015. [tibs3]
78016. Number=11075
78017. Confirmed=X
78018. Filename=tibs3.exe
78019. Description=Premium rate adult content dialler - see <a href="http://www.sophos.com/virusinfo/analyses/trojhidediald.html" target= blank>here</a>
78020. Source=Paul Collins Startup list
78021.  
78022. [tibs5]
78023. Number=11076
78024. Confirmed=X
78025. Filename=tibs5.exe
78026. Description=Premium rate adult content dialer - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=DIAL%5FTIBSBRW%2EA" target="_blank">here</a>
78027. Source=Paul Collins Startup list
78028.  
78029. [Tiger]
78030. Number=11077
78031. Confirmed=X
78032. Filename=Shine.exe
78033. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090919-4618-99" target="_blank">HAPPYLOW</a> (or <a href="http://www.sophos.com/virusinfo/analyses/w32nishea.html" target="_blank">NISHE-A</a>) VIRUS!
78034. Source=Paul Collins Startup list
78035.  
78036. [TiKL]
78037. Number=11078
78038. Confirmed=U
78039. Filename=tikl.exe
78040. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122011-1003-99" target=blank>TinyKeylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
78041. Source=Paul Collins Startup list
78042.  
78043. [Tilerun]
78044. Number=11079
78045. Confirmed=X
78046. Filename=Tilecom32.com
78047. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
78048. Source=Paul Collins Startup list
78049.  
78050. [Time Manager]
78051. Number=11080
78052. Confirmed=X
78053. Filename=TimeManager.exe
78054. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbv.html" target=_blank>MYTOB-BV</a> WORM!
78055. Source=Paul Collins Startup list
78056.  
78057. [Time Zone Synchronization]
78058. Number=11081
78059. Confirmed=X
78060. Filename=wscript zshell.js
78061. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetdexa.html" target="_blank">NETDEX-A</a> TROJAN!
78062. Source=Paul Collins Startup list
78063.  
78064. [TimeCalendar]
78065. Number=11082
78066. Confirmed=U
78067. Filename=tc.exe
78068. Description=<a href="http://www.timecalendar.com/" target="_blank">TimeCalendar</a> digital planner
78069. Source=Paul Collins Startup list
78070.  
78071. [Timed Backups Manager Startup]
78072. Number=11083
78073. Confirmed=N
78074. Filename=BACKTIME.EXE
78075. Description=<a href="http://www.backupplus.net/" target="_blank">Backup Plus</a> - backup software
78076. Source=Paul Collins Startup list
78077.  
78078. [TimeLeft]
78079. Number=11084
78080. Confirmed=U
78081. Filename=TimeLeft.exe
78082. Description=<a href="http://www.nestersoft.com/timeleft/index.shtml" target=_blank>TimeLeft</a> is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text
78083. Source=Paul Collins Startup list
78084.  
78085. [Timemanager.exe]
78086. Number=11085
78087. Confirmed=U
78088. Filename=Timemanager.exe
78089. Description=<a href="http://www.systemsoptima.com/timemanager.shtml" target=_blank>Time Manager</a> will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package
78090. Source=Paul Collins Startup list
78091.  
78092. [TimeOnline]
78093. Number=11086
78094. Confirmed=N
78095. Filename=TIMEONLINE.EXE
78096. Description=Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs
78097. Source=Paul Collins Startup list
78098.  
78099. [TIMER]
78100. Number=11087
78101. Confirmed=X
78102. Filename=TIMER.EXE
78103. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032512-0633-99" target="_blank">TIMESE.AG</a> WORM!
78104. Source=Paul Collins Startup list
78105.  
78106. [Timer]
78107. Number=11088
78108. Confirmed=X
78109. Filename=comm.exe
78110. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorip.html" target=_blank>IP</a> TROJAN!
78111. Source=Paul Collins Startup list
78112.  
78113. [Timer]
78114. Number=11089
78115. Confirmed=X
78116. Filename=timed.exe
78117. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorlv.html" target=_blank>LV</a> TROJAN!
78118. Source=Paul Collins Startup list
78119.  
78120. [Timer]
78121. Number=11090
78122. Confirmed=X
78123. Filename=msncomm.exe
78124. Description=Added by the <a href="http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=BKDR_WEBDOR.AK" target="_blank">WEBDOR.AK</a> TROJAN!
78125. Source=Paul Collins Startup list
78126.  
78127. [TimeService]
78128. Number=11091
78129. Confirmed=X
78130. Filename=trun.exe
78131. Description=<a href="http://www.sophos.com/virusinfo/analyses/dialtlflica.html" target=_blank>TlfLic-A</a> premium rate adult content dialler
78132.  
78133. Source=Paul Collins Startup list
78134.  
78135. [TimeSink Add Client]
78136. Number=11092
78137. Confirmed=X
78138. Filename=TSADBOT.EXE
78139. Description=Advertising spyware
78140. Source=Paul Collins Startup list
78141.  
78142. [timessquare]
78143. Number=11093
78144. Confirmed=X
78145. Filename=timessquare.exe
78146. Description=Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus
78147. Source=Paul Collins Startup list
78148.  
78149. [timestamp]
78150. Number=11094
78151. Confirmed=X
78152. Filename=timeapr32.exe
78153. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdru.html" target="_blank">AGENT-DRU</a> TROJAN!
78154. Source=Paul Collins Startup list
78155.  
78156. [TimeSyncApp]
78157. Number=11095
78158. Confirmed=X
78159. Filename=TimeSynchronize.exe
78160. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware
78161.  
78162. Source=Paul Collins Startup list
78163.  
78164. [TimeUp]
78165. Number=11096
78166. Confirmed=N
78167. Filename=Timeup.exe
78168. Description=<a target="_blank" href="http://www.timeupsoft.com/English/timeup/index.htm">TimeUp</a> - internet online timer
78169. Source=Paul Collins Startup list
78170.  
78171. [Timezone]
78172. Number=11097
78173. Confirmed=U
78174. Filename=TimeZone.exe
78175. Description=Microsoft Daylight Saving Time Update Utility - see <a href="http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/timezone.asp" target=_blank>here</a>
78176. Source=Paul Collins Startup list
78177.  
78178. [TimounterMonitor]
78179. Number=11098
78180. Confirmed=U
78181. Filename=TimounterMonitor.exe
78182. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
78183. Source=Paul Collins Startup list
78184.  
78185. [TINTSETP]
78186. Number=11099
78187. Confirmed=N
78188. Filename=TINTSETP.EXE
78189. Description=Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
78190. Source=Paul Collins Startup list
78191.  
78192. [Tiny AV]
78193. Number=11100
78194. Confirmed=X
78195. Filename=fooding.exe
78196. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030717-4718-99" target="_blank">NETSKY.I</a> WORM!
78197. Source=Paul Collins Startup list
78198.  
78199. [Tiny Personal Firewall]
78200. Number=11101
78201. Confirmed=Y
78202. Filename=persfw.exe
78203. Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a>
78204. Source=Paul Collins Startup list
78205.  
78206. [tinySpell]
78207. Number=11102
78208. Confirmed=U
78209. Filename=tinyspell.exe
78210. Description=<a href="http://www.megspace.com/computers/tinyspell/" target="_blank">Tinyspell</a> - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"
78211. Source=Paul Collins Startup list
78212.  
78213. [TiomanExe]
78214. Number=11103
78215. Confirmed=U
78216. Filename=Tioman.Exe
78217. Description=Agate Tioman - warm and hot swap removable bay device manager for IBM laptops
78218. Source=Paul Collins Startup list
78219.  
78220. [Tips]
78221. Number=11104
78222. Confirmed=N
78223. Filename=mousetips.exe
78224. Description=Suggests tips on using your mouse
78225. Source=Paul Collins Startup list
78226.  
78227. [TiTleBarClock]
78228. Number=11105
78229. Confirmed=U
78230. Filename=TiTleBarClock.exe
78231. Description=<a href="http://www.wfcravener.com/TBC.html" target="_blank">TitleBarClock</a> displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup
78232. Source=Paul Collins Startup list
78233.  
78234. [TitleTime]
78235. Number=11106
78236. Confirmed=U
78237. Filename=TiTime.exe
78238. Description="<a href="http://www.jumaros.de/rsoft/index.html" target=_blank>TitleTime</a> adds the current date and/or time to the Caption of the currently active application window. Additional options are a second clock (with a different time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each full, half or quarter hour"
78239.  
78240. Source=Paul Collins Startup list
78241.  
78242. [Tivoli]
78243. Number=11107
78244. Confirmed=N
78245. Filename=LCFEP.EXE
78246. Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
78247. Source=Paul Collins Startup list
78248.  
78249. [TivoNotify]
78250. Number=11108
78251. Confirmed=X
78252. Filename=TiVoNotify.exe
78253. Description=Part of <a href="http://www.tivo.com/4.9.4.1-2_win.asp" target="_blank">Tivo Desktop</a>. <font color="#FF0000">What does it do and is it required?</font>
78254. Source=Paul Collins Startup list
78255.  
78256. [TivoServer]
78257. Number=11109
78258. Confirmed=U
78259. Filename=TiVoServer.exe
78260. Description=<a href="http://www.tivo.com/" target=_blank>Tivo Server</a> - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC
78261.  
78262. Source=Paul Collins Startup list
78263.  
78264. [TivoTransfer]
78265. Number=11110
78266. Confirmed=U
78267. Filename=TivoTransfer.exe
78268. Description=<a href="http://www.tivo.com/" target=_blank>Tivo Transfer</a> Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music, photos and TiVo recordings between your networked TiVo Series2 DVR and your computer
78269.  
78270. Source=Paul Collins Startup list
78271.  
78272. [TIxDSL]
78273. Number=11111
78274. Confirmed=U
78275. Filename=tidslmon.exe
78276. Description=Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs
78277. Source=Paul Collins Startup list
78278.  
78279. [TizzleTalk]
78280. Number=11112
78281. Confirmed=N
78282. Filename=TizzleTalk.exe
78283. Description=<a href="http://www.tizzletalk.com/" target=_blank>TizzeTalk</a> is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their <a href="http://www6.tizzletalk.com/license.php" target=_blank>EULA</a> : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications"
78284. Source=Paul Collins Startup list
78285.  
78286. [tjstartup]
78287. Number=11113
78288. Confirmed=X
78289. Filename=[path to file]
78290. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010611-3727-99" target=_blank>TJSERV.C</a> TROJAN!
78291. Source=Paul Collins Startup list
78292.  
78293. [TkBell.Exe]
78294. Number=11114
78295. Confirmed=N
78296. Filename=evntsvc.exe
78297. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78298.  
78299. Source=Paul Collins Startup list
78300.  
78301. [TkBell.Exe]
78302. Number=11115
78303. Confirmed=N
78304. Filename=realsched.exe
78305. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78306. Source=Paul Collins Startup list
78307.  
78308. [TkBell.Exe]
78309. Number=11116
78310. Confirmed=N
78311. Filename=tkbell.exe
78312. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78313. Source=Paul Collins Startup list
78314.  
78315. [TkBellExe]
78316. Number=11117
78317. Confirmed=N
78318. Filename=evntsvc.exe
78319. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78320. Source=Paul Collins Startup list
78321.  
78322. [TkBellExe]
78323. Number=11118
78324. Confirmed=N
78325. Filename=realsched.exe
78326. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78327. Source=Paul Collins Startup list
78328.  
78329. [TkBellExe]
78330. Number=11119
78331. Confirmed=N
78332. Filename=tkbell.exe
78333. Description=Application Scheduler installed along with <a href="http://www.real.com/" target="_blank">RealOne Player</a>. Once installed, it runs independently of RealOne Player. See <a href="http://www.mikescomputerinfo.com/TkBellExe.htm" target="_blank">here</a> for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
78334. Source=Paul Collins Startup list
78335.  
78336. [TkNetDriver Monitor]
78337. Number=11120
78338. Confirmed=X
78339. Filename=lexbce.exe
78340. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadf.html" target=_blank>SDBOT-ADF</a> WORM!
78341. Source=Paul Collins Startup list
78342.  
78343. [tkonnect]
78344. Number=11121
78345. Confirmed=N
78346. Filename=TKONNECT.EXE
78347. Description=Dialer for the <a href="http://www.tiscali.co.uk/" target="_blank">Tiscali</a> internet service provider. Available as a desktop shortcut
78348. Source=Paul Collins Startup list
78349.  
78350. [tlc]
78351. Number=11122
78352. Confirmed=X
78353. Filename=update911.js
78354. Description=Hijacker installer
78355. Source=Paul Collins Startup list
78356.  
78357. [TlcR]
78358. Number=11123
78359. Confirmed=?
78360. Filename=avp.exe
78361. Description=<font color="#FF0000">??</font>
78362. Source=Paul Collins Startup list
78363.  
78364. [tlntsvr]
78365. Number=11124
78366. Confirmed=U
78367. Filename=tlntsvr.exe
78368. Description=Microsoft program associated with <a href="http://www.webopedia.com/TERM/T/Telnet.html" target=_blank>Telnet</a>
78369. Source=Paul Collins Startup list
78370.  
78371. [TLogonPath]
78372. Number=11125
78373. Confirmed=U
78374. Filename=tb2logon.exe
78375. Description=<a href="http://www.netopia.com/software/products/tb2/" target="_blank">Timbuktu Pro</a> - remote desktop access software
78376. Source=Paul Collins Startup list
78377.  
78378. [TM Outbreak Agent]
78379. Number=11126
78380. Confirmed=U
78381. Filename=TMOAgent.exe
78382. Description=Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner
78383. Source=Paul Collins Startup list
78384.  
78385. [TMA distribution]
78386. Number=11127
78387. Confirmed=U
78388. Filename=cfinst.exe
78389. Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
78390. Source=Paul Collins Startup list
78391.  
78392. [tmax]
78393. Number=11128
78394. Confirmed=X
78395. Filename=pupdate.exe
78396. Description=Adware pop-up generator
78397. Source=Paul Collins Startup list
78398.  
78399. [tmchook]
78400. Number=11129
78401. Confirmed=X
78402. Filename=tmchook.exe
78403. Description=Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS!
78404. Source=Paul Collins Startup list
78405.  
78406. [TMEEJME]
78407. Number=11130
78408. Confirmed=?
78409. Filename=TMEEJME.EXE
78410. Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
78411. Source=Paul Collins Startup list
78412.  
78413. [TMERzCtl]
78414. Number=11131
78415. Confirmed=?
78416. Filename=TMERzCtl.EXE
78417. Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
78418. Source=Paul Collins Startup list
78419.  
78420. [TMESBS]
78421. Number=11132
78422. Confirmed=U
78423. Filename=TMESBS21.exe
78424. Description=Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station
78425. Source=Paul Collins Startup list
78426.  
78427. [TMESBS32]
78428. Number=11133
78429. Confirmed=?
78430. Filename=TMESBS32.EXE
78431. Description=<font color="#FF0000">Found in a ToshibaTME3 directory</font><font color="#FF0000">. Toshiba Mobile Extension related?</font>
78432. Source=Paul Collins Startup list
78433.  
78434. [TMESRV31]
78435. Number=11134
78436. Confirmed=U
78437. Filename=TMESRV31.EXE
78438. Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
78439. Source=Paul Collins Startup list
78440.  
78441. [TMExLogon]
78442. Number=11135
78443. Confirmed=U
78444. Filename=TMESRV.EXE
78445. Description=Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
78446. Source=Paul Collins Startup list
78447.  
78448. [Tmmkb]
78449. Number=11136
78450. Confirmed=?
78451. Filename=Tmmkysvr.exe
78452. Description=<font color="#FF0000">Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts?</font>
78453. Source=Paul Collins Startup list
78454.  
78455. [TmNetDriver Monitor]
78456. Number=11137
78457. Confirmed=X
78458. Filename=exbce.exe
78459. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabr.html" target=_blank>SDBOT-ABR</a> WORM!
78460. Source=Paul Collins Startup list
78461.  
78462. [Tmntsrv32]
78463. Number=11138
78464. Confirmed=X
78465. Filename=Tmntsrv32.exe
78466. Description=Hijacker, detected by Norton antivirus as <a href="http://www.sarc.com/avcenter/venc/data/pf/trojan.startpage.o.html" target= blank>Trojan.StartPage.O</a>
78467. Source=Paul Collins Startup list
78468.  
78469. [TMOUSE]
78470. Number=11139
78471. Confirmed=U
78472. Filename=tmouse.exe
78473. Description=Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL + SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint
78474. Source=Paul Collins Startup list
78475.  
78476. [tmproxy]
78477. Number=11140
78478. Confirmed=Y
78479. Filename=tmproxy.exe
78480. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm">PC-cillin 2003</a> antivirus software
78481. Source=Paul Collins Startup list
78482.  
78483. [TMTMTSR]
78484. Number=11141
78485. Confirmed=U
78486. Filename=TMTMTSR.exe
78487. Description=<a href="http://www.thrustmaster.com/Default.aspx" target="_blank">Thrustmaster</a> Thrustmapper - "t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
78488. Source=Paul Collins Startup list
78489.  
78490. [TNTClk]
78491. Number=11142
78492. Confirmed=U
78493. Filename=TNTCLK.exe
78494. Description=Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job
78495. Source=Paul Collins Startup list
78496.  
78497. [ToADiMon.exe]
78498. Number=11143
78499. Confirmed=U
78500. Filename=ToADiMon.exe
78501. Description=T-Online ISP software connection assistant
78502. Source=Paul Collins Startup list
78503.  
78504. [Toggler]
78505. Number=11144
78506. Confirmed=U
78507. Filename=toggler.exe
78508. Description="<a href="http://members.execulink.com/~pjones/toggler/index.htm" target=_blank>Toggler</a> allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It prevents you from writing in ALL CAPS when your finger has slipped to accidentally hit the Caps Lock key"
78509.  
78510. Source=Paul Collins Startup list
78511.  
78512. [Tok-Cirrhatus]
78513. Number=11145
78514. Confirmed=X
78515. Filename=IDTemplate.exe
78516. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.A&VSect=P" target=_blank>RONTOKBRO.A</a> WORM!
78517. Source=Paul Collins Startup list
78518.  
78519. [Tok-Cirrhatus]
78520. Number=11146
78521. Confirmed=X
78522. Filename=smss.exe
78523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoka.html" target=_blank>BRONTOK-A</a> WORM and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
78524. Source=Paul Collins Startup list
78525.  
78526. [Tok-Cirrhatus]
78527. Number=11147
78528. Confirmed=X
78529. Filename=[path to file]
78530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokf.html" target=_blank>BRONTOK-F</a> WORM!
78531. Source=Paul Collins Startup list
78532.  
78533. [Tok-Cirrhatus-1959]
78534. Number=11148
78535. Confirmed=X
78536. Filename=br4941on.exe
78537. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokj.html" target=_blank>BRONTOK-J</a> WORM!
78538. Source=Paul Collins Startup list
78539.  
78540. [Tok-Cirrhatus-1959sarc]
78541. Number=11149
78542. Confirmed=X
78543. Filename=sv711224030r.exe
78544. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokr.html" target=_blank>BRONTOK-R</a> WORM!
78545. Source=Paul Collins Startup list
78546.  
78547. [Tok-Cirrhatus-2784]
78548. Number=11150
78549. Confirmed=X
78550. Filename=br6591on.exe
78551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokl.html" target=_blank>BRONTOK-L</a> WORM!
78552. Source=Paul Collins Startup list
78553.  
78554. [Tok-Cirrhatus-2784]
78555. Number=11151
78556. Confirmed=X
78557. Filename=smss.exe
78558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontoks.html" target=_blank>BRONTOK-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "Documents and Settings\[User]\Local Settings\Application Data\" folder
78559. Source=Paul Collins Startup list
78560.  
78561. [Tok-Cirrhatus-[4 random digits]]
78562. Number=11152
78563. Confirmed=X
78564. Filename=br[4 random digits]on.exe
78565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32brontokm.html" target=_blank>BRONTOK-M</a> WORM!
78566. Source=Paul Collins Startup list
78567.  
78568. [TomcatStartup]
78569. Number=11153
78570. Confirmed=?
78571. Filename=hpbpsttp.exe
78572. Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
78573. Source=Paul Collins Startup list
78574.  
78575. [TomcatStartup 2.5]
78576. Number=11154
78577. Confirmed=?
78578. Filename=hpbpsttp.exe
78579. Description=Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. <font color="#FF0000">What does it do and is it required?</font>
78580. Source=Paul Collins Startup list
78581.  
78582. [Tommorrow]
78583. Number=11155
78584. Confirmed=?
78585. Filename=tomorrow.exe
78586. Description=<font color="#FF0000">??</font>
78587. Source=Paul Collins Startup list
78588.  
78589. [ToolBoxFX]
78590. Number=11156
78591. Confirmed=?
78592. Filename=HPTLBXFX.exe
78593. Description=<a href="http://h20271.www2.hp.com/SMB-AP/cache/380793-0-0-14-121.html?jumpid=reg_R1002_AUEN" target="_blank">HP ToolBoxFX</a> - "provides desktop configuration, status and support for every feature". Supplied with some HP multifunction printers
78594. Source=Paul Collins Startup list
78595.  
78596. [ToP]
78597. Number=11157
78598. Confirmed=X
78599. Filename=LSASS.exe
78600. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012418-0655-99" target=_blank>WOWCRAFT.C</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
78601. Source=Paul Collins Startup list
78602.  
78603. [Top Tilecom]
78604. Number=11158
78605. Confirmed=X
78606. Filename=Tilecomtop.com
78607. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BXD" target="_blank">WORM_RBOT.BXD</a> WORM!
78608. Source=Paul Collins Startup list
78609.  
78610. [ToPassSrv]
78611. Number=11159
78612. Confirmed=?
78613. Filename=Pktopass.exe
78614. Description=Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems
78615. Source=Paul Collins Startup list
78616.  
78617. [TopDesk]
78618. Number=11160
78619. Confirmed=U
78620. Filename=TopDesk.exe
78621. Description=TopDesk - puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files
78622. Source=Paul Collins Startup list
78623.  
78624. [Topic lnternet]
78625. Number=11161
78626. Confirmed=X
78627. Filename=lnternet32.exe
78628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglz.html" target="_blank">RBOT-GLZ</a> WORM!
78629. Source=Paul Collins Startup list
78630.  
78631. [ToPicks Starter]
78632. Number=11162
78633. Confirmed=X
78634. Filename=Idhost.exe
78635. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070112-5753-99" target="_blank">TOPicks</a> adware
78636. Source=Paul Collins Startup list
78637.  
78638. [topmoxie]
78639. Number=11163
78640. Confirmed=X
78641. Filename=JavaRun.exe
78642. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453059998" target="_blank">TopMoxie</a> adware
78643. Source=Paul Collins Startup list
78644.  
78645. [TopSearch]
78646. Number=11164
78647. Confirmed=X
78648. Filename=TopSearch.exe
78649. Description=<a href="http://www3.cai.com/securityadvisor/pest/pest.aspx?id=453074383" target=_blank>TopSearch</a> adware variant
78650. Source=Paul Collins Startup list
78651.  
78652. [Tor]
78653. Number=11165
78654. Confirmed=N
78655. Filename=tor.exe
78656. Description=<a href="http://tor.eff.org/" target=blank>Tor</a> anonymous internet communication system. Shortcut available via Start -> Programs
78657. Source=Paul Collins Startup list
78658.  
78659. [tor anonymous proxy]
78660. Number=11166
78661. Confirmed=X
78662. Filename=tor32.exe
78663. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadr.html" target=_blank>SDBOT-ADR</a> WORM!
78664. Source=Paul Collins Startup list
78665.  
78666. [Torjan Program]
78667. Number=11167
78668. Confirmed=X
78669. Filename=[path to trojan]
78670. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirbo.html" target=_blank>LEGMIR-BO</a> TROJAN!
78671. Source=Paul Collins Startup list
78672.  
78673. [Torjan Program]
78674. Number=11168
78675. Confirmed=X
78676. Filename=smss.exe
78677. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102210-5758-99" target=_blank>WOWCRAFT.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
78678. Source=Paul Collins Startup list
78679.  
78680. [Torjan Program]
78681. Number=11169
78682. Confirmed=X
78683. Filename=WINLOGON.EXE
78684. Description=Added by the <a href="http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2006-061911-0328-99=1" target="_blank">WOWCRAFT.D</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
78685. Source=Paul Collins Startup list
78686.  
78687. [TOSCDSPD]
78688. Number=11170
78689. Confirmed=N
78690. Filename=toscdspd.exe
78691. Description=Related to <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/toscdspd/" target=_blank>Toshiba laptop</a> CD/DVD drivers. This is a non-essential process. Disabling or enabling this is down to user preference
78692.  
78693. Source=Paul Collins Startup list
78694.  
78695. [TOSHIBA Accessibility]
78696. Number=11171
78697. Confirmed=U
78698. Filename=FnKeyHook.exe
78699. Description="Allows you to use the Fn key to create a hot key combination with one of the function keys without pressing the two keys simultaneously as is usually required. Using Accessibility lets you make the Fn key a sticky key, meaning you can press it once, release it, and then press a function key to activate the hot key function"
78700. Source=Paul Collins Startup list
78701.  
78702. [Toshiba Fan]
78703. Number=11172
78704. Confirmed=Y
78705. Filename=fan.exe
78706. Description=Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat
78707. Source=Paul Collins Startup list
78708.  
78709. [Toshiba Key State]
78710. Number=11173
78711. Confirmed=U
78712. Filename=KEYSTATE.EXE
78713. Description=Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs
78714. Source=Paul Collins Startup list
78715.  
78716. [ToshibaPinger]
78717. Number=11174
78718. Confirmed=N
78719. Filename=pinger.exe
78720. Description=Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions <a href="http://www.spywareinfo.com/yabbse/index.php?board=18;action=display;threadid=2673" target="_blank">here</a>
78721. Source=Paul Collins Startup list
78722.  
78723. [TOSHIBSU]
78724. Number=11175
78725. Confirmed=U
78726. Filename=Toshibsu.exe
78727. Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly
78728. Source=Paul Collins Startup list
78729.  
78730. [TosHKCW]
78731. Number=11176
78732. Confirmed=U
78733. Filename=TosHKCW.exe
78734. Description=Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)
78735. Source=Paul Collins Startup list
78736.  
78737. [TosMem]
78738. Number=11177
78739. Confirmed=Y
78740. Filename=tosmem.exe
78741. Description=Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem
78742. Source=Paul Collins Startup list
78743.  
78744. [TosRotation]
78745. Number=11178
78746. Confirmed=U
78747. Filename=TRot.exe
78748. Description=TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk
78749. Source=Paul Collins Startup list
78750.  
78751. [TotRecSched]
78752. Number=11179
78753. Confirmed=U
78754. Filename=TotRecSched.exe
78755. Description=Scheduler for <a href="http://www.highcriteria.com/products.htm" target="_blank">Total Recorder</a> - allows automatic recording of a show at a given time for later playback or you can use the scheduler as an alarm
78756. Source=Paul Collins Startup list
78757.  
78758. [ToUcamVProperty]
78759. Number=11180
78760. Confirmed=Y
78761. Filename=VProperty.exe
78762. Description=Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon
78763. Source=Paul Collins Startup list
78764.  
78765. [Touch Manager]
78766. Number=11181
78767. Confirmed=U
78768. Filename=WinLED.exe
78769. Description=Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
78770. Source=Paul Collins Startup list
78771.  
78772. [TouchED]
78773. Number=11182
78774. Confirmed=U
78775. Filename=TouchED.exe
78776. Description=TouchPad On/Off Utility on a Toshiba laptop
78777. Source=Paul Collins Startup list
78778.  
78779. [tour]
78780. Number=11183
78781. Confirmed=N
78782. Filename=regedit ..tour.reg
78783. Description=Edits registry values to keep the WinMe tour in Task Scheduler
78784. Source=Paul Collins Startup list
78785.  
78786. [Tour]
78787. Number=11184
78788. Confirmed=N
78789. Filename=wincool.exe
78790. Description=Component of WinME that's annoying as hell. Pop's up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only
78791. Source=Paul Collins Startup list
78792.  
78793. [tourpath]
78794. Number=11185
78795. Confirmed=N
78796. Filename=regedit /s [path] tour.reg
78797. Description=Edits registry values to keep the Win 2000 "tour" in Task Scheduler
78798. Source=Paul Collins Startup list
78799.  
78800. [TP4EX]
78801. Number=11186
78802. Confirmed=U
78803. Filename=tp4ex.exe
78804. Description=Adds accessibility options for an IBM TrackPoint
78805. Source=Paul Collins Startup list
78806.  
78807. [tp4mon]
78808. Number=11187
78809. Confirmed=U
78810. Filename=tp4mon.exe
78811. Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
78812. Source=Paul Collins Startup list
78813.  
78814. [tp4serv]
78815. Number=11188
78816. Confirmed=U
78817. Filename=tp4serv.exe
78818. Description=Supports the "pointer stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
78819. Source=Paul Collins Startup list
78820.  
78821. [TP98TRAY]
78822. Number=11189
78823. Confirmed=?
78824. Filename=TP98TRAY.EXE
78825. Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
78826. Source=Paul Collins Startup list
78827.  
78828. [TP98UTIL]
78829. Number=11190
78830. Confirmed=N
78831. Filename=TP98.EXE
78832. Description=IBM Thinkpad feature setup & configuration utility
78833. Source=Paul Collins Startup list
78834.  
78835. [tpcupdater]
78836. Number=11191
78837. Confirmed=X
78838. Filename=updatetc.exe
78839. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
78840. Source=Paul Collins Startup list
78841.  
78842. [TpHotKey]
78843. Number=11192
78844. Confirmed=U
78845. Filename=TPHKMGR.EXE
78846. Description=Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30
78847. Source=Paul Collins Startup list
78848.  
78849. [TPKBDLED]
78850. Number=11193
78851. Confirmed=U
78852. Filename=TpScrLk.exe
78853. Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
78854.  
78855. Source=Paul Collins Startup list
78856.  
78857. [TPKMAPHELPER]
78858. Number=11194
78859. Confirmed=U
78860. Filename=TpKmapAp.exe
78861. Description=IBM Thinkpad - Keyboard Customizer Utility. Allows the user to set keyboard shortcuts, emulate such features as Windows key on laptop, can be disabled from within program, is available from Programs > Access IBM. Not required
78862. Source=Paul Collins Startup list
78863.  
78864. [TpKmapMn]
78865. Number=11195
78866. Confirmed=U
78867. Filename=TpKmapMn.exe
78868. Description=Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs
78869. Source=Paul Collins Startup list
78870.  
78871. [tpopservice]
78872. Number=11196
78873. Confirmed=U
78874. Filename=tpopservice.exe
78875. Description=DirecWay two-way satellite internet service enhanced POP proxy server for email
78876. Source=Paul Collins Startup list
78877.  
78878. [TPP Auto Loader]
78879. Number=11197
78880. Confirmed=U
78881. Filename=Tppaldr.exe
78882. Description=Installed with <a href="http://www.datastor.com.tw/" target="_blank">DataStor's</a> (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed
78883. Source=Paul Collins Startup list
78884.  
78885. [Tprtray]
78886. Number=11198
78887. Confirmed=U
78888. Filename=Tprtray.exe
78889. Description=Displays the Power icon in the System Tray on a Toshiba laptop
78890. Source=Paul Collins Startup list
78891.  
78892. [TpScrLk]
78893. Number=11199
78894. Confirmed=U
78895. Filename=TpScrLk.exe
78896. Description=IBM Thinkpad utility for displaying the Scroll Lock status on the System Tray - for Thinkpad's that don't have a Scroll Lock LED
78897. Source=Paul Collins Startup list
78898.  
78899. [TpShocks]
78900. Number=11200
78901. Confirmed=Y
78902. Filename=TpShocks.exe
78903. Description=Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns
78904. Source=Paul Collins Startup list
78905.  
78906. [TPSmain]
78907. Number=11201
78908. Confirmed=U
78909. Filename=TPSMain.exe
78910. Description=Toshiba Power Saver - associated with Toshiba laptops/desktops. Manages the power save function to make sure that the system goes to a power saver mode when not used
78911. Source=Paul Collins Startup list
78912.  
78913. [TPSODDCtl]
78914. Number=11202
78915. Confirmed=Y
78916. Filename=TPSODDCtl.exe
78917. Description=Power saving software on Toshiba laptops
78918. Source=Paul Collins Startup list
78919.  
78920. [TPTray]
78921. Number=11203
78922. Confirmed=N
78923. Filename=TPTray.exe
78924. Description=Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
78925. Source=Paul Collins Startup list
78926.  
78927. [TPTRAY]
78928. Number=11204
78929. Confirmed=?
78930. Filename=TP98TRAY.EXE
78931. Description=IBM Thinkpad related utility.<font color="#FF0000"> What does it do and is it required?</font>
78932. Source=Paul Collins Startup list
78933.  
78934. [TPwrMain]
78935. Number=11205
78936. Confirmed=Y
78937. Filename=TPwrMain.EXE
78938. Description=Power management software for Toshiba laptops
78939. Source=Paul Collins Startup list
78940.  
78941. [TPwrMgr]
78942. Number=11206
78943. Confirmed=?
78944. Filename=TPwrMgr.exe
78945. Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
78946. Source=Paul Collins Startup list
78947.  
78948. [TPWRTRAY]
78949. Number=11207
78950. Confirmed=Y
78951. Filename=Tpwrtray.exe
78952. Description=Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
78953. Source=Paul Collins Startup list
78954.  
78955. [tqrecv]
78956. Number=11208
78957. Confirmed=U
78958. Filename=tqrecv.exe
78959. Description=Tellique satellite broadcast reception software
78960. Source=Paul Collins Startup list
78961.  
78962. [Traceless]
78963. Number=11209
78964. Confirmed=N
78965. Filename=launch.exe
78966. Description=<a href="http://users.bigpond.com/pvantarakis/traceless/index.htm" target="_blank">Traceless 2003</a> - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box
78967. Source=Paul Collins Startup list
78968.  
78969. [Track4WinMonitor]
78970. Number=11210
78971. Confirmed=U
78972. Filename=STMonitor.exe
78973. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.track4win.html" target="_blank">Track4Win</a> is a surveillance software program that takes screenshots and logs user activity such as URLs and currently running processes. It uploads the logs and screenshots to a preconfigured server. Uninstall this software unless you put it there yourself
78974. Source=Paul Collins Startup list
78975.  
78976. [Tracker]
78977. Number=11211
78978. Confirmed=?
78979. Filename=Tracker.exe
78980. Description=<font color="#FF0000">Possibly associated with My Deluxe Invoices program</font>
78981. Source=Paul Collins Startup list
78982.  
78983. [TrackpointSrv]
78984. Number=11212
78985. Confirmed=U
78986. Filename=daemon.exe
78987. Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
78988. Source=Paul Collins Startup list
78989.  
78990. [TrackpointSrv]
78991. Number=11213
78992. Confirmed=U
78993. Filename=tp4serv.exe
78994. Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
78995. Source=Paul Collins Startup list
78996.  
78997. [TrackPointSrv]
78998. Number=11214
78999. Confirmed=U
79000. Filename=tp4mon.exe
79001. Description=Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
79002. Source=Paul Collins Startup list
79003.  
79004. [Tracks Eraser]
79005. Number=11215
79006. Confirmed=U
79007. Filename=te.exe
79008. Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser</a> from Acesoft - "Erases all tracks of your internet activity"
79009.  
79010. Source=Paul Collins Startup list
79011.  
79012. [Tracks Eraser Pro]
79013. Number=11216
79014. Confirmed=U
79015. Filename=te.exe
79016. Description=<a href="http://www.acesoft.net/" target="_blank">Tracks Eraser Pro</a> from Acesoft - "Erases all tracks of your internet activity"
79017. Source=Paul Collins Startup list
79018.  
79019. [tranicon]
79020. Number=11217
79021. Confirmed=U
79022. Filename=tranicon.exe
79023. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
79024. Source=Paul Collins Startup list
79025.  
79026. [Transcode360]
79027. Number=11218
79028. Confirmed=N
79029. Filename=Transcode360Tray.exe
79030. Description=Designed for WinXP Media Center Edition 2005 and the Xbox 360, <a href="http://runtime360.com/projects/transcode-360/" target="_blank">Transcode360</a> aims to broaden the support for a wide range of video media including DivX and XviD
79031. Source=Paul Collins Startup list
79032.  
79033. [Transparent]
79034. Number=11219
79035. Confirmed=U
79036. Filename=TransparentW.exe
79037. Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
79038. Source=Paul Collins Startup list
79039.  
79040. [Transparent]
79041. Number=11220
79042. Confirmed=U
79043. Filename=TransparentD.exe
79044. Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
79045. Source=Paul Collins Startup list
79046.  
79047. [Transparent]
79048. Number=11221
79049. Confirmed=U
79050. Filename=TransparentB.exe
79051. Description=Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from <a href="http://www.freedownloadscenter.com/Shell_and_Desktop/Desktop_Randomizers_and_Changers/Transparent.html" target="_blank">here</a>
79052. Source=Paul Collins Startup list
79053.  
79054. [TransparentIcons]
79055. Number=11222
79056. Confirmed=U
79057. Filename=tranicon.exe
79058. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
79059. Source=Paul Collins Startup list
79060.  
79061. [transtask]
79062. Number=11223
79063. Confirmed=U
79064. Filename=transtask.exe
79065. Description=A <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> component, makes the taskbar icons transparent
79066. Source=Paul Collins Startup list
79067.  
79068. [Trashgrd]
79069. Number=11224
79070. Confirmed=U
79071. Filename=TRASHGRD.EXE
79072. Description=Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin
79073. Source=Paul Collins Startup list
79074.  
79075. [Tray]
79076. Number=11225
79077. Confirmed=X
79078. Filename=rundll32.exe
79079. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagadr.html" target="_blank">LINEAG-ADR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in an "command" sub-folder
79080. Source=Paul Collins Startup list
79081.  
79082. [Tray Pilot Lite]
79083. Number=11226
79084. Confirmed=U
79085. Filename=TrayPlt.exe
79086. Description=<a href="http://www.freedownloadscenter.com/Utilities/Misc__Utilities/Tray_Pilot.html" target="_blank">Tray Pilot</a> allows you to hide the System Tray window. No longer supported by the authors
79087. Source=Paul Collins Startup list
79088.  
79089. [Tray Temperature]
79090. Number=11227
79091. Confirmed=N
79092. Filename=Weatherbug.exe
79093. Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
79094. Source=Paul Collins Startup list
79095.  
79096. [Traybar]
79097. Number=11228
79098. Confirmed=X
79099. Filename=lsass.exe
79100. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99" target=_blank>MYDOOM.L</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
79101. Source=Paul Collins Startup list
79102.  
79103. [traydate.exe]
79104. Number=11229
79105. Confirmed=U
79106. Filename=TRAYDATE.EXE
79107. Description=Displays the date as well as the time in the System Tray. Available from <a href="http://download.tucows.com/perl/PDA.html?Target=/wince/preview/32627.html" target="_blank">TUCOWS</a>
79108. Source=Paul Collins Startup list
79109.  
79110. [TrayManager]
79111. Number=11230
79112. Confirmed=U
79113. Filename=Trayman.exe
79114. Description=TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)
79115. Source=Paul Collins Startup list
79116.  
79117. [Traymin900]
79118. Number=11231
79119. Confirmed=U
79120. Filename=Tray900.exe
79121. Description=Related to the Philips SPC webcam - System Tray manager for Personal 900 series camera
79122. Source=Paul Collins Startup list
79123.  
79124. [Traymon]
79125. Number=11232
79126. Confirmed=U
79127. Filename=traymon.exe
79128. Description=Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news
79129. Source=Paul Collins Startup list
79130.  
79131. [TraySantaCruz]
79132. Number=11233
79133. Confirmed=N
79134. Filename=tbctray.exe
79135. Description=Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
79136. Source=Paul Collins Startup list
79137.  
79138. [TrayServer]
79139. Number=11234
79140. Confirmed=N
79141. Filename=TrayServer.exe
79142. Description=For monitoring tray icons
79143. Source=Paul Collins Startup list
79144.  
79145. [TrayX]
79146. Number=11235
79147. Confirmed=X
79148. Filename=winppr32.exe
79149. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081909-2118-99" target="_blank">SOBIG.F</a> WORM!
79150. Source=Paul Collins Startup list
79151.  
79152. [tray_helper]
79153. Number=11236
79154. Confirmed=N
79155. Filename=tray_helper.exe
79156. Description=<a href="http://www.republika.pl/trayhelper/indexeng.html" target="_blank">Tray Helper</a> is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder
79157. Source=Paul Collins Startup list
79158.  
79159. [Trend Micro Anti-Spyware]
79160. Number=11237
79161. Confirmed=U
79162. Filename=Tmas.exe
79163. Description=Trend Micro <a href="http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm" target=_blank>Anti-Spyware</a> - required when using real time monitoring
79164. Source=Paul Collins Startup list
79165.  
79166. [Trend Micro AntiVirus 2007]
79167. Number=11238
79168. Confirmed=Y
79169. Filename=tavui.exe
79170. Description=<a href="http://www.trendmicro.com/" target="_blank">Trend Micro AntiVirus</a>
79171. Source=Paul Collins Startup list
79172.  
79173. [TrendMicro Antivirus]
79174. Number=11239
79175. Confirmed=Y
79176. Filename=Aveagent.exe
79177. Description=Virus scanner
79178. Source=Paul Collins Startup list
79179.  
79180. [TrendMicro OfficeScan NT]
79181. Number=11240
79182. Confirmed=Y
79183. Filename=TMLISTEN.EXE
79184. Description=Virus scanner
79185. Source=Paul Collins Startup list
79186.  
79187. [Trickler]
79188. Number=11241
79189. Confirmed=X
79190. Filename=[path to file]
79191. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
79192. Source=Paul Collins Startup list
79193.  
79194. [TridentTVIcon]
79195. Number=11242
79196. Confirmed=Y
79197. Filename=tvicon.exe
79198. Description=Trident Microsystems, Inc Display driver
79199. Source=Paul Collins Startup list
79200.  
79201. [TridTray]
79202. Number=11243
79203. Confirmed=?
79204. Filename=TridTray.exe
79205. Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
79206. Source=Paul Collins Startup list
79207.  
79208. [TridTray]
79209. Number=11244
79210. Confirmed=?
79211. Filename=TridTray.exe
79212. Description=<font color="#FF0000">System Tray access to Trident 4DWave soundcards?</font>
79213. Source=Paul Collins Startup list
79214.  
79215. [Trillian]
79216. Number=11245
79217. Confirmed=U
79218. Filename=trillian.exe
79219. Description=Part of Trillian IRC client
79220. Source=Paul Collins Startup list
79221.  
79222. [trirot]
79223. Number=11246
79224. Confirmed=Y
79225. Filename=trirot.exe
79226. Description=Trident Microsystems 3D video driver
79227.  
79228. Source=Paul Collins Startup list
79229.  
79230. [TRIXX]
79231. Number=11247
79232. Confirmed=U
79233. Filename=TRIXX.exe
79234. Description=Sapphire <a href="http://www.sapphiretech.com/us/" target="_blank">TRIXX</a> overclocking tool for the X800 GTO graphics card (and possiby others) - "push default clock speeds to 560MHz or better"
79235. Source=Paul Collins Startup list
79236.  
79237. [Trojan Guarder Gold Version]
79238. Number=11248
79239. Confirmed=N
79240. Filename=Trojan Guarder.exe
79241. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071914-2557-99" target="_blank">TrojanGuarder</a> is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats
79242. Source=Paul Collins Startup list
79243.  
79244. [Trojancheck 6 Guard]
79245. Number=11249
79246. Confirmed=U
79247. Filename=tcguard.exe
79248. Description=<a href="http://www.trojancheck.de/" target="_blank">TrojanCheck</a> anti-trojan software
79249. Source=Paul Collins Startup list
79250.  
79251. [TrojanScanner]
79252. Number=11250
79253. Confirmed=U
79254. Filename=Trjscan.exe
79255. Description=<a href="http://www.simplysup.com/tremover/details.html" target="_blank">Trojan Remover</a> from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed
79256. Source=Paul Collins Startup list
79257.  
79258. [TrojanShield]
79259. Number=11251
79260. Confirmed=U
79261. Filename=Init.exe
79262. Description=<a href="http://www.trojanshield.com/" target="_blank">TrojanShield</a>
79263. Source=Paul Collins Startup list
79264.  
79265. [TrojanShield Protector]
79266. Number=11252
79267. Confirmed=U
79268. Filename=Port.exe
79269. Description=<a href="http://www.trojanshield.com/index.htm" target="_blank">TrojanShield</a> anti-hacker/anti-trojan software
79270. Source=Paul Collins Startup list
79271.  
79272. [True Internet Color Icon]
79273. Number=11253
79274. Confirmed=U
79275. Filename=internetcolor.exe
79276. Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a>. Was part of 3Deep. "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"
79277. Source=Paul Collins Startup list
79278.  
79279. [TrueCrypt]
79280. Number=11254
79281. Confirmed=U
79282. Filename=TrueCrypt.exe
79283. Description=<a href="http://www.truecrypt.org/" target="_blank">TrueCrypt</a> is a free open-source disk encryption software for Windows XP/2K/2003 and Linux. This the Truecrypt background task that enables some background function of truetyp: Hot-keys, autodismount, etc
79284. Source=Paul Collins Startup list
79285.  
79286. [TrueFonts]
79287. Number=11255
79288. Confirmed=X
79289. Filename=fonts.hta
79290. Description=Browser hijacker - redirecting to Hugesearch.net
79291. Source=Paul Collins Startup list
79292.  
79293. [TrueImageMonitor.exe]
79294. Number=11256
79295. Confirmed=N
79296. Filename=TrueImageMonitor.exe
79297. Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target=_blank>Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
79298.  
79299. Source=Paul Collins Startup list
79300.  
79301. [TrueSync Launcher]
79302. Number=11257
79303. Confirmed=N
79304. Filename=tstool.exe
79305. Description=Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services. Stafish became Intellisync which was acquired by Nokia and is now no longer supported
79306. Source=Paul Collins Startup list
79307.  
79308. [truetype]
79309. Number=11258
79310. Confirmed=X
79311. Filename=truetype.exe
79312. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcosiami.html" target="_blank">COSIAM-I</a> TROJAN!
79313. Source=Paul Collins Startup list
79314.  
79315. [TrueVector]
79316. Number=11259
79317. Confirmed=Y
79318. Filename=VSMON.EXE
79319. Description=Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this
79320. Source=Paul Collins Startup list
79321.  
79322. [Trust Cleaner]
79323. Number=11260
79324. Confirmed=X
79325. Filename=TrustCleaner.exe
79326. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
79327. Source=Paul Collins Startup list
79328.  
79329. [TrustIn Popups]
79330. Number=11261
79331. Confirmed=X
79332. Filename=TrustInPopups.exe
79333. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062917-0128-99" target="_blank">TrustInPopups</a> adware
79334. Source=Paul Collins Startup list
79335.  
79336. [trustras.exe]
79337. Number=11262
79338. Confirmed=?
79339. Filename=trustras.exe
79340. Description=Trust ADSL modem related. <font color="#FF0000">Is it required?</font>
79341. Source=Paul Collins Startup list
79342.  
79343. [TrustyHound-TS]
79344. Number=11263
79345. Confirmed=X
79346. Filename=TrustyHound-TS.exe
79347. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051316-4010-99" target= blank>TrustyHound</a> spyware
79348. Source=Paul Collins Startup list
79349.  
79350. [tsa]
79351. Number=11264
79352. Confirmed=X
79353. Filename=tsm.exe
79354. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
79355. Source=Paul Collins Startup list
79356.  
79357. [Tsa2]
79358. Number=11265
79359. Confirmed=X
79360. Filename=tsm2.exe
79361. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
79362. Source=Paul Collins Startup list
79363.  
79364. [TsAdbot]
79365. Number=11266
79366. Confirmed=X
79367. Filename=TSADBOT.EXE
79368. Description=TimeSink Add Client - advertising spyware
79369. Source=Paul Collins Startup list
79370.  
79371. [TSBxLogon]
79372. Number=11267
79373. Confirmed=?
79374. Filename=TMESBS2.EXE
79375. Description=Found on a Toshiba laptop.<font color="#FF0000"> May be related to <a href="#TMESBS">TMESBS</a>?</font>
79376. Source=Paul Collins Startup list
79377.  
79378. [TSE_PLUtil]
79379. Number=11268
79380. Confirmed=U
79381. Filename=PLBkMon.exe
79382. Description=<a href="http://www.prolific.com.tw/eng/company.asp" target=_blank>Prolific</a> USB Flash Disk Log On Application
79383. Source=Paul Collins Startup list
79384.  
79385. [Tsk Mng Hlp]
79386. Number=11269
79387. Confirmed=X
79388. Filename=wins32.exe
79389. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotjb.html" target= blank>AGOBOT-JB</a> WORM!
79390. Source=Paul Collins Startup list
79391.  
79392. [tskdbg]
79393. Number=11270
79394. Confirmed=X
79395. Filename=tskdbg.exe
79396. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-052418-2252-99" target="_blank">FLOOD.E</a> TROJAN!
79397. Source=Paul Collins Startup list
79398.  
79399. [Tsklist]
79400. Number=11271
79401. Confirmed=X
79402. Filename=tsklist32.exe
79403. Description=Added by the BANCOS.SP TROJAN as reported by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a>
79404. Source=Paul Collins Startup list
79405.  
79406. [TSkrMain]
79407. Number=11272
79408. Confirmed=U
79409. Filename=TSkrMain.exe
79410. Description=TOSHIBA Accelerometer Utilities - hardware utilities that work with the motion sensors built into their Tablet PCs. Detect the way you are holding it at any given moment, you can set the machine to perform a specific function when the unit is quickly tilted to the left or right, or to the front or back and you can also take control of the cursor in some applications and make it move by leaning the PC in a certain direction
79411. Source=Paul Collins Startup list
79412.  
79413. [Tsl]
79414. Number=11273
79415. Confirmed=X
79416. Filename=tsl.exe
79417. Description=<a href="http://vil.nai.com/vil/content/v_127649.htm" target=_blank>Uploader-R</a> adware
79418. Source=Paul Collins Startup list
79419.  
79420. [Tsl2]
79421. Number=11274
79422. Confirmed=X
79423. Filename=tsl2.exe
79424. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=TargetSaver&threatid=15121" target=_blank>TargetSaver</a> adware
79425. Source=Paul Collins Startup list
79426.  
79427. [TSMsger]
79428. Number=11275
79429. Confirmed=N
79430. Filename=TSMsger.exe
79431. Description=Epson scannner software - required for "one-touch" operation. Can be launched manually
79432. Source=Paul Collins Startup list
79433.  
79434. [tsnp2std]
79435. Number=11276
79436. Confirmed=N
79437. Filename=tsnp2std.exe
79438. Description=Digital camera related
79439. Source=Paul Collins Startup list
79440.  
79441. [TSPower]
79442. Number=11277
79443. Confirmed=?
79444. Filename=spower.drv
79445. Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to power management?</font>
79446. Source=Paul Collins Startup list
79447.  
79448. [tsrv]
79449. Number=11278
79450. Confirmed=X
79451. Filename=t2serv.exe
79452. Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_at.shtml" target="_blank">WAREZOV.AT</a> WORM!
79453. Source=Paul Collins Startup list
79454.  
79455. [tsrv]
79456. Number=11279
79457. Confirmed=X
79458. Filename=tsrv.exe
79459. Description=Added by the <a href="http://www.f-secure.com/v-descs/warezov_w.shtml" target="_blank">WAREZOV.W</a> WORM!
79460. Source=Paul Collins Startup list
79461.  
79462. [TSService]
79463. Number=11280
79464. Confirmed=?
79465. Filename=NSSERVICE.EXE
79466. Description=<font color="#FF0000">??</font>
79467. Source=Paul Collins Startup list
79468.  
79469. [tsvcin]
79470. Number=11281
79471. Confirmed=X
79472. Filename=n20050308.exe
79473. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target=_blank>Delfin Media Viewer</a> adware related
79474. Source=Paul Collins Startup list
79475.  
79476. [tsyssmon]
79477. Number=11282
79478. Confirmed=?
79479. Filename=tsyssmon.exe
79480. Description=<font color="#FF0000">Found in a Toshibasysstability directory</font>
79481. Source=Paul Collins Startup list
79482.  
79483. [TSystem]
79484. Number=11283
79485. Confirmed=X
79486. Filename=[trojan filename]
79487. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnsysa.html" target=_blank>NSYS-A</a> TROJAN!
79488. Source=Paul Collins Startup list
79489.  
79490. [ttaa]
79491. Number=11284
79492. Confirmed=X
79493. Filename=tata.exe
79494. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineaget.html" target=_blank>LINEAGE-T</a> TROJAN!
79495. Source=Paul Collins Startup list
79496.  
79497. [ttasq]
79498. Number=11285
79499. Confirmed=?
79500. Filename=ttasq.exe
79501. Description=<font color="#FF0000">??</font>
79502. Source=Paul Collins Startup list
79503.  
79504. [ttool]
79505. Number=11286
79506. Confirmed=X
79507. Filename=scvc.exe
79508. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrowm.html" target="_blank">OWM</a> TROJAN!
79509. Source=Paul Collins Startup list
79510.  
79511. [TTrayp]
79512. Number=11287
79513. Confirmed=N
79514. Filename=VTtrayp.exe
79515. Description=Part of S3 Graphics Controllers - S3 Screentoys Helper
79516. Source=Paul Collins Startup list
79517.  
79518. [TTS Sync]
79519. Number=11288
79520. Confirmed=X
79521. Filename=testtts.exe
79522. Description=Added by the <a href="http://ae.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SDBOT.BVA" target=_blank>SDBOT.BVA</a> WORM!
79523. Source=Paul Collins Startup list
79524.  
79525. [Ttt]
79526. Number=11289
79527. Confirmed=X
79528. Filename=Ttt.exe
79529. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
79530. Source=Paul Collins Startup list
79531.  
79532. [ttupt]
79533. Number=11290
79534. Confirmed=X
79535. Filename=ttupt.exe
79536. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
79537. Source=Paul Collins Startup list
79538.  
79539. [Tukati]
79540. Number=11291
79541. Confirmed=?
79542. Filename=TukatiRedistributor.exe
79543. Description=<a href="http://www.tukati.com/" target="_blank">Tukati</a> Digital Content Distribution. <font color="#FF0000">Is it required?</font>
79544. Source=Paul Collins Startup list
79545.  
79546. [tunebite]
79547. Number=11292
79548. Confirmed=N
79549. Filename=tunebite.exe
79550. Description="<a href="http://www.tunebite.com/en/tunebite/index.html" target=_blank>Tunebite</a> lets you make unprotected copies of copy-protected music files by recording them while they are being played". Can be launched from it's Start Menu shortcut
79551. Source=Paul Collins Startup list
79552.  
79553. [TuneUp MemOptimizer]
79554. Number=11293
79555. Confirmed=U
79556. Filename=memoptimizer.exe
79557. Description=Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard
79558. Source=Paul Collins Startup list
79559.  
79560. [TurBo]
79561. Number=11294
79562. Confirmed=X
79563. Filename=System.Trubo.vbs
79564. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsautomc.html" target="_blank">AUTOM-C</a> WORM!
79565. Source=Paul Collins Startup list
79566.  
79567. [TurboExplorer]
79568. Number=11295
79569. Confirmed=U
79570. Filename=TE.exe
79571. Description=Web accelerator - "<a href="http://www.downlinx.com/proghtml/9/969.htm" target="_blank">TurboExplorer</a> 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing
79572. Source=Paul Collins Startup list
79573.  
79574. [TurboLaunch]
79575. Number=11296
79576. Confirmed=U
79577. Filename=Tlaunch.exe
79578. Description=<a href="http://www.savardsoftware.com/turbolaunch/" target=_blank>TurboLaunch</a> is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions
79579. Source=Paul Collins Startup list
79580.  
79581. [TurboMemoryCharger]
79582. Number=11297
79583. Confirmed=U
79584. Filename=turbomemorycharger.exe
79585. Description=<a href="http://www.turbomemorycharger.com/" target="_blank">Turbo Memory Charger</a> - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See <a href="http://aumha.org/win4/a/memmgmt.htm" target="_blank">this</a> article and make up your own mind
79586. Source=Paul Collins Startup list
79587.  
79588. [TurboNote]
79589. Number=11298
79590. Confirmed=N
79591. Filename=tbnote.exe
79592. Description=Post-It's on your desktop. Available via Start -> Programs
79593. Source=Paul Collins Startup list
79594.  
79595. [TurboTop]
79596. Number=11299
79597. Confirmed=U
79598. Filename=TurboTop.exe
79599. Description=<a href="http://www.savardsoftware.com/turbotop/" target="_blank">TurboTop</a> - make any window "Always on top"
79600. Source=Paul Collins Startup list
79601.  
79602. [TURXP Protocol]
79603. Number=11300
79604. Confirmed=X
79605. Filename=sps32.exe
79606. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
79607. Source=Paul Collins Startup list
79608.  
79609. [tutcdchk2]
79610. Number=11301
79611. Confirmed=X
79612. Filename=tutcdchk2.exe
79613. Description=Added by the <a href="http://fileinfo.prevx.com/spyware/qq975f36890326-TUTC23121686/TUTCDCHK2.EXE.html" target="_blank">VXGAME</a> TROJAN!
79614. Source=Paul Collins Startup list
79615.  
79616. [TV Media]
79617. Number=11302
79618. Confirmed=X
79619. Filename=Tvm.exe
79620. Description=<a href="http://www.pestpatrol.com/MS/pestinfo/C/cleveriehooker.asp" target="_blank">CleverIEHooker</a> hijacker variant
79621. Source=Paul Collins Startup list
79622.  
79623. [TV Scheduler]
79624. Number=11303
79625. Confirmed=U
79626. Filename=TVSCHL.EXE
79627. Description=ProLink <a href="http://www.prolink-usa.com/english/product/mmpak/ppro.htm#title1" target=_blank>PlayTVpro</a> TV tuner software scheduler
79628. Source=Paul Collins Startup list
79629.  
79630. [TV878 Remote Control]
79631. Number=11304
79632. Confirmed=U
79633. Filename=C7XRCtl.exe
79634. Description=Related to <a href="http://www.what-process.com/process-info.aspx?p=C7XRCtl.exe" target="_blank">Kworld TV878</a> Tuner
79635. Source=Paul Collins Startup list
79636.  
79637. [TVMD]
79638. Number=11305
79639. Confirmed=X
79640. Filename=tvmd.exe
79641. Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> - "Secure commerce company that enables the 'checkout' process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware
79642. Source=Paul Collins Startup list
79643.  
79644. [TvNow]
79645. Number=11306
79646. Confirmed=U
79647. Filename=TvNow.exe
79648. Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
79649. Source=Paul Collins Startup list
79650.  
79651. [TvrRemote]
79652. Number=11307
79653. Confirmed=U
79654. Filename=Remote.exe
79655. Description=Remote Control driver for <a href="http://www.lifeview.com.tw/html/products/products.htm" target="_blank">LifeView</a> internal and external TV products
79656. Source=Paul Collins Startup list
79657.  
79658. [TvrSchedule]
79659. Number=11308
79660. Confirmed=U
79661. Filename=Schedule.exe
79662. Description=Scheduler for <a href="http://www.mercury-pc.com/product-detail.php?link=p-addcards&subtitle=Add-On%20Cards&productid=653" target="_blank">Mercury Ez View</a> TV Tuner Card
79663. Source=Paul Collins Startup list
79664.  
79665. [Tvs]
79666. Number=11309
79667. Confirmed=N
79668. Filename=TvsTray.exe
79669. Description=Toshiba Virtual Sound on a notebook. Allows you to change sound settings on the fly - default setting is "build-in speaker". You can also select external speaker, open type headphone, or closed type headphone. Each setting has presets for Bass, Stereo, and Clarity - which can also be changed by user if desired. Can also be launched from Start -> Programs -> Toshiba -> Utilities
79670. Source=Paul Collins Startup list
79671.  
79672. [tvs_b]
79673. Number=11310
79674. Confirmed=X
79675. Filename=tvs_b.exe
79676. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
79677. Source=Paul Collins Startup list
79678.  
79679. [tvs_b]
79680. Number=11311
79681. Confirmed=X
79682. Filename=tvs_ln.exe
79683. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
79684. Source=Paul Collins Startup list
79685.  
79686. [tvs_re]
79687. Number=11312
79688. Confirmed=X
79689. Filename=tvs_re_inst.exe
79690. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
79691. Source=Paul Collins Startup list
79692.  
79693. [TVTMD]
79694. Number=11313
79695. Confirmed=X
79696. Filename=TVTMD.EXE
79697. Description=<a href="http://www.totalvelocity.com/" target="_blank">Total Velocity</a> variant - autoinstalling spyware
79698. Source=Paul Collins Startup list
79699.  
79700. [TVTunerLib]
79701. Number=11314
79702. Confirmed=U
79703. Filename=TVTLInstTool.exe
79704. Description=Related to Sony installer tool for Sony TV tuner library
79705. Source=Paul Collins Startup list
79706.  
79707. [TVWakeup]
79708. Number=11315
79709. Confirmed=N
79710. Filename=tvwakeup.exe
79711. Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
79712. Source=Paul Collins Startup list
79713.  
79714. [Tvwatch]
79715. Number=11316
79716. Confirmed=?
79717. Filename=tvwatch.exe
79718. Description=Associated with the TV-oOut option on Asus AGP or Intel graphics cards. <font color="#FF0000">Is it required?</font>
79719. Source=Paul Collins Startup list
79720.  
79721. [Twain image]
79722. Number=11317
79723. Confirmed=X
79724. Filename=mmp32.exe
79725. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware
79726.  
79727. Source=Paul Collins Startup list
79728.  
79729. [TWarmBay]
79730. Number=11318
79731. Confirmed=?
79732. Filename=N/A
79733. Description=Found on a Toshiba laptop.<font color="#FF0000"> Related to hotswap bay management?</font>
79734. Source=Paul Collins Startup list
79735.  
79736. [TWarnMsg]
79737. Number=11319
79738. Confirmed=U
79739. Filename=twarnmsg.exe
79740. Description=Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops
79741. Source=Paul Collins Startup list
79742.  
79743. [TWBbtn]
79744. Number=11320
79745. Confirmed=?
79746. Filename=N/A
79747. Description=<font color="#FF0000">Found on a Toshiba laptop</font>
79748. Source=Paul Collins Startup list
79749.  
79750. [TWBrowse]
79751. Number=11321
79752. Confirmed=?
79753. Filename=TWBrowse.drv
79754. Description=<font color="#FF0000">Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see <a href="http://www.twaintools.de/support.html" target="_blank">this</a>?</font>
79755. Source=Paul Collins Startup list
79756.  
79757. [Tweak Manager]
79758. Number=11322
79759. Confirmed=?
79760. Filename=WinManager.Exe
79761. Description=WinGuides <a href="http://www.winguides.com/tweak/" target="_blank">Tweak Manager</a>. <font color="#FF0000">Is this required for the live updates feature and/or if settings are changed?</font>
79762. Source=Paul Collins Startup list
79763.  
79764. [Tweak UI]
79765. Number=11323
79766. Confirmed=U
79767. Filename=rundll32.exe tweakui.cpl, tweakmeup
79768. Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed
79769. Source=Paul Collins Startup list
79770.  
79771. [Tweak UI]
79772. Number=11324
79773. Confirmed=U
79774. Filename=rundll32.exe tweakui.cpl, tweaklogon
79775. Description=Automatically logs you on if you have Microsoft's Tweak UI "powertoy" installed
79776. Source=Paul Collins Startup list
79777.  
79778. [Tweak UI]
79779. Number=11325
79780. Confirmed=X
79781. Filename=RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup
79782. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-022017-5551-99" target="_blank">SUBWOOFER</a> TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
79783. Source=Paul Collins Startup list
79784.  
79785. [Tweak UI 1.33 deutsch]
79786. Number=11326
79787. Confirmed=U
79788. Filename=RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp
79789. Description=Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version
79790. Source=Paul Collins Startup list
79791.  
79792. [Tweak-Me]
79793. Number=11327
79794. Confirmed=U
79795. Filename=TWEAK-ME.exe
79796. Description=3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from <a href="http://www.tweak-me.de/" target="_blank">here</a>
79797. Source=Paul Collins Startup list
79798.  
79799. [Tweak-xp]
79800. Number=11328
79801. Confirmed=U
79802. Filename=Tweak-xp.exe
79803. Description=Main program for <a href="http://www.totalidea.com/frameset-tweakxp.htm" target=_blank>Tweak-XP</a> - a WinXP tweaking utility
79804. Source=Paul Collins Startup list
79805.  
79806. [TweakDUN]
79807. Number=11329
79808. Confirmed=U
79809. Filename=tweakdun.exe
79810. Description=Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets
79811. Source=Paul Collins Startup list
79812.  
79813. [Tweaki4PU]
79814. Number=11330
79815. Confirmed=U
79816. Filename=twksup.exe
79817. Description="<a href="http://www.jermar.com/tweaki.htm" target=_blank>Tweaki</a> puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers"
79818. Source=Paul Collins Startup list
79819.  
79820. [tweakico]
79821. Number=11331
79822. Confirmed=?
79823. Filename=tweakico.exe
79824. Description=<font color="#FF0000">May be a HP program to control their icons?</font>
79825. Source=Paul Collins Startup list
79826.  
79827. [TweakMASTER]
79828. Number=11332
79829. Confirmed=U
79830. Filename=TMTray.exe
79831. Description=<a href="http://www.tweakmaster.com/" target=_blank>TweakMASTER</a> Internet Optimizer
79832. Source=Paul Collins Startup list
79833.  
79834. [TweakYC]
79835. Number=11333
79836. Confirmed=?
79837. Filename=TweakYC.exe
79838. Description=<a href="http://www.comprousa.com/New/en/home.html" target=_blank>VideoMate</a> TV tuner and capture card related - <font color=#FF0000>what does it do and is it required?</font>
79839.  
79840. Source=Paul Collins Startup list
79841.  
79842. [twister]
79843. Number=11334
79844. Confirmed=U
79845. Filename=twister.exe
79846. Description=Twister <a href="http://www.filseclab.com/eng/products/twister.htm" target=_blank>"AntiTrojanVirus"</a>
79847. Source=Paul Collins Startup list
79848.  
79849. [TwkSCardSrv]
79850. Number=11335
79851. Confirmed=N
79852. Filename=SCardS32.Exe
79853. Description=Used with Towitoko SmartCard Readers for card recognition
79854. Source=Paul Collins Startup list
79855.  
79856. [twunk service]
79857. Number=11336
79858. Confirmed=X
79859. Filename=twunk16.exe
79860. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BAT&VSect=P" target=_blank>RBOT.BAT</a> WORM!
79861. Source=Paul Collins Startup list
79862.  
79863. [twunk_32]
79864. Number=11337
79865. Confirmed=X
79866. Filename=twunk_32.exe
79867. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090617-1926-99" target=_blank>BLACKMAL.C</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
79868. Source=Paul Collins Startup list
79869.  
79870. [Twunk_64]
79871. Number=11338
79872. Confirmed=X
79873. Filename=twunk_64.exe
79874. Description=System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
79875. Source=Paul Collins Startup list
79876.  
79877. [tyack drive]
79878. Number=11339
79879. Confirmed=X
79880. Filename=tyack.pif
79881. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamt.html" target=_blank>RBOT-AMT</a> WORM!
79882. Source=Paul Collins Startup list
79883.  
79884. [type32]
79885. Number=11340
79886. Confirmed=N
79887. Filename=type32.exe
79888. Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
79889. Source=Paul Collins Startup list
79890.  
79891. [TypingSatellite]
79892. Number=11341
79893. Confirmed=N
79894. Filename=KBOOST.exe
79895. Description=<a href="http://www.typingmaster.com" target="_blank">Typing Master 2002</a> background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs
79896. Source=Paul Collins Startup list
79897.  
79898. [U.S.Robotics WLAN Adapter Configuration Utility]
79899. Number=11342
79900. Confirmed=U
79901. Filename=USRWLAN.exe
79902. Description=<a href="http://www.usr.com/" target="_blank">U.S.Robotics LAN Adapter</a> - wireless LAN (WLAN) configuration utility
79903. Source=Paul Collins Startup list
79904.  
79905. [Uate]
79906. Number=11343
79907. Confirmed=X
79908. Filename=oocs.exe
79909. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
79910. Source=Paul Collins Startup list
79911.  
79912. [UBSShell]
79913. Number=11344
79914. Confirmed=U
79915. Filename=UBSShell.exe
79916. Description=UBS (United Bank of Switzerland) banking software
79917. Source=Paul Collins Startup list
79918.  
79919. [UCmd]
79920. Number=11345
79921. Confirmed=X
79922. Filename=fallfour.exe
79923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaza.html" target=_blank>SDBOT-AZA</a> WORM!
79924. Source=Paul Collins Startup list
79925.  
79926. [UCmore XP - The Search Accelerator]
79927. Number=11346
79928. Confirmed=U
79929. Filename=rundll32.exe UCMTSAIE.dll, DllShowTB
79930. Description=<a href="http://www.ucmore.com/" target="_blank">UCmore</a> toolbar - search accelerator
79931. Source=Paul Collins Startup list
79932.  
79933. [UC_SMB]
79934. Number=11347
79935. Confirmed=N
79936. Filename=ucstart.exe
79937. Description=Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed
79938. Source=Paul Collins Startup list
79939.  
79940. [uc_start]
79941. Number=11348
79942. Confirmed=N
79943. Filename=ucstartup.exe
79944. Description=Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc
79945. Source=Paul Collins Startup list
79946.  
79947. [UD Agent]
79948. Number=11349
79949. Confirmed=U
79950. Filename=UD.EXE
79951. Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
79952. Source=Paul Collins Startup list
79953.  
79954. [UDC6cw]
79955. Number=11350
79956. Confirmed=N
79957. Filename=UDC6cw.exe
79958. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99" target="_blank">DriveCleaner</a> is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
79959. Source=Paul Collins Startup list
79960.  
79961. [udzok]
79962. Number=11351
79963. Confirmed=X
79964. Filename=udzou.exe
79965. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcus.html" target="_blank">SDBOT-CUS</a> WORM!
79966. Source=Paul Collins Startup list
79967.  
79968. [Ueproc32]
79969. Number=11352
79970. Confirmed=U
79971. Filename=UEPROC32.exe
79972. Description=Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
79973. Source=Paul Collins Startup list
79974.  
79975. [UFD Monitor9382]
79976. Number=11353
79977. Confirmed=X
79978. Filename=ufdlmon.exe
79979. Description=Part of USB Flashdisk software - <font color="#FF0000">what does it do and is it required?</font>
79980. Source=Paul Collins Startup list
79981.  
79982. [UFD Utility9382]
79983. Number=11354
79984. Confirmed=?
79985. Filename=UFDTool.exe
79986. Description=Part of USB Flashdisk software - <font color="#FF0000">what does it do and is it required?</font>
79987. Source=Paul Collins Startup list
79988.  
79989. [ugon]
79990. Number=11355
79991. Confirmed=?
79992. Filename=aockstrs.exe
79993. Description=<font color="#FF0000">??</font>
79994. Source=Paul Collins Startup list
79995.  
79996. [uhvjsul.dll]
79997. Number=11356
79998. Confirmed=X
79999. Filename=[path] rundll32.exe [path] uhvjsul.dll, mrpmvyf
80000. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099988" target="_blank">BUSKY-G</a> TROJAN!
80001. Source=Paul Collins Startup list
80002.  
80003. [Uidler]
80004. Number=11357
80005. Confirmed=N
80006. Filename=Uidler.exe
80007. Description=Uniloc Titlewave Browser used with some shareware
80008. Source=Paul Collins Startup list
80009.  
80010. [UIWatcher]
80011. Number=11358
80012. Confirmed=N
80013. Filename=UIWatcher.exe
80014. Description=<a href="http://www.ashampoo.com/frontend/homepage/php/index.php?session_langid=2" target="_blank">Ashampoo's</a> Uninstaller Suite - installation watcher. Available via Start -> Programs
80015. Source=Paul Collins Startup list
80016.  
80017. [ujm]
80018. Number=11359
80019. Confirmed=U
80020. Filename=nm32.exe
80021. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092215-0056-99" target=blank>Stranget</a> keystroke logger/monitoring program - remove unless you installed it yourself! Found in an "fyt" subfolder of the Windows or Winnt folder
80022.  
80023. Source=Paul Collins Startup list
80024.  
80025. [UKVideo2]
80026. Number=11360
80027. Confirmed=X
80028. Filename=ukvideo2.exe
80029. Description=Adult content dialler
80030. Source=Paul Collins Startup list
80031.  
80032. [Ulead AutoDetector v2]
80033. Number=11361
80034. Confirmed=?
80035. Filename=monitor.exe
80036. Description=Related to <a href="http://www.ulead.com/" target=_blank>Ulead Systems Inc.</a>. <font color="#FF0000">What does it do and is it required?</font>
80037. Source=Paul Collins Startup list
80038.  
80039. [Ulead Photo Express x.0 Calendar]
80040. Number=11362
80041. Confirmed=N
80042. Filename=calcheck.exe
80043. Description=Ulead Calendar Checker - part of <a href="http://www.ulead.com/pe/runme.htm" target="_blank">Ulead Photo Express</a>, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually
80044. Source=Paul Collins Startup list
80045.  
80046. [Ultimate Cleaner]
80047. Number=11363
80048. Confirmed=N
80049. Filename=App.exe
80050. Description=Ultimate Cleaner spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
80051. Source=Paul Collins Startup list
80052.  
80053. [UltimateBuddy]
80054. Number=11364
80055. Confirmed=X
80056. Filename=UltimateBuddy.exe
80057. Description=<a href="http://www.bleepingcomputer.com/uninstall/1457/UltimateBuddy.html" target="_blank">UltimateBuddy</a> - installs malware, or is bundled with malware
80058. Source=Paul Collins Startup list
80059.  
80060. [UltimateZip Quick Start]
80061. Number=11365
80062. Confirmed=N
80063. Filename=uzqkst.exe
80064. Description=<a href="http://www.ultimatezip.com/" target="_blank">UltimateZip</a> - file compression utility
80065. Source=Paul Collins Startup list
80066.  
80067. [Ultra Hal Assistant 4.5 Startup]
80068. Number=11366
80069. Confirmed=N
80070. Filename=HalAsst.exe
80071. Description=<a href="http://www.zabaware.com/assistant/" target="_blank">Zabaware Ultra Hal Assistant</a> - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion
80072. Source=Paul Collins Startup list
80073.  
80074. [UltraDVDMon]
80075. Number=11367
80076. Confirmed=?
80077. Filename=DVDMon.exe
80078. Description=<a href="http://www.ultra-dvd-player.com/" target="_blank">UltraDVD</a> DVD player software - <font color="#FF0000">is it required?</font>
80079. Source=Paul Collins Startup list
80080.  
80081. [Ulubione]
80082. Number=11368
80083. Confirmed=X
80084. Filename=sys****.exe
80085. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041309-0935-99" target=_blank>Ulubione</a> adware
80086. Source=Paul Collins Startup list
80087.  
80088. [UMAX VistaAccess]
80089. Number=11369
80090. Confirmed=N
80091. Filename=vsaccess.exe
80092. Description=VistaAccess gives you quick and easy access to scanning functions right from your desktop
80093. Source=Paul Collins Startup list
80094.  
80095. [UMonit]
80096. Number=11370
80097. Confirmed=U
80098. Filename=umonit.exe
80099. Description=Alerts when USB device is plugged in
80100. Source=Paul Collins Startup list
80101.  
80102. [umxagent]
80103. Number=11371
80104. Confirmed=Y
80105. Filename=umxagent.exe
80106. Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4 - main engine
80107. Source=Paul Collins Startup list
80108.  
80109. [umxldra]
80110. Number=11372
80111. Confirmed=Y
80112. Filename=umxldra.exe
80113. Description=User mode executive module DLL loader - part of <a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> V4
80114. Source=Paul Collins Startup list
80115.  
80116. [UMXLDRW]
80117. Number=11373
80118. Confirmed=Y
80119. Filename=UMXLDRW.exe
80120. Description=<a href="http://www.tinysoftware.com/home/tiny2?la=EN" target="_blank">Tiny Personal Firewall</a> (pre V4)
80121. Source=Paul Collins Startup list
80122.  
80123. [un32info]
80124. Number=11374
80125. Confirmed=X
80126. Filename=un32info.Exe
80127. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
80128. Source=Paul Collins Startup list
80129.  
80130. [UNERI]
80131. Number=11375
80132. Confirmed=X
80133. Filename=yujixit.exe
80134. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BOO&VSect=P" target=_blank>SDBOT.BOO</a> WORM!
80135. Source=Paul Collins Startup list
80136.  
80137. [UnHackMe Monitor]
80138. Number=11376
80139. Confirmed=U
80140. Filename=hackmon.exe
80141. Description=<a href="http://www.softaward.com/9275.html" target= blank>UnHackMe</a> allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits"
80142. Source=Paul Collins Startup list
80143.  
80144. [Uniblue Quick Access]
80145. Number=11377
80146. Confirmed=U
80147. Filename=qaccess.exe
80148. Description=<a href="http://www.processlibrary.com/directory/files/qaccess/" target=_blank>Quick Access</a> application from UniBlue Systems Ltd - "helps you account for all processes on your computer by providing an additional plug-in for the Windows task manager"
80149.  
80150. Source=Paul Collins Startup list
80151.  
80152. [Uniblue Registry Booster]
80153. Number=11378
80154. Confirmed=U
80155. Filename=RegistryBooster.exe
80156. Description=Uniblue "<a href="http://www.liutilities.com/products/registrybooster/" target="_blank">Registry Booster</a>  is the safest and most trusted solution to clean and optimise your system, free it from registry errors and fragmented entries"
80157. Source=Paul Collins Startup list
80158.  
80159. [Uniblue SpyEraser]
80160. Number=11379
80161. Confirmed=U
80162. Filename=spyeraser.exe
80163. Description=<a href="http://www.liutilities.com/products/spyeraser/" target="_blank">SpyEraser</a> from Uniblue. Spyware detection program
80164. Source=Paul Collins Startup list
80165.  
80166. [uninstal]
80167. Number=11380
80168. Confirmed=X
80169. Filename=regsvr32 image.dll
80170. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
80171. Source=Paul Collins Startup list
80172.  
80173. [Uninstall****]
80174. Number=11381
80175. Confirmed=X
80176. Filename=upd.exe
80177. Description=Adult content based screen saver where **** can be any number
80178. Source=Paul Collins Startup list
80179.  
80180. [UninstallAbility]
80181. Number=11382
80182. Confirmed=N
80183. Filename=uability.exe
80184. Description=<a href="http://www.innovatools.com/uninstallability.html" target="_blank">UninstallAbility</a> free uninstaller
80185. Source=Paul Collins Startup list
80186.  
80187. [UninstallHL]
80188. Number=11383
80189. Confirmed=X
80190. Filename=PreUninstallHL.exe
80191. Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
80192. Source=Paul Collins Startup list
80193.  
80194. [UninstallQL]
80195. Number=11384
80196. Confirmed=X
80197. Filename=PreUninstallQL.exe
80198. Description=<a href="http://vil.mcafeesecurity.com/vil/content/v_134892.htm" target=_blank>LinkReplacer/FFinder</a> adware
80199. Source=Paul Collins Startup list
80200.  
80201. [Uninstall_TBPS]
80202. Number=11385
80203. Confirmed=X
80204. Filename=TBuninst.exe
80205. Description=WebSearch Toolbar - <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528" target=_blank>HuntBar</a> hijacker, toolbar installer variant
80206.  
80207. Source=Paul Collins Startup list
80208.  
80209. [UniPrint]
80210. Number=11386
80211. Confirmed=U
80212. Filename=SetDfltSettings.exe
80213. Description=Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix
80214. Source=Paul Collins Startup list
80215.  
80216. [UniSc]
80217. Number=11387
80218. Confirmed=U
80219. Filename=Unisc.exe
80220. Description=McAfee UnInstaller
80221. Source=Paul Collins Startup list
80222.  
80223. [uniucu]
80224. Number=11388
80225. Confirmed=?
80226. Filename=uniucu.exe
80227. Description=<font color="#FF0000">??</font>
80228. Source=Paul Collins Startup list
80229.  
80230. [Universal USB Service]
80231. Number=11389
80232. Confirmed=X
80233. Filename=svchost32.exe
80234. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041214-1218-99" target=_blank>KELVIR.R</a> WORM!
80235. Source=Paul Collins Startup list
80236.  
80237. [Unix File Support]
80238. Number=11390
80239. Confirmed=X
80240. Filename=init3.exe
80241. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzn.html" target=_blank>RBOT-ZN</a> WORM!
80242. Source=Paul Collins Startup list
80243.  
80244. [unldr16]
80245. Number=11391
80246. Confirmed=X
80247. Filename=unldr16.exe
80248. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
80249. Source=Paul Collins Startup list
80250.  
80251. [unldr32]
80252. Number=11392
80253. Confirmed=X
80254. Filename=unldr32.exe
80255. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
80256. Source=Paul Collins Startup list
80257.  
80258. [UnlockerAssistant]
80259. Number=11393
80260. Confirmed=U
80261. Filename=UnlockerAssistant.exe
80262. Description=Related to <a href="http://ccollomb.free.fr/unlocker/" target=_blank>Unlocker</a> utility to unlock files when the OS reports the file is being used by an other person or program
80263. Source=Paul Collins Startup list
80264.  
80265. [UnSpyPC]
80266. Number=11394
80267. Confirmed=N
80268. Filename=UnSpyPC.exe
80269. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
80270. Source=Paul Collins Startup list
80271.  
80272. [untray]
80273. Number=11395
80274. Confirmed=Y
80275. Filename=untray.exe
80276. Description=<a href="http://www.authentium.com/command/" target="_blank">Command Antivirus</a> related
80277. Source=Paul Collins Startup list
80278.  
80279. [uoltray]
80280. Number=11396
80281. Confirmed=N
80282. Filename=exec.exe
80283. Description=Netzero free ISP software - not required
80284. Source=Paul Collins Startup list
80285.  
80286. [Up Service]
80287. Number=11397
80288. Confirmed=X
80289. Filename=up32.pif
80290. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotari.html" target=_blank>RBOT-ARI</a> WORM!
80291. Source=Paul Collins Startup list
80292.  
80293. [UpConfgVer]
80294. Number=11398
80295. Confirmed=N
80296. Filename=UpgConf.exe
80297. Description=Panda Antivirus Platinum. Purpose unclear, but according to Panda Software not required for the AV to function
80298. Source=Paul Collins Startup list
80299.  
80300. [Updade Windows]
80301. Number=11399
80302. Confirmed=X
80303. Filename=winlogom.exe
80304. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099334="_blank">TONAX-A</a> TROJAN!
80305. Source=Paul Collins Startup list
80306.  
80307. [UpData]
80308. Number=11400
80309. Confirmed=X
80310. Filename=wupdata.exe
80311. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbotaa.html" target= blank>IRCBOT-AA</a> TROJAN!
80312. Source=Paul Collins Startup list
80313.  
80314. [Update]
80315. Number=11401
80316. Confirmed=X
80317. Filename=[original file path]
80318. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092411-5337-99" target="_blank">LYNDEGG</a> WORM!
80319. Source=Paul Collins Startup list
80320.  
80321. [Update]
80322. Number=11402
80323. Confirmed=X
80324. Filename=CDUpdater.exe
80325. Description="Carpe Diem" adult premium rate dialler related
80326. Source=Paul Collins Startup list
80327.  
80328. [Update]
80329. Number=11403
80330. Confirmed=X
80331. Filename=Sysupd.exe
80332. Description=Added by the SLACKBOT VIRUS!
80333. Source=Paul Collins Startup list
80334.  
80335. [Update]
80336. Number=11404
80337. Confirmed=X
80338. Filename=Zupdate.exe
80339. Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
80340. Source=Paul Collins Startup list
80341.  
80342. [Update]
80343. Number=11405
80344. Confirmed=X
80345. Filename=mshtm.exe
80346. Description=Browser hijacker - redirecting to buldog-search.com
80347.  
80348. Source=Paul Collins Startup list
80349.  
80350. [Update]
80351. Number=11406
80352. Confirmed=X
80353. Filename=UPDATE-28062004.exe[25 blank spaces].vbs
80354. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110809-1153-99" target=_blank>MIDFIN</a> WORM!
80355.  
80356. Source=Paul Collins Startup list
80357.  
80358. [update]
80359. Number=11407
80360. Confirmed=X
80361. Filename=winis.exe
80362. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvd.html" target=_blank>RBOT-VD</a> WORM!
80363. Source=Paul Collins Startup list
80364.  
80365. [update]
80366. Number=11408
80367. Confirmed=X
80368. Filename=r00t.exe
80369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaco.html" target= blank>RBOT-ACO</a> WORM!
80370. Source=Paul Collins Startup list
80371.  
80372. [UPDATE]
80373. Number=11409
80374. Confirmed=X
80375. Filename=WinUpdater5.0.vbs
80376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
80377. Source=Paul Collins Startup list
80378.  
80379. [UpDate]
80380. Number=11410
80381. Confirmed=X
80382. Filename=RAuth.exe
80383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderul.html" target=_blank>DLOADER-UL</a> TROJAN!
80384. Source=Paul Collins Startup list
80385.  
80386. [Update]
80387. Number=11411
80388. Confirmed=X
80389. Filename=csrss.exe
80390. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
80391. Source=Paul Collins Startup list
80392.  
80393. [Update]
80394. Number=11412
80395. Confirmed=X
80396. Filename=csrss.exe
80397. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022111-5220-99" target=_blank>MEHEERWAR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "winupdate" subfolder
80398. Source=Paul Collins Startup list
80399.  
80400. [Update]
80401. Number=11413
80402. Confirmed=X
80403. Filename=lsass.exe
80404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
80405. Source=Paul Collins Startup list
80406.  
80407. [Update]
80408. Number=11414
80409. Confirmed=X
80410. Filename=svchost.exe
80411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojadclickag.html" target=_blank>ADCLICK-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
80412. Source=Paul Collins Startup list
80413.  
80414. [Update]
80415. Number=11415
80416. Confirmed=X
80417. Filename=Update.exe
80418. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453099537" target="_blank">QuickButton</a> adware
80419. Source=Paul Collins Startup list
80420.  
80421. [Update]
80422. Number=11416
80423. Confirmed=X
80424. Filename=hanz.exe
80425. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglj.html" target="_blank">RBOT-GLJ</a> WORM!
80426. Source=Paul Collins Startup list
80427.  
80428. [Update Checker]
80429. Number=11417
80430. Confirmed=X
80431. Filename=winlog.exe
80432. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojircbottj.html" target="_blank">IRCBOT-TJ</a> TROJAN!
80433. Source=Paul Collins Startup list
80434.  
80435. [Update Checker]
80436. Number=11418
80437. Confirmed=X
80438. Filename=scvhost.exe
80439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdsf.html" target="_blank">AGENT-DSF</a> TROJAN!
80440. Source=Paul Collins Startup list
80441.  
80442. [Update for Windows]
80443. Number=11419
80444. Confirmed=X
80445. Filename=[various filenames]
80446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
80447. Source=Paul Collins Startup list
80448.  
80449. [Update for Works]
80450. Number=11420
80451. Confirmed=?
80452. Filename=MSWkstz.exe
80453. Description=<font color="#FF0000">Maybe related to later versions of MS Works?</font>
80454. Source=Paul Collins Startup list
80455.  
80456. [Update Grokster]
80457. Number=11421
80458. Confirmed=N
80459. Filename=WiseUpdt.exe
80460. Description=Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor
80461. Source=Paul Collins Startup list
80462.  
80463. [Update Install]
80464. Number=11422
80465. Confirmed=X
80466. Filename=Schost.exe
80467. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
80468. Source=Paul Collins Startup list
80469.  
80470. [Update local]
80471. Number=11423
80472. Confirmed=?
80473. Filename=SetCPQLC.exe
80474. Description=<font color="#FF0000">Running on a Compaq desktop. Any ideas?</font>
80475. Source=Paul Collins Startup list
80476.  
80477. [Update Manager]
80478. Number=11424
80479. Confirmed=N
80480. Filename=UpdateManager.exe
80481. Description=Searches for updates for the Rogers <a href="http://help.yahoo.com/l/ca/rogers/browser/" target="_blank">Yahoo! Browser</a> - can be run manually
80482. Source=Paul Collins Startup list
80483.  
80484. [update run dos]
80485. Number=11425
80486. Confirmed=X
80487. Filename=logon.exe
80488. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
80489.  
80490. Source=Paul Collins Startup list
80491.  
80492. [Update Run MSword]
80493. Number=11426
80494. Confirmed=X
80495. Filename=LOGON.EXE
80496. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TY&VSect=P" target=_blank>RBOT.TY</a> WORM!
80497. Source=Paul Collins Startup list
80498.  
80499. [Update Service]
80500. Number=11427
80501. Confirmed=Y
80502. Filename=Update.exe
80503. Description=Loaded by Handybits programs such as <a href="http://www.handybits.com/easycrypto.htm" target="_blank">EasyCrypto</a>. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall
80504. Source=Paul Collins Startup list
80505.  
80506. [update service]
80507. Number=11428
80508. Confirmed=X
80509. Filename=svxhost.exe
80510. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmg.html" target=_blank>RBOT-MG</a> WORM!
80511. Source=Paul Collins Startup list
80512.  
80513. [Update Service]
80514. Number=11429
80515. Confirmed=X
80516. Filename=winu32.exe
80517. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmg.html" target=_blank>RBOT-MG</a> WORM!
80518. Source=Paul Collins Startup list
80519.  
80520. [update service]
80521. Number=11430
80522. Confirmed=X
80523. Filename=winx.exe
80524. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
80525. Source=Paul Collins Startup list
80526.  
80527. [Update TUT]
80528. Number=11431
80529. Confirmed=?
80530. Filename=WiseUpdt.exe
80531. Description=<font color="#FF0000">??</font>
80532. Source=Paul Collins Startup list
80533.  
80534. [Update ver 1.0]
80535. Number=11432
80536. Confirmed=X
80537. Filename=Swap.exe
80538. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32swapc.html" target=_blank>SWAP-C</a> WORM!
80539.  
80540. Source=Paul Collins Startup list
80541.  
80542. [Update Windows]
80543. Number=11433
80544. Confirmed=X
80545. Filename=EXPLORE.EXE
80546. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
80547. Source=Paul Collins Startup list
80548.  
80549. [Update Windows]
80550. Number=11434
80551. Confirmed=X
80552. Filename=EXPLORE.EXE
80553. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
80554. Source=Paul Collins Startup list
80555.  
80556. [Update.exe]
80557. Number=11435
80558. Confirmed=X
80559. Filename=ravseuper.exe
80560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassp.html" target=_blank>QQPASS-P</a> TROJAN!
80561. Source=Paul Collins Startup list
80562.  
80563. [Update32]
80564. Number=11436
80565. Confirmed=X
80566. Filename=configs.exe
80567. Description=Hijacker, also detected as the <a href="http://vil.nai.com/vil/content/v_126408.htm" target="_blank">QURL-2</a> TROJAN!
80568. Source=Paul Collins Startup list
80569.  
80570. [UpdateCheck]
80571. Number=11437
80572. Confirmed=X
80573. Filename=winstall.exe
80574. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcy.html" target=_blank>SPYBOT-CY</a> WORM!
80575. Source=Paul Collins Startup list
80576.  
80577. [UpdateComponent]
80578. Number=11438
80579. Confirmed=X
80580. Filename=CNF UPD.EXE
80581. Description=Added by the SPYBOT.GEN VIRUS!
80582. Source=Paul Collins Startup list
80583.  
80584. [UpdateFW]
80585. Number=11439
80586. Confirmed=?
80587. Filename=fwdload.exe
80588. Description=<font color="#FF0000">Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?</font>
80589. Source=Paul Collins Startup list
80590.  
80591. [UPDATEHOOK]
80592. Number=11440
80593. Confirmed=?
80594. Filename=Rundll32.exe
80595. Description=<font color="#FF0000">??</font>
80596. Source=Paul Collins Startup list
80597.  
80598. [updatelavasoft]
80599. Number=11441
80600. Confirmed=X
80601. Filename=updatelavasoft.exe
80602. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - redirecting to lalasearch.com
80603. Source=Paul Collins Startup list
80604.  
80605. [UpdateManager]
80606. Number=11442
80607. Confirmed=U
80608. Filename=sgtray.exe
80609. Description=StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
80610. Source=Paul Collins Startup list
80611.  
80612. [UpdateMedia]
80613. Number=11443
80614. Confirmed=X
80615. Filename=UpdateMedia.exe
80616. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078871" target="_blank">MediaUpdate</a> foistware
80617.  
80618. Source=Paul Collins Startup list
80619.  
80620. [UpdateMgr]
80621. Number=11444
80622. Confirmed=X
80623. Filename=updmgr.exe
80624. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072916-3615-99" target=_blank>SouthBeachTel</a> premium rate adult content dialer
80625. Source=Paul Collins Startup list
80626.  
80627. [updateMgr]
80628. Number=11445
80629. Confirmed=N
80630. Filename=AdobeUpdateManager.exe
80631. Description=Automatic updates for the Adobe Reader file viewer
80632. Source=Paul Collins Startup list
80633.  
80634. [updatemgr.exe]
80635. Number=11446
80636. Confirmed=N
80637. Filename=updatemgr.exe
80638. Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
80639. Source=Paul Collins Startup list
80640.  
80641. [UPDATEMSN]
80642. Number=11447
80643. Confirmed=X
80644. Filename=svhost.exe
80645. Description=Added by an unidentified WORM or TROJAN!
80646. Source=Paul Collins Startup list
80647.  
80648. [updater]
80649. Number=11448
80650. Confirmed=X
80651. Filename=wupdater.exe
80652. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
80653. Source=Paul Collins Startup list
80654.  
80655. [updater]
80656. Number=11449
80657. Confirmed=?
80658. Filename=updater.exe
80659. Description=<font color="#FF0000">??</font>
80660. Source=Paul Collins Startup list
80661.  
80662. [Updater]
80663. Number=11450
80664. Confirmed=X
80665. Filename=adservernow.exe
80666. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012517-2508-99" target=_blank>AdServerNow</a> adware
80667. Source=Paul Collins Startup list
80668.  
80669. [updater]
80670. Number=11451
80671. Confirmed=X
80672. Filename=wisvc.exe
80673. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsea.html" target= blank>ORSE-A</a> TROJAN!
80674. Source=Paul Collins Startup list
80675.  
80676. [Updater Service Process]
80677. Number=11452
80678. Confirmed=X
80679. Filename=svhost32.exe
80680. Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TY" target=_blank>AGOBOT.TY</a> WORM!
80681. Source=Paul Collins Startup list
80682.  
80683. [updater32]
80684. Number=11453
80685. Confirmed=X
80686. Filename=winload32.exe
80687. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021517-2143-99" target="_blank">CULT.M</a> WORM!
80688. Source=Paul Collins Startup list
80689.  
80690. [updatereal]
80691. Number=11454
80692. Confirmed=X
80693. Filename=realupdate.exe
80694. Description=Chinese originated adware
80695. Source=Paul Collins Startup list
80696.  
80697. [Updates]
80698. Number=11455
80699. Confirmed=X
80700. Filename=msupdate.exe
80701. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
80702. Source=Paul Collins Startup list
80703.  
80704. [Updates from HP]
80705. Number=11456
80706. Confirmed=N
80707. Filename=backweb*****.exe
80708. Description=See <a href="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=bph05170&lc=en&jumpid=reg_R1002_USEN#bph05170_G5" target="_blank">here</a> - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
80709. Source=Paul Collins Startup list
80710.  
80711. [Updates from HP]
80712. Number=11457
80713. Confirmed=N
80714. Filename=Updates from HP.exe
80715. Description=Automatically detects an internet connection and downloads any available updates
80716. Source=Paul Collins Startup list
80717.  
80718. [UpdateService]
80719. Number=11458
80720. Confirmed=X
80721. Filename=wservice.exe
80722. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32drefk.html" target="_blank">DREF-K</a> WORM!
80723. Source=Paul Collins Startup list
80724.  
80725. [Updatestats]
80726. Number=11459
80727. Confirmed=X
80728. Filename=Updatestats.exe
80729. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=StatBlaster&threatid=11648" target="_blank">Statblaster</a> adware
80730. Source=Paul Collins Startup list
80731.  
80732. [UpdateStats]
80733. Number=11460
80734. Confirmed=X
80735. Filename=UpdateStats.exe
80736. Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A&VSect=Sn" target=_blank>here</a>
80737.  
80738. Source=Paul Collins Startup list
80739.  
80740. [updatev01]
80741. Number=11461
80742. Confirmed=N
80743. Filename=updatev01.exe
80744. Description=Ultra-networks.com software updater/downloader
80745.  
80746. Source=Paul Collins Startup list
80747.  
80748. [updatewin]
80749. Number=11462
80750. Confirmed=X
80751. Filename=update.exe
80752. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
80753. Source=Paul Collins Startup list
80754.  
80755. [Updatewiz]
80756. Number=11463
80757. Confirmed=?
80758. Filename=updatewiz.exe
80759. Description=<font color="#FF0000">??</font>
80760. Source=Paul Collins Startup list
80761.  
80762. [UPDATE~1]
80763. Number=11464
80764. Confirmed=N
80765. Filename=updatemgr.exe
80766. Description=Once a month, your EarthLink 5.0 Update Manager contacts EarthLink's servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
80767. Source=Paul Collins Startup list
80768.  
80769. [upddateit]
80770. Number=11465
80771. Confirmed=X
80772. Filename=winit.exe
80773. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotms.html" target=_blank>RBOT-MS</a> WORM!
80774.  
80775. Source=Paul Collins Startup list
80776.  
80777. [Updmgr]
80778. Number=11466
80779. Confirmed=X
80780. Filename=updmgr.exe
80781. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
80782. Source=Paul Collins Startup list
80783.  
80784. [updmgr]
80785. Number=11467
80786. Confirmed=X
80787. Filename=rvupdmgr.exe
80788. Description=<a href="http://www.sarc.com/avcenter/venc/data/adware.keenval.html" target=_blank>eUniverse/KeenValue</a> adware
80789. Source=Paul Collins Startup list
80790.  
80791. [upDpacketo]
80792. Number=11468
80793. Confirmed=X
80794. Filename=services.exe
80795. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "TEMPER" subfolder of the Windows or Winnt folder
80796. Source=Paul Collins Startup list
80797.  
80798. [UpdReg]
80799. Number=11469
80800. Confirmed=N
80801. Filename=Updreg.exe
80802. Description=Reminder to register Creative Labs SoundBlaster Live! cards
80803. Source=Paul Collins Startup list
80804.  
80805. [UpdSys]
80806. Number=11470
80807. Confirmed=X
80808. Filename=[random filename]
80809. Description=Added by the BJ TROJAN!
80810. Source=Paul Collins Startup list
80811.  
80812. [Updt Service]
80813. Number=11471
80814. Confirmed=X
80815. Filename=updt.pif
80816. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayu.html" target=_blank>RBOT-AYU</a> WORM!
80817. Source=Paul Collins Startup list
80818.  
80819. [updwebmin]
80820. Number=11472
80821. Confirmed=X
80822. Filename=updwebmin.exe
80823. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=445f40dc8020b7bd3944009b94fe1c00794bf1e5" target="_blank">BACKDOOR.GEN</a> TROJAN!
80824. Source=Paul Collins Startup list
80825.  
80826. [UPERVGAS]
80827. Number=11473
80828. Confirmed=?
80829. Filename=UPERVGAS.exe
80830. Description=<font color="#FF0000">??</font>
80831. Source=Paul Collins Startup list
80832.  
80833. [Upgrade Sarvice]
80834. Number=11474
80835. Confirmed=X
80836. Filename=sxchost.exe
80837. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeri.html" target=_blank>TOFGER-I</a> TROJAN!
80838. Source=Paul Collins Startup list
80839.  
80840. [Upgrade Service]
80841. Number=11475
80842. Confirmed=X
80843. Filename=sxchost.exe
80844. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeri.html" target=_blank>TOFGER-I</a> TROJAN!
80845. Source=Paul Collins Startup list
80846.  
80847. [Upgrade Service]
80848. Number=11476
80849. Confirmed=X
80850. Filename=winupd.exe
80851. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtofgeru.html" target=_blank>TOFGER-U</a> TROJAN!
80852. Source=Paul Collins Startup list
80853.  
80854. [upme]
80855. Number=11477
80856. Confirmed=X
80857. Filename=[filename]
80858. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011415-4521-99" target=_blank>MUGLY.F</a> WORM!
80859. Source=Paul Collins Startup list
80860.  
80861. [Upme]
80862. Number=11478
80863. Confirmed=X
80864. Filename=DLLMAN.EXE
80865. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUGLY.I" target="_blank">MUGLY.I</a> WORM!
80866. Source=Paul Collins Startup list
80867.  
80868. [upnp]
80869. Number=11479
80870. Confirmed=X
80871. Filename=upnp.exe
80872. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadryt.html" target="_blank">DLOADR-YT</a> WORM!
80873. Source=Paul Collins Startup list
80874.  
80875. [UPnP Manager]
80876. Number=11480
80877. Confirmed=X
80878. Filename=upnpman.exe
80879. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT</a>  WORM!
80880. Source=Paul Collins Startup list
80881.  
80882. [UPNPService]
80883. Number=11481
80884. Confirmed=X
80885. Filename=WinSVCservice.exe
80886. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UN" target="_blank">AGOBOT.UN</a> WORM!
80887. Source=Paul Collins Startup list
80888.  
80889. [Upromise0]
80890. Number=11482
80891. Confirmed=U
80892. Filename=Upromise0.exe
80893. Description=<a href="http://www.upromise.com/8298.4.1.do" target=_blank>Upromise</a> college savings program
80894. Source=Paul Collins Startup list
80895.  
80896. [UpromiseRemindU]
80897. Number=11483
80898. Confirmed=U
80899. Filename=wjview ...Code
80900. Description=Part of the <a href="http://www.upromise.com/" target="_blank">Upromise</a> saving scheme but associated with <a href="http://www.pestpatrol.com/zks/pestinfo/e/ebates_moneymaker.asp" target="_blank">Ebates MoneyMaker</a> adware so the choice is yours
80901. Source=Paul Collins Startup list
80902.  
80903. [UPS]
80904. Number=11484
80905. Confirmed=Y
80906. Filename=ups.exe
80907. Description=PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon)
80908. Source=Paul Collins Startup list
80909.  
80910. [UPS]
80911. Number=11485
80912. Confirmed=X
80913. Filename=UPS32.exe
80914. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061912-4346-99" target=_blank>FEMOT.O</a> WORM!
80915. Source=Paul Collins Startup list
80916.  
80917. [UPSentry 2000]
80918. Number=11486
80919. Confirmed=Y
80920. Filename=upsd.exe
80921. Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
80922. Source=Paul Collins Startup list
80923.  
80924. [UPSlim]
80925. Number=11487
80926. Confirmed=Y
80927. Filename=upsd.exe
80928. Description=Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
80929. Source=Paul Collins Startup list
80930.  
80931. [UPSMON]
80932. Number=11488
80933. Confirmed=U
80934. Filename=UPSMON.exe
80935. Description=<a href="http://www.powercom-ups.com/products/software/upsmon.htm" target=_blank>UPSMON</a> Power Management software
80936. Source=Paul Collins Startup list
80937.  
80938. [UPSUtl]
80939. Number=11489
80940. Confirmed=X
80941. Filename=web.exe
80942. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
80943. Source=Paul Collins Startup list
80944.  
80945. [Uptimer4]
80946. Number=11490
80947. Confirmed=U
80948. Filename=Uptimer4.exe
80949. Description=Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things
80950. Source=Paul Collins Startup list
80951.  
80952. [UpTimes service]
80953. Number=11491
80954. Confirmed=X
80955. Filename=WinUp.exe
80956. Description=Added by the  <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakb.html" target=_blank>RBOT-AKB</a> WORM!
80957. Source=Paul Collins Startup list
80958.  
80959. [UpToDate]
80960. Number=11492
80961. Confirmed=X
80962. Filename=uptodate.exe
80963. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
80964. Source=Paul Collins Startup list
80965.  
80966. [upxdn]
80967. Number=11493
80968. Confirmed=X
80969. Filename=upxdn.exe
80970. Description=Added by the <a href="http://www.eset.eu/buxus/generate_page.php?page_id=15567" target="_blank">AGENT.NCC</a> TROJAN!
80971. Source=Paul Collins Startup list
80972.  
80973. [upxdnd]
80974. Number=11494
80975. Confirmed=X
80976. Filename=upxdnd.exe
80977. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojjda.html" target="_blank">JD-A</a> TROJAN!
80978. Source=Paul Collins Startup list
80979.  
80980. [upyxo]
80981. Number=11495
80982. Confirmed=X
80983. Filename=yujixit.exe
80984. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIX&VSect=P" target=_blank>SDBOT.BIX</a> WORM!
80985. Source=Paul Collins Startup list
80986.  
80987. [UrlLstCk]
80988. Number=11496
80989. Confirmed=Y
80990. Filename=UrlLstCk.exe
80991. Description=Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
80992. Source=Paul Collins Startup list
80993.  
80994. [URLMAP]
80995. Number=11497
80996. Confirmed=N
80997. Filename=Urlmap.exe
80998. Description=Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it
80999. Source=Paul Collins Startup list
81000.  
81001. [UrtSvcExe]
81002. Number=11498
81003. Confirmed=Y
81004. Filename=Urt95Svc.exe
81005. Description="Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"
81006. Source=Paul Collins Startup list
81007.  
81008. [Usb]
81009. Number=11499
81010. Confirmed=?
81011. Filename=Usb.exe
81012. Description=<font color="#FF0000">HP related - not sure whether it's required</font>
81013. Source=Paul Collins Startup list
81014.  
81015. [usb]
81016. Number=11500
81017. Confirmed=X
81018. Filename=SASS.EXE
81019. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfunstaa.html" target=_blank>FUNSTA-A</a> TROJAN!
81020. Source=Paul Collins Startup list
81021.  
81022. [USB 2.0 Driver]
81023. Number=11501
81024. Confirmed=X
81025. Filename=updateXPSPC.exe
81026. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrj.html" target=_blank>AGOBOT-RJ</a> WORM!
81027. Source=Paul Collins Startup list
81028.  
81029. [USB 2.0 Driver]
81030. Number=11502
81031. Confirmed=X
81032. Filename=Winsys32.exe
81033. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqm.html" target=_blank>AGOBOT-QM</a> WORM!
81034. Source=Paul Collins Startup list
81035.  
81036. [USB 2.0 Driver]
81037. Number=11503
81038. Confirmed=X
81039. Filename=updateXP.exe
81040. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqp.html" target= blank>AGOBOT-QP</a> WORM!
81041. Source=Paul Collins Startup list
81042.  
81043. [USB 2.0 Driver]
81044. Number=11504
81045. Confirmed=X
81046. Filename=winsystem.exe
81047. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqs.html" target= blank>AGOBOT-QS</a> WORM!
81048. Source=Paul Collins Startup list
81049.  
81050. [USB 2.1 Driver]
81051. Number=11505
81052. Confirmed=X
81053. Filename=winupdate1.exe
81054. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
81055.  
81056. Source=Paul Collins Startup list
81057.  
81058. [USB controller]
81059. Number=11506
81060. Confirmed=X
81061. Filename=Svcmm32.exe
81062. Description=SvcMM backdoor parasite downloader
81063.  
81064. Source=Paul Collins Startup list
81065.  
81066. [USB Device]
81067. Number=11507
81068. Confirmed=X
81069. Filename=servicelog.exe
81070. Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CB" target=_blank>WOOTBOT.CB</a> WORM!
81071. Source=Paul Collins Startup list
81072.  
81073. [USB Device]
81074. Number=11508
81075. Confirmed=X
81076. Filename=win32usb.exe
81077. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbq.html" target=_blank>FORBOT-BQ</a> WORM!
81078.  
81079. Source=Paul Collins Startup list
81080.  
81081. [USB Driver4]
81082. Number=11509
81083. Confirmed=X
81084. Filename=UpdateXP*.exe [* = random digit]
81085. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
81086. Source=Paul Collins Startup list
81087.  
81088. [USB Drivers1]
81089. Number=11510
81090. Confirmed=X
81091. Filename=msupdate.exe
81092. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
81093. Source=Paul Collins Startup list
81094.  
81095. [USB Driverz2]
81096. Number=11511
81097. Confirmed=X
81098. Filename=msnplus1.exe
81099. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxq.html" target= blank>SDBOT-XQ</a> WORM!
81100. Source=Paul Collins Startup list
81101.  
81102. [USB Fix 1.1]
81103. Number=11512
81104. Confirmed=X
81105. Filename=wuservices.exe
81106. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
81107. Source=Paul Collins Startup list
81108.  
81109. [USB Fixes]
81110. Number=11513
81111. Confirmed=X
81112. Filename=wuafix.exe
81113. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabv.html" target= blank>RBOT-ABV</a> TROJAN!
81114. Source=Paul Collins Startup list
81115.  
81116. [USB Hardware Monitoring]
81117. Number=11514
81118. Confirmed=X
81119. Filename=USBhardware.exe
81120. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnn.html" target=_blank>RBOT-NN</a> WORM!
81121.  
81122. Source=Paul Collins Startup list
81123.  
81124. [USB Hardware326 Monitoring]
81125. Number=11515
81126. Confirmed=Y
81127. Filename=USBhardware326.exe
81128. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
81129. Source=Paul Collins Startup list
81130.  
81131. [USB Hardware32c Monitoring]
81132. Number=11516
81133. Confirmed=X
81134. Filename=USBHARDWARE32C.EXE
81135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotuu.html" target=_blank>RBOT-UU</a> WORM!
81136. Source=Paul Collins Startup list
81137.  
81138. [USB Host Service]
81139. Number=11517
81140. Confirmed=X
81141. Filename=usbsvc.exe
81142. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgg.html" target="_blank">RBOT-GG</a> WORM!
81143. Source=Paul Collins Startup list
81144.  
81145. [USB Hub Keyboard Patch]
81146. Number=11518
81147. Confirmed=?
81148. Filename=SKBPATCH.EXE
81149. Description=USB HUB Update
81150. Source=Paul Collins Startup list
81151.  
81152. [USB SECURITY DEVICE CoInstaller]
81153. Number=11519
81154. Confirmed=Y
81155. Filename=JupitCo.exe
81156. Description=<a href="http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm" target=_blank>ButterflyMedia</a> USB Flash drive related - required for the password security feature to work
81157.  
81158. Source=Paul Collins Startup list
81159.  
81160. [USB Updates]
81161. Number=11520
81162. Confirmed=X
81163. Filename=mservices.exe
81164. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
81165. Source=Paul Collins Startup list
81166.  
81167. [USB Updates]
81168. Number=11521
81169. Confirmed=X
81170. Filename=msfirewalls.exe
81171. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
81172. Source=Paul Collins Startup list
81173.  
81174. [USB Updates 2]
81175. Number=11522
81176. Confirmed=X
81177. Filename=wugfixx.exe
81178. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
81179. Source=Paul Collins Startup list
81180.  
81181. [USB2Check]
81182. Number=11523
81183. Confirmed=N
81184. Filename=PCLECoInst.dll
81185. Description=Related to <a href="http://www.pinnaclesys.com/" target=_blank>Pinnacle Systems Inc</a>. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system
81186. Source=Paul Collins Startup list
81187.  
81188. [USBConfigration2]
81189. Number=11524
81190. Confirmed=X
81191. Filename=wmmndir.exe
81192. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsv.html" target=_blank>AGOBOT-SV</a> WORM!
81193. Source=Paul Collins Startup list
81194.  
81195. [UsbD]
81196. Number=11525
81197. Confirmed=X
81198. Filename=smss32.exe
81199. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Proxy.Win32.Agent.cj
81200. Source=Paul Collins Startup list
81201.  
81202. [UsbD]
81203. Number=11526
81204. Confirmed=X
81205. Filename=svhost32.exe
81206. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.IB" target="_blank">AGENT.IB</a> TROJAN!
81207. Source=Paul Collins Startup list
81208.  
81209. [Usbd]
81210. Number=11527
81211. Confirmed=X
81212. Filename=usb_d.exe
81213. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcidraa.html" target=_blank>CIDRA-A</a> TROJAN!
81214. Source=Paul Collins Startup list
81215.  
81216. [UsbD]
81217. Number=11528
81218. Confirmed=X
81219. Filename=[path to trojan]
81220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcidraf.html" target=_blank>CIDRA-F</a> TROJAN!
81221. Source=Paul Collins Startup list
81222.  
81223. [USBDetector]
81224. Number=11529
81225. Confirmed=U
81226. Filename=USBDetector.exe
81227. Description=USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware
81228. Source=Paul Collins Startup list
81229.  
81230. [USBDetector]
81231. Number=11530
81232. Confirmed=U
81233. Filename=UDetect.exe
81234. Description=USB tray icon/detection for external Belkin (and maybe other makes) under Win98
81235. Source=Paul Collins Startup list
81236.  
81237. [USBDrives]
81238. Number=11531
81239. Confirmed=X
81240. Filename=msfirewalI.exe
81241. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabp.html" target= blank>RBOT-ABP</a> WORM!
81242. Source=Paul Collins Startup list
81243.  
81244. [usbdrv]
81245. Number=11532
81246. Confirmed=X
81247. Filename=servicetask.exe
81248. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
81249. Source=Paul Collins Startup list
81250.  
81251. [USBHWDRV]
81252. Number=11533
81253. Confirmed=X
81254. Filename=gam.exe
81255. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81256. Source=Paul Collins Startup list
81257.  
81258. [USBHWDRV]
81259. Number=11534
81260. Confirmed=X
81261. Filename=msdc.exe
81262. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81263. Source=Paul Collins Startup list
81264.  
81265. [USBHWDRV]
81266. Number=11535
81267. Confirmed=X
81268. Filename=sst4.exe
81269. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81270. Source=Paul Collins Startup list
81271.  
81272. [USBHWINFO]
81273. Number=11536
81274. Confirmed=X
81275. Filename=mac.exe
81276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81277. Source=Paul Collins Startup list
81278.  
81279. [USBHWINFO]
81280. Number=11537
81281. Confirmed=X
81282. Filename=[path to trojan]
81283. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81284. Source=Paul Collins Startup list
81285.  
81286. [USBHWINFO]
81287. Number=11538
81288. Confirmed=X
81289. Filename=sst6.exe
81290. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzonei.html" target= blank>LOWZONE-I</a> TROJAN!
81291. Source=Paul Collins Startup list
81292.  
81293. [USBMMKBD]
81294. Number=11539
81295. Confirmed=U
81296. Filename=usbmmkbd.exe
81297. Description=USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version no longer pings a server when on-line wheras the older version did but did not transmit any user information
81298. Source=Paul Collins Startup list
81299.  
81300. [USBMonit.exe]
81301. Number=11540
81302. Confirmed=U
81303. Filename=USBMonit.exe
81304. Description=Monitors USB ports for insertion of Sandisk USB flashdrives
81305. Source=Paul Collins Startup list
81306.  
81307. [usbn]
81308. Number=11541
81309. Confirmed=X
81310. Filename=usbn.exe
81311. Description=Adult content dialer - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Small.afa
81312. Source=Paul Collins Startup list
81313.  
81314. [usbn]
81315. Number=11542
81316. Confirmed=X
81317. Filename=[path to trojan]
81318. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhogilc.html" target=_blank>HOGIL-C</a> TROJAN!
81319. Source=Paul Collins Startup list
81320.  
81321. [USBPNP]
81322. Number=11543
81323. Confirmed=Y
81324. Filename=USBPNP.exe
81325. Description=SiPix digital camera Twain USB driver
81326. Source=Paul Collins Startup list
81327.  
81328. [USBTA]
81329. Number=11544
81330. Confirmed=N
81331. Filename=usbtapnp.exe
81332. Description=System Tray access for the <a href="http://www.bewan.com/bewan/products/isdn/gazel128usb.php" target="_blank">BeWAN Gazel 128 USB</a> ISDN adapter
81333. Source=Paul Collins Startup list
81334.  
81335. [USBToolTip]
81336. Number=11545
81337. Confirmed=?
81338. Filename=USBTip.exe
81339. Description=Related to <a href="http://www.pinnaclesys.com/" target=_blank>Pinnacle Systems Inc</a>. <font color="#FF0000">What does it do and is it required?</font>
81340. Source=Paul Collins Startup list
81341.  
81342. [useful-soft]
81343. Number=11546
81344. Confirmed=X
81345. Filename=svchst.exe
81346. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahh.html" target="_blank">STARTPA-HH</a> TROJAN!
81347. Source=Paul Collins Startup list
81348.  
81349. [user]
81350. Number=11547
81351. Confirmed=X
81352. Filename=user32.exe
81353. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030215-5059-99" target=_blank>BINGHE</a> TROJAN!
81354. Source=Paul Collins Startup list
81355.  
81356. [User Logger]
81357. Number=11548
81358. Confirmed=U
81359. Filename=UsrLog.exe
81360. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.userlogger.html" target="_blank">UserLogger</a> is a commercial surveillance software program. It logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list
81361. Source=Paul Collins Startup list
81362.  
81363. [User Manager]
81364. Number=11549
81365. Confirmed=X
81366. Filename=fcllls.exe
81367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzagabanb.html" target= blank>ZAGABAN-B</a> TROJAN!
81368. Source=Paul Collins Startup list
81369.  
81370. [User Services]
81371. Number=11550
81372. Confirmed=X
81373. Filename=usersvc.exe
81374. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092315-0645-99" target="_blank">REVCUSS.A</a> TROJAN!
81375. Source=Paul Collins Startup list
81376.  
81377. [User23.exe]
81378. Number=11551
81379. Confirmed=X
81380. Filename=DIAL.exe
81381. Description=This is a trojan trying to disguise itself as User32.dll
81382. Source=Paul Collins Startup list
81383.  
81384. [User32]
81385. Number=11552
81386. Confirmed=X
81387. Filename=[filename]
81388. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011310-3331-99" target="_blank">NETTRASH</a> TROJAN!
81389. Source=Paul Collins Startup list
81390.  
81391. [UserFaultCheck]
81392. Number=11553
81393. Confirmed=N
81394. Filename=dumprep 0 -u
81395. Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
81396. Source=Paul Collins Startup list
81397.  
81398. [Userinit]
81399. Number=11554
81400. Confirmed=X
81401. Filename=lsass.exe
81402. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertp.html" target=_blank>DLOADER-TP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files folder
81403. Source=Paul Collins Startup list
81404.  
81405. [userinit]
81406. Number=11555
81407. Confirmed=X
81408. Filename=winlogon.exe
81409. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadertp.html" target=_blank>DLOADER-TP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
81410. Source=Paul Collins Startup list
81411.  
81412. [Userinit]
81413. Number=11556
81414. Confirmed=X
81415. Filename=lsass.exe
81416. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojvirana.html" target=_blank>VIRAN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files\Common Files\System folder
81417. Source=Paul Collins Startup list
81418.  
81419. [userinit]
81420. Number=11557
81421. Confirmed=X
81422. Filename=smss.exe
81423. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrb.html" target=_blank>DLOADR-B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder
81424. Source=Paul Collins Startup list
81425.  
81426. [userinit]
81427. Number=11558
81428. Confirmed=X
81429. Filename=choo_003956f4
81430. Description=Added by the <a href="http://kr.ahnlab.com/SecuInfoVirusViewEngNew3.ahn?SEQ_NO=7344" target="_blank">PEED.16896</a> TROJAN!
81431. Source=Paul Collins Startup list
81432.  
81433. [userinit]
81434. Number=11559
81435. Confirmed=X
81436. Filename=ntos.exe
81437. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentecu.html" target="_blank">AGENT-ECU</a> TROJAN!
81438. Source=Paul Collins Startup list
81439.  
81440. [UserInit StartUp]
81441. Number=11560
81442. Confirmed=X
81443. Filename=rpcxuisu.exe
81444. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
81445. Source=Paul Collins Startup list
81446.  
81447. [userint32]
81448. Number=11561
81449. Confirmed=X
81450. Filename=userint32.exe
81451. Description=Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups
81452. Source=Paul Collins Startup list
81453.  
81454. [USERINTERFACE REPORT3R]
81455. Number=11562
81456. Confirmed=X
81457. Filename=M0USE.exe
81458. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HS" target="_blank">MYTOB.HS</a> WORM!
81459. Source=Paul Collins Startup list
81460.  
81461. [Userinterface Reporter]
81462. Number=11563
81463. Confirmed=X
81464. Filename=fuuuucktttttt.exe
81465. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdk.html" target=_blank>MYTOB-DK</a> WORM!
81466. Source=Paul Collins Startup list
81467.  
81468. [Userinterface Reporter]
81469. Number=11564
81470. Confirmed=X
81471. Filename=srv32.exe
81472. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091913-2632-99" target="_blank">ISTBar</a> adware
81473. Source=Paul Collins Startup list
81474.  
81475. [UserSystem]
81476. Number=11565
81477. Confirmed=X
81478. Filename=[filename]
81479. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#smartsearch" target=_blank>Smartsearch</a> parasite variant. Also detected as the <a href=" http://www.sophos.com/virusinfo/analyses/trojsearcha.html" target= blank>SEARCH-A</a> TROJAN!
81480. Source=Paul Collins Startup list
81481.  
81482. [ushli]
81483. Number=11566
81484. Confirmed=X
81485. Filename=sscbltqu.exe
81486. Description=Obtained from an MP3 search list site. Also generates random processes on reboot
81487. Source=Paul Collins Startup list
81488.  
81489. [usrgtway.exe]
81490. Number=11567
81491. Confirmed=X
81492. Filename=syswrun4x.exe
81493. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031315-1648-99" target="_blank">MITGLIEDER.E</a> TROJAN!
81494. Source=Paul Collins Startup list
81495.  
81496. [USRobotics 802.11g Wireless Network Utility]
81497. Number=11568
81498. Confirmed=N
81499. Filename=USRWLANG.exe
81500. Description=USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties
81501. Source=Paul Collins Startup list
81502.  
81503. [Usrobotics Online Registration]
81504. Number=11569
81505. Confirmed=N
81506. Filename=??
81507. Description=Pop-up reminding customers to register their products online at US Robotics
81508. Source=Paul Collins Startup list
81509.  
81510. [USRpdA]
81511. Number=11570
81512. Confirmed=Y
81513. Filename=USRmlnkA.exe
81514. Description=Modem driver files from US Robotics
81515. Source=Paul Collins Startup list
81516.  
81517. [Usrr]
81518. Number=11571
81519. Confirmed=X
81520. Filename=rncr.exe
81521. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
81522. Source=Paul Collins Startup list
81523.  
81524. [Usrr]
81525. Number=11572
81526. Confirmed=X
81527. Filename=rpen.exe
81528. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
81529. Source=Paul Collins Startup list
81530.  
81531. [USRSTA]
81532. Number=11573
81533. Confirmed=?
81534. Filename=USRSTA.exe
81535. Description=Wireless Card controller. <font color="#FF0000"> What does it do and is it required?</font>
81536. Source=Paul Collins Startup list
81537.  
81538. [USRSTA.EXE]
81539. Number=11574
81540. Confirmed=?
81541. Filename=USRSTA.EXE
81542. Description=Wireless Card controller. <font color="#FF0000">What does it do and is it required?</font>
81543. Source=Paul Collins Startup list
81544.  
81545. [USSShReg]
81546. Number=11575
81547. Confirmed=N
81548. Filename=USSSHREG.EXE
81549. Description=Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers
81550. Source=Paul Collins Startup list
81551.  
81552. [UStorag]
81553. Number=11576
81554. Confirmed=U
81555. Filename=ustorage.exe
81556. Description=U-Storage is application software running under Microsoft Windows, it provides functions and utility to manage STF flash drive (USB drive) for security, partition, boot-ability and recovery. See <a href="http://www.customusb.com/download/UStorageToolManual-v1.0.pdf" target=_blank>note</a>
81557.  
81558. Source=Paul Collins Startup list
81559.  
81560. [Ustorage]
81561. Number=11577
81562. Confirmed=N
81563. Filename=Ustorage.exe
81564. Description=Maintenance tool (enable security functions) for a USB drive from <a href="http://www.pretec.com" target=blank>Pretec</a>
81565. Source=Paul Collins Startup list
81566.  
81567. [Utility Ping]
81568. Number=11578
81569. Confirmed=?
81570. Filename=UTILIT~1.EXE
81571. Description=<font color="#FF0000">??</font>
81572. Source=Paul Collins Startup list
81573.  
81574. [UtilityPro]
81575. Number=11579
81576. Confirmed=N
81577. Filename=UtilityPro.exe
81578. Description=IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by <a href="http://www.buildyourowntoolbar.com/" target="_blank"> Rawhide Search Solutions</a>
81579. Source=Paul Collins Startup list
81580.  
81581. [UTILsInst]
81582. Number=11580
81583. Confirmed=Y
81584. Filename=N/A
81585. Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
81586. Source=Paul Collins Startup list
81587.  
81588. [Utopia Angel]
81589. Number=11581
81590. Confirmed=N
81591. Filename=Angel.exe
81592. Description=Calculator for the online <a href="http://games.swirve.com/utopia/" target="_blank">Utopia</a> game
81593. Source=Paul Collins Startup list
81594.  
81595. [uvnx]
81596. Number=11582
81597. Confirmed=X
81598. Filename=uvcx.exe
81599. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrawf.html" target="_blank">DLOADR-AWF</a> TROJAN!
81600. Source=Paul Collins Startup list
81601.  
81602. [uvnx]
81603. Number=11583
81604. Confirmed=X
81605. Filename=uvnx.exe
81606. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Small.cul&threatid=46155" target="_blank">SMALL.CUL</a> TROJAN!
81607. Source=Paul Collins Startup list
81608.  
81609. [UVS10 Preload]
81610. Number=11584
81611. Confirmed=U
81612. Filename=uvPL.exe
81613. Description=Related to <a href="http://www.ulead.com/vs/" target="_blank">Ulead VideoStudio</a> video editing and DVD authoring software
81614. Source=Paul Collins Startup list
81615.  
81616. [uwa7pcw]
81617. Number=11585
81618. Confirmed=N
81619. Filename=uwa7pcw.exe
81620. Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
81621. Source=Paul Collins Startup list
81622.  
81623. [uwyrl]
81624. Number=11586
81625. Confirmed=X
81626. Filename=uwyrl.exe
81627. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122717-5050-99" target=_blank>PHEL.A</a> TROJAN!
81628. Source=Paul Collins Startup list
81629.  
81630. [uwyw.exe]
81631. Number=11587
81632. Confirmed=X
81633. Filename=yujixit.exe
81634. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BGB&VSect=P" target=_blank>SDBOT.BGB</a> WORM!
81635. Source=Paul Collins Startup list
81636.  
81637. [v]
81638. Number=11588
81639. Confirmed=?
81640. Filename=WMPVer.EXE
81641. Description=Dritek System Inc. 3D Mouse related. <font color="#FF0000">Is it required?</font>
81642. Source=Paul Collins Startup list
81643.  
81644. [V.92 Modem On Hold]
81645. Number=11589
81646. Confirmed=U
81647. Filename=Ltmoh.exe
81648. Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
81649. Source=Paul Collins Startup list
81650.  
81651. [V0250Mon.exe]
81652. Number=11590
81653. Confirmed=Y
81654. Filename=V0250Mon.exe
81655. Description=Part of Creative Webcam Launcher
81656. Source=Paul Collins Startup list
81657.  
81658. [V128IID]
81659. Number=11591
81660. Confirmed=Y
81661. Filename=Rundll32.exe v128iitw.dll, STB_InitTweak
81662. Description=Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
81663. Source=Paul Collins Startup list
81664.  
81665. [V128IITV]
81666. Number=11592
81667. Confirmed=?
81668. Filename=??
81669. Description=Loads drivers for some STB graphics cards. <font color="#FF0000">May be related to such a card with a TV out option?</font>
81670. Source=Paul Collins Startup list
81671.  
81672. [V66SHELL]
81673. Number=11593
81674. Confirmed=?
81675. Filename=V66SHELL.EXE
81676. Description=<font color="#FF0000">It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?</font>
81677. Source=Paul Collins Startup list
81678.  
81679. [va10key]
81680. Number=11594
81681. Confirmed=U
81682. Filename=va10key.exe
81683. Description=Only required if you use the 10 kay bay unit with a Sony Vaio laptop
81684. Source=Paul Collins Startup list
81685.  
81686. [VaCtrls]
81687. Number=11595
81688. Confirmed=X
81689. Filename=v7
81690. Description=Added by an unidentified WORM or TROJAN!
81691. Source=Paul Collins Startup list
81692.  
81693. [Vaganza-XPloit-[User Name]"]
81694. Number=11596
81695. Confirmed=X
81696. Filename=[user name].exe
81697. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072109-3404-99" target="_blank">GAVGENT.A</a> WORM!
81698. Source=Paul Collins Startup list
81699.  
81700. [VAGCtrl]
81701. Number=11597
81702. Confirmed=Y
81703. Filename=VAGCTRL.EXE
81704. Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
81705. Source=Paul Collins Startup list
81706.  
81707. [VAGuard]
81708. Number=11598
81709. Confirmed=Y
81710. Filename=VAGNT.exe
81711. Description=<a href="http://www.centralcommand.com/windows_products.html" target="_blank">Vexira Antivirus</a> - virus scanner from Central Command
81712. Source=Paul Collins Startup list
81713.  
81714. [VAIO Action Setup (Server)]
81715. Number=11599
81716. Confirmed=U
81717. Filename=VAServ.exe
81718. Description=Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB
81719. Source=Paul Collins Startup list
81720.  
81721. [VAIO Recovery]
81722. Number=11600
81723. Confirmed=U
81724. Filename=PartSeal.exe
81725. Description=System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
81726. Source=Paul Collins Startup list
81727.  
81728. [VAIO Update 2]
81729. Number=11601
81730. Confirmed=U
81731. Filename=VAIOUpdt.exe
81732. Description=Related to Sony Vaio Update service. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
81733. Source=Paul Collins Startup list
81734.  
81735. [ValidData]
81736. Number=11602
81737. Confirmed=X
81738. Filename=[path to trojan]
81739. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070215-3839-99" target="_blank">RANKY.H</a> TROJAN!
81740. Source=Paul Collins Startup list
81741.  
81742. [valuename]
81743. Number=11603
81744. Confirmed=X
81745. Filename=svchosts.exe
81746. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
81747. Source=Paul Collins Startup list
81748.  
81749. [vb6]
81750. Number=11604
81751. Confirmed=X
81752. Filename=vb6.exe
81753. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011311-0037-99" target=_blank>MUGLY.D</a> WORM!
81754. Source=Paul Collins Startup list
81755.  
81756. [VBouncer]
81757. Number=11605
81758. Confirmed=X
81759. Filename=VirtualBouncer.exe
81760. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
81761. Source=Paul Collins Startup list
81762.  
81763. [VbouncerDL]
81764. Number=11606
81765. Confirmed=X
81766. Filename=VbouncerInner****.exe [* = random char]
81767. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
81768. Source=Paul Collins Startup list
81769.  
81770. [VbouncerDL]
81771. Number=11607
81772. Confirmed=X
81773. Filename=VBouncerInner.exe
81774. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
81775. Source=Paul Collins Startup list
81776.  
81777. [VBS.Ipnuker@mm]
81778. Number=11608
81779. Confirmed=X
81780. Filename=[worm filename].vbs
81781. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052514-5831-99" target=_blank>NUKIP</a> WORM!
81782. Source=Paul Collins Startup list
81783.  
81784. [VBS_AUTO_UPDATE]
81785. Number=11609
81786. Confirmed=X
81787. Filename=0548656X.vbs
81788. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/vbsgormleza.html" target=_blank>GORMLEZ-A</a> WORM!
81789. Source=Paul Collins Startup list
81790.  
81791. [VBundleOuterDL]
81792. Number=11610
81793. Confirmed=X
81794. Filename=BundleOuter.EXE
81795. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
81796. Source=Paul Collins Startup list
81797.  
81798. [VB_run]
81799. Number=11611
81800. Confirmed=X
81801. Filename=comctl_32.exe
81802. Description=Dubious downloader from densmail.com
81803. Source=Paul Collins Startup list
81804.  
81805. [VC5MediaPlayer]
81806. Number=11612
81807. Confirmed=X
81808. Filename=csmss.exe
81809. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dedlerb.html" target=_blank>DEDLER-B</a> WORM!
81810. Source=Paul Collins Startup list
81811.  
81812. [VC5Play]
81813. Number=11613
81814. Confirmed=N
81815. Filename=VC5Play.exe
81816. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 5. Available via Start -> Programs
81817. Source=Paul Collins Startup list
81818.  
81819. [VC6play]
81820. Number=11614
81821. Confirmed=N
81822. Filename=VC6Play.exe
81823. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 6. Available via Start -> Programs
81824. Source=Paul Collins Startup list
81825.  
81826. [VC7Play]
81827. Number=11615
81828. Confirmed=N
81829. Filename=VC7Play.exe
81830. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 7. Available via Start -> Programs
81831. Source=Paul Collins Startup list
81832.  
81833. [VC7Player]
81834. Number=11616
81835. Confirmed=N
81836. Filename=VC7Play.exe
81837. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator - version 7. Available via Start -> Programs
81838. Source=Paul Collins Startup list
81839.  
81840. [VCatch]
81841. Number=11617
81842. Confirmed=X
81843. Filename=Vcatch.exe
81844. Description=CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!
81845. Source=Paul Collins Startup list
81846.  
81847. [VCatch Premium]
81848. Number=11618
81849. Confirmed=X
81850. Filename=VCatchpre.exe
81851. Description=VCatch antivirus. Considered spyware itself - see <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=57684" target="_blank">here</a>
81852. Source=Paul Collins Startup list
81853.  
81854. [VCDPlayer]
81855. Number=11619
81856. Confirmed=N
81857. Filename=VCDPlayer.exe
81858. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
81859. Source=Paul Collins Startup list
81860.  
81861. [vcdplayx]
81862. Number=11620
81863. Confirmed=N
81864. Filename=vcdplayx.exe
81865. Description=CD emulation part of <a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
81866. Source=Paul Collins Startup list
81867.  
81868. [VCDTower]
81869. Number=11621
81870. Confirmed=U
81871. Filename=VCDTower.exe
81872. Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
81873. Source=Paul Collins Startup list
81874.  
81875. [VCDWATCH]
81876. Number=11622
81877. Confirmed=?
81878. Filename=VCDWATCH.EXE
81879. Description=<font color="#FF0000">Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?</font>
81880. Source=Paul Collins Startup list
81881.  
81882. [VCMnet11]
81883. Number=11623
81884. Confirmed=X
81885. Filename=VCMnet11.exe
81886. Description=Windows AFA Internet Enhancement - a browser hijacker, redirecting to adsourcecorp.com. See <a href="http://www.bleepingcomputer.com/forums/topic19277.html" target=_blank>here</a>
81887. Source=Paul Collins Startup list
81888.  
81889. [VCS Host]
81890. Number=11624
81891. Confirmed=X
81892. Filename=vcshost.exe
81893. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfkt.html" target="_blank">RBOT-FKT</a> WORM!
81894. Source=Paul Collins Startup list
81895.  
81896. [VCSPlayer]
81897. Number=11625
81898. Confirmed=N
81899. Filename=vcsplay.exe
81900. Description=<a href="http://www.virtualcd-online.com/" target="_blank">Virtual CD</a> drive emulator. Available via Start -> Programs
81901. Source=Paul Collins Startup list
81902.  
81903. [VCXD Settings]
81904. Number=11626
81905. Confirmed=X
81906. Filename=phqg.EXE
81907. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRF&VSect=P" target=_blank>RBOT.BRF</a> WORM!
81908. Source=Paul Collins Startup list
81909.  
81910. [VC_Log]
81911. Number=11627
81912. Confirmed=U
81913. Filename=keylog.exe
81914. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.paqkeylog.html" target="_blank">PaqKeylog</a> is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself
81915. Source=Paul Collins Startup list
81916.  
81917. [Vdat Update]
81918. Number=11628
81919. Confirmed=X
81920. Filename=lalaa.exe
81921. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
81922. Source=Paul Collins Startup list
81923.  
81924. [VDI Manager (HP)]
81925. Number=11629
81926. Confirmed=?
81927. Filename=HPO0VDX05.exe
81928. Description=<font color="#FF0000">HP (Hewlett-Packard) related. Now - what does it do?</font>
81929. Source=Paul Collins Startup list
81930.  
81931. [vdtask]
81932. Number=11630
81933. Confirmed=N
81934. Filename=vdtask.exe
81935. Description=Program part of <a href="http://www.farstone.com/software/gamedrive.htm" target="_blank">GameDrive</a> & <a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone. Not required as starting these programs load this automatically
81936. Source=Paul Collins Startup list
81937.  
81938. [Vegas Palms - Launcher]
81939. Number=11631
81940. Confirmed=N
81941. Filename=Launcher.exe
81942. Description=<a href="http://www.vegaspalms.com/" target="_blank">Vegas Palms</a> on-line cassino
81943. Source=Paul Collins Startup list
81944.  
81945. [veja_fotos.exe]
81946. Number=11632
81947. Confirmed=X
81948. Filename=veja_fotos.exe
81949. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmdropf.html" target="_blank">MDROP-F</a> TROJAN!
81950. Source=Paul Collins Startup list
81951.  
81952. [VERBATIM STORE 'N' G]
81953. Number=11633
81954. Confirmed=U
81955. Filename=verbatim store 'n' go.exe
81956. Description=Loads the driver for the <a href="http://www.verbatim.com/FOSE/" target="_blank">Verbatim</a> Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium
81957. Source=Paul Collins Startup list
81958.  
81959. [Verif]
81960. Number=11634
81961. Confirmed=X
81962. Filename=vxst.exe
81963. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOPIR.B" target="_blank">NOPIR.B</a> WORM!
81964. Source=Paul Collins Startup list
81965.  
81966. [Verizon Control Pad]
81967. Number=11635
81968. Confirmed=N
81969. Filename=cpad.exe
81970. Description=<a href="http://www.verizon.net/pands/dsl/benefits/controlpad.asp" target="_blank">Control Pad</a> - installed with Verizon DSL accounts. Tool designed to streamline the online experience
81971. Source=Paul Collins Startup list
81972.  
81973. [Verizon Online Support Center]
81974. Number=11636
81975. Confirmed=U
81976. Filename=matcli.exe
81977. Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide
81978. Source=Paul Collins Startup list
81979.  
81980. [VerizonServicepoint.exe]
81981. Number=11637
81982. Confirmed=U
81983. Filename=VerizonServicepoint.exe
81984. Description=Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager
81985. Source=Paul Collins Startup list
81986.  
81987. [vern16.dll]
81988. Number=11638
81989. Confirmed=X
81990. Filename=regsvr32.exe [path] vernn16.dll
81991. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=DailyWinner&threatid=4143" target=_blank>DailyWinner</a> adware
81992. Source=Paul Collins Startup list
81993.  
81994. [versato]
81995. Number=11639
81996. Confirmed=U
81997. Filename=versato.exe
81998. Description="Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly <a href="http://www.mic-innovations.com/display.cfm?id=Keyboards" target="_blank">Micro Innovations</a>) keyboards
81999. Source=Paul Collins Startup list
82000.  
82001. [Version]
82002. Number=11640
82003. Confirmed=X
82004. Filename=Version.exe
82005. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">JRAUN</a> adware variant
82006. Source=Paul Collins Startup list
82007.  
82008. [Version]
82009. Number=11641
82010. Confirmed=X
82011. Filename=manage.exe
82012. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">JRAUN</a> adware variant
82013. Source=Paul Collins Startup list
82014.  
82015. [version]
82016. Number=11642
82017. Confirmed=X
82018. Filename=adl_dh.exe
82019. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html" target=_blank>DealHelper</a> adware related
82020. Source=Paul Collins Startup list
82021.  
82022. [Vet Alert]
82023. Number=11643
82024. Confirmed=Y
82025. Filename=vetmsg9x.exe
82026. Description=Computer Associates "InnoculateIT" and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software
82027. Source=Paul Collins Startup list
82028.  
82029. [Vet Alert]
82030. Number=11644
82031. Confirmed=Y
82032. Filename=VETMSG.EXE
82033. Description=Computer Associates <a href="http://www.vet.com.au/" target= blank>Vet</a> Anti-Virus software
82034. Source=Paul Collins Startup list
82035.  
82036. [Vet Start Up]
82037. Number=11645
82038. Confirmed=Y
82039. Filename=vet98.exe
82040. Description=Computer Associates "InnoculateIT"  and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
82041. Source=Paul Collins Startup list
82042.  
82043. [Vet Start Up]
82044. Number=11646
82045. Confirmed=Y
82046. Filename=vet32.exe
82047. Description=Computer Associates "InnoculateIT"  and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
82048. Source=Paul Collins Startup list
82049.  
82050. [VetTray]
82051. Number=11647
82052. Confirmed=U
82053. Filename=vettray.exe
82054. Description=Computer Associates "InnoculateIT"  and <a href="http://www.vet.com.au/" target="_blank">Vet Anti-Virus</a> virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources
82055. Source=Paul Collins Startup list
82056.  
82057. [VFW Encoder/Decoder Settings]
82058. Number=11648
82059. Confirmed=X
82060. Filename=RUNDLL32.exe MSSIGN30.DLL ondll_reg
82061. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lovgatew.html" target=_blank>LOVGATE-W</a> WORM!
82062. Source=Paul Collins Startup list
82063.  
82064. [VGA Startup]
82065. Number=11649
82066. Confirmed=X
82067. Filename=vgacard.exe
82068. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
82069. Source=Paul Collins Startup list
82070.  
82071. [VgaDriver]
82072. Number=11650
82073. Confirmed=X
82074. Filename=RsrVga32.exe
82075. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogah.html" target= blank>KEYLOG-AH</a> TROJAN!
82076. Source=Paul Collins Startup list
82077.  
82078. [VGATune]
82079. Number=11651
82080. Confirmed=X
82081. Filename=VGATune.exe
82082. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawm.html" target=_blank>RBOT-AWM</a> WORM!
82083. Source=Paul Collins Startup list
82084.  
82085. [VGAUtil]
82086. Number=11652
82087. Confirmed=U
82088. Filename=G-VGA.exe
82089. Description=Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)
82090. Source=Paul Collins Startup list
82091.  
82092. [vid32cntl]
82093. Number=11653
82094. Confirmed=X
82095. Filename=vid32cntl.Exe
82096. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
82097. Source=Paul Collins Startup list
82098.  
82099. [vidcntl]
82100. Number=11654
82101. Confirmed=X
82102. Filename=vidcntl.Exe
82103. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A" target="_blank">CRYPTER.A</a> TROJAN!
82104. Source=Paul Collins Startup list
82105.  
82106. [Vidcompat]
82107. Number=11655
82108. Confirmed=X
82109. Filename=Vidcompat.exe
82110. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
82111. Source=Paul Collins Startup list
82112.  
82113. [vidctrl]
82114. Number=11656
82115. Confirmed=X
82116. Filename=vidctrl.exe
82117. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050515-5939-99" target= blank>Delfin Promulgate</a> adware variant
82118. Source=Paul Collins Startup list
82119.  
82120. [Video]
82121. Number=11657
82122. Confirmed=X
82123. Filename=explored.exe
82124. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031709-5106-99" target="_blank">GAOBOT.RF</a> WORM!
82125. Source=Paul Collins Startup list
82126.  
82127. [Video]
82128. Number=11658
82129. Confirmed=X
82130. Filename=winamp32.exe
82131. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotng.html" target=_blank>AGOBOT-NG</a> WORM!
82132.  
82133. Source=Paul Collins Startup list
82134.  
82135. [Video Card Driver (do not remove)]
82136. Number=11659
82137. Confirmed=X
82138. Filename=tsasi.exe
82139. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotef.html" target=_blank>SPYBOT-EF</a> WORM!
82140. Source=Paul Collins Startup list
82141.  
82142. [Video Lan Player]
82143. Number=11660
82144. Confirmed=X
82145. Filename=VideoLanPlayer.exe
82146. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmy.html" target=_blank>RBOT-MY</a> WORM!
82147.  
82148. Source=Paul Collins Startup list
82149.  
82150. [Video Manager]
82151. Number=11661
82152. Confirmed=X
82153. Filename=videomgr.exe
82154. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090117-1327-99" target="_blank">PANDEM.C</a> WORM!
82155. Source=Paul Collins Startup list
82156.  
82157. [Video Multimedia Driver]
82158. Number=11662
82159. Confirmed=X
82160. Filename=ndrives32.exe
82161. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdk.html" target="_blank">RBOT-DK</a> WORM!
82162. Source=Paul Collins Startup list
82163.  
82164. [Video Proces]
82165. Number=11663
82166. Confirmed=X
82167. Filename=winaps.exe
82168. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.HD&VSect=T" target=_blank>AGOBOT.HD</a> WORM!
82169. Source=Paul Collins Startup list
82170.  
82171. [Video Process]
82172. Number=11664
82173. Confirmed=X
82174. Filename=sysconf.exe
82175. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040215-3615-99" target="_blank">GAOBOT.UM</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042412-3100-99" target="_blank">GAOBOT.ADX</a> WORMS!
82176. Source=Paul Collins Startup list
82177.  
82178. [Video Process]
82179. Number=11665
82180. Confirmed=X
82181. Filename=MS32x16.exe
82182. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RH" target="_blank">RBOT.RH</a> WORM!
82183. Source=Paul Collins Startup list
82184.  
82185. [Video Process]
82186. Number=11666
82187. Confirmed=X
82188. Filename=netsvcs.exe
82189. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LH" target="_blank">AGOBOT.LH</a> WORM!
82190. Source=Paul Collins Startup list
82191.  
82192. [Video Process]
82193. Number=11667
82194. Confirmed=X
82195. Filename=MSlti64.exe
82196. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UE" target=_blank>AGOBOT.UE</a> WORM!
82197.  
82198. Source=Paul Collins Startup list
82199.  
82200. [Video Process]
82201. Number=11668
82202. Confirmed=X
82203. Filename=[random filename]
82204. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlm.html" target=_blank>RBOT-LM</a> WORM!
82205. Source=Paul Collins Startup list
82206.  
82207. [Video Process]
82208. Number=11669
82209. Confirmed=X
82210. Filename=winasp.exe
82211. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotis.html" target=_blank>AGOBOT-IS</a> WORM!
82212. Source=Paul Collins Startup list
82213.  
82214. [Video Process]
82215. Number=11670
82216. Confirmed=X
82217. Filename=msn5.exe
82218. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottw.html" target=_blank>AGOBOT-TW</a> WORM!
82219. Source=Paul Collins Startup list
82220.  
82221. [Video Process]
82222. Number=11671
82223. Confirmed=X
82224. Filename=MStli32s.exe
82225. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgad.html" target="_blank">RBOT-GAD</a> WORM!
82226. Source=Paul Collins Startup list
82227.  
82228. [Video Services]
82229. Number=11672
82230. Confirmed=X
82231. Filename=explore.exe
82232. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-051915-5730-99" target="_blank">GAOBOT.GL</a> WORM!
82233. Source=Paul Collins Startup list
82234.  
82235. [Video Services]
82236. Number=11673
82237. Confirmed=X
82238. Filename=videol_32.exe
82239. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotdm.html" target="_blank">AGOBOT-DM</a> WORM!
82240. Source=Paul Collins Startup list
82241.  
82242. [Video Services]
82243. Number=11674
82244. Confirmed=X
82245. Filename=sys32.exe
82246. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.PS" target=_blank>AGOBOT.PS</a> WORM!
82247.  
82248. Source=Paul Collins Startup list
82249.  
82250. [Videocntl]
82251. Number=11675
82252. Confirmed=X
82253. Filename=Videocntl.exe
82254. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40493" target=_blank>GEMA.D</a> TROJAN!
82255. Source=Paul Collins Startup list
82256.  
82257. [VideoDriver]
82258. Number=11676
82259. Confirmed=X
82260. Filename=[filename]
82261. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A" target="_blank">GSPOT20.A</a> TROJAN!
82262.  
82263. Source=Paul Collins Startup list
82264.  
82265. [VideoDriver]
82266. Number=11677
82267. Confirmed=X
82268. Filename=videodrv.exe
82269. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080109-2046-99" target="_blank">MIMAIL.A</a> WORM!
82270. Source=Paul Collins Startup list
82271.  
82272. [VideoDriver]
82273. Number=11678
82274. Confirmed=X
82275. Filename=gspotbot.exe
82276. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100811-5423-99" target="_blank">SPIGOT.C</a> TROJAN!
82277. Source=Paul Collins Startup list
82278.  
82279. [Videool32]
82280. Number=11679
82281. Confirmed=X
82282. Filename=VIDEOL32.EXE
82283. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EC" target="_blank">AGOBOT.EC</a> WORM!
82284. Source=Paul Collins Startup list
82285.  
82286. [videoporno.exe]
82287. Number=11680
82288. Confirmed=X
82289. Filename=videoporno.exe
82290. Description=Premium rate adult content dialer
82291. Source=Paul Collins Startup list
82292.  
82293. [Videora]
82294. Number=11681
82295. Confirmed=Y
82296. Filename=Videora.exe
82297. Description=<a href="http://www.videora.com/" target=_blank>Video Holding</a> personal video downloading program
82298.  
82299. Source=Paul Collins Startup list
82300.  
82301. [vidmon]
82302. Number=11682
82303. Confirmed=X
82304. Filename=VIDMON.EXE
82305. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775" target="_blank">Delfin Media Viewer</a> adware related
82306. Source=Paul Collins Startup list
82307.  
82308. [VidSvr]
82309. Number=11683
82310. Confirmed=N
82311. Filename=vidsvr.exe
82312. Description=MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
82313. Source=Paul Collins Startup list
82314.  
82315. [vietato.exe]
82316. Number=11684
82317. Confirmed=X
82318. Filename=vietato.exe
82319. Description=Adult content dialler
82320. Source=Paul Collins Startup list
82321.  
82322. [VIEW POINT DRIVERS]
82323. Number=11685
82324. Confirmed=X
82325. Filename=phqghum.exe
82326. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRX&VSect=T" target=_blank>RBOT.BRX</a> WORM!
82327. Source=Paul Collins Startup list
82328.  
82329. [VIEW POINT DRIVERS FOR WIN32]
82330. Number=11686
82331. Confirmed=X
82332. Filename=phqghu.exe
82333. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
82334. Source=Paul Collins Startup list
82335.  
82336. [ViewMgr]
82337. Number=11687
82338. Confirmed=N
82339. Filename=ViewMgr.exe
82340. Description=<a href="http://www.xblock.com/product_show.php?id=880" target=_blank>Viewpoint Manager</a> - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. Not recommended as Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 - read this <a href="http://www.clickz.com/showPage.html?page=3561546" target=_blank>article</a>
82341. Source=Paul Collins Startup list
82342.  
82343. [ViewpointPhotosDeviceConnect]
82344. Number=11688
82345. Confirmed=U
82346. Filename=FotomatDeviceConnect.exe
82347. Description=Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 according to <a href="http://www.clickz.com/showPage.html?page=3561546" target="_blank">this</a> article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list...
82348. Source=Paul Collins Startup list
82349.  
82350. [Vinny]
82351. Number=11689
82352. Confirmed=?
82353. Filename=??
82354. Description=<font color="#FF0000">??</font>
82355. Source=Paul Collins Startup list
82356.  
82357. [Virt.exe]
82358. Number=11690
82359. Confirmed=X
82360. Filename=Virt.exe
82361. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojremadmc.html" target=_blank>REMADM-C</a> TROJAN!
82362.  
82363. Source=Paul Collins Startup list
82364.  
82365. [VirtuaGirl]
82366. Number=11691
82367. Confirmed=U
82368. Filename=Vg.exe
82369. Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
82370. Source=Paul Collins Startup list
82371.  
82372. [VirtuaGirl2]
82373. Number=11692
82374. Confirmed=U
82375. Filename=VirtuaGirl2
82376. Description=VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
82377. Source=Paul Collins Startup list
82378.  
82379. [virtual]
82380. Number=11693
82381. Confirmed=X
82382. Filename=winit.exe
82383. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120209-3515-99" target=_blank>MUGLY.A</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120115-2618-99" target=_blank>MUGLY.B</a> WORMS!
82384. Source=Paul Collins Startup list
82385.  
82386. [virtual]
82387. Number=11694
82388. Confirmed=X
82389. Filename=winprotect.exe
82390. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121716-1922-99" target=_blank>MUGLY.C</a> WORM!
82391. Source=Paul Collins Startup list
82392.  
82393. [virtual]
82394. Number=11695
82395. Confirmed=X
82396. Filename=wini.exe
82397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyx.html" target= blank>RBOT-YX</a> WORM!
82398. Source=Paul Collins Startup list
82399.  
82400. [Virtual Access Scheduler]
82401. Number=11696
82402. Confirmed=U
82403. Filename=VASCHD32.EXE
82404. Description=The scheduler for mail and usenet tool
82405. Source=Paul Collins Startup list
82406.  
82407. [Virtual Bouncer]
82408. Number=11697
82409. Confirmed=X
82410. Filename=VirtualBouncer.exe
82411. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
82412. Source=Paul Collins Startup list
82413.  
82414. [Virtual CD v6]
82415. Number=11698
82416. Confirmed=X
82417. Filename=grplscd.exe
82418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxv.html" target=_blank>RBOT-AXV</a> WORM!
82419. Source=Paul Collins Startup list
82420.  
82421. [Virtual CD v6]
82422. Number=11699
82423. Confirmed=X
82424. Filename=[random].exe
82425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazv.html" target=_blank>RBOT-AZV</a> WORM!
82426. Source=Paul Collins Startup list
82427.  
82428. [Virtual CDROM]
82429. Number=11700
82430. Confirmed=X
82431. Filename=deamon.exe
82432. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VP" target="_blank">RBOT.VP</a> WORM!
82433. Source=Paul Collins Startup list
82434.  
82435. [Virtual Protocol]
82436. Number=11701
82437. Confirmed=X
82438. Filename=vr32.exe
82439. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
82440. Source=Paul Collins Startup list
82441.  
82442. [virtual-ie]
82443. Number=11702
82444. Confirmed=X
82445. Filename=winlogi.exe
82446. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.WinAD.h
82447. Source=Paul Collins Startup list
82448.  
82449. [virtual-machine]
82450. Number=11703
82451. Confirmed=X
82452. Filename=svchosts.exe
82453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotus.html" target=_blank>RBOT-US</a> WORM!
82454. Source=Paul Collins Startup list
82455.  
82456. [virtual-machine]
82457. Number=11704
82458. Confirmed=X
82459. Filename=winlogin.exe
82460. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvu.html" target= blank>RBOT-VU</a> WORM!
82461. Source=Paul Collins Startup list
82462.  
82463. [virtual-machine]
82464. Number=11705
82465. Confirmed=X
82466. Filename=wini.exe
82467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwr.html" target=_blank>RBOT-WR</a> WORM!
82468. Source=Paul Collins Startup list
82469.  
82470. [VirtualCloneDrive]
82471. Number=11706
82472. Confirmed=N
82473. Filename=VCDDaemon.exe
82474. Description=Virtual Clone Drive, part of <a href="http://www.elby.ch/products/clone_cd/" target="_blank">CloneCD</a> CD/DVD copying sofware. Discontinued
82475. Source=Paul Collins Startup list
82476.  
82477. [VirtualDrive]
82478. Number=11707
82479. Confirmed=N
82480. Filename=VDTask.exe
82481. Description=<a href="http://www.farstone.com/software/virtualdrive.htm" target="_blank">VirtualDrive</a> from Farstone - virtual CD drive emulator. Available via Start -> Programs
82482. Source=Paul Collins Startup list
82483.  
82484. [VirtuaReminder]
82485. Number=11708
82486. Confirmed=U
82487. Filename=VirtuaReminder.exe
82488. Description=<a href="http://www.download.com/VirtuaReminder/3000-2124_4-10153524.html" target="_blank">VirtuaReminder</a> is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc
82489. Source=Paul Collins Startup list
82490.  
82491. [Virtuele Katja]
82492. Number=11709
82493. Confirmed=U
82494. Filename=VKatja.exe
82495. Description=<a href="http://www.katja-schuurman.com/" target= blank>Virtuele Katja</a> - have an attractive moviestar parade on your Desktop and help you search the Dutch <a href="http://www.goudengids.nl/" target= blank>"Gouden Gids"</a> business directory too...
82496. Source=Paul Collins Startup list
82497.  
82498. [Virus]
82499. Number=11710
82500. Confirmed=X
82501. Filename=Anti.exe
82502. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42185" target= blank>SEENBOT.O</a> WORM!
82503. Source=Paul Collins Startup list
82504.  
82505. [Virus Protect]
82506. Number=11711
82507. Confirmed=X
82508. Filename=vrsprtc.exe
82509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapr.html" target=_blank>RBOT-APR</a> WORM!
82510. Source=Paul Collins Startup list
82511.  
82512. [Virus Removal Tool]
82513. Number=11712
82514. Confirmed=X
82515. Filename=[path to trojan]
82516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtometab.html" target=_blank>TOMETA-B</a> TROJAN!
82517. Source=Paul Collins Startup list
82518.  
82519. [Virus Scan]
82520. Number=11713
82521. Confirmed=X
82522. Filename=virscana.exe
82523. Description=Added by an unidentified VIRUS, WORM or TROJAN!
82524. Source=Paul Collins Startup list
82525.  
82526. [Virus-Burst]
82527. Number=11714
82528. Confirmed=N
82529. Filename=Virus-Burst.exe
82530. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
82531. Source=Paul Collins Startup list
82532.  
82533. [VirusBurst]
82534. Number=11715
82535. Confirmed=N
82536. Filename=VirusBurst.exe
82537. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
82538. Source=Paul Collins Startup list
82539.  
82540. [VirusCheckII]
82541. Number=11716
82542. Confirmed=X
82543. Filename=AVIRCHK.EXE
82544. Description=Added by the <a href="http://www.esecurityplanet.com/alerts/article.php/1031_1572161" target="_blank">DASMIN</a> TROJAN!
82545. Source=Paul Collins Startup list
82546.  
82547. [VirusKeeper]
82548. Number=11717
82549. Confirmed=U
82550. Filename=VirusKeeper.exe
82551. Description=<a href="http://www.viruskeeper.com/us/" target=_blank>VirusKeeper</a> uses a powerful real-time threat detection engine
82552.  
82553. Source=Paul Collins Startup list
82554.  
82555. [VirusRescue]
82556. Number=11718
82557. Confirmed=N
82558. Filename=VirusRescue.exe
82559. Description=Virus program - not recommended, see <a href="http://spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
82560. Source=Paul Collins Startup list
82561.  
82562. [VirusScan Online]
82563. Number=11719
82564. Confirmed=Y
82565. Filename=mcvsshld.exe
82566. Description=McAfee VirusScan On-line. See also the McAgentExe entry
82567. Source=Paul Collins Startup list
82568.  
82569. [VirusScanMSC]
82570. Number=11720
82571. Confirmed=?
82572. Filename=VsStat.exe
82573. Description=Part of McAfee VirusScan. <font color="#FF0000">System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required?</font>
82574. Source=Paul Collins Startup list
82575.  
82576. [VirusScanner]
82577. Number=11721
82578. Confirmed=X
82579. Filename=mnsys.exe
82580. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotafq.html" target=_blank>SDBOT-AFQ</a> WORM!
82581. Source=Paul Collins Startup list
82582.  
82583. [Virus_Scanner]
82584. Number=11722
82585. Confirmed=X
82586. Filename=Virus_Cleaner.exe
82587. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082012-0827-99" target="_blank">PANOL</a> WORM!
82588. Source=Paul Collins Startup list
82589.  
82590. [visionGS]
82591. Number=11723
82592. Confirmed=N
82593. Filename=VISIONGS.EXE
82594. Description=<a href="http://www.visiongs.com/" target="_blank">visionGS</a> webcam software
82595. Source=Paul Collins Startup list
82596.  
82597. [Vistascan]
82598. Number=11724
82599. Confirmed=N
82600. Filename=vistascan.exe
82601. Description=Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens
82602. Source=Paul Collins Startup list
82603.  
82604. [Visual Element FX5]
82605. Number=11725
82606. Confirmed=X
82607. Filename=[various filenames]
82608. Description=<a href="http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html" target=_blank>ClearStream Accelerator</a> adware
82609. Source=Paul Collins Startup list
82610.  
82611. [VisualStudio]
82612. Number=11726
82613. Confirmed=X
82614. Filename=msorunner.exe
82615. Description=Added by a variant of the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target= blank>TACTSLAY</a> TROJAN!
82616. Source=Paul Collins Startup list
82617.  
82618. [VisualTaskTips]
82619. Number=11727
82620. Confirmed=U
82621. Filename=VisualTaskTips.exe
82622. Description="<a href="http://www.visualtasktips.com/" target="_blank">Visual Task Tips</a> is a lightweight shell enhancement utility. It provides thumbnail preview image for each task in the Windows Taskbar"
82623. Source=Paul Collins Startup list
82624.  
82625. [VisualTooltip]
82626. Number=11728
82627. Confirmed=U
82628. Filename=VisualToolTip.exe
82629. Description=Related to <a href="http://chsalmon.club.fr/index.php?en/Visual-tooltip-about" target="_blank">VisualTooltip</a>. Shows a thumbnail of a window by placing the mouse cursor over a button on the taskbar
82630. Source=Paul Collins Startup list
82631.  
82632. [VITAL BOOT PROCESS]
82633. Number=11729
82634. Confirmed=X
82635. Filename=taskmngr.exe
82636. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
82637. Source=Paul Collins Startup list
82638.  
82639. [VITAL BOOT PROCESS]
82640. Number=11730
82641. Confirmed=X
82642. Filename=taskmnsgr.exe
82643. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvy.html" target=_blank>Rbot-VY</a> WORM!
82644. Source=Paul Collins Startup list
82645.  
82646. [Vital Load Process]
82647. Number=11731
82648. Confirmed=X
82649. Filename=Spoolsvr.exe
82650. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AIF&VSect=P" target=_blank>RBOT.AIF</a> WORM!
82651. Source=Paul Collins Startup list
82652.  
82653. [VividGalut]
82654. Number=11732
82655. Confirmed=X
82656. Filename=VividGalut.exe
82657. Description=Adult content related web downloader
82658. Source=Paul Collins Startup list
82659.  
82660. [vmcleaner]
82661. Number=11733
82662. Confirmed=X
82663. Filename=gxlib.exe
82664. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallhs.html" target=_blank>SMALL-HS</a> TROJAN!
82665. Source=Paul Collins Startup list
82666.  
82667. [VMConsole.exe]
82668. Number=11734
82669. Confirmed=?
82670. Filename=VMConsole.exe
82671. Description=Sony VAIO Media Console - installed on the VAIO Media Integrated Server PCs.  <font color="#FF0000">What does it do and is it required?</font>
82672. Source=Paul Collins Startup list
82673.  
82674. [VMDFW]
82675. Number=11735
82676. Confirmed=Y
82677. Filename=vmdfw.exe
82678. Description=VirusMD Personal Firewall. Vendor's Note: "VirusMD Personal Firewall is a micro-firewall and should not be use as your primary virus scanner or as your primary firewall. It does not pan-block incoming or outgoing data. Rather, is a diagnostic and therapeutic utility designed to help professionals save time and effort in eradicating Trojan horses"
82679. Source=Paul Collins Startup list
82680.  
82681. [vmlib]
82682. Number=11736
82683. Confirmed=X
82684. Filename=vmlib.exe
82685. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlowzoneaq.html" target=_blank>LOWZONE-AQ</a> TROJAN!
82686. Source=Paul Collins Startup list
82687.  
82688. [Vmmon32]
82689. Number=11737
82690. Confirmed=X
82691. Filename=vmmon32.exe
82692. Description=Browser hijacker
82693.  
82694. Source=Paul Collins Startup list
82695.  
82696. [vmnetdhcp]
82697. Number=11738
82698. Confirmed=X
82699. Filename=vmnetdhcp.exe
82700. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrgtc.html" target="_blank">DWNLDR-GTC</a> TROJAN!
82701. Source=Paul Collins Startup list
82702.  
82703. [vmsnGraber]
82704. Number=11739
82705. Confirmed=X
82706. Filename=VMSNGRABER.EXE
82707. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121617-0619-99" target=_blank>ENVID.B</a> WORM!
82708. Source=Paul Collins Startup list
82709.  
82710. [vmss]
82711. Number=11740
82712. Confirmed=X
82713. Filename=vmss.exe
82714. Description=<a href="http://www.spywareguide.com/product_show.php?id=727" target=_blank>Delfin Media Viewer</a> or "Promulgate" adware variant
82715. Source=Paul Collins Startup list
82716.  
82717. [vmtuner]
82718. Number=11741
82719. Confirmed=X
82720. Filename=gclib.exe
82721. Description=Hijacker - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Clicker.Win32.Small.fh
82722. Source=Paul Collins Startup list
82723.  
82724. [vmtuner]
82725. Number=11742
82726. Confirmed=X
82727. Filename=gglib.exe
82728. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqlowzond.html" target=_blank>QLOWZON-D</a> TROJAN!
82729. Source=Paul Collins Startup list
82730.  
82731. [VnCplUpdate]
82732. Number=11743
82733. Confirmed=X
82734. Filename=msdm.exe
82735. Description=Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in <a href="http://www.dslreports.com/forum/remark,8021632~root=security,1~mode=flat" target="_blank"> this advisory</a>
82736. Source=Paul Collins Startup list
82737.  
82738. [vnmispoisn downloader]
82739. Number=11744
82740. Confirmed=X
82741. Filename=vnmispoisn downloader.exe
82742. Description=SearchBarCash adware variant
82743. Source=Paul Collins Startup list
82744.  
82745. [VOBID]
82746. Number=11745
82747. Confirmed=U
82748. Filename=InstantDrive.exe
82749. Description=<a href="http://www.pinnaclesys.com" target="_blank">Pinnacle Systems</a> (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
82750. Source=Paul Collins Startup list
82751.  
82752. [VOBRegCheck]
82753. Number=11746
82754. Confirmed=Y
82755. Filename=VOBRegCheck.exe
82756. Description=Part of <a href="http://www.pinnaclesys.com/" target="_blank">Pinnacle Systems</a> InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled
82757. Source=Paul Collins Startup list
82758.  
82759. [VoiceCenter]
82760. Number=11747
82761. Confirmed=U
82762. Filename=AndreaVC.exe
82763. Description=Related to <a href="http://www.andreaelectronics.com/" target="_blank">Andrea's Superbeam</a> microphone utility
82764. Source=Paul Collins Startup list
82765.  
82766. [voip phone]
82767. Number=11748
82768. Confirmed=U
82769. Filename=voip phone.exe
82770. Description=Related to Acer Bluetooth VoIP phone - as optionally supplied with some of their notebooks such as the <a href="http://global.acer.com/products/notebook/tm8200.htm" target="_blank">TravelMate 8200</a>
82771. Source=Paul Collins Startup list
82772.  
82773. [VoipBuster]
82774. Number=11749
82775. Confirmed=N
82776. Filename=VoipBuster.exe
82777. Description=<a href="http://www.voipbuster.com/en/index.html" target=_blank>VoipBuster</a> - voice over the internet service. If you are calling a land line in one of their free destinations listed, the call will be placed at no costs at all. For all other calls, you will be asked to buy credits first
82778. Source=Paul Collins Startup list
82779.  
82780. [VolPanel]
82781. Number=11750
82782. Confirmed=U
82783. Filename=VolPanel.exe
82784. Description=Related to <a href="http://www.creative.com/" target=_blank>Creative</a> Sound Blaster X-Fi
82785.  
82786. Source=Paul Collins Startup list
82787.  
82788. [Voltage Manager]
82789. Number=11751
82790. Confirmed=X
82791. Filename=[random filename]
82792. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040514-2341-99" target=_blank>DREFFORT</a> WORM!
82793. Source=Paul Collins Startup list
82794.  
82795. [Volume Controller]
82796. Number=11752
82797. Confirmed=X
82798. Filename=VolumeControl.exe
82799. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYI&VSect=T" target=_blank>SDBOT.AYI</a> WORM!
82800. Source=Paul Collins Startup list
82801.  
82802. [Vonage]
82803. Number=11753
82804. Confirmed=U
82805. Filename=click2call.exe
82806. Description=<a href="http://www.vonage.com/index.php" target=_blank>Vonage</a> Voice over IP Internet phone service
82807. Source=Paul Collins Startup list
82808.  
82809. [VoodooBanshee]
82810. Number=11754
82811. Confirmed=U
82812. Filename=rundll32.exe 3DBBps.dll, BansheeLoadSettings
82813. Description=Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not 
82814. Source=Paul Collins Startup list
82815.  
82816. [voowsmcr]
82817. Number=11755
82818. Confirmed=?
82819. Filename=huhdir.exe
82820. Description=<font color="#FF0000">??</font>
82821. Source=Paul Collins Startup list
82822.  
82823. [Vortex Tray]
82824. Number=11756
82825. Confirmed=N
82826. Filename=asp4setp.exe
82827. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
82828. Source=Paul Collins Startup list
82829.  
82830. [VortexTray]
82831. Number=11757
82832. Confirmed=N
82833. Filename=au30setp.exe
82834. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
82835. Source=Paul Collins Startup list
82836.  
82837. [VortexTray]
82838. Number=11758
82839. Confirmed=N
82840. Filename=asp4tray.exe
82841. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
82842. Source=Paul Collins Startup list
82843.  
82844. [VortexTray]
82845. Number=11759
82846. Confirmed=N
82847. Filename=asp4setp.exe
82848. Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
82849. Source=Paul Collins Startup list
82850.  
82851. [VoyetraTray]
82852. Number=11760
82853. Confirmed=N
82854. Filename=vtray.exe
82855. Description=This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
82856. Source=Paul Collins Startup list
82857.  
82858. [VPCUserServices]
82859. Number=11761
82860. Confirmed=U
82861. Filename=VMUSrvc.exe
82862. Description=Part of <a href="http://support.microsoft.com/?kbid=833146" target= blank>"DOS Virtual Machine Additions"</a> for Microsoft <a href="http://www.microsoft.com/windows/virtualpc/default.mspx" target= blank>Virtual PC</a>, software virtualization software that allows you to run multiple PC-based operating systems simultaneously on one workstation. This process provides additional functionalities such as Shared Folders
82863. Source=Paul Collins Startup list
82864.  
82865. [Vpop3 Mail Server]
82866. Number=11762
82867. Confirmed=U
82868. Filename=vpop3.exe
82869. Description=Mail server from <a href="http://www.vpop3.co.uk" target="_blank">Paul Smith Computer Services</a>. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!
82870. Source=Paul Collins Startup list
82871.  
82872. [vptray]
82873. Number=11763
82874. Confirmed=U
82875. Filename=vptray.exe
82876. Description=System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer <a href="http://groups.google.com/group/novell.support.os.client.win9x/msg/c4b794b9572a69b8?q=vptray.exe%2BNorton&hl=en&safe=off&rnum=1&ic=1" target="_blank">here</a>
82877. Source=Paul Collins Startup list
82878.  
82879. [Vrmon]
82880. Number=11764
82881. Confirmed=Y
82882. Filename=vrmonnt.exe
82883. Description=<a href="http://www.globalhauri.com" target="_blank">HAURI</a> Anti-Virus
82884. Source=Paul Collins Startup list
82885.  
82886. [VrSchedule]
82887. Number=11765
82888. Confirmed=Y
82889. Filename=Vrres.exe
82890. Description=<a href="http://www.globalhauri.com" target="_blank">HAURI</a> Anti-Virus
82891. Source=Paul Collins Startup list
82892.  
82893. [VS.VSN]
82894. Number=11766
82895. Confirmed=Y
82896. Filename=
82897. Description=Part of <a href="http://www.esafe.com/esafe/default.asp?cf=tl" target="_blank">eSafe</a> antivirus "SmartScan" - alerts the user if files have been changed/added
82898. Source=Paul Collins Startup list
82899.  
82900. [vsadmin]
82901. Number=11767
82902. Confirmed=X
82903. Filename=smrs.exe
82904. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrc.html" target= blank>AGOBOT-RC</a> WORM!
82905. Source=Paul Collins Startup list
82906.  
82907. [Vsample]
82908. Number=11768
82909. Confirmed=X
82910. Filename=winxpsock.exe
82911. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BLK" target=_blank>SDBOT.BLK</a> WORM!
82912. Source=Paul Collins Startup list
82913.  
82914. [vscanner]
82915. Number=11769
82916. Confirmed=X
82917. Filename=spooll32.exe
82918. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.10" target="_blank">OPTIXPRO.10</a> TROJAN!
82919. Source=Paul Collins Startup list
82920.  
82921. [vschost]
82922. Number=11770
82923. Confirmed=X
82924. Filename=vschosts.exe
82925. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvipsya.html" target=_blank>VIPSY-A</a> TROJAN!
82926. Source=Paul Collins Startup list
82927.  
82928. [VsEcomrEXE]
82929. Number=11771
82930. Confirmed=N
82931. Filename=VSECOMR.EXE
82932. Description=From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts
82933. Source=Paul Collins Startup list
82934.  
82935. [Vshwin32EXE]
82936. Number=11772
82937. Confirmed=Y
82938. Filename=VSHWIN32.EXE
82939. Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
82940. Source=Paul Collins Startup list
82941.  
82942. [VSN]
82943. Number=11773
82944. Confirmed=N
82945. Filename=VSN.exe
82946. Description=Software to share photographs across the internet
82947. Source=Paul Collins Startup list
82948.  
82949. [vsnpstd3]
82950. Number=11774
82951. Confirmed=Y
82952. Filename=vsnpstd3.exe
82953. Description=<a href="http://www.sonix.com/" target=_blank>Sonix Inc.</a> Camera Monitor MFC Application
82954. Source=Paul Collins Startup list
82955.  
82956. [VSOCheckTask]
82957. Number=11775
82958. Confirmed=Y
82959. Filename=MCMNHDLR.EXE
82960. Description=Part of McAfee's <a href="http://us.mcafee.com/root/product.asp?productid=msc" target="_blank"> SecurityCenter</a> and Virusscan Online. Must be enabled for scanning to work
82961. Source=Paul Collins Startup list
82962.  
82963. [VSP32 Controls]
82964. Number=11776
82965. Confirmed=X
82966. Filename=vsp32.exe
82967. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotva.html" target="_blank">RBOT-VA</a> WORM!
82968. Source=Paul Collins Startup list
82969.  
82970. [vspdfprsrv.exe]
82971. Number=11777
82972. Confirmed=N
82973. Filename=vspdfprsrv.exe
82974. Description=<a href="http://www.visagesoft.com/pdfprinter/" target="_blank">Visage PDF Printer</a>
82975. Source=Paul Collins Startup list
82976.  
82977. [VsStatEXE]
82978. Number=11778
82979. Confirmed=Y
82980. Filename=VSSTAT.EXE
82981. Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
82982. Source=Paul Collins Startup list
82983.  
82984. [vst]
82985. Number=11779
82986. Confirmed=X
82987. Filename=vstkmgr.exe
82988. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SK" target="_blank">AGOBOT.SK</a> WORM!
82989. Source=Paul Collins Startup list
82990.  
82991. [vTPass]
82992. Number=11780
82993. Confirmed=N
82994. Filename=vtpassld.exe
82995. Description=Part of <a href="http://tim.oreilly.com/pub/d/309" target="_blank">vTrails</a> - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file
82996. Source=Paul Collins Startup list
82997.  
82998. [VTPreset]
82999. Number=11781
83000. Confirmed=U
83001. Filename=VTPreset.exe
83002. Description=Savage Pro S3 graphics software
83003. Source=Paul Collins Startup list
83004.  
83005. [VTTimer]
83006. Number=11782
83007. Confirmed=U
83008. Filename=VTTimer.exe
83009. Description=Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication
83010. Source=Paul Collins Startup list
83011.  
83012. [vTunerStartUp]
83013. Number=11783
83014. Confirmed=N
83015. Filename=vTuner.exe
83016. Description=<a href="http://www.vtuner.com/" target="_blank">vTuner</a> - "an easy way to find and listen to radio and TV broadcasts over the Internet"
83017. Source=Paul Collins Startup list
83018.  
83019. [vuaaa]
83020. Number=11784
83021. Confirmed=X
83022. Filename=reg.exe
83023. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
83024. Source=Paul Collins Startup list
83025.  
83026. [VVSN]
83027. Number=11785
83028. Confirmed=X
83029. Filename=VVSN.exe
83030. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
83031. Source=Paul Collins Startup list
83032.  
83033. [VX Audio]
83034. Number=11786
83035. Confirmed=X
83036. Filename=vxaudio.exe
83037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vanebotai.html" target="_blank">VANEBOT-AI</a> WORM!
83038. Source=Paul Collins Startup list
83039.  
83040. [VX1000]
83041. Number=11787
83042. Confirmed=?
83043. Filename=vVX1000.exe
83044. Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
83045. Source=Paul Collins Startup list
83046.  
83047. [VX3000]
83048. Number=11788
83049. Confirmed=?
83050. Filename=vVX3000.exe
83051. Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/productdetails.aspx?pid=002" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
83052. Source=Paul Collins Startup list
83053.  
83054. [VX6000]
83055. Number=11789
83056. Confirmed=?
83057. Filename=vVX6000.exe 
83058. Description=Associated with Microsoft's <a href="http://www.microsoft.com/hardware/digitalcommunication/Productlist.aspx?type=LifeCam" target="_blank">VX-1000 LifeCam</a> webcams. <font color="#FF0000">What does it do and is it required?</font>
83059. Source=Paul Collins Startup list
83060.  
83061. [VZAccess Manager]
83062. Number=11790
83063. Confirmed=U
83064. Filename=VZAccess Manager.exe
83065. Description=Verizon Access manager for enterprises
83066. Source=Paul Collins Startup list
83067.  
83068. [VZRemoteCommander]
83069. Number=11791
83070. Confirmed=U
83071. Filename=AvRmtCtr.exe
83072. Description=Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be  terminated unless suspected to be causing problems
83073. Source=Paul Collins Startup list
83074.  
83075. [W1N32.DLL]
83076. Number=11792
83077. Confirmed=X
83078. Filename=WINLOGON .exe
83079. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPERFL.A" target="_blank">DROPPERFL.A</a> TROJAN!
83080. Source=Paul Collins Startup list
83081.  
83082. [w32]
83083. Number=11793
83084. Confirmed=X
83085. Filename=w32.exe
83086. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092214-2730-99" target="_blank">SOKEVEN</a> TROJAN!
83087. Source=Paul Collins Startup list
83088.  
83089. [W32.Scran]
83090. Number=11794
83091. Confirmed=X
83092. Filename=Scran.exe
83093. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101622-4200-99" target=_blank>NARCS</a> WORM!
83094. Source=Paul Collins Startup list
83095.  
83096. [w32alanis]
83097. Number=11795
83098. Confirmed=X
83099. Filename=mope.scr
83100. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111213-1819-99" target="_blank">SINALA</a> WORM!
83101. Source=Paul Collins Startup list
83102.  
83103. [W32data]
83104. Number=11796
83105. Confirmed=X
83106. Filename=eworo.exe
83107. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
83108. Source=Paul Collins Startup list
83109.  
83110. [W32Load]
83111. Number=11797
83112. Confirmed=X
83113. Filename=[random filename].scr
83114. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091106-5456-99" target="_blank">CASPID</a> WORM!
83115. Source=Paul Collins Startup list
83116.  
83117. [W32PluginsDownloaderXMLHTTPSelfClearing7520]
83118. Number=11798
83119. Confirmed=X
83120. Filename=wiper.exe
83121. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproxyserm.html" target=_blank>PROXYSER-M</a> TROJAN!
83122. Source=Paul Collins Startup list
83123.  
83124. [w32sup]
83125. Number=11799
83126. Confirmed=X
83127. Filename=w32sup.exe
83128. Description=Adult content dialler
83129. Source=Paul Collins Startup list
83130.  
83131. [W32SYS]
83132. Number=11800
83133. Confirmed=X
83134. Filename=w32sys.exe
83135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32jambua.html" target="_blank">JAMBU-A</a> WORM!
83136. Source=Paul Collins Startup list
83137.  
83138. [W32Tc]
83139. Number=11801
83140. Confirmed=X
83141. Filename=WTC32.scr
83142. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-031914-5203-99" target="_blank">VOTE.D</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090509-5911-99" target="_blank"> VOTE.K</a> WORMS!
83143. Source=Paul Collins Startup list
83144.  
83145. [W3KNetwork]
83146. Number=11802
83147. Confirmed=X
83148. Filename=rundll32.exe w3knet.dll, dllinitrun
83149. Description=Advertising spyware. Check <a href="http://www.safersite.com/PestInfo/Web3000.asp" target="_blank">here</a> for more info on this particular one
83150. Source=Paul Collins Startup list
83151.  
83152. [W75P2PSERVER]
83153. Number=11803
83154. Confirmed=Y
83155. Filename=W75P2PS.EXE
83156. Description=Printer utility which is required in order to make the printer work correctly
83157. Source=Paul Collins Startup list
83158.  
83159. [W815DM]
83160. Number=11804
83161. Confirmed=U
83162. Filename=W815DM.exe
83163. Description=Enuff Parental Control Software by <a href="http://www.akrontech.com/" target=_blank>Akrontech</a>
83164. Source=Paul Collins Startup list
83165.  
83166. [w98Eject]
83167. Number=11805
83168. Confirmed=U
83169. Filename=w98Eject.exe
83170. Description=Related to USB support for <a href="http://www.sigmatel.com/products/audio-decoder.htm" target= blank>Sigmatel</a> MP3 audio palyer (and others such as SanDisk). It's intent is to "put away" the "disk" before you unplug it from the USB port, ostensibly to avoid "losing" data
83171. Source=Paul Collins Startup list
83172.  
83173. [wait4IP]
83174. Number=11806
83175. Confirmed=U
83176. Filename=wait4IP.exe
83177. Description=Packard Bell <a href="http://support.packardbell.com/uk/item/index.php?m=step3&i=platform_net2plug" target="_blank">net2Plug</a> allows you to network PCs anywhere in your house
83178. Source=Paul Collins Startup list
83179.  
83180. [wallchgr.exe wstart]
83181. Number=11807
83182. Confirmed=U
83183. Filename=Wallchgr.exe
83184. Description=<a href="http://www.bluetreesoft.com/wall_features.html" target=_blank>WallChanger</a> - wallpaper changer from Blue Tree Software
83185. Source=Paul Collins Startup list
83186.  
83187. [WallPaper]
83188. Number=11808
83189. Confirmed=X
83190. Filename=taskimgr.exe
83191. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergx.html" target=_blank>BANKER-GX</a> TROJAN!
83192. Source=Paul Collins Startup list
83193.  
83194. [WallPaper]
83195. Number=11809
83196. Confirmed=U
83197. Filename=WALLPA~1.EXE
83198. Description=<a href="http://www.wallpaperchanger.de/" target=_blank>Wallpaper Changer</a> - wallpaper manager that can change your background images on every startup
83199.  
83200. Source=Paul Collins Startup list
83201.  
83202. [WallpaperChanger]
83203. Number=11810
83204. Confirmed=U
83205. Filename=Wallpaper.exe
83206. Description=A wallpaper changer and manager utility. There is the Freeware version and the Pro version. The freeware version is completely free. The Pro version is 30-day trialware, and after the 30 days some of the more advanced features will be disabled unless you register it
83207.  
83208. Source=Paul Collins Startup list
83209.  
83210. [Wanadoo Messenger.exe]
83211. Number=11811
83212. Confirmed=N
83213. Filename=Wanadoo Messenger.exe
83214. Description=Wanadoo ISP instant messenger client
83215. Source=Paul Collins Startup list
83216.  
83217. [WanMPSvc]
83218. Number=11812
83219. Confirmed=Y
83220. Filename=WanMPSvc.exe
83221. Description=An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesn't help
83222. Source=Paul Collins Startup list
83223.  
83224. [WAPI]
83225. Number=11813
83226. Confirmed=X
83227. Filename=wts**.exe [* = random char]
83228. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
83229. Source=Paul Collins Startup list
83230.  
83231. [War FTPD Tray Icon]
83232. Number=11814
83233. Confirmed=N
83234. Filename=wartray.exe
83235. Description=<a href="http://www.warftp.org/" target="_blank">War-ftpd</a> - FTP server
83236. Source=Paul Collins Startup list
83237.  
83238. [war-ftpd.exe]
83239. Number=11815
83240. Confirmed=N
83241. Filename=WAR-FTPD.EXE
83242. Description=<a href="http://www.jgaa.com/index.php?menu=154" target="_blank">War FTP Daemon</a> from JGAA's Internet - FTP client
83243. Source=Paul Collins Startup list
83244.  
83245. [Wardo]
83246. Number=11816
83247. Confirmed=X
83248. Filename=syslaunch.exe
83249. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102409-0427-99" target="_blank">ADCLICKER.G</a> TROJAN!
83250. Source=Paul Collins Startup list
83251.  
83252. [WareOut]
83253. Number=11817
83254. Confirmed=X
83255. Filename=WareOut.exe
83256. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
83257. Source=Paul Collins Startup list
83258.  
83259. [warez]
83260. Number=11818
83261. Confirmed=N
83262. Filename=warez.exe
83263. Description=<a href="http://www.warez.com/" target="_blank">Warez</a> P2P client
83264. Source=Paul Collins Startup list
83265.  
83266. [Warner]
83267. Number=11819
83268. Confirmed=U
83269. Filename=warner.exe
83270. Description=Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files
83271. Source=Paul Collins Startup list
83272.  
83273. [Warnet]
83274. Number=11820
83275. Confirmed=U
83276. Filename=warnet.exe
83277. Description=Warnet - system cleanup software
83278. Source=Paul Collins Startup list
83279.  
83280. [Warning: do not remove it!]
83281. Number=11821
83282. Confirmed=U
83283. Filename=fpplock.exe
83284. Description=Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"
83285. Source=Paul Collins Startup list
83286.  
83287. [Warning: do not remove it! (system)]
83288. Number=11822
83289. Confirmed=Y
83290. Filename=cfpsys.exe
83291. Description=<a href="http://www.protect-folders.com/" target=_blank>Folder Password Protect</a> - a program that lets you set a password on folders of your choice
83292. Source=Paul Collins Startup list
83293.  
83294. [WarReg_PopUp]
83295. Number=11823
83296. Confirmed=N
83297. Filename=WarReg_PopUp.exe
83298. Description=Acer warranty registration popup
83299. Source=Paul Collins Startup list
83300.  
83301. [WARSVR]
83302. Number=11824
83303. Confirmed=N
83304. Filename=war-ftpd.exe
83305. Description="<a href="http://www.jgaa.com/index.php?menu=154&PHPSESSID=5e40946a3f777b0446aa51537bf27f9f" target="_blank">War FTP Daemon</a> - the original free FTP server for windows"
83306. Source=Paul Collins Startup list
83307.  
83308. [WashAndGo - Cleanup of old Backupfiles]
83309. Number=11825
83310. Confirmed=U
83311. Filename=checker.exe
83312. Description=<a href="http://www.abelssoft.com/washandgo.htm" target="_blank">WashAndGo</a> - temp file cleaner
83313. Source=Paul Collins Startup list
83314.  
83315. [Washer]
83316. Number=11826
83317. Confirmed=U
83318. Filename=washer.exe
83319. Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
83320. Source=Paul Collins Startup list
83321.  
83322. [Washerie.exe]
83323. Number=11827
83324. Confirmed=N
83325. Filename=washerie.exe
83326. Description=Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs
83327. Source=Paul Collins Startup list
83328.  
83329. [washindex]
83330. Number=11828
83331. Confirmed=U
83332. Filename=washidx.exe
83333. Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
83334. Source=Paul Collins Startup list
83335.  
83336. [Wast]
83337. Number=11829
83338. Confirmed=X
83339. Filename=wast.exe
83340. Description=Grokster ads updater
83341. Source=Paul Collins Startup list
83342.  
83343. [Watch]
83344. Number=11830
83345. Confirmed=N
83346. Filename=watch.exe
83347. Description=Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
83348. Source=Paul Collins Startup list
83349.  
83350. [Watch]
83351. Number=11831
83352. Confirmed=U
83353. Filename=1200UBWATCH.EXE
83354. Description=Button press monitor for the Mustek 1200 UB Scanner
83355. Source=Paul Collins Startup list
83356.  
83357. [Watch Dog Program]
83358. Number=11832
83359. Confirmed=N
83360. Filename=watchdog.exe
83361. Description=For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
83362. Source=Paul Collins Startup list
83363.  
83364. [Watchdog]
83365. Number=11833
83366. Confirmed=N
83367. Filename=Watchdog.exe
83368. Description=Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage
83369. Source=Paul Collins Startup list
83370.  
83371. [WatchDog]
83372. Number=11834
83373. Confirmed=?
83374. Filename=watchdog.exe
83375. Description=Part of Motorola "Mobile Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of Program Files
83376. Source=Paul Collins Startup list
83377.  
83378. [WatchDog]
83379. Number=11835
83380. Confirmed=?
83381. Filename=DVDCheck.exe
83382. Description=Related to an <a href="http://www.intervideo.com/jsp/Home.jsp" target=_blank>Intervideo</a> program. <font color="#FF0000">What does it do and is it required in startup?</font>
83383. Source=Paul Collins Startup list
83384.  
83385. [WaveTop Launcher]
83386. Number=11836
83387. Confirmed=N
83388. Filename=WaveTop.exe
83389. Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
83390. Source=Paul Collins Startup list
83391.  
83392. [WaveTop Receiver 1]
83393. Number=11837
83394. Confirmed=N
83395. Filename=N/A
83396. Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
83397. Source=Paul Collins Startup list
83398.  
83399. [WaveTop Receiver 2]
83400. Number=11838
83401. Confirmed=N
83402. Filename=N/A
83403. Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
83404. Source=Paul Collins Startup list
83405.  
83406. [WaveTop Upload Manager]
83407. Number=11839
83408. Confirmed=N
83409. Filename=N/A
83410. Description=<a href="http://www.aitech.com/support/specialtechnlgs.htm" target="_blank">WaveTop</a> - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
83411. Source=Paul Collins Startup list
83412.  
83413. [Wbiff]
83414. Number=11840
83415. Confirmed=N
83416. Filename=Wbiff.exe
83417. Description=<a href="http://tucows.mundofree.com/winme/preview/137365.html" target="_blank">Wbiff!</a> E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received
83418. Source=Paul Collins Startup list
83419.  
83420. [Wbutton]
83421. Number=11841
83422. Confirmed=U
83423. Filename=Wbutton.exe
83424. Description=Turns on and off the integrated WiFi on Acer (and other laptops)
83425. Source=Paul Collins Startup list
83426.  
83427. [WCESCOMM]
83428. Number=11842
83429. Confirmed=N
83430. Filename=WCESCOMM.EXE
83431. Description=Active sync for use with Windows CE based palm PC
83432. Source=Paul Collins Startup list
83433.  
83434. [WCESMngr]
83435. Number=11843
83436. Confirmed=X
83437. Filename=spoolsb.exe
83438. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqz.html" target= blank>AGOBOT-QZ</a> WORM!
83439. Source=Paul Collins Startup list
83440.  
83441. [WCESMngr]
83442. Number=11844
83443. Confirmed=X
83444. Filename=WCEMNGR.EXE
83445. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotqx.html" target= blank>AGOBOT-QX</a> WORM!
83446. Source=Paul Collins Startup list
83447.  
83448. [wcmdmgr]
83449. Number=11845
83450. Confirmed=U
83451. Filename=wcmdmgrl.exe
83452. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
83453.  
83454. Source=Paul Collins Startup list
83455.  
83456. [wcmdmgr.exe]
83457. Number=11846
83458. Confirmed=N
83459. Filename=wcmdmgr.exe
83460. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
83461. Source=Paul Collins Startup list
83462.  
83463. [wcmdmgrl]
83464. Number=11847
83465. Confirmed=U
83466. Filename=wcmdmgrl.exe
83467. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
83468. Source=Paul Collins Startup list
83469.  
83470. [WCOLOREAL]
83471. Number=11848
83472. Confirmed=U
83473. Filename=coloreal.exe
83474. Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors
83475. Source=Paul Collins Startup list
83476.  
83477. [WCPC]
83478. Number=11849
83479. Confirmed=?
83480. Filename=wintsvcc.exe
83481. Description=<font color="#FF0000">??</font>
83482. Source=Paul Collins Startup list
83483.  
83484. [WCPI]
83485. Number=11850
83486. Confirmed=X
83487. Filename=wintsvit.exe
83488. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
83489. Source=Paul Collins Startup list
83490.  
83491. [WCPS]
83492. Number=11851
83493. Confirmed=X
83494. Filename=Wint**.exe [* = random char]
83495. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
83496. Source=Paul Collins Startup list
83497.  
83498. [WCPT]
83499. Number=11852
83500. Confirmed=X
83501. Filename=wintsvtr.exe
83502. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
83503. Source=Paul Collins Startup list
83504.  
83505. [wcsys]
83506. Number=11853
83507. Confirmed=X
83508. Filename=wcsys.exe
83509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogap.html" target=_blank>KEYLOG-AP</a> TROJAN!
83510. Source=Paul Collins Startup list
83511.  
83512. [WD Button Manager]
83513. Number=11854
83514. Confirmed=U
83515. Filename=WDBtnMgr.exe
83516. Description=Button manager installed with a western digital external disk drive. Allows you to back up your system with one click
83517.  
83518. Source=Paul Collins Startup list
83519.  
83520. [wdfmgr32.exe]
83521. Number=11855
83522. Confirmed=X
83523. Filename=wdfmgr32.exe
83524. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfvl.html" target="_blank">DWNLDR-FVL</a> TROJAN!
83525. Source=Paul Collins Startup list
83526.  
83527. [WDInfo]
83528. Number=11856
83529. Confirmed=X
83530. Filename=wdinfo.exe
83531. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091104-3134-99" target=_blank>DLUCA.B</a> TROJAN!
83532. Source=Paul Collins Startup list
83533.  
83534. [WDNS SYSTEM]
83535. Number=11857
83536. Confirmed=X
83537. Filename=nibie.exe
83538. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
83539. Source=Paul Collins Startup list
83540.  
83541. [WDNS SYSTEM]
83542. Number=11858
83543. Confirmed=X
83544. Filename=skybotx.exe
83545. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
83546. Source=Paul Collins Startup list
83547.  
83548. [WDNS SYSTEM]
83549. Number=11859
83550. Confirmed=X
83551. Filename=wdns33.exe
83552. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
83553. Source=Paul Collins Startup list
83554.  
83555. [wdskctl]
83556. Number=11860
83557. Confirmed=X
83558. Filename=wdskctl.exe
83559. Description=IEPlugin spyware
83560. Source=Paul Collins Startup list
83561.  
83562. [wdwctrl]
83563. Number=11861
83564. Confirmed=X
83565. Filename=wdwctrl.exe
83566. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052717-5121-99" target="_blank">DLUCA.E</a> TROJAN!
83567. Source=Paul Collins Startup list
83568.  
83569. [WEATHER]
83570. Number=11862
83571. Confirmed=N
83572. Filename=WEATHER.EXE
83573. Description=Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
83574. Source=Paul Collins Startup list
83575.  
83576. [WeatherCast]
83577. Number=11863
83578. Confirmed=N
83579. Filename=Weather.exe
83580. Description=Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
83581. Source=Paul Collins Startup list
83582.  
83583. [WeatherOnTray]
83584. Number=11864
83585. Confirmed=X
83586. Filename=WeatherOnTray.exe
83587. Description=<a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target="_blank">Hotbar's</a> Weather Forecast tool for your desktop - adware
83588. Source=Paul Collins Startup list
83589.  
83590. [WeatherOnTray]
83591. Number=11865
83592. Confirmed=X
83593. Filename=SbWeatherOnTray.exe
83594. Description=Related to <a href="http://sarc.com/avcenter/venc/data/adware.hotbar.html" target=_blank>Hotbar's</a> Weather Forecast tool for your desktop
83595. Source=Paul Collins Startup list
83596.  
83597. [Weatherscope]
83598. Number=11866
83599. Confirmed=N
83600. Filename=Weatherscope.exe
83601. Description=WeatherScope - "displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!" Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
83602. Source=Paul Collins Startup list
83603.  
83604. [WeatherWatcher]
83605. Number=11867
83606. Confirmed=N
83607. Filename=ww.exe
83608. Description=<a href="http://www.singerscreations.com/AboutWeatherWatcher.html" target="_blank">WeatherWatcher</a> - weather reporting in the System Tray
83609. Source=Paul Collins Startup list
83610.  
83611. [web]
83612. Number=11868
83613. Confirmed=X
83614. Filename=******.exe [* = random char]
83615. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
83616. Source=Paul Collins Startup list
83617.  
83618. [WEB DRIVERS FOR WIN32]
83619. Number=11869
83620. Confirmed=X
83621. Filename=phqgh.exe
83622. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
83623. Source=Paul Collins Startup list
83624.  
83625. [Web Offer]
83626. Number=11870
83627. Confirmed=X
83628. Filename=ezPopStub.exe
83629. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
83630. Source=Paul Collins Startup list
83631.  
83632. [Web Offer]
83633. Number=11871
83634. Confirmed=X
83635. Filename=ezStub.exe
83636. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
83637. Source=Paul Collins Startup list
83638.  
83639. [Web Offer]
83640. Number=11872
83641. Confirmed=X
83642. Filename=EZSTUB22.EXE
83643. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
83644. Source=Paul Collins Startup list
83645.  
83646. [Web Offer]
83647. Number=11873
83648. Confirmed=X
83649. Filename=vl_ezstub.exe
83650. Description=eZula <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=eZula.TopText&threatid=5117" target="_blank">TopText</a> adware
83651. Source=Paul Collins Startup list
83652.  
83653. [Web Search]
83654. Number=11874
83655. Confirmed=?
83656. Filename=??
83657. Description=<font color="#FF0000">??</font>
83658. Source=Paul Collins Startup list
83659.  
83660. [Web Service]
83661. Number=11875
83662. Confirmed=X
83663. Filename=[random filename].exe
83664. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011909-1557-99" target=_blank>ADMINCASH</a> TROJAN!
83665. Source=Paul Collins Startup list
83666.  
83667. [Web Service]
83668. Number=11876
83669. Confirmed=X
83670. Filename=sm.exe
83671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bubef.html" target=_blank>BUBE-F</a> VIRUS!
83672. Source=Paul Collins Startup list
83673.  
83674. [Web Service]
83675. Number=11877
83676. Confirmed=X
83677. Filename=MSXMIDI.EXE
83678. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant, identified by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> as TrojanDropper.Win32.Small.cw
83679. Source=Paul Collins Startup list
83680.  
83681. [Web2Pop]
83682. Number=11878
83683. Confirmed=U
83684. Filename=Web2Pop.exe
83685. Description=<a href="http://www.jmasoftware.com/english/products/web2pop/index.html" target=_blank>Web2Pop</a> allows you to retrieve your web-based accounts messages to read them in your favorite e-mail client
83686. Source=Paul Collins Startup list
83687.  
83688. [web3trap]
83689. Number=11879
83690. Confirmed=Y
83691. Filename=web3trap.exe
83692. Description=PC-Cillin 2000 anti-virus software -> ActiveX filter. Guards against malicious ActiveX programs, etc 
83693. Source=Paul Collins Startup list
83694.  
83695. [webalize]
83696. Number=11880
83697. Confirmed=X
83698. Filename=webalize.exe
83699. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
83700. Source=Paul Collins Startup list
83701.  
83702. [WebArmyKnife]
83703. Number=11881
83704. Confirmed=N
83705. Filename=WAK.exe
83706. Description=<a href="http://www.webarmyknife.com/home.php" target=_blank>Web Army Knife</a> - a suite of web site developer's tools
83707. Source=Paul Collins Startup list
83708.  
83709. [webassist]
83710. Number=11882
83711. Confirmed=X
83712. Filename=webassist.exe
83713. Description=Adware popup generator
83714. Source=Paul Collins Startup list
83715.  
83716. [webcam]
83717. Number=11883
83718. Confirmed=X
83719. Filename=webcam.exe
83720. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmonada.html" target=_blank>MONAD-A</a> TROJAN! Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
83721. Source=Paul Collins Startup list
83722.  
83723. [Webcam Go Sti Service Application]
83724. Number=11884
83725. Confirmed=?
83726. Filename=wbcgosvc.exe
83727. Description=Control software for the portable Creative <a href="http://reviews.cnet.com/Creative_WebCam_Go/4505-6502_7-1446174.html" target="_blank">Webcam Go</a> digital camera/PC web cam. <font color="#FF0000">What does it do and is it required?</font>
83728. Source=Paul Collins Startup list
83729.  
83730. [WebcamRT.exe]
83731. Number=11885
83732. Confirmed=N
83733. Filename=WEBCAMRT.exe
83734. Description=For Logitech Web Cams. Not required - camera works fine without it
83735. Source=Paul Collins Startup list
83736.  
83737. [Webcelerator]
83738. Number=11886
83739. Confirmed=X
83740. Filename=webcel.exe
83741. Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
83742. Source=Paul Collins Startup list
83743.  
83744. [WebCheck]
83745. Number=11887
83746. Confirmed=X
83747. Filename=WebCheck.pif
83748. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031016-3315-99" target="_blank">CONE.C</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031414-1207-99" target="_blank">CONE.F</a> WORMS!
83749. Source=Paul Collins Startup list
83750.  
83751. [WebCpr0]
83752. Number=11888
83753. Confirmed=X
83754. Filename=WebCpr0.exe
83755. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
83756. Source=Paul Collins Startup list
83757.  
83758. [Webdav.exe]
83759. Number=11889
83760. Confirmed=X
83761. Filename=webdav.exe
83762. Description=IRC DDoS bot which gives the hacker full control over your system
83763. Source=Paul Collins Startup list
83764.  
83765. [WebExRemoteAccessAgent]
83766. Number=11890
83767. Confirmed=U
83768. Filename=raagtapp.exe
83769. Description=Related to <a href="http://www.webex.com/" target=_blank>Web Meetings</a> from WebEx Communications, Inc. Share and present online with anyone, anywhere
83770.  
83771. Source=Paul Collins Startup list
83772.  
83773. [WebHancer Agent]
83774. Number=11891
83775. Confirmed=X
83776. Filename=whagent.exe
83777. Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
83778. Source=Paul Collins Startup list
83779.  
83780. [webHancer Survey Companion]
83781. Number=11892
83782. Confirmed=X
83783. Filename=whSurvey.exe
83784. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=43482" target="_blank">WebHancer</a>trackware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there
83785.  
83786. Source=Paul Collins Startup list
83787.  
83788. [WebInstall]
83789. Number=11893
83790. Confirmed=X
83791. Filename=WebInstall.exe
83792. Description=ClipGenie adware downloader
83793. Source=Paul Collins Startup list
83794.  
83795. [WebInstall2]
83796. Number=11894
83797. Confirmed=X
83798. Filename=WebInstall.exe
83799. Description=ClipGenie adware downloader
83800. Source=Paul Collins Startup list
83801.  
83802. [WebKey]
83803. Number=11895
83804. Confirmed=N
83805. Filename=WebKey.exe
83806. Description=<a href="http://www.variagate.com/jbutils.htm?index" target="_blank">WebKey</a> from JB Utilities. Utility to keep track of login data required when browsing the internet
83807. Source=Paul Collins Startup list
83808.  
83809. [WebLink]
83810. Number=11896
83811. Confirmed=N
83812. Filename=WebLink.exe
83813. Description=Softex is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a persistent link"
83814. Source=Paul Collins Startup list
83815.  
83816. [WebOutfitterTray]
83817. Number=11897
83818. Confirmed=N
83819. Filename=sttray.exe
83820. Description=Intel WebOutfitter service System Tray icon
83821. Source=Paul Collins Startup list
83822.  
83823. [Webposition Gold 2]
83824. Number=11898
83825. Confirmed=N
83826. Filename=wpsche~1.exe
83827. Description=Scheduler for <a href="http://www.web-positiongold.com/" target="_blank"> Web Position Gold</a> - utility to help optimize the position of web-sites in search engines
83828. Source=Paul Collins Startup list
83829.  
83830. [WebRebates0]
83831. Number=11899
83832. Confirmed=X
83833. Filename=WebRebates0.exe
83834. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112314-5537-99" target="_blank">WebRebates</a> adware
83835. Source=Paul Collins Startup list
83836.  
83837. [WebRun]
83838. Number=11900
83839. Confirmed=X
83840. Filename=[random filename]
83841. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031409-4054-99" target=_blank>ADWARELOADER</a> TROJAN!
83842. Source=Paul Collins Startup list
83843.  
83844. [websaverlive]
83845. Number=11901
83846. Confirmed=U
83847. Filename=websaverlive.exe
83848. Description=<a href="http://12.47.194.20/help/channels.html" target="_blank">WebSaver Live!</a> is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle
83849. Source=Paul Collins Startup list
83850.  
83851. [WebSavingsfromEbates]
83852. Number=11902
83853. Confirmed=X
83854. Filename=WebSavingsfromEbatesrun.exe
83855. Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
83856. Source=Paul Collins Startup list
83857.  
83858. [WebSavingsFromEbates0]
83859. Number=11903
83860. Confirmed=X
83861. Filename=WebSavingsFromEbates0.exe
83862. Description=Web Savings From Ebates Software, a shopping tool that opens pop-up windows
83863.  
83864. Source=Paul Collins Startup list
83865.  
83866. [WebScan]
83867. Number=11904
83868. Confirmed=U
83869. Filename=DEFSCANGUI.EXE
83870. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
83871. Source=Paul Collins Startup list
83872.  
83873. [webscan]
83874. Number=11905
83875. Confirmed=U
83876. Filename=stopsignav.exe
83877. Description=eAcceleration Stop-Sign security software related. Previously not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note" target="_blank">here</a>
83878. Source=Paul Collins Startup list
83879.  
83880. [WebScanX]
83881. Number=11906
83882. Confirmed=Y
83883. Filename=WebScanX.exe
83884. Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
83885. Source=Paul Collins Startup list
83886.  
83887. [websearch]
83888. Number=11907
83889. Confirmed=X
83890. Filename=wjview ...websearch.exe
83891. Description="Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
83892. Source=Paul Collins Startup list
83893.  
83894. [WebSecureAlert]
83895. Number=11908
83896. Confirmed=N
83897. Filename=WebSecureAlert.exe
83898. Description=WebSecureAlert - "helps to protect your browser security by monitoring for unauthorized tampering with Internet Explorer's security settings, and can help to protect your privacy by deleting your web surfing history on a regular basis". Not recommended as it bundles <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605" target=_blank>GAIN</a> adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see <a href="http://www.claria.com/gainexit/" target="_blank">here</a>
83899. Source=Paul Collins Startup list
83900.  
83901. [WebServer]
83902. Number=11909
83903. Confirmed=?
83904. Filename=VBI_SE~1.EXE
83905. Description=<font color="#FF0000">Related to a Pinnacle sound card. What does it do and is it needed?</font>
83906. Source=Paul Collins Startup list
83907.  
83908. [Webshots]
83909. Number=11910
83910. Confirmed=U
83911. Filename=Webshots Tray.exe
83912. Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
83913. Source=Paul Collins Startup list
83914.  
83915. [Webshots]
83916. Number=11911
83917. Confirmed=U
83918. Filename=websho~1.exe
83919. Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
83920. Source=Paul Collins Startup list
83921.  
83922. [Webshots]
83923. Number=11912
83924. Confirmed=U
83925. Filename=Launcher.exe
83926. Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
83927. Source=Paul Collins Startup list
83928.  
83929. [Webshots]
83930. Number=11913
83931. Confirmed=U
83932. Filename=WebshotsTray.exe
83933. Description=<a href="http://www.webshots.com/samplers/" target="_blank">Webshots</a> - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web
83934. Source=Paul Collins Startup list
83935.  
83936. [Website Administrator Info]
83937. Number=11914
83938. Confirmed=X
83939. Filename=webadmin.exe
83940. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfy.html" target= blank>FORBOT-FY</a> WORM!
83941. Source=Paul Collins Startup list
83942.  
83943. [WebSpecials]
83944. Number=11915
83945. Confirmed=X
83946. Filename=rundll32 [path] webspec.dll
83947. Description=WebSpecials spyware
83948. Source=Paul Collins Startup list
83949.  
83950. [Websx]
83951. Number=11916
83952. Confirmed=X
83953. Filename=Int*****.exe
83954. Description=Adult content dialler - where ***** are random
83955. Source=Paul Collins Startup list
83956.  
83957. [Webtrap]
83958. Number=11917
83959. Confirmed=Y
83960. Filename=webtrap.exe
83961. Description=Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
83962. Source=Paul Collins Startup list
83963.  
83964. [WebTrapNT.exe]
83965. Number=11918
83966. Confirmed=Y
83967. Filename=WebTrapNT.exe
83968. Description=Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
83969. Source=Paul Collins Startup list
83970.  
83971. [WebWasher]
83972. Number=11919
83973. Confirmed=U
83974. Filename=wwasher.exe
83975. Description=Free Pop-up/ad/javascript filter program from <a href="http://www.webwasher.com" target="_blank">Siemens</a>. If not running then browsers will not be protected but will still work. Available via Start -> Programs
83976. Source=Paul Collins Startup list
83977.  
83978. [WeirdOnTheWeb]
83979. Number=11920
83980. Confirmed=X
83981. Filename=WeirdOnTheWeb.exe
83982. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053116-5734-99" target=_blank>WeirdOnTheWeb</a> adware
83983. Source=Paul Collins Startup list
83984.  
83985. [Welcome]
83986. Number=11921
83987. Confirmed=N
83988. Filename=Welcome.exe
83989. Description=Launches the Welcome to Windows tutorial on boot up
83990. Source=Paul Collins Startup list
83991.  
83992. [WEPstat]
83993. Number=11922
83994. Confirmed=?
83995. Filename=Wepstat.exe
83996. Description=Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". <font color="#FF0000"> Can anybody confirm this?</font>
83997. Source=Paul Collins Startup list
83998.  
83999. [wersds]
84000. Number=11923
84001. Confirmed=X
84002. Filename=doriot.exe
84003. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082715-2500-99" target="_blank">JECT.C</a> TROJAN!
84004. Source=Paul Collins Startup list
84005.  
84006. [wersds.exe]
84007. Number=11924
84008. Confirmed=X
84009. Filename=doriot.exe
84010. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledla.html" target=_blank>BAGLEDI-A</a> TROJAN!
84011. Source=Paul Collins Startup list
84012.  
84013. [wesumu]
84014. Number=11925
84015. Confirmed=X
84016. Filename=wiustv.exe
84017. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassl.html" target=_blank>QQPASS-L</a> TROJAN!
84018. Source=Paul Collins Startup list
84019.  
84020. [WetSock]
84021. Number=11926
84022. Confirmed=N
84023. Filename=wetsock.exe
84024. Description=<a href="http://www.robomagic.com/wetsock.htm" target="_blank">RoboMagic Wetsock</a> - weather reporting in the System Tray
84025. Source=Paul Collins Startup list
84026.  
84027. [wextract_cleanup0]
84028. Number=11927
84029. Confirmed=N
84030. Filename=advpack.dll, DelNodeRunDLL32 [path] [filename].TMP
84031. Description=Wextract Cleanup0 is valid and legal software included or sold to help clean up temporary or cab files created by the installer software for a wide variety of software. It should disapear after a restart of the system. If not fix it
84032.  
84033. Source=Paul Collins Startup list
84034.  
84035. [WFGStartup]
84036. Number=11928
84037. Confirmed=N
84038. Filename=WFGStartup.exe
84039. Description=<a href="http://asia.cnet.com/downloads/handheld/swinfo/0,39001949,39022960s,00.htm" target="_blank">World Weather</a>. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones"
84040. Source=Paul Collins Startup list
84041.  
84042. [wfips]
84043. Number=11929
84044. Confirmed=U
84045. Filename=iphider.exe
84046. Description=ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. '<a href="http://www.yammie.cc/ibinfo/ibinfo8.asp" target="_blank">ICQ Defoolder</a>' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see <a href="http://www.arcwebserv.com/jumpsite/icqprotect.html" target="_blank">here</a>
84047. Source=Paul Collins Startup list
84048.  
84049. [WFXCTL32.EXE]
84050. Number=11930
84051. Confirmed=N
84052. Filename=WFXCTL32.EXE
84053. Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
84054. Source=Paul Collins Startup list
84055.  
84056. [wfxsnt40]
84057. Number=11931
84058. Confirmed=Y
84059. Filename=wfxsnt40.exe
84060. Description=WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
84061. Source=Paul Collins Startup list
84062.  
84063. [WFXSwtch]
84064. Number=11932
84065. Confirmed=?
84066. Filename=WFXSWTCH.exe
84067. Description=Related to WinFax. <font color="#FF0000">What does it do and is it required?</font>
84068. Source=Paul Collins Startup list
84069.  
84070. [WG111v2 Smart Wizard Wireless Setting]
84071. Number=11933
84072. Confirmed=U
84073. Filename=RtlWake.exe
84074. Description=Configuration utility for the Netgear <a href="http://www.netgear.com/Products/Adapters/GWirelessAdapters/WG111.aspx" target="_blank">WG111</a> 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"
84075. Source=Paul Collins Startup list
84076.  
84077. [WG511WLU]
84078. Number=11934
84079. Confirmed=Y
84080. Filename=WG511WLU.exe
84081. Description=Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
84082.  
84083. Source=Paul Collins Startup list
84084.  
84085. [wgeax]
84086. Number=11935
84087. Confirmed=X
84088. Filename=wgeax.exe
84089. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ircbottm.html" target="_blank">IRCBOT-TM</a> WORM!
84090. Source=Paul Collins Startup list
84091.  
84092. [wgs3]
84093. Number=11936
84094. Confirmed=X
84095. Filename=wgs3.exe
84096. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqh.html" target="_blank">LEGMIR-AQH</a> TROJAN!
84097. Source=Paul Collins Startup list
84098.  
84099. [WGV]
84100. Number=11937
84101. Confirmed=X
84102. Filename=WGV.exe
84103. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=103661862746" target="_blank">ZIPPIE</a> TROJAN!
84104. Source=Paul Collins Startup list
84105.  
84106. [WGWLocalManager]
84107. Number=11938
84108. Confirmed=U
84109. Filename=WGWLocalManager.exe
84110. Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system
84111. Source=Paul Collins Startup list
84112.  
84113. [WgwMngr]
84114. Number=11939
84115. Confirmed=Y
84116. Filename=WgwMngr.exe
84117. Description=Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so
84118. Source=Paul Collins Startup list
84119.  
84120. [whagent]
84121. Number=11940
84122. Confirmed=X
84123. Filename=whagent.exe
84124. Description=System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about <a href="http://www.cexx.org/adware.htm" target="_blank">here</a>
84125. Source=Paul Collins Startup list
84126.  
84127. [WhatPulse]
84128. Number=11941
84129. Confirmed=U
84130. Filename=WHATPU~1.EXE
84131. Description=<a href="http://whatpulse.org/" target=_blank>WhatPulse</a> keeps track of your keystrokes, allowing you to find out just how much you type a day
84132. Source=Paul Collins Startup list
84133.  
84134. [WheelMouse]
84135. Number=11942
84136. Confirmed=U
84137. Filename=4DMAIN.EXE
84138. Description=Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide
84139. Source=Paul Collins Startup list
84140.  
84141. [WheelMouse]
84142. Number=11943
84143. Confirmed=U
84144. Filename=AMOUMAIN.EXE
84145. Description=<a href="http://www.a4tech.com/a4techenglish/index.html" target="_blank">A4Tech</a> wireless mouse driver and utility - required if you use non-standard Windows driver features
84146. Source=Paul Collins Startup list
84147.  
84148. [WheelsMouse]
84149. Number=11944
84150. Confirmed=X
84151. Filename=[path to trojan]
84152. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsocksprd.html" target=_blank>SOCKSPR-D</a> TROJAN!
84153. Source=Paul Collins Startup list
84154.  
84155. [WhenUSave]
84156. Number=11945
84157. Confirmed=X
84158. Filename=Save.exe
84159. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
84160. Source=Paul Collins Startup list
84161.  
84162. [WhenUSearch]
84163. Number=11946
84164. Confirmed=X
84165. Filename=Search.exe
84166. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
84167. Source=Paul Collins Startup list
84168.  
84169. [WhenUSearchWHSE]
84170. Number=11947
84171. Confirmed=X
84172. Filename=whse.exe
84173. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810" target=_blank>WhenU.Save</a> adware
84174. Source=Paul Collins Startup list
84175.  
84176. [Whistler]
84177. Number=11948
84178. Confirmed=X
84179. Filename=whismng.exe
84180. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwhistlerf.html" target= blank>WHISTLER-F</a> TROJAN!
84181. Source=Paul Collins Startup list
84182.  
84183. [Whitechix]
84184. Number=11949
84185. Confirmed=X
84186. Filename=brightx.exe
84187. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
84188. Source=Paul Collins Startup list
84189.  
84190. [Whvlxd]
84191. Number=11950
84192. Confirmed=X
84193. Filename=Whvlxd.exe
84194. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzapchascs.html" target="_blank">ZAPCHAS-CS</a> TROJAN!
84195. Source=Paul Collins Startup list
84196.  
84197. [whxpin service]
84198. Number=11951
84199. Confirmed=X
84200. Filename=ssvsol.exe
84201. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84202. Source=Paul Collins Startup list
84203.  
84204. [WIAWizardMenu]
84205. Number=11952
84206. Confirmed=N
84207. Filename=RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu
84208. Description=Still Image Class Installer - installed with a webcam
84209. Source=Paul Collins Startup list
84210.  
84211. [Widnows Xp Web scan]
84212. Number=11953
84213. Confirmed=X
84214. Filename=xpscan.exe
84215. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
84216. Source=Paul Collins Startup list
84217.  
84218. [wifeman]
84219. Number=11954
84220. Confirmed=X
84221. Filename=wifeman.exe
84222. Description=Unidentified malware
84223. Source=Paul Collins Startup list
84224.  
84225. [WiFix service]
84226. Number=11955
84227. Confirmed=X
84228. Filename=[random filename]
84229. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84230. Source=Paul Collins Startup list
84231.  
84232. [WildFlics]
84233. Number=11956
84234. Confirmed=X
84235. Filename=WildFlics.exe
84236. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/dialdirectb.html" target=_blank>Direct-B</a> premium rate adult content dialler
84237. Source=Paul Collins Startup list
84238.  
84239. [WildTangent CDA]
84240. Number=11957
84241. Confirmed=?
84242. Filename=RUNDLL32.exe cdaEngine0400.dll, cdaEngineMain
84243. Description=Part of the <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games system. <font color="#FF0000">What does it do and is it required?</font>
84244. Source=Paul Collins Startup list
84245.  
84246. [WildTangent Web Driver updater]
84247. Number=11958
84248. Confirmed=U
84249. Filename=wcmdmgrl.exe
84250. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">Web Driver</a> delivery system for <a href="http://www.wildtangent.com/default.asp" target="_blank">WildTangent</a> on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=company_art&artid=art20030925_A" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
84251. Source=Paul Collins Startup list
84252.  
84253. [Wildwire Monitor]
84254. Number=11959
84255. Confirmed=N
84256. Filename=WWMon.exe
84257. Description=This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
84258. Source=Paul Collins Startup list
84259.  
84260. [Willow Road]
84261. Number=11960
84262. Confirmed=N
84263. Filename=WillowRoad.exe
84264. Description=Willow Road Screen Saver
84265. Source=Paul Collins Startup list
84266.  
84267. [win]
84268. Number=11961
84269. Confirmed=X
84270. Filename=regedit -s ..win.dll
84271. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN!
84272. Source=Paul Collins Startup list
84273.  
84274. [win]
84275. Number=11962
84276. Confirmed=X
84277. Filename=xwinxrpc32.exe
84278. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target="_blank">AGOBOT-MV</a> WORM!
84279. Source=Paul Collins Startup list
84280.  
84281. [win]
84282. Number=11963
84283. Confirmed=X
84284. Filename=xwinxrpc.exe
84285. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmv.html" target=_blank>AGOBOT-MV</a> WORM!
84286. Source=Paul Collins Startup list
84287.  
84288. [WIN]
84289. Number=11964
84290. Confirmed=X
84291. Filename=ehshell.exe
84292. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcq.html" target=_blank>MYTOB-CQ</a> WORM!
84293. Source=Paul Collins Startup list
84294.  
84295. [WIN]
84296. Number=11965
84297. Confirmed=X
84298. Filename=windows.exe
84299. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071521-3122-99" target=_blank>REATLE.C</a> WORM!
84300. Source=Paul Collins Startup list
84301.  
84302. [Win Chimes]
84303. Number=11966
84304. Confirmed=U
84305. Filename=winchi~1.exe
84306. Description=<a href="http://www.freefunfiles.com/software/desktopapplications/calendars/winchimes.html" target="_blank">WinChimes</a> - enhancement software for the system clock that runs in the system tray
84307. Source=Paul Collins Startup list
84308.  
84309. [Win Comm]
84310. Number=11967
84311. Confirmed=X
84312. Filename=WinComm.exe
84313. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WinCom%20Trojan&threatid=14400" target=_blank>WINCOM</a> TROJAN!
84314. Source=Paul Collins Startup list
84315.  
84316. [Win Command]
84317. Number=11968
84318. Confirmed=X
84319. Filename=command32.exe
84320. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XQ" target="_blank">AGOBOT.XQ</a> WORM!
84321. Source=Paul Collins Startup list
84322.  
84323. [Win CPU]
84324. Number=11969
84325. Confirmed=X
84326. Filename=sysin.pif
84327. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxl.html" target=_blank>RBOT-AXL</a> WORM!
84328. Source=Paul Collins Startup list
84329.  
84330. [win ctl app]
84331. Number=11970
84332. Confirmed=X
84333. Filename=wuctl.exe
84334. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
84335. Source=Paul Collins Startup list
84336.  
84337. [Win Drivers SSL]
84338. Number=11971
84339. Confirmed=X
84340. Filename=hpws.exe
84341. Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=2085" target=_blank>IRCBOT.67098</a> WORM!
84342. Source=Paul Collins Startup list
84343.  
84344. [Win Drivers SSL]
84345. Number=11972
84346. Confirmed=X
84347. Filename=TASKMAN4.exe
84348. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
84349. Source=Paul Collins Startup list
84350.  
84351. [Win Drivers SSL]
84352. Number=11973
84353. Confirmed=X
84354. Filename=hpws.exe
84355. Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=2085" target=_blank>IRCBOT.67098</a> WORM!
84356. Source=Paul Collins Startup list
84357.  
84358. [Win Drivers SSL32]
84359. Number=11974
84360. Confirmed=X
84361. Filename=hpwsnnsbc.exe
84362. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.MAR&VSect=T" target=_blank>SPYBOT.MAR</a> WORM!
84363. Source=Paul Collins Startup list
84364.  
84365. [WIN HOST PROCESS]
84366. Number=11975
84367. Confirmed=X
84368. Filename=WIN HOST PROCESS.EXE
84369. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070913-4945-99" target="_blank">KEYLOGGER.CLONE</a> TROJAN!
84370. Source=Paul Collins Startup list
84371.  
84372. [Win INI 32]
84373. Number=11976
84374. Confirmed=X
84375. Filename=msrp32.exe
84376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzc.html" target="_blank">RBOT-FZC</a> WORM!
84377. Source=Paul Collins Startup list
84378.  
84379. [Win l5oahder]
84380. Number=11977
84381. Confirmed=X
84382. Filename=winampa.exe
84383. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory
84384. Source=Paul Collins Startup list
84385.  
84386. [Win Login]
84387. Number=11978
84388. Confirmed=X
84389. Filename=winlogin.exe
84390. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawe.html" target=_blank>RBOT-AWE</a> WORM! Note - this trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder
84391. Source=Paul Collins Startup list
84392.  
84393. [Win Microsoft 98]
84394. Number=11979
84395. Confirmed=X
84396. Filename=win14.exe
84397. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakx.html" target=_blank>RBOT-AKX</a> WORM!
84398. Source=Paul Collins Startup list
84399.  
84400. [win name]
84401. Number=11980
84402. Confirmed=?
84403. Filename=stat.exe
84404. Description=<font color="#FF0000">??</font>
84405. Source=Paul Collins Startup list
84406.  
84407. [Win Patch]
84408. Number=11981
84409. Confirmed=X
84410. Filename=ntldr.exe
84411. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotgs.html" target=_blank>SDBOT-GS</a> WORM!
84412. Source=Paul Collins Startup list
84413.  
84414. [Win Process Updates]
84415. Number=11982
84416. Confirmed=X
84417. Filename=winupdates.exe
84418. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84419. Source=Paul Collins Startup list
84420.  
84421. [Win Prosess0r]
84422. Number=11983
84423. Confirmed=X
84424. Filename=[random filename]
84425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbit.html" target="_blank">RBOT-BIT</a> WORM!
84426. Source=Paul Collins Startup list
84427.  
84428. [WIN prosessor16]
84429. Number=11984
84430. Confirmed=X
84431. Filename=[random filename].exe
84432. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84433. Source=Paul Collins Startup list
84434.  
84435. [Win Proxy32 Protocol]
84436. Number=11985
84437. Confirmed=X
84438. Filename=bsvtem.exe
84439. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84440. Source=Paul Collins Startup list
84441.  
84442. [Win Secure Update]
84443. Number=11986
84444. Confirmed=X
84445. Filename=[random filename]
84446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagi.html" target=_blank>RBOT-AGI</a> WORM!
84447. Source=Paul Collins Startup list
84448.  
84449. [Win Security]
84450. Number=11987
84451. Confirmed=X
84452. Filename=msw32.pif
84453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqt.html" target=_blank>RBOT-AQT</a> WORM!
84454. Source=Paul Collins Startup list
84455.  
84456. [Win Server]
84457. Number=11988
84458. Confirmed=X
84459. Filename=winserv.exe
84460. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
84461. Source=Paul Collins Startup list
84462.  
84463. [Win Server Updt]
84464. Number=11989
84465. Confirmed=X
84466. Filename=wupdt.exe
84467. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
84468. Source=Paul Collins Startup list
84469.  
84470. [Win Server Updt]
84471. Number=11990
84472. Confirmed=X
84473. Filename=winserver.exe
84474. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41623" target= blank>IMISERV</a> TROJAN!
84475. Source=Paul Collins Startup list
84476.  
84477. [Win Server Updt]
84478. Number=11991
84479. Confirmed=X
84480. Filename=pxckdla.exe
84481. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080410-4405-99" target=_blank>IEPlugin</a> adware
84482. Source=Paul Collins Startup list
84483.  
84484. [Win TaskLoader]
84485. Number=11992
84486. Confirmed=X
84487. Filename=msgmr.exe
84488. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032517-2147-99" target=_blank>MYTOB.L</a> WORM!
84489. Source=Paul Collins Startup list
84490.  
84491. [win update]
84492. Number=11993
84493. Confirmed=X
84494. Filename=wupda32.exe
84495. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.J" target="_blank">SDBOT.J</a> WORM!
84496. Source=Paul Collins Startup list
84497.  
84498. [win update]
84499. Number=11994
84500. Confirmed=X
84501. Filename=wapdate.exe
84502. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
84503. Source=Paul Collins Startup list
84504.  
84505. [Win Update]
84506. Number=11995
84507. Confirmed=X
84508. Filename=SysUpdate.exe
84509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottn.html" target=_blank>AGOBOT-TN</a> WORM!
84510. Source=Paul Collins Startup list
84511.  
84512. [Win Update]
84513. Number=11996
84514. Confirmed=X
84515. Filename=oleupdate.exe
84516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentuy.html" target=_blank>AGENT-UY</a> TROJAN!
84517. Source=Paul Collins Startup list
84518.  
84519. [Win Update]
84520. Number=11997
84521. Confirmed=X
84522. Filename=msnmger.exe
84523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgdp.html" target="_blank">RBOT-GDP</a> WORM!
84524. Source=Paul Collins Startup list
84525.  
84526. [Win Updater]
84527. Number=11998
84528. Confirmed=X
84529. Filename=WINUPDATER.EXE
84530. Description=Added by the <a href="http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IP" target=_blank>RBOT.IP</a> WORM!
84531. Source=Paul Collins Startup list
84532.  
84533. [Win Updator Services]
84534. Number=11999
84535. Confirmed=X
84536. Filename=ctfnom.exe
84537. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
84538. Source=Paul Collins Startup list
84539.  
84540. [WIN USB 2.0]
84541. Number=12000
84542. Confirmed=X
84543. Filename=usbsystem.exe
84544. Description=Added by an unidentified WORM of TROJAN!
84545. Source=Paul Collins Startup list
84546.  
84547. [WIN USB 2.0]
84548. Number=12001
84549. Confirmed=X
84550. Filename=winusb.exe
84551. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
84552. Source=Paul Collins Startup list
84553.  
84554. [Win USB 2.0 USB Driver]
84555. Number=12002
84556. Confirmed=X
84557. Filename=HPPrint.exe
84558. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091311-4329-99" target="_blank">SPYBOT.DNB</a> WORM!
84559. Source=Paul Collins Startup list
84560.  
84561. [WIN USB SUPPORT]
84562. Number=12003
84563. Confirmed=X
84564. Filename=grxsrv.exe
84565. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
84566. Source=Paul Collins Startup list
84567.  
84568. [Win Validation Application]
84569. Number=12004
84570. Confirmed=X
84571. Filename=DBExecCom.exe
84572. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32vbsillya.html" target=_blank>VBSILLY-A</a> WORM!
84573. Source=Paul Collins Startup list
84574.  
84575. [Win WinAmp]
84576. Number=12005
84577. Confirmed=X
84578. Filename=winamp.exe
84579. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AGF" target="_blank">RBOT.AGF</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
84580. Source=Paul Collins Startup list
84581.  
84582. [win************* [* = random digit]]
84583. Number=12006
84584. Confirmed=X
84585. Filename=win*************.exe [* = random digit]
84586. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062915-3210-99" target=_blank>WINBO</a> adware
84587. Source=Paul Collins Startup list
84588.  
84589. [WIN-BUGSFIX]
84590. Number=12007
84591. Confirmed=X
84592. Filename=WIN-BUGSFIX.EXE
84593. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
84594. Source=Paul Collins Startup list
84595.  
84596. [win-xp]
84597. Number=12008
84598. Confirmed=X
84599. Filename=nvsc32.exe
84600. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
84601. Source=Paul Collins Startup list
84602.  
84603. [win-xp]
84604. Number=12009
84605. Confirmed=X
84606. Filename=winis.exe
84607. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
84608. Source=Paul Collins Startup list
84609.  
84610. [win-xp]
84611. Number=12010
84612. Confirmed=X
84613. Filename=winis.exe
84614. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021515-4514-99" target=_blank>BROPIA.N</a> WORM!
84615. Source=Paul Collins Startup list
84616.  
84617. [win.exe]
84618. Number=12011
84619. Confirmed=X
84620. Filename=win.exe
84621. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpodropc.html" target=_blank>PODROP-C</a> TROJAN!
84622. Source=Paul Collins Startup list
84623.  
84624. [win16.dll]
84625. Number=12012
84626. Confirmed=U
84627. Filename=win16dll.exe
84628. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.screenspy.html" target=_blank>Screenspy</a> captures screenshots silently. If you didn't install this yourself, remove it
84629. Source=Paul Collins Startup list
84630.  
84631. [Win2Drv]
84632. Number=12013
84633. Confirmed=X
84634. Filename=[worm filename]
84635. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101514-3703-99" target="_blank">WINTOO</a> WORM!
84636. Source=Paul Collins Startup list
84637.  
84638. [WIN32]
84639. Number=12014
84640. Confirmed=X
84641. Filename=WIN32.EXE
84642. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-042814-1021-99" target="_blank">RATEGA</a> TROJAN!
84643. Source=Paul Collins Startup list
84644.  
84645. [win32]
84646. Number=12015
84647. Confirmed=X
84648. Filename=Shakira_1997_Part_1_.Mpeg_.scr
84649. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070316-2426-99" target="_blank">MYLIFE.N</a> WORM!
84650. Source=Paul Collins Startup list
84651.  
84652. [win32]
84653. Number=12016
84654. Confirmed=X
84655. Filename=Setup_32.exe
84656. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090718-0006-99" target="_blank">EVILBOT.B</a> TROJAN!
84657. Source=Paul Collins Startup list
84658.  
84659. [Win32]
84660. Number=12017
84661. Confirmed=X
84662. Filename=Win32.exe
84663. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ISRAZ.A" target="_blank">ISRAZ.A</a> WORM!
84664. Source=Paul Collins Startup list
84665.  
84666. [win32]
84667. Number=12018
84668. Confirmed=X
84669. Filename=winsrv32.exe
84670. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090317-4618-99" target="_blank">ADUENT</a> TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites
84671. Source=Paul Collins Startup list
84672.  
84673. [win32]
84674. Number=12019
84675. Confirmed=X
84676. Filename=WinSetup.exe
84677. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090718-0006-99" target="_blank">EVILBOT.B</a> TROJAN!
84678. Source=Paul Collins Startup list
84679.  
84680. [Win32]
84681. Number=12020
84682. Confirmed=X
84683. Filename=system32.vbs
84684. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012011-3745-99" target=_blank>SWERUN</a> VIRUS!
84685. Source=Paul Collins Startup list
84686.  
84687. [Win32]
84688. Number=12021
84689. Confirmed=X
84690. Filename=Game.exe.vbs
84691. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031515-4025-99" target=_blank>SCAFENE</a> WORM!
84692. Source=Paul Collins Startup list
84693.  
84694. [Win32]
84695. Number=12022
84696. Confirmed=X
84697. Filename=arsetup.exe
84698. Description=Added by the SPAZBOX.A TROJAN!
84699. Source=Paul Collins Startup list
84700.  
84701. [win32]
84702. Number=12023
84703. Confirmed=X
84704. Filename=winhost.exe
84705. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-020311-1125-99" target=_blank>BROPIA.J</a> WORM!
84706. Source=Paul Collins Startup list
84707.  
84708. [Win32]
84709. Number=12024
84710. Confirmed=X
84711. Filename=winnnit.exe
84712. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84713. Source=Paul Collins Startup list
84714.  
84715. [Win32]
84716. Number=12025
84717. Confirmed=X
84718. Filename=msnsrv.exe
84719. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
84720. Source=Paul Collins Startup list
84721.  
84722. [Win32]
84723. Number=12026
84724. Confirmed=X
84725. Filename=sysmon.exe
84726. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhq.html" target="_blank">MYTOB-HQ</a> TROJAN!
84727. Source=Paul Collins Startup list
84728.  
84729. [Win32]
84730. Number=12027
84731. Confirmed=X
84732. Filename=zaq.exe
84733. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgce.html" target="_blank">RBOT-GCE</a> WORM!
84734. Source=Paul Collins Startup list
84735.  
84736. [Win32 Bios]
84737. Number=12028
84738. Confirmed=X
84739. Filename=Winbios.exe
84740. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32semapia.html" target= blank>SEMAPI-A</a> WORM!
84741. Source=Paul Collins Startup list
84742.  
84743. [Win32 Configuration]
84744. Number=12029
84745. Confirmed=X
84746. Filename=videosd32.exe
84747. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TT" target="_blank">SDBOT.TT</a> WORM!
84748. Source=Paul Collins Startup list
84749.  
84750. [Win32 Configuration]
84751. Number=12030
84752. Confirmed=X
84753. Filename=dllhelp.exe
84754. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UL" target="_blank">SDBOT.UL</a> WORM!
84755. Source=Paul Collins Startup list
84756.  
84757. [Win32 Configuration]
84758. Number=12031
84759. Confirmed=X
84760. Filename=mplayer.exe
84761. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbz.html" target=_blank>FORBOT-BZ</a> WORM!
84762. Source=Paul Collins Startup list
84763.  
84764. [WIN32 DDOSSER]
84765. Number=12032
84766. Confirmed=X
84767. Filename=dos.exe
84768. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031114-5534-99" target=_blank>KELVIR.F</a> WORM!
84769. Source=Paul Collins Startup list
84770.  
84771. [Win32 Debug Manager]
84772. Number=12033
84773. Confirmed=X
84774. Filename=Win32Debug.exe
84775. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
84776. Source=Paul Collins Startup list
84777.  
84778. [Win32 Debug Manager]
84779. Number=12034
84780. Confirmed=X
84781. Filename=microsoftupd.exe
84782. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
84783. Source=Paul Collins Startup list
84784.  
84785. [Win32 Device Loader]
84786. Number=12035
84787. Confirmed=X
84788. Filename=Win32ldr.exe
84789. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
84790. Source=Paul Collins Startup list
84791.  
84792. [Win32 Driver]
84793. Number=12036
84794. Confirmed=X
84795. Filename=svchosts.exe
84796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfd.html" target=_blank>FORBOT-FD</a> WORM!
84797. Source=Paul Collins Startup list
84798.  
84799. [Win32 Drivers]
84800. Number=12037
84801. Confirmed=X
84802. Filename=winlogons.exe
84803. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfg.html" target=_blank>FORBOT-FG</a> WORM!
84804. Source=Paul Collins Startup list
84805.  
84806. [Win32 DRK Driver]
84807. Number=12038
84808. Confirmed=X
84809. Filename=wdrk32.exe
84810. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CY" target="_blank">WOOTBOT.CY</a> WORM!
84811. Source=Paul Collins Startup list
84812.  
84813. [Win32 exe file]
84814. Number=12039
84815. Confirmed=X
84816. Filename=winstr32.exe
84817. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
84818. Source=Paul Collins Startup list
84819.  
84820. [Win32 Explorer]
84821. Number=12040
84822. Confirmed=X
84823. Filename=Explorer32.exe
84824. Description=<a href="http://www.sophos.com/virusinfo/analyses/trojstartpamn.html" target="_blank">StartPa-MN</a> homepage hijacker
84825. Source=Paul Collins Startup list
84826.  
84827. [Win32 Firewall Driver]
84828. Number=12041
84829. Confirmed=X
84830. Filename=winfw.exe
84831. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
84832. Source=Paul Collins Startup list
84833.  
84834. [Win32 FireWire Driver]
84835. Number=12042
84836. Confirmed=X
84837. Filename=CTHELPER32.EXE
84838. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WootBot&threatid=15094" target="_blank">WOOTBOT</a> TROJAN!
84839. Source=Paul Collins Startup list
84840.  
84841. [Win32 FRT Driver]
84842. Number=12043
84843. Confirmed=X
84844. Filename=msfr32.exe
84845. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
84846. Source=Paul Collins Startup list
84847.  
84848. [Win32 Help32 Service]
84849. Number=12044
84850. Confirmed=X
84851. Filename=win32help.exe
84852. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotu.html" target="_blank">DELBOT-U</a> WORM!
84853. Source=Paul Collins Startup list
84854.  
84855. [Win32 Information Service]
84856. Number=12045
84857. Confirmed=X
84858. Filename=crsrs.exe
84859. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-030816-3346-99" target="_blank">RINBOT.Y</a> WORM!
84860. Source=Paul Collins Startup list
84861.  
84862. [Win32 Information Service]
84863. Number=12046
84864. Confirmed=X
84865. Filename=crsss.exe
84866. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboto.html" target="_blank">DELBOT-O</a> WORM!
84867. Source=Paul Collins Startup list
84868.  
84869. [win32 internet server]
84870. Number=12047
84871. Confirmed=X
84872. Filename=winserver.exe
84873. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermond.html" target=_blank>DERMON-D</a> TROJAN!
84874. Source=Paul Collins Startup list
84875.  
84876. [Win32 Kernel core component]
84877. Number=12048
84878. Confirmed=X
84879. Filename=Kernel32.pif
84880. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091614-3954-99" target="_blank">MOKS</a> VIRUS!
84881. Source=Paul Collins Startup list
84882.  
84883. [Win32 LSA Driver]
84884. Number=12049
84885. Confirmed=X
84886. Filename=lsa.exe
84887. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfj.html" target=_blank>FORBOT-FJ</a> WORM!
84888. Source=Paul Collins Startup list
84889.  
84890. [Win32 Ms Auto Updater]
84891. Number=12050
84892. Confirmed=X
84893. Filename=AutomsUPD.exe
84894. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
84895. Source=Paul Collins Startup list
84896.  
84897. [Win32 NDIS Driver]
84898. Number=12051
84899. Confirmed=X
84900. Filename=xpndis.exe
84901. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
84902. Source=Paul Collins Startup list
84903.  
84904. [Win32 Network Driver]
84905. Number=12052
84906. Confirmed=X
84907. Filename=crss.exe
84908. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
84909. Source=Paul Collins Startup list
84910.  
84911. [Win32 NT Adv Services]
84912. Number=12053
84913. Confirmed=X
84914. Filename=taskmngr.exe
84915. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotade.html" target=_blank>RBOT-ADE</a> WORM!
84916. Source=Paul Collins Startup list
84917.  
84918. [Win32 nvc]
84919. Number=12054
84920. Confirmed=X
84921. Filename=nvcva.exe
84922. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabf.html" target= blank>RBOT-ABF</a> WORM!
84923. Source=Paul Collins Startup list
84924.  
84925. [Win32 NVIDIA Driver]
84926. Number=12055
84927. Confirmed=X
84928. Filename=MSPMSPSU.EXE
84929. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y" target=_blank>WOOTBOT.Y</a> WORM!
84930. Source=Paul Collins Startup list
84931.  
84932. [win32 regedit]
84933. Number=12056
84934. Confirmed=X
84935. Filename=msn32.exe
84936. Description=Added by an unidentified WORM or TROJAN!
84937. Source=Paul Collins Startup list
84938.  
84939. [Win32 Rundll Loader]
84940. Number=12057
84941. Confirmed=X
84942. Filename=Rundll32.exe
84943. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.A" target="_blank">SDBOT.A</a> TROJAN! Note - this is not to be confused with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> file!
84944. Source=Paul Collins Startup list
84945.  
84946. [Win32 Secure]
84947. Number=12058
84948. Confirmed=X
84949. Filename=msconfigsvc.exe
84950. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
84951. Source=Paul Collins Startup list
84952.  
84953. [Win32 Security Protocol]
84954. Number=12059
84955. Confirmed=X
84956. Filename=secure32.exe
84957. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboteti.html" target="_blank">RBOT-ETI</a> WORM!
84958. Source=Paul Collins Startup list
84959.  
84960. [Win32 Security Service]
84961. Number=12060
84962. Confirmed=X
84963. Filename=crsrs.exe
84964. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbots.html" target="_blank">DELBOT-S</a> WORM!
84965. Source=Paul Collins Startup list
84966.  
84967. [Win32 Service]
84968. Number=12061
84969. Confirmed=X
84970. Filename=bazzi.exe
84971. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022311-5800-99" target=_blank>AHKER.E</a> WORM!
84972. Source=Paul Collins Startup list
84973.  
84974. [Win32 Services]
84975. Number=12062
84976. Confirmed=X
84977. Filename=odbc32.exe
84978. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotek.html" target=_blank>SPYBOT-EK</a> WORM!
84979. Source=Paul Collins Startup list
84980.  
84981. [Win32 Services Config]
84982. Number=12063
84983. Confirmed=X
84984. Filename=winwkys.exe
84985. Description=Added by the <a href="http://ae.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_RBOT.BKY" target=_blank>RBOT.BKY</a> WORM!
84986. Source=Paul Collins Startup list
84987.  
84988. [Win32 Services1]
84989. Number=12064
84990. Confirmed=X
84991. Filename=wuamngr1.exe
84992. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpv.html" target="_blank">SDBOT-PV</a> WORM!
84993. Source=Paul Collins Startup list
84994.  
84995. [Win32 Src Service]
84996. Number=12065
84997. Confirmed=X
84998. Filename=win32src.exe
84999. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsx.html" target=_blank>RBOT-SX</a> WORM!
85000. Source=Paul Collins Startup list
85001.  
85002. [Win32 SSL Driver]
85003. Number=12066
85004. Confirmed=X
85005. Filename=winssv.exe
85006. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbh.html" target=_blank>FORBOT-BH</a> WORM!
85007.  
85008. Source=Paul Collins Startup list
85009.  
85010. [Win32 Svchosts Driver]
85011. Number=12067
85012. Confirmed=X
85013. Filename=svchosts.exe
85014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfo.html" target=_blank>FORBOT-FO</a> WORM!
85015. Source=Paul Collins Startup list
85016.  
85017. [win32 system server]
85018. Number=12068
85019. Confirmed=X
85020. Filename=winserver.exe
85021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdermona.html" target=_blank>DERMON-A</a> TROJAN!
85022. Source=Paul Collins Startup list
85023.  
85024. [Win32 System Spool]
85025. Number=12069
85026. Confirmed=X
85027. Filename=spoolsvc.exe
85028. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UK" target="_blank">SDBOT.UK</a> WORM!
85029. Source=Paul Collins Startup list
85030.  
85031. [Win32 Test]
85032. Number=12070
85033. Confirmed=X
85034. Filename=bleatest.exe
85035. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
85036. Source=Paul Collins Startup list
85037.  
85038. [Win32 Update]
85039. Number=12071
85040. Confirmed=X
85041. Filename=svchosts.exe
85042. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
85043. Source=Paul Collins Startup list
85044.  
85045. [Win32 Update]
85046. Number=12072
85047. Confirmed=X
85048. Filename=dl32.exe
85049. Description=Added by an unidentified WORM or TROJAN!
85050. Source=Paul Collins Startup list
85051.  
85052. [win32 update service]
85053. Number=12073
85054. Confirmed=X
85055. Filename=svchostt.exe
85056. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
85057. Source=Paul Collins Startup list
85058.  
85059. [Win32 USB Driver]
85060. Number=12074
85061. Confirmed=X
85062. Filename=winxpinit.exe
85063. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5953-99" target="_blank">SDBOT.AA</a> TROJAN!
85064. Source=Paul Collins Startup list
85065.  
85066. [Win32 USB Driver]
85067. Number=12075
85068. Confirmed=X
85069. Filename=mvsecn.exe
85070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbk.html" target=_blank>FORBOT-BK</a> WORM!
85071.  
85072. Source=Paul Collins Startup list
85073.  
85074. [Win32 Usb Driver]
85075. Number=12076
85076. Confirmed=X
85077. Filename=svhosint32.exe
85078. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbe.html" target=_blank>FORBOT-BE</a> or  <a href="http://www.sophos.com/virusinfo/analyses/w32forbotj.html" target=_blank>FORBOT-J</a> WORMS! 
85079.  
85080. Source=Paul Collins Startup list
85081.  
85082. [Win32 Usb Driver]
85083. Number=12077
85084. Confirmed=X
85085. Filename=usb32.exe
85086. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotov.html" target=_blank>SDBOT-OV</a> WORM!
85087. Source=Paul Collins Startup list
85088.  
85089. [Win32 Usb Driver]
85090. Number=12078
85091. Confirmed=X
85092. Filename=AvpG.exe
85093. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbx.html" target=_blank>FORBOT-BX</a> WORM!
85094. Source=Paul Collins Startup list
85095.  
85096. [Win32 USB2]
85097. Number=12079
85098. Confirmed=X
85099. Filename=wins32.exe
85100. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
85101. Source=Paul Collins Startup list
85102.  
85103. [Win32 USB2 Driver]
85104. Number=12080
85105. Confirmed=X
85106. Filename=win32usb.exe
85107. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090717-1216-99" target="_blank">SPYBOT.DHV</a> WORM!
85108. Source=Paul Collins Startup list
85109.  
85110. [Win32 USB2 Driver]
85111. Number=12081
85112. Confirmed=X
85113. Filename=smsc.exe
85114. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FO&Vsect=T" target="_blank">SDBOT.FO</a> WORM!
85115. Source=Paul Collins Startup list
85116.  
85117. [Win32 USB2 Driver]
85118. Number=12082
85119. Confirmed=X
85120. Filename=svchosting.exe
85121. Description=Added by the FORBOT.J or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.HU" target="_blank">SDBOT.HU</a> WORM!
85122. Source=Paul Collins Startup list
85123.  
85124. [Win32 USB2 Driver]
85125. Number=12083
85126. Confirmed=X
85127. Filename=sys32.exe
85128. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.X" target="_blank">WOOTBOT.X</a> WORM!
85129. Source=Paul Collins Startup list
85130.  
85131. [Win32 USB2 Driver]
85132. Number=12084
85133. Confirmed=X
85134. Filename=sys32snd.exe
85135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotan.html" target="_blank">FORBOT-AN</a> WORM!
85136. Source=Paul Collins Startup list
85137.  
85138. [Win32 USB2 Driver]
85139. Number=12085
85140. Confirmed=X
85141. Filename=wind32.exe
85142. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotah.html" target="_blank">FORBOT-AH</a> WORM!
85143. Source=Paul Collins Startup list
85144.  
85145. [Win32 USB2 Driver]
85146. Number=12086
85147. Confirmed=X
85148. Filename=winupdate.exe
85149. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YE" target="_blank">AGOBOT.YE</a> WORM!
85150. Source=Paul Collins Startup list
85151.  
85152. [Win32 USB2 Driver]
85153. Number=12087
85154. Confirmed=X
85155. Filename=updatemgr.exe
85156. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
85157. Source=Paul Collins Startup list
85158.  
85159. [Win32 USB2 Driver]
85160. Number=12088
85161. Confirmed=X
85162. Filename=winsnd32.exe
85163. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
85164. Source=Paul Collins Startup list
85165.  
85166. [Win32 USB2 Driver]
85167. Number=12089
85168. Confirmed=X
85169. Filename=msn.exe
85170. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotex.html" target= blank>FORBOT-EX</a> WORM!
85171. Source=Paul Collins Startup list
85172.  
85173. [Win32 USB2 Driver]
85174. Number=12090
85175. Confirmed=X
85176. Filename=syscfg32.exe
85177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotr.html" target=_blank>FORBOT-R</a> WORM!
85178. Source=Paul Collins Startup list
85179.  
85180. [Win32 USB2.0 Driver]
85181. Number=12091
85182. Confirmed=X
85183. Filename=386.exe
85184. Description=Added by the <a href="http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html" target="_blank">IRCBOT.D</a> WORM!
85185. Source=Paul Collins Startup list
85186.  
85187. [Win32 USB2.0 Driver]
85188. Number=12092
85189. Confirmed=X
85190. Filename=rundll16.exe
85191. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.H" target="_blank">WOOTBOT.H</a> WORM!
85192. Source=Paul Collins Startup list
85193.  
85194. [Win32 USB2.0 Driver]
85195. Number=12093
85196. Confirmed=X
85197. Filename=w32usb2.exe
85198. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DN" target="_blank">SPYBOT.DN</a> WORM!
85199. Source=Paul Collins Startup list
85200.  
85201. [Win32 USB2.0 Driver]
85202. Number=12094
85203. Confirmed=X
85204. Filename=service.exe
85205. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html" target=_blank>SDBOT-QF</a> WORM!
85206.  
85207. Source=Paul Collins Startup list
85208.  
85209. [Win32 USB3 Driver]
85210. Number=12095
85211. Confirmed=X
85212. Filename=win32tool.exe
85213. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
85214. Source=Paul Collins Startup list
85215.  
85216. [Win32 Wmls Driver]
85217. Number=12096
85218. Confirmed=X
85219. Filename=winitr32.exe
85220. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.B" target="_blank">WOOTBOT.B</a> WORM!
85221. Source=Paul Collins Startup list
85222.  
85223. [Win32 Word Services]
85224. Number=12097
85225. Confirmed=X
85226. Filename=msword32.exe
85227. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
85228. Source=Paul Collins Startup list
85229.  
85230. [win32.exe]
85231. Number=12098
85232. Confirmed=X
85233. Filename=win32.exe
85234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpagh.html" target="_blank">STARTPAGE</a> TROJAN!
85235. Source=Paul Collins Startup list
85236.  
85237. [Win32.exe]
85238. Number=12099
85239. Confirmed=X
85240. Filename=Win32.exe
85241. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AWQ.A&VSect=T" target=_blank>AWQ.A</a> TROJAN!
85242. Source=Paul Collins Startup list
85243.  
85244. [Win32.Exploit.mzH]
85245. Number=12100
85246. Confirmed=X
85247. Filename=mzrun.exe
85248. Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=1866&item_name=Painter" target=_blank>PAINTER</a> TROJAN!
85249.  
85250. Source=Paul Collins Startup list
85251.  
85252. [Win32.Trojan.Downloader]
85253. Number=12101
85254. Confirmed=X
85255. Filename=netstat2.exe
85256. Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=1866&item_name=Painter" target=_blank>PAINTER</a> TROJAN!
85257.  
85258. Source=Paul Collins Startup list
85259.  
85260. [Win32BaseServiceMOD]
85261. Number=12102
85262. Confirmed=X
85263. Filename=Wintask.exe
85264. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2000-122109-2445-99" target="_blank">NAVIDAD</a> WORM!
85265. Source=Paul Collins Startup list
85266.  
85267. [win32beta]
85268. Number=12103
85269. Confirmed=X
85270. Filename=win32sys4.exe
85271. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerda.html" target=_blank>BANKER-DA</a> TROJAN!
85272. Source=Paul Collins Startup list
85273.  
85274. [win32clf]
85275. Number=12104
85276. Confirmed=X
85277. Filename=win32clf.exe
85278. Description=Added by an unidentified VIRUS, WORM or TROJAN!
85279. Source=Paul Collins Startup list
85280.  
85281. [win32debug]
85282. Number=12105
85283. Confirmed=X
85284. Filename=win32debug.exe
85285. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120112-4018-99" target=_blank>GUDEB</a> WORM!
85286. Source=Paul Collins Startup list
85287.  
85288. [Win32DLL]
85289. Number=12106
85290. Confirmed=X
85291. Filename=Win32DLL.vbs
85292. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER" target="_blank"> LOVELETTER</a> (I LOVE YOU) VIRUS!
85293. Source=Paul Collins Startup list
85294.  
85295. [Win32dll]
85296. Number=12107
85297. Confirmed=X
85298. Filename=Win32dll.exe
85299. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101416-4837-99" target="_blank">BANPAES</a> TROJAN!
85300. Source=Paul Collins Startup list
85301.  
85302. [WIN32DS]
85303. Number=12108
85304. Confirmed=X
85305. Filename=clienttimer.exe
85306. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
85307. Source=Paul Collins Startup list
85308.  
85309. [Win32G]
85310. Number=12109
85311. Confirmed=X
85312. Filename=Kernel32.com
85313. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
85314. Source=Paul Collins Startup list
85315.  
85316. [Win32G]
85317. Number=12110
85318. Confirmed=X
85319. Filename=Scandisk.com
85320. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
85321. Source=Paul Collins Startup list
85322.  
85323. [win32gb]
85324. Number=12111
85325. Confirmed=X
85326. Filename=win32gb.exe
85327. Description=All-In-One-Telcom (adult content dialler) variant
85328. Source=Paul Collins Startup list
85329.  
85330. [Win32Host Process]
85331. Number=12112
85332. Confirmed=X
85333. Filename=webemir.exe
85334. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojturgena.html" target=_blank>TURGEN -A</a> TROJAN!
85335. Source=Paul Collins Startup list
85336.  
85337. [win32info]
85338. Number=12113
85339. Confirmed=X
85340. Filename=win32info.exe
85341. Description=Adult content dialler
85342. Source=Paul Collins Startup list
85343.  
85344. [win32ini]
85345. Number=12114
85346. Confirmed=X
85347. Filename=systroy.exe
85348. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070208-5124-99" target="_blank">IRC.ALADINZ.C</a> TROJAN!
85349. Source=Paul Collins Startup list
85350.  
85351. [WIN32io]
85352. Number=12115
85353. Confirmed=X
85354. Filename=clienttimer.exe
85355. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
85356. Source=Paul Collins Startup list
85357.  
85358. [Win32R]
85359. Number=12116
85360. Confirmed=X
85361. Filename=Server.com
85362. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-061312-3737-99" target="_blank">ESTRELLA</a> TROJAN!
85363. Source=Paul Collins Startup list
85364.  
85365. [WIn32S Java DLL]
85366. Number=12117
85367. Confirmed=X
85368. Filename=kavsvx.exe
85369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotrz.html" target= blank>AGOBOT-RZ</a> WORM!
85370. Source=Paul Collins Startup list
85371.  
85372. [win32servv]
85373. Number=12118
85374. Confirmed=X
85375. Filename=load.exe
85376. Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> adware
85377. Source=Paul Collins Startup list
85378.  
85379. [win32servv]
85380. Number=12119
85381. Confirmed=X
85382. Filename=ms1.exe
85383. Description=<a href="http://vil.nai.com/vil/content/v_133320.htm" target="_blank">iSearch</a> adware
85384. Source=Paul Collins Startup list
85385.  
85386. [WIN32SL]
85387. Number=12120
85388. Confirmed=Y
85389. Filename=Win32sl.exe
85390. Description=Part of <a href="http://docs.us.dell.com/support/edocs/software/smcliins/cli60/en/ug/intro.htm" target="_blank">Dell OpenManage Client Instrumentation</a> - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work
85391. Source=Paul Collins Startup list
85392.  
85393. [WIN32SNDS]
85394. Number=12121
85395. Confirmed=X
85396. Filename=banc.exe
85397. Description=Added by an unidentified WORM or TROJAN!
85398. Source=Paul Collins Startup list
85399.  
85400. [Win32system]
85401. Number=12122
85402. Confirmed=X
85403. Filename=[random filename]
85404. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080820-0541-99" target="_blank">DDV.B</a> WORM!
85405. Source=Paul Collins Startup list
85406.  
85407. [Win32System]
85408. Number=12123
85409. Confirmed=X
85410. Filename=win32s.exe
85411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091021-0154-99" target="_blank">MYDOOM.V</a> WORM!
85412. Source=Paul Collins Startup list
85413.  
85414. [Win32SystemMonitor]
85415. Number=12124
85416. Confirmed=X
85417. Filename=***.exe [* = random char]
85418. Description=Browser hijacker
85419.  
85420. Source=Paul Collins Startup list
85421.  
85422. [Win32SysV]
85423. Number=12125
85424. Confirmed=X
85425. Filename=xin.exe
85426. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboteo.html" target= blank>FORBOT-EO</a> WORM!
85427. Source=Paul Collins Startup list
85428.  
85429. [win32us]
85430. Number=12126
85431. Confirmed=X
85432. Filename=win32us.exe
85433. Description=All-In-One-Telcom (adult content dialler) variant
85434. Source=Paul Collins Startup list
85435.  
85436. [win32usbd]
85437. Number=12127
85438. Confirmed=X
85439. Filename=ssrs.exe
85440. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotra.html" target=_blank>RBOT-RA</a> WORM!
85441. Source=Paul Collins Startup list
85442.  
85443. [WIN32WN]
85444. Number=12128
85445. Confirmed=X
85446. Filename=system_wc.exe
85447. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090719-0424-99" target=_blank>Eziin</a> adware
85448. Source=Paul Collins Startup list
85449.  
85450. [win32_i lptt01]
85451. Number=12129
85452. Confirmed=X
85453. Filename=win32_i.exe
85454. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
85455. Source=Paul Collins Startup list
85456.  
85457. [win32_i ml097e]
85458. Number=12130
85459. Confirmed=X
85460. Filename=win32_i.exe
85461. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "win32_i" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
85462. Source=Paul Collins Startup list
85463.  
85464. [Win386]
85465. Number=12131
85466. Confirmed=X
85467. Filename=Win386.exe
85468. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012920-0002-99" target="_blank">GOSUSUB</a> VIRUS!
85469. Source=Paul Collins Startup list
85470.  
85471. [Win386]
85472. Number=12132
85473. Confirmed=X
85474. Filename=sp32.dll
85475. Description=Homepage hijacker. Not a dll but a regfile in disguise
85476. Source=Paul Collins Startup list
85477.  
85478. [WIN3S2SNDS]
85479. Number=12133
85480. Confirmed=X
85481. Filename=winabsmod.exe
85482. Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
85483. Source=Paul Collins Startup list
85484.  
85485. [WIN3S2SNDS]
85486. Number=12134
85487. Confirmed=X
85488. Filename=winiprtx.exe
85489. Description=Added by the AGENT.DN TROJAN - known to <a href="http://www.nsclean.com/boclean.html" target="_blank">BOClean</a> as "CWS/INDEX", "shuts down anything that wants to open and is used as a spam proxy as well"
85490. Source=Paul Collins Startup list
85491.  
85492. [Win64 Compatibility Check]
85493. Number=12135
85494. Confirmed=X
85495. Filename=load win64.drv
85496. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
85497. Source=Paul Collins Startup list
85498.  
85499. [WIN95DEFVIEW]
85500. Number=12136
85501. Confirmed=X
85502. Filename=[path to file]
85503. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target=_blank>DEDLER-D</a> TROJAN!
85504. Source=Paul Collins Startup list
85505.  
85506. [WIN95DEFVIEW]
85507. Number=12137
85508. Confirmed=X
85509. Filename=csmss.exe
85510. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdedlerd.html" target= blank>DEDLER-D</a> TROJAN!
85511. Source=Paul Collins Startup list
85512.  
85513. [win98 DNS]
85514. Number=12138
85515. Confirmed=X
85516. Filename=wingrd.exe
85517. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
85518. Source=Paul Collins Startup list
85519.  
85520. [winabc]
85521. Number=12139
85522. Confirmed=X
85523. Filename=rundll32.exe [Temp]\[ORIGFILENAME].DLL, InstallLaunchEv
85524. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagepn.html" target=_blank>LINEAGE-PN</a> TROJAN!
85525. Source=Paul Collins Startup list
85526.  
85527. [WinAC v4]
85528. Number=12140
85529. Confirmed=X
85530. Filename=klsuicbn.exe
85531. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcs.html" target=_blank>FORBOT-CS</a> WORM!
85532. Source=Paul Collins Startup list
85533.  
85534. [Winacsr]
85535. Number=12141
85536. Confirmed=U
85537. Filename=Winacsr.exe
85538. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120217-1741-99" target= blank>AceScreenSpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
85539. Source=Paul Collins Startup list
85540.  
85541. [winactive]
85542. Number=12142
85543. Confirmed=X
85544. Filename=WINACTIVE.EXE
85545. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075330" target="_blank">WinActive</a> of the LOP.com hijacker
85546. Source=Paul Collins Startup list
85547.  
85548. [WinActiveJ]
85549. Number=12143
85550. Confirmed=X
85551. Filename=WinActiveJ.exe
85552. Description=Added by the ROTARRAN VIRUS!
85553. Source=Paul Collins Startup list
85554.  
85555. [Winad Client]
85556. Number=12144
85557. Confirmed=X
85558. Filename=Winad.exe
85559. Description=WinAd adware by eXact Advertising
85560. Source=Paul Collins Startup list
85561.  
85562. [WinAdCnt.exe]
85563. Number=12145
85564. Confirmed=X
85565. Filename=WinAdCnt.exe
85566. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbu.html" target= blank>BANKER-BU</a> TROJAN!
85567. Source=Paul Collins Startup list
85568.  
85569. [winadm]
85570. Number=12146
85571. Confirmed=X
85572. Filename=winadm.exe
85573. Description=Browser hijacker - redirecting to Search-World.net. Related to the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=68781" target="_blank">SMALL.AEX</a> TROJAN!
85574. Source=Paul Collins Startup list
85575.  
85576. [WinAgent]
85577. Number=12147
85578. Confirmed=?
85579. Filename=WinAgent.exe
85580. Description=Standard Life Insurance program. <font color="#FF0000">Is it required at startup?<font>
85581. Source=Paul Collins Startup list
85582.  
85583. [Winahlp.exe]
85584. Number=12148
85585. Confirmed=X
85586. Filename=Winahlp.exe
85587. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.12" target="_blank">VAGRNOCKER</a> TROJAN!
85588. Source=Paul Collins Startup list
85589.  
85590. [winallap]
85591. Number=12149
85592. Confirmed=X
85593. Filename=winallap.exe
85594. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-2646-99" target="_blank">DELF.E</a> TROJAN!
85595. Source=Paul Collins Startup list
85596.  
85597. [winallapu]
85598. Number=12150
85599. Confirmed=X
85600. Filename=winallapu.exe
85601. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-112614-2646-99" target="_blank">DELF.E</a> TROJAN!
85602. Source=Paul Collins Startup list
85603.  
85604. [Winamp]
85605. Number=12151
85606. Confirmed=X
85607. Filename=winamp.hta
85608. Description=Hijacker - re-directing to adult content sites. Note - this isn't the real Winamp
85609. Source=Paul Collins Startup list
85610.  
85611. [Winamp]
85612. Number=12152
85613. Confirmed=X
85614. Filename=winamp.exe
85615. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XI" target="_blank">AGOBOT.XI</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
85616. Source=Paul Collins Startup list
85617.  
85618. [WinAMP]
85619. Number=12153
85620. Confirmed=X
85621. Filename=winamp62.exe
85622. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwn.html" target= blank>SDBOT-WN</a> WORM!
85623. Source=Paul Collins Startup list
85624.  
85625. [Winamp]
85626. Number=12154
85627. Confirmed=N
85628. Filename=winamp.exe
85629. Description=<a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. Resides in a "Winamp" subdirectory of the Program Files directory
85630. Source=Paul Collins Startup list
85631.  
85632. [Winamp Agent]
85633. Number=12155
85634. Confirmed=X
85635. Filename=winamp.exe
85636. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid filename for the Winamp Agent is "winampa.exe" - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>
85637. Source=Paul Collins Startup list
85638.  
85639. [Winamp Media]
85640. Number=12156
85641. Confirmed=X
85642. Filename=qmedia.exe
85643. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdiazoma.html" target="_blank">DIAZMON-A</a> TROJAN!
85644. Source=Paul Collins Startup list
85645.  
85646. [Winamp media player]
85647. Number=12157
85648. Confirmed=X
85649. Filename=winapa.exe
85650. Description=Added by an unidentified VIRUS, WORM or TROJAN!
85651. Source=Paul Collins Startup list
85652.  
85653. [WinAmp Player]
85654. Number=12158
85655. Confirmed=X
85656. Filename=winampp.exe
85657. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaqi.html" target=_blank>RBOT-AQI</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
85658. Source=Paul Collins Startup list
85659.  
85660. [Winamp to Google Talk]
85661. Number=12159
85662. Confirmed=U
85663. Filename=winamptogoogletalk.exe
85664. Description=Winamp to Google Talk, available <a href="http://www.customizetalk.com/index.php?page=downloads" target="_blank">here</a> shows your current Winamp track in your <a href="http://www.google.com/talk/" target=_blank>Google Talk</a> status
85665. Source=Paul Collins Startup list
85666.  
85667. [Winamp Update]
85668. Number=12160
85669. Confirmed=X
85670. Filename=yhn.exe
85671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacr.html" target=_blank>SDBOT-ACR</a> WORM! 
85672. Source=Paul Collins Startup list
85673.  
85674. [Winampa]
85675. Number=12161
85676. Confirmed=U
85677. Filename=WINAMPa.exe
85678. Description=Loads the System Tray icon for the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
85679. Source=Paul Collins Startup list
85680.  
85681. [Winampa]
85682. Number=12162
85683. Confirmed=X
85684. Filename=winampa.exe
85685. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotgs.html" target="_blank">AGOBOT-GS</a> TROJAN! ! Note - this is NOT associated with the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid file for the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">Winamp Agent</a> resides in a "Winamp" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
85686. Source=Paul Collins Startup list
85687.  
85688. [Winampa Agent]
85689. Number=12163
85690. Confirmed=X
85691. Filename=WINAMPA.EXE
85692. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player. The valid filename for the Winamp Agent is "winampa.exe" - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>
85693. Source=Paul Collins Startup list
85694.  
85695. [WinampAgent]
85696. Number=12164
85697. Confirmed=U
85698. Filename=WINAMPa.exe
85699. Description=Loads the System Tray icon for the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player - see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winampa/" target="_blank">here</a>. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs. Resides in a "Winamp" subdirectory of the Program Files directory
85700. Source=Paul Collins Startup list
85701.  
85702. [WinAmpAgent]
85703. Number=12165
85704. Confirmed=X
85705. Filename=Msexploren.exe
85706. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
85707. Source=Paul Collins Startup list
85708.  
85709. [WinAmpAgent]
85710. Number=12166
85711. Confirmed=X
85712. Filename=Shch.exe
85713. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
85714. Source=Paul Collins Startup list
85715.  
85716. [WinAmpAgent]
85717. Number=12167
85718. Confirmed=X
85719. Filename=svchst.exe
85720. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
85721. Source=Paul Collins Startup list
85722.  
85723. [WinAmpAgent]
85724. Number=12168
85725. Confirmed=X
85726. Filename=Winagent.exe
85727. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdooreb.html" target=_blank>EB</a> TROJAN! Note - this is NOT the popular <a href="http://www.winamp.com/" target=_blank>Winamp</a> media player which has a different filename
85728. Source=Paul Collins Startup list
85729.  
85730. [WinAmpAgent]
85731. Number=12169
85732. Confirmed=X
85733. Filename=msnexploren.exe
85734. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
85735. Source=Paul Collins Startup list
85736.  
85737. [WinAmpAgent]
85738. Number=12170
85739. Confirmed=X
85740. Filename=sdhch.exe
85741. Description=Added by the <a href="http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42022" target="_blank">TACTSLAY.B</a> TROJAN!
85742. Source=Paul Collins Startup list
85743.  
85744. [WinAntiSpyware 2005]
85745. Number=12171
85746. Confirmed=N
85747. Filename=was5.exe
85748. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>here</a>
85749. Source=Paul Collins Startup list
85750.  
85751. [WinAntiVirus Pro 2007]
85752. Number=12172
85753. Confirmed=N
85754. Filename=WinAV.exe
85755. Description=WinAntiVirus Pro 2007 virus software - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
85756. Source=Paul Collins Startup list
85757.  
85758. [WinApi]
85759. Number=12173
85760. Confirmed=X
85761. Filename=winapix.exe
85762. Description=Added by a variant of the TIBSER.A downloader TROJAN!
85763. Source=Paul Collins Startup list
85764.  
85765. [WINAPLOGUPD]
85766. Number=12174
85767. Confirmed=X
85768. Filename=WINAPLOGUPD.EXE
85769. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32capsidec.html" target= blank>CAPSIDE-C</a> WORM!
85770. Source=Paul Collins Startup list
85771.  
85772. [Winapp]
85773. Number=12175
85774. Confirmed=X
85775. Filename=winpup32.exe
85776. Description=Produces popup ads to adult content sites
85777. Source=Paul Collins Startup list
85778.  
85779. [WinApp32]
85780. Number=12176
85781. Confirmed=X
85782. Filename=msapp.exe
85783. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032416-1326-99" target="_blank">RSBOT</a> TROJAN!
85784. Source=Paul Collins Startup list
85785.  
85786. [WinAppLog]
85787. Number=12177
85788. Confirmed=U
85789. Filename=svchost.exe
85790. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050419-3804-99" target=blank>StingKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
85791. Source=Paul Collins Startup list
85792.  
85793. [WinAuth]
85794. Number=12178
85795. Confirmed=X
85796. Filename=winlogon.exe
85797. Description=Hijacker, also indentified as the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STRTPAGE.BE" target=_blank>STRTPAGE.BE</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
85798. Source=Paul Collins Startup list
85799.  
85800. [WinAwk]
85801. Number=12179
85802. Confirmed=X
85803. Filename=WinAwk.exe
85804. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayf.html" target=_blank>SDBOT-AYF</a> WORM!
85805. Source=Paul Collins Startup list
85806.  
85807. [WinBackup Scheduler]
85808. Number=12180
85809. Confirmed=U
85810. Filename=Wbsched.exe
85811. Description=LIUtilities <a href="http://www.liutilities.com/products/winbackup/" target="_blank">WinBackup</a> scheduler - backup software
85812. Source=Paul Collins Startup list
85813.  
85814. [WinBar]
85815. Number=12181
85816. Confirmed=U
85817. Filename=WinBar.exe
85818. Description="<a href="http://www.winbar.nl/" target="_blank">WinBar</a> is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"
85819. Source=Paul Collins Startup list
85820.  
85821. [winbar.pif]
85822. Number=12182
85823. Confirmed=X
85824. Filename=packe.pif
85825. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotavi.html" target=_blank>RBOT-AVI</a> WORM!
85826. Source=Paul Collins Startup list
85827.  
85828. [winbas12]
85829. Number=12183
85830. Confirmed=X
85831. Filename=winbas12.exe
85832. Description=Adware, CoolWebSearch parasite related - recognized by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as TrojanDownloader.Win32.VB.du - Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
85833. Source=Paul Collins Startup list
85834.  
85835. [Winbed]
85836. Number=12184
85837. Confirmed=X
85838. Filename=winbed.exe
85839. Description=Hijacker
85840. Source=Paul Collins Startup list
85841.  
85842. [Winbin]
85843. Number=12185
85844. Confirmed=X
85845. Filename=swchost.exe
85846. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLS&VSect=P" target=_blank>RBOT.CLS</a> WORM!
85847. Source=Paul Collins Startup list
85848.  
85849. [winbin32]
85850. Number=12186
85851. Confirmed=X
85852. Filename=win32exe.exe
85853. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzl.html" target=_blank>RBOT-ZL</a> WORM!
85854. Source=Paul Collins Startup list
85855.  
85856. [winbot]
85857. Number=12187
85858. Confirmed=X
85859. Filename=winbot.exe
85860. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmidruga.html" target="_blank">MIDRUG-A</a> TROJAN!
85861. Source=Paul Collins Startup list
85862.  
85863. [WinCheck]
85864. Number=12188
85865. Confirmed=X
85866. Filename=WinCheck.exe
85867. Description=Added by the <a href="http://vil.nai.com/vil/content/v_98807.htm" target="_blank">PWS-CY</a> TROJAN!
85868. Source=Paul Collins Startup list
85869.  
85870. [WinCheck]
85871. Number=12189
85872. Confirmed=X
85873. Filename=services.exe
85874. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111512-2822-99" target=_blank>SOBER.S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
85875. Source=Paul Collins Startup list
85876.  
85877. [WinCheck]
85878. Number=12190
85879. Confirmed=X
85880. Filename=check.exe
85881. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delboty.html" target="_blank">DELBOT-Y</a> WORM!
85882. Source=Paul Collins Startup list
85883.  
85884. [winchost]
85885. Number=12191
85886. Confirmed=X
85887. Filename=winchost.exe
85888. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpo.html" target=_blank>DLOADER-PO</a> TROJAN!
85889. Source=Paul Collins Startup list
85890.  
85891. [WINCINEMAMGR]
85892. Number=12192
85893. Confirmed=N
85894. Filename=WINCIN~1.EXE
85895. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
85896. Source=Paul Collins Startup list
85897.  
85898. [WinCinemaMgr]
85899. Number=12193
85900. Confirmed=N
85901. Filename=WinCinemaMgr.exe
85902. Description=<a href="http://www.intervideo.com/jsp/WinCinema_Manager_Download.jsp" target=_blank>WinCinema_Manager</a> is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
85903. Source=Paul Collins Startup list
85904.  
85905. [winclean]
85906. Number=12194
85907. Confirmed=X
85908. Filename=winclean.exe
85909. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GXR" target="_blank">AGENT.GXR</a> TROJAN!
85910. Source=Paul Collins Startup list
85911.  
85912. [wincmap]
85913. Number=12195
85914. Confirmed=X
85915. Filename=wincmapp.exe
85916. Description=CasClient adware variant - also detected as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081011-2344-99" target=_blank>CMAPP</a> TROJAN!
85917. Source=Paul Collins Startup list
85918.  
85919. [wincms]
85920. Number=12196
85921. Confirmed=X
85922. Filename=wincms.exe
85923. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBR&VSect=P" target=_blank>RBOT.CBR</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
85924. Source=Paul Collins Startup list
85925.  
85926. [WinCRT32]
85927. Number=12197
85928. Confirmed=X
85929. Filename=wincrt32.exe
85930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32dogbotd.html" target=_blank>DOGBOT-D</a> WORM!
85931. Source=Paul Collins Startup list
85932.  
85933. [WinCSRSS]
85934. Number=12198
85935. Confirmed=X
85936. Filename=MSGRT32.EXE
85937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrewindoa.html" target=_blank>REWINDO-A</a> TROJAN!
85938.  
85939. Source=Paul Collins Startup list
85940.  
85941. [WINCX]
85942. Number=12199
85943. Confirmed=X
85944. Filename=wincore332.exe
85945. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmg.html" target=_blank>AGOBOT-MG</a> WORM!
85946. Source=Paul Collins Startup list
85947.  
85948. [Wind Logd File]
85949. Number=12200
85950. Confirmed=X
85951. Filename=servicelogd.exe
85952. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
85953. Source=Paul Collins Startup list
85954.  
85955. [Wind Security]
85956. Number=12201
85957. Confirmed=X
85958. Filename=mswi32.pif
85959. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarh.html" target=_blank>RBOT-ARH</a> WORM!
85960. Source=Paul Collins Startup list
85961.  
85962. [wind.exe]
85963. Number=12202
85964. Confirmed=X
85965. Filename=wind.exe
85966. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=51224" target="_blank">MITGLIEDER.BD</a> TROJAN!
85967. Source=Paul Collins Startup list
85968.  
85969. [WIND0WS]
85970. Number=12203
85971. Confirmed=X
85972. Filename=WIND0WS.exe
85973. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DQ" target="_blank">SPYBOT.DQ</a> WORM!
85974. Source=Paul Collins Startup list
85975.  
85976. [WIND0WS]
85977. Number=12204
85978. Confirmed=X
85979. Filename=mella.bat
85980. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030216-1808-99" target=_blank>ALLEM</a> WORM!
85981. Source=Paul Collins Startup list
85982.  
85983. [Wind0ws]
85984. Number=12205
85985. Confirmed=X
85986. Filename=wordpad.exe
85987. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottl.html" target=_blank>AGOBOT-TL</a> WORM! Note - this is not the legitimate Windows application wordpad.exe (which is found in the Program Files\Accessories folder) which should not normally be seen in Msconfig or as a Startup item. This file is loacted in the System (9x/Me) or System32 (NT/2K/XP) folder
85988. Source=Paul Collins Startup list
85989.  
85990. [Wind0ws Sharing]
85991. Number=12206
85992. Confirmed=X
85993. Filename=ssprotecter.exe
85994. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahw.html" target=_blank>RBOT-AHW</a> WORM!
85995. Source=Paul Collins Startup list
85996.  
85997. [WinData]
85998. Number=12207
85999. Confirmed=X
86000. Filename=services.exe
86001. Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_sober_aa.shtml" target="_blank">SOBER.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
86002. Source=Paul Collins Startup list
86003.  
86004. [WinDates]
86005. Number=12208
86006. Confirmed=N
86007. Filename=windates.exe
86008. Description=WinDates is a calendar, date organizer and event reminder program from Rockin' Software
86009. Source=Paul Collins Startup list
86010.  
86011. [windbs]
86012. Number=12209
86013. Confirmed=X
86014. Filename=winxtc.exe
86015. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwd.html" target="_blank">AGOBOT-WD</a> WORM!
86016. Source=Paul Collins Startup list
86017.  
86018. [Winde]
86019. Number=12210
86020. Confirmed=X
86021. Filename=winde.exe
86022. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081913-4208-99" target="_blank"> DLUCA</a> TROJAN!
86023. Source=Paul Collins Startup list
86024.  
86025. [windef]
86026. Number=12211
86027. Confirmed=X
86028. Filename=Win32sp.vbs
86029. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
86030. Source=Paul Collins Startup list
86031.  
86032. [windef]
86033. Number=12212
86034. Confirmed=X
86035. Filename=windef.exe
86036. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32wurmarko.html" target=_blank>WURMARK-O</a> WORM!
86037. Source=Paul Collins Startup list
86038.  
86039. [Windeows NetStart Service2]
86040. Number=12213
86041. Confirmed=X
86042. Filename=tesakrmger.exe
86043. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamy.html" target=_blank>RBOT-AMY</a> WORM!
86044. Source=Paul Collins Startup list
86045.  
86046. [windhost.exe]
86047. Number=12214
86048. Confirmed=X
86049. Filename=osrwin32.exe
86050. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercb.html" target=_blank>BANKER-CB</a> TROJAN!
86051. Source=Paul Collins Startup list
86052.  
86053. [windhost.exe]
86054. Number=12215
86055. Confirmed=X
86056. Filename=windhost.exe
86057. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerbv.html" target= blank>BANKER-BV</a> TROJAN!
86058. Source=Paul Collins Startup list
86059.  
86060. [windhost.exe]
86061. Number=12216
86062. Confirmed=X
86063. Filename=winos.exe
86064. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsagenta.html" target= blank>PWSAGENT-A</a> WORM!
86065. Source=Paul Collins Startup list
86066.  
86067. [windir]
86068. Number=12217
86069. Confirmed=X
86070. Filename=winrun.exe
86071. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
86072. Source=Paul Collins Startup list
86073.  
86074. [Windll]
86075. Number=12218
86076. Confirmed=X
86077. Filename=Windll.exe
86078. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041516-4618-99" target="_blank">TRYNOMA</a> TROJAN!
86079. Source=Paul Collins Startup list
86080.  
86081. [WINDLL]
86082. Number=12219
86083. Confirmed=U
86084. Filename=WSYS.EXE
86085. Description=STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more"
86086. Source=Paul Collins Startup list
86087.  
86088. [windll]
86089. Number=12220
86090. Confirmed=X
86091. Filename=windll32.exe
86092. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
86093. Source=Paul Collins Startup list
86094.  
86095. [WinDLL (csmss.exe)]
86096. Number=12221
86097. Confirmed=X
86098. Filename=rundll32.exe [path] CSMSS.EXE
86099. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AKBOT.U" target="_blank">AKBOT.U</a> WORM!
86100. Source=Paul Collins Startup list
86101.  
86102. [WinDLL (wchshield.exe)]
86103. Number=12222
86104. Confirmed=X
86105. Filename=wchshield.exe
86106. Description=Added by the <a href="http://fileinfo.prevx.com/adware/qqaa2421734146-WCHS16764604/WCHSHIELD.EXE.html" target="_blank">IRCBOT GEN</a> WORM!
86107. Source=Paul Collins Startup list
86108.  
86109. [Windll.exe]
86110. Number=12223
86111. Confirmed=X
86112. Filename=Windll.exe
86113. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-070415-5712-99" target="_blank">STEALER</a> TROJAN!
86114. Source=Paul Collins Startup list
86115.  
86116. [Windll32]
86117. Number=12224
86118. Confirmed=X
86119. Filename=Windll32.exe
86120. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-040119-1148-99" target="_blank">MSNPWS</a> TROJAN!
86121. Source=Paul Collins Startup list
86122.  
86123. [WinDll32]
86124. Number=12225
86125. Confirmed=X
86126. Filename=_WIN32.EXE
86127. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T" target=_blank>LEGMIR.AQ</a> TROJAN!
86128. Source=Paul Collins Startup list
86129.  
86130. [windllsys32.exe]
86131. Number=12226
86132. Confirmed=X
86133. Filename=windllsys32.exe
86134. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmitgliea.html" target="_blank">MITGLIE-A</a> TROJAN!
86135. Source=Paul Collins Startup list
86136.  
86137. [WinDNS]
86138. Number=12227
86139. Confirmed=X
86140. Filename=windns32.exe
86141. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040611-4552-99" target="_blank">GAOBOT.WX</a> WORM!
86142. Source=Paul Collins Startup list
86143.  
86144. [Windoes Kernel]
86145. Number=12228
86146. Confirmed=X
86147. Filename=kernel32.exe
86148. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050515-4202-99" target="_blank"> KICKIN.A</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CYDOG.C" target="_blank">CYDOG.C</a>) WORM!
86149. Source=Paul Collins Startup list
86150.  
86151. [Window]
86152. Number=12229
86153. Confirmed=X
86154. Filename=explore.exe
86155. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042314-0614-99" target="_blank">GAOBOT.ADW</a> WORM!
86156. Source=Paul Collins Startup list
86157.  
86158. [Window Loader]
86159. Number=12230
86160. Confirmed=X
86161. Filename=Dos32.exe
86162. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
86163. Source=Paul Collins Startup list
86164.  
86165. [Window Monitor]
86166. Number=12231
86167. Confirmed=X
86168. Filename=winmon32.exe
86169. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RT&VSect=T" target="_blank">SDBOT.RT</a> WORM!
86170. Source=Paul Collins Startup list
86171.  
86172. [Window service]
86173. Number=12232
86174. Confirmed=X
86175. Filename=[random filename]
86176. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotach.html" target= blank>RBOT-ACH</a> WORM!
86177. Source=Paul Collins Startup list
86178.  
86179. [Window Washer]
86180. Number=12233
86181. Confirmed=U
86182. Filename=wwDisp.exe
86183. Description=<a href="http://www.webroot.com/consumer/products/windowwasher/" target="_blank">Window Washer</a> from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
86184. Source=Paul Collins Startup list
86185.  
86186. [window.exe]
86187. Number=12234
86188. Confirmed=X
86189. Filename=window.exe
86190. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040712-3540-99" target="_blank">MITGLIEDER.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042419-5932-99" target="_blank">MITGLIEDER.J</a> TROJANS!
86191. Source=Paul Collins Startup list
86192.  
86193. [window2]
86194. Number=12235
86195. Confirmed=X
86196. Filename=ssvchost.exe
86197. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090815-5443-99" target="_blank">IRCBOT.H</a> TROJAN!
86198. Source=Paul Collins Startup list
86199.  
86200. [WindowBlinds]
86201. Number=12236
86202. Confirmed=U
86203. Filename=wbload.exe
86204. Description=<a href="http://www.windowblinds.net/" target="_blank">WindowBlinds</a> from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins
86205. Source=Paul Collins Startup list
86206.  
86207. [WindowEnhancer]
86208. Number=12237
86209. Confirmed=X
86210. Filename=Winex.exe
86211. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453079937" target="_blank">SCBar</a> foistware variant
86212.  
86213. Source=Paul Collins Startup list
86214.  
86215. [Windowfdgfds DasdLL Verifiew]
86216. Number=12238
86217. Confirmed=X
86218. Filename=[path to worm]
86219. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotggx.html" target="_blank">RBOT-GGX</a> WORM!
86220. Source=Paul Collins Startup list
86221.  
86222. [Windowfdgfds DLL fgfdg Verifier]
86223. Number=12239
86224. Confirmed=X
86225. Filename=winsecure.exe
86226. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSP" target="_blank">RBOT.CSP</a> WORM!
86227. Source=Paul Collins Startup list
86228.  
86229. [Windowfdgfds DLL fgfdg Verifier]
86230. Number=12240
86231. Confirmed=X
86232. Filename=winsecure.exe
86233. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CSP" target="_blank">RBOT.CSP</a> WORM!
86234. Source=Paul Collins Startup list
86235.  
86236. [WindowFX]
86237. Number=12241
86238. Confirmed=U
86239. Filename=wfxload.exe
86240. Description=Stardock <a href="http://www.stardock.com/products/windowfx/" target="_blank"> WindowFX</a> - "Allows you to add an unprecedented number of special effects to windows"
86241. Source=Paul Collins Startup list
86242.  
86243. [windown]
86244. Number=12242
86245. Confirmed=X
86246. Filename=wiusyt.exe
86247. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassm.html" target=_blank>QQPASS-M</a> TROJAN!
86248. Source=Paul Collins Startup list
86249.  
86250. [WindowRegKey update]
86251. Number=12243
86252. Confirmed=X
86253. Filename=wins.exe
86254. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SPYBOT.I&VSect=P" target=_blank>SPYBOT.I</a> WORM!
86255. Source=Paul Collins Startup list
86256.  
86257. [Windows]
86258. Number=12244
86259. Confirmed=X
86260. Filename=Kernel32.exe
86261. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A" target="_blank">TENDOOLF.A</a> WORM!
86262. Source=Paul Collins Startup list
86263.  
86264. [Windows]
86265. Number=12245
86266. Confirmed=X
86267. Filename=msdos98.exe
86268. Description=Added by the PWSTEAL TROJAN!
86269. Source=Paul Collins Startup list
86270.  
86271. [Windows]
86272. Number=12246
86273. Confirmed=X
86274. Filename=Windows.exe
86275. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KAZMOR.A" target="_blank">KAZMOR.A</a>, <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082612-3051-99" target="_blank">BOBBINS</a> & <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091619-3832-99" target="_blank"> ALADINZ.D</a> TROJANS!
86276. Source=Paul Collins Startup list
86277.  
86278. [Windows]
86279. Number=12247
86280. Confirmed=X
86281. Filename=explorer.exe
86282. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target="_blank">POEBOT-J</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
86283. Source=Paul Collins Startup list
86284.  
86285. [windows]
86286. Number=12248
86287. Confirmed=X
86288. Filename=[path to trojan]
86289. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-1817-99" target="_blank">AIMWIN</a> TROJAN!
86290. Source=Paul Collins Startup list
86291.  
86292. [windows]
86293. Number=12249
86294. Confirmed=X
86295. Filename=hkey.exe
86296. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-043012-0405-99" target="_blank">GAOBOT.AFW</a> WORM!
86297. Source=Paul Collins Startup list
86298.  
86299. [windows]
86300. Number=12250
86301. Confirmed=X
86302. Filename=system copy.exe
86303. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-113010-0605-99" target=_blank>SALGA.A</a> WORM!
86304. Source=Paul Collins Startup list
86305.  
86306. [Windows]
86307. Number=12251
86308. Confirmed=X
86309. Filename=gearsec.exe
86310. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbotb.html" target= blank>STUBBOT-B</a> TROJAN!
86311. Source=Paul Collins Startup list
86312.  
86313. [Windows]
86314. Number=12252
86315. Confirmed=X
86316. Filename=run.exe
86317. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042917-1039-99" target= blank>SPYBOT.OFN</a> WORM!
86318. Source=Paul Collins Startup list
86319.  
86320. [Windows]
86321. Number=12253
86322. Confirmed=X
86323. Filename=system.exe
86324. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042211-4441-99" target= blank>SPYBOT.OBB</a> WORM!
86325. Source=Paul Collins Startup list
86326.  
86327. [WINDOWS]
86328. Number=12254
86329. Confirmed=X
86330. Filename=\windows.exe
86331. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmonbota.html" target=_blank>MONBOT-A</a> TROJAN!
86332. Source=Paul Collins Startup list
86333.  
86334. [Windows]
86335. Number=12255
86336. Confirmed=X
86337. Filename=services.exe
86338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberz.html" target=_blank>SOBER-Z</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! ! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
86339. Source=Paul Collins Startup list
86340.  
86341. [WINDOWS]
86342. Number=12256
86343. Confirmed=X
86344. Filename=jif.exe
86345. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120212-0055-99" target=_blank>MYTOB.MK</a> WORM!
86346. Source=Paul Collins Startup list
86347.  
86348. [windows]
86349. Number=12257
86350. Confirmed=X
86351. Filename=iexplore.exe
86352. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotum.html" target=_blank>RBOT-UM</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
86353. Source=Paul Collins Startup list
86354.  
86355. [Windows]
86356. Number=12258
86357. Confirmed=X
86358. Filename=services.exe
86359. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrgw.html" target=_blank>DLOADR-GW</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Windows" subfolder
86360. Source=Paul Collins Startup list
86361.  
86362. [Windows]
86363. Number=12259
86364. Confirmed=X
86365. Filename=smss.exe
86366. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanof.html" target=_blank>BANCBAN-QF</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
86367. Source=Paul Collins Startup list
86368.  
86369. [windows]
86370. Number=12260
86371. Confirmed=X
86372. Filename=svchost.exe
86373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32slomirca.html" target=_blank>SLOMIRC-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
86374. Source=Paul Collins Startup list
86375.  
86376. [WINDOWS]
86377. Number=12261
86378. Confirmed=X
86379. Filename=ymssgr.exe
86380. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbckdrps.html" target="_blank">PS</a> TROJAN! Note - deactivates the MicrosoftInternet Connection Firewall (ICF)
86381. Source=Paul Collins Startup list
86382.  
86383. [Windows]
86384. Number=12262
86385. Confirmed=X
86386. Filename=taskmngr.exe
86387. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
86388. Source=Paul Collins Startup list
86389.  
86390. [Windows (ICS) Spooler]
86391. Number=12263
86392. Confirmed=X
86393. Filename=crtss.exe
86394. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
86395. Source=Paul Collins Startup list
86396.  
86397. [Windows (random character)]
86398. Number=12264
86399. Confirmed=X
86400. Filename=diskcheck.exe
86401. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102815-4051-99" target=_blank>SINGU.B</a> TROJAN!
86402.  
86403. Source=Paul Collins Startup list
86404.  
86405. [Windows .Net Manager]
86406. Number=12265
86407. Confirmed=X
86408. Filename=localsvc.exe
86409. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86410. Source=Paul Collins Startup list
86411.  
86412. [Windows .Net Manager]
86413. Number=12266
86414. Confirmed=X
86415. Filename=netsvc.exe
86416. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86417. Source=Paul Collins Startup list
86418.  
86419. [Windows .Net Manager]
86420. Number=12267
86421. Confirmed=X
86422. Filename=spoolsvc.exe
86423. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86424. Source=Paul Collins Startup list
86425.  
86426. [Windows .Net Manager]
86427. Number=12268
86428. Confirmed=X
86429. Filename=svcadmin.exe
86430. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86431. Source=Paul Collins Startup list
86432.  
86433. [Windows .Net Manager]
86434. Number=12269
86435. Confirmed=X
86436. Filename=svcman.exe
86437. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86438. Source=Paul Collins Startup list
86439.  
86440. [Windows .Net Manager]
86441. Number=12270
86442. Confirmed=X
86443. Filename=svcrun.exe
86444. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86445. Source=Paul Collins Startup list
86446.  
86447. [Windows .Net Manager]
86448. Number=12271
86449. Confirmed=X
86450. Filename=tcpsvc.exe
86451. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86452. Source=Paul Collins Startup list
86453.  
86454. [Windows .Net Manager]
86455. Number=12272
86456. Confirmed=X
86457. Filename=websvc.exe
86458. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
86459. Source=Paul Collins Startup list
86460.  
86461. [Windows 128 Module]
86462. Number=12273
86463. Confirmed=X
86464. Filename=win128.exe
86465. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotes.html" target= blank>FORBOT-ES</a> WORM!
86466. Source=Paul Collins Startup list
86467.  
86468. [Windows 2004]
86469. Number=12274
86470. Confirmed=X
86471. Filename=csrss.exe
86472. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdy.html" target=_blank>BANKER-DY</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\Windows 2004\Tools" folder
86473. Source=Paul Collins Startup list
86474.  
86475. [Windows 32 Editor]
86476. Number=12275
86477. Confirmed=X
86478. Filename=Win32edit.exe
86479. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GQ&VSect=P" target=_blank>WOOTBOT.GQ</a> WORM!
86480. Source=Paul Collins Startup list
86481.  
86482. [Windows 32 Rescue]
86483. Number=12276
86484. Confirmed=X
86485. Filename=win32resc.exe
86486. Description=Added by the <ahref="http://www.sophos.com/virusinfo/analyses/w32forboteu.html" target=_blank>FORBOT-EU</a> WORM!
86487. Source=Paul Collins Startup list
86488.  
86489. [Windows 32 Update]
86490. Number=12277
86491. Confirmed=X
86492. Filename=Windows-Update.exe
86493. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86494. Source=Paul Collins Startup list
86495.  
86496. [Windows Accelerators]
86497. Number=12278
86498. Confirmed=U
86499. Filename=setup.exe
86500. Description=<a href="http://www.keyspy.net/" target=blank>KeySpy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
86501.  
86502. Source=Paul Collins Startup list
86503.  
86504. [Windows AdControl]
86505. Number=12279
86506. Confirmed=X
86507. Filename=WinAdCtl.exe
86508. Description=Windupdates adware variant
86509. Source=Paul Collins Startup list
86510.  
86511. [Windows AdService]
86512. Number=12280
86513. Confirmed=X
86514. Filename=WinAdServ.exe
86515. Description=Windupdates adware variant
86516. Source=Paul Collins Startup list
86517.  
86518. [Windows AdStatus]
86519. Number=12281
86520. Confirmed=X
86521. Filename=WinStat.exe
86522. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072811-5002-99" target=_blank>BLESHARE!DR</a> VIRUS!
86523. Source=Paul Collins Startup list
86524.  
86525. [Windows AdTools]
86526. Number=12282
86527. Confirmed=X
86528. Filename=WinAdTools.exe
86529. Description=Windupdates adware variant
86530. Source=Paul Collins Startup list
86531.  
86532. [Windows Anti Verifier]
86533. Number=12283
86534. Confirmed=X
86535. Filename=Windows-Anti.exe
86536. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=52655" target="_blank">RBOT.ETT</a> WORM!
86537. Source=Paul Collins Startup list
86538.  
86539. [Windows Anti-Virus Built 32]
86540. Number=12284
86541. Confirmed=X
86542. Filename=AntiVirus32.exe
86543. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html" target=_blank>SDBOT-BG</a> WORM!
86544. Source=Paul Collins Startup list
86545.  
86546. [Windows APCI Verifier]
86547. Number=12285
86548. Confirmed=X
86549. Filename=dhcpserv.exe
86550. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfon.html" target="_blank">RBOT-FON</a> WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
86551. Source=Paul Collins Startup list
86552.  
86553. [Windows API Control Task]
86554. Number=12286
86555. Confirmed=X
86556. Filename=apitsk32.exe
86557. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071123-0807-99" target=_blank>MYTOB.HI</a> WORM!
86558. Source=Paul Collins Startup list
86559.  
86560. [Windows Application Layer]
86561. Number=12287
86562. Confirmed=X
86563. Filename=walg32.exe
86564. Description=Added by the <a href="http://ae.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_AGOBOT.ATN" target=_blank>AGOBOT.ATN</a> WORM!
86565. Source=Paul Collins Startup list
86566.  
86567. [Windows Application Layer Gateway]
86568. Number=12288
86569. Confirmed=X
86570. Filename=walg32.exe
86571. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotaaz.html" target=_blank>AGOBOT-AAZ</a> WORM!
86572. Source=Paul Collins Startup list
86573.  
86574. [Windows ASN Service]
86575. Number=12289
86576. Confirmed=X
86577. Filename=rge.exe
86578. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaok.html" target=_blank>RBOT-AOK</a> WORM!
86579. Source=Paul Collins Startup list
86580.  
86581. [Windows ASN Service]
86582. Number=12290
86583. Confirmed=X
86584. Filename=[random filename]
86585. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottc.html" target="_blank">AGOBOT-TC</a> WORM!
86586. Source=Paul Collins Startup list
86587.  
86588. [Windows Authority Service]
86589. Number=12291
86590. Confirmed=X
86591. Filename=lsass.exe
86592. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalele.html" target=_blank>KALEL-E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which should not normally figure in Msconfig/Startup!
86593. Source=Paul Collins Startup list
86594.  
86595. [windows auto update]
86596. Number=12292
86597. Confirmed=X
86598. Filename=penis32.exe
86599. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081113-0229-99" target="_blank">BLASTER</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A" target="_blank">MSBLAST.A</a>) WORM!
86600. Source=Paul Collins Startup list
86601.  
86602. [Windows Auto Update]
86603. Number=12293
86604. Confirmed=X
86605. Filename=winupdater.exe
86606. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.TF" target=_blank>SDBOT.TF</a> WORM!
86607. Source=Paul Collins Startup list
86608.  
86609. [Windows auto update]
86610. Number=12294
86611. Confirmed=X
86612. Filename=bazzi.exe
86613. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.E&VSect=T" target=_blank>AHKER.E</a> WORM!
86614. Source=Paul Collins Startup list
86615.  
86616. [Windows auto update]
86617. Number=12295
86618. Confirmed=X
86619. Filename=LSASS.exe
86620. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042116-5517-99" target=_blank>AHKER.G</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
86621. Source=Paul Collins Startup list
86622.  
86623. [windows auto update ]
86624. Number=12296
86625. Confirmed=X
86626. Filename=msblast.exe
86627. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081315-0500-99" target="_blank">BLASTER.B</a> WORM!
86628. Source=Paul Collins Startup list
86629.  
86630. [Windows Automatic Update]
86631. Number=12297
86632. Confirmed=X
86633. Filename=wuamgrder.exe
86634. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86635. Source=Paul Collins Startup list
86636.  
86637. [Windows Automatic Updater]
86638. Number=12298
86639. Confirmed=X
86640. Filename=windrg.exe
86641. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
86642. Source=Paul Collins Startup list
86643.  
86644. [Windows Automatic Updates]
86645. Number=12299
86646. Confirmed=X
86647. Filename=dvldr.exe
86648. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF" target=_blank>RBOT.MF</a> WORM!
86649.  
86650. Source=Paul Collins Startup list
86651.  
86652. [Windows Automatical Updater]
86653. Number=12300
86654. Confirmed=X
86655. Filename=dcz.exe
86656. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXS" target=_blank>RBOT.CXS</a> WORM!
86657.  
86658. Source=Paul Collins Startup list
86659.  
86660. [Windows AutomaticUpdater]
86661. Number=12301
86662. Confirmed=X
86663. Filename=runddls.exe
86664. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86665. Source=Paul Collins Startup list
86666.  
86667. [windows automation]
86668. Number=12302
86669. Confirmed=X
86670. Filename=mslaugh.exe
86671. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082820-1535-99" target="_blank">BLASTER.E</a> WORM!
86672. Source=Paul Collins Startup list
86673.  
86674. [Windows Automation]
86675. Number=12303
86676. Confirmed=X
86677. Filename=msdspr.exe
86678. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040516-4513-99" target="_blank">SOLAME.A</a> WORM!
86679. Source=Paul Collins Startup list
86680.  
86681. [Windows Autostart Loader]
86682. Number=12304
86683. Confirmed=X
86684. Filename=notepad32.exe
86685. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86686. Source=Paul Collins Startup list
86687.  
86688. [Windows backup]
86689. Number=12305
86690. Confirmed=X
86691. Filename=systemss.exe
86692. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
86693. Source=Paul Collins Startup list
86694.  
86695. [Windows Backup Configuration]
86696. Number=12306
86697. Confirmed=X
86698. Filename=IEXPLORER.exe
86699. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101607-0006-99" target="_blank">GAOBOT.AZ</a> WORM!
86700. Source=Paul Collins Startup list
86701.  
86702. [Windows Ba■lang²τ Dosyas²]
86703. Number=12307
86704. Confirmed=X
86705. Filename=sistem.exe
86706. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-090418-2313-99" target="_blank">MUZK</a> WORM!
86707. Source=Paul Collins Startup list
86708.  
86709. [Windows Bootup]
86710. Number=12308
86711. Confirmed=X
86712. Filename=ms-wks32.exe
86713. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafm.html" target=_blank>RBOT-AFM</a> WORM!
86714. Source=Paul Collins Startup list
86715.  
86716. [Windows Bootup]
86717. Number=12309
86718. Confirmed=X
86719. Filename=Systemwks32.exe
86720. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86721. Source=Paul Collins Startup list
86722.  
86723. [Windows Bootup]
86724. Number=12310
86725. Confirmed=X
86726. Filename=task-mngr.exe
86727. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawp.html" target=_blank>RBOT-AWP</a> WORM!
86728. Source=Paul Collins Startup list
86729.  
86730. [Windows Clean-Up Pro]
86731. Number=12311
86732. Confirmed=N
86733. Filename=WINDOWS CLEAN-UP PRO.Exe
86734. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target=_blank>note</a>
86735.  
86736. Source=Paul Collins Startup list
86737.  
86738. [Windows Client Service 32]
86739. Number=12312
86740. Confirmed=X
86741. Filename=csrss.exe
86742. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalb.html" target=_blank>RBOT-ALB</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a drivers\winsdriver subfolder
86743. Source=Paul Collins Startup list
86744.  
86745. [Windows Client/Server Runtime Server]
86746. Number=12313
86747. Confirmed=X
86748. Filename=csrs.exe
86749. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KD" target=_blank>RBOT.KD</a> WORM!
86750. Source=Paul Collins Startup list
86751.  
86752. [Windows Command]
86753. Number=12314
86754. Confirmed=X
86755. Filename=wincmd.exe
86756. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ANV&VSect=P" target=_blank>RBOT.ANV</a> WORM!
86757. Source=Paul Collins Startup list
86758.  
86759. [Windows Communicator]
86760. Number=12315
86761. Confirmed=X
86762. Filename=wincomm.exe
86763. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbh.html" target=_blank>AGOBOT-BH</a> WORM!
86764.  
86765. Source=Paul Collins Startup list
86766.  
86767. [Windows Communicator for NT/XP]
86768. Number=12316
86769. Confirmed=X
86770. Filename=osndyrn.exe
86771. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcpk.html" target="_blank">SDBOT-CPK</a> WORM! Note - can terminate AV related processes
86772. Source=Paul Collins Startup list
86773.  
86774. [Windows Compliant]
86775. Number=12317
86776. Confirmed=X
86777. Filename=[random filename]
86778. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotir.html" target="_blank">RBOT-IR</a> WORM!
86779. Source=Paul Collins Startup list
86780.  
86781. [Windows Config]
86782. Number=12318
86783. Confirmed=X
86784. Filename=SSYS.EXE
86785. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotda.html" target="_blank">SPYBOT-DA</a> WORM!
86786. Source=Paul Collins Startup list
86787.  
86788. [Windows Config]
86789. Number=12319
86790. Confirmed=X
86791. Filename=wins.exe
86792. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JR&VSect=P" target=_blank>SPYBOT.JR</a> WORM!
86793. Source=Paul Collins Startup list
86794.  
86795. [Windows Config]
86796. Number=12320
86797. Confirmed=X
86798. Filename=RUNDLL.EXE
86799. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdx.html" target=_blank>SPYBOT-DX</a> WORM! Note - this is not the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
86800. Source=Paul Collins Startup list
86801.  
86802. [Windows Config Connection]
86803. Number=12321
86804. Confirmed=X
86805. Filename=msicll.exe
86806. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotexq.html" target="_blank">RBOT-EXQ</a> WORM!
86807. Source=Paul Collins Startup list
86808.  
86809. [Windows Config Loader]
86810. Number=12322
86811. Confirmed=X
86812. Filename=Wincfg32.exe
86813. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021414-3207-99" target="_blank">SILVERFTP</a> TROJAN!
86814. Source=Paul Collins Startup list
86815.  
86816. [Windows Config Manager]
86817. Number=12323
86818. Confirmed=X
86819. Filename=winconf.exe
86820. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotait.html" target="_blank">RBOT-AIT</a> WORM!
86821. Source=Paul Collins Startup list
86822.  
86823. [Windows Config System]
86824. Number=12324
86825. Confirmed=X
86826. Filename=config.exe
86827. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
86828. Source=Paul Collins Startup list
86829.  
86830. [Windows Configuration]
86831. Number=12325
86832. Confirmed=X
86833. Filename=wsys32.exe
86834. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010415-3959-99" target="_blank">GAOBOT.FB</a> WORM!
86835. Source=Paul Collins Startup list
86836.  
86837. [Windows Configuration]
86838. Number=12326
86839. Confirmed=X
86840. Filename=wincfg32.exe
86841. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061117-4603-99" target=_blank>MYTOB.ED</a> WORM!
86842. Source=Paul Collins Startup list
86843.  
86844. [Windows Configuration Loader]
86845. Number=12327
86846. Confirmed=X
86847. Filename=asclt.exe
86848. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotoa.html" target="_blank">SDBOT-OA</a> WORM!
86849. Source=Paul Collins Startup list
86850.  
86851. [Windows connection manager]
86852. Number=12328
86853. Confirmed=X
86854. Filename=Internet.exe
86855. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapn.html" target=_blank>RBOT-APN</a> WORM! Note - file is found in the Windows or Winnt folder. Make sure you check the link on this one, it copies it's self under three other file names and folder locations
86856. Source=Paul Collins Startup list
86857.  
86858. [Windows Console Monitor]
86859. Number=12329
86860. Confirmed=X
86861. Filename=[path to worm]
86862. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042413-5517-99" target= blank>KEDEBE</a> WORM!
86863. Source=Paul Collins Startup list
86864.  
86865. [Windows Console Monitor]
86866. Number=12330
86867. Confirmed=X
86868. Filename=gcasAV32.exe
86869. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kedebea.html" target= blank>KEDEBE-A</a> WORM!
86870. Source=Paul Collins Startup list
86871.  
86872. [Windows Control]
86873. Number=12331
86874. Confirmed=X
86875. Filename=Control.exe
86876. Description=Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs!
86877. Source=Paul Collins Startup list
86878.  
86879. [Windows ControlAd]
86880. Number=12332
86881. Confirmed=X
86882. Filename=WinCtlAd.exe
86883. Description=Windupdates adware variant
86884. Source=Paul Collins Startup list
86885.  
86886. [Windows Core Kernel Update]
86887. Number=12333
86888. Confirmed=X
86889. Filename=win32bootcfg.exe
86890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckel.html" target="_blank">RANCK-EL</a> TROJAN!
86891. Source=Paul Collins Startup list
86892.  
86893. [Windows CPU host]
86894. Number=12334
86895. Confirmed=X
86896. Filename=winbog32.exe
86897. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86898. Source=Paul Collins Startup list
86899.  
86900. [Windows Critical Alert]
86901. Number=12335
86902. Confirmed=X
86903. Filename=wincrt.exe
86904. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojaledoa.html" target="_blank">ALEDO-A</a> TROJAN!
86905. Source=Paul Collins Startup list
86906.  
86907. [Windows Custom Services]
86908. Number=12336
86909. Confirmed=X
86910. Filename=CSRCS.EXE
86911. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotei.html" target=_blank>SPYBOT-EI</a> WORM!
86912. Source=Paul Collins Startup list
86913.  
86914. [Windows Data Server]
86915. Number=12337
86916. Confirmed=X
86917. Filename=autodisc.exe
86918. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcb.html" target=_blank>SPYBOT-CB</a> WORM!
86919.  
86920. Source=Paul Collins Startup list
86921.  
86922. [Windows Data Server]
86923. Number=12338
86924. Confirmed=X
86925. Filename=[random name].exe
86926. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotds.html" target=_blank>SPYBOT-DS</a> WORM!
86927. Source=Paul Collins Startup list
86928.  
86929. [Windows Database]
86930. Number=12339
86931. Confirmed=X
86932. Filename=WinDat.exe
86933. Description=Added by an unidentified WORM or TROJAN!
86934. Source=Paul Collins Startup list
86935.  
86936. [Windows Database]
86937. Number=12340
86938. Confirmed=X
86939. Filename=wiinsvc.exe
86940. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotru.html" target= blank>AGOBOT-RU</a> WORM!
86941. Source=Paul Collins Startup list
86942.  
86943. [Windows Dcom2 Fix]
86944. Number=12341
86945. Confirmed=X
86946. Filename=mscom32.exe
86947. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqt.html" target=_blank>RBOT-QT</a> WORM!
86948. Source=Paul Collins Startup list
86949.  
86950. [Windows DDE Loader]
86951. Number=12342
86952. Confirmed=X
86953. Filename=windde32.exe
86954. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotuz.html" target= blank>SDBOT-UZ</a> WORM!
86955. Source=Paul Collins Startup list
86956.  
86957. [Windows debug logging]
86958. Number=12343
86959. Confirmed=X
86960. Filename=winlogg.exe
86961. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoy.html" target=_blank>RBOT-OY</a> WORM!
86962.  
86963. Source=Paul Collins Startup list
86964.  
86965. [Windows debug logging]
86966. Number=12344
86967. Confirmed=X
86968. Filename=winloggs.exe
86969. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqn.html" target=_blank>RBOT-QN</a> WORM!
86970. Source=Paul Collins Startup list
86971.  
86972. [Windows Debugger]
86973. Number=12345
86974. Confirmed=X
86975. Filename=windbg.exe
86976. Description=Added by an unidentified VIRUS, WORM or TROJAN!
86977. Source=Paul Collins Startup list
86978.  
86979. [Windows Debugger]
86980. Number=12346
86981. Confirmed=X
86982. Filename=msdbg32.exe
86983. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
86984. Source=Paul Collins Startup list
86985.  
86986. [Windows Debugger]
86987. Number=12347
86988. Confirmed=X
86989. Filename=windbg32.exe
86990. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082515-1948-99" target=_blank>ZOTOB.L</a> WORM!
86991. Source=Paul Collins Startup list
86992.  
86993. [Windows Debugging Tools]
86994. Number=12348
86995. Confirmed=X
86996. Filename=updatecfg.exe
86997. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxu.html" target=_blank>RBOT-AXU</a> WORM!
86998. Source=Paul Collins Startup list
86999.  
87000. [Windows Default Configuration]
87001. Number=12349
87002. Confirmed=X
87003. Filename=svchost.exe
87004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderu.html" target=_blank>DLOADER-U</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
87005. Source=Paul Collins Startup list
87006.  
87007. [Windows Defender]
87008. Number=12350
87009. Confirmed=Y
87010. Filename=MSASCui.exe
87011. Description=Related to <a href="http://www.microsoft.com/athome/security/spyware/software/default.mspx" target=_blank>Windows Defender</a> Microsoft (anti-spyware) tool
87012. Source=Paul Collins Startup list
87013.  
87014. [WINDOWS DENEME]
87015. Number=12351
87016. Confirmed=X
87017. Filename=deneme.exe
87018. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcr.html" target=_blank>MYTOB-CR</a> WORM!
87019. Source=Paul Collins Startup list
87020.  
87021. [Windows Desktop Controler]
87022. Number=12352
87023. Confirmed=X
87024. Filename=windesktop.exe
87025. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html" target= blank>SDBOT-XH</a> WORM!
87026. Source=Paul Collins Startup list
87027.  
87028. [Windows Desktop Daemon]
87029. Number=12353
87030. Confirmed=X
87031. Filename=winpadg.exe
87032. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
87033. Source=Paul Collins Startup list
87034.  
87035. [Windows Desktop Search]
87036. Number=12354
87037. Confirmed=U
87038. Filename=WindowsSearch.exe
87039. Description=<a href="Windows Desktop Search" target="_blank">Windows Desktop Search</a> from Microsoft
87040. Source=Paul Collins Startup list
87041.  
87042. [Windows Dialup Service]
87043. Number=12355
87044. Confirmed=X
87045. Filename=dialup.exe
87046. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAH&VSect=P" target=_blank>AGOBOT.AAH</a> WORM!
87047. Source=Paul Collins Startup list
87048.  
87049. [Windows DLL host]
87050. Number=12356
87051. Confirmed=X
87052. Filename=winupd32.exe
87053. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
87054. Source=Paul Collins Startup list
87055.  
87056. [Windows DLL Host]
87057. Number=12357
87058. Confirmed=X
87059. Filename=dllhost32.exe
87060. Description=Added by an unidentified WORM or TROJAN!
87061. Source=Paul Collins Startup list
87062.  
87063. [Windows DLL Loader]
87064. Number=12358
87065. Confirmed=X
87066. Filename=RUNDLL16.EXE
87067. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020910-3044-99" target="_blank">DOMWIS</a> TROJAN!
87068. Source=Paul Collins Startup list
87069.  
87070. [Windows DLL Loader]
87071. Number=12359
87072. Confirmed=X
87073. Filename=defragfat32z.exe
87074. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110516-3932-99" target=_blank>LINKBOT.A</a> WORM!
87075. Source=Paul Collins Startup list
87076.  
87077. [Windows DLL Loader]
87078. Number=12360
87079. Confirmed=X
87080. Filename=rundll32.exe
87081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32whipserb.html" target=_blank>WHIPSER-B</a> WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/" target=_blank>rundll32.exe</a> is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
87082.  
87083. Source=Paul Collins Startup list
87084.  
87085. [Windows DLL Loader]
87086. Number=12361
87087. Confirmed=X
87088. Filename=defragfat32pi.exe
87089. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqq.html" target=_blank>RBOT-QQ</a> WORM!
87090. Source=Paul Collins Startup list
87091.  
87092. [Windows DLL Loader]
87093. Number=12362
87094. Confirmed=X
87095. Filename=defragfat39.exe
87096. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotc.html" target=_blank>POEBOT-C</a> WORM!
87097. Source=Paul Collins Startup list
87098.  
87099. [Windows DLL Loader]
87100. Number=12363
87101. Confirmed=X
87102. Filename=defragfatz.exe
87103. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011210-3257-99" target=_blank>LINKBOT.H</a> WORM!
87104. Source=Paul Collins Startup list
87105.  
87106. [Windows DLL Loader]
87107. Number=12364
87108. Confirmed=X
87109. Filename=defragfat32.exe
87110. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotss.html" target= blank>SDBOT-SS</a> WORM!
87111. Source=Paul Collins Startup list
87112.  
87113. [Windows DLL Loader]
87114. Number=12365
87115. Confirmed=X
87116. Filename=defragfat32abc.exe
87117. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrg.html" target=_blank>RBOT-RG</a> WORM!
87118. Source=Paul Collins Startup list
87119.  
87120. [Windows DLL Loader]
87121. Number=12366
87122. Confirmed=X
87123. Filename=wdevice.exe
87124. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
87125. Source=Paul Collins Startup list
87126.  
87127. [Windows DLL Loader]
87128. Number=12367
87129. Confirmed=X
87130. Filename=SYSCFG16.EXE
87131. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32domwisn.html" target=_blank>DOMWIS-N</a> WORM! 
87132. Source=Paul Collins Startup list
87133.  
87134. [Windows DLL Loader]
87135. Number=12368
87136. Confirmed=X
87137. Filename=WINCFG32.EXE
87138. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotte.html" target=_blank>AGOBOT-TE</a> WORM!
87139. Source=Paul Collins Startup list
87140.  
87141. [Windows DLL Services]
87142. Number=12369
87143. Confirmed=X
87144. Filename=winsvc32.exe
87145. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzf.html" target= blank>RBOT-ZF</a> WORM!
87146. Source=Paul Collins Startup list
87147.  
87148. [Windows DLL Services]
87149. Number=12370
87150. Confirmed=X
87151. Filename=svchost.exe
87152. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.H&VSect=Td" target=_blank>AGENT.H</a> spyware! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
87153. Source=Paul Collins Startup list
87154.  
87155. [Windows DLL Services]
87156. Number=12371
87157. Confirmed=X
87158. Filename=system.exe
87159. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.H&VSect=Td" target=_blank>AGENT.H</a> spyware
87160. Source=Paul Collins Startup list
87161.  
87162. [Windows DLL Tracker]
87163. Number=12372
87164. Confirmed=X
87165. Filename=spoolsrv.exe
87166. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
87167. Source=Paul Collins Startup list
87168.  
87169. [Windows DLL Verifier]
87170. Number=12373
87171. Confirmed=X
87172. Filename=xptl.exe
87173. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87174. Source=Paul Collins Startup list
87175.  
87176. [Windows DLL Verifier]
87177. Number=12374
87178. Confirmed=X
87179. Filename=windlls.exe
87180. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazq.html" target=_blank>RBOT-AZQ</a> WORM!
87181. Source=Paul Collins Startup list
87182.  
87183. [Windows DNS]
87184. Number=12375
87185. Confirmed=X
87186. Filename=windns.exe
87187. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxu.html" target= blank>SDBOT-XU</a> WORM!
87188. Source=Paul Collins Startup list
87189.  
87190. [Windows DNS Daemon]
87191. Number=12376
87192. Confirmed=X
87193. Filename=windnsd.exe
87194. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AS" target=_blank>WOOTBOT.AS</a> WORM!
87195. Source=Paul Collins Startup list
87196.  
87197. [Windows Domain Name Drivers]
87198. Number=12377
87199. Confirmed=X
87200. Filename=windns.exe
87201. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotep.html" target= blank>FORBOT-EP</a> WORM!
87202. Source=Paul Collins Startup list
87203.  
87204. [Windows DOS]
87205. Number=12378
87206. Confirmed=X
87207. Filename=dosw.exe
87208. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32salaya.html" target=_blank>SALAY-A</a> WORM!
87209. Source=Paul Collins Startup list
87210.  
87211. [Windows Download Manager]
87212. Number=12379
87213. Confirmed=X
87214. Filename=windlmngr.exe
87215. Description=Added by an unidentified TROJAN!
87216. Source=Paul Collins Startup list
87217.  
87218. [Windows Drive Compatibility]
87219. Number=12380
87220. Confirmed=X
87221. Filename=System32Driver32.exe
87222. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050316-0409-99" target="_blank">SUPOVA.Z</a> WORM!
87223. Source=Paul Collins Startup list
87224.  
87225. [Windows Driver]
87226. Number=12381
87227. Confirmed=X
87228. Filename=winxpdriver.exe
87229. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.EE&VSect=P" target=_blank>WOOTBOT.EE</a> WORM!
87230. Source=Paul Collins Startup list
87231.  
87232. [Windows Driver Adapter]
87233. Number=12382
87234. Confirmed=X
87235. Filename=svchost.exe
87236. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyk.html" target=_blank>ANTINNY-K</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "drivers" subfolder
87237. Source=Paul Collins Startup list
87238.  
87239. [Windows Driver Foundation]
87240. Number=12383
87241. Confirmed=X
87242. Filename=MTVSCMXT.EXE
87243. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
87244. Source=Paul Collins Startup list
87245.  
87246. [Windows Driver Services]
87247. Number=12384
87248. Confirmed=X
87249. Filename=msdrvs32.exe
87250. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.L" target="_blank">WOOTBOT.L</a> WORM!
87251. Source=Paul Collins Startup list
87252.  
87253. [Windows drivers update]
87254. Number=12385
87255. Confirmed=X
87256. Filename=windowsupdate.exe
87257. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotace.html" target= blank>RBOT-ACE</a> WORM!
87258. Source=Paul Collins Startup list
87259.  
87260. [Windows Dynamic Loading Header]
87261. Number=12386
87262. Confirmed=X
87263. Filename=winDLL32.exe
87264. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
87265. Source=Paul Collins Startup list
87266.  
87267. [Windows Executable]
87268. Number=12387
87269. Confirmed=X
87270. Filename=winmys.exe
87271. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabo.html" target= blank>RBOT-ABO</a> WORM!
87272. Source=Paul Collins Startup list
87273.  
87274. [Windows ExpIorer]
87275. Number=12388
87276. Confirmed=X
87277. Filename=[random filename]
87278. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotako.html" target=_blank>RBOT-AKO</a> WORM!
87279. Source=Paul Collins Startup list
87280.  
87281. [Windows Explorer]
87282. Number=12389
87283. Confirmed=X
87284. Filename=[filename].exe
87285. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
87286. Source=Paul Collins Startup list
87287.  
87288. [Windows Explorer]
87289. Number=12390
87290. Confirmed=X
87291. Filename=Lsas.exe
87292. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
87293. Source=Paul Collins Startup list
87294.  
87295. [Windows Explorer]
87296. Number=12391
87297. Confirmed=X
87298. Filename=olecom32.exe
87299. Description=Added by an unidentified WORM or TROJAN!
87300. Source=Paul Collins Startup list
87301.  
87302. [Windows Explorer]
87303. Number=12392
87304. Confirmed=X
87305. Filename=EEXPLORER.EXE
87306. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
87307. Source=Paul Collins Startup list
87308.  
87309. [Windows Explorer]
87310. Number=12393
87311. Confirmed=X
87312. Filename=explorer.exe
87313. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target="_blank">POEBOT-J</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
87314. Source=Paul Collins Startup list
87315.  
87316. [Windows Explorer]
87317. Number=12394
87318. Confirmed=X
87319. Filename=explorer.pif
87320. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaid.html" target=_blank>RBOT-AID</a> WORM!
87321. Source=Paul Collins Startup list
87322.  
87323. [Windows Explorer]
87324. Number=12395
87325. Confirmed=X
87326. Filename=system32.exe
87327. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajh.html" target=_blank>RBOT-AJH</a> WORM!
87328. Source=Paul Collins Startup list
87329.  
87330. [Windows Explorer]
87331. Number=12396
87332. Confirmed=X
87333. Filename=explorer32.exe
87334. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
87335. Source=Paul Collins Startup list
87336.  
87337. [Windows Explorer Shell]
87338. Number=12397
87339. Confirmed=X
87340. Filename=Winexec32.exe
87341. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-5727-99" target="_blank">REDIST.B</a> WORM!
87342. Source=Paul Collins Startup list
87343.  
87344. [Windows Explorer SP2]
87345. Number=12398
87346. Confirmed=X
87347. Filename=csrss.exe
87348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdm.html" target=_blank>BANKER-DM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a JavaBeans subfolder
87349. Source=Paul Collins Startup list
87350.  
87351. [Windows Explorer Update Build 1142]
87352. Number=12399
87353. Confirmed=X
87354. Filename=EXPLORER32.EXE
87355. Description=Added by the KaZaA based <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A" target="_blank"> KWBOT</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-103016-3027-99" target="_blank"> KWBOT.Y</a> WORMS!
87356. Source=Paul Collins Startup list
87357.  
87358. [Windows Explorer-3212]
87359. Number=12400
87360. Confirmed=X
87361. Filename=WINRE16.EXE
87362. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071011-5319-99" target="_blank">HARDOC</a> WORM!
87363. Source=Paul Collins Startup list
87364.  
87365. [Windows Extensions for Win32]
87366. Number=12401
87367. Confirmed=X
87368. Filename=winprgs32.exe
87369. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AFA" target="_blank">SDBOT.AFA</a> WORM!
87370. Source=Paul Collins Startup list
87371.  
87372. [Windows Eyes]
87373. Number=12402
87374. Confirmed=N
87375. Filename=??
87376. Description=For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs
87377. Source=Paul Collins Startup list
87378.  
87379. [Windows FAT 32]
87380. Number=12403
87381. Confirmed=X
87382. Filename=WINFAT32B.exe
87383. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotagt.html" target=_blank>SPYBOT-AGT</a> WORM!
87384. Source=Paul Collins Startup list
87385.  
87386. [Windows File Protection]
87387. Number=12404
87388. Confirmed=X
87389. Filename=winprotect.exe
87390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB" target=_blank>AGOBOT.JB</a> WORM!
87391. Source=Paul Collins Startup list
87392.  
87393. [Windows File System Frame]
87394. Number=12405
87395. Confirmed=X
87396. Filename=ntframe.exe
87397. Description=Added by an unidentified WORM or TROJAN!
87398. Source=Paul Collins Startup list
87399.  
87400. [Windows Firewal]
87401. Number=12406
87402. Confirmed=X
87403. Filename=Lsess.exe
87404. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87405. Source=Paul Collins Startup list
87406.  
87407. [Windows Firewall]
87408. Number=12407
87409. Confirmed=X
87410. Filename=WindowsFirewall.exe
87411. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041116-0102-99" target=_blank>MYTOB.AO</a> WORM!
87412. Source=Paul Collins Startup list
87413.  
87414. [Windows Firewall Log]
87415. Number=12408
87416. Confirmed=X
87417. Filename=winlog.exe
87418. Description=Added by an unidentified WORM or TROJAN!
87419. Source=Paul Collins Startup list
87420.  
87421. [Windows Firewall Manager]
87422. Number=12409
87423. Confirmed=X
87424. Filename=msfw.exe
87425. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WR" target=_blank>RBOT.WR</a> WORM!
87426. Source=Paul Collins Startup list
87427.  
87428. [Windows firewall manager]
87429. Number=12410
87430. Confirmed=X
87431. Filename=chh.exe
87432. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
87433. Source=Paul Collins Startup list
87434.  
87435. [Windows firewall manager]
87436. Number=12411
87437. Confirmed=X
87438. Filename=msguard.exe
87439. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
87440. Source=Paul Collins Startup list
87441.  
87442. [Windows Firewall Updater]
87443. Number=12412
87444. Confirmed=X
87445. Filename=updatees.exe
87446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgx.html" target="_blank">RBOT-GX</a> WORM!
87447. Source=Paul Collins Startup list
87448.  
87449. [Windows Firewall Updater]
87450. Number=12413
87451. Confirmed=X
87452. Filename=cronos.exe
87453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgby.html" target="_blank">RBOT-GBY</a> WORM!
87454. Source=Paul Collins Startup list
87455.  
87456. [Windows Firewall Updater]
87457. Number=12414
87458. Confirmed=X
87459. Filename=ctfcom.exe
87460. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcb.html" target="_blank">RBOT-GCB</a> WORM!
87461. Source=Paul Collins Startup list
87462.  
87463. [Windows Firewalll]
87464. Number=12415
87465. Confirmed=X
87466. Filename=scvhost.exe
87467. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotek.html" target=_blank>RBOT-EK</a> WORM!
87468. Source=Paul Collins Startup list
87469.  
87470. [Windows Firewalll]
87471. Number=12416
87472. Confirmed=X
87473. Filename=sphost.exe
87474. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87475. Source=Paul Collins Startup list
87476.  
87477. [Windows Firewalll]
87478. Number=12417
87479. Confirmed=X
87480. Filename=svvhost.exe
87481. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87482. Source=Paul Collins Startup list
87483.  
87484. [Windows Firewalll]
87485. Number=12418
87486. Confirmed=X
87487. Filename=winmu.exe
87488. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87489. Source=Paul Collins Startup list
87490.  
87491. [Windows Fix]
87492. Number=12419
87493. Confirmed=X
87494. Filename=integator.exe
87495. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB" target=_blank>SDBOT.ZAB</a> WORM!
87496. Source=Paul Collins Startup list
87497.  
87498. [Windows Fixes Systems]
87499. Number=12420
87500. Confirmed=X
87501. Filename=elite.exe
87502. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061221-4235-99" target=_blank>MYTOB.EG</a> WORM!
87503. Source=Paul Collins Startup list
87504.  
87505. [Windows FormatAd]
87506. Number=12421
87507. Confirmed=X
87508. Filename=WinForm.exe
87509. Description=Windupdates adware variant
87510. Source=Paul Collins Startup list
87511.  
87512. [Windows Frame Works]
87513. Number=12422
87514. Confirmed=X
87515. Filename=frmwrks32.exe
87516. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87517. Source=Paul Collins Startup list
87518.  
87519. [WINDOWS FUCK BY CLASIC]
87520. Number=12423
87521. Confirmed=X
87522. Filename=fuck.exe
87523. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.H&VSect=P" target=_blank>ZOTOB.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082317-0232-99" target=_blank>ZOTOB.J</a> WORMS!
87524. Source=Paul Collins Startup list
87525.  
87526. [Windows Generic Proc]
87527. Number=12424
87528. Confirmed=X
87529. Filename=procmsg.exe
87530. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042713-5259-99" target= blank>ALLIM.B</a> WORM!
87531. Source=Paul Collins Startup list
87532.  
87533. [Windows GMT32]
87534. Number=12425
87535. Confirmed=X
87536. Filename=wingmt32.exe
87537. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.KM&VSect=P" target=_blank>MYTOB.KM</a> WORM!
87538. Source=Paul Collins Startup list
87539.  
87540. [Windows Graphics Loaders]
87541. Number=12426
87542. Confirmed=X
87543. Filename=wingraphics.exe
87544. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.JG" target=_blank>SPYBOT.JG</a> WORM!
87545. Source=Paul Collins Startup list
87546.  
87547. [Windows Guard]
87548. Number=12427
87549. Confirmed=X
87550. Filename=WAUMGRD.EXE
87551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgy.html" target="_blank">RBOT-GY</a> WORM!
87552. Source=Paul Collins Startup list
87553.  
87554. [Windows Guardian]
87555. Number=12428
87556. Confirmed=U
87557. Filename=thehel1iawgrd32.exe
87558. Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
87559. Source=Paul Collins Startup list
87560.  
87561. [Windows Guardian]
87562. Number=12429
87563. Confirmed=U
87564. Filename=Fawgrd32.exe
87565. Description=Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
87566. Source=Paul Collins Startup list
87567.  
87568. [Windows Help]
87569. Number=12430
87570. Confirmed=X
87571. Filename=mailinfo.exe
87572. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JX&VSect=P" target=_blank>MYTOB.JX</a> WORM!
87573. Source=Paul Collins Startup list
87574.  
87575. [Windows Help File]
87576. Number=12431
87577. Confirmed=X
87578. Filename=winhelper32.exe
87579. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotqk.html" target=_blank>SDBOT-QK</a> TROJAN!
87580.  
87581. Source=Paul Collins Startup list
87582.  
87583. [Windows Help Manager]
87584. Number=12432
87585. Confirmed=X
87586. Filename=svchost32.exe
87587. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoz.html" target=_blank>RBOT-OZ</a> WORM!
87588.  
87589. Source=Paul Collins Startup list
87590.  
87591. [Windows Help Service]
87592. Number=12433
87593. Confirmed=X
87594. Filename=winhelpsv.exe
87595. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotlp.html" target="_blank">RBOT-LP</a> WORM!
87596. Source=Paul Collins Startup list
87597.  
87598. [Windows Help Service]
87599. Number=12434
87600. Confirmed=X
87601. Filename=winhlp.pif
87602. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakw.html" target=_blank>RBOT-AKW</a> WORM!
87603. Source=Paul Collins Startup list
87604.  
87605. [Windows Help System]
87606. Number=12435
87607. Confirmed=?
87608. Filename=Help.pif
87609. Description=<font color="#FF0000">??</font>
87610. Source=Paul Collins Startup list
87611.  
87612. [Windows Host]
87613. Number=12436
87614. Confirmed=X
87615. Filename=hosts.exe
87616. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-5727-99" target=_blank>KELVIR.U</a> WORM!
87617. Source=Paul Collins Startup list
87618.  
87619. [Windows Host]
87620. Number=12437
87621. Confirmed=X
87622. Filename=winhost.exe
87623. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051011-5530-99" target= blank>PRYSAT</a> TROJAN!
87624. Source=Paul Collins Startup list
87625.  
87626. [Windows Host Device]
87627. Number=12438
87628. Confirmed=X
87629. Filename=hostsvc.exe
87630. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zootya.html" target="_blank">ZOOTY-A</a> WORM!
87631. Source=Paul Collins Startup list
87632.  
87633. [Windows Host Name]
87634. Number=12439
87635. Confirmed=X
87636. Filename=lmass.exe
87637. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.O" target=_blank>GAOBOT.O</a> WORM!
87638. Source=Paul Collins Startup list
87639.  
87640. [Windows Host Service]
87641. Number=12440
87642. Confirmed=X
87643. Filename=scvhosts.exe
87644. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041022-0008-99" target=_blank>SPYBOT.NLI</a> WORM!
87645. Source=Paul Collins Startup list
87646.  
87647. [Windows Host Service]
87648. Number=12441
87649. Confirmed=X
87650. Filename=host.exe
87651. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042412-0343-99" target= blank>KELVIR.AN</a> WORM!
87652. Source=Paul Collins Startup list
87653.  
87654. [Windows Host Service]
87655. Number=12442
87656. Confirmed=X
87657. Filename=svchoste.exe
87658. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050511-0650-99" target= blank>KELVIR.BF</a> WORM!
87659. Source=Paul Collins Startup list
87660.  
87661. [Windows Host Service]
87662. Number=12443
87663. Confirmed=X
87664. Filename=svchosts32.exe
87665. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042810-3850-99" target= blank>KELVIR.AW</a> WORM!
87666. Source=Paul Collins Startup list
87667.  
87668. [Windows Host32 Starter]
87669. Number=12444
87670. Confirmed=X
87671. Filename=hostserv.exe
87672. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwu.html" target=_blank>SDBOT-WU</a> WORM!
87673. Source=Paul Collins Startup list
87674.  
87675. [Windows Hosts]
87676. Number=12445
87677. Confirmed=X
87678. Filename=hosts.exe
87679. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkelviro.html" target= blank>KELVIR-O</a> TROJAN!
87680. Source=Paul Collins Startup list
87681.  
87682. [Windows HP Drivers]
87683. Number=12446
87684. Confirmed=X
87685. Filename=hpdmws.exe
87686. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AQU&VSect=T" target=_blank>SDBOT.AQU</a> WORM!
87687. Source=Paul Collins Startup list
87688.  
87689. [Windows HTML file reader]
87690. Number=12447
87691. Confirmed=X
87692. Filename=Sysconf32.exe
87693. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NOOMY.A" target="_blank">NOOMY.A</a> WORM!
87694. Source=Paul Collins Startup list
87695.  
87696. [Windows HTTP services]
87697. Number=12448
87698. Confirmed=X
87699. Filename=winhttps.exe
87700. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! See <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new2.jsp?SEQ_NO=3006" target="_blank">here</a>
87701. Source=Paul Collins Startup list
87702.  
87703. [Windows Icons Manager]
87704. Number=12449
87705. Confirmed=X
87706. Filename=wicomgr.exe
87707. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaif.html" target=_blank>RBOT-AIF</a> WORM!
87708. Source=Paul Collins Startup list
87709.  
87710. [WINDOWS ID SYSTEM]
87711. Number=12450
87712. Confirmed=X
87713. Filename=wID32.exe
87714. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LN&VSect=P" target=_blank>MYTOB.LN</a> WORM!
87715. Source=Paul Collins Startup list
87716.  
87717. [Windows iMessenger Messenger]
87718. Number=12451
87719. Confirmed=X
87720. Filename=winimsg.exe
87721. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042614-4125-99" target= blank>ALLIM.A</a> WORM!
87722. Source=Paul Collins Startup list
87723.  
87724. [Windows Incontext]
87725. Number=12452
87726. Confirmed=X
87727. Filename=InSearch.exe
87728. Description=<a href="http://www.benedelman.org/spyware/installations/pacerd/" target=_blank>PacerD_Media/Pacimedia.com/Z-Quest</a> adware installer
87729. Source=Paul Collins Startup list
87730.  
87731. [Windows Insecure]
87732. Number=12453
87733. Confirmed=X
87734. Filename=[path to worm]
87735. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfsm.html" target="_blank">RBOT-FSM</a> WORM!
87736. Source=Paul Collins Startup list
87737.  
87738. [Windows installer]
87739. Number=12454
87740. Confirmed=X
87741. Filename=winstall.exe
87742. Description=<a href="http://www.bleepingcomputer.com/forums/topic22402.html" target="_blank">SpySheriff</a> malware. For more information on registry key changes see <a href="http://www.sophos.com/virusinfo/analyses/trojspywade.html" target="_blank">SPYWAD-E</a>
87743. Source=Paul Collins Startup list
87744.  
87745. [Windows Installer]
87746. Number=12455
87747. Confirmed=X
87748. Filename=ntdll.exe
87749. Description=Added by an unidentified WORM or TROJAN!
87750. Source=Paul Collins Startup list
87751.  
87752. [Windows Internet Protocol]
87753. Number=12456
87754. Confirmed=X
87755. Filename=winproc32.exe
87756. Description=CoolWebSearch <a href=" http://cwshredder.net/cwshredder/cwschronicles.html#winproc32" target=_blank>Winproc32</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpabf.html" target= blank>STARTPA-BF</a> TROJAN!
87757. Source=Paul Collins Startup list
87758.  
87759. [Windows Internet Protocol]
87760. Number=12457
87761. Confirmed=X
87762. Filename=deinst_qfe001.exe
87763. Description=Added by a variant of the Win32.Small TROJAN!
87764. Source=Paul Collins Startup list
87765.  
87766. [Windows Internet Service]
87767. Number=12458
87768. Confirmed=X
87769. Filename=wininet.exe
87770. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaux.html" target=_blank>RBOT-AUX</a> WORM!
87771. Source=Paul Collins Startup list
87772.  
87773. [Windows IP Security]
87774. Number=12459
87775. Confirmed=U
87776. Filename=ipsec.exe
87777. Description=Related to the <a href="http://research.microsoft.com/msripv6/docs/ipsec/ipsec_ut.htm" target=_blank>VPN IPSec utility</a> - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel
87778. Source=Paul Collins Startup list
87779.  
87780. [Windows IP Security Service]
87781. Number=12460
87782. Confirmed=X
87783. Filename=ipsecs.exe
87784. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BPW" target="_blank">RBOT.BPW</a> WORM!
87785. Source=Paul Collins Startup list
87786.  
87787. [Windows IPv6 Drivers]
87788. Number=12461
87789. Confirmed=X
87790. Filename=wipv6.exe
87791. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvj.html" target=_blank>SDBOT-VJ</a> WORM!
87792. Source=Paul Collins Startup list
87793.  
87794. [Windows Java Update]
87795. Number=12462
87796. Confirmed=X
87797. Filename=weatherBug32.exe
87798. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87799. Source=Paul Collins Startup list
87800.  
87801. [Windows JavaScript Daemon]
87802. Number=12463
87803. Confirmed=X
87804. Filename=Winjsd.exe
87805. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AF" target="_blank">WOOTBOT.AF</a> WORM!
87806. Source=Paul Collins Startup list
87807.  
87808. [Windows Kernel 64]
87809. Number=12464
87810. Confirmed=X
87811. Filename=kernal64.exe
87812. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32yimpb.html" target=_blank>YIMP-B</a> WORM!
87813. Source=Paul Collins Startup list
87814.  
87815. [Windows Kernel System Service]
87816. Number=12465
87817. Confirmed=X
87818. Filename=wkssvr.exe
87819. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-081910-4849-99" target="_blank">RANDEX.GEL</a> WORM!
87820. Source=Paul Collins Startup list
87821.  
87822. [Windows kev Messenger]
87823. Number=12466
87824. Confirmed=X
87825. Filename=mskev.exe
87826. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxv.html" target= blank>SDBOT-XV</a> WORM!
87827. Source=Paul Collins Startup list
87828.  
87829. [Windows live Support]
87830. Number=12467
87831. Confirmed=X
87832. Filename=wlmsngr.exe
87833. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkl.html" target="_blank">RBOT-BKL</a> WORM!
87834. Source=Paul Collins Startup list
87835.  
87836. [Windows Load]
87837. Number=12468
87838. Confirmed=?
87839. Filename=windows.com
87840. Description=<font color="#FF0000">??</font>
87841. Source=Paul Collins Startup list
87842.  
87843. [Windows Loader]
87844. Number=12469
87845. Confirmed=X
87846. Filename=wstart32.exe
87847. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110417-3351-99" target="_blank">GAOBOT.CA</a> WORM!
87848. Source=Paul Collins Startup list
87849.  
87850. [Windows Loader]
87851. Number=12470
87852. Confirmed=X
87853. Filename=winServices.pif
87854. Description=Reported by Kaspersky Anti-Virus as the CARDSPY.D TROJAN!
87855. Source=Paul Collins Startup list
87856.  
87857. [Windows Loader]
87858. Number=12471
87859. Confirmed=X
87860. Filename=SysUpdate.exe
87861. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
87862. Source=Paul Collins Startup list
87863.  
87864. [Windows Loader Service]
87865. Number=12472
87866. Confirmed=X
87867. Filename=civsc.exe
87868. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
87869. Source=Paul Collins Startup list
87870.  
87871. [windows Loadxm]
87872. Number=12473
87873. Confirmed=X
87874. Filename=Win_.exe
87875. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfoddera.html" target=_blank>FODDER-A</a> TROJAN!
87876. Source=Paul Collins Startup list
87877.  
87878. [Windows Local Services]
87879. Number=12474
87880. Confirmed=X
87881. Filename=localsvc.exe
87882. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87883. Source=Paul Collins Startup list
87884.  
87885. [Windows Local Services]
87886. Number=12475
87887. Confirmed=X
87888. Filename=netsvc.exe
87889. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87890. Source=Paul Collins Startup list
87891.  
87892. [Windows Local Services]
87893. Number=12476
87894. Confirmed=X
87895. Filename=spoolsvc.exe
87896. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87897. Source=Paul Collins Startup list
87898.  
87899. [Windows Local Services]
87900. Number=12477
87901. Confirmed=X
87902. Filename=svcadmin.exe
87903. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87904. Source=Paul Collins Startup list
87905.  
87906. [Windows Local Services]
87907. Number=12478
87908. Confirmed=X
87909. Filename=svcman.exe
87910. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87911. Source=Paul Collins Startup list
87912.  
87913. [Windows Local Services]
87914. Number=12479
87915. Confirmed=X
87916. Filename=svcrun.exe
87917. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87918. Source=Paul Collins Startup list
87919.  
87920. [Windows Local Services]
87921. Number=12480
87922. Confirmed=X
87923. Filename=tcpsvc.exe
87924. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87925. Source=Paul Collins Startup list
87926.  
87927. [Windows Local Services]
87928. Number=12481
87929. Confirmed=X
87930. Filename=websvc.exe
87931. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
87932. Source=Paul Collins Startup list
87933.  
87934. [Windows Locator]
87935. Number=12482
87936. Confirmed=X
87937. Filename=wsass.exe
87938. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.IRCBot.n&threatid=10896" target="_blank">IRCBOT.N</a> TROJAN!
87939. Source=Paul Collins Startup list
87940.  
87941. [Windows Logger]
87942. Number=12483
87943. Confirmed=X
87944. Filename=winlog.exe
87945. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnshadowb.html" target=_blank>NSHADOW-B</a> TROJAN!
87946. Source=Paul Collins Startup list
87947.  
87948. [Windows logging]
87949. Number=12484
87950. Confirmed=X
87951. Filename=winlogd.exe
87952. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboton.html" target=_blank>RBOT-ON</a> WORM!
87953.  
87954. Source=Paul Collins Startup list
87955.  
87956. [Windows Login]
87957. Number=12485
87958. Confirmed=X
87959. Filename=explored.exe
87960. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
87961. Source=Paul Collins Startup list
87962.  
87963. [Windows Login]
87964. Number=12486
87965. Confirmed=X
87966. Filename=winlog.exe
87967. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MG&VSect=T" target=_blank>AGOBOT.MG</a> WORM!
87968. Source=Paul Collins Startup list
87969.  
87970. [Windows Login]
87971. Number=12487
87972. Confirmed=X
87973. Filename=lmss.exe
87974. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotja.html" target="_blank">AGOBOT-JA</a> WORM!
87975. Source=Paul Collins Startup list
87976.  
87977. [Windows Login]
87978. Number=12488
87979. Confirmed=X
87980. Filename=lmss.exe
87981. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotja.html" target="_blank">AGOBOT-JA</a> WORM!
87982. Source=Paul Collins Startup list
87983.  
87984. [Windows Login Folder]
87985. Number=12489
87986. Confirmed=X
87987. Filename=winzep.exe
87988. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottz.html" target=_blank>AGOBOT-TZ</a> WORM!
87989. Source=Paul Collins Startup list
87990.  
87991. [Windows Login Manager]
87992. Number=12490
87993. Confirmed=X
87994. Filename=winlogin.exe
87995. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
87996. Source=Paul Collins Startup list
87997.  
87998. [Windows Login Security]
87999. Number=12491
88000. Confirmed=X
88001. Filename=winlogin.pif
88002. Description=Added by an unidentified WORM or TROJAN!
88003. Source=Paul Collins Startup list
88004.  
88005. [Windows Login Service]
88006. Number=12492
88007. Confirmed=X
88008. Filename=winlog.exe
88009. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafn.html" target=_blank>RBOT-AFN</a> WORM!
88010. Source=Paul Collins Startup list
88011.  
88012. [Windows Login Service]
88013. Number=12493
88014. Confirmed=X
88015. Filename=winlogin.pif
88016. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacu.html" target=_blank>SDBOT-ACU</a> WORM!
88017. Source=Paul Collins Startup list
88018.  
88019. [Windows Logon]
88020. Number=12494
88021. Confirmed=X
88022. Filename=winlogin.exe
88023. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotc.html" target=_blank>SPYBOT-C</a> TROJAN!
88024. Source=Paul Collins Startup list
88025.  
88026. [Windows Logon Application]
88027. Number=12495
88028. Confirmed=X
88029. Filename=WinIogon.exe
88030. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052109-2651-99" target=_blank>LINKBOT.M</a> WORM!
88031. Source=Paul Collins Startup list
88032.  
88033. [Windows Logon Application]
88034. Number=12496
88035. Confirmed=X
88036. Filename=logon.exe
88037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
88038. Source=Paul Collins Startup list
88039.  
88040. [Windows Logon Application]
88041. Number=12497
88042. Confirmed=X
88043. Filename=services.exe
88044. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojciadoorl.html" target=_blank>CIADOOR-L</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
88045. Source=Paul Collins Startup list
88046.  
88047. [Windows Logon Application]
88048. Number=12498
88049. Confirmed=X
88050. Filename=win32help.exe
88051. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotx.html" target="_blank">DELBOT-X</a> WORM!
88052. Source=Paul Collins Startup list
88053.  
88054. [Windows Logon Application]
88055. Number=12499
88056. Confirmed=X
88057. Filename=winlogon.exe
88058. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotkw.html" target="_blank">POEBOT-KW</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
88059. Source=Paul Collins Startup list
88060.  
88061. [Windows Logon Manager]
88062. Number=12500
88063. Confirmed=X
88064. Filename=logon.exe
88065. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
88066. Source=Paul Collins Startup list
88067.  
88068. [Windows Logon Procedure]
88069. Number=12501
88070. Confirmed=X
88071. Filename=Svchoste.exe
88072. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
88073. Source=Paul Collins Startup list
88074.  
88075. [Windows Logon Procedure]
88076. Number=12502
88077. Confirmed=X
88078. Filename=Svchosta.exe
88079. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
88080. Source=Paul Collins Startup list
88081.  
88082. [windows logon procedure]
88083. Number=12503
88084. Confirmed=X
88085. Filename=winlogonpc.exe
88086. Description=Added by the <a href="http://labs.paretologic.com/spyware.aspx?remove=WinLogon" target=_blank>WINLOGON</a> TROJAN!
88087. Source=Paul Collins Startup list
88088.  
88089. [Windows Logon Service]
88090. Number=12504
88091. Confirmed=X
88092. Filename=winlogon.pif
88093. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaou.html" target=_blank>RBOT-AOU</a> WORM!
88094. Source=Paul Collins Startup list
88095.  
88096. [Windows Logon Service]
88097. Number=12505
88098. Confirmed=X
88099. Filename=napi32.exe
88100. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-010316-2308-99" target="_blank">SPYBOT.ANDM</a> WORM!
88101. Source=Paul Collins Startup list
88102.  
88103. [Windows LoL Layer]
88104. Number=12506
88105. Confirmed=X
88106. Filename=gqwdcr.exe
88107. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotahs.html" target="_blank">AGOBOT-AHS</a> WORM!
88108. Source=Paul Collins Startup list
88109.  
88110. [Windows LoL Layer]
88111. Number=12507
88112. Confirmed=X
88113. Filename=win.exe
88114. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfto.html" target="_blank">RBOT-FTO</a> WORM!
88115. Source=Paul Collins Startup list
88116.  
88117. [Windows LoL Layer]
88118. Number=12508
88119. Confirmed=X
88120. Filename=[random filename].exe
88121. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgmd.html" target="_blank">RBOT-GMD</a> WORM!
88122. Source=Paul Collins Startup list
88123.  
88124. [Windows LoL Layer]
88125. Number=12509
88126. Confirmed=X
88127. Filename=pyvnpt.exe
88128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkv.html" target="_blank">RBOT-GKV</a> WORM!
88129. Source=Paul Collins Startup list
88130.  
88131. [Windows LoL Layer]
88132. Number=12510
88133. Confirmed=X
88134. Filename=winlolx.exe
88135. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfor.html" target="_blank">RBOT-FOR</a> WORM!
88136. Source=Paul Collins Startup list
88137.  
88138. [Windows Management Instrumentation]
88139. Number=12511
88140. Confirmed=X
88141. Filename=mwd.exe
88142. Description=Added by the <a href="http://www.f-secure.com/v-descs/graps.shtml" target="_blank">GRAPS</a> WORM!
88143. Source=Paul Collins Startup list
88144.  
88145. [Windows Management Instrumentation]
88146. Number=12512
88147. Confirmed=X
88148. Filename=[path to file]
88149. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32qedsa.html" target=_blank>QEDS-A</a> VIRUS!
88150. Source=Paul Collins Startup list
88151.  
88152. [WINDOWS MANAGEMENT SYSTEM]
88153. Number=12513
88154. Confirmed=X
88155. Filename=wm1exe.exe
88156. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvt.html" target= blank>RBOT-VT</a> WORM!
88157. Source=Paul Collins Startup list
88158.  
88159. [Windows Manager]
88160. Number=12514
88161. Confirmed=X
88162. Filename=winmants.exe
88163. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101711-3904-99" target="_blank">MANTAS</a> WORM!
88164. Source=Paul Collins Startup list
88165.  
88166. [Windows Manager]
88167. Number=12515
88168. Confirmed=X
88169. Filename=winsrv.exe
88170. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
88171. Source=Paul Collins Startup list
88172.  
88173. [Windows Manager Update Inc]
88174. Number=12516
88175. Confirmed=X
88176. Filename=tgb.exe
88177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacm.html" target=_blank>SDBOT-ACM</a> WORM!
88178. Source=Paul Collins Startup list
88179.  
88180. [Windows mangement]
88181. Number=12517
88182. Confirmed=X
88183. Filename=winlogonn.exe
88184. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-012912-4116-99" target="_blank">RANDEX.FC</a> WORM!
88185. Source=Paul Collins Startup list
88186.  
88187. [Windows Media AP]
88188. Number=12518
88189. Confirmed=X
88190. Filename=winmapp.exe
88191. Description=Added by an unidentified WORM or TROJAN!
88192. Source=Paul Collins Startup list
88193.  
88194. [Windows Media APP]
88195. Number=12519
88196. Confirmed=X
88197. Filename=wmapp.exe
88198. Description=Added by an unidentified WORM or TROJAN!
88199. Source=Paul Collins Startup list
88200.  
88201. [Windows Media Center]
88202. Number=12520
88203. Confirmed=N
88204. Filename=RunDLL32.exe [path] ehuihlp.dll, BootMediaCenter
88205. Description=Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
88206. Source=Paul Collins Startup list
88207.  
88208. [Windows Media Connect 2]
88209. Number=12521
88210. Confirmed=N
88211. Filename=WMCCFG.exe
88212. Description=<a href="http://www.microsoft.com/windows/windowsmedia/devices/wmconnect/faq.aspx#1_1" target=_blank>Windows Media Connect</a> from Microsoft - stream digital media files on your computer to digital media receivers (DMRs) that are connected to your home network
88213.  
88214. Source=Paul Collins Startup list
88215.  
88216. [Windows Media Driver]
88217. Number=12522
88218. Confirmed=X
88219. Filename=msnger.exe
88220. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
88221. Source=Paul Collins Startup list
88222.  
88223. [Windows Media Loader]
88224. Number=12523
88225. Confirmed=X
88226. Filename=wmloader.exe
88227. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112112-1102-99" target="_blank">GAOBOT</a> WORM!
88228. Source=Paul Collins Startup list
88229.  
88230. [Windows Media Player]
88231. Number=12524
88232. Confirmed=X
88233. Filename=wmediaplayer.exe
88234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnq.html" target=_blank>AGOBOT-NQ</a> WORM!
88235.  
88236. Source=Paul Collins Startup list
88237.  
88238. [Windows Media Player]
88239. Number=12525
88240. Confirmed=X
88241. Filename=MediaPIayer.exe
88242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotqo.html" target=_blank>SDBOT-QO</a> TROJAN! - note, the executable is called 'Mediap<font color="#FF0000">I</font>ayer', with an 'i' !)
88243.  
88244. Source=Paul Collins Startup list
88245.  
88246. [Windows Media Player]
88247. Number=12526
88248. Confirmed=X
88249. Filename=[random filename]
88250. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
88251. Source=Paul Collins Startup list
88252.  
88253. [Windows Media Player]
88254. Number=12527
88255. Confirmed=X
88256. Filename=msa.exe
88257. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsi.html" target=_blank>RBOT-SI</a> WORM!
88258. Source=Paul Collins Startup list
88259.  
88260. [Windows Media Player]
88261. Number=12528
88262. Confirmed=X
88263. Filename=mcafe32.exe
88264. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyo.html" target= blank>RBOT-YO</a> WORM!
88265. Source=Paul Collins Startup list
88266.  
88267. [Windows Media Player]
88268. Number=12529
88269. Confirmed=X
88270. Filename=wmplayer.exe
88271. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031416-4516-99" target=_blank>KELVIR.G</a> WORM or variants! Note - this is not the valid Windows Media Player as the executeable resides is C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) rather than C:\Program Files\Windows Media Player
88272. Source=Paul Collins Startup list
88273.  
88274. [Windows Media Player]
88275. Number=12530
88276. Confirmed=X
88277. Filename=50cent.exe
88278. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
88279. Source=Paul Collins Startup list
88280.  
88281. [Windows Media Player]
88282. Number=12531
88283. Confirmed=X
88284. Filename=mpwe.exe
88285. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottt.html" target=_blank>RBOT-TT</a> WORM!
88286. Source=Paul Collins Startup list
88287.  
88288. [Windows Media Player]
88289. Number=12532
88290. Confirmed=X
88291. Filename=msams.exe
88292. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AHR" target="_blank">RBOT.AHR</a> WORM!
88293. Source=Paul Collins Startup list
88294.  
88295. [Windows Media Player 3.6]
88296. Number=12533
88297. Confirmed=X
88298. Filename=wmpa36.exe
88299. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
88300. Source=Paul Collins Startup list
88301.  
88302. [Windows Media Player 3.6b]
88303. Number=12534
88304. Confirmed=X
88305. Filename=WMPA36B.EXE
88306. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvv.html" target= blank>RBOT-VV</a> WORM!
88307. Source=Paul Collins Startup list
88308.  
88309. [Windows Media Player 3.6d]
88310. Number=12535
88311. Confirmed=X
88312. Filename=wmpa36d.exe
88313. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotya.html" target=_blank>RBOT-YA</a> WORM!
88314. Source=Paul Collins Startup list
88315.  
88316. [Windows Media Player 3.9]
88317. Number=12536
88318. Confirmed=X
88319. Filename=wmpa36.exe
88320. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
88321. Source=Paul Collins Startup list
88322.  
88323. [Windows Media Player Service]
88324. Number=12537
88325. Confirmed=X
88326. Filename=wmedia.exe
88327. Description=Added by the <a href="http://www.avira.com/en/threats/section/fulldetails/id_vir/2008/worm_RBOT.213504.html" target="_blank">RBOT.213504</a> WORM!
88328. Source=Paul Collins Startup list
88329.  
88330. [Windows Media Player Update]
88331. Number=12538
88332. Confirmed=X
88333. Filename=[random filename]
88334. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotet.html" target=_blank>RBOT-ET</a> WORM!
88335. Source=Paul Collins Startup list
88336.  
88337. [Windows Media Powerpoint Helper]
88338. Number=12539
88339. Confirmed=N
88340. Filename=NSPPTHLP.EXE
88341. Description=German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
88342. Source=Paul Collins Startup list
88343.  
88344. [Windows media service]
88345. Number=12540
88346. Confirmed=X
88347. Filename=crvss.exe
88348. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP" target="_blank">SDBOT.VP</a> WORM!
88349. Source=Paul Collins Startup list
88350.  
88351. [Windows media service]
88352. Number=12541
88353. Confirmed=X
88354. Filename=crsss.exe
88355. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ACY" target="_blank">RBOT.ACY</a> WORM!
88356. Source=Paul Collins Startup list
88357.  
88358. [Windows media service]
88359. Number=12542
88360. Confirmed=X
88361. Filename=Sygate32.exe
88362. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADE" target="_blank">RBOT.ADE</a> WORM!
88363. Source=Paul Collins Startup list
88364.  
88365. [Windows media services]
88366. Number=12543
88367. Confirmed=X
88368. Filename=cvrsss.exe
88369. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmw.html" target=_blank>RBOT-MW</a> WORM!
88370.  
88371. Source=Paul Collins Startup list
88372.  
88373. [Windows Media SP.2.37]
88374. Number=12544
88375. Confirmed=X
88376. Filename=[random filename]
88377. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081512-4030-99" target="_blank">LEMIR.C</a> TROJAN!
88378. Source=Paul Collins Startup list
88379.  
88380. [Windows Media Updater]
88381. Number=12545
88382. Confirmed=X
88383. Filename=crease.exe
88384. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotati.html" target=_blank>RBOT-ATI</a> WORM!
88385. Source=Paul Collins Startup list
88386.  
88387. [Windows Media Upgrade]
88388. Number=12546
88389. Confirmed=X
88390. Filename=NeUpgrade.exe
88391. Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Rbot.bmf&threatid=126415" target="_blank">RBOT.BMF</a> TROJAN!
88392. Source=Paul Collins Startup list
88393.  
88394. [Windows Media Utility]
88395. Number=12547
88396. Confirmed=X
88397. Filename=wmediautil.exe
88398. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
88399. Source=Paul Collins Startup list
88400.  
88401. [Windows messenger]
88402. Number=12548
88403. Confirmed=X
88404. Filename=messengers.exe
88405. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061311-1205-99" target=_blank>MYTOB.EI</a> WORM!
88406. Source=Paul Collins Startup list
88407.  
88408. [Windows Messenger]
88409. Number=12549
88410. Confirmed=X
88411. Filename=msnsmgs.exe
88412. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanj.html" target=_blank>RBOT-ANJ</a> WORM!
88413. Source=Paul Collins Startup list
88414.  
88415. [Windows Messenger Messenger]
88416. Number=12550
88417. Confirmed=X
88418. Filename=winmsg.exe
88419. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042321-0015-99" target= blank>VELKBOT.A</a> WORM!
88420. Source=Paul Collins Startup list
88421.  
88422. [Windows Messenger Service]
88423. Number=12551
88424. Confirmed=X
88425. Filename=winsmsgr.exe
88426. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvw.html" target= blank>RBOT-VW</a> WORM!
88427. Source=Paul Collins Startup list
88428.  
88429. [Windows Messenger Service]
88430. Number=12552
88431. Confirmed=X
88432. Filename=kaspersky.exe
88433. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HY&VSect=P" target=_blank>MYTOB.HY</a> WORM!
88434. Source=Paul Collins Startup list
88435.  
88436. [Windows MeTaLRoCk service]
88437. Number=12553
88438. Confirmed=X
88439. Filename=metalrock.exe
88440. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093017-0419-99" target="_blank">TASTYRED</a> TROJAN!
88441. Source=Paul Collins Startup list
88442.  
88443. [Windows Micro Drivers]
88444. Number=12554
88445. Confirmed=X
88446. Filename=wupdates32.exe
88447. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeh.html" target=_blank>RBOT-AEH</a> WORM!
88448. Source=Paul Collins Startup list
88449.  
88450. [Windows Microsoft Update]
88451. Number=12555
88452. Confirmed=X
88453. Filename=wintask32.exe
88454. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88455. Source=Paul Collins Startup list
88456.  
88457. [Windows mod Verifier]
88458. Number=12556
88459. Confirmed=X
88460. Filename=Windows-mod.exe
88461. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DSU" target="_blank">RBOT.DSU</a> WORM!
88462. Source=Paul Collins Startup list
88463.  
88464. [Windows modez Verifier]
88465. Number=12557
88466. Confirmed=X
88467. Filename=w1nz0zz0.exe
88468. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88469. Source=Paul Collins Startup list
88470.  
88471. [Windows modez Verifier]
88472. Number=12558
88473. Confirmed=X
88474. Filename=Window2.exe
88475. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88476. Source=Paul Collins Startup list
88477.  
88478. [Windows modez Verifier]
88479. Number=12559
88480. Confirmed=X
88481. Filename=WindowsLogon.exe
88482. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88483. Source=Paul Collins Startup list
88484.  
88485. [Windows modez Verifier]
88486. Number=12560
88487. Confirmed=X
88488. Filename=Wwuamguard.exe
88489. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=53822" target="_blank">RBOT.EZJ</a> WORM!
88490. Source=Paul Collins Startup list
88491.  
88492. [Windows modez Verifier]
88493. Number=12561
88494. Confirmed=X
88495. Filename=winlogom.exe
88496. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88497. Source=Paul Collins Startup list
88498.  
88499. [Windows modez Verifier]
88500. Number=12562
88501. Confirmed=X
88502. Filename=Windows-.exe
88503. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdio.html" target="_blank">RBOT-DIO</a> WORM!
88504. Source=Paul Collins Startup list
88505.  
88506. [Windows modez Verifier]
88507. Number=12563
88508. Confirmed=X
88509. Filename=taskmngr.exe
88510. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88511. Source=Paul Collins Startup list
88512.  
88513. [Windows modez Verifier]
88514. Number=12564
88515. Confirmed=X
88516. Filename=winl0g0z.exe
88517. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfnb.html" target="_blank">RBOT-FNB</a> WORM!
88518. Source=Paul Collins Startup list
88519.  
88520. [Windows Monitor]
88521. Number=12565
88522. Confirmed=X
88523. Filename=winmon.exe
88524. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VB" target="_blank">SDBOT.VB</a> WORM!
88525. Source=Paul Collins Startup list
88526.  
88527. [Windows Monitor]
88528. Number=12566
88529. Confirmed=X
88530. Filename=arsetup.exe
88531. Description=Added by the SPAZBOX.A TROJAN!
88532. Source=Paul Collins Startup list
88533.  
88534. [Windows Monitor Services]
88535. Number=12567
88536. Confirmed=X
88537. Filename=winmonitor.exe
88538. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxx.html" target= blank>RBOT-XX</a> WORM!
88539. Source=Paul Collins Startup list
88540.  
88541. [Windows Monitoring Service]
88542. Number=12568
88543. Confirmed=X
88544. Filename=winmon.exe
88545. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
88546. Source=Paul Collins Startup list
88547.  
88548. [Windows More Choice]
88549. Number=12569
88550. Confirmed=X
88551. Filename=TopContext.exe
88552. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081716-4955-99" target=_blank>ZQuest</a> adware
88553. Source=Paul Collins Startup list
88554.  
88555. [Windows Mouse Utilities]
88556. Number=12570
88557. Confirmed=X
88558. Filename=mouseutils.exe
88559. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabu.html" target= blank>RBOT-ABU</a> WORM!
88560. Source=Paul Collins Startup list
88561.  
88562. [Windows ms Drivers]
88563. Number=12571
88564. Confirmed=X
88565. Filename=msnup32.exe
88566. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaal.html" target=_blank>SDBOT-AAL</a> WORM!
88567. Source=Paul Collins Startup list
88568.  
88569. [Windows MS Update 32]
88570. Number=12572
88571. Confirmed=X
88572. Filename=fhm.exe
88573. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PX5=6b0b4aa6b02923905fcc013704ef4d001c32acc4" target="_blank">IRCBOT.GEN</a> WORM!
88574. Source=Paul Collins Startup list
88575.  
88576. [Windows MS Update 32]
88577. Number=12573
88578. Confirmed=X
88579. Filename=sucker.exe
88580. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgj.html" target="_blank">FORBOT-GJ</a> WORM!
88581. Source=Paul Collins Startup list
88582.  
88583. [Windows MSConfig Startup Logger]
88584. Number=12574
88585. Confirmed=X
88586. Filename=winlog.exe
88587. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCU&VSect=P" target=_blank>RBOT.BCU</a> WORM!
88588. Source=Paul Collins Startup list
88589.  
88590. [Windows Msn Live Messanger]
88591. Number=12575
88592. Confirmed=X
88593. Filename=msnmsgsman.exe
88594. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88595. Source=Paul Collins Startup list
88596.  
88597. [Windows MSX drivers]
88598. Number=12576
88599. Confirmed=X
88600. Filename=winmsx.exe
88601. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayg.html" target=_blank>RBOT-AYG</a> TROJAN!
88602. Source=Paul Collins Startup list
88603.  
88604. [Windows Net Cfg ]
88605. Number=12577
88606. Confirmed=X
88607. Filename=service.exe
88608. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88609. Source=Paul Collins Startup list
88610.  
88611. [Windows NetDDe]
88612. Number=12578
88613. Confirmed=X
88614. Filename=wrmana32.exe
88615. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073111-4817-99" target=_blank>MYTOB.IM</a> WORM!
88616. Source=Paul Collins Startup list
88617.  
88618. [Windows Nets]
88619. Number=12579
88620. Confirmed=X
88621. Filename=WinNET.exe
88622. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmo.html" target=_blank>RBOT-MO</a> WORM!
88623.  
88624. Source=Paul Collins Startup list
88625.  
88626. [Windows NetStart Service]
88627. Number=12580
88628. Confirmed=X
88629. Filename=winsN2S.exe
88630. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotzx.html" target=_blank>RBOT-ZX</a> WORM!
88631. Source=Paul Collins Startup list
88632.  
88633. [Windows NetStart Service2]
88634. Number=12581
88635. Confirmed=X
88636. Filename=winsN2S.exe
88637. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabn.html" target= blank>RBOT-ABN</a> WORM!
88638. Source=Paul Collins Startup list
88639.  
88640. [Windows NetStart Service2]
88641. Number=12582
88642. Confirmed=X
88643. Filename=winsN2SD.exe
88644. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
88645. Source=Paul Collins Startup list
88646.  
88647. [Windows Network Controller]
88648. Number=12583
88649. Confirmed=X
88650. Filename=Mqguard.exe
88651. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcl.html" target=_blank>FORBOT-CL</a> WORM!
88652. Source=Paul Collins Startup list
88653.  
88654. [Windows Network Controller]
88655. Number=12584
88656. Confirmed=X
88657. Filename=WinxPupd.exe
88658. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotdk.html" target=_blank>FORBOT-DK</a> WORM!
88659. Source=Paul Collins Startup list
88660.  
88661. [Windows Network Controller]
88662. Number=12585
88663. Confirmed=X
88664. Filename=winmms32.exe
88665. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboted.html" target=_blank>FORBOT-ED</a> WORM!
88666. Source=Paul Collins Startup list
88667.  
88668. [Windows Network Controller]
88669. Number=12586
88670. Confirmed=X
88671. Filename=wingmt.exe
88672. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
88673. Source=Paul Collins Startup list
88674.  
88675. [Windows Network Controller]
88676. Number=12587
88677. Confirmed=X
88678. Filename=Win9x.exe
88679. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.I" target=_blank>WOOTBOT.I</a> WORM!
88680. Source=Paul Collins Startup list
88681.  
88682. [Windows Network Firewall]
88683. Number=12588
88684. Confirmed=X
88685. Filename=firewall.exe
88686. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32poebotj.html" target= blank>POEBOT-J</a> WORM!
88687. Source=Paul Collins Startup list
88688.  
88689. [Windows Network Service]
88690. Number=12589
88691. Confirmed=X
88692. Filename=winvc32.exe
88693. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.RY" target=_blank>RBOT.RY</a> WORM!
88694.  
88695. Source=Paul Collins Startup list
88696.  
88697. [Windows Networking]
88698. Number=12590
88699. Confirmed=X
88700. Filename=winsys32.exe
88701. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010614-4803-99" target="_blank">GAOBOT.FL</a> WORM!
88702. Source=Paul Collins Startup list
88703.  
88704. [Windows Networks]
88705. Number=12591
88706. Confirmed=X
88707. Filename=netcog.exe
88708. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.FH&VSect=T" target=_blank>MYTOB.FH</a> WORM!
88709. Source=Paul Collins Startup list
88710.  
88711. [Windows Nivedia Driver]
88712. Number=12592
88713. Confirmed=X
88714. Filename=sysMGT.exe
88715. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88716. Source=Paul Collins Startup list
88717.  
88718. [Windows NNT]
88719. Number=12593
88720. Confirmed=X
88721. Filename=[path to trojan]
88722. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031918-5809-99" target="_blank">RANKY.E</a> TROJAN!
88723. Source=Paul Collins Startup list
88724.  
88725. [Windows NT 32]
88726. Number=12594
88727. Confirmed=X
88728. Filename=ntlogin32.exe
88729. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102709-2145-99" target=_blank>RANDEX.BRD</a> WORM!
88730. Source=Paul Collins Startup list
88731.  
88732. [Windows NT Login]
88733. Number=12595
88734. Confirmed=X
88735. Filename=ntlogin32.exe
88736. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WG" target="_blank">SDBOT.WG</a> WORM!
88737. Source=Paul Collins Startup list
88738.  
88739. [Windows NT Login Session Manager]
88740. Number=12596
88741. Confirmed=X
88742. Filename=WNSM.EXE
88743. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BIV&VSect=T" target=_blank>RBOT.BIV</a> WORM!
88744. Source=Paul Collins Startup list
88745.  
88746. [Windows NT Logon Application]
88747. Number=12597
88748. Confirmed=X
88749. Filename=winlogon.scr
88750. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalp.html" target=_blank>RBOT-ALP</a> WORM!
88751. Source=Paul Collins Startup list
88752.  
88753. [Windows NT Service Name]
88754. Number=12598
88755. Confirmed=X
88756. Filename=winshock.exe
88757. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpk.html" target=_blank>RBOT-PK</a> WORM!
88758.  
88759. Source=Paul Collins Startup list
88760.  
88761. [Windows NT Update Manager]
88762. Number=12599
88763. Confirmed=X
88764. Filename=WINL0G0N.exe
88765. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnu.html" target=_blank>AGOBOT-NU</a> WORM! Note that those are zeroes in the filename and not capital "o"
88766. Source=Paul Collins Startup list
88767.  
88768. [Windows OEM Tools]
88769. Number=12600
88770. Confirmed=X
88771. Filename=winres32.exe
88772. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.FD" target="_blank">SPYBOT.FD</a> WORM!
88773. Source=Paul Collins Startup list
88774.  
88775. [Windows OLE Automation Server]
88776. Number=12601
88777. Confirmed=X
88778. Filename=ole32aut.vbe
88779. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
88780. Source=Paul Collins Startup list
88781.  
88782. [Windows Online Updater]
88783. Number=12602
88784. Confirmed=X
88785. Filename=dllman.exe
88786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotte.html" target=_blank>RBOT-TE</a> WORM!
88787. Source=Paul Collins Startup list
88788.  
88789. [Windows Pc]
88790. Number=12603
88791. Confirmed=X
88792. Filename=winmgr.exe
88793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bibota.html" target=_blank>BIBOT-A</a> WORM!
88794. Source=Paul Collins Startup list
88795.  
88796. [Windows PDG]
88797. Number=12604
88798. Confirmed=X
88799. Filename=winpdg.exe
88800. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadw.html" target=_blank>RBOT-ADW</a> WORM!
88801. Source=Paul Collins Startup list
88802.  
88803. [Windows Performance Monitor]
88804. Number=12605
88805. Confirmed=X
88806. Filename=wmscupd.exe
88807. Description=Added by the <a href="http://fileinfo.prevx.com/QQe41b17727304-WMSC13097780/WMSCUPD.EXE.html" target=_blank>IRCBOT_GEN</a> WORM!
88808.  
88809. Source=Paul Collins Startup list
88810.  
88811. [Windows PNP]
88812. Number=12606
88813. Confirmed=X
88814. Filename=winpnp.exe
88815. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotakn.html" target=_blank>RBOT-AKN</a> WORM!
88816. Source=Paul Collins Startup list
88817.  
88818. [Windows PNP Server]
88819. Number=12607
88820. Confirmed=X
88821. Filename=pnpsrv.exe
88822. Description=Added by <a href="http://vil.nai.com/vil/content/v_135434.htm" target=_blank>this</a> variant of the SDBOT WORM!
88823. Source=Paul Collins Startup list
88824.  
88825. [Windows Portable Device Drivers]
88826. Number=12608
88827. Confirmed=X
88828. Filename=MSKSVRVS.EXE
88829. Description=Added by a TROJAN - see <a href="http://fileinfo.prevx.com/adware/qq34f876137243-MSKS34826820/MSKSVRVS.EXE.html" target="_blank">here</a>
88830. Source=Paul Collins Startup list
88831.  
88832. [Windows Portable Devices]
88833. Number=12609
88834. Confirmed=X
88835. Filename=MSKSVRTSS.EXE
88836. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-021609-4120-99" target="_blank">SPYBOT.APEO</a> WORM!
88837. Source=Paul Collins Startup list
88838.  
88839. [Windows Print Monitor Daemon]
88840. Number=12610
88841. Confirmed=X
88842. Filename=[random filename].exe
88843. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88844. Source=Paul Collins Startup list
88845.  
88846. [Windows Print Spooler]
88847. Number=12611
88848. Confirmed=?
88849. Filename=SCVHOSTS.EXE
88850. Description=Suspicious due to the similarity to the valid "svchost.exe" file
88851. Source=Paul Collins Startup list
88852.  
88853. [Windows Print Spooler]
88854. Number=12612
88855. Confirmed=X
88856. Filename=NavAgent32.exe
88857. Description=Added by an unidentified VIRUS, WORM or TROJAN!
88858. Source=Paul Collins Startup list
88859.  
88860. [Windows Print Spooler]
88861. Number=12613
88862. Confirmed=X
88863. Filename=SVEHOST.EXE
88864. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.H" target="_blank">SPYBOT.H</a> WORM!
88865. Source=Paul Collins Startup list
88866.  
88867. [Windows Process]
88868. Number=12614
88869. Confirmed=X
88870. Filename=win_update.exe
88871. Description=Added by the <a href="http://ve.nod32.ch/worms/lastword.php" target="_blank">LASTWORD</a> WORM!
88872. Source=Paul Collins Startup list
88873.  
88874. [Windows Process Manager]
88875. Number=12615
88876. Confirmed=X
88877. Filename=winproc.exe
88878. Description=Added by an unidentified WORM or TROJAN!
88879. Source=Paul Collins Startup list
88880.  
88881. [Windows Processe Manager]
88882. Number=12616
88883. Confirmed=X
88884. Filename=mspn32.exe
88885. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
88886. Source=Paul Collins Startup list
88887.  
88888. [Windows Proffesional Security]
88889. Number=12617
88890. Confirmed=X
88891. Filename=WinSecure32.exe
88892. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VA&VSect=T" target="_blank">AGOBOT.VA</a> WORM
88893. Source=Paul Collins Startup list
88894.  
88895. [Windows Protectot]
88896. Number=12618
88897. Confirmed=X
88898. Filename=boxide.exe
88899. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN" target=_blank>WOOTBOT</a> WORM!
88900. Source=Paul Collins Startup list
88901.  
88902. [Windows Recylinder Check]
88903. Number=12619
88904. Confirmed=X
88905. Filename=zwdomsgemw.exe
88906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotegj.html" target="_blank">RBOT-EGJ</a> WORM!
88907. Source=Paul Collins Startup list
88908.  
88909. [Windows Reg Services]
88910. Number=12620
88911. Confirmed=X
88912. Filename=ffservice.exe
88913. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderpl.html" target=_blank>DLOADER-PL</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderxm.html" target=_blank>DLOADER-XM</a> TROJANS!
88914. Source=Paul Collins Startup list
88915.  
88916. [Windows Reg Services]
88917. Number=12621
88918. Confirmed=X
88919. Filename=dservice.exe
88920. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
88921. Source=Paul Collins Startup list
88922.  
88923. [Windows Reg Services]
88924. Number=12622
88925. Confirmed=X
88926. Filename=fservice.exe
88927. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
88928. Source=Paul Collins Startup list
88929.  
88930. [Windows Reg Services]
88931. Number=12623
88932. Confirmed=X
88933. Filename=ssservice.exe
88934. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojproratd.html" target=_blank>PRORAT-D</a> TROJAN!
88935. Source=Paul Collins Startup list
88936.  
88937. [Windows Reg Services]
88938. Number=12624
88939. Confirmed=X
88940. Filename=lncom.exe
88941. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
88942. Source=Paul Collins Startup list
88943.  
88944. [Windows Reg Services]
88945. Number=12625
88946. Confirmed=X
88947. Filename=lservice.exe
88948. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
88949. Source=Paul Collins Startup list
88950.  
88951. [Windows Reg Services]
88952. Number=12626
88953. Confirmed=X
88954. Filename=wservice.exe
88955. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojprorato.html" target="_blank">PRORAT-O</a> TROJAN!
88956. Source=Paul Collins Startup list
88957.  
88958. [WINDOWS REGISTER EDIT]
88959. Number=12627
88960. Confirmed=X
88961. Filename=registr32.exe
88962. Description=Added by an unidentified WORM or TROJAN!
88963. Source=Paul Collins Startup list
88964.  
88965. [Windows Register Settings]
88966. Number=12628
88967. Confirmed=X
88968. Filename=svmhost.exe
88969. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target= blank>FORBOT</a> WORM!
88970. Source=Paul Collins Startup list
88971.  
88972. [Windows Registers]
88973. Number=12629
88974. Confirmed=X
88975. Filename=winservicess.exe
88976. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
88977. Source=Paul Collins Startup list
88978.  
88979. [Windows Registry]
88980. Number=12630
88981. Confirmed=X
88982. Filename=msnmsg.exe
88983. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
88984. Source=Paul Collins Startup list
88985.  
88986. [Windows Registry]
88987. Number=12631
88988. Confirmed=X
88989. Filename=winhost.exe
88990. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
88991. Source=Paul Collins Startup list
88992.  
88993. [Windows Registry Cleaner]
88994. Number=12632
88995. Confirmed=X
88996. Filename=winclean.exe
88997. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
88998. Source=Paul Collins Startup list
88999.  
89000. [Windows Registry Express Loader]
89001. Number=12633
89002. Confirmed=X
89003. Filename=regexpress.exe
89004. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcj.html" target=_blank>FORBOT-CJ</a> WORM!
89005. Source=Paul Collins Startup list
89006.  
89007. [Windows Registry Manager]
89008. Number=12634
89009. Confirmed=X
89010. Filename=tasksmanagers.exe
89011. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061416-0223-99" target=_blank>MYTOB.ER</a> WORM!
89012. Source=Paul Collins Startup list
89013.  
89014. [Windows Registry Name]
89015. Number=12635
89016. Confirmed=X
89017. Filename=[random filename]
89018. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaeb.html" target=_blank>RBOT-AEB</a> WORM!
89019. Source=Paul Collins Startup list
89020.  
89021. [Windows Registry Name]
89022. Number=12636
89023. Confirmed=X
89024. Filename=winses.exe
89025. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadb.html" target=_blank>RBOT-ADB</a> WORM!
89026. Source=Paul Collins Startup list
89027.  
89028. [Windows Registry Repair Pro]
89029. Number=12637
89030. Confirmed=U
89031. Filename=RegistryRepairPro.exe
89032. Description=<a href="http://www.3bsoftware.com/products/registryrepair.asp" target="_blank">Registry Repair Pro</a>. "Scans the Windows Registry for invalid or obsolete information in the registry"
89033. Source=Paul Collins Startup list
89034.  
89035. [Windows Registry Scan]
89036. Number=12638
89037. Confirmed=X
89038. Filename=regscan32.exe
89039. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KE&Vsect=T" target="_blank">RBOT.KE</a> WORM!
89040. Source=Paul Collins Startup list
89041.  
89042. [Windows Registry Scan]
89043. Number=12639
89044. Confirmed=X
89045. Filename=timeupdate.exe
89046. Description=Added by the <a href="http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE" target=_blank>SPYBOT.JE</a> WORM!
89047. Source=Paul Collins Startup list
89048.  
89049. [Windows Registry Scan]
89050. Number=12640
89051. Confirmed=X
89052. Filename=svcdll.exe
89053. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottp.html" target= blank>RBOT-TP</a> WORM!
89054. Source=Paul Collins Startup list
89055.  
89056. [Windows Registry Scan]
89057. Number=12641
89058. Confirmed=X
89059. Filename=regscan23.exe
89060. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89061. Source=Paul Collins Startup list
89062.  
89063. [Windows Registry Security]
89064. Number=12642
89065. Confirmed=X
89066. Filename=crss.exe
89067. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target=_blank>IRC.BOT</a> TROJAN!
89068. Source=Paul Collins Startup list
89069.  
89070. [Windows Registry Startup]
89071. Number=12643
89072. Confirmed=X
89073. Filename=wind32.exe
89074. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotbz.html" target="_blank">AGOBOT-BZ</a> WORM!
89075. Source=Paul Collins Startup list
89076.  
89077. [Windows Repair]
89078. Number=12644
89079. Confirmed=X
89080. Filename=toxikx.exe
89081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotadl.html" target=_blank>SDBOT-ADL</a> WORM!
89082. Source=Paul Collins Startup list
89083.  
89084. [Windows report]
89085. Number=12645
89086. Confirmed=X
89087. Filename=swchost.exe
89088. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallbd.html" target=_blank>SMALL-BD</a> TROJAN!
89089. Source=Paul Collins Startup list
89090.  
89091. [windows run]
89092. Number=12646
89093. Confirmed=X
89094. Filename=system.exe
89095. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32icpassa.html" target= blank>ICPASS-A</a> WORM!
89096. Source=Paul Collins Startup list
89097.  
89098. [Windows Run-Time 64bit]
89099. Number=12647
89100. Confirmed=X
89101. Filename=win64rt.exe
89102. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89103. Source=Paul Collins Startup list
89104.  
89105. [Windows Runtime Help]
89106. Number=12648
89107. Confirmed=X
89108. Filename=win32hlp.exe
89109. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=71374" target="_blank">AIMVISION</a> TROJAN!
89110. Source=Paul Collins Startup list
89111.  
89112. [Windows Runtime Help]
89113. Number=12649
89114. Confirmed=X
89115. Filename=WinRunHelp.wrh
89116. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=71374" target="_blank">AIMVISION</a> TROJAN!
89117. Source=Paul Collins Startup list
89118.  
89119. [Windows Runtime Proccess]
89120. Number=12650
89121. Confirmed=X
89122. Filename=32RUNdll.exe
89123. Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW" target=_blank>SDBOT.QW</a> WORM!
89124. Source=Paul Collins Startup list
89125.  
89126. [Windows SA]
89127. Number=12651
89128. Confirmed=X
89129. Filename=omniscient.exe
89130. Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADWARE%5FBLAZE" target="_blank">BLAZEFIND</a> adware
89131. Source=Paul Collins Startup list
89132.  
89133. [Windows Screensaver]
89134. Number=12652
89135. Confirmed=X
89136. Filename=Service.exe
89137. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041023-0138-99" target=_blank>KELVIR.P</a> WORM!
89138. Source=Paul Collins Startup list
89139.  
89140. [WINDOWS SCREENSAVER]
89141. Number=12653
89142. Confirmed=X
89143. Filename=ssaver.scr
89144. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyz.html" target=_blank>SDBOT-YZ</a> WORM!
89145. Source=Paul Collins Startup list
89146.  
89147. [Windows secure]
89148. Number=12654
89149. Confirmed=X
89150. Filename=setver32.exe
89151. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EP" target="_blank">SPYBOT.EP</a> WORM!
89152. Source=Paul Collins Startup list
89153.  
89154. [Windows Secure Connection]
89155. Number=12655
89156. Confirmed=X
89157. Filename=winsc.exe
89158. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
89159. Source=Paul Collins Startup list
89160.  
89161. [Windows Secure Layer]
89162. Number=12656
89163. Confirmed=X
89164. Filename=[random filename]
89165. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
89166. Source=Paul Collins Startup list
89167.  
89168. [Windows Secure Messaging System]
89169. Number=12657
89170. Confirmed=X
89171. Filename=msnmsgrsrvc.exe
89172. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotre.html" target=_blank>RBOT-RE</a> WORM!
89173. Source=Paul Collins Startup list
89174.  
89175. [Windows Secure Services]
89176. Number=12658
89177. Confirmed=X
89178. Filename=ssms.exe
89179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgar.html" target="_blank">RBOT-GAR</a> WORM!
89180. Source=Paul Collins Startup list
89181.  
89182. [Windows Secure Update]
89183. Number=12659
89184. Confirmed=X
89185. Filename=winupser.exe
89186. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcg.html" target="_blank">RBOT-GCG</a> WORM!
89187. Source=Paul Collins Startup list
89188.  
89189. [Windows Secure Update]
89190. Number=12660
89191. Confirmed=X
89192. Filename=WinSecUp.exe
89193. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgcd.html" target="_blank">RBOT-GCD</a> WORM!
89194. Source=Paul Collins Startup list
89195.  
89196. [WINDOWS SECURITY]
89197. Number=12661
89198. Confirmed=X
89199. Filename=wingrd.exe
89200. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89201. Source=Paul Collins Startup list
89202.  
89203. [Windows Security]
89204. Number=12662
89205. Confirmed=X
89206. Filename=win.pif
89207. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapt.html" target=_blank>RBOT-APT</a> WORM!
89208. Source=Paul Collins Startup list
89209.  
89210. [Windows Security]
89211. Number=12663
89212. Confirmed=X
89213. Filename=ms32.pif
89214. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotarn.html" target=_blank>RBOT-ARN</a> WORM!
89215. Source=Paul Collins Startup list
89216.  
89217. [Windows Security]
89218. Number=12664
89219. Confirmed=X
89220. Filename=winscure.exe
89221. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbaf.html" target=_blank>RBOT-BAF</a> WORM!
89222. Source=Paul Collins Startup list
89223.  
89224. [Windows Security Assistant]
89225. Number=12665
89226. Confirmed=X
89227. Filename=rundll32.vbe
89228. Description=CoolWebSearch <a href=" http://cwshredder.net/cwshredder/cwschronicles.html#alfasearch" target=_blank>Alfasearch</a> parasite variant - also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpau.html" target= blank>STARTPA-U</a> TROJAN!
89229. Source=Paul Collins Startup list
89230.  
89231. [Windows Security Assistant]
89232. Number=12666
89233. Confirmed=X
89234. Filename=winsec.exe
89235. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
89236. Source=Paul Collins Startup list
89237.  
89238. [Windows Security Authority Service]
89239. Number=12667
89240. Confirmed=X
89241. Filename=lsass.exe
89242. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process, which should not appear in Msconfig/Startup!
89243. Source=Paul Collins Startup list
89244.  
89245. [Windows Security Center Notification Appls]
89246. Number=12668
89247. Confirmed=X
89248. Filename=sxe.exe
89249. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkx.html" target="_blank">RBOT-GKX</a> WORM!
89250. Source=Paul Collins Startup list
89251.  
89252. [Windows Security Center Notification Applse]
89253. Number=12669
89254. Confirmed=X
89255. Filename=sxes.exe
89256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglr.html" target="_blank">RBOT-GLR</a> WORM!
89257. Source=Paul Collins Startup list
89258.  
89259. [Windows Security Manager]
89260. Number=12670
89261. Confirmed=X
89262. Filename=winsecurity.exe
89263. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotki.html" target= blank>AGOBOT-KI</a> WORM!
89264. Source=Paul Collins Startup list
89265.  
89266. [Windows Security Manager]
89267. Number=12671
89268. Confirmed=X
89269. Filename=winsecure.exe
89270. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
89271. Source=Paul Collins Startup list
89272.  
89273. [Windows Security Manager]
89274. Number=12672
89275. Confirmed=X
89276. Filename=svchost.exe
89277. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-012815-0103-99" target=_blank>ANTINNY.AX</a> WORM!! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder
89278. Source=Paul Collins Startup list
89279.  
89280. [Windows Security Module]
89281. Number=12673
89282. Confirmed=X
89283. Filename=module.exe
89284. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89285.  
89286. Source=Paul Collins Startup list
89287.  
89288. [Windows Security Service]
89289. Number=12674
89290. Confirmed=X
89291. Filename=[random file name]
89292. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalv.html" target=_blank>RBOT-ALV</a> WORM!
89293. Source=Paul Collins Startup list
89294.  
89295. [Windows Security Service]
89296. Number=12675
89297. Confirmed=X
89298. Filename=arrdt.exe
89299. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89300. Source=Paul Collins Startup list
89301.  
89302. [Windows Security Service]
89303. Number=12676
89304. Confirmed=X
89305. Filename=windows.pif
89306. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotamg.html" target="_blank">RBOT-AMG</a> WORM!
89307. Source=Paul Collins Startup list
89308.  
89309. [Windows Security Update]
89310. Number=12677
89311. Confirmed=X
89312. Filename=security32.exe
89313. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120910-4256-99" target=_blank>Affilred</a> adware
89314. Source=Paul Collins Startup list
89315.  
89316. [Windows Serv Patch]
89317. Number=12678
89318. Confirmed=X
89319. Filename=Mcaffe2005.exe
89320. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89321. Source=Paul Collins Startup list
89322.  
89323. [Windows ServeAd]
89324. Number=12679
89325. Confirmed=X
89326. Filename=WinServAd.exe
89327. Description=Windupdates adware variant
89328. Source=Paul Collins Startup list
89329.  
89330. [Windows Server Information]
89331. Number=12680
89332. Confirmed=X
89333. Filename=servinfo.exe
89334. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forboten.html" target=_blank>FORBOT-EN</a> WORM!
89335. Source=Paul Collins Startup list
89336.  
89337. [Windows Servic2]
89338. Number=12681
89339. Confirmed=X
89340. Filename=winsy.exe
89341. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaia.html" target=_blank>RBOT-AIA</a> WORM!
89342. Source=Paul Collins Startup list
89343.  
89344. [Windows service]
89345. Number=12682
89346. Confirmed=X
89347. Filename=wuamgrd.exe
89348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqw.html" target=_blank>RBOT-QW</a> WORM!
89349. Source=Paul Collins Startup list
89350.  
89351. [Windows Service]
89352. Number=12683
89353. Confirmed=X
89354. Filename=dddd.exe
89355. Description=Identified by Kaspersky Labs as Dialer.Salc, also known to come with the Bube family <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41518" target=_blank>trojans</a>
89356. Source=Paul Collins Startup list
89357.  
89358. [Windows Service]
89359. Number=12684
89360. Confirmed=X
89361. Filename=prvdi.exe
89362. Description=Malware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Dropper.Win32.Small.rd
89363. Source=Paul Collins Startup list
89364.  
89365. [Windows Service]
89366. Number=12685
89367. Confirmed=X
89368. Filename=video.exe
89369. Description=Added by an unidentified TROJAN!
89370. Source=Paul Collins Startup list
89371.  
89372. [Windows Service]
89373. Number=12686
89374. Confirmed=X
89375. Filename=svvhost.exe
89376. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobothl.html" target=_blank>AGOBOT-HL</a> WORM!
89377. Source=Paul Collins Startup list
89378.  
89379. [Windows Service]
89380. Number=12687
89381. Confirmed=X
89382. Filename=private-zone.exe
89383. Description=Added by an unidentified <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>TROJAN.CLICKER</a>!
89384. Source=Paul Collins Startup list
89385.  
89386. [Windows Service]
89387. Number=12688
89388. Confirmed=X
89389. Filename=pd7.exe
89390. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ" target="_blank">SMALL.VZ</a> TROJAN!
89391. Source=Paul Collins Startup list
89392.  
89393. [Windows Service]
89394. Number=12689
89395. Confirmed=X
89396. Filename=dstart4.exe
89397. Description=Added by an unidentified TROJAN!
89398. Source=Paul Collins Startup list
89399.  
89400. [Windows Service]
89401. Number=12690
89402. Confirmed=X
89403. Filename=pd14.exe
89404. Description=Adware, detected by <a href="http://www.diamondcs.com.au/" target="_blank">DiamondCS</a> TDS-3 anti-trojan as "TrojanDownloader.Win32.Delf.dg"
89405. Source=Paul Collins Startup list
89406.  
89407. [Windows Service]
89408. Number=12691
89409. Confirmed=X
89410. Filename=video2.exe
89411. Description=Added by the DOWNLOADER.SMALL.MY TROJAN!
89412. Source=Paul Collins Startup list
89413.  
89414. [Windows Service]
89415. Number=12692
89416. Confirmed=X
89417. Filename=services.exe
89418. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalela.html" target=_blank>KALEL-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
89419. Source=Paul Collins Startup list
89420.  
89421. [Windows Service]
89422. Number=12693
89423. Confirmed=X
89424. Filename=WINSVC.EXE
89425. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdh.html" target="_blank">SPYBOT-DH</a> TROJAN!
89426. Source=Paul Collins Startup list
89427.  
89428. [Windows Service]
89429. Number=12694
89430. Confirmed=X
89431. Filename=r.exe
89432. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ" target="_blank">SMALL.VZ</a> TROJAN!
89433. Source=Paul Collins Startup list
89434.  
89435. [Windows Service]
89436. Number=12695
89437. Confirmed=X
89438. Filename=windowz.exe
89439. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayi.html" target="_blank">SDBOT-AYI</a> WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)
89440. Source=Paul Collins Startup list
89441.  
89442. [Windows Service Agent]
89443. Number=12696
89444. Confirmed=X
89445. Filename=czf.exe
89446. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgaj.html" target="_blank">RBOT-GAJ</a> WORM!
89447. Source=Paul Collins Startup list
89448.  
89449. [Windows Service Controller]
89450. Number=12697
89451. Confirmed=X
89452. Filename=services.exe
89453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
89454. Source=Paul Collins Startup list
89455.  
89456. [Windows Service DC]
89457. Number=12698
89458. Confirmed=X
89459. Filename=uhpnjcjl.exe
89460. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgly.html" target="_blank">RBOT-GLY</a> WORM!
89461. Source=Paul Collins Startup list
89462.  
89463. [Windows Service Host]
89464. Number=12699
89465. Confirmed=X
89466. Filename=scvhost.exe
89467. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080614-1748-99" target="_blank">SDBOT.N</a> TROJAN!
89468. Source=Paul Collins Startup list
89469.  
89470. [Windows Service Host]
89471. Number=12700
89472. Confirmed=X
89473. Filename=svchost.exe
89474. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030118-0547-99" target=_blank>CONE.B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
89475. Source=Paul Collins Startup list
89476.  
89477. [Windows Service Host]
89478. Number=12701
89479. Confirmed=X
89480. Filename=svchost.exe
89481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelc.html" target=_blank>KALEL-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
89482. Source=Paul Collins Startup list
89483.  
89484. [Windows Service Host]
89485. Number=12702
89486. Confirmed=X
89487. Filename=schost.exe
89488. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
89489. Source=Paul Collins Startup list
89490.  
89491. [Windows Service Host Process]
89492. Number=12703
89493. Confirmed=X
89494. Filename=[path to file]
89495. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32ezioa.html" target= blank>EZIO-A</a> WORM!
89496. Source=Paul Collins Startup list
89497.  
89498. [Windows Service Hosting]
89499. Number=12704
89500. Confirmed=X
89501. Filename=USERINIT.exe
89502. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32gommera.html" target=_blank>GOMMER-A</a> WORM!
89503. Source=Paul Collins Startup list
89504.  
89505. [Windows Service Loader]
89506. Number=12705
89507. Confirmed=X
89508. Filename=Window.exe
89509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxo.html" target= blank>RBOT-XO</a> WORM!
89510. Source=Paul Collins Startup list
89511.  
89512. [Windows Service Manager]
89513. Number=12706
89514. Confirmed=X
89515. Filename=userint32.exe
89516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotc.html" target= blank>OSCABOT-C</a> WORM!
89517. Source=Paul Collins Startup list
89518.  
89519. [Windows Service Manager]
89520. Number=12707
89521. Confirmed=X
89522. Filename=localsvc.exe
89523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89524. Source=Paul Collins Startup list
89525.  
89526. [Windows Service Manager]
89527. Number=12708
89528. Confirmed=X
89529. Filename=msgs.exe
89530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabote.html" target=_blank>OSCABOT-E</a> WORM!
89531. Source=Paul Collins Startup list
89532.  
89533. [Windows Service Manager]
89534. Number=12709
89535. Confirmed=X
89536. Filename=msnmrg.exe
89537. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotg.html" target=_blank>OSCABOT-G</a> WORM!
89538. Source=Paul Collins Startup list
89539.  
89540. [Windows Service Manager]
89541. Number=12710
89542. Confirmed=X
89543. Filename=netsvc.exe
89544. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89545. Source=Paul Collins Startup list
89546.  
89547. [Windows Service Manager]
89548. Number=12711
89549. Confirmed=X
89550. Filename=spoolsvc.exe
89551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89552. Source=Paul Collins Startup list
89553.  
89554. [Windows Service Manager]
89555. Number=12712
89556. Confirmed=X
89557. Filename=svcadmin.exe
89558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89559. Source=Paul Collins Startup list
89560.  
89561. [Windows Service Manager]
89562. Number=12713
89563. Confirmed=X
89564. Filename=svcman.exe
89565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89566. Source=Paul Collins Startup list
89567.  
89568. [Windows Service Manager]
89569. Number=12714
89570. Confirmed=X
89571. Filename=svcmgr32.exe
89572. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32oscabotd.html" target=_blank>OSCABOT-D</a> WORM!
89573. Source=Paul Collins Startup list
89574.  
89575. [Windows Service Manager]
89576. Number=12715
89577. Confirmed=X
89578. Filename=svcrun.exe
89579. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89580. Source=Paul Collins Startup list
89581.  
89582. [Windows Service Manager]
89583. Number=12716
89584. Confirmed=X
89585. Filename=tcpsvc.exe
89586. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89587. Source=Paul Collins Startup list
89588.  
89589. [Windows Service Manager]
89590. Number=12717
89591. Confirmed=X
89592. Filename=websvc.exe
89593. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
89594. Source=Paul Collins Startup list
89595.  
89596. [Windows Service Manager]
89597. Number=12718
89598. Confirmed=X
89599. Filename=taskmgr.exe 
89600. Description=Detected as Trojan-Spy.Win32.IamBigBrother.91 by Kaspersky, possibly a commercial keylogger
89601. Source=Paul Collins Startup list
89602.  
89603. [Windows Service Pack Auto Update]
89604. Number=12719
89605. Confirmed=X
89606. Filename=winworks.exe
89607. Description=Adware downloader, identified by <a href="http://www.mwti.com/antivirus/escan/escaniss.asp" target=_blank>eScan</a> antivirus as Trojan-Clicker.Agent.bt
89608. Source=Paul Collins Startup list
89609.  
89610. [Windows Service Pack Auto Update]
89611. Number=12720
89612. Confirmed=X
89613. Filename=figgaz.exe
89614. Description=Added by a <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target=_blank>TROJAN.CLICKER</a> - identified by Kaspersky antivirus as Trojan-Clicker.Agent.bt
89615. Source=Paul Collins Startup list
89616.  
89617. [Windows Service Pack Auto Update]
89618. Number=12721
89619. Confirmed=X
89620. Filename=ballin.exe
89621. Description=Added by an unidentified WORM or TROJAN!
89622. Source=Paul Collins Startup list
89623.  
89624. [Windows Service Pack Auto Update]
89625. Number=12722
89626. Confirmed=X
89627. Filename=del-me.exe
89628. Description=Adware, also detected as the LOWZONES.BH TROJAN!
89629. Source=Paul Collins Startup list
89630.  
89631. [Windows Service Pack2]
89632. Number=12723
89633. Confirmed=X
89634. Filename=svchhost.exe
89635. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89636. Source=Paul Collins Startup list
89637.  
89638. [Windows Service Pack2]
89639. Number=12724
89640. Confirmed=X
89641. Filename=WIN43.EXE
89642. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.G" target="_blank">GAOBOT.G</a> WORM!
89643. Source=Paul Collins Startup list
89644.  
89645. [Windows Service Support Call]
89646. Number=12725
89647. Confirmed=X
89648. Filename=SVSS32.EXE
89649. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxq.html" target= blank>RBOT-XQ</a> WORM!
89650. Source=Paul Collins Startup list
89651.  
89652. [Windows Service Utitity]
89653. Number=12726
89654. Confirmed=X
89655. Filename=winsrvc.exe
89656. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotasi.html" target=_blank>RBOT-ASI</a> WORM!
89657. Source=Paul Collins Startup list
89658.  
89659. [Windows Service XP]
89660. Number=12727
89661. Confirmed=X
89662. Filename=XpFirewall.exe
89663. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041021-4010-99" target=_blank>MYTOB.AM</a> WORM!
89664. Source=Paul Collins Startup list
89665.  
89666. [Windows Services]
89667. Number=12728
89668. Confirmed=X
89669. Filename=service.exe
89670. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102418-0851-99" target="_blank">RANDEX.R</a> WORM!
89671. Source=Paul Collins Startup list
89672.  
89673. [Windows Services]
89674. Number=12729
89675. Confirmed=X
89676. Filename=svchosts.exe
89677. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkl.html" target=_blank>AGOBOT-KL</a> TROJAN!
89678. Source=Paul Collins Startup list
89679.  
89680. [Windows Services]
89681. Number=12730
89682. Confirmed=X
89683. Filename=Explorer.exe
89684. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotwt.html" target="_blank">SDBOT-WT</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
89685. Source=Paul Collins Startup list
89686.  
89687. [Windows Services]
89688. Number=12731
89689. Confirmed=X
89690. Filename=NetworkDriver32.exe
89691. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacr.html" target=_blank>RBOT-ACR</a> WORM!
89692. Source=Paul Collins Startup list
89693.  
89694. [Windows Services]
89695. Number=12732
89696. Confirmed=X
89697. Filename=scmsg.exe
89698. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
89699. Source=Paul Collins Startup list
89700.  
89701. [Windows Services]
89702. Number=12733
89703. Confirmed=X
89704. Filename=scvhoste.exe
89705. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042413-0059-99" target= blank>SPYBOT.OBZ</a> WORM!
89706. Source=Paul Collins Startup list
89707.  
89708. [Windows Services]
89709. Number=12734
89710. Confirmed=X
89711. Filename=winsvc32.exe
89712. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcb.html" target= blank>MYTOB-CB</a> WORM!
89713. Source=Paul Collins Startup list
89714.  
89715. [Windows Services]
89716. Number=12735
89717. Confirmed=X
89718. Filename=NetworkDrivers.exe
89719. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyo.html" target=_blank>SDBOT-YO</a> WORM!
89720. Source=Paul Collins Startup list
89721.  
89722. [Windows Services]
89723. Number=12736
89724. Confirmed=X
89725. Filename=smsc.exe
89726. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
89727. Source=Paul Collins Startup list
89728.  
89729. [Windows Services]
89730. Number=12737
89731. Confirmed=X
89732. Filename=spoolsvc.exe
89733. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CPZ&VSect=T" target=_blank>SDBOT.CPZ</a> WORM!
89734. Source=Paul Collins Startup list
89735.  
89736. [Windows Services]
89737. Number=12738
89738. Confirmed=X
89739. Filename=iexplore.exe
89740. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwe.html" target=_blank>RBOT-WE</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
89741. Source=Paul Collins Startup list
89742.  
89743. [Windows Services Host]
89744. Number=12739
89745. Confirmed=X
89746. Filename=svchost.exe
89747. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022214-4101-99" target="_blank">CONE</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031218-2446-99" target="_blank">CONE.E</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
89748. Source=Paul Collins Startup list
89749.  
89750. [Windows Services Hosts]
89751. Number=12740
89752. Confirmed=X
89753. Filename=svhosts.exe
89754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotyh.html" target=_blank>SDBOT-YH</a> TROJAN!
89755. Source=Paul Collins Startup list
89756.  
89757. [Windows Services Ink Platform Tablet Input Subsystem]
89758. Number=12741
89759. Confirmed=X
89760. Filename=wsiptis.exe
89761. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.APC" target="_blank">RBOT.APC</a> WORM!
89762. Source=Paul Collins Startup list
89763.  
89764. [Windows Services Layer]
89765. Number=12742
89766. Confirmed=X
89767. Filename=winlogz2.exe
89768. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfze.html" target="_blank">RBOT-FZE</a> WORM!
89769. Source=Paul Collins Startup list
89770.  
89771. [Windows Services Layer]
89772. Number=12743
89773. Confirmed=X
89774. Filename=winl0g0.exe
89775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfzq.html" target="_blank">RBOT-FZQ</a> WORM!
89776. Source=Paul Collins Startup list
89777.  
89778. [Windows Services Layer]
89779. Number=12744
89780. Confirmed=X
89781. Filename=sslms.exe
89782. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgah.html" target="_blank">RBOT-GAH</a> WORM!
89783. Source=Paul Collins Startup list
89784.  
89785. [Windows Services Update]
89786. Number=12745
89787. Confirmed=X
89788. Filename=svch0st.exe
89789. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
89790. Source=Paul Collins Startup list
89791.  
89792. [Windows Session Manager]
89793. Number=12746
89794. Confirmed=X
89795. Filename=smss32.exe
89796. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89797. Source=Paul Collins Startup list
89798.  
89799. [Windows Session Manager Subsystem]
89800. Number=12747
89801. Confirmed=X
89802. Filename=smss.exe
89803. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kalelb.html" target=_blank>KALEL-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should NOT appear in Msconfig/Startup!
89804. Source=Paul Collins Startup list
89805.  
89806. [Windows shell]
89807. Number=12748
89808. Confirmed=?
89809. Filename=win70.exe
89810. Description=<font color="#FF0000">??</font>
89811. Source=Paul Collins Startup list
89812.  
89813. [Windows Shell]
89814. Number=12749
89815. Confirmed=X
89816. Filename=shell.exe
89817. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobca.html" target= blank>MYTOB-CA</a> WORM!
89818. Source=Paul Collins Startup list
89819.  
89820. [Windows Shell]
89821. Number=12750
89822. Confirmed=X
89823. Filename=taskgmr.exe
89824. Description=Added by the <a href="http://ve.nod32.ch/worms/mytobbv.php" target=_blank>MYTOB.BV</a> WORM!
89825. Source=Paul Collins Startup list
89826.  
89827. [Windows Shell Library Loader]
89828. Number=12751
89829. Confirmed=X
89830. Filename=load shell.dll
89831. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
89832. Source=Paul Collins Startup list
89833.  
89834. [windows shellext.32]
89835. Number=12752
89836. Confirmed=X
89837. Filename=mschost.exe
89838. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-020315-0338-99" target="_blank">BLASTER.K</a> WORM!
89839. Source=Paul Collins Startup list
89840.  
89841. [WINDOWS SKY]
89842. Number=12753
89843. Confirmed=X
89844. Filename=sky.exe
89845. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051711-3809-99" target=_blank>MYTOB.CH</a> WORM!
89846. Source=Paul Collins Startup list
89847.  
89848. [Windows Smart Manager]
89849. Number=12754
89850. Confirmed=X
89851. Filename=smart.exe
89852. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotsl.html" target=_blank>RBOT-SL</a> WORM!
89853. Source=Paul Collins Startup list
89854.  
89855. [Windows Socket Procedure]
89856. Number=12755
89857. Confirmed=X
89858. Filename=WinSock32.exe
89859. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmx.html" target="_blank">RBOT-FMX</a> WORM!
89860. Source=Paul Collins Startup list
89861.  
89862. [Windows Software]
89863. Number=12756
89864. Confirmed=X
89865. Filename=hbsppe.exe
89866. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgll.html" target="_blank">RBOT-GLL</a> WORM!
89867. Source=Paul Collins Startup list
89868.  
89869. [Windows Sound Driver]
89870. Number=12757
89871. Confirmed=X
89872. Filename=SndMon32.exe
89873. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
89874. Source=Paul Collins Startup list
89875.  
89876. [Windows Sound Manager]
89877. Number=12758
89878. Confirmed=X
89879. Filename=SndMon32.exe
89880. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbu.html" target=_blank>FORBOT-BU</a> WORM!
89881. Source=Paul Collins Startup list
89882.  
89883. [Windows Sound Manager]
89884. Number=12759
89885. Confirmed=X
89886. Filename=SndMon16.exe
89887. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
89888. Source=Paul Collins Startup list
89889.  
89890. [Windows Sound Verifier]
89891. Number=12760
89892. Confirmed=X
89893. Filename=WinIp32.exe
89894. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmo.html" target="_blank">RBOT-FMO</a> WORM!
89895. Source=Paul Collins Startup list
89896.  
89897. [Windows SP2 Firewall]
89898. Number=12761
89899. Confirmed=X
89900. Filename=wfirewall7.exe
89901. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
89902. Source=Paul Collins Startup list
89903.  
89904. [Windows SP2 Update]
89905. Number=12762
89906. Confirmed=X
89907. Filename=Sp2update.exe
89908. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.BS" target="_blank">WOOTBOT.BS</a> WORM!
89909.  
89910. Source=Paul Collins Startup list
89911.  
89912. [Windows SP2 Version Load]
89913. Number=12763
89914. Confirmed=X
89915. Filename=wuauclt32.exe
89916. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.CX" target="_blank">GAOBOT.CX</a> WORM!
89917. Source=Paul Collins Startup list
89918.  
89919. [Windows SP4]
89920. Number=12764
89921. Confirmed=X
89922. Filename=directCC.exe
89923. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacx.html" target=_blank>RBOT-ACX</a> WORM!
89924. Source=Paul Collins Startup list
89925.  
89926. [Windows Spool Server]
89927. Number=12765
89928. Confirmed=X
89929. Filename=spoolsrv.exe
89930. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotact.html" target=_blank>SDBOT-ACT</a> WORM!
89931. Source=Paul Collins Startup list
89932.  
89933. [Windows SpoolaPrint Service]
89934. Number=12766
89935. Confirmed=X
89936. Filename=spoolasrv.exe
89937. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotayd.html" target=_blank>SDBOT-AYD</a> WORM!
89938. Source=Paul Collins Startup list
89939.  
89940. [Windows Spooler]
89941. Number=12767
89942. Confirmed=X
89943. Filename=SPOOLSRV.EXE
89944. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.P" target="_blank">SPYBOT.P</a> WORM!
89945. Source=Paul Collins Startup list
89946.  
89947. [Windows Spooler]
89948. Number=12768
89949. Confirmed=X
89950. Filename=spoolsv32.exe
89951. Description=Added by an unidentified WORM or TROJAN!
89952. Source=Paul Collins Startup list
89953.  
89954. [Windows Spooler Services]
89955. Number=12769
89956. Confirmed=X
89957. Filename=spool.exe
89958. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotamo.html" target= blank>AGOBOT-AMO</a> WORM!
89959. Source=Paul Collins Startup list
89960.  
89961. [Windows SpoolPrint Service]
89962. Number=12770
89963. Confirmed=X
89964. Filename=spoolersrv.exe
89965. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzt.html" target=_blank>SDBOT-ZT</a> WORM!
89966. Source=Paul Collins Startup list
89967.  
89968. [Windows Spools SV]
89969. Number=12771
89970. Confirmed=X
89971. Filename=winsv.exe
89972. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotauq.html" target=_blank>RBOT-AUQ</a> WORM!
89973. Source=Paul Collins Startup list
89974.  
89975. [Windows spoolservr Service]
89976. Number=12772
89977. Confirmed=X
89978. Filename=spoolservr.exe
89979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaan.html" target=_blank>SDBOT-AAN</a> WORM!
89980. Source=Paul Collins Startup list
89981.  
89982. [Windows Spoolsre Service]
89983. Number=12773
89984. Confirmed=X
89985. Filename=spoolsre.exe
89986. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaae.html" target=_blank>SDBOT-AAE</a> WORM!
89987. Source=Paul Collins Startup list
89988.  
89989. [Windows Spoolsrv Service]
89990. Number=12774
89991. Confirmed=X
89992. Filename=spoolmsv.exe
89993. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzs.html" target=_blank>SDBOT-ZS</a> WORM!
89994. Source=Paul Collins Startup list
89995.  
89996. [windows spoolsrv service]
89997. Number=12775
89998. Confirmed=X
89999. Filename=spoolssv.exe
90000. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotawv.html" target=_blank>SDBOT-AWV</a> WORM!
90001. Source=Paul Collins Startup list
90002.  
90003. [Windows Spoolsurf Service]
90004. Number=12776
90005. Confirmed=X
90006. Filename=spoolsurf.exe
90007. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzz.html" target=_blank>SDBOT-ZZ</a> WORM!
90008. Source=Paul Collins Startup list
90009.  
90010. [Windows SpooltPrint Service]
90011. Number=12777
90012. Confirmed=X
90013. Filename=spooltsrv.exe
90014. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaye.html" target=_blank>SDBOT-AYE</a> WORM!
90015. Source=Paul Collins Startup list
90016.  
90017. [Windows Spoolvvv Service]
90018. Number=12778
90019. Confirmed=X
90020. Filename=spoolvvv.exe
90021. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaaw.html" target="_blank">SDBOT-AAW</a> WORM!
90022. Source=Paul Collins Startup list
90023.  
90024. [Windows spyware remover]
90025. Number=12779
90026. Confirmed=X
90027. Filename=Windows-spyware.exe
90028. Description=Added by the <a href="http://fileinfo.prevx.com/adware/qqd9fa32105138-WIND21466228/WINDOWS-SPYWARE.EXE.html" target="_blank">SystemPoser</a> TROJAN!
90029. Source=Paul Collins Startup list
90030.  
90031. [Windows sq Drivers]
90032. Number=12780
90033. Confirmed=X
90034. Filename=winmsn32.exe
90035. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadi.html" target=_blank>RBOT-ADI</a> WORM!
90036. Source=Paul Collins Startup list
90037.  
90038. [Windows Sql Service For Windows 32 Bit]
90039. Number=12781
90040. Confirmed=X
90041. Filename=winsql32.exe
90042. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfc.html" target=_blank>FORBOT-FC</a> WORM!
90043. Source=Paul Collins Startup list
90044.  
90045. [Windows SSH Client]
90046. Number=12782
90047. Confirmed=X
90048. Filename=winssh.exe
90049. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxc.html" target=_blank>RBOT-AXC</a> WORM!
90050. Source=Paul Collins Startup list
90051.  
90052. [Windows SSL File]
90053. Number=12783
90054. Confirmed=X
90055. Filename=winssv.exe
90056. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CA" target="_blank">WOOTBOT.CA</a> WORM!
90057. Source=Paul Collins Startup list
90058.  
90059. [Windows SSL Secondary Drivers]
90060. Number=12784
90061. Confirmed=X
90062. Filename=SSL32Dr.exe
90063. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ASQ&VSect=T" target=_blank>SDBOT.ASQ</a> WORM!
90064. Source=Paul Collins Startup list
90065.  
90066. [Windows Stand Sound Drivers]
90067. Number=12785
90068. Confirmed=X
90069. Filename=Sounddrv.exe
90070. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxf.html" target=_blank>SDBOT-XF</a> WORM!
90071. Source=Paul Collins Startup list
90072.  
90073. [Windows Standard Securty]
90074. Number=12786
90075. Confirmed=X
90076. Filename=[random 3-letter filename]
90077. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalf.html" target=_blank>RBOT-ALF</a> WORM!
90078. Source=Paul Collins Startup list
90079.  
90080. [Windows Start Server 2000]
90081. Number=12787
90082. Confirmed=X
90083. Filename=traficy.exe
90084. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahm.html" target=_blank>RBOT-AHM</a> WORM!
90085. Source=Paul Collins Startup list
90086.  
90087. [Windows Startup]
90088. Number=12788
90089. Confirmed=X
90090. Filename=winsta~1.exe
90091. Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
90092. Source=Paul Collins Startup list
90093.  
90094. [Windows Startup]
90095. Number=12789
90096. Confirmed=X
90097. Filename=winstartup.exe
90098. Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
90099. Source=Paul Collins Startup list
90100.  
90101. [Windows Startup]
90102. Number=12790
90103. Confirmed=X
90104. Filename=Wdrun32.exe
90105. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-093012-5903-99" target="_blank">GAOBOT.AO</a> WORM!
90106. Source=Paul Collins Startup list
90107.  
90108. [Windows Startup]
90109. Number=12791
90110. Confirmed=X
90111. Filename=services21.exe
90112. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmx.html" target="_blank">AGOBOT-MX</a> WORM!
90113. Source=Paul Collins Startup list
90114.  
90115. [Windows Startup 32 Bits]
90116. Number=12792
90117. Confirmed=X
90118. Filename=sysrun32.exe
90119. Description=Added by a variant of the DARKSUN TROJAN!
90120. Source=Paul Collins Startup list
90121.  
90122. [Windows Stortup]
90123. Number=12793
90124. Confirmed=X
90125. Filename=svchost.exe
90126. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtogerv.html" target=_blank>TOGER-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
90127. Source=Paul Collins Startup list
90128.  
90129. [Windows Streams Server]
90130. Number=12794
90131. Confirmed=X
90132. Filename=localsrv.exe
90133. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.LN" target="_blank">SDBOT.LN</a> WORM!
90134. Source=Paul Collins Startup list
90135.  
90136. [Windows Subsys]
90137. Number=12795
90138. Confirmed=X
90139. Filename=winload.exe
90140. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSPREE.C" target="_blank">NETSPREE.C</a> WORM!
90141. Source=Paul Collins Startup list
90142.  
90143. [WINDOWS SVC]
90144. Number=12796
90145. Confirmed=X
90146. Filename=winsvc.exe
90147. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobey.html" target=_blank>MYTOB-EY</a> WORM!
90148. Source=Paul Collins Startup list
90149.  
90150. [Windows Svshost Service Update 32]
90151. Number=12797
90152. Confirmed=X
90153. Filename=svcsshost32.exe
90154. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotgd.html" target=_blank>FORBOT-GD</a> WORM!
90155. Source=Paul Collins Startup list
90156.  
90157. [Windows SyncroAd]
90158. Number=12798
90159. Confirmed=X
90160. Filename=SyncroAd.exe
90161. Description=Windupdates adware variant
90162. Source=Paul Collins Startup list
90163.  
90164. [WINDOWS SYSTEM]
90165. Number=12799
90166. Confirmed=X
90167. Filename=beta.exe
90168. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060314-1551-99" target=_blank>MYTOB.DF</a> WORM!
90169. Source=Paul Collins Startup list
90170.  
90171. [WINDOWS SYSTEM]
90172. Number=12800
90173. Confirmed=X
90174. Filename=dcomuser.exe
90175. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061412-0421-99" target=_blank>MYTOB.EO</a> WORM!
90176. Source=Paul Collins Startup list
90177.  
90178. [WINDOWS SYSTEM]
90179. Number=12801
90180. Confirmed=X
90181. Filename=lf66prc.exe
90182. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062415-4022-99" target=_blank>MYTOB.GC</a> WORM!
90183. Source=Paul Collins Startup list
90184.  
90185. [WINDOWS SYSTEM]
90186. Number=12802
90187. Confirmed=X
90188. Filename=msdev32.exe
90189. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061314-2404-99" target=_blank>MYTOB.EH</a> WORM!
90190. Source=Paul Collins Startup list
90191.  
90192. [WINDOWS SYSTEM]
90193. Number=12803
90194. Confirmed=X
90195. Filename=nec.exe
90196. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobl.html" target=_blank>MYTOB-L</a> WORM or variants!
90197. Source=Paul Collins Startup list
90198.  
90199. [WINDOWS SYSTEM]
90200. Number=12804
90201. Confirmed=X
90202. Filename=nibie.exe
90203. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
90204. Source=Paul Collins Startup list
90205.  
90206. [WINDOWS SYSTEM]
90207. Number=12805
90208. Confirmed=X
90209. Filename=ninfoie.exe
90210. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobep.html" target=_blank>MYTOB-EP</a> WORM!
90211. Source=Paul Collins Startup list
90212.  
90213. [WINDOWS SYSTEM]
90214. Number=12806
90215. Confirmed=X
90216. Filename=skybot.exe
90217. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobcx.html" target=_blank>MYTOB-CX</a> WORM!
90218. Source=Paul Collins Startup list
90219.  
90220. [WINDOWS SYSTEM]
90221. Number=12807
90222. Confirmed=X
90223. Filename=skybotx.exe
90224. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
90225. Source=Paul Collins Startup list
90226.  
90227. [WINDOWS SYSTEM]
90228. Number=12808
90229. Confirmed=X
90230. Filename=smoc.exe
90231. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062217-2759-99" target=_blank>MYTOB.FU</a> WORM!
90232. Source=Paul Collins Startup list
90233.  
90234. [WINDOWS SYSTEM]
90235. Number=12809
90236. Confirmed=X
90237. Filename=smsc.exe
90238. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbr.html" target=_blank>MYTOB-BR</a> WORM!
90239. Source=Paul Collins Startup list
90240.  
90241. [WINDOWS SYSTEM]
90242. Number=12810
90243. Confirmed=X
90244. Filename=test.exe
90245. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060616-5105-99" target=_blank>MYTOB.DJ</a> WORM!
90246. Source=Paul Collins Startup list
90247.  
90248. [WINDOWS SYSTEM]
90249. Number=12811
90250. Confirmed=U
90251. Filename=test2.exe
90252. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060616-5105-99" target=_blank>MYTOB.DJ</a> WORM!
90253. Source=Paul Collins Startup list
90254.  
90255. [WINDOWS SYSTEM]
90256. Number=12812
90257. Confirmed=X
90258. Filename=test3.exe
90259. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060913-3528-99" target=_blank>MYTOB.DV</a> WORM!
90260. Source=Paul Collins Startup list
90261.  
90262. [WINDOWS SYSTEM]
90263. Number=12813
90264. Confirmed=X
90265. Filename=wdns33.exe
90266. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobby.html" target=_blank>MYTOB-BY</a> WORM!
90267. Source=Paul Collins Startup list
90268.  
90269. [WINDOWS SYSTEM]
90270. Number=12814
90271. Confirmed=X
90272. Filename=win.exe.exe
90273. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061612-1304-99" target=_blank>MYTOB.FA</a> WORM!
90274. Source=Paul Collins Startup list
90275.  
90276. [WINDOWS SYSTEM]
90277. Number=12815
90278. Confirmed=X
90279. Filename=winaup.exe
90280. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdn.html" target=_blank>MYTOB-DN</a> WORM!
90281. Source=Paul Collins Startup list
90282.  
90283. [WINDOWS SYSTEM]
90284. Number=12816
90285. Confirmed=X
90286. Filename=winligon.exe
90287. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061413-5518-99" target=_blank>MYTOB.EP</a> WORM!
90288. Source=Paul Collins Startup list
90289.  
90290. [WINDOWS SYSTEM]
90291. Number=12817
90292. Confirmed=X
90293. Filename=winmon.exe
90294. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062410-0444-99" target=_blank>MYTOB.GB</a> WORM!
90295. Source=Paul Collins Startup list
90296.  
90297. [WINDOWS SYSTEM]
90298. Number=12818
90299. Confirmed=X
90300. Filename=winNTsys32.exe
90301. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdm.html" target=_blank>MYTOB-DM</a> WORM!
90302. Source=Paul Collins Startup list
90303.  
90304. [WINDOWS SYSTEM]
90305. Number=12819
90306. Confirmed=X
90307. Filename=winsvc32.exe
90308. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071116-2302-99" target=_blank>MYTOB.HH</a> WORM!
90309. Source=Paul Collins Startup list
90310.  
90311. [Windows System]
90312. Number=12820
90313. Confirmed=X
90314. Filename=WINSYS.exe
90315. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaef.html" target=_blank>RBOT-AEF</a> WORM!
90316. Source=Paul Collins Startup list
90317.  
90318. [WINDOWS SYSTEM]
90319. Number=12821
90320. Confirmed=X
90321. Filename=winsys33.exe
90322. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061316-2145-99" target=_blank>MYTOB.EK</a> WORM!
90323. Source=Paul Collins Startup list
90324.  
90325. [WINDOWS SYSTEM]
90326. Number=12822
90327. Confirmed=X
90328. Filename=winvnc.exe
90329. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061509-3649-99" target=_blank>MYTOB.EU</a> WORM!
90330. Source=Paul Collins Startup list
90331.  
90332. [WINDOWS SYSTEM]
90333. Number=12823
90334. Confirmed=X
90335. Filename=winxpserv.exe
90336. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbq.html" target=_blank>MYTOB-BQ</a> WORM!
90337. Source=Paul Collins Startup list
90338.  
90339. [WINDOWS SYSTEM]
90340. Number=12824
90341. Confirmed=X
90342. Filename=xxx.exe
90343. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060214-2034-99" target=_blank>MYTOB.CZ</a> WORM!
90344. Source=Paul Collins Startup list
90345.  
90346. [Windows System]
90347. Number=12825
90348. Confirmed=X
90349. Filename=winsys32.exe
90350. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobis.html" target="_blank">MYTOB-IS</a> WORM!
90351. Source=Paul Collins Startup list
90352.  
90353. [WINDOWS SYSTEM]
90354. Number=12826
90355. Confirmed=X
90356. Filename=\skybot.exe
90357. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JU" target=_blank>MYTOB.JU</a> WORM!
90358. Source=Paul Collins Startup list
90359.  
90360. [WINDOWS SYSTEM]
90361. Number=12827
90362. Confirmed=X
90363. Filename=botzor.exe
90364. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135433.htm" target=_blank>ZOTOB</a> WORM!
90365. Source=Paul Collins Startup list
90366.  
90367. [WINDOWS SYSTEM]
90368. Number=12828
90369. Confirmed=X
90370. Filename=gothica.exe
90371. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.HU&VSect=P" target=_blank>MYTOB.HU</a> WORM!
90372. Source=Paul Collins Startup list
90373.  
90374. [WINDOWS SYSTEM]
90375. Number=12829
90376. Confirmed=X
90377. Filename=msnl.exe
90378. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072915-5351-99" target=_blank>MYTOB.IK</a> WORM!
90379. Source=Paul Collins Startup list
90380.  
90381. [WINDOWS SYSTEM]
90382. Number=12830
90383. Confirmed=X
90384. Filename=per.exe
90385. Description=Added by the <a href="http://vil.nai.com/vil/content/v_135473.htm" target=_blank>ZOTOB.C</a> WORM!
90386. Source=Paul Collins Startup list
90387.  
90388. [WINDOWS SYSTEM]
90389. Number=12831
90390. Confirmed=X
90391. Filename=twunk_65.exe
90392. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeg.html" target=_blank>MYTOB-EG</a> WORM!
90393. Source=Paul Collins Startup list
90394.  
90395. [WINDOWS SYSTEM]
90396. Number=12832
90397. Confirmed=X
90398. Filename=servce.exe
90399. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobei.html" target=_blank>MYTOB-EI</a> WORM!
90400. Source=Paul Collins Startup list
90401.  
90402. [WINDOWS SYSTEM]
90403. Number=12833
90404. Confirmed=X
90405. Filename=servises.exe
90406. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobi.html" target=_blank>ZOTOB-I</a> WORM!
90407. Source=Paul Collins Startup list
90408.  
90409. [WINDOWS SYSTEM]
90410. Number=12834
90411. Confirmed=X
90412. Filename=xpupdate.exe
90413. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobg.html" target=_blank>ZOTOB-G</a> WORM!
90414. Source=Paul Collins Startup list
90415.  
90416. [WINDOWS SYSTEM]
90417. Number=12835
90418. Confirmed=X
90419. Filename=expI0rer.exe
90420. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfi.html" target=_blank>MYTOB-FI</a> WORM! Note the upper case "i" and number "0" in the filename
90421. Source=Paul Collins Startup list
90422.  
90423. [WINDOWS SYSTEM]
90424. Number=12836
90425. Confirmed=X
90426. Filename=msn32.exe
90427. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfx.html" target=_blank>MYTOB-FX</a> WORM!
90428. Source=Paul Collins Startup list
90429.  
90430. [WINDOWS SYSTEM]
90431. Number=12837
90432. Confirmed=X
90433. Filename=sky.exe
90434. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LB&VSect=P" target=_blank>MYTOB.LB</a> WORM!
90435. Source=Paul Collins Startup list
90436.  
90437. [WINDOWS SYSTEM]
90438. Number=12838
90439. Confirmed=X
90440. Filename=Win32IMAPSVR.exe
90441. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfq.html" target=_blank>MYTOB-FQ</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32mytobfu.html" target=_blank>MYTOB-FU</a> WORMS!
90442. Source=Paul Collins Startup list
90443.  
90444. [WINDOWS SYSTEM]
90445. Number=12839
90446. Confirmed=X
90447. Filename=winsvc.exe
90448. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LM&VSect=P" target=_blank>MYTOB.LM</a> WORM!
90449. Source=Paul Collins Startup list
90450.  
90451. [WINDOWS SYSTEM]
90452. Number=12840
90453. Confirmed=X
90454. Filename=mswins.exe
90455. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.DP" target="_blank">MYTOB.DP</a> WORM!
90456. Source=Paul Collins Startup list
90457.  
90458. [WINDOWS SYSTEM]
90459. Number=12841
90460. Confirmed=X
90461. Filename=mtrnqs.exe
90462. Description=Added by the  <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072511-1029-99" target="_blank">MYTOB.IG</a> WORM!
90463. Source=Paul Collins Startup list
90464.  
90465. [WINDOWS SYSTEM]
90466. Number=12842
90467. Confirmed=X
90468. Filename=logic.exe
90469. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-071915-2624-99" target="_blank">MYTOB.IC</a> WORM!
90470. Source=Paul Collins Startup list
90471.  
90472. [Windows System 32]
90473. Number=12843
90474. Confirmed=X
90475. Filename=winsys_32.exe
90476. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftr.html" target="_blank">RBOT-FTR</a> WORM!
90477. Source=Paul Collins Startup list
90478.  
90479. [Windows System 32-Bat Service]
90480. Number=12844
90481. Confirmed=X
90482. Filename=win32bat.exe
90483. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061710-5807-99" target=_blank>MYTOB.FI</a> WORM!
90484. Source=Paul Collins Startup list
90485.  
90486. [Windows System Backup]
90487. Number=12845
90488. Confirmed=X
90489. Filename=SysBackup.exe
90490. Description=Unidentified malware
90491. Source=Paul Collins Startup list
90492.  
90493. [WINDOWS SYSTEM By FEnR]
90494. Number=12846
90495. Confirmed=X
90496. Filename=windasz-updote.exe
90497. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LR&VSect=P" target=_blank>MYTOB.LR</a> WORM!
90498. Source=Paul Collins Startup list
90499.  
90500. [WINDOWS SYSTEM Cleaner]
90501. Number=12847
90502. Confirmed=X
90503. Filename=h3.exe
90504. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061415-5940-99" target=_blank>MYTOB.EQ</a> WORM!
90505. Source=Paul Collins Startup list
90506.  
90507. [WINDOWS SYSTEM CLEANER]
90508. Number=12848
90509. Confirmed=X
90510. Filename=iexplore.exe
90511. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-3312-99" target=_blank>MYTOB.ET</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP)
90512. Source=Paul Collins Startup list
90513.  
90514. [Windows System Configuration]
90515. Number=12849
90516. Confirmed=X
90517. Filename=SYSCFG16.EXE
90518. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojwisdoork.html" target="_blank">WISDOOR.Z</a> TROJAN!
90519. Source=Paul Collins Startup list
90520.  
90521. [Windows System Configuration]
90522. Number=12850
90523. Confirmed=X
90524. Filename=Passcfg16.exe
90525. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdomwise.html" target=_blank>DOMWIS-E</a> TROJAN!
90526. Source=Paul Collins Startup list
90527.  
90528. [Windows System Configuration]
90529. Number=12851
90530. Confirmed=X
90531. Filename=Winfrw.exe
90532. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030813-5906-99" target= blank>SOLUFINA</a> TROJAN or the <a href="http://www.sophos.com/virusinfo/analyses/w32domwisj.html" target= blank>DOMWIS-J</a> WORM!
90533. Source=Paul Collins Startup list
90534.  
90535. [Windows System Configuration]
90536. Number=12852
90537. Confirmed=X
90538. Filename=wincfg.exe
90539. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.OP&VSect=P" target=_blank>AGOBOT.OP</a> WORM!
90540. Source=Paul Collins Startup list
90541.  
90542. [Windows System Configuration]
90543. Number=12853
90544. Confirmed=X
90545. Filename=WINCFG32.EXE
90546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotte.html" target=_blank>AGOBOT-TE</a> WORM!
90547. Source=Paul Collins Startup list
90548.  
90549. [Windows System Configuration]
90550. Number=12854
90551. Confirmed=X
90552. Filename=WinNeth.exe
90553. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rethea.html" target=_blank>RETHE-A</a> WORM!
90554. Source=Paul Collins Startup list
90555.  
90556. [Windows System Configuration]
90557. Number=12855
90558. Confirmed=X
90559. Filename=nether.exe
90560. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankiab.html" target=_blank>Opanki-AB</a> WORM!
90561. Source=Paul Collins Startup list
90562.  
90563. [WINDOWS SYSTEM Dns]
90564. Number=12856
90565. Confirmed=X
90566. Filename=windsns.exe
90567. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061615-4731-99" target=_blank>MYTOB.EY</a> WORM!
90568. Source=Paul Collins Startup list
90569.  
90570. [WINDOWS SYSTEM DNSPOOL]
90571. Number=12857
90572. Confirmed=X
90573. Filename=hbmail.exe
90574. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062315-0547-99" target=_blank>MYTOB.FW</a> WORM!
90575. Source=Paul Collins Startup list
90576.  
90577. [Windows System File]
90578. Number=12858
90579. Confirmed=X
90580. Filename=cmxp.exe
90581. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030115-3720-99" target=_blank>SPYBOT.KHO</a> WORM!
90582. Source=Paul Collins Startup list
90583.  
90584. [WINDOWS SYSTEM FILE]
90585. Number=12859
90586. Confirmed=X
90587. Filename=winload.exe
90588. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.DK" target="_blank">MYTOB.DK</a> WORM!
90589. Source=Paul Collins Startup list
90590.  
90591. [Windows System Gateway]
90592. Number=12860
90593. Confirmed=X
90594. Filename=SPOOLER.EXE
90595. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
90596. Source=Paul Collins Startup list
90597.  
90598. [Windows System Init]
90599. Number=12861
90600. Confirmed=X
90601. Filename=winit32.exe
90602. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
90603. Source=Paul Collins Startup list
90604.  
90605. [Windows System Manager]
90606. Number=12862
90607. Confirmed=X
90608. Filename=winsystem.exe
90609. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotan.html" target="_blank">RBOT-AN</a> WORM!
90610. Source=Paul Collins Startup list
90611.  
90612. [Windows System Manager]
90613. Number=12863
90614. Confirmed=X
90615. Filename=CRSL.EXE
90616. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MG" target="_blank">SDBOT.MG</a> WORM!
90617. Source=Paul Collins Startup list
90618.  
90619. [Windows System Manager]
90620. Number=12864
90621. Confirmed=X
90622. Filename=sysconf.exe
90623. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041020-5503-99" target=_blank>MYTOB.AL</a> WORM!
90624. Source=Paul Collins Startup list
90625.  
90626. [Windows System Manager]
90627. Number=12865
90628. Confirmed=X
90629. Filename=smsc.exe
90630. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
90631. Source=Paul Collins Startup list
90632.  
90633. [Windows System Manager]
90634. Number=12866
90635. Confirmed=X
90636. Filename=crssm.exe
90637. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafh.html" target=_blank>RBOT-AFH</a> WORM!
90638. Source=Paul Collins Startup list
90639.  
90640. [WINDOWS SYSTEM MANAGER]
90641. Number=12867
90642. Confirmed=X
90643. Filename=spoolsvc.exe
90644. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobly.html" target=_blank>MYTOB-LY</a> WORM!
90645. Source=Paul Collins Startup list
90646.  
90647. [Windows System Manager Loader]
90648. Number=12868
90649. Confirmed=X
90650. Filename=smsls.exe
90651. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TF" target="_blank">AGOBOT.TF</a> WORM!
90652. Source=Paul Collins Startup list
90653.  
90654. [Windows System Manager Proc]
90655. Number=12869
90656. Confirmed=X
90657. Filename=winsmc.exe
90658. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH" target=_blank>RBOT.JH</a> WORM!
90659.  
90660. Source=Paul Collins Startup list
90661.  
90662. [WINDOWS SYSTEM MEMORY LOADER]
90663. Number=12870
90664. Confirmed=X
90665. Filename=memloader.exe
90666. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobin.html" target="_blank">MYTOB-IN</a> WORM!
90667. Source=Paul Collins Startup list
90668.  
90669. [WINDOWS SYSTEM mscdvvs]
90670. Number=12871
90671. Confirmed=X
90672. Filename=mscdvvs.exe
90673. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.MD&VSect=P" target=_blank>MYTOB.MD</a> WORM!
90674. Source=Paul Collins Startup list
90675.  
90676. [windows system notepad]
90677. Number=12872
90678. Confirmed=X
90679. Filename=wnpsm.exe
90680. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
90681. Source=Paul Collins Startup list
90682.  
90683. [Windows System Restore Configuration]
90684. Number=12873
90685. Confirmed=X
90686. Filename=Sblhost.exe
90687. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
90688. Source=Paul Collins Startup list
90689.  
90690. [Windows System Restorer]
90691. Number=12874
90692. Confirmed=X
90693. Filename=SystemRestorer.exe
90694. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
90695. Source=Paul Collins Startup list
90696.  
90697. [WINDOWS SYSTEM SCALPE]
90698. Number=12875
90699. Confirmed=X
90700. Filename=scalpe91.exe
90701. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhi.html" target=_blank>MYTOB_HI</a> WORM!
90702.  
90703. Source=Paul Collins Startup list
90704.  
90705. [Windows System Security]
90706. Number=12876
90707. Confirmed=X
90708. Filename=winmp.exe
90709. Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.IV" target=_blank>RBOT.IV</a> WORM!
90710. Source=Paul Collins Startup list
90711.  
90712. [Windows System Security]
90713. Number=12877
90714. Confirmed=X
90715. Filename=sys32.pif
90716. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaol.html" target=_blank>RBOT-AOL</a> WORM!
90717. Source=Paul Collins Startup list
90718.  
90719. [Windows System Security Monitor]
90720. Number=12878
90721. Confirmed=X
90722. Filename=[4 random letters].exe
90723. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-053111-1144-99" target=_blank>PINKTON.A</a> WORM!
90724. Source=Paul Collins Startup list
90725.  
90726. [Windows System Serivce]
90727. Number=12879
90728. Confirmed=X
90729. Filename=winserv.exe
90730. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
90731.  
90732. Source=Paul Collins Startup list
90733.  
90734. [windows system service]
90735. Number=12880
90736. Confirmed=X
90737. Filename=winsock.exe
90738. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmr.html" target=_blank>RBOT-MR</a> WORM!
90739.  
90740. Source=Paul Collins Startup list
90741.  
90742. [Windows System Service]
90743. Number=12881
90744. Confirmed=X
90745. Filename=wnuserv.exe
90746. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-010316-2308-99" target="_blank">SPYBOT.ANDM</a> WORM!
90747. Source=Paul Collins Startup list
90748.  
90749. [Windows System Tray]
90750. Number=12882
90751. Confirmed=U
90752. Filename=msni.exe
90753. Description=<a href="http://www.iambigbrother.com/" target="_blank">Iambigbrother</a> monitoring software
90754. Source=Paul Collins Startup list
90755.  
90756. [Windows System Tray]
90757. Number=12883
90758. Confirmed=X
90759. Filename=swhost.exe
90760. Description=Added by an unidentified VIRUS, WORM or TROJAN!
90761. Source=Paul Collins Startup list
90762.  
90763. [WINDOWS SYSTEM UPDATE]
90764. Number=12884
90765. Confirmed=X
90766. Filename=xDcc.exe
90767. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobeh.html" target=_blank>MYOTB-EH</a> WORM!
90768. Source=Paul Collins Startup list
90769.  
90770. [Windows System32]
90771. Number=12885
90772. Confirmed=X
90773. Filename=windowsp.exe
90774. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.GD&VSect=P" target=_blank>MYTOB.GD</a> WORM!
90775. Source=Paul Collins Startup list
90776.  
90777. [Windows System32]
90778. Number=12886
90779. Confirmed=X
90780. Filename=winsys32.exe
90781. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotahs.html" target=_blank>SDBOT-AHS</a> WORM!
90782. Source=Paul Collins Startup list
90783.  
90784. [Windows System32]
90785. Number=12887
90786. Confirmed=X
90787. Filename=clsas32.exe
90788. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotazo.html" target=_blank>RBOT-AZO</a> WORM!
90789. Source=Paul Collins Startup list
90790.  
90791. [Windows System32]
90792. Number=12888
90793. Confirmed=X
90794. Filename=explorer.exe
90795. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankiv.html" target=_blank>OPANKI-V</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
90796. Source=Paul Collins Startup list
90797.  
90798. [Windows System32]
90799. Number=12889
90800. Confirmed=X
90801. Filename=System32.exe
90802. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotali.html" target="_blank">SDBOT-ALI</a> WORM!
90803. Source=Paul Collins Startup list
90804.  
90805. [Windows SYSTEM32]
90806. Number=12890
90807. Confirmed=X
90808. Filename=Realplayer.exe
90809. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.ZH" target="_blank">SPYBOT.ZH</a> WORM!
90810. Source=Paul Collins Startup list
90811.  
90812. [Windows System32]
90813. Number=12891
90814. Confirmed=X
90815. Filename=wingrd32.exe
90816. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
90817. Source=Paul Collins Startup list
90818.  
90819. [Windows System32 Kernel]
90820. Number=12892
90821. Confirmed=X
90822. Filename=system32.exe
90823. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaat.html" target="_blank">SDBOT-AAT</a> WORM!
90824. Source=Paul Collins Startup list
90825.  
90826. [WINDOWS SYSTEMn]
90827. Number=12893
90828. Confirmed=X
90829. Filename=servicces.exe
90830. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobel.html" target=_blank>MYTOB-EL</a> WORM!
90831. Source=Paul Collins Startup list
90832.  
90833. [Windows Systemnmg]
90834. Number=12894
90835. Confirmed=X
90836. Filename=stagmr.exe
90837. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032811-0805-99" target=_blank>MYTOB.S</a> WORM!
90838. Source=Paul Collins Startup list
90839.  
90840. [Windows Systems16]
90841. Number=12895
90842. Confirmed=X
90843. Filename=winjews16.exe
90844. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
90845. Source=Paul Collins Startup list
90846.  
90847. [Windows Sz Host]
90848. Number=12896
90849. Confirmed=X
90850. Filename=winshvc.exe
90851. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
90852. Source=Paul Collins Startup list
90853.  
90854. [Windows Task Manager]
90855. Number=12897
90856. Confirmed=X
90857. Filename=ACCOUNT_DETAILS.DOC.exe
90858. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090417-3749-99" target="_blank">QUATERS.A</a> WORM!
90859. Source=Paul Collins Startup list
90860.  
90861. [Windows Task Manager]
90862. Number=12898
90863. Confirmed=X
90864. Filename=taskmgn.exe
90865. Description=Unidentified malware, either a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>WIN32.RBOT</a> WORM, or part of a Casino Palazzo foistware install
90866.  
90867. Source=Paul Collins Startup list
90868.  
90869. [Windows Task Manager]
90870. Number=12899
90871. Confirmed=X
90872. Filename=taskmrg.exe
90873. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041315-2350-99" target=_blank>MYTOB.AV</a> WORM!
90874. Source=Paul Collins Startup list
90875.  
90876. [Windows Task Manager]
90877. Number=12900
90878. Confirmed=X
90879. Filename=taskgmr.exe
90880. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042215-3629-99" target= blank>MYTOB.BJ</a> WORM!
90881. Source=Paul Collins Startup list
90882.  
90883. [Windows Task Manager]
90884. Number=12901
90885. Confirmed=X
90886. Filename=taskmg.exe
90887. Description=Browser hijacker - identified by <a href="http://www.drweb.com/" target= blank>DrWeb</a> antivirus as "Trojan.StartPage.601"
90888. Source=Paul Collins Startup list
90889.  
90890. [Windows Task Manager]
90891. Number=12902
90892. Confirmed=X
90893. Filename=taskmngr.exe
90894. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotanm.html" target=_blank>RBOT-ANM</a> WORM!
90895. Source=Paul Collins Startup list
90896.  
90897. [Windows Task Manager Emulator]
90898. Number=12903
90899. Confirmed=X
90900. Filename=kennewr.exe
90901. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotfa.html" target=_blank>SPYBOT-FA</a> WORM!
90902. Source=Paul Collins Startup list
90903.  
90904. [Windows Task Scheduler]
90905. Number=12904
90906. Confirmed=X
90907. Filename=asijdie.exe
90908. Description=Added by an unidentified WORM or TROJAN!
90909. Source=Paul Collins Startup list
90910.  
90911. [Windows Task Service (32-bits)]
90912. Number=12905
90913. Confirmed=X
90914. Filename=tasksys.exe
90915. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DREFIR.D&VSect=P" target=_blank>DREFIR.D</a> WORM!
90916. Source=Paul Collins Startup list
90917.  
90918. [Windows TaskAd]
90919. Number=12906
90920. Confirmed=X
90921. Filename=Wintaskad.exe
90922. Description=Windupdates adware variant
90923. Source=Paul Collins Startup list
90924.  
90925. [Windows Taskbar Manager]
90926. Number=12907
90927. Confirmed=X
90928. Filename=internat.exe
90929. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32protorideh.html" target=_blank>PROTORIDE-H</a> WORM!
90930. Source=Paul Collins Startup list
90931.  
90932. [Windows Taskbar Manager]
90933. Number=12908
90934. Confirmed=X
90935. Filename=[path to file]
90936. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122812-5823-99" target=_blank>PROTORIDE.B</a> WORM!
90937. Source=Paul Collins Startup list
90938.  
90939. [Windows Taskbar System]
90940. Number=12909
90941. Confirmed=X
90942. Filename=tasksys.exe
90943. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
90944. Source=Paul Collins Startup list
90945.  
90946. [Windows Taskmanager]
90947. Number=12910
90948. Confirmed=X
90949. Filename=lsassx.exe
90950. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030922-0236-99" target=_blank>KELVIR.E</a> WORM!
90951. Source=Paul Collins Startup list
90952.  
90953. [Windows TCP/IP]
90954. Number=12911
90955. Confirmed=X
90956. Filename=wintcp.exe
90957. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotzh.html" target=_blank>AGOBOT-ZH</a> WORM!
90958.  
90959. Source=Paul Collins Startup list
90960.  
90961. [Windows Telnet Server]
90962. Number=12912
90963. Confirmed=X
90964. Filename=wintel.exe
90965. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmw.html" target="_blank">AGOBOT-MW</a> WORM!
90966. Source=Paul Collins Startup list
90967.  
90968. [Windows Time]
90969. Number=12913
90970. Confirmed=X
90971. Filename=tmservice.exe
90972. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotyk.html" target=_blank>RBOT-YK</a> WORM!
90973. Source=Paul Collins Startup list
90974.  
90975. [Windows Time]
90976. Number=12914
90977. Confirmed=X
90978. Filename=winmgr.exe
90979. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotxc.html" target= blank>RBOT-XC</a> WORM!
90980. Source=Paul Collins Startup list
90981.  
90982. [Windows Time Server]
90983. Number=12915
90984. Confirmed=X
90985. Filename=TimeSRV.exe
90986. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091311-0955-99" target="_blank">SPYBOT.DNC</a> WORM!
90987. Source=Paul Collins Startup list
90988.  
90989. [Windows TM]
90990. Number=12916
90991. Confirmed=X
90992. Filename=SVPHOST.exe
90993. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
90994. Source=Paul Collins Startup list
90995.  
90996. [Windows TM]
90997. Number=12917
90998. Confirmed=X
90999. Filename=rundlI32.exe
91000. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
91001. Source=Paul Collins Startup list
91002.  
91003. [Windows TM]
91004. Number=12918
91005. Confirmed=X
91006. Filename=windowssys32.exe
91007. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
91008. Source=Paul Collins Startup list
91009.  
91010. [Windows TM]
91011. Number=12919
91012. Confirmed=X
91013. Filename=WinxSys.exe
91014. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
91015. Source=Paul Collins Startup list
91016.  
91017. [Windows Upate]
91018. Number=12920
91019. Confirmed=X
91020. Filename=rundll.exe
91021. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010617-1241-99" target=_blank>HAKO</a> TROJAN! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
91022. Source=Paul Collins Startup list
91023.  
91024. [Windows Update]
91025. Number=12921
91026. Confirmed=X
91027. Filename=[filename]
91028. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090407-0949-99" target="_blank"> NORIO</a> TROJAN! Acts as a hi-jacker redirecting to adult content sites
91029. Source=Paul Collins Startup list
91030.  
91031. [Windows Update]
91032. Number=12922
91033. Confirmed=X
91034. Filename=iexplorere.exe
91035. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101018-2015-99" target="_blank">GAOBOT.AP</a> WORM!
91036. Source=Paul Collins Startup list
91037.  
91038. [windows update]
91039. Number=12923
91040. Confirmed=X
91041. Filename=uddater.exe
91042. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011112-0350-99" target="_blank">LEOX</a> TROJAN!
91043. Source=Paul Collins Startup list
91044.  
91045. [Windows Update]
91046. Number=12924
91047. Confirmed=X
91048. Filename=wudate.exe
91049. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ML" target=_blank>AGOBOT.ML</a> WORM!
91050. Source=Paul Collins Startup list
91051.  
91052. [Windows Update]
91053. Number=12925
91054. Confirmed=X
91055. Filename=wupdate.exe
91056. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0844-99" target="_blank">Wengs</a> adware
91057. Source=Paul Collins Startup list
91058.  
91059. [windows update]
91060. Number=12926
91061. Confirmed=X
91062. Filename=sychost.exe
91063. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032016-5436-99" target="_blank">LEOX.B</a> WORM!
91064. Source=Paul Collins Startup list
91065.  
91066. [Windows Update]
91067. Number=12927
91068. Confirmed=X
91069. Filename=Wuamgrd.exe
91070. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
91071. Source=Paul Collins Startup list
91072.  
91073. [Windows Update]
91074. Number=12928
91075. Confirmed=X
91076. Filename=inetinf.exe
91077. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
91078. Source=Paul Collins Startup list
91079.  
91080. [Windows Update]
91081. Number=12929
91082. Confirmed=X
91083. Filename=WindowsUpdate.exe
91084. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbayroba.html" target="_blank">BAYROB-A</a> TROJAN!
91085. Source=Paul Collins Startup list
91086.  
91087. [Windows Update]
91088. Number=12930
91089. Confirmed=X
91090. Filename=host32.exe
91091. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgu.html" target=_blank>RBOT-GU</a> WORM!
91092.  
91093. Source=Paul Collins Startup list
91094.  
91095. [windows update]
91096. Number=12931
91097. Confirmed=X
91098. Filename=wuraclt.exe
91099. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpo.html" target=_blank>RBOT-PO</a> WORM!
91100.  
91101. Source=Paul Collins Startup list
91102.  
91103. [windows update]
91104. Number=12932
91105. Confirmed=X
91106. Filename=Wuanclt.exe
91107. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XZ" target="_blank">RBOT.XZ</a> WORM!
91108. Source=Paul Collins Startup list
91109.  
91110. [Windows Update]
91111. Number=12933
91112. Confirmed=X
91113. Filename=svchosts.exe
91114. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120420-2142-99" target=_blank>FRUCTA</a> TROJAN!
91115. Source=Paul Collins Startup list
91116.  
91117. [Windows Update]
91118. Number=12934
91119. Confirmed=X
91120. Filename=ebay.exe
91121. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-120715-5145-99" target=_blank>GAOBOT.BUU</a> WORM!
91122. Source=Paul Collins Startup list
91123.  
91124. [Windows Update]
91125. Number=12935
91126. Confirmed=X
91127. Filename=windows.exe
91128. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotrb.html" target=_blank>RBOT-RB</a> WORM!
91129. Source=Paul Collins Startup list
91130.  
91131. [windows update]
91132. Number=12936
91133. Confirmed=X
91134. Filename=wuaurlt.exe
91135. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADG&VSect=T" target=_blank>RBOT.ADG</a> WORM!
91136. Source=Paul Collins Startup list
91137.  
91138. [Windows Update]
91139. Number=12937
91140. Confirmed=X
91141. Filename=Update.exe
91142. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelffn.html" target=_blank>DELF-FN</a> TROJAN!
91143. Source=Paul Collins Startup list
91144.  
91145. [Windows Update]
91146. Number=12938
91147. Confirmed=X
91148. Filename=winmguard.exe
91149. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotem.html" target=_blank>RBOT-EM</a> WORM!
91150. Source=Paul Collins Startup list
91151.  
91152. [Windows Update]
91153. Number=12939
91154. Confirmed=X
91155. Filename=wuampd.exe
91156. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UM" target=_blank>RBOT.UM</a> WORM!
91157. Source=Paul Collins Startup list
91158.  
91159. [windows update]
91160. Number=12940
91161. Confirmed=X
91162. Filename=wuarclt.exe
91163. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotof.html" target=_blank>RBOT-OF</a> WORM!
91164. Source=Paul Collins Startup list
91165.  
91166. [Windows Update]
91167. Number=12941
91168. Confirmed=X
91169. Filename=winupdate.exe
91170. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotws.html" target=_blank>SDBOT-WS</a> WORM!
91171. Source=Paul Collins Startup list
91172.  
91173. [Windows Update]
91174. Number=12942
91175. Confirmed=X
91176. Filename=msnwinsb.exe
91177. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaah.html" target=_blank>RBOT-AAH</a> WORM!
91178. Source=Paul Collins Startup list
91179.  
91180. [Windows Update]
91181. Number=12943
91182. Confirmed=X
91183. Filename=scvhost.exe
91184. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotxt.html" target= blank>SDBOT-XT</a> WORM!
91185. Source=Paul Collins Startup list
91186.  
91187. [windows update]
91188. Number=12944
91189. Confirmed=X
91190. Filename=Microsoft.exe
91191. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LMIR.A&VSect=T" target=_blank>LMIR.A</a> TROJAN!
91192. Source=Paul Collins Startup list
91193.  
91194. [Windows Update]
91195. Number=12945
91196. Confirmed=X
91197. Filename=mplupdate.exe
91198. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080813-3234-99" target=_blank>MOEGA</a> WORM!
91199. Source=Paul Collins Startup list
91200.  
91201. [windows update]
91202. Number=12946
91203. Confirmed=X
91204. Filename=msnsever.exe
91205. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahn.html" target=_blank>RBOT-AHN</a> WORM!
91206. Source=Paul Collins Startup list
91207.  
91208. [Windows Update]
91209. Number=12947
91210. Confirmed=X
91211. Filename=taskmr.exe
91212. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobgz.html" target=_blank>MYTOB-GZ</a> WORM!
91213. Source=Paul Collins Startup list
91214.  
91215. [Windows Update]
91216. Number=12948
91217. Confirmed=X
91218. Filename=update32.exe
91219. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
91220. Source=Paul Collins Startup list
91221.  
91222. [Windows Update]
91223. Number=12949
91224. Confirmed=X
91225. Filename=wininfo.exe
91226. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112217-1611-99" target=_blank>MYTOB.GA</a> WORM!
91227. Source=Paul Collins Startup list
91228.  
91229. [Windows Update]
91230. Number=12950
91231. Confirmed=X
91232. Filename=winlogin.exe
91233. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdv.html" target=_blank>BANKER-DV</a> TROJAN!
91234. Source=Paul Collins Startup list
91235.  
91236. [Windows Update]
91237. Number=12951
91238. Confirmed=X
91239. Filename=msnupdates.exe
91240. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalk.html" target=_blank>RBOT-ALK</a> WORM! Note - this file has nothing to do with Windows updates or MSN
91241. Source=Paul Collins Startup list
91242.  
91243. [Windows Update]
91244. Number=12952
91245. Confirmed=X
91246. Filename=qtask.exe
91247. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaku.html" target=_blank>RBOT-AKU</a> WORM! Note - do not confuse with the Quicken file of the same name as described <a href="http://www.sysinfo.org/startuplist.php?filter=qtask.exe" target=_blank>here</a>
91248. Source=Paul Collins Startup list
91249.  
91250. [windows update]
91251. Number=12953
91252. Confirmed=X
91253. Filename=real.exe
91254. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirau.html" target=_blank>LEGMIR-AU</a> WORM!
91255. Source=Paul Collins Startup list
91256.  
91257. [Windows Update]
91258. Number=12954
91259. Confirmed=X
91260. Filename=windowsx.exe
91261. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancda.html" target=_blank>BANCD-A</a> TROJAN!
91262. Source=Paul Collins Startup list
91263.  
91264. [Windows update]
91265. Number=12955
91266. Confirmed=X
91267. Filename=wudupdate.exe
91268. Description=Adware downloader - <a href="http://sarc.com/avcenter/venc/data/adware.istbar.html" target=_blank>Istbar</a> related
91269. Source=Paul Collins Startup list
91270.  
91271. [Windows Update]
91272. Number=12956
91273. Confirmed=X
91274. Filename=wupdmgr.exe
91275. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfc.html" target=_blank>BANCBAN-FC</a> TROJAN and variants!
91276. Source=Paul Collins Startup list
91277.  
91278. [Windows Update]
91279. Number=12957
91280. Confirmed=X
91281. Filename=csrss.exe
91282. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerhm.html" target=_blank>BANKER-HM</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
91283. Source=Paul Collins Startup list
91284.  
91285. [Windows Update]
91286. Number=12958
91287. Confirmed=X
91288. Filename=msnsupdate.exe
91289. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaxs.html" target=_blank>RBOT-AXS</a> WORM!
91290. Source=Paul Collins Startup list
91291.  
91292. [Windows Update]
91293. Number=12959
91294. Confirmed=X
91295. Filename=XPLoogNT.exe
91296. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancdb.html" target=_blank>BANCD-B</a> TROJAN!
91297. Source=Paul Collins Startup list
91298.  
91299. [Windows Update]
91300. Number=12960
91301. Confirmed=X
91302. Filename=install.exe
91303. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerib.html" target=_blank>BANKER-IB</a> TROJAN!
91304. Source=Paul Collins Startup list
91305.  
91306. [Windows Update]
91307. Number=12961
91308. Confirmed=X
91309. Filename=msi.exe
91310. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerxb.html" target="_blank">BANKER-XB</a> TROJAN!
91311. Source=Paul Collins Startup list
91312.  
91313. [Windows Update]
91314. Number=12962
91315. Confirmed=X
91316. Filename=Sqltob.exe
91317. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121516-4255-99" target=_blank>DASHER.A</a> WORM!
91318. Source=Paul Collins Startup list
91319.  
91320. [windows update]
91321. Number=12963
91322. Confirmed=X
91323. Filename=logonuit.exe
91324. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirao.html" target="_blank">LEGMIR-AO</a> TROJAN!
91325. Source=Paul Collins Startup list
91326.  
91327. [Windows Update]
91328. Number=12964
91329. Confirmed=X
91330. Filename=avkir.exe
91331. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgjp.html" target="_blank">RBOT-GJP</a> WORM!
91332. Source=Paul Collins Startup list
91333.  
91334. [Windows Update 32]
91335. Number=12965
91336. Confirmed=X
91337. Filename=winlogons.exe
91338. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfi.html" target=_blank>FORBOT-FI</a> WORM!
91339. Source=Paul Collins Startup list
91340.  
91341. [Windows Update 32]
91342. Number=12966
91343. Confirmed=X
91344. Filename=rempss.exe
91345. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfw.html" target=_blank>FORBOT-FW</a> WORM!
91346. Source=Paul Collins Startup list
91347.  
91348. [Windows Update 32]
91349. Number=12967
91350. Confirmed=X
91351. Filename=slsys.exe
91352. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
91353. Source=Paul Collins Startup list
91354.  
91355. [Windows Update 63]
91356. Number=12968
91357. Confirmed=X
91358. Filename=shupd64.exe
91359. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotga.html" target=_blank>FORBOT-GA</a> WORM!
91360. Source=Paul Collins Startup list
91361.  
91362. [Windows Update 64]
91363. Number=12969
91364. Confirmed=X
91365. Filename=nbupd64.exe
91366. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
91367. Source=Paul Collins Startup list
91368.  
91369. [Windows Update 64]
91370. Number=12970
91371. Confirmed=X
91372. Filename=WinV.exe
91373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfp.html" target=_blank>FORBOT-FP</a> WORM!
91374. Source=Paul Collins Startup list
91375.  
91376. [Windows Update Auto Update]
91377. Number=12971
91378. Confirmed=X
91379. Filename=wuaumgr.exe
91380. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
91381. Source=Paul Collins Startup list
91382.  
91383. [Windows Update AutoUpdate Client]
91384. Number=12972
91385. Confirmed=X
91386. Filename=waucult.exe
91387. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
91388. Source=Paul Collins Startup list
91389.  
91390. [Windows Update AutoUpdate Client]
91391. Number=12973
91392. Confirmed=X
91393. Filename=wuauclt.exe
91394. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LAZAR.B" target="_blank">LAZAR.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauclt/" target="_blank">wuauclt.exe</a> process, which should not appear in Msconfig/Startup!
91395. Source=Paul Collins Startup list
91396.  
91397. [Windows Update AutoUpdate Client Product]
91398. Number=12974
91399. Confirmed=X
91400. Filename=wuauct.exe
91401. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACL" target="_blank">AGOBOT.ACL</a> WORM!
91402. Source=Paul Collins Startup list
91403.  
91404. [Windows Update Center]
91405. Number=12975
91406. Confirmed=X
91407. Filename=svthx.exe
91408. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051915-3352-99" target=_blank>STUBBOT.A</a> WORM!
91409. Source=Paul Collins Startup list
91410.  
91411. [Windows Update Center]
91412. Number=12976
91413. Confirmed=X
91414. Filename=W32RSA.exe
91415. Description=Added by an unidentified WORM or TROJAN!
91416. Source=Paul Collins Startup list
91417.  
91418. [Windows Update Checker]
91419. Number=12977
91420. Confirmed=X
91421. Filename=[random filename]
91422. Description=Adware downloader trojan
91423. Source=Paul Collins Startup list
91424.  
91425. [Windows Update Checker]
91426. Number=12978
91427. Confirmed=X
91428. Filename=msupdte32.exe
91429. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaef.html" target=_blank>SDBOT-AEF</a> WORM!
91430. Source=Paul Collins Startup list
91431.  
91432. [Windows Update Checker]
91433. Number=12979
91434. Confirmed=X
91435. Filename=deinst_qfe001.exe
91436. Description=Added by a variant of the Win32.Small TROJAN!
91437. Source=Paul Collins Startup list
91438.  
91439. [Windows Update Checker]
91440. Number=12980
91441. Confirmed=X
91442. Filename=deinst_qfe002.exe
91443. Description=Added by a variant of the Win32.Small TROJAN!
91444. Source=Paul Collins Startup list
91445.  
91446. [Windows Update Client]
91447. Number=12981
91448. Confirmed=X
91449. Filename=wuclient.exe
91450. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
91451. Source=Paul Collins Startup list
91452.  
91453. [Windows Update Client Service]
91454. Number=12982
91455. Confirmed=X
91456. Filename=windrvl32.exe
91457. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotmm.html" target=_blank>AGOBOT-MM</a> TROJAN!
91458. Source=Paul Collins Startup list
91459.  
91460. [Windows update config]
91461. Number=12983
91462. Confirmed=X
91463. Filename=svhost.exe
91464. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotpf.html" target="_blank">SDBOT-PF</a> WORM!
91465. Source=Paul Collins Startup list
91466.  
91467. [windows update configurator]
91468. Number=12984
91469. Confirmed=X
91470. Filename=svghost.exe
91471. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
91472. Source=Paul Collins Startup list
91473.  
91474. [Windows Update Controller]
91475. Number=12985
91476. Confirmed=X
91477. Filename=mwoffice.exe
91478. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbattrya.html" target=_blank>BATTRY-A</a> TROJAN!
91479. Source=Paul Collins Startup list
91480.  
91481. [Windows Update Drive]
91482. Number=12986
91483. Confirmed=X
91484. Filename=updrvs.exe
91485. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
91486. Source=Paul Collins Startup list
91487.  
91488. [Windows Update Files]
91489. Number=12987
91490. Confirmed=X
91491. Filename=dnetc.exe
91492. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update
91493. Source=Paul Collins Startup list
91494.  
91495. [Windows Update Firewall System]
91496. Number=12988
91497. Confirmed=X
91498. Filename=ctfmoom.exe
91499. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgan.html" target="_blank">RBOT-GAN</a> WORM!
91500. Source=Paul Collins Startup list
91501.  
91502. [Windows Update GUI Executable x32x]
91503. Number=12989
91504. Confirmed=X
91505. Filename=wupdategux32.exe
91506. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXY" target="_blank">RBOT.CXY</a> WORM!
91507. Source=Paul Collins Startup list
91508.  
91509. [Windows Update GUI Executable x32x]
91510. Number=12990
91511. Confirmed=X
91512. Filename=wupdategux32.exe
91513. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CXY" target="_blank">RBOT.CXY</a> WORM!
91514. Source=Paul Collins Startup list
91515.  
91516. [Windows Update Host]
91517. Number=12991
91518. Confirmed=X
91519. Filename=winupsvc.exe
91520. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
91521. Source=Paul Collins Startup list
91522.  
91523. [Windows Update IPv6 Layer]
91524. Number=12992
91525. Confirmed=X
91526. Filename=WIN32IPV6.EXE
91527. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DUD" target="_blank">RBOT.DUD</a> WORM!
91528. Source=Paul Collins Startup list
91529.  
91530. [Windows update loader]
91531. Number=12993
91532. Confirmed=X
91533. Filename=xpupdate.exe
91534. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbravea.html" target=_blank>BRAVE-A</a> TROJAN!
91535.  
91536. Source=Paul Collins Startup list
91537.  
91538. [Windows Update Manager]
91539. Number=12994
91540. Confirmed=X
91541. Filename=wupdmngr.exe
91542. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110614-2851-99" target=_blank>RANDEX.BTB</a> WORM!
91543. Source=Paul Collins Startup list
91544.  
91545. [Windows Update Manager]
91546. Number=12995
91547. Confirmed=X
91548. Filename=Winlog0n.exe
91549. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentbo.html" target=_blank>AGENT-BO</a> TROJAN!
91550. Source=Paul Collins Startup list
91551.  
91552. [Windows Update Manager]
91553. Number=12996
91554. Confirmed=X
91555. Filename=wupdate.exe
91556. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
91557. Source=Paul Collins Startup list
91558.  
91559. [Windows Update Manager]
91560. Number=12997
91561. Confirmed=X
91562. Filename=bootwiz.exe
91563. Description=Added by the MYBOT WORM!
91564. Source=Paul Collins Startup list
91565.  
91566. [Windows Update Manager for NT]
91567. Number=12998
91568. Confirmed=X
91569. Filename=wupdmgr32.exe
91570. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112217-1611-99" target=_blank>SDBOT.AH</a> WORM!
91571. Source=Paul Collins Startup list
91572.  
91573. [Windows Update Monitoring Service]
91574. Number=12999
91575. Confirmed=X
91576. Filename=winupdt.exe
91577. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpl.html" target=_blank>RBOT-PL</a> WORM!
91578.  
91579. Source=Paul Collins Startup list
91580.  
91581. [Windows Update Process]
91582. Number=13000
91583. Confirmed=X
91584. Filename=wmiprvsc.exe
91585. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcb.html" target="_blank">SDBOT-CB</a> WORM!
91586. Source=Paul Collins Startup list
91587.  
91588. [Windows Update Service]
91589. Number=13001
91590. Confirmed=X
91591. Filename=csrs.exe
91592. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotni.html" target="_blank">AGOBOT-NI</a> WORM!
91593. Source=Paul Collins Startup list
91594.  
91595. [Windows Update Service]
91596. Number=13002
91597. Confirmed=X
91598. Filename=smcg.exe
91599. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.QY" target="_blank">SDBOT.QY</a> WORM!
91600. Source=Paul Collins Startup list
91601.  
91602. [Windows Update Service]
91603. Number=13003
91604. Confirmed=X
91605. Filename=SP00ISS.exe
91606. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzh.html" target=_blank>SDBOT-ZH</a> WORM!
91607. Source=Paul Collins Startup list
91608.  
91609. [Windows Update Service]
91610. Number=13004
91611. Confirmed=X
91612. Filename=update32.pif
91613. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalc.html" target=_blank>RBOT-ALC</a> WORM!
91614. Source=Paul Collins Startup list
91615.  
91616. [Windows Update Service 2004/2005]
91617. Number=13005
91618. Confirmed=X
91619. Filename=systemupdate.exe
91620. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotje.html" target="_blank">RBOT-JE</a> WORM!
91621. Source=Paul Collins Startup list
91622.  
91623. [Windows Update services]
91624. Number=13006
91625. Confirmed=X
91626. Filename=wins32svcs.exe
91627. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
91628. Source=Paul Collins Startup list
91629.  
91630. [Windows Update Software]
91631. Number=13007
91632. Confirmed=X
91633. Filename=system.exe
91634. Description=Added by the <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FTOFGER%2EBX" target="_blank">TOFGER.BX</a> TROJAN!
91635. Source=Paul Collins Startup list
91636.  
91637. [Windows Update System]
91638. Number=13008
91639. Confirmed=X
91640. Filename=mswins.exe
91641. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.DN" target="_blank">IRCBOT.DN</a> WORM!
91642. Source=Paul Collins Startup list
91643.  
91644. [Windows Update System Shell]
91645. Number=13009
91646. Confirmed=X
91647. Filename=svhostcs32.exe
91648. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaz.html" target= blank>RBOT-AAZ</a> WORM!
91649. Source=Paul Collins Startup list
91650.  
91651. [Windows Update V6]
91652. Number=13010
91653. Confirmed=X
91654. Filename=[random filename]
91655. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkt.html" target="_blank">RBOT-KT</a> WORM!
91656. Source=Paul Collins Startup list
91657.  
91658. [Windows Update.exe]
91659. Number=13011
91660. Confirmed=X
91661. Filename=N/A
91662. Description=Homepage hijacker
91663. Source=Paul Collins Startup list
91664.  
91665. [Windows Updated]
91666. Number=13012
91667. Confirmed=X
91668. Filename=spoolsae.exe
91669. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapm.html" target=_blank>RBOT-APM</a> WORM!
91670. Source=Paul Collins Startup list
91671.  
91672. [Windows Updated]
91673. Number=13013
91674. Confirmed=X
91675. Filename=updatr.exe
91676. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotayb.html" target=_blank>RBOT-AYB</a> WORM!
91677. Source=Paul Collins Startup list
91678.  
91679. [Windows Updater]
91680. Number=13014
91681. Confirmed=X
91682. Filename=wupdmgr32.exe
91683. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-051822-4126-99" target="_blank">DOS.AUTOCAT</a> TROJAN!
91684. Source=Paul Collins Startup list
91685.  
91686. [Windows Updater]
91687. Number=13015
91688. Confirmed=X
91689. Filename=iexplorerrs.exe
91690. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbottn.html" target=_blank>RBOT-TN</a> WORM!
91691. Source=Paul Collins Startup list
91692.  
91693. [Windows Updater]
91694. Number=13016
91695. Confirmed=X
91696. Filename=svigost.exe
91697. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotvs.html" target= blank>RBOT-VS</a> WORM!
91698. Source=Paul Collins Startup list
91699.  
91700. [Windows Updater]
91701. Number=13017
91702. Confirmed=X
91703. Filename=wupdate.exe
91704. Description=Added by the <a href="http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AJ" target=_blank>WOOTBOT.AJ</a> WORM!
91705. Source=Paul Collins Startup list
91706.  
91707. [Windows Updater]
91708. Number=13018
91709. Confirmed=X
91710. Filename=sdsys.exe
91711. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotjg.html" target=_blank>FORBOT-JG</a> WORM!
91712. Source=Paul Collins Startup list
91713.  
91714. [Windows Updater Online]
91715. Number=13019
91716. Confirmed=X
91717. Filename=winupdatexx.exe
91718. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
91719. Source=Paul Collins Startup list
91720.  
91721. [Windows Updates]
91722. Number=13020
91723. Confirmed=X
91724. Filename=lsassx.exe
91725. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
91726. Source=Paul Collins Startup list
91727.  
91728. [Windows Updates]
91729. Number=13021
91730. Confirmed=X
91731. Filename=winupd32.exe
91732. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051512-4305-99" target= blank>MYTOB.CE</a> WORM!
91733. Source=Paul Collins Startup list
91734.  
91735. [Windows Updates]
91736. Number=13022
91737. Confirmed=X
91738. Filename=w32dns.exe
91739. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbfw.html" target=_blank>SDBOT-BFW</a> WORM!
91740. Source=Paul Collins Startup list
91741.  
91742. [Windows Updating Service]
91743. Number=13023
91744. Confirmed=X
91745. Filename=updating.pif
91746. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotalw.html" target=_blank>RBOT-ALW</a> WORM!
91747. Source=Paul Collins Startup list
91748.  
91749. [Windows Updtee Mgnr]
91750. Number=13024
91751. Confirmed=X
91752. Filename=W1NT45K.exe
91753. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060314-0019-99" target=_blank>MYTOB.DC</a> WORM!
91754. Source=Paul Collins Startup list
91755.  
91756. [Windows USB 2.0 Driver]
91757. Number=13025
91758. Confirmed=X
91759. Filename=usbtskmgr.exe
91760. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkg.html" target=_blank>RBOT-BKG</a> WORM!
91761. Source=Paul Collins Startup list
91762.  
91763. [Windows USB 2.0 Driver]
91764. Number=13026
91765. Confirmed=X
91766. Filename=usb2ctrl.exe
91767. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbiw.html" target="_blank">RBOT-BIW</a> WORM!
91768. Source=Paul Collins Startup list
91769.  
91770. [Windows USB controler]
91771. Number=13027
91772. Confirmed=X
91773. Filename=winusb.exe
91774. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothr.html" target= blank>RBOT-HR</a> WORM!
91775. Source=Paul Collins Startup list
91776.  
91777. [Windows USB Driver Support]
91778. Number=13028
91779. Confirmed=X
91780. Filename=Windowsusb.exe
91781. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
91782. Source=Paul Collins Startup list
91783.  
91784. [Windows USB Service]
91785. Number=13029
91786. Confirmed=X
91787. Filename=666.exe
91788. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041116-0718-99" target=_blank>MYTOB.AR</a> WORM!
91789. Source=Paul Collins Startup list
91790.  
91791. [Windows USBD]
91792. Number=13030
91793. Confirmed=X
91794. Filename=msifirewall.exe
91795. Description=Added by an unidentified WORM or TROJAN!
91796. Source=Paul Collins Startup list
91797.  
91798. [Windows User Mode Driver Manager]
91799. Number=13031
91800. Confirmed=X
91801. Filename=wdfmrg.exe
91802. Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotzn.html" target=_blank>SDBOT-ZN</a> WORM!
91803. Source=Paul Collins Startup list
91804.  
91805. [Windows User Starter]
91806. Number=13032
91807. Confirmed=X
91808. Filename=winuser32.exe
91809. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.SN" target="_blank">RBOT.SN</a> WORM!
91810. Source=Paul Collins Startup list
91811.  
91812. [Windows Version Check]
91813. Number=13033
91814. Confirmed=N
91815. Filename=ver_chk.exe
91816. Description=Version checker for CyberAudioLibrary - "a new way to exchange information through the Internet"
91817. Source=Paul Collins Startup list
91818.  
91819. [Windows video]
91820. Number=13034
91821. Confirmed=X
91822. Filename=vide_32.exe
91823. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
91824. Source=Paul Collins Startup list
91825.  
91826. [Windows Video Acquisition (WVA)]
91827. Number=13035
91828. Confirmed=X
91829. Filename=wvsvc.exe
91830. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.YM" target="_blank">AGOBOT.YM</a> WORM!
91831. Source=Paul Collins Startup list
91832.  
91833. [Windows Video Drivers]
91834. Number=13036
91835. Confirmed=X
91836. Filename=videons32.exe
91837. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071817-0650-99" target="_blank">GAOBOT.AZT</a> WORM!
91838. Source=Paul Collins Startup list
91839.  
91840. [Windows Virus Control]
91841. Number=13037
91842. Confirmed=X
91843. Filename=plou.exe
91844. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotacz.html" target=_blank>SDBOT-ACZ</a> WORM!
91845. Source=Paul Collins Startup list
91846.  
91847. [Windows Web Services]
91848. Number=13038
91849. Confirmed=X
91850. Filename=localsvc.exe
91851. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91852. Source=Paul Collins Startup list
91853.  
91854. [Windows Web Services]
91855. Number=13039
91856. Confirmed=X
91857. Filename=netsvc.exe
91858. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91859. Source=Paul Collins Startup list
91860.  
91861. [Windows Web Services]
91862. Number=13040
91863. Confirmed=X
91864. Filename=spoolsvc.exe
91865. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91866. Source=Paul Collins Startup list
91867.  
91868. [Windows Web Services]
91869. Number=13041
91870. Confirmed=X
91871. Filename=svcadmin.exe
91872. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91873. Source=Paul Collins Startup list
91874.  
91875. [Windows Web Services]
91876. Number=13042
91877. Confirmed=X
91878. Filename=svcman.exe
91879. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91880. Source=Paul Collins Startup list
91881.  
91882. [Windows Web Services]
91883. Number=13043
91884. Confirmed=X
91885. Filename=svcrun.exe
91886. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91887. Source=Paul Collins Startup list
91888.  
91889. [Windows Web Services]
91890. Number=13044
91891. Confirmed=X
91892. Filename=tcpsvc.exe
91893. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91894. Source=Paul Collins Startup list
91895.  
91896. [Windows Web Services]
91897. Number=13045
91898. Confirmed=X
91899. Filename=websvc.exe
91900. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderny.html" target=_blank>DLOADER-NY</a> TROJAN!
91901. Source=Paul Collins Startup list
91902.  
91903. [Windows Winhlp32 Stub Service]
91904. Number=13046
91905. Confirmed=X
91906. Filename=winhlp32.pif
91907. Description=Added by the <a href="http://www.noadware.net/research/index2.php?item_id=2473&item_name=Backdoor.Win32.Aimbot.ah" target="_blank">AIMBOT.AH</a> TROJAN!
91908. Source=Paul Collins Startup list
91909.  
91910. [Windows WKS]
91911. Number=13047
91912. Confirmed=X
91913. Filename=wsass.exe
91914. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdk.html" target="_blank">SDBOT-DK</a> WORM!
91915. Source=Paul Collins Startup list
91916.  
91917. [Windows WMF Fix]
91918. Number=13048
91919. Confirmed=X
91920. Filename=winfix.exe
91921. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotftq.html" target="_blank">RBOT-FTQ</a> WORM!
91922. Source=Paul Collins Startup list
91923.  
91924. [Windows Workstation]
91925. Number=13049
91926. Confirmed=X
91927. Filename=mpci.exe
91928. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
91929. Source=Paul Collins Startup list
91930.  
91931. [Windows Workstation]
91932. Number=13050
91933. Confirmed=X
91934. Filename=msup32a.exe
91935. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
91936. Source=Paul Collins Startup list
91937.  
91938. [Windows Workstation Service]
91939. Number=13051
91940. Confirmed=X
91941. Filename=explore.exe
91942. Description=Added by unknown malware
91943. Source=Paul Collins Startup list
91944.  
91945. [Windows Workstation Service (32-bits)]
91946. Number=13052
91947. Confirmed=X
91948. Filename=wkssvc32.exe
91949. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target=_blank>SDBOT</a> WORM!
91950. Source=Paul Collins Startup list
91951.  
91952. [Windows Workstation Start Service]
91953. Number=13053
91954. Confirmed=X
91955. Filename=mslanmgr.exe
91956. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
91957. Source=Paul Collins Startup list
91958.  
91959. [Windows Xp]
91960. Number=13054
91961. Confirmed=X
91962. Filename=nortonguard.exe
91963. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdz.html" target=_blank>MYTOB-DZ</a> WORM!
91964. Source=Paul Collins Startup list
91965.  
91966. [Windows XP Automatic Update]
91967. Number=13055
91968. Confirmed=X
91969. Filename=wXPupdate.exe
91970. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafc.html" target=_blank>RBOT-AFC</a> WORM!
91971. Source=Paul Collins Startup list
91972.  
91973. [Windows Xp Service Pack 2]
91974. Number=13056
91975. Confirmed=X
91976. Filename=svchost.exe
91977. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojxplosa.html" target=_blank>XPLOS-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
91978. Source=Paul Collins Startup list
91979.  
91980. [Windows XP SP2 KeyGen]
91981. Number=13057
91982. Confirmed=X
91983. Filename=Windows XP SP2 KeyGen.exe
91984. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tibickc.html" target=_blank>TIBICK-C</a> WORM!
91985. Source=Paul Collins Startup list
91986.  
91987. [Windows-System]
91988. Number=13058
91989. Confirmed=X
91990. Filename=System32.exe
91991. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-110714-3910-99" target="_blank">LOGPOLE.C</a> WORM!
91992. Source=Paul Collins Startup list
91993.  
91994. [Windows-TCP-IP]
91995. Number=13059
91996. Confirmed=X
91997. Filename=rfkampig.exe
91998. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031019-1413-99" target="_blank">GIPMA</a> TROJAN!
91999. Source=Paul Collins Startup list
92000.  
92001. [Windows-XP-Service-Pack]
92002. Number=13060
92003. Confirmed=X
92004. Filename=xpspz.exe
92005. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotaac.html" target=_blank>SDBOT-AAC</a> WORM!
92006. Source=Paul Collins Startup list
92007.  
92008. [windows16]
92009. Number=13061
92010. Confirmed=X
92011. Filename=windows16.exe
92012. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
92013. Source=Paul Collins Startup list
92014.  
92015. [Windows32]
92016. Number=13062
92017. Confirmed=X
92018. Filename=rundll.exe
92019. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlk.html" target=_blank>AGOBOT-LK</a> or <a href="http://www.sophos.com/virusinfo/analyses/w32agobotnd.html" target=_blank>AGOBOT-ND</a> WORMS! Note - this is NOT the Windows system file of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/rundll/" target=_blank>here</a>
92020. Source=Paul Collins Startup list
92021.  
92022. [windows32]
92023. Number=13063
92024. Confirmed=X
92025. Filename=windows32.exe
92026. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbxu.html" target=_blank>XU</a> TROJAN!
92027. Source=Paul Collins Startup list
92028.  
92029. [Windows32]
92030. Number=13064
92031. Confirmed=X
92032. Filename=wuuaclt.exe
92033. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080216-5303-99" target=_blank>BRATLE.B</a> WORM!
92034. Source=Paul Collins Startup list
92035.  
92036. [Windows32 Configuration Loader]
92037. Number=13065
92038. Confirmed=X
92039. Filename=msrf32.exe
92040. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotabx.html" target=_blank>SDBOT-ABX</a> WORM!
92041. Source=Paul Collins Startup list
92042.  
92043. [Windows32 Messenger Service]
92044. Number=13066
92045. Confirmed=X
92046. Filename=msmsgv.exe
92047. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ANS" target="_blank">RBOT.ANS</a> WORM!
92048. Source=Paul Collins Startup list
92049.  
92050. [Windows32 Net Database]
92051. Number=13067
92052. Confirmed=X
92053. Filename=msnd32.exe
92054. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaal.html" target=_blank>RBOT-AAL</a> WORM!
92055. Source=Paul Collins Startup list
92056.  
92057. [Windows32 Serivces]
92058. Number=13068
92059. Confirmed=X
92060. Filename=winser32.exe
92061. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AAF&VSect=P" target=_blank>SPYBOT.AAF</a> WORM!
92062. Source=Paul Collins Startup list
92063.  
92064. [WindowsAgent]
92065. Number=13069
92066. Confirmed=X
92067. Filename=WindowsAgent.exe
92068. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-011707-0931-99" target="_blank">GOP.G</a> WORM!
92069. Source=Paul Collins Startup list
92070.  
92071. [WindowsAgent]
92072. Number=13070
92073. Confirmed=X
92074. Filename=sysexhook.exe
92075. Description=Added by the <a href="http://labs.paretologic.com/spyware.aspx?remove=GOP" target=_blank>GOP</a> keyboard logger/TROJAN!
92076. Source=Paul Collins Startup list
92077.  
92078. [WindowsAPI.DLL]
92079. Number=13071
92080. Confirmed=X
92081. Filename=Server5.exe
92082. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077108" target="_blank">"Fear and Hope"</a> TROJAN!
92083. Source=Paul Collins Startup list
92084.  
92085. [WindowsAudio]
92086. Number=13072
92087. Confirmed=X
92088. Filename=systemupd.exe
92089. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentth.html" target=_blank>AGENT-TH</a> WORM!
92090. Source=Paul Collins Startup list
92091.  
92092. [WindowsBackup]
92093. Number=13073
92094. Confirmed=X
92095. Filename=WINDOWSBACKUP.EXE
92096. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022317-4928-99" target=_blank>STANG</a> WORM!
92097. Source=Paul Collins Startup list
92098.  
92099. [WindowsBool]
92100. Number=13074
92101. Confirmed=X
92102. Filename=aimplg.exe
92103. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotcng.html" target="_blank">SDBOT-CNG</a> WORM!
92104. Source=Paul Collins Startup list
92105.  
92106. [WindowsCRC]
92107. Number=13075
92108. Confirmed=X
92109. Filename=wscrc.exe
92110. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotvu.html" target= blank>SDBOT-VU</a> WORM!
92111. Source=Paul Collins Startup list
92112.  
92113. [WindowsCriticalUpdate]
92114. Number=13076
92115. Confirmed=X
92116. Filename=windows_critical_update.exe
92117. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS!
92118. Source=Paul Collins Startup list
92119.  
92120. [WindowsDiskEvt]
92121. Number=13077
92122. Confirmed=X
92123. Filename=svcsvh32.exe
92124. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020115-0317-99" target=_blank>NANINF.D</a> TROJAN!
92125. Source=Paul Collins Startup list
92126.  
92127. [WindowsDiskLog]
92128. Number=13078
92129. Confirmed=X
92130. Filename=cstsm.exe
92131. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstinxc.html" target=_blank>STINX-C</a> or <a href="http://www.sophos.com/virusinfo/analyses/trojstinxd.html" target=_blank>STINX-D</a> TROJANS!
92132. Source=Paul Collins Startup list
92133.  
92134. [WindowsFileSystem]
92135. Number=13079
92136. Confirmed=X
92137. Filename=winsfs32.exe
92138. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfmq.html" target="_blank">RBOT-FMQ</a> WORM!
92139. Source=Paul Collins Startup list
92140.  
92141. [WindowsFirewallSvc]
92142. Number=13080
92143. Confirmed=X
92144. Filename=winsvcup.exe
92145. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
92146. Source=Paul Collins Startup list
92147.  
92148. [WINDOWSflashbrg]
92149. Number=13081
92150. Confirmed=X
92151. Filename=sqldata1.exe
92152. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojagentic.html" target= blank>AGENT-IC</a> TROJAN!
92153. Source=Paul Collins Startup list
92154.  
92155. [WindowsFY]
92156. Number=13082
92157. Confirmed=X
92158. Filename=wp.exe
92159. Description=Part of a "Security IGuard" parasite infestation - also detected as <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target= blank>DESKTOPHIJACK</a>
92160. Source=Paul Collins Startup list
92161.  
92162. [WindowsFY]
92163. Number=13083
92164. Confirmed=X
92165. Filename=bsw.exe
92166. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target="_blank">DESKTOPHIJACK</a> TROJAN! For removal see <a href="http://www.bleepingcomputer.com/forums/topic17258.html" target="_blank">here</a>
92167. Source=Paul Collins Startup list
92168.  
92169. [WindowsFY]
92170. Number=13084
92171. Confirmed=X
92172. Filename=[path to trojan]
92173. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakealee.html" target=_blank>FAKEALE-E</a> TROJAN!
92174. Source=Paul Collins Startup list
92175.  
92176. [WindowsFZ]
92177. Number=13085
92178. Confirmed=X
92179. Filename=[path to file]
92180. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-1823-99" target=_blank>DESKTOPHIJACK</a> VIRUS! Also see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062016-5052-99" target=_blank>DESKTOPHIJACK.B</a> TROJAN!
92181. Source=Paul Collins Startup list
92182.  
92183. [WindowsFZ]
92184. Number=13086
92185. Confirmed=X
92186. Filename=A5281300.so
92187. Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
92188. Source=Paul Collins Startup list
92189.  
92190. [WindowsFZ]
92191. Number=13087
92192. Confirmed=X
92193. Filename=zloader3.exe
92194. Description=Variant of the SmitFraud alias <a href="http://www.sophos.com/virusinfo/analyses/trojfakealec.html" target=_blank>FAKEALE-C</a> TROJAN!
92195. Source=Paul Collins Startup list
92196.  
92197. [WindowsKeyUpdate]
92198. Number=13088
92199. Confirmed=X
92200. Filename=master.exe
92201. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110315-1650-99" target="_blank">JOSAM</a> WORM!
92202. Source=Paul Collins Startup list
92203.  
92204. [WindowsMGM]
92205. Number=13089
92206. Confirmed=X
92207. Filename=Winmgm32.exe
92208. Description=Added by the <a href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99950" target="_blank">SOBIG.A</a> WORM and <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080516-5345-99" target="_blank">LALA.C</a> TROJAN!
92209. Source=Paul Collins Startup list
92210.  
92211. [WindowsProtocolLog]
92212. Number=13090
92213. Confirmed=X
92214. Filename=lsadst.exe
92215. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-013111-4821-99" target=_blank>NANINF.C</a> TROJAN!
92216. Source=Paul Collins Startup list
92217.  
92218. [WindowsReg% update]
92219. Number=13091
92220. Confirmed=X
92221. Filename=[random filename].exe
92222. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothh.html" target=_blank>RBOT-HH</a> WORM!
92223. Source=Paul Collins Startup list
92224.  
92225. [WindowsRegistration]
92226. Number=13092
92227. Confirmed=X
92228. Filename=[random filename]
92229. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotno.html" target=_blank>RBOT-NO</a> WORM!
92230.  
92231. Source=Paul Collins Startup list
92232.  
92233. [WindowsRegKey Autoupdate]
92234. Number=13093
92235. Confirmed=X
92236. Filename=[random filename]
92237. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
92238. Source=Paul Collins Startup list
92239.  
92240. [WindowsRegKey upd4te2d4te]
92241. Number=13094
92242. Confirmed=X
92243. Filename=*********.exe [* = random char]
92244. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.XQ" target=_blank>RBOT.XQ</a> WORM!
92245. Source=Paul Collins Startup list
92246.  
92247. [WindowsRegKey update]
92248. Number=13095
92249. Confirmed=X
92250. Filename=winupdate.exe
92251. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqj.html" target=_blank>RBOT-QJ</a> WORM!
92252. Source=Paul Collins Startup list
92253.  
92254. [WindowsRegKey update]
92255. Number=13096
92256. Confirmed=X
92257. Filename=windns.exe
92258. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IE" target="_blank">RBOT.IE</a> WORM!
92259. Source=Paul Collins Startup list
92260.  
92261. [WindowsRegKey update]
92262. Number=13097
92263. Confirmed=X
92264. Filename=WinUpdate32.exe
92265. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagw.html" target=_blank>RBOT-AGW</a> WORM!
92266. Source=Paul Collins Startup list
92267.  
92268. [WindowsRegKey update]
92269. Number=13098
92270. Confirmed=X
92271. Filename=winupdatexx.exe
92272. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LW&VSect=P" target=_blank>RBOT.LW</a> WORM!
92273. Source=Paul Collins Startup list
92274.  
92275. [WindowsRegKey update]
92276. Number=13099
92277. Confirmed=X
92278. Filename=[random filename]
92279. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QT&VSect=T" target=_blank>RBOT.QT</a> WORM!
92280. Source=Paul Collins Startup list
92281.  
92282. [WindowsRegKey update]
92283. Number=13100
92284. Confirmed=X
92285. Filename=svchoosts.exe
92286. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADB&VSect=T" target=_blank>RBOT.ADB</a> WORM!
92287. Source=Paul Collins Startup list
92288.  
92289. [WindowsRegKey update]
92290. Number=13101
92291. Confirmed=X
92292. Filename=svchostc.exe
92293. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IF&VSect=T" target=_blank>RBOT.IF</a> WORM!
92294. Source=Paul Collins Startup list
92295.  
92296. [WindowsRegKey update]
92297. Number=13102
92298. Confirmed=X
92299. Filename=wdnupdate.exe
92300. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.QX&VSect=T" target=_blank>SDBOT.QX</a> WORM!
92301. Source=Paul Collins Startup list
92302.  
92303. [WindowsRegKey update]
92304. Number=13103
92305. Confirmed=X
92306. Filename=Windowsup.exe
92307. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PU&VSect=T" target=_blank>SDBOT.PU</a> WORM!
92308. Source=Paul Collins Startup list
92309.  
92310. [WindowsRegKey update]
92311. Number=13104
92312. Confirmed=X
92313. Filename=WINUPDATES.EXE
92314. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotmm.html" target=_blank>RBOT-MM</a> WORM!
92315. Source=Paul Collins Startup list
92316.  
92317. [WindowsRegKey update]
92318. Number=13105
92319. Confirmed=X
92320. Filename=rkbuouoxfl.exe
92321. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoo.html" target="_blank">RBOT-OO</a> WORM!
92322. Source=Paul Collins Startup list
92323.  
92324. [WindowsRegKey update]
92325. Number=13106
92326. Confirmed=X
92327. Filename=winsys.exe
92328. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotjy.html" target="_blank">RBOT-JY</a> WORM!
92329. Source=Paul Collins Startup list
92330.  
92331. [WindowsRegKey update]
92332. Number=13107
92333. Confirmed=X
92334. Filename=winupdat32.exe
92335. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotagw.html" target="_blank">RBOT-AGW</a> WORM!
92336. Source=Paul Collins Startup list
92337.  
92338. [WindowsRegKey update XP]
92339. Number=13108
92340. Confirmed=X
92341. Filename=windexv1.exe
92342. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotabm.html" target= blank>RBOT-ABM</a> WORM!
92343. Source=Paul Collins Startup list
92344.  
92345. [WindowsRegKey%$ update]
92346. Number=13109
92347. Confirmed=X
92348. Filename=msi332.exe
92349. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotix.html" target="_blank">RBOT-IX</a> WORM!
92350. Source=Paul Collins Startup list
92351.  
92352. [WindowsRegKey%update]
92353. Number=13110
92354. Confirmed=X
92355. Filename=ethernet32m.exe
92356. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rboten.html" target=_blank>RBOT-EN</a> WORM!
92357.  
92358. Source=Paul Collins Startup list
92359.  
92360. [WindowsRegKeys update]
92361. Number=13111
92362. Confirmed=X
92363. Filename=winsysi.exe
92364. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WE" target="_blank">SDBOT.WE</a> WORM!
92365. Source=Paul Collins Startup list
92366.  
92367. [WindowsSetup]
92368. Number=13112
92369. Confirmed=X
92370. Filename=[path to trojan]
92371. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090313-0857-99" target="_blank">EZBOT</a> TROJAN!
92372. Source=Paul Collins Startup list
92373.  
92374. [WindowsSystem32]
92375. Number=13113
92376. Confirmed=X
92377. Filename=asper.exe
92378. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentefp.html" target="_blank">AGENT-EFP</a> TROJAN!
92379. Source=Paul Collins Startup list
92380.  
92381. [WindowsSystem32]
92382. Number=13114
92383. Confirmed=X
92384. Filename=svchosts.exe
92385. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagenteda.html" target="_blank">AGENT-EDA</a> TROJAN!
92386. Source=Paul Collins Startup list
92387.  
92388. [windowstime.exe]
92389. Number=13115
92390. Confirmed=X
92391. Filename=windowstime.exe
92392. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraqv.html" target="_blank">AQV</a> TROJAN!
92393. Source=Paul Collins Startup list
92394.  
92395. [WindowsUpd]
92396. Number=13116
92397. Confirmed=X
92398. Filename=WindowsUpd4.exe
92399. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
92400. Source=Paul Collins Startup list
92401.  
92402. [WindowsUpd1]
92403. Number=13117
92404. Confirmed=X
92405. Filename=WindowsUpd1.exe
92406. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
92407. Source=Paul Collins Startup list
92408.  
92409. [WindowsUpd2]
92410. Number=13118
92411. Confirmed=X
92412. Filename=WindowsUpd2.exe
92413. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99" target="_blank">VirtuMonde</a> adware
92414. Source=Paul Collins Startup list
92415.  
92416. [WindowsUpdate]
92417. Number=13119
92418. Confirmed=X
92419. Filename=windows_update.exe
92420. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-071416-4105-99" target="_blank">LOFNI</a> WORM!
92421. Source=Paul Collins Startup list
92422.  
92423. [WindowsUpdate]
92424. Number=13120
92425. Confirmed=X
92426. Filename=svchost.exe
92427. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082710-5900-99" target="_blank">ASTEF</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100514-2403-99" target="_blank">RESPAN</a> WORMS or <a href="http://www.sophos.com/virusinfo/analyses/trojagentv.html" target="_blank">AGENT-V</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
92428. Source=Paul Collins Startup list
92429.  
92430. [windowsupdate]
92431. Number=13121
92432. Confirmed=X
92433. Filename=RPCX1sQ3.exe
92434. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100713-2421-99" target="_blank">IRCBOT.B</a> TROJAN!
92435. Source=Paul Collins Startup list
92436.  
92437. [WindowsUpdate]
92438. Number=13122
92439. Confirmed=X
92440. Filename=USRINIT.EXE
92441. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041219-0627-99" target="_blank">MADDIS.B</a> WORM!
92442. Source=Paul Collins Startup list
92443.  
92444. [windowsupdate]
92445. Number=13123
92446. Confirmed=X
92447. Filename=winupdate.exe
92448. Description=Added by the <a href="http://vil.nai.com/vil/content/Print100484.htm" target= blank>WARPI</a> WORM!
92449. Source=Paul Collins Startup list
92450.  
92451. [WindowsUpdate]
92452. Number=13124
92453. Confirmed=X
92454. Filename=svchost.exe
92455. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbdoorik.html" target=_blank>IK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
92456. Source=Paul Collins Startup list
92457.  
92458. [WindowsUpdate]
92459. Number=13125
92460. Confirmed=X
92461. Filename=winnnint.exe
92462. Description=Added by an unidentified WORM or TROJAN!
92463. Source=Paul Collins Startup list
92464.  
92465. [WindowsUpdate]
92466. Number=13126
92467. Confirmed=X
92468. Filename=[path to file]
92469. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupab.html" target=_blank>DUPA-B</a> TROJAN!
92470. Source=Paul Collins Startup list
92471.  
92472. [WindowsUpdate]
92473. Number=13127
92474. Confirmed=X
92475. Filename=dupadupam2.exe
92476. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupab.html" target=_blank>DUPA-B</a> TROJAN!
92477. Source=Paul Collins Startup list
92478.  
92479. [WindowsUpdate]
92480. Number=13128
92481. Confirmed=X
92482. Filename=svchostw.exe
92483. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100222" target="_blank">COBFINN_B</a> TROJAN!
92484. Source=Paul Collins Startup list
92485.  
92486. [WindowsUpdate renew]
92487. Number=13129
92488. Confirmed=X
92489. Filename=iexplore.exe
92490. Description=Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
92491. Source=Paul Collins Startup list
92492.  
92493. [WindowsUpdate Service]
92494. Number=13130
92495. Confirmed=X
92496. Filename=wuautlc.exe
92497. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotnr.html" target=_blank>RBOT-NR</a> WORM!
92498.  
92499. Source=Paul Collins Startup list
92500.  
92501. [Windowsupdate Service]
92502. Number=13131
92503. Confirmed=X
92504. Filename=csrss.exe
92505. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32babab.html" target=_blank>BABA-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder (ie, C:\)
92506. Source=Paul Collins Startup list
92507.  
92508. [WindowsUpdateDirect]
92509. Number=13132
92510. Confirmed=X
92511. Filename=dupadirect.exe
92512. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdupac.html" target=_blank>DUPA-C</a> TROJAN!
92513. Source=Paul Collins Startup list
92514.  
92515. [WindowsUpdatem1]
92516. Number=13133
92517. Confirmed=X
92518. Filename=[path to file]
92519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentaaj.html" target=_blank>AGENT-AAJ</a> TROJAN!
92520. Source=Paul Collins Startup list
92521.  
92522. [WindowsUpdatem2]
92523. Number=13134
92524. Confirmed=X
92525. Filename=svchost.exe
92526. Description=Added by an unidentified WORM or TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
92527. Source=Paul Collins Startup list
92528.  
92529. [WindowsUpdateNT]
92530. Number=13135
92531. Confirmed=X
92532. Filename=svwhost.exe
92533. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojshellotb.html" target=_blank>SHELLOT-B</a> TROJAN!
92534. Source=Paul Collins Startup list
92535.  
92536. [WindowsUpdateR]
92537. Number=13136
92538. Confirmed=X
92539. Filename=regserv.exe
92540. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453100222" target="_blank">COBFINN_B</a> TROJAN!
92541. Source=Paul Collins Startup list
92542.  
92543. [WindowsXP Module]
92544. Number=13137
92545. Confirmed=X
92546. Filename=DirectX3D.exe
92547. Description=Malware, reportedly a keylogger - see <a href="http://www.anti-spy.info/process/directx3d.exe.html" target=_blank>here</a>
92548. Source=Paul Collins Startup list
92549.  
92550. [WindowsXP Update]
92551. Number=13138
92552. Confirmed=X
92553. Filename=windowsxpupdate.exe
92554. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotpb.html" target=_blank>RBOT-PB</a> WORM!
92555.  
92556. Source=Paul Collins Startup list
92557.  
92558. [WindowsXPserv]
92559. Number=13139
92560. Confirmed=X
92561. Filename=svcnxp32.exe
92562. Description=Addee by the <a href="http://www.sophos.com/virusinfo/analyses/trojnaninfa.html" target=_blank>NANINF-A</a> TROJAN!
92563. Source=Paul Collins Startup list
92564.  
92565. [Windows_LowLevel_Security_Core]
92566. Number=13140
92567. Confirmed=X
92568. Filename=lsass.exe
92569. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpadmina.html" target=_blank>PADMIN-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Repair" subfolder of the Winnt or Windows folder
92570. Source=Paul Collins Startup list
92571.  
92572. [Windows_Protect]
92573. Number=13141
92574. Confirmed=X
92575. Filename=winsystem.exe
92576. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
92577. Source=Paul Collins Startup list
92578.  
92579. [Windows_Protect]
92580. Number=13142
92581. Confirmed=X
92582. Filename=winregal.exe
92583. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
92584. Source=Paul Collins Startup list
92585.  
92586. [Windows_Protect]
92587. Number=13143
92588. Confirmed=X
92589. Filename=lsas.exe
92590. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ARO&VSect=P" target=_blank>RBOT.ARO</a> WORM!
92591. Source=Paul Collins Startup list
92592.  
92593. [Windows_Protect]
92594. Number=13144
92595. Confirmed=X
92596. Filename=wincontrol32.exe
92597. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotadk.html" target=_blank>RBOT-ADK</a> WORM!
92598. Source=Paul Collins Startup list
92599.  
92600. [Windows_Serivce]
92601. Number=13145
92602. Confirmed=X
92603. Filename=SERVICE.exe
92604. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.AH" target="_blank">WOOTBOT.AH</a> WORM!
92605. Source=Paul Collins Startup list
92606.  
92607. [Windows_Updates]
92608. Number=13146
92609. Confirmed=X
92610. Filename=svthost.exe
92611. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
92612. Source=Paul Collins Startup list
92613.  
92614. [Windows_VXD]
92615. Number=13147
92616. Confirmed=X
92617. Filename=user32.exe
92618. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081016-1817-99" target="_blank">PPORT</a> TROJAN!
92619. Source=Paul Collins Startup list
92620.  
92621. [Windowz]
92622. Number=13148
92623. Confirmed=X
92624. Filename=[original worm filename].vbs
92625. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052514-5831-99" target=_blank>NUKIP</a> WORM!
92626. Source=Paul Collins Startup list
92627.  
92628. [Windowz Update V2.0]
92629. Number=13149
92630. Confirmed=X
92631. Filename=Explorer.exe
92632. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082916-1108-99" target="_blank">YODO</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
92633. Source=Paul Collins Startup list
92634.  
92635. [Windoxs Update Center]
92636. Number=13150
92637. Confirmed=X
92638. Filename=W32RfSA.exe
92639. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
92640. Source=Paul Collins Startup list
92641.  
92642. [WinDrg32]
92643. Number=13151
92644. Confirmed=X
92645. Filename=windrg32.exe
92646. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DRUDGEBOT.A&VSect=P" target=_blank>DRUDGEBOT.A</a> WORM!
92647. Source=Paul Collins Startup list
92648.  
92649. [WinDriv32]
92650. Number=13152
92651. Confirmed=X
92652. Filename=WinDriv32.exe
92653. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallba.html" target=_blank>SMALL-BA</a> TROJAN!
92654. Source=Paul Collins Startup list
92655.  
92656. [WinDriver Configuration]
92657. Number=13153
92658. Confirmed=X
92659. Filename=windrvconf.exe
92660. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotlx.html" target=_blank>AGOBOT-LX</a> TROJAN!
92661. Source=Paul Collins Startup list
92662.  
92663. [WinDrives]
92664. Number=13154
92665. Confirmed=X
92666. Filename=WinDrives.EXE
92667. Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=WORM_SMALL.DIG" target="_blank">SMALL.DIG</a> WORM!
92668. Source=Paul Collins Startup list
92669.  
92670. [WINDRUN]
92671. Number=13155
92672. Confirmed=X
92673. Filename=taskgmrs.exe
92674. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbt.html" target= blank>MYTOB-BT</a> WORM!
92675. Source=Paul Collins Startup list
92676.  
92677. [windrv]
92678. Number=13156
92679. Confirmed=X
92680. Filename=windrv32.exe
92681. Description=Added by an unidentified VIRUS, WORM or TROJAN! - possibly a strain of OBLIVION or BIONET
92682. Source=Paul Collins Startup list
92683.  
92684. [WinDrv]
92685. Number=13157
92686. Confirmed=X
92687. Filename=windrvx.exe
92688. Description=Added by a variant of the TIBSER.A downloader TROJAN!
92689. Source=Paul Collins Startup list
92690.  
92691. [WinDSL MTU-Adjust]
92692. Number=13158
92693. Confirmed=U
92694. Filename=WinDSL_MTU.exe
92695. Description=Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung
92696. Source=Paul Collins Startup list
92697.  
92698. [WinDSL_MTU]
92699. Number=13159
92700. Confirmed=?
92701. Filename=WinDSL_MTU.exe
92702. Description=<font color="#FF0000">May be realted to Tiscali broadband, if so is it required?</font>
92703. Source=Paul Collins Startup list
92704.  
92705. [WinDSNX]
92706. Number=13160
92707. Confirmed=X
92708. Filename=Win????.exe
92709. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-013013-1836-99" target="_blank">DSNX</a> TROJAN!
92710. Source=Paul Collins Startup list
92711.  
92712. [WindUpdates]
92713. Number=13161
92714. Confirmed=X
92715. Filename=[path to trojan]
92716. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF" target="_blank">AGENT.BF</a> TROJAN!
92717. Source=Paul Collins Startup list
92718.  
92719. [WindUpdates]
92720. Number=13162
92721. Confirmed=X
92722. Filename=WinUpdt.exe
92723. Description=Windupdates adware variant
92724. Source=Paul Collins Startup list
92725.  
92726. [WINDVDpatch]
92727. Number=13163
92728. Confirmed=U
92729. Filename=CTHELPER.EXE
92730. Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
92731. Source=Paul Collins Startup list
92732.  
92733. [WinDVR SchSvr]
92734. Number=13164
92735. Confirmed=N
92736. Filename=SchSvr.exe
92737. Description=<a href="http://www.intervideo.com" target="_blank">WinScheduler</a> is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
92738. Source=Paul Collins Startup list
92739.  
92740. [WinDVRCtrl]
92741. Number=13165
92742. Confirmed=N
92743. Filename=WinDVRCtrl.exe
92744. Description=Control center software for an AOpen VA1000 TV tuner card
92745. Source=Paul Collins Startup list
92746.  
92747. [Windws Configuration Loader]
92748. Number=13166
92749. Confirmed=X
92750. Filename=LEXPLORE.exe
92751. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122711-0535-99" target="_blank">SODABOT</a> WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
92752. Source=Paul Collins Startup list
92753.  
92754. [WinEssential]
92755. Number=13167
92756. Confirmed=X
92757. Filename=Keyhost.exe
92758. Description=Hijacker - hailing from jraun.com
92759. Source=Paul Collins Startup list
92760.  
92761. [WinEssential]
92762. Number=13168
92763. Confirmed=X
92764. Filename=keyword.exe
92765. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-011620-4533-99" target="_blank">Jraun</a> adware
92766. Source=Paul Collins Startup list
92767.  
92768. [WinEx]
92769. Number=13169
92770. Confirmed=X
92771. Filename=lexplore_.exe
92772. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmsnopta.html" target=_blank>MSNOPT-A</a> TROJAN!
92773. Source=Paul Collins Startup list
92774.  
92775. [WinExec]
92776. Number=13170
92777. Confirmed=X
92778. Filename=Winexec.exe.vbs
92779. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062520-3058-99" target="_blank">AINESEY.A</a> WORM!
92780. Source=Paul Collins Startup list
92781.  
92782. [WinExec]
92783. Number=13171
92784. Confirmed=X
92785. Filename=WinExec.exe
92786. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32falusa.html" target=_blank>FALUS-A</a> WORM!
92787. Source=Paul Collins Startup list
92788.  
92789. [WinExec]
92790. Number=13172
92791. Confirmed=X
92792. Filename=Lsass.exe
92793. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32crutleb.html" target=_blank>CRUTLE-B</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
92794. Source=Paul Collins Startup list
92795.  
92796. [WinExec32]
92797. Number=13173
92798. Confirmed=X
92799. Filename=WinExec32.exe
92800. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100310-3235-99" target="_blank">KAZWIN</a> WORM!
92801. Source=Paul Collins Startup list
92802.  
92803. [WinFast Schedule]
92804. Number=13174
92805. Confirmed=U
92806. Filename=Wfwiz.exe
92807. Description=Leadtek WinFast TV tuner scheduler and remote control driver - required if you use the latter
92808. Source=Paul Collins Startup list
92809.  
92810. [Winfast2KLoadDefault]
92811. Number=13175
92812. Confirmed=U
92813. Filename=Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings
92814. Description=Loads default settings for Leadtek Winfast graphics cards
92815. Source=Paul Collins Startup list
92816.  
92817. [WinFastDTV]
92818. Number=13176
92819. Confirmed=U
92820. Filename=DTVSchdl.exe
92821. Description=Scheduler for <a href="http://www.leadtek.com/eng/tv_tuner/default.asp?lineid=6" target="_blank">WinFast DTV</a> digital TV cards from Leadtek Research Inc
92822. Source=Paul Collins Startup list
92823.  
92824. [Winfast_2K]
92825. Number=13177
92826. Confirmed=U
92827. Filename=WF2k.exe
92828. Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
92829. Source=Paul Collins Startup list
92830.  
92831. [WinFast_Gamma]
92832. Number=13178
92833. Confirmed=U
92834. Filename=Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings
92835. Description=Loads if you change the gamma settings on Leadtek WinFast graphics cards
92836. Source=Paul Collins Startup list
92837.  
92838. [WinFast_Taskbar]
92839. Number=13179
92840. Confirmed=U
92841. Filename=rundll32.exe wftask.dll, WFDllLoadDefaultSettings
92842. Description=Loads default settings for Leadtek WinFast graphics cards
92843. Source=Paul Collins Startup list
92844.  
92845. [WinFavorites]
92846. Number=13180
92847. Confirmed=X
92848. Filename=WinFavorites.exe1
92849. Description=Loudmarketing.com adware downloader
92850. Source=Paul Collins Startup list
92851.  
92852. [WinFax PRO]
92853. Number=13181
92854. Confirmed=N
92855. Filename=FAXMNG32.EXE
92856. Description=<a href="http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=pf&pvid=wfp10" target=_blank>WinFax PRO</a> from Symantec - fax management software
92857.  
92858. Source=Paul Collins Startup list
92859.  
92860. [WinFax PRO Controller]
92861. Number=13182
92862. Confirmed=N
92863. Filename=WFXCTL32.EXE
92864. Description=From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
92865. Source=Paul Collins Startup list
92866.  
92867. [WinFaxAppPortStarter]
92868. Number=13183
92869. Confirmed=Y
92870. Filename=wfxsnt40.exe
92871. Description=WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.
92872. Source=Paul Collins Startup list
92873.  
92874. [WinFire]
92875. Number=13184
92876. Confirmed=X
92877. Filename=WF.exe
92878. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfsy.html" target=_blank>DELF-SY</a> TROJAN!
92879. Source=Paul Collins Startup list
92880.  
92881. [WinFix service]
92882. Number=13185
92883. Confirmed=X
92884. Filename=rsswjzgp.exe
92885. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfae.html" target="_blank">RBOT-FAE</a> WORM!
92886. Source=Paul Collins Startup list
92887.  
92888. [WinFixer 2005]
92889. Number=13186
92890. Confirmed=X
92891. Filename=wfx5.exe
92892. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a "href=http://www.superadblocker.com/definition/wfx5/" target="_blank">here</a>
92893. Source=Paul Collins Startup list
92894.  
92895. [WinFixer helper]
92896. Number=13187
92897. Confirmed=X
92898. Filename=wfxcwr.exe
92899. Description=WinAntiSpyware 2005 by Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a "href=http://www.superadblocker.com/definition/wfxcwr/" target="_blank">here</a>
92900. Source=Paul Collins Startup list
92901.  
92902. [WinFixer service]
92903. Number=13188
92904. Confirmed=X
92905. Filename=[random filename].exe
92906. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
92907. Source=Paul Collins Startup list
92908.  
92909. [WinFixer2006]
92910. Number=13189
92911. Confirmed=X
92912. Filename=uwfx6.exe
92913. Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href=http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097528" target="_blank">here</a>
92914. Source=Paul Collins Startup list
92915.  
92916. [WinFlyer32.dll]
92917. Number=13190
92918. Confirmed=X
92919. Filename=WinFlyer32.dll
92920. Description=Added by the <a href="http://www.superadblocker.com/W/WINFLYER32.DLL-10415.html" target="_blank">WINFLYER</a> TROJAN!
92921. Source=Paul Collins Startup list
92922.  
92923. [winfont]
92924. Number=13191
92925. Confirmed=X
92926. Filename=winfont.exe
92927. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-120618-2524-99" target="_blank">DEATH</a> TROJAN!
92928. Source=Paul Collins Startup list
92929.  
92930. [winform]
92931. Number=13192
92932. Confirmed=X
92933. Filename=winform.exe
92934. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsalb.html" target="_blank">PWS-ALB</a> TROJAN!
92935. Source=Paul Collins Startup list
92936.  
92937. [WinFoxV2]
92938. Number=13193
92939. Confirmed=U
92940. Filename=WF2k.exe
92941. Description=System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
92942. Source=Paul Collins Startup list
92943.  
92944. [WinFX]
92945. Number=13194
92946. Confirmed=X
92947. Filename=cssrs.exe
92948. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX" target="_blank">AGOBOT.FX</a> WORM!
92949. Source=Paul Collins Startup list
92950.  
92951. [WinGate]
92952. Number=13195
92953. Confirmed=X
92954. Filename=WinGate.exe
92955. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
92956. Source=Paul Collins Startup list
92957.  
92958. [WinGate Engine Monitor]
92959. Number=13196
92960. Confirmed=U
92961. Filename=wgengmon.exe
92962. Description=WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server
92963.  
92964. Source=Paul Collins Startup list
92965.  
92966. [WinGate initialize]
92967. Number=13197
92968. Confirmed=X
92969. Filename=WinGate.exe
92970. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
92971. Source=Paul Collins Startup list
92972.  
92973. [wingerver2.0.exe]
92974. Number=13198
92975. Confirmed=X
92976. Filename=wingerver2.0.exe
92977. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgraybrdae.html" target=_blank>GRAYBRD-AE</a> TROJAN!
92978. Source=Paul Collins Startup list
92979.  
92980. [wingo]
92981. Number=13199
92982. Confirmed=X
92983. Filename=wingo.exe
92984. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102910-4447-99" target=_blank>BEAGLE.AW</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102909-4914-99" target=_blank>BEAGLE.AV</a> WORMS!
92985.  
92986. Source=Paul Collins Startup list
92987.  
92988. [wingo]
92989. Number=13200
92990. Confirmed=X
92991. Filename=[various filenames]
92992. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32bagleau.html" target=_blank>BAGLE-AU</a> WORM!
92993. Source=Paul Collins Startup list
92994.  
92995. [WinGuage Pro]
92996. Number=13201
92997. Confirmed=N
92998. Filename=WGPRO32.EXE
92999. Description=Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
93000. Source=Paul Collins Startup list
93001.  
93002. [Winguard]
93003. Number=13202
93004. Confirmed=Y
93005. Filename=WGFE95.EXE
93006. Description=<a href="http://mcafee.digitalriver.com/dr/v2/ec_MAIN.Entry10?V1=371553&PN=1&SP=10023&xid=39695&DSP=&CUR=826&PGRP=0&CACHE_ID=0" target="_blank">Dr Solomon's Virex</a> antivirus
93007. Source=Paul Collins Startup list
93008.  
93009. [winguard]
93010. Number=13203
93011. Confirmed=Y
93012. Filename=wingrd32.exe
93013. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
93014. Source=Paul Collins Startup list
93015.  
93016. [WinGuard Pro]
93017. Number=13204
93018. Confirmed=U
93019. Filename=wgp.exe
93020. Description=<a href="http://www.winguardpro.com/" target="_blank">Winguard Pro</a>
93021. Source=Paul Collins Startup list
93022.  
93023. [WinHacker]
93024. Number=13205
93025. Confirmed=N
93026. Filename=rundll32.exe wh95.dll, HackMe
93027. Description=<a href="http://www.soft32.com/download_153.html" target="_blank">WinHacker</a> tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
93028. Source=Paul Collins Startup list
93029.  
93030. [Winhelp]
93031. Number=13206
93032. Confirmed=X
93033. Filename=winhe1p.exe
93034. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092815-0339-99" target="_blank">QQPASS.E</a> TROJAN!
93035. Source=Paul Collins Startup list
93036.  
93037. [WinHelp]
93038. Number=13207
93039. Confirmed=X
93040. Filename=WinHelp.exe
93041. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM! Note - "winhelp.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "winhelp.exe" resides in C:\Windows or C:\Winnt
93042. Source=Paul Collins Startup list
93043.  
93044. [WinHelp]
93045. Number=13208
93046. Confirmed=X
93047. Filename=realsched.exe
93048. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
93049. Source=Paul Collins Startup list
93050.  
93051. [Winhelp]
93052. Number=13209
93053. Confirmed=X
93054. Filename=TkBellExe.exe...
93055. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021916-4352-99" target="_blank">LOVGATE</a> WORM!
93056. Source=Paul Collins Startup list
93057.  
93058. [winhelp]
93059. Number=13210
93060. Confirmed=X
93061. Filename=winhelp.exe
93062. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090617-1926-99" target=_blank>BLACKMAL.C</a> WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
93063. Source=Paul Collins Startup list
93064.  
93065. [winhelp]
93066. Number=13211
93067. Confirmed=X
93068. Filename=dns32.exe
93069. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
93070. Source=Paul Collins Startup list
93071.  
93072. [winhelp]
93073. Number=13212
93074. Confirmed=X
93075. Filename=Updadv.exe
93076. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojqqpassn.html" target=_blank>QQPASS-N</a> TROJAN!
93077. Source=Paul Collins Startup list
93078.  
93079. [winhlp.exe]
93080. Number=13213
93081. Confirmed=X
93082. Filename=winhlp.exe
93083. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011909-3359-99" target=_blank>FORMGLIEDER</a> TROJAN!
93084. Source=Paul Collins Startup list
93085.  
93086. [winhlp3.exe]
93087. Number=13214
93088. Confirmed=X
93089. Filename=winhlp3.exe
93090. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
93091. Source=Paul Collins Startup list
93092.  
93093. [Winhlp32]
93094. Number=13215
93095. Confirmed=X
93096. Filename=Wscript.exe ..Msexec32.vbs
93097. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GANT.B" target="_blank">GANT.B</a> WORM!
93098. Source=Paul Collins Startup list
93099.  
93100. [winhlp32.exe]
93101. Number=13216
93102. Confirmed=X
93103. Filename=winhlp32.exe
93104. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089426" target="_blank">EASTO.A</a> TROJAN!
93105. Source=Paul Collins Startup list
93106.  
93107. [winhlpp32.exe]
93108. Number=13217
93109. Confirmed=X
93110. Filename=winhlpp32.exe
93111. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040112-0028-99" target="_blank">GAOBOT.SY</a> WORM!
93112. Source=Paul Collins Startup list
93113.  
93114. [Winhost]
93115. Number=13218
93116. Confirmed=X
93117. Filename=wintt.exe
93118. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOLAWEB.B" target="_blank">LOLAWEB.B</a> TROJAN!
93119. Source=Paul Collins Startup list
93120.  
93121. [Winhost]
93122. Number=13219
93123. Confirmed=X
93124. Filename=win.exe
93125. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderap.html" target="_blank">DLOADER-AP</a> TROJAN!
93126. Source=Paul Collins Startup list
93127.  
93128. [Winhost]
93129. Number=13220
93130. Confirmed=X
93131. Filename=yahoo.exe
93132. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkm.html" target= blank>DELF-KM</a> TROJAN!
93133. Source=Paul Collins Startup list
93134.  
93135. [Winhost]
93136. Number=13221
93137. Confirmed=X
93138. Filename=winhost.exe
93139. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_REATLE.F&VSect=P" target=_blank>REATLE.F</a> WORM!
93140. Source=Paul Collins Startup list
93141.  
93142. [winhost.exe]
93143. Number=13222
93144. Confirmed=X
93145. Filename=winhost.exe
93146. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlohavr.html" target= blank>LOHAV-R</a> TROJAN!
93147. Source=Paul Collins Startup list
93148.  
93149. [winhost32.exe]
93150. Number=13223
93151. Confirmed=X
93152. Filename=winhost32.exe
93153. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121714-1300-99" target=_blank>TABDIM</a> TROJAN!
93154. Source=Paul Collins Startup list
93155.  
93156. [WinHound]
93157. Number=13224
93158. Confirmed=N
93159. Filename=WinHound.exe
93160. Description=Spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
93161. Source=Paul Collins Startup list
93162.  
93163. [WinIeRun]
93164. Number=13225
93165. Confirmed=X
93166. Filename=winierun.exe
93167. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojrnwatcha.html" target=_blank>RNWATCH-A</a> WORM!
93168. Source=Paul Collins Startup list
93169.  
93170. [winimage]
93171. Number=13226
93172. Confirmed=X
93173. Filename=wvsvc.exe
93174. Description=Added by the <a href="http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?VName=WORM_RBOT.TX" target=_blank>RBOT.TX</a> WORM!
93175. Source=Paul Collins Startup list
93176.  
93177. [WinINet]
93178. Number=13227
93179. Confirmed=X
93180. Filename=services.exe
93181. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32soberp.html" target=_blank>SOBER-P</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus" subfolder of the Windows or Winnt folder
93182. Source=Paul Collins Startup list
93183.  
93184. [wininet]
93185. Number=13228
93186. Confirmed=X
93187. Filename=wininet.exe
93188. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32stubbotc.html" target=_blank>STUBBOT-C</a> WORM!
93189. Source=Paul Collins Startup list
93190.  
93191. [wininet32]
93192. Number=13229
93193. Confirmed=X
93194. Filename=wininet32.exe
93195. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojraznewa.html" target="_blank">RAZNEW-A</a> TROJAN!
93196. Source=Paul Collins Startup list
93197.  
93198. [wininetd]
93199. Number=13230
93200. Confirmed=X
93201. Filename=wininetd.exe
93202. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-052013-3927-99" target="_blank">WINET</a> TROJAN!
93203. Source=Paul Collins Startup list
93204.  
93205. [wininit]
93206. Number=13231
93207. Confirmed=X
93208. Filename=wininit.exe
93209. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-082707-4421-99" target="_blank">WOLLF.16</a> TROJAN!
93210. Source=Paul Collins Startup list
93211.  
93212. [WinInit]
93213. Number=13232
93214. Confirmed=X
93215. Filename=Win86.exe
93216. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallpb.html" target= blank>SMALL-PB</a> TROJAN!
93217. Source=Paul Collins Startup list
93218.  
93219. [winint]
93220. Number=13233
93221. Confirmed=X
93222. Filename=winint.exe
93223. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotada.html" target=_blank>SDBOT-ADA</a> WORM!
93224. Source=Paul Collins Startup list
93225.  
93226. [winipsec]
93227. Number=13234
93228. Confirmed=X
93229. Filename=winipsec.exe
93230. Description=Unidentified malware
93231. Source=Paul Collins Startup list
93232.  
93233. [WinIRXHelper]
93234. Number=13235
93235. Confirmed=U
93236. Filename=WinIRXHelper.exe
93237. Description=MSI Media Center Deluxe software - see <a href="http://www.msi.com.tw/html/products/vga/vga_htm/mediacenter_2o.htm" target=_blank>here</a>
93238. Source=Paul Collins Startup list
93239.  
93240. [winis]
93241. Number=13236
93242. Confirmed=X
93243. Filename=winis.exe
93244. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwi.html" target=_blank>RBOT-WI</a> WORM!
93245. Source=Paul Collins Startup list
93246.  
93247. [Wink*.exe]
93248. Number=13237
93249. Confirmed=X
93250. Filename=Wink*.exe [* = random char]
93251. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-041714-3225-99" target="_blank">KLEZ</a> WORM!
93252. Source=Paul Collins Startup list
93253.  
93254. [Winkb6]
93255. Number=13238
93256. Confirmed=U
93257. Filename=winkb6.exe
93258. Description=Part of <a href="http://weblocker.fameleads.com/" target="_blank">We-Blocker</a> - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content. Works in conjunction with <a href="http://www.sysinfo.org/startuplist.php?filter=SYSWB6" target="_blank">Winkb6</a> and both files are needed to run We-Blocker
93259. Source=Paul Collins Startup list
93260.  
93261. [WinKernel]
93262. Number=13239
93263. Confirmed=X
93264. Filename=WinKer.exe
93265. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-062114-0920-99" target="_blank">MIRAB</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SERVIDOR.C" target="_blank">SERVIDOR</a> TROJANS!
93266. Source=Paul Collins Startup list
93267.  
93268. [WinKernel]
93269. Number=13240
93270. Confirmed=X
93271. Filename=[path to worm]
93272. Description=Added by the <a href"http://www.symantec.com/security_response/writeup.jsp?docid=2003-111116-1342-99" target="_blank">PLEA</a> VIRUS!
93273. Source=Paul Collins Startup list
93274.  
93275. [winkernel32]
93276. Number=13241
93277. Confirmed=X
93278. Filename=wWin32.com
93279. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-021212-0651-99" target="_blank">BANSAP</a> TROJAN!
93280. Source=Paul Collins Startup list
93281.  
93282. [WinKey]
93283. Number=13242
93284. Confirmed=U
93285. Filename=winkey.exe
93286. Description=Loads <a href="http://www.copernic.com/winkey/" target="_blank">Copernic's WinKey</a>. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
93287. Source=Paul Collins Startup list
93288.  
93289. [winla]
93290. Number=13243
93291. Confirmed=X
93292. Filename=winla.exe
93293. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadraql.html" target="_blank">DLOADR-AQL</a> TROJAN!
93294. Source=Paul Collins Startup list
93295.  
93296. [winldr]
93297. Number=13244
93298. Confirmed=X
93299. Filename=[path to file]
93300. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvidlop.html" target=_blank>VIDLO-P</a> TROJAN!
93301. Source=Paul Collins Startup list
93302.  
93303. [winldr]
93304. Number=13245
93305. Confirmed=X
93306. Filename=Rechnung.pdf.exe
93307. Description=Added by the <a href="http://vil.nai.com/vil/content/v_134667.htm" target=_blank>ACS</a> TROJAN!
93308. Source=Paul Collins Startup list
93309.  
93310. [winlgz2]
93311. Number=13246
93312. Confirmed=X
93313. Filename=winlgz2.exe
93314. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilq.html" target=_blank>KILLFIL-Q</a> TROJAN!
93315. Source=Paul Collins Startup list
93316.  
93317. [winlibs.exe]
93318. Number=13247
93319. Confirmed=X
93320. Filename=winlibs.exe
93321. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080314-2340-99" target="_blank">EVAMAN.C</a> WORM!
93322. Source=Paul Collins Startup list
93323.  
93324. [WinLibUpdate]
93325. Number=13248
93326. Confirmed=X
93327. Filename=libupdate.exe
93328. Description=Added by the BIONET series of TROJANS such as <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.31" target="_blank">BIONET.31</a> or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.310" target="_blank">BIONET.310</a>
93329. Source=Paul Collins Startup list
93330.  
93331. [WinLibUpdate32]
93332. Number=13249
93333. Confirmed=X
93334. Filename=libupdate32.exe
93335. Description=Added by the BIONET.405 TROJAN!
93336. Source=Paul Collins Startup list
93337.  
93338. [WinLibUpdte]
93339. Number=13250
93340. Confirmed=X
93341. Filename=libupdte.exe
93342. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.318" target="_blank">BIONET.318</a> TROJAN!
93343. Source=Paul Collins Startup list
93344.  
93345. [winligom]
93346. Number=13251
93347. Confirmed=X
93348. Filename=winligom.exe
93349. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgai.html" target="_blank">RBOT-GAI</a> WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
93350. Source=Paul Collins Startup list
93351.  
93352. [Winlink]
93353. Number=13252
93354. Confirmed=X
93355. Filename=winlink32.exe
93356. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041513-0645-99" target="_blank">GAOBOT.AAY</a> WORM!
93357. Source=Paul Collins Startup list
93358.  
93359. [Winlme]
93360. Number=13253
93361. Confirmed=X
93362. Filename=windll.exe
93363. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOP.F" target="_blank">GOP.F</a> WORM!
93364. Source=Paul Collins Startup list
93365.  
93366. [WinLoad]
93367. Number=13254
93368. Confirmed=U
93369. Filename=Winload.exe
93370. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.pctattletale.html" target="_blank">PCTattletale</a> is a surveillance software program that monitors user activity, logs keystrokes, and takes screenshots. Uninstall this software unless you put it there yourself
93371. Source=Paul Collins Startup list
93372.  
93373. [WinLoader]
93374. Number=13255
93375. Confirmed=X
93376. Filename=[random filename]
93377. Description=Added by variants of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B" target="_blank"> SUBSEVEN</a> TROJAN!
93378. Source=Paul Collins Startup list
93379.  
93380. [winlocatorupdate]
93381. Number=13256
93382. Confirmed=X
93383. Filename=updatewinlocator.exe
93384. Description=Locator adult content toolbar related
93385. Source=Paul Collins Startup list
93386.  
93387. [winlog]
93388. Number=13257
93389. Confirmed=X
93390. Filename=winlog.exe
93391. Description=Unidentified adware. Note - this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty
93392. Source=Paul Collins Startup list
93393.  
93394. [winlog]
93395. Number=13258
93396. Confirmed=X
93397. Filename=winlog.exe
93398. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.DF&VSect=T" target=_blank>GAOBOT_DF</a> WORM!
93399.  
93400. Source=Paul Collins Startup list
93401.  
93402. [winlog manager]
93403. Number=13259
93404. Confirmed=X
93405. Filename=winlog.exe
93406. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DONBOMB.A&VSect=P" target=_blank>DONBOMB.A</a> TROJAN!
93407. Source=Paul Collins Startup list
93408.  
93409. [WINLOG0N]
93410. Number=13260
93411. Confirmed=X
93412. Filename=WINLOG0N.EXE
93413. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040112-4708-99" target=_blank>MYDOOM.BI</a> WORM!
93414. Source=Paul Collins Startup list
93415.  
93416. [WinLogin]
93417. Number=13261
93418. Confirmed=X
93419. Filename=winlogin.exe
93420. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotix.html" target=_blank>AGOBOT-IX</a> WORM!
93421.  
93422. Source=Paul Collins Startup list
93423.  
93424. [winlogin]
93425. Number=13262
93426. Confirmed=X
93427. Filename=win32x.exe
93428. Description=Browser hijacker, also detetected as the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpadf.html" target= blank>STARTPA-DF</a> TROJAN!
93429. Source=Paul Collins Startup list
93430.  
93431. [Winlogin.exe]
93432. Number=13263
93433. Confirmed=X
93434. Filename=log.exe
93435. Description=Added by a variant of the AGENT.AH downloader TROJAN!
93436. Source=Paul Collins Startup list
93437.  
93438. [winlogin.exe]
93439. Number=13264
93440. Confirmed=X
93441. Filename=logfile.exe
93442. Description=Added by the AGENT.AH TROJAN!
93443. Source=Paul Collins Startup list
93444.  
93445. [winlogin.exe]
93446. Number=13265
93447. Confirmed=X
93448. Filename=mspaint.exe
93449. Description=Added by a variant of the AGENT.AH TROJAN!
93450. Source=Paul Collins Startup list
93451.  
93452. [Winlogin.exe]
93453. Number=13266
93454. Confirmed=X
93455. Filename=steam.exe
93456. Description=Added by a variant of the AGENT.AH TROJAN!
93457. Source=Paul Collins Startup list
93458.  
93459. [winlogoff]
93460. Number=13267
93461. Confirmed=X
93462. Filename=winlogoff.exe
93463. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobottr.html" target=_blank>AGOBOT-TR</a> WORM!
93464. Source=Paul Collins Startup list
93465.  
93466. [winlogon]
93467. Number=13268
93468. Confirmed=X
93469. Filename=winlogon.exe
93470. Description=Hijacker or adult content dialler! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
93471. Source=Paul Collins Startup list
93472.  
93473. [winlogon]
93474. Number=13269
93475. Confirmed=X
93476. Filename=winlogin.exe
93477. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081213-3232-99" target=_blank>RANDEX.E</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder
93478. Source=Paul Collins Startup list
93479.  
93480. [winlogon]
93481. Number=13270
93482. Confirmed=X
93483. Filename=winlogon.exe
93484. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122113-2532-99" target=_blank>TRODAL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a> process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
93485. Source=Paul Collins Startup list
93486.  
93487. [winlogon]
93488. Number=13271
93489. Confirmed=X
93490. Filename=msreg32.exe
93491. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.EO" target="_blank">SDBOT.EO</a> WORM!
93492. Source=Paul Collins Startup list
93493.  
93494. [winlogon]
93495. Number=13272
93496. Confirmed=X
93497. Filename=winlogon32.exe
93498. Description=Added by the <a href="http://www.eset.sk/asc/scriptless/msgs/maslanc.htm" target= blank>MASLAN.C</a> WORM!
93499. Source=Paul Collins Startup list
93500.  
93501. [winlogon]
93502. Number=13273
93503. Confirmed=X
93504. Filename=wpwlogon.exe
93505. Description=Added by an unidentified WORM or TROJAN!
93506. Source=Paul Collins Startup list
93507.  
93508. [WINLOGON]
93509. Number=13274
93510. Confirmed=X
93511. Filename=wscript.exe [System or System32]\WINLOGON.vbs
93512. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060115-2503-99" target=_blank>YPSAN.F</a> WORM!
93513. Source=Paul Collins Startup list
93514.  
93515. [Winlogon]
93516. Number=13275
93517. Confirmed=X
93518. Filename=lsass.exe
93519. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvbej.html" target=_blank>VB-EJ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
93520. Source=Paul Collins Startup list
93521.  
93522. [Winlogon]
93523. Number=13276
93524. Confirmed=X
93525. Filename=lsass.exe
93526. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32floppyb.html" target=_blank>FLOPPY-B</a> VIRUS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
93527. Source=Paul Collins Startup list
93528.  
93529. [winlogon]
93530. Number=13277
93531. Confirmed=X
93532. Filename=nvchost.exe
93533. Description=Added by an unidentified WORM or TROJAN!
93534. Source=Paul Collins Startup list
93535.  
93536. [winlogon service]
93537. Number=13278
93538. Confirmed=X
93539. Filename=urx.exe
93540. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EN" target=_blank>SPYBOT.EN</a> WORM!
93541. Source=Paul Collins Startup list
93542.  
93543. [Winlogon Shell]
93544. Number=13279
93545. Confirmed=X
93546. Filename=Explorer.exe [path] svchost.exe
93547. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022515-5003-99" target="_blank">KIPIS.M</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in System\1032 or System32\1032 subfolders
93548. Source=Paul Collins Startup list
93549.  
93550. [Winlogon.exe]
93551. Number=13280
93552. Confirmed=X
93553. Filename=N/A
93554. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant - resets home page to an adult content site
93555. Source=Paul Collins Startup list
93556.  
93557. [winlogon.exe]
93558. Number=13281
93559. Confirmed=X
93560. Filename=helper.exe
93561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespya.html" target= blank>FAKESPY-A</a> TROJAN!
93562. Source=Paul Collins Startup list
93563.  
93564. [winlogon.exe]
93565. Number=13282
93566. Confirmed=X
93567. Filename=msole32.exe
93568. Description=Adware, also detected as the <a href="http://www.sophos.com/virusinfo/analyses/trojfakespyb.html" target= blank>FAKESPY-B</a> TROJAN!
93569. Source=Paul Collins Startup list
93570.  
93571. [winlogon32_]
93572. Number=13283
93573. Confirmed=X
93574. Filename=[path to file]
93575. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target=_blank>RULAND.A</a> WORM!
93576. Source=Paul Collins Startup list
93577.  
93578. [Winlogun]
93579. Number=13284
93580. Confirmed=X
93581. Filename=winlogin.exe
93582. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32p2loadc.html" target=_blank>P2LOAD-C</a> WORM!
93583. Source=Paul Collins Startup list
93584.  
93585. [WinLsass]
93586. Number=13285
93587. Confirmed=X
93588. Filename=servicec.exe
93589. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082615-2846-99" target="_blank">SCANE</a> WORM!
93590. Source=Paul Collins Startup list
93591.  
93592. [WinLsass]
93593. Number=13286
93594. Confirmed=X
93595. Filename=[path to trojan]
93596. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082615-2846-99" target="_blank">SCANE</a> WORM!
93597. Source=Paul Collins Startup list
93598.  
93599. [winltmpv]
93600. Number=13287
93601. Confirmed=X
93602. Filename=winln.exe
93603. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
93604. Source=Paul Collins Startup list
93605.  
93606. [winltmpv]
93607. Number=13288
93608. Confirmed=X
93609. Filename=wutop.exe
93610. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtcxmedic.html" target=_blank>TCXMEDI-C</a> TROJAN!
93611. Source=Paul Collins Startup list
93612.  
93613. [Winmain]
93614. Number=13289
93615. Confirmed=X
93616. Filename=winmain.exe
93617. Description=One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. NSClean's <a href="http://www.nsclean.com/htastop.html" target="_blank">HTA Stop</a> offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
93618. Source=Paul Collins Startup list
93619.  
93620. [WinManager]
93621. Number=13290
93622. Confirmed=?
93623. Filename=schost.exe
93624. Description=<font color="#FF0000">??</font>
93625. Source=Paul Collins Startup list
93626.  
93627. [winmatrix.exe]
93628. Number=13291
93629. Confirmed=U
93630. Filename=WinMatrixXP.exe
93631. Description=<a href="http://www.emotionrays.com/winmatrix-xp-3d-screensaver-download.html" target="_blank">WinMatrix XP</a> - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
93632. Source=Paul Collins Startup list
93633.  
93634. [WinMedia]
93635. Number=13292
93636. Confirmed=X
93637. Filename=[path to trojan]
93638. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojzerobea.html" target=_blank>ZEROBE-A</a> TROJAN!
93639. Source=Paul Collins Startup list
93640.  
93641. [WinMedia]
93642. Number=13293
93643. Confirmed=X
93644. Filename=msupd******.exe [*= random digit]
93645. Description=Added by the INJECT.163 TROJAN!
93646. Source=Paul Collins Startup list
93647.  
93648. [WinMem]
93649. Number=13294
93650. Confirmed=U
93651. Filename=WinMem.exe
93652. Description=WinMem Cleaner - part of <a href="http://www.wincleaner.com/pc/uti/utiste/uwc_utility_suite.htm" target=_blank>Ultra WinCleaner Utility Suite</a>. Makes more memory available for your programs and the Operating System. It also defragments your system
93653.  
93654. Source=Paul Collins Startup list
93655.  
93656. [WinMenssage]
93657. Number=13295
93658. Confirmed=X
93659. Filename=winmax.exe
93660. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-073117-3108-99" target="_blank">BANCOS.B</a> TROJAN!
93661. Source=Paul Collins Startup list
93662.  
93663. [WinMessenger]
93664. Number=13296
93665. Confirmed=X
93666. Filename=syshost.exe
93667. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opankie.html" target=_blank>OPANKI-E</a> WORM!
93668. Source=Paul Collins Startup list
93669.  
93670. [WinMgmt]
93671. Number=13297
93672. Confirmed=N
93673. Filename=WinMgmt.exe
93674. Description=Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer <a href="http://groups.google.com/group/microsoft.public.windowsme.general/msg/5af2d1219f43359e?q=PCHealth%2Bpchschd.exe&hl=en&rnum=1" target="_blank">here</a>
93675. Source=Paul Collins Startup list
93676.  
93677. [WINMGR]
93678. Number=13298
93679. Confirmed=X
93680. Filename=taskgmgr.exe
93681. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041111-0021-99" target=_blank>MYTOB.AN</a> WORM!
93682. Source=Paul Collins Startup list
93683.  
93684. [Winmgr.exe]
93685. Number=13299
93686. Confirmed=X
93687. Filename=scvhost.exe
93688. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AFG" target="_blank">AGOBOT.AFG</a> WORM!
93689. Source=Paul Collins Startup list
93690.  
93691. [WinMgr32]
93692. Number=13300
93693. Confirmed=X
93694. Filename=winmgr32.exe
93695. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-010710-3146-99" target="_blank">MIMAIL.P</a> WORM!
93696. Source=Paul Collins Startup list
93697.  
93698. [WinMine]
93699. Number=13301
93700. Confirmed=X
93701. Filename=D4NG3.vbs
93702. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
93703. Source=Paul Collins Startup list
93704.  
93705. [winmodem]
93706. Number=13302
93707. Confirmed=Y
93708. Filename=wmexe.exe
93709. Description=Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
93710. Source=Paul Collins Startup list
93711.  
93712. [WinMoviePlugIn]
93713. Number=13303
93714. Confirmed=X
93715. Filename=WinMoviePlugIn.exe
93716. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051715-4156-99" target=_blank>Sfonditalia</a> adult content premium rate dialer
93717. Source=Paul Collins Startup list
93718.  
93719. [Winmsg]
93720. Number=13304
93721. Confirmed=X
93722. Filename=winwork.exe
93723. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
93724. Source=Paul Collins Startup list
93725.  
93726. [WinMsg]
93727. Number=13305
93728. Confirmed=X
93729. Filename=winmsgr.exe
93730. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadras.html" target="_blank">DLOADR-AS</a> TROJAN!
93731. Source=Paul Collins Startup list
93732.  
93733. [WinMsrv32]
93734. Number=13306
93735. Confirmed=X
93736. Filename=WinMsrv32.exe
93737. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042914-1054-99" target="_blank">GAOBOT.AFJ</a> WORM!
93738. Source=Paul Collins Startup list
93739.  
93740. [WinMX]
93741. Number=13307
93742. Confirmed=N
93743. Filename=WinMX.exe
93744. Description=<a href="http://www.winmx.co.uk/" target=_blank>WinMX</a> file sharing application
93745. Source=Paul Collins Startup list
93746.  
93747. [winmysqladmin]
93748. Number=13308
93749. Confirmed=N
93750. Filename=winmysqladmin.exe
93751. Description=Starts the MySQL database admin tool
93752. Source=Paul Collins Startup list
93753.  
93754. [WinMySQLadmin Tool]
93755. Number=13309
93756. Confirmed=N
93757. Filename=winmysqladmin.exe
93758. Description=Starts the MySQL database admin tool
93759. Source=Paul Collins Startup list
93760.  
93761. [winnet]
93762. Number=13310
93763. Confirmed=X
93764. Filename=winnet.exe
93765. Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
93766. Source=Paul Collins Startup list
93767.  
93768. [WinNetDDE]
93769. Number=13311
93770. Confirmed=X
93771. Filename=[random characters].exe
93772. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011715-5404-99" target=_blank>NETDEPIX.B</a> TROJAN!
93773. Source=Paul Collins Startup list
93774.  
93775. [WinNite]
93776. Number=13312
93777. Confirmed=X
93778. Filename=niteaim.exe
93779. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061516-4529-99" target=_blank>OPANKI.B</a> WORM!
93780. Source=Paul Collins Startup list
93781.  
93782. [Winnov Menu]
93783. Number=13313
93784. Confirmed=?
93785. Filename=WnvMenu.Exe
93786. Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
93787. Source=Paul Collins Startup list
93788.  
93789. [Winnov Remote]
93790. Number=13314
93791. Confirmed=?
93792. Filename=WnvRsvr.Exe
93793. Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
93794. Source=Paul Collins Startup list
93795.  
93796. [Winnov Status]
93797. Number=13315
93798. Confirmed=?
93799. Filename=WvStatus.Exe
93800. Description=<a href="http://www.winnov.com/" target="_blank">Winnov Video Capture Card</a> related.<font color="#FF0000"> What does it do and is it required?</font>
93801. Source=Paul Collins Startup list
93802.  
93803. [winnt]
93804. Number=13316
93805. Confirmed=X
93806. Filename=winnt.exe
93807. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32monae.html" target="_blank">MONA-E</a> WORM!
93808. Source=Paul Collins Startup list
93809.  
93810. [winnt DNS ident]
93811. Number=13317
93812. Confirmed=X
93813. Filename=wuamgrd32.exe
93814. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbau.html" target=_blank>RBOT-BAU</a> WORM!
93815. Source=Paul Collins Startup list
93816.  
93817. [winnt DNS ident]
93818. Number=13318
93819. Confirmed=X
93820. Filename=iexplorer.exe
93821. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
93822. Source=Paul Collins Startup list
93823.  
93824. [winnt DNS ident]
93825. Number=13319
93826. Confirmed=X
93827. Filename=pidchk32.exe
93828. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacy.html" target=_blank>RBOT-ACY</a> WORM!
93829. Source=Paul Collins Startup list
93830.  
93831. [winnt DNS ident]
93832. Number=13320
93833. Confirmed=X
93834. Filename=windowxp.exe
93835. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
93836. Source=Paul Collins Startup list
93837.  
93838. [winnt DNS ident]
93839. Number=13321
93840. Confirmed=X
93841. Filename=Winupd32.exe
93842. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AVU&VSect=P" target=_blank>RBOT.AVU</a> WORM!
93843. Source=Paul Collins Startup list
93844.  
93845. [winnt DNS ident]
93846. Number=13322
93847. Confirmed=X
93848. Filename=winupdate32.exe
93849. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
93850. Source=Paul Collins Startup list
93851.  
93852. [winnt DNS ident]
93853. Number=13323
93854. Confirmed=X
93855. Filename=wuamgrd33.exe
93856. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
93857. Source=Paul Collins Startup list
93858.  
93859. [Winnt DNS ident]
93860. Number=13324
93861. Confirmed=X
93862. Filename=windowsp.exe
93863. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BAL&VSect=P" target=_blank>RBOT.BAL</a> WORM!
93864. Source=Paul Collins Startup list
93865.  
93866. [winNT updatc]
93867. Number=13325
93868. Confirmed=X
93869. Filename=wupgrd.exe
93870. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target= blank>RBOT</a> WORM!
93871. Source=Paul Collins Startup list
93872.  
93873. [WinNtBB]
93874. Number=13326
93875. Confirmed=X
93876. Filename=WinntBB.exe
93877. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
93878. Source=Paul Collins Startup list
93879.  
93880. [Winnup]
93881. Number=13327
93882. Confirmed=X
93883. Filename=win32nls.exe
93884. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
93885. Source=Paul Collins Startup list
93886.  
93887. [winocx32]
93888. Number=13328
93889. Confirmed=X
93890. Filename=winocx32.exe
93891. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39755" target=_blank>PROTORIDE.I</a> WORM!
93892.  
93893. Source=Paul Collins Startup list
93894.  
93895. [WINOWS SYSTEM]
93896. Number=13329
93897. Confirmed=X
93898. Filename=winnt.exe
93899. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.ID&VSect=P" target=_blank>MYTOB.ID</a> WORM!
93900. Source=Paul Collins Startup list
93901.  
93902. [WINP]
93903. Number=13330
93904. Confirmed=X
93905. Filename=winmic.exe
93906. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spyboteb.html" target=_blank>SPYBOT-EB</a> WORM!
93907. Source=Paul Collins Startup list
93908.  
93909. [Winpack]
93910. Number=13331
93911. Confirmed=X
93912. Filename=winpack.exe
93913. Description=Adware downloader - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Win32.Agent.gg
93914. Source=Paul Collins Startup list
93915.  
93916. [WinPatrol]
93917. Number=13332
93918. Confirmed=U
93919. Filename=WinPatrol.exe
93920. Description=<a href="http://www.winpatrol.com/" target="_blank">WinPatrol</a> - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"
93921. Source=Paul Collins Startup list
93922.  
93923. [WinPatrol Explorer]
93924. Number=13333
93925. Confirmed=Y
93926. Filename=WinPatrolEx.exe
93927. Description=Part of <a href="http://www.winpatrol.com/" target="_blank">WinPatrol</a>
93928. Source=Paul Collins Startup list
93929.  
93930. [winphonics7536]
93931. Number=13334
93932. Confirmed=X
93933. Filename=vbsystem35.exe setups.exe vb.vb
93934. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
93935. Source=Paul Collins Startup list
93936.  
93937. [winpipe]
93938. Number=13335
93939. Confirmed=X
93940. Filename=winpipe.exe
93941. Description=Browser hijacker redirecting to wow-access.com
93942. Source=Paul Collins Startup list
93943.  
93944. [WinPLOSION]
93945. Number=13336
93946. Confirmed=U
93947. Filename=WinPlosion.exe
93948. Description="<a href="http://www.winplosion.com/overview.html" target=_blank>WinPLOSION</a> allows you to immediately view and select from all the windows running on your computer, just those of the active application, or to minimise all windows and display a clear desktop"
93949. Source=Paul Collins Startup list
93950.  
93951. [WinPoet]
93952. Number=13337
93953. Confirmed=Y
93954. Filename=WinPPPoverEthernet.exe
93955. Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
93956. Source=Paul Collins Startup list
93957.  
93958. [winpol]
93959. Number=13338
93960. Confirmed=X
93961. Filename=winpol.exe
93962. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.IWD" target="_blank">AGENT.IWD</a> TROJAN!
93963. Source=Paul Collins Startup list
93964.  
93965. [WinPopup]
93966. Number=13339
93967. Confirmed=N
93968. Filename=WINPOPUP.EXE
93969. Description=Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won't set itself up to run unless the user specifically adds it to startup
93970. Source=Paul Collins Startup list
93971.  
93972. [winpopup]
93973. Number=13340
93974. Confirmed=X
93975. Filename=winupie.exe
93976. Description=Adware by Tradeexit.com
93977. Source=Paul Collins Startup list
93978.  
93979. [Winpower]
93980. Number=13341
93981. Confirmed=N
93982. Filename=Winpower.exe
93983. Description=Part of <a href="http://www.macrovision.com/products/flexnet_installshield/installanywhere/index.shtml" target="_blank">InstallAnywhere</a> from Zero G Software, now owned by Macrovision
93984. Source=Paul Collins Startup list
93985.  
93986. [Winprocer32 Update]
93987. Number=13342
93988. Confirmed=X
93989. Filename=winprocer32.exe
93990. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GW&VSect=P" target=_blank>RBOT.GW</a> WORM!
93991. Source=Paul Collins Startup list
93992.  
93993. [winprocessor Update]
93994. Number=13343
93995. Confirmed=X
93996. Filename=winprocessor.exe
93997. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IO&VSect=P" target=_blank>RBOT.IO</a> WORM!
93998. Source=Paul Collins Startup list
93999.  
94000. [WinProfile]
94001. Number=13344
94002. Confirmed=X
94003. Filename=Command.exe
94004. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E" target="_blank">BUDDY</a> TROJAN!
94005. Source=Paul Collins Startup list
94006.  
94007. [WinProfile]
94008. Number=13345
94009. Confirmed=X
94010. Filename=sndcfg16.exe
94011. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39771" target="_blank">SNDC.A</a> WORM!
94012. Source=Paul Collins Startup list
94013.  
94014. [winprofile]
94015. Number=13346
94016. Confirmed=X
94017. Filename=iexpiore.exe
94018. Description=Added by a variant of the MONCHER WORM!
94019. Source=Paul Collins Startup list
94020.  
94021. [WinProfile]
94022. Number=13347
94023. Confirmed=X
94024. Filename=iexpIore.exe
94025. Description=Added by <a href="http://www.sophos.com/virusinfo/analyses/trojchumc.html" target=_blank>CHUM-C</a> TROJAN!
94026. Source=Paul Collins Startup list
94027.  
94028. [WinProt]
94029. Number=13348
94030. Confirmed=X
94031. Filename=Winprot.exe
94032. Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
94033. Source=Paul Collins Startup list
94034.  
94035. [WinProt]
94036. Number=13349
94037. Confirmed=X
94038. Filename=server.exe
94039. Description=Added by the <a href="http://www.hackfix.org/miscfix/cha.shtml" target="_blank">CHUPACABRA</a> TROJAN!
94040. Source=Paul Collins Startup list
94041.  
94042. [winprotect]
94043. Number=13350
94044. Confirmed=X
94045. Filename=win32.exe
94046. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-011315-3830-99" target=_blank>MUGLY.E</a> WORM!
94047. Source=Paul Collins Startup list
94048.  
94049. [winprotect]
94050. Number=13351
94051. Confirmed=X
94052. Filename=winprotect.exe
94053. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsb.html" target= blank>SDBOT-SB</a> WORM!
94054. Source=Paul Collins Startup list
94055.  
94056. [WinProxy]
94057. Number=13352
94058. Confirmed=U
94059. Filename=WinProxy.EXE
94060. Description="<a href="http://www.winproxy.net/" target="_blank">WinProxy</a> is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"
94061. Source=Paul Collins Startup list
94062.  
94063. [Winproxy Personal]
94064. Number=13353
94065. Confirmed=X
94066. Filename=WINPROXY.EXE
94067. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMF&VSect=P" target=_blank>SDBOT.BMF</a> WORM!
94068. Source=Paul Collins Startup list
94069.  
94070. [winpsd]
94071. Number=13354
94072. Confirmed=X
94073. Filename=winpsd.exe
94074. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081616-2035-99" target="_blank">MYDOOM.Q</a> WORM!
94075. Source=Paul Collins Startup list
94076.  
94077. [WinPWD Manager]
94078. Number=13355
94079. Confirmed=X
94080. Filename=wpwdmgr.exe
94081. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaut.html" target=_blank>RBOT-AUT</a> WORM!
94082. Source=Paul Collins Startup list
94083.  
94084. [winrapid]
94085. Number=13356
94086. Confirmed=X
94087. Filename=winrapid.exe
94088. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
94089. Source=Paul Collins Startup list
94090.  
94091. [winrar]
94092. Number=13357
94093. Confirmed=X
94094. Filename=winrar.exe
94095. Description=CoolWebSearch <a href="http://cwshredder.net/cwshredder/cwschronicles.html#therealsearch" target=_blank>Therealsearch</a> parasite variant. Note - this is not the file zipping utility also known as <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>!
94096. Source=Paul Collins Startup list
94097.  
94098. [winrarshell]
94099. Number=13358
94100. Confirmed=X
94101. Filename=winrarshell32.exe
94102. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-101314-1402-99" target="_blank">SALIRA</a> TROJAN!
94103. Source=Paul Collins Startup list
94104.  
94105. [WinReader]
94106. Number=13359
94107. Confirmed=X
94108. Filename=read.exe
94109. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotv.html" target="_blank">DELBOT-V</a> WORM!
94110. Source=Paul Collins Startup list
94111.  
94112. [winReg]
94113. Number=13360
94114. Confirmed=X
94115. Filename=winReg.exe
94116. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121621-5429-99" target="_blank">YAHA.H</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-121310-2719-99" target="_blank">YAHA.J</a> WORMS!
94117. Source=Paul Collins Startup list
94118.  
94119. [WinReg32 service]
94120. Number=13361
94121. Confirmed=X
94122. Filename=holqdnoxpmeu.exe
94123. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
94124. Source=Paul Collins Startup list
94125.  
94126. [winregsrv]
94127. Number=13362
94128. Confirmed=X
94129. Filename=winregsrv.exe
94130. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-102115-0015-99" target="_blank">SYNRG</a> TROJAN!
94131. Source=Paul Collins Startup list
94132.  
94133. [winreg_32]
94134. Number=13363
94135. Confirmed=X
94136. Filename=svchosst.exe
94137. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosce.html" target=_blank>BANCOS-CE</a> TROJAN!
94138. Source=Paul Collins Startup list
94139.  
94140. [winreg_32]
94141. Number=13364
94142. Confirmed=X
94143. Filename=[path to trojan]
94144. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdb.html" target=_blank>BANKER-DB</a> TROJAN!
94145. Source=Paul Collins Startup list
94146.  
94147. [winreg_32]
94148. Number=13365
94149. Confirmed=X
94150. Filename=sysdll.exe
94151. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderij.html" target=_blank>DLOADER-IJ</a> TROJAN!
94152. Source=Paul Collins Startup list
94153.  
94154. [winreg_32]
94155. Number=13366
94156. Confirmed=X
94157. Filename=Vc030405.exe
94158. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosct.html" target=_blank>BANCOS-CT</a> TROJAN!
94159. Source=Paul Collins Startup list
94160.  
94161. [WINREMOTE]
94162. Number=13367
94163. Confirmed=U
94164. Filename=WinRemote.exe
94165. Description=InterVideo WinCinema Manager - needed for the use of <a href="http://www.intervideo.com/jsp/WinDVDRemote_Profile.jsp" target=_blank>WinDVD Remote Control</a>
94166. Source=Paul Collins Startup list
94167.  
94168. [Winres32vis]
94169. Number=13368
94170. Confirmed=X
94171. Filename=[path to worm]
94172. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A" target="_blank">THRAX.A</a> WORM!
94173. Source=Paul Collins Startup list
94174.  
94175. [winrestore1]
94176. Number=13369
94177. Confirmed=X
94178. Filename=winrestore.exe
94179. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilq.html" target=_blank>KILLFIL-Q</a> TROJAN!
94180. Source=Paul Collins Startup list
94181.  
94182. [winreups]
94183. Number=13370
94184. Confirmed=X
94185. Filename=winreups.exe
94186. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
94187. Source=Paul Collins Startup list
94188.  
94189. [winroute]
94190. Number=13371
94191. Confirmed=N
94192. Filename=winroute.exe
94193. Description=Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
94194. Source=Paul Collins Startup list
94195.  
94196. [WinRPC]
94197. Number=13372
94198. Confirmed=X
94199. Filename=winrpcmx.exe
94200. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankereei.html" target="_blank">BANKER-EEI</a> TROJAN!
94201. Source=Paul Collins Startup list
94202.  
94203. [winrun]
94204. Number=13373
94205. Confirmed=X
94206. Filename=msconfig.exe
94207. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020316-5130-99" target="_blank">WINUR</a> WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
94208. Source=Paul Collins Startup list
94209.  
94210. [winrun]
94211. Number=13374
94212. Confirmed=X
94213. Filename=winrun.exe
94214. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINBUR.B</a> WORM!
94215. Source=Paul Collins Startup list
94216.  
94217. [WINRUN]
94218. Number=13375
94219. Confirmed=X
94220. Filename=taskgmr32.exe
94221. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041110-2451-99" target=_blank>MYTOB.AP</a> WORM!
94222. Source=Paul Collins Startup list
94223.  
94224. [WINRUN]
94225. Number=13376
94226. Confirmed=X
94227. Filename=svchost32.exe
94228. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobai.html" target= blank>MYTOB-AI</a> WORM!
94229. Source=Paul Collins Startup list
94230.  
94231. [WINRUN]
94232. Number=13377
94233. Confirmed=X
94234. Filename=taskgmr.exe
94235. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbx.html" target=_blank>MYTOB-BX</a> WORM!
94236. Source=Paul Collins Startup list
94237.  
94238. [WINRUN z]
94239. Number=13378
94240. Confirmed=X
94241. Filename=W1NT45K.exe
94242. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042416-0006-99" target= blank>MYTOB.BL</a> WORM!
94243. Source=Paul Collins Startup list
94244.  
94245. [WinRunners]
94246. Number=13379
94247. Confirmed=X
94248. Filename=WinDrivers.exe
94249. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C" target="_blank">DULOAD.C</a> WORM!
94250. Source=Paul Collins Startup list
94251.  
94252. [Wins Service Driver]
94253. Number=13380
94254. Confirmed=X
94255. Filename=winet.exe
94256. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotapv.html" target=_blank>RBOT-APV</a> WORM!
94257. Source=Paul Collins Startup list
94258.  
94259. [Wins Update 32]
94260. Number=13381
94261. Confirmed=X
94262. Filename=services32.exe
94263. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfn.html" target=_blank>FORBOT-FN</a> WORM!
94264. Source=Paul Collins Startup list
94265.  
94266. [Wins32 Online]
94267. Number=13382
94268. Confirmed=X
94269. Filename=cfgpwnz.exe
94270. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022210-2736-99" target=_blank>BROPIA.R</a> WORM!
94271. Source=Paul Collins Startup list
94272.  
94273. [WinScMngr]
94274. Number=13383
94275. Confirmed=X
94276. Filename=winsmc.exe
94277. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbpz.html" target=_blank>SDBOT-BPZ</a> WORM!
94278. Source=Paul Collins Startup list
94279.  
94280. [WinSec]
94281. Number=13384
94282. Confirmed=X
94283. Filename=winsec16.exe
94284. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF" target=_blank>AGOBOT.ZF</a> WORM!
94285. Source=Paul Collins Startup list
94286.  
94287. [winsecure]
94288. Number=13385
94289. Confirmed=X
94290. Filename=winsecure.exe
94291. Description=Browser hijacker, redirecting to specificsearches.com
94292. Source=Paul Collins Startup list
94293.  
94294. [WinSecure]
94295. Number=13386
94296. Confirmed=X
94297. Filename=[random].exe
94298. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentlr.html" target=_blank>AGENT-LR</a> TROJAN!
94299. Source=Paul Collins Startup list
94300.  
94301. [Winsecure Antivirus]
94302. Number=13387
94303. Confirmed=X
94304. Filename=Secureantivirus.exe
94305. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
94306. Source=Paul Collins Startup list
94307.  
94308. [WinSecured32]
94309. Number=13388
94310. Confirmed=X
94311. Filename=ssmr.exe
94312. Description=Added by a variant of the <a href="http://sophos.com.au/virusinfo/analyses/w32forbotgen.html" target=_blank>FORBOT</a> WORM!
94313. Source=Paul Collins Startup list
94314.  
94315. [Winserv]
94316. Number=13389
94317. Confirmed=X
94318. Filename=Winserv.ila
94319. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012111-0417-99" target=_blank>NODMIN</a> WORM!
94320. Source=Paul Collins Startup list
94321.  
94322. [winserver]
94323. Number=13390
94324. Confirmed=X
94325. Filename=Server.txt.vbs
94326. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A" target="_blank">DELTAD.A</a> WORM!
94327. Source=Paul Collins Startup list
94328.  
94329. [Winservice]
94330. Number=13391
94331. Confirmed=X
94332. Filename=winmain.exe
94333. Description=Adult content related malware
94334.  
94335. Source=Paul Collins Startup list
94336.  
94337. [winservice]
94338. Number=13392
94339. Confirmed=X
94340. Filename=svchost.exe
94341. Description=Added by the <a href="http://vil.nai.com/vil/content/v_136736.htm" target=_blank>CVK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
94342. Source=Paul Collins Startup list
94343.  
94344. [WinService]
94345. Number=13393
94346. Confirmed=X
94347. Filename=hosth.exe
94348. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrfux.html" target="_blank">DWNLDR-FUX</a> TROJAN!
94349. Source=Paul Collins Startup list
94350.  
94351. [WinService]
94352. Number=13394
94353. Confirmed=X
94354. Filename=Ttt.exe
94355. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32msnvbd.html" target="_blank">MSNVB-D</a> WORM!
94356. Source=Paul Collins Startup list
94357.  
94358. [WinService32]
94359. Number=13395
94360. Confirmed=U
94361. Filename=ssmgr.exe
94362. Description=<a href="http://www.e-spy-software.com/" target="_blank">007 Spy Software</a> - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"
94363. Source=Paul Collins Startup list
94364.  
94365. [WinService32]
94366. Number=13396
94367. Confirmed=U
94368. Filename=svchost.exe
94369. Description=<a href="http://www.scanspyware.net/info/007SpySoftware.htm" target=blank>007 Spy Software</a> keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=blank>svchost.exe</a> process that normally doesn't appear in Msconfig/Startup!
94370.  
94371. Source=Paul Collins Startup list
94372.  
94373. [WinServices]
94374. Number=13397
94375. Confirmed=X
94376. Filename=WinServices.exe
94377. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-122414-3433-99" target="_blank">YAHA.K</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-010612-2750-99" target="_blank">YAHA.M</a> WORMS!
94378. Source=Paul Collins Startup list
94379.  
94380. [winservices]
94381. Number=13398
94382. Confirmed=X
94383. Filename=bootvfy.exe
94384. Description=Added by an unidentified WORM or TROJAN!
94385. Source=Paul Collins Startup list
94386.  
94387. [winservit]
94388. Number=13399
94389. Confirmed=X
94390. Filename=cassl.exe
94391. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ASG&VSect=P" target=_blank>RBOT.ASG</a> WORM!
94392. Source=Paul Collins Startup list
94393.  
94394. [winservn]
94395. Number=13400
94396. Confirmed=X
94397. Filename=winservn.exe
94398. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
94399. Source=Paul Collins Startup list
94400.  
94401. [winservs]
94402. Number=13401
94403. Confirmed=X
94404. Filename=winservs.exe
94405. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
94406. Source=Paul Collins Startup list
94407.  
94408. [WinSetBrowse]
94409. Number=13402
94410. Confirmed=X
94411. Filename=BasicUpdate.dll.vbs
94412. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092517-0351-99" target="_blank">BISCUIT.A</a> WORM!
94413. Source=Paul Collins Startup list
94414.  
94415. [winsfc]
94416. Number=13403
94417. Confirmed=X
94418. Filename=winsfc.exe
94419. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-122114-1051-99" target=_blank>WISFC</a> VIRUS!
94420. Source=Paul Collins Startup list
94421.  
94422. [Winshell]
94423. Number=13404
94424. Confirmed=X
94425. Filename=remote.exe
94426. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LJ&VSect=P" target=_blank>MYTOB.LJ</a> WORM!
94427. Source=Paul Collins Startup list
94428.  
94429. [Winshoe]
94430. Number=13405
94431. Confirmed=?
94432. Filename=wuadfdqr.exe
94433. Description=<font color="#FF0000">Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed</font>
94434. Source=Paul Collins Startup list
94435.  
94436. [winshost.exe]
94437. Number=13406
94438. Confirmed=X
94439. Filename=winshost.exe
94440. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022810-2546-99" target=_blank>TOOSO</a> WORM and variants!
94441. Source=Paul Collins Startup list
94442.  
94443. [WinShowUpdate]
94444. Number=13407
94445. Confirmed=X
94446. Filename=copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll
94447. Description=<a href="http://allentech.net/parasite/Winshow.html" target="_blank">Winshow</a> parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version
94448.  
94449. Source=Paul Collins Startup list
94450.  
94451. [WinSig]
94452. Number=13408
94453. Confirmed=X
94454. Filename=NetXP.exe
94455. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerfn.html" target=_blank>BANKER-FN</a> TROJAN!
94456. Source=Paul Collins Startup list
94457.  
94458. [winskype]
94459. Number=13409
94460. Confirmed=X
94461. Filename=winskype.exe
94462. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbroggerc.html" target=_blank>BROGGER-C</a> TROJAN!
94463. Source=Paul Collins Startup list
94464.  
94465. [winsock]
94466. Number=13410
94467. Confirmed=X
94468. Filename=svch0st.exe
94469. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sagea.html" target=_blank>SAGE-A</a> WORM! Note - the filename has the digit 0 rather then the uppercase "o"
94470. Source=Paul Collins Startup list
94471.  
94472. [Winsock driver]
94473. Number=13411
94474. Confirmed=X
94475. Filename=winnt update.exe
94476. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojspybotdm.html" target= blank>SPYBOT-DM</a> TROJAN!
94477. Source=Paul Collins Startup list
94478.  
94479. [Winsock driver]
94480. Number=13412
94481. Confirmed=X
94482. Filename=winnt64.exe
94483. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdr.html" target=_blank>SPYBOT-DR</a> WORM!
94484. Source=Paul Collins Startup list
94485.  
94486. [Winsock Startup]
94487. Number=13413
94488. Confirmed=X
94489. Filename=Main2.exe
94490. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
94491. Source=Paul Collins Startup list
94492.  
94493. [winsock2]
94494. Number=13414
94495. Confirmed=X
94496. Filename=netsvr.exe
94497. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LY&VSect=T" target=_blank>AGOBOT.LY</a> WORM!
94498. Source=Paul Collins Startup list
94499.  
94500. [Winsock2 driver]
94501. Number=13415
94502. Confirmed=X
94503. Filename=SDJOIJE.EXE
94504. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072312-4244-99" target="_blank">SPYBOT.DR</a> TROJAN!
94505. Source=Paul Collins Startup list
94506.  
94507. [Winsock2 driver]
94508. Number=13416
94509. Confirmed=X
94510. Filename=MIRC32.exe
94511. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032311-1036-99" target="_blank">SPYBUZZ</a> TROJAN!
94512. Source=Paul Collins Startup list
94513.  
94514. [Winsock2 driver]
94515. Number=13417
94516. Confirmed=X
94517. Filename=kgzgjkpcw.exe
94518. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041617-1223-99" target="_blank">SDBOT.T</a> TROJAN!
94519. Source=Paul Collins Startup list
94520.  
94521. [Winsock2 driver]
94522. Number=13418
94523. Confirmed=X
94524. Filename=ZONEALARM.EXE
94525. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-041617-1223-99" target="_blank">SDBOT.T</a> TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program
94526. Source=Paul Collins Startup list
94527.  
94528. [Winsock2 driver]
94529. Number=13419
94530. Confirmed=X
94531. Filename=WINCFG.SCR
94532. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
94533. Source=Paul Collins Startup list
94534.  
94535. [Winsock2 driver]
94536. Number=13420
94537. Confirmed=X
94538. Filename=winupdate.exe
94539. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotbx.html" target="_blank">SPYBOT-BX</a> WORM!
94540. Source=Paul Collins Startup list
94541.  
94542. [Winsock2 driver]
94543. Number=13421
94544. Confirmed=X
94545. Filename=SPOLSV.EXE
94546. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcm.html" target=_blank>SPYBOT-CM</a> WORM!
94547.  
94548. Source=Paul Collins Startup list
94549.  
94550. [Winsock2 driver]
94551. Number=13422
94552. Confirmed=X
94553. Filename=Zonealarmupdate.exe
94554. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
94555. Source=Paul Collins Startup list
94556.  
94557. [Winsock2 driver]
94558. Number=13423
94559. Confirmed=X
94560. Filename=sysreq.exe
94561. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotcc.html" target=_blank>SPYBOT-CC</a> WORM!
94562. Source=Paul Collins Startup list
94563.  
94564. [Winsock2 driver]
94565. Number=13424
94566. Confirmed=X
94567. Filename=AMSNMGR.EXE
94568. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
94569. Source=Paul Collins Startup list
94570.  
94571. [Winsock2 driver]
94572. Number=13425
94573. Confirmed=X
94574. Filename=WUAUMQR.EXE
94575. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdp.html" target=_blank>SPYBOT-DP</a> WORM!
94576. Source=Paul Collins Startup list
94577.  
94578. [Winsock2 driver]
94579. Number=13426
94580. Confirmed=X
94581. Filename=wincfg.exe
94582. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CO&VSect=P" target=_blank>SPYBOT.CO</a> WORM!
94583. Source=Paul Collins Startup list
94584.  
94585. [Winsock2 driver]
94586. Number=13427
94587. Confirmed=X
94588. Filename=ntsys32.exe
94589. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdd.html" target=_blank>SPYBOT-DD</a> WORM!
94590. Source=Paul Collins Startup list
94591.  
94592. [Winsock2 driver]
94593. Number=13428
94594. Confirmed=X
94595. Filename=svchorsst.exe
94596. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotee.html" target=_blank>SPYBOT-EE</a> WORM!
94597. Source=Paul Collins Startup list
94598.  
94599. [Winsock2 driver]
94600. Number=13429
94601. Confirmed=X
94602. Filename=SYSTEM32.EXE
94603. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spyboteg.html" target=_blank>SPYBOT-EG</a> WORM!
94604. Source=Paul Collins Startup list
94605.  
94606. [Winsock2 driver]
94607. Number=13430
94608. Confirmed=X
94609. Filename=dllcfg32.exe
94610. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AG" target="_blank">SPYBOT.AG</a> WORM!
94611. Source=Paul Collins Startup list
94612.  
94613. [Winsock2.dll]
94614. Number=13431
94615. Confirmed=X
94616. Filename=WINLODR.SCR
94617. Description=Added by an unidentified VIRUS, WORM or TROJAN!
94618. Source=Paul Collins Startup list
94619.  
94620. [Winsock32 driver]
94621. Number=13432
94622. Confirmed=X
94623. Filename=Testing.exe
94624. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
94625. Source=Paul Collins Startup list
94626.  
94627. [Winsock32 driver]
94628. Number=13433
94629. Confirmed=X
94630. Filename=lcd.exe
94631. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
94632. Source=Paul Collins Startup list
94633.  
94634. [Winsock32 driver]
94635. Number=13434
94636. Confirmed=X
94637. Filename=Sdjoije.exe
94638. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotb.html" target="_blank">SPYBOT.B</a> WORM!
94639. Source=Paul Collins Startup list
94640.  
94641. [Winsock32driver]
94642. Number=13435
94643. Confirmed=X
94644. Filename=win32server.scr
94645. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100313-2617-99" target="_blank">HACARMY</a> TROJAN!
94646. Source=Paul Collins Startup list
94647.  
94648. [Winsock32driver]
94649. Number=13436
94650. Confirmed=X
94651. Filename=sp2XPupdate.exe
94652. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKARMY.S" target="_blank">HACKARMY.S</a> TROJAN!
94653. Source=Paul Collins Startup list
94654.  
94655. [Winsock32driver]
94656. Number=13437
94657. Confirmed=X
94658. Filename=win32server.exe
94659. Description=Added by the <a href="http://vil.nai.com/vil/content/v_100723.htm" target="_blank">BACKDOOR-AZV</a> TROJAN!
94660. Source=Paul Collins Startup list
94661.  
94662. [Winsock32driver]
94663. Number=13438
94664. Confirmed=X
94665. Filename=ZoneAlarmPr0.exe
94666. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhackarmyb.html" target="_blank">HACKARMY-B</a> TROJAN!
94667. Source=Paul Collins Startup list
94668.  
94669. [Winsock32driver]
94670. Number=13439
94671. Confirmed=X
94672. Filename=ZoneLockup.exe
94673. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062614-5809-99" target="_blank">HACARMY.D</a> TROJAN!
94674. Source=Paul Collins Startup list
94675.  
94676. [Winsock32driver]
94677. Number=13440
94678. Confirmed=X
94679. Filename=win32server.exe
94680. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110511-0258-99" target=_blank>HACARMY.F</a> TROJAN!
94681. Source=Paul Collins Startup list
94682.  
94683. [Winsock32driver]
94684. Number=13441
94685. Confirmed=X
94686. Filename=winXPupdate.exe
94687. Description=Added by the <a href="http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=1574" target=_blank>HACKARMY.9728</a> TROJAN!
94688. Source=Paul Collins Startup list
94689.  
94690. [Winsock32driver]
94691. Number=13442
94692. Confirmed=X
94693. Filename=svchhost.exe
94694. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKARMY.I" target=_blank>HACKARMY.I</a> TROJAN!
94695. Source=Paul Collins Startup list
94696.  
94697. [winsockdriver]
94698. Number=13443
94699. Confirmed=X
94700. Filename=tskmg.exe
94701. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target="_blank">SDBOT.GEN</a> TROJAN or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121914-5618-99" target="_blank">WARPIGS.C</a> WORM!
94702. Source=Paul Collins Startup list
94703.  
94704. [winsockdriver]
94705. Number=13444
94706. Confirmed=X
94707. Filename=winsock2.2.exe
94708. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
94709. Source=Paul Collins Startup list
94710.  
94711. [winsockdriver]
94712. Number=13445
94713. Confirmed=X
94714. Filename=iexplor.exe
94715. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012116-2805-99" target=_blank>BLATIC.A</a> WORM!
94716. Source=Paul Collins Startup list
94717.  
94718. [winsockdriver]
94719. Number=13446
94720. Confirmed=X
94721. Filename=winsock3.exe
94722. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotdo.html" target=_blank>SPYBOT-DO</a> WORM!
94723. Source=Paul Collins Startup list
94724.  
94725. [winsockdriver]
94726. Number=13447
94727. Confirmed=X
94728. Filename=bot.exe
94729. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32warpigsd.html" target=_blank>WARPIGS-D</a> TROJAN!
94730. Source=Paul Collins Startup list
94731.  
94732. [WinSocketComponent]
94733. Number=13448
94734. Confirmed=X
94735. Filename=nthost.exe
94736. Description=Added by an unidentified VIRUS, WORM or TROJAN!
94737. Source=Paul Collins Startup list
94738.  
94739. [Winsocks2 driver]
94740. Number=13449
94741. Confirmed=X
94742. Filename=mznmgr.exe
94743. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
94744. Source=Paul Collins Startup list
94745.  
94746. [WINSOS VERIFY]
94747. Number=13450
94748. Confirmed=U
94749. Filename=WINSOS.EXE
94750. Description=<a href="http://www.winsos.com/us/index.html" target=_blank>WinSOS</a> - "deletes spyware, optimizes your computer - backs up selected data"
94751. Source=Paul Collins Startup list
94752.  
94753. [WinSP]
94754. Number=13451
94755. Confirmed=X
94756. Filename=[path] REGEDIT.EXE -s [path] sysreg.reg
94757. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpame.html" target=_blank>STARTPA-ME</a> TROJAN!
94758. Source=Paul Collins Startup list
94759.  
94760. [winspd32dll]
94761. Number=13452
94762. Confirmed=X
94763. Filename=winspd32.exe
94764. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
94765. Source=Paul Collins Startup list
94766.  
94767. [WinSPF]
94768. Number=13453
94769. Confirmed=X
94770. Filename=windrv32.exe
94771. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090914-1649-99" target="_blank">MYDOOM.T</a> WORM!
94772. Source=Paul Collins Startup list
94773.  
94774. [WinSPF]
94775. Number=13454
94776. Confirmed=X
94777. Filename=winspf32.exe
94778. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-090912-1602-99" target="_blank">MYDOOM.S</a> WORM!
94779. Source=Paul Collins Startup list
94780.  
94781. [Winspl]
94782. Number=13455
94783. Confirmed=X
94784. Filename=winsplx.exe
94785. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojtrolla.html" target=_blank>TROLL-A</a> TROJAN!
94786. Source=Paul Collins Startup list
94787.  
94788. [Winspool]
94789. Number=13456
94790. Confirmed=X
94791. Filename=spoolsvr.exe
94792. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
94793. Source=Paul Collins Startup list
94794.  
94795. [WinSrv]
94796. Number=13457
94797. Confirmed=X
94798. Filename=kn0x.exe
94799. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F" target="_blank">HOBBIT.F</a> WORM!
94800. Source=Paul Collins Startup list
94801.  
94802. [WinSrv]
94803. Number=13458
94804. Confirmed=X
94805. Filename=SHIZZLE.EXE
94806. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.C" target="_blank">HOBBIT.C</a> WORM!
94807. Source=Paul Collins Startup list
94808.  
94809. [Winsrv]
94810. Number=13459
94811. Confirmed=X
94812. Filename=winsrv.exe
94813. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
94814. Source=Paul Collins Startup list
94815.  
94816. [winsrv]
94817. Number=13460
94818. Confirmed=X
94819. Filename=winsrv.exe
94820. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnetsnakb.html" target=_blank>NETSNAK-B</a> TROJAN!
94821. Source=Paul Collins Startup list
94822.  
94823. [winsrv3]
94824. Number=13461
94825. Confirmed=X
94826. Filename=services.exe
94827. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
94828. Source=Paul Collins Startup list
94829.  
94830. [WinsSystem]
94831. Number=13462
94832. Confirmed=X
94833. Filename=syssmss.exe
94834. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DELF.IG&VSect=T" target=_blank>DELF.IG</a> TROJAN!
94835. Source=Paul Collins Startup list
94836.  
94837. [WinStabilizer]
94838. Number=13463
94839. Confirmed=X
94840. Filename=WinStabilizer.exe
94841. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotsw.html" target=_blank>AGOBOT-SW</a> WORM!
94842. Source=Paul Collins Startup list
94843.  
94844. [WinStart]
94845. Number=13464
94846. Confirmed=X
94847. Filename=WinStart.exe
94848. Description=From<font color="#FF0000"> <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
94849. Source=Paul Collins Startup list
94850.  
94851. [WinStart]
94852. Number=13465
94853. Confirmed=X
94854. Filename=Wscript.exe WinStart.vbs
94855. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021219-2242-99" target="_blank">CIAN.C</a> WORM!
94856. Source=Paul Collins Startup list
94857.  
94858. [WinStart]
94859. Number=13466
94860. Confirmed=X
94861. Filename=winstart32.exe
94862. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041115-4727-99" target="_blank">PUROL</a> WORM!
94863. Source=Paul Collins Startup list
94864.  
94865. [WinStart]
94866. Number=13467
94867. Confirmed=X
94868. Filename=WinStart.pif
94869. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031218-2446-99" target="_blank">CONE.E</a> WORM!
94870. Source=Paul Collins Startup list
94871.  
94872. [winstart]
94873. Number=13468
94874. Confirmed=X
94875. Filename=winstart.exe
94876. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsckeyloab.html" target=_blank>SCKEYLO-AB</a> TROJAN!
94877. Source=Paul Collins Startup list
94878.  
94879. [WinStart001]
94880. Number=13469
94881. Confirmed=X
94882. Filename=WinStart001.exe
94883. Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
94884. Source=Paul Collins Startup list
94885.  
94886. [WinStart001.EXE]
94887. Number=13470
94888. Confirmed=X
94889. Filename=WinStart001.exe
94890. Description=From <a href="http://www.igetnet.com/iGetNet_Home.asp" target="_blank">IGetNet</a></font> - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
94891. Source=Paul Collins Startup list
94892.  
94893. [winstats]
94894. Number=13471
94895. Confirmed=X
94896. Filename=winstats.exe
94897. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target=_blank>GARGAFX</a> TROJAN!
94898. Source=Paul Collins Startup list
94899.  
94900. [Winsta~1]
94901. Number=13472
94902. Confirmed=X
94903. Filename=winsta~1.exe
94904. Description=<a href="http://accs-net.com/smallfish/gohip.htm" target="_blank">GoHip</a> foistware
94905. Source=Paul Collins Startup list
94906.  
94907. [WinSth16]
94908. Number=13473
94909. Confirmed=X
94910. Filename=WinSth16.exe
94911. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-091116-4057-99" target="_blank">CAKE</a> WORM!
94912. Source=Paul Collins Startup list
94913.  
94914. [winstro]
94915. Number=13474
94916. Confirmed=X
94917. Filename=RUN32DLL.exe
94918. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-092316-4937-99" target="_blank">FTP_ANA</a> TROJAN!
94919. Source=Paul Collins Startup list
94920.  
94921. [winsupdatesysmngr64]
94922. Number=13475
94923. Confirmed=X
94924. Filename=winsys64mnger.exe
94925. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbag.html" target=_blank>RBOT-BAG</a> WORM!
94926. Source=Paul Collins Startup list
94927.  
94928. [WinSvc16.exe]
94929. Number=13476
94930. Confirmed=X
94931. Filename=WinSvc16.exe
94932. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088397" target="_blank">SDBOT.FQ</a> TROJAN!
94933. Source=Paul Collins Startup list
94934.  
94935. [Winsvc32]
94936. Number=13477
94937. Confirmed=X
94938. Filename=Winsvc32.exe
94939. Description=Homepage hijacker
94940. Source=Paul Collins Startup list
94941.  
94942. [winsvc32.exe]
94943. Number=13478
94944. Confirmed=X
94945. Filename=winsvc32.exe
94946. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-022517-0503-99" target= blank>GREPAGE</a> TROJAN!
94947. Source=Paul Collins Startup list
94948.  
94949. [Winsvr]
94950. Number=13479
94951. Confirmed=X
94952. Filename=msupd******.exe [*= random digit]
94953. Description=Added by the INJECT.163 TROJAN!
94954. Source=Paul Collins Startup list
94955.  
94956. [Winsvr manager]
94957. Number=13480
94958. Confirmed=X
94959. Filename=DDEsvr.exe
94960. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32tirbotc.html" target=_blank>TIRBOT-C</a> WORM!
94961. Source=Paul Collins Startup list
94962.  
94963. [winsy32.exe]
94964. Number=13481
94965. Confirmed=X
94966. Filename=winsy32.exe
94967. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
94968. Source=Paul Collins Startup list
94969.  
94970. [winsync]
94971. Number=13482
94972. Confirmed=X
94973. Filename=******.exe reg_run [* = random char]
94974. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43264" target=_blank>QOOLOGIC</a> TROJAN!
94975. Source=Paul Collins Startup list
94976.  
94977. [Winsys]
94978. Number=13483
94979. Confirmed=U
94980. Filename=Winsys.exe
94981. Description=<a href="http://www.win-spy.com/" target=_blank>Win-Spy</a> keyboard logger/monitoring software - remove unless you installed it yourself
94982. Source=Paul Collins Startup list
94983.  
94984. [WINSYS]
94985. Number=13484
94986. Confirmed=X
94987. Filename=[path to trojan]
94988. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-040119-3916-99" target="_blank">GOLDPLAY</a> TROJAN!
94989. Source=Paul Collins Startup list
94990.  
94991. [winsys]
94992. Number=13485
94993. Confirmed=X
94994. Filename=syschost.exe
94995. Description=Added by an unidentified TROJAN!
94996. Source=Paul Collins Startup list
94997.  
94998. [WinSys32]
94999. Number=13486
95000. Confirmed=X
95001. Filename=Winsys32.exe
95002. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-110418-0639-99" target="_blank">CIGIVIP</a> TROJAN or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102415-3837-99" target="_blank"> RECKUS</a> WORM!
95003. Source=Paul Collins Startup list
95004.  
95005. [winsys32 Driver]
95006. Number=13487
95007. Confirmed=X
95008. Filename=winsys32.exe
95009. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojloonyo.html" target="_blank">LOONY-O</a> TROJAN!
95010. Source=Paul Collins Startup list
95011.  
95012. [WinSysAppMon]
95013. Number=13488
95014. Confirmed=U
95015. Filename=WinSysRM.exe
95016. Description=Home & Family Content Filter related. See <a href="http://s.planetgood.net/Users/TechSupportFAQ.htm#_Toc9925457" target="_blank">here</a>
95017. Source=Paul Collins Startup list
95018.  
95019. [winsysban]
95020. Number=13489
95021. Confirmed=X
95022. Filename=[path to trojan]
95023. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclickercd.html" target="_blank">CLICKER-CD</a> TROJAN!
95024. Source=Paul Collins Startup list
95025.  
95026. [winsyslog lptt01]
95027. Number=13490
95028. Confirmed=X
95029. Filename=winsyslog.exe
95030. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winsyslog" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
95031. Source=Paul Collins Startup list
95032.  
95033. [WinSysModule]
95034. Number=13491
95035. Confirmed=X
95036. Filename=[path to trojan]
95037. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdiq.html" target="_blank">AGENT-DIQ</a> TROJAN!
95038. Source=Paul Collins Startup list
95039.  
95040. [WinSysStartUpWKbLw]
95041. Number=13492
95042. Confirmed=X
95043. Filename=TaskSystemDll.Exe
95044. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-012115-1018-99" target="_blank">BACKZAT.G</a> WORM!
95045. Source=Paul Collins Startup list
95046.  
95047. [WinSyst32]
95048. Number=13493
95049. Confirmed=X
95050. Filename=winsyst32.exe
95051. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-041112-5839-99" target="_blank">MORB</a> WORM!
95052. Source=Paul Collins Startup list
95053.  
95054. [WinSystem]
95055. Number=13494
95056. Confirmed=X
95057. Filename=winsystem.exe
95058. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012914-1918-99" target="_blank"> WHITEBAIT</a> WORM!
95059. Source=Paul Collins Startup list
95060.  
95061. [WinSystem]
95062. Number=13495
95063. Confirmed=U
95064. Filename=WinSystems.exe
95065. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042016-1403-99" target=blank>CMKeyLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
95066. Source=Paul Collins Startup list
95067.  
95068. [WinSystems]
95069. Number=13496
95070. Confirmed=X
95071. Filename=winsystems16.exe
95072. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotczt.html" target="_blank">SDBOT-CZT</a> WORM!
95073.  
95074. Source=Paul Collins Startup list
95075.  
95076. [winsystems25]
95077. Number=13497
95078. Confirmed=X
95079. Filename=winsystems.exe
95080. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcnz.html" target="_blank">RBOT-CNZ</a> WORM!
95081. Source=Paul Collins Startup list
95082.  
95083. [winsysupd]
95084. Number=13498
95085. Confirmed=X
95086. Filename=[path to trojan]
95087. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpani.html" target="_blank">STARTPA-NI</a> TROJAN!
95088. Source=Paul Collins Startup list
95089.  
95090. [WINT]
95091. Number=13499
95092. Confirmed=X
95093. Filename=wcp****.exe [* = random char]
95094. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
95095. Source=Paul Collins Startup list
95096.  
95097. [WINT]
95098. Number=13500
95099. Confirmed=X
95100. Filename=wcpcc.exe
95101. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
95102. Source=Paul Collins Startup list
95103.  
95104. [WINT]
95105. Number=13501
95106. Confirmed=X
95107. Filename=wcpsvit.exe
95108. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
95109. Source=Paul Collins Startup list
95110.  
95111. [WinTask]
95112. Number=13502
95113. Confirmed=X
95114. Filename=Wintask.exe
95115. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-021215-1912-99" target="_blank">HIPO</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092617-2406-99" target="_blank">LEMIR.F</a> TROJANS!
95116. Source=Paul Collins Startup list
95117.  
95118. [WINTASK]
95119. Number=13503
95120. Confirmed=X
95121. Filename=taskgmr.exe
95122. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-031611-0208-99" target=_blank>MYTOB.I</a> WORM and variants!
95123. Source=Paul Collins Startup list
95124.  
95125. [WINTASK]
95126. Number=13504
95127. Confirmed=X
95128. Filename=taskgamr.exe
95129. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041315-1927-99" target=_blank>MYTOB.AU</a> WORM!
95130. Source=Paul Collins Startup list
95131.  
95132. [WINTASK]
95133. Number=13505
95134. Confirmed=X
95135. Filename=sys32.exe
95136. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032517-5124-99" target=_blank>MYTOB.K</a> WORM!
95137. Source=Paul Collins Startup list
95138.  
95139. [WINTASK]
95140. Number=13506
95141. Confirmed=X
95142. Filename=msmgrxp.exe
95143. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041112-3912-99" target=_blank>MYTOB.AQ</a> WORM!
95144. Source=Paul Collins Startup list
95145.  
95146. [WINTASK]
95147. Number=13507
95148. Confirmed=X
95149. Filename=iexplorer.exe
95150. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobch.html" target= blank>MYTOB-CH</a> WORM!
95151. Source=Paul Collins Startup list
95152.  
95153. [WINTASK]
95154. Number=13508
95155. Confirmed=X
95156. Filename=taskgmr32.exe
95157. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050310-3130-99" target= blank>MYTOB.BU</a> WORM!
95158. Source=Paul Collins Startup list
95159.  
95160. [WINTASK]
95161. Number=13509
95162. Confirmed=X
95163. Filename=msvhost.exe
95164. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobar.html" target=_blank>MYTOB-AR</a> WORM!
95165. Source=Paul Collins Startup list
95166.  
95167. [WINTASK]
95168. Number=13510
95169. Confirmed=X
95170. Filename=t4skmgr.exe
95171. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobak.html" target=_blank>MYTOB-AK</a> WORM!
95172. Source=Paul Collins Startup list
95173.  
95174. [WINTASK]
95175. Number=13511
95176. Confirmed=X
95177. Filename=taskfile.exe
95178. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061213-5248-99" target=_blank>MYTOB.EF</a> WORM!
95179. Source=Paul Collins Startup list
95180.  
95181. [WINTASK]
95182. Number=13512
95183. Confirmed=X
95184. Filename=taskgm.exe
95185. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobao.html" target=_blank>MYTOB-AO</a> WORM!
95186. Source=Paul Collins Startup list
95187.  
95188. [WINTASK]
95189. Number=13513
95190. Confirmed=X
95191. Filename=taskgmrs.exe
95192. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-060510-3818-99" target=_blank>MYTOB.DH</a> WORM!
95193. Source=Paul Collins Startup list
95194.  
95195. [WINTASK]
95196. Number=13514
95197. Confirmed=X
95198. Filename=yahooicons.exe
95199. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobhm.html" target="_blank">MYTOB-HM</a> WORM!
95200. Source=Paul Collins Startup list
95201.  
95202. [WINTASK DLL]
95203. Number=13515
95204. Confirmed=X
95205. Filename=jusched32.exe
95206. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041009-3642-99" target=_blank>MYTOB.AI</a> WORM!
95207. Source=Paul Collins Startup list
95208.  
95209. [WINTASK DLL32]
95210. Number=13516
95211. Confirmed=X
95212. Filename=smsrss.exe
95213. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-043017-5514-99" target=_blank>MYTOB.BS</a> WORM!
95214. Source=Paul Collins Startup list
95215.  
95216. [WinTask driver]
95217. Number=13517
95218. Confirmed=X
95219. Filename=wintask.exe
95220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderna.html" target= blank>DLOADER-NA</a> TROJAN!
95221. Source=Paul Collins Startup list
95222.  
95223. [WINTASK32]
95224. Number=13518
95225. Confirmed=X
95226. Filename=taskgmr32.exe
95227. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042510-1951-99" target=_blank>MYTOB.BN</a> WORM!
95228. Source=Paul Collins Startup list
95229.  
95230. [WINTASK32]
95231. Number=13519
95232. Confirmed=X
95233. Filename=taskgmrr.exe
95234. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062313-5401-99" target=_blank>MYTOB.FX</a> WORM!
95235. Source=Paul Collins Startup list
95236.  
95237. [wintask32]
95238. Number=13520
95239. Confirmed=X
95240. Filename=Jwintask.com
95241. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32nafbota.html" target=_blank>NAFBOT-A</a> WORM!
95242. Source=Paul Collins Startup list
95243.  
95244. [WINTASKMANAGER]
95245. Number=13521
95246. Confirmed=X
95247. Filename=taskgmr.exe
95248. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobaf.html" target= blank>MYTOB-AF</a> WORM!
95249. Source=Paul Collins Startup list
95250.  
95251. [WINTASKMGR]
95252. Number=13522
95253. Confirmed=X
95254. Filename=ccsrs.exe
95255. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032711-4636-99" target=_blank>MYTOB.Q</a> WORM!
95256. Source=Paul Collins Startup list
95257.  
95258. [WINTASKS]
95259. Number=13523
95260. Confirmed=X
95261. Filename=taskgmr.exe
95262. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042512-4055-99" target=_blank>MYTOB.BO</a> WORM!
95263. Source=Paul Collins Startup list
95264.  
95265. [WINTASKS]
95266. Number=13524
95267. Confirmed=X
95268. Filename=winxpro.exe
95269. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061610-5259-99" target=_blank>MYTOB.EZ</a> WORM!
95270. Source=Paul Collins Startup list
95271.  
95272. [WinTasks DLL Library (32-bits)]
95273. Number=13525
95274. Confirmed=X
95275. Filename=winkll.exe
95276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotajz.html" target=_blank>RBOT-AJZ</a> WORM!
95277. Source=Paul Collins Startup list
95278.  
95279. [WinTasks Traybar]
95280. Number=13526
95281. Confirmed=U
95282. Filename=wintasks.exe
95283. Description=<a href="http://www.liutilities.com/products/wintasksstd/" target="_blank">WinTasks</a> - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"
95284. Source=Paul Collins Startup list
95285.  
95286. [wintasks.exe]
95287. Number=13527
95288. Confirmed=X
95289. Filename=wintasks.exe
95290. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070314-3235-99" target="_blank">EVAMAN</a> WORM!
95291. Source=Paul Collins Startup list
95292.  
95293. [Wintbp.exe]
95294. Number=13528
95295. Confirmed=X
95296. Filename=wintbp.exe
95297. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081615-4443-99" target=_blank>ZOTOB.E</a> WORM!
95298. Source=Paul Collins Startup list
95299.  
95300. [Wintbpx.exe]
95301. Number=13529
95302. Confirmed=X
95303. Filename=wintbpx.exe
95304. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081711-4133-99" target=_blank>ZOTOB.F</a> WORM!
95305. Source=Paul Collins Startup list
95306.  
95307. [wintective]
95308. Number=13530
95309. Confirmed=U
95310. Filename=wintective.exe
95311. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.wintective.html" target=_blank>Wintective</a> logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself remove it
95312. Source=Paul Collins Startup list
95313.  
95314. [winter]
95315. Number=13531
95316. Confirmed=X
95317. Filename=happy.exe
95318. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyf.html" target= blank>SDBOT-YF</a> WORM!
95319. Source=Paul Collins Startup list
95320.  
95321. [Wintercooler Pro]
95322. Number=13532
95323. Confirmed=N
95324. Filename=WINCOOL.EXE
95325. Description=<a href="http://www.liveye.com/wintercooler/index.html" target="_blank">Wintercooler Pro</a> - utility that monitors CPU usage, RAM consumption and Internet connection speed
95326. Source=Paul Collins Startup list
95327.  
95328. [WinTidy]
95329. Number=13533
95330. Confirmed=N
95331. Filename=WinTidy.exe
95332. Description=Desktop icon manager from <a href="http://www.pcmag.com/article2/0,4149,17748,00.asp" target="_blank">PC Magazine</a> (Ziff-Davis). Available via Start -> Programs
95333. Source=Paul Collins Startup list
95334.  
95335. [Wintime]
95336. Number=13534
95337. Confirmed=X
95338. Filename=Wintime.exe
95339. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081411-1341-99" target="_blank">HARNIG</a> TROJAN!
95340. Source=Paul Collins Startup list
95341.  
95342. [WinTime]
95343. Number=13535
95344. Confirmed=U
95345. Filename=wintime.exe
95346. Description=Added by <a href="http://www.winsite.com/bin/Info?500000018285" target=_blank>WinTime</a> - change desktop icons' color and font
95347. Source=Paul Collins Startup list
95348.  
95349. [Wintime Wtxpload]
95350. Number=13536
95351. Confirmed=N
95352. Filename=Wxpload.exe Wintime
95353. Description=Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG"
95354. Source=Paul Collins Startup list
95355.  
95356. [WinTimer]
95357. Number=13537
95358. Confirmed=X
95359. Filename=msupdate.cmd
95360. Description=Hijacker - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan.Win32.StartPage.tj
95361. Source=Paul Collins Startup list
95362.  
95363. [wintnask32.exe]
95364. Number=13538
95365. Confirmed=X
95366. Filename=wintnask32.exe
95367. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotafp.html" target=_blank>RBOT-AFP</a> WORM!
95368. Source=Paul Collins Startup list
95369.  
95370. [wintnl.exe]
95371. Number=13539
95372. Confirmed=X
95373. Filename=wintnl.exe
95374. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082415-0814-99" target=_blank>ZOTOB.K</a> WORM!
95375. Source=Paul Collins Startup list
95376.  
95377. [wintnpx.exe]
95378. Number=13540
95379. Confirmed=X
95380. Filename=wintnpx.exe
95381. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-081717-2017-99" target=_blank>ZOTOB.H</a> WORM!
95382. Source=Paul Collins Startup list
95383.  
95384. [WinTools]
95385. Number=13541
95386. Confirmed=X
95387. Filename=WToolsA.exe
95388. Description=<a href="http://www.winpatrol.com/db/freesample/wtoolsa.html" target="_blank">Wintools</a> adware
95389. Source=Paul Collins Startup list
95390.  
95391. [WinTOTAL Scheduler]
95392. Number=13542
95393. Confirmed=N
95394. Filename=guru.exe
95395. Description=WinTOTAL Real estate appraisal software related
95396. Source=Paul Collins Startup list
95397.  
95398. [WinTray]
95399. Number=13543
95400. Confirmed=X
95401. Filename=wintray.exe
95402. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-050510-1214-99" target="_blank">LEGUARDIEN.B</a> TROJAN!
95403. Source=Paul Collins Startup list
95404.  
95405. [wintsk32dll]
95406. Number=13544
95407. Confirmed=X
95408. Filename=wintsk32dll.exe
95409. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaj.html" target=_blank>RBOT-AAJ</a> WORM!
95410. Source=Paul Collins Startup list
95411.  
95412. [winudll.exe]
95413. Number=13545
95414. Confirmed=X
95415. Filename=winudll.exe
95416. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmitgliece.html" target=_blank>MITGLIE-CE</a> TROJAN!
95417. Source=Paul Collins Startup list
95418.  
95419. [winui]
95420. Number=13546
95421. Confirmed=X
95422. Filename=z.exe
95423. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111016-2709-99" target=_blank>KONDELI</a> TROJAN!
95424. Source=Paul Collins Startup list
95425.  
95426. [winupated.exe]
95427. Number=13547
95428. Confirmed=X
95429. Filename=winupated.exe
95430. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN" target=_blank>SDBOT</a> WORM!
95431. Source=Paul Collins Startup list
95432.  
95433. [winupd]
95434. Number=13548
95435. Confirmed=X
95436. Filename=RUNDLL32.EXE [random value].dll, _mainRD
95437. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-070412-0248-99" target="_blank">MOTA.A</a> WORM!
95438. Source=Paul Collins Startup list
95439.  
95440. [winupd]
95441. Number=13549
95442. Confirmed=X
95443. Filename=winupd.exe
95444. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-052519-4845-99" target="_blank">SearchNew</a> adware
95445. Source=Paul Collins Startup list
95446.  
95447. [winupd.exe]
95448. Number=13550
95449. Confirmed=X
95450. Filename=winupd.exe
95451. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031310-3624-99" target="_blank">BEAGLE.M</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031508-5302-99" target="_blank">BEAGLE.N</a> WORMS!
95452. Source=Paul Collins Startup list
95453.  
95454. [WinUPD32]
95455. Number=13551
95456. Confirmed=X
95457. Filename=explorer.exe
95458. Description=Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
95459. Source=Paul Collins Startup list
95460.  
95461. [winupdat]
95462. Number=13552
95463. Confirmed=X
95464. Filename=winupdat.exe
95465. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=40033" target="_blank">CANBOT.A</a> WORM!
95466. Source=Paul Collins Startup list
95467.  
95468. [WinUpdate]
95469. Number=13553
95470. Confirmed=X
95471. Filename=RBSKQQBO.EXE
95472. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-041117-0339-99" target="_blank">VBSWG2B.A</a> WORM!
95473. Source=Paul Collins Startup list
95474.  
95475. [WinUpdate]
95476. Number=13554
95477. Confirmed=X
95478. Filename=wmbem.exe
95479. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091716-5153-99" target="_blank">REVCUSS.B</a> TROJAN!
95480. Source=Paul Collins Startup list
95481.  
95482. [WinUpdate]
95483. Number=13555
95484. Confirmed=X
95485. Filename=updsys.exe
95486. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
95487. Source=Paul Collins Startup list
95488.  
95489. [winupdate]
95490. Number=13556
95491. Confirmed=X
95492. Filename=winupdate.exe
95493. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43230" target=_blank>ALCAN.B</a> WORM!
95494. Source=Paul Collins Startup list
95495.  
95496. [WinUpdate]
95497. Number=13557
95498. Confirmed=X
95499. Filename=svhost.exe
95500. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
95501. Source=Paul Collins Startup list
95502.  
95503. [WinUpdate Loader]
95504. Number=13558
95505. Confirmed=X
95506. Filename=msnnm.exe
95507. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-092315-2159-99" target="_blank">REVCUSS.C</a> TROJAN!
95508. Source=Paul Collins Startup list
95509.  
95510. [winupdate.exe]
95511. Number=13559
95512. Confirmed=X
95513. Filename=winupdate.exe
95514. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090211-2821-99" target="_blank">RADO</a> TROJAN!
95515. Source=Paul Collins Startup list
95516.  
95517. [winupdate.reg]
95518. Number=13560
95519. Confirmed=X
95520. Filename=winupdate.exe
95521. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-093016-3632-99" target=_blank>SPYBOT.EAS</a> WORM!
95522.  
95523. Source=Paul Collins Startup list
95524.  
95525. [winupdate2846]
95526. Number=13561
95527. Confirmed=X
95528. Filename=vbsystem35.exe msvbrun.exe
95529. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojmutinc.html" target="_blank">MUTIN-C</a> TROJAN!
95530. Source=Paul Collins Startup list
95531.  
95532. [WinUpdateB]
95533. Number=13562
95534. Confirmed=X
95535. Filename=breatle.exe
95536. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-073116-3607-99" target=_blank>BRATLE.A</a>WORM!
95537. Source=Paul Collins Startup list
95538.  
95539. [winupdateconn]
95540. Number=13563
95541. Confirmed=X
95542. Filename=[path to file]
95543. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combraa.html" target=_blank>COMBRA-A</a> WORM!
95544. Source=Paul Collins Startup list
95545.  
95546. [winupdateconn_]
95547. Number=13564
95548. Confirmed=X
95549. Filename=Explorer.EXE
95550. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combrab.html" target="_blank">COMBRA-B</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
95551. Source=Paul Collins Startup list
95552.  
95553. [winupdatefiv_]
95554. Number=13565
95555. Confirmed=X
95556. Filename=[path to file]
95557. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_COMBRA.C&VSect=P" target=_blank>COMBRA.C</a> WORM!
95558. Source=Paul Collins Startup list
95559.  
95560. [WinUpdateProtection]
95561. Number=13566
95562. Confirmed=U
95563. Filename=csrss.exe
95564. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042611-5813-99" target=_blank>EmployeeWatch</a> is a commercial surveillance software program designed to monitor user activity on a computer
95565. Source=Paul Collins Startup list
95566.  
95567. [winupdates]
95568. Number=13567
95569. Confirmed=X
95570. Filename=winupdates.exe
95571. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32alcrab.html" target=_blank>ALCRA-B</a> WORM!
95572. Source=Paul Collins Startup list
95573.  
95574. [winupdate_]
95575. Number=13568
95576. Confirmed=X
95577. Filename=[path to file]
95578. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030314-1644-99" target=_blank>COMDOR.A</a> WORM!
95579. Source=Paul Collins Startup list
95580.  
95581. [WinUPDbc]
95582. Number=13569
95583. Confirmed=X
95584. Filename=winupdbc.exe
95585. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerdsn.html" target="_blank">BANKER-DSN</a> TROJAN!
95586. Source=Paul Collins Startup list
95587.  
95588. [WinUpdsv]
95589. Number=13570
95590. Confirmed=X
95591. Filename=winupdsv.exe
95592. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032411-3140-99" target=_blank>DROPO</a> MACRO!
95593. Source=Paul Collins Startup list
95594.  
95595. [winupdt]
95596. Number=13571
95597. Confirmed=X
95598. Filename=RUNDLL32.EXE [random.dll]
95599. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=57406" target=_blank>MABUT.A</a> WORM!
95600. Source=Paul Collins Startup list
95601.  
95602. [winupdtl]
95603. Number=13572
95604. Confirmed=X
95605. Filename=winupdtl.exe
95606. Description=<a href="http://sarc.com/avcenter/venc/data/adware.secondthought.html" target=_blank>SecondThought</a> adware variant
95607.  
95608. Source=Paul Collins Startup list
95609.  
95610. [WinUpgrader]
95611. Number=13573
95612. Confirmed=X
95613. Filename=[path to trojan]
95614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdz.html" target=_blank>AGENT-DZ</a> TROJAN!
95615. Source=Paul Collins Startup list
95616.  
95617. [winur]
95618. Number=13574
95619. Confirmed=X
95620. Filename=winrun.exe
95621. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-032718-1359-99" target="_blank">WINUR.B</a> WORM!
95622. Source=Paul Collins Startup list
95623.  
95624. [winusb.dll]
95625. Number=13575
95626. Confirmed=X
95627. Filename=winguard.exe
95628. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcn.html" target=_blank>FORBOT-CN</a> WORM!
95629. Source=Paul Collins Startup list
95630.  
95631. [WinUser32K]
95632. Number=13576
95633. Confirmed=X
95634. Filename=usr32wink.exe
95635. Description=Added by the HK TROJAN!
95636. Source=Paul Collins Startup list
95637.  
95638. [WinUsr]
95639. Number=13577
95640. Confirmed=X
95641. Filename=WinUsr.exe K1S2
95642. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032417-0333-99" target=_blank>CLUNK.A</a> WORM!
95643. Source=Paul Collins Startup list
95644.  
95645. [Winux Piriax Service]
95646. Number=13578
95647. Confirmed=X
95648. Filename=PH32.EXE
95649. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081410-5233-99" target="_blank">RANDEX.G</a> WORM!
95650. Source=Paul Collins Startup list
95651.  
95652. [winversion]
95653. Number=13579
95654. Confirmed=X
95655. Filename=winversion.exe
95656. Description=Browser hijacker, redirecting to specificsearches.com
95657. Source=Paul Collins Startup list
95658.  
95659. [WinVNC]
95660. Number=13580
95661. Confirmed=U
95662. Filename=WinVNC.exe
95663. Description=WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet. Now superseeded by <a href="http://www.realvnc.com/" target="_blank">RealVNC</a>
95664. Source=Paul Collins Startup list
95665.  
95666. [WinVNC]
95667. Number=13581
95668. Confirmed=X
95669. Filename=iexplorer.exe
95670. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042518-0520-99" target="_blank">EVIVINC</a> VIRUS!
95671. Source=Paul Collins Startup list
95672.  
95673. [winvxd32]
95674. Number=13582
95675. Confirmed=X
95676. Filename=winvxd32.exe
95677. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042511-5737-99" target= blank>GABLOLIZ.A</a> WORM!
95678. Source=Paul Collins Startup list
95679.  
95680. [winwan lptt01]
95681. Number=13583
95682. Confirmed=X
95683. Filename=winwan.exe
95684. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
95685. Source=Paul Collins Startup list
95686.  
95687. [winwan ml097e]
95688. Number=13584
95689. Confirmed=X
95690. Filename=winwan.exe
95691. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Winwan" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
95692. Source=Paul Collins Startup list
95693.  
95694. [winword]
95695. Number=13585
95696. Confirmed=X
95697. Filename=winword.exe
95698. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtorpidc.html" target=_blank>TORPID-C</a> TROJAN!
95699. Source=Paul Collins Startup list
95700.  
95701. [WINWORD.exe]
95702. Number=13586
95703. Confirmed=X
95704. Filename=WINWORD.exe
95705. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042112-4601-99" target=_blank>DRIVUS</a> TROJAN! Note - this is not the legitimate MS Word process of the same name, which is always located in the Program Files folder. This one is found in System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
95706. Source=Paul Collins Startup list
95707.  
95708. [WinWorks]
95709. Number=13587
95710. Confirmed=X
95711. Filename=vstmgr.exe
95712. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ACJ" target="_blank">AGOBOT.ACJ</a> WORM!
95713. Source=Paul Collins Startup list
95714.  
95715. [winwsl.exe]
95716. Number=13588
95717. Confirmed=X
95718. Filename=winwsl.exe
95719. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32zotobj.html" target=_blank>ZOTOB-J</a> WORM!
95720. Source=Paul Collins Startup list
95721.  
95722. [winXP]
95723. Number=13589
95724. Confirmed=X
95725. Filename=33.exe
95726. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102614-0016-99" target=_blank>ANPES</a> WORM!
95727. Source=Paul Collins Startup list
95728.  
95729. [WinXP]
95730. Number=13590
95731. Confirmed=X
95732. Filename=plugin1.exe
95733. Description=Added by the Downloader-JW TROJAN!
95734.  
95735. Source=Paul Collins Startup list
95736.  
95737. [WinXP]
95738. Number=13591
95739. Confirmed=X
95740. Filename=csrss.exe
95741. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosag.html" target=_blank>BANCOS-AG</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Arquivos de programas\WinXP\Tools" folder
95742. Source=Paul Collins Startup list
95743.  
95744. [WinXP fix]
95745. Number=13592
95746. Confirmed=X
95747. Filename=[path to file]
95748. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010317-1237-99" target=_blank>RANKY.P</a> TROJAN!
95749. Source=Paul Collins Startup list
95750.  
95751. [WinXP Processor Generator v1.2]
95752. Number=13593
95753. Confirmed=X
95754. Filename=intspnsr32.exe
95755. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.LP" target="_blank">SDBOT.LP</a> WORM!
95756. Source=Paul Collins Startup list
95757.  
95758. [WinXp Updater]
95759. Number=13594
95760. Confirmed=X
95761. Filename=winxp32.exe
95762. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothg.html" target=_blank>RBOT-HG</a> WORM!
95763. Source=Paul Collins Startup list
95764.  
95765. [WinXP-98]
95766. Number=13595
95767. Confirmed=X
95768. Filename=CSRSS.exe
95769. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankerds.html" target=_blank>BANKER-DS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target=_blank>csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located a C:\Arquivos de programas\WinXP-98\Tools folder
95770. Source=Paul Collins Startup list
95771.  
95772. [winxpdll32.exe]
95773. Number=13596
95774. Confirmed=X
95775. Filename=winxpdll32.exe
95776. Description=Added by a variant of the SMALL downloader TROJAN!
95777. Source=Paul Collins Startup list
95778.  
95779. [WinXPHome]
95780. Number=13597
95781. Confirmed=X
95782. Filename=plugin2.exe
95783. Description=Added by the malicious <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INOR.T&VSect=P" target=_blank>INOR.T</a> script!
95784. Source=Paul Collins Startup list
95785.  
95786. [WinXPLoad]
95787. Number=13598
95788. Confirmed=U
95789. Filename=Rundll32 LoadDll, LoadExe WinXPLoad.exe
95790. Description=Compaq hotkey related - required if you use the hotkeys
95791. Source=Paul Collins Startup list
95792.  
95793. [winxpusbd]
95794. Number=13599
95795. Confirmed=X
95796. Filename=winxp64.exe
95797. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
95798. Source=Paul Collins Startup list
95799.  
95800. [winystems25]
95801. Number=13600
95802. Confirmed=X
95803. Filename=winystems.exe
95804. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
95805. Source=Paul Collins Startup list
95806.  
95807. [Winz Firewall]
95808. Number=13601
95809. Confirmed=X
95810. Filename=[random filename].exe
95811. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
95812. Source=Paul Collins Startup list
95813.  
95814. [WinZap Check]
95815. Number=13602
95816. Confirmed=X
95817. Filename=winzbp.exe
95818. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotawz.html" target=_blank>RBOT-AWZ</a> WORM!
95819. Source=Paul Collins Startup list
95820.  
95821. [winzip]
95822. Number=13603
95823. Confirmed=X
95824. Filename=[path to trojan]
95825. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032014-5144-99" target=_blank>BANCOS.G</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081716-2831-99" target=_blank>BANCOS.K</a> TROJANS! Note - this is not part of the popular WinZip file compression utility
95826.  
95827. Source=Paul Collins Startup list
95828.  
95829. [Winzip]
95830. Number=13604
95831. Confirmed=X
95832. Filename=[various filenames]
95833. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lerpaa.html" target=_blank>LERPA-A</a> WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif
95834. Source=Paul Collins Startup list
95835.  
95836. [Winzip Application]
95837. Number=13605
95838. Confirmed=X
95839. Filename=winzip81.exe
95840. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotbkz.html" target="_blank">RBOT-BKZ</a> WORM!
95841. Source=Paul Collins Startup list
95842.  
95843. [WinZip Quick Pick]
95844. Number=13606
95845. Confirmed=N
95846. Filename=WZQKPICK.EXE
95847. Description=Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
95848. Source=Paul Collins Startup list
95849.  
95850. [WinZip Update]
95851. Number=13607
95852. Confirmed=X
95853. Filename=WinZip.exe
95854. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM! Note - this is not part of the popular WinZip file compression utility
95855. Source=Paul Collins Startup list
95856.  
95857. [Win_api_driver]
95858. Number=13608
95859. Confirmed=X
95860. Filename=system.exe
95861. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-122714-4318-99" target="_blank">REVIRD</a> TROJAN!
95862. Source=Paul Collins Startup list
95863.  
95864. [Win_BooT]
95865. Number=13609
95866. Confirmed=X
95867. Filename=[path to file]
95868. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankergi.html" target=_blank>BANKER-GI</a> TROJAN!
95869. Source=Paul Collins Startup list
95870.  
95871. [WIN_DRIVR32]
95872. Number=13610
95873. Confirmed=X
95874. Filename=shchostv.exe
95875. Description=Added by a TROJAN - see <a href="http://www.greatis.com/appdata/d/s/shchostv.exe.htm" target="_blank">here</a>
95876. Source=Paul Collins Startup list
95877.  
95878. [Win_Library]
95879. Number=13611
95880. Confirmed=X
95881. Filename=INISvc.exe
95882. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-111911-5528-99" target="_blank">ANARCH</a> WORM!
95883. Source=Paul Collins Startup list
95884.  
95885. [win_spool2]
95886. Number=13612
95887. Confirmed=X
95888. Filename=win_spool2.exe
95889. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCKEYLOG.B" target="_blank">SCKEYLOG.B</a> TROJAN!
95890. Source=Paul Collins Startup list
95891.  
95892. [win_supp00.exe]
95893. Number=13613
95894. Confirmed=X
95895. Filename=Win Const.exe
95896. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojassasinh.html" target=_blank>ASSASIN-H</a> TROJAN!
95897. Source=Paul Collins Startup list
95898.  
95899. [win_upd.exe]
95900. Number=13614
95901. Confirmed=X
95902. Filename=WINdirect.exe
95903. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072217-0338-99" target="_blank">MITGLIEDER.M</a> TROJAN!
95904. Source=Paul Collins Startup list
95905.  
95906. [win_upd2.exe]
95907. Number=13615
95908. Confirmed=X
95909. Filename=WINdirect.exe
95910. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080911-3251-99" target="_blank">BEAGLE.AO</a> WORM!
95911. Source=Paul Collins Startup list
95912.  
95913. [Win_vader]
95914. Number=13616
95915. Confirmed=X
95916. Filename=Win_vader.vbs
95917. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INVASION.A" target="_blank">INVASION.A</a> VIRUS!
95918. Source=Paul Collins Startup list
95919.  
95920. [WIP Config GUI]
95921. Number=13617
95922. Confirmed=X
95923. Filename=Winipcfgs.exe
95924. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotcn.html" target=_blank>RBOT-CN</a> WORM!
95925. Source=Paul Collins Startup list
95926.  
95927. [Wireless Console]
95928. Number=13618
95929. Confirmed=N
95930. Filename=wcourier.exe
95931. Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wcourier/" target="_blank">ASUS Wireless Console</a> - installed alongside ASUS wireless components and provides additional configuration options for these devices
95932. Source=Paul Collins Startup list
95933.  
95934. [Wireless PCI Card Configuration Utility]
95935. Number=13619
95936. Confirmed=U
95937. Filename=WMP11Cfg.exe
95938. Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> wireless PCI card (<a href="http://www.linksys.com/products/product.asp?prid=196&grid=" target="_blank">WMP11</a>) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
95939. Source=Paul Collins Startup list
95940.  
95941. [Wireless Provider Server]
95942. Number=13620
95943. Confirmed=X
95944. Filename=wpsvr.exe
95945. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotad.html" target="_blank">FORBOT-AD</a> WORM!
95946. Source=Paul Collins Startup list
95947.  
95948. [Wireless Switching Setting Utility]
95949. Number=13621
95950. Confirmed=U
95951. Filename=Switcher.exe
95952. Description=On a Sony laptop with built in wireless it allows the user to select which wireless services they want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on if disabled)
95953. Source=Paul Collins Startup list
95954.  
95955. [Wireless-G Notebook Adapter]
95956. Number=13622
95957. Confirmed=Y
95958. Filename=Gcc.exe
95959. Description=LinkSys Wireless-G Notebook Adapter driver
95960. Source=Paul Collins Startup list
95961.  
95962. [Wireless-G Notebook Adapter Utility]
95963. Number=13623
95964. Confirmed=U
95965. Filename=WPC54CFG.EXE
95966. Description=Utility used by the <a href="http://www.linksys.com/default.asp" target="_blank">LINKSYS</a> Wireless-G Notebook Adapter (<a href="http://www.linksys.com/splash/wpc54g_splash.asp" target="_blank">WPC54G</a>)
95967. Source=Paul Collins Startup list
95968.  
95969. [WireLessKeyboard]
95970. Number=13624
95971. Confirmed=U
95972. Filename=PS2USBKbdDrv.exe
95973. Description=Related to <a href="http://www.sansun.com.cn/en/product.asp?Keyword=PS2USBKbdDrv.exe&search=yes&Submit=Search&id=17" target="_blank">WireLess Keyboard</a> Multimedia Combo Set by SANSUN Industries
95974. Source=Paul Collins Startup list
95975.  
95976. [WireLessMouse]
95977. Number=13625
95978. Confirmed=U
95979. Filename=MouseDrv.exe
95980. Description=Related to <a href="http://www.sansun.com.cn/en/product.asp?Keyword=PS2USBKbdDrv.exe&search=yes&Submit=Search&id=17" target="_blank">WireLess Mouse</a> Multimedia Combo Set by SANSUN Industries. Located in C:\Program Files\Multimedia Combo Set
95981. Source=Paul Collins Startup list
95982.  
95983. [wise]
95984. Number=13626
95985. Confirmed=X
95986. Filename=clockwise.exe
95987. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlazara.html" target=_blank>LAZAR-A</a> TROJAN!
95988. Source=Paul Collins Startup list
95989.  
95990. [WIZZ]
95991. Number=13627
95992. Confirmed=X
95993. Filename=dazzler.exe
95994. Description=Reported by Kaspersky Anti-Virus as DIALER.IS TROJAN!
95995. Source=Paul Collins Startup list
95996.  
95997. [wjview]
95998. Number=13628
95999. Confirmed=N
96000. Filename=wjview.exe
96001. Description=MS tool used to view window-based Java applications from the command line
96002. Source=Paul Collins Startup list
96003.  
96004. [wkcalrem]
96005. Number=13629
96006. Confirmed=N
96007. Filename=wkcalrem.exe
96008. Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
96009. Source=Paul Collins Startup list
96010.  
96011. [WkDetect]
96012. Number=13630
96013. Confirmed=N
96014. Filename=WkDetect.exe
96015. Description=Checks for updates to MS Works
96016. Source=Paul Collins Startup list
96017.  
96018. [wkfud]
96019. Number=13631
96020. Confirmed=N
96021. Filename=wkfud.exe
96022. Description=A marketing program for MS Works
96023. Source=Paul Collins Startup list
96024.  
96025. [WksSb]
96026. Number=13632
96027. Confirmed=N
96028. Filename=WksSb.exe
96029. Description=The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file
96030. Source=Paul Collins Startup list
96031.  
96032. [WksSVC]
96033. Number=13633
96034. Confirmed=X
96035. Filename=EXPLORER.exe
96036. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobbw.html" target="_blank">MYTOB-BW</a> WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
96037. Source=Paul Collins Startup list
96038.  
96039. [WkUFind]
96040. Number=13634
96041. Confirmed=N
96042. Filename=WkUFind.exe
96043. Description=MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update <a href="http://www.officeupdate.com/ProductUpdates/default.aspx" target=_blank>site</a>. You can also turn of the automatic update feature within Picture It! - see <a href="http://support.microsoft.com/kb/308588/en-us" target=_blank>here</a>
96044.  
96045. Source=Paul Collins Startup list
96046.  
96047. [Wkyo86]
96048. Number=13635
96049. Confirmed=X
96050. Filename=[path to worm]
96051. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32pitina.html" target="_blank">PITIN-A</a> WORM!
96052. Source=Paul Collins Startup list
96053.  
96054. [Wlan Drier]
96055. Number=13636
96056. Confirmed=X
96057. Filename=Winusb2.exe
96058. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DC" target="_blank">WOOTBOT.DC</a> WORM!
96059. Source=Paul Collins Startup list
96060.  
96061. [Wlan Driver]
96062. Number=13637
96063. Confirmed=X
96064. Filename=avscan.exe
96065. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.DH" target="_blank">WOOTBOT.DH</a> WORM!
96066. Source=Paul Collins Startup list
96067.  
96068. [WLAN Status Tray Applet]
96069. Number=13638
96070. Confirmed=N
96071. Filename=WLANSTA.EXE
96072. Description=System Tray icon for checking the status of a Wireless LAN
96073. Source=Paul Collins Startup list
96074.  
96075. [wlancfg]
96076. Number=13639
96077. Confirmed=U
96078. Filename=wlancfg.exe
96079. Description=Inventel wireless router related - required in order to automatically connect to the Net at bootup
96080. Source=Paul Collins Startup list
96081.  
96082. [wlancfg5]
96083. Number=13640
96084. Confirmed=Y
96085. Filename=wlancfg5.exe
96086. Description=NetGear WG311v3 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
96087. Source=Paul Collins Startup list
96088.  
96089. [WLANSTA.EXE]
96090. Number=13641
96091. Confirmed=N
96092. Filename=WLANSTA.EXE
96093. Description=System Tray icon for checking the status of a Wireless LAN
96094. Source=Paul Collins Startup list
96095.  
96096. [WLAN_Cfg.exe]
96097. Number=13642
96098. Confirmed=Y
96099. Filename=WLAN_Cfg.exe
96100. Description=Linksys Instant Wireless USB Network Adapter driver
96101. Source=Paul Collins Startup list
96102.  
96103. [wlsass]
96104. Number=13643
96105. Confirmed=X
96106. Filename=wlsass.exe
96107. Description=Added by the <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=103755" target="_blank">RANKY.CY</a> TROJAN!
96108. Source=Paul Collins Startup list
96109.  
96110. [WLTRAY]
96111. Number=13644
96112. Confirmed=N
96113. Filename=wltray.exe
96114. Description=Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
96115. Source=Paul Collins Startup list
96116.  
96117. [wltray]
96118. Number=13645
96119. Confirmed=N
96120. Filename=wltray.exe
96121. Description=System tray access to wireless LAN card configuration options
96122.  
96123. Source=Paul Collins Startup list
96124.  
96125. [WM VCR]
96126. Number=13646
96127. Confirmed=N
96128. Filename=WMVCR.exe
96129. Description=<a href="http://www.wmrecorder.com/" target=_blank>WM Recorder</a> allows you to record Windows Media(tm) streaming Video or Audio content. Can be accessed via Start Menu -> Programs
96130. Source=Paul Collins Startup list
96131.  
96132. [Wm24Pan]
96133. Number=13647
96134. Confirmed=Y
96135. Filename=Wm24Pan.Exe
96136. Description=<a href="http://www.esi-pro.com/" target=_blank>ESI</a> external sound card driver
96137. Source=Paul Collins Startup list
96138.  
96139. [wm41a398]
96140. Number=13648
96141. Confirmed=X
96142. Filename=rundll32.exe [path] wm41a398.dll, EnableRunDLL32
96143. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
96144. Source=Paul Collins Startup list
96145.  
96146. [WMAudio]
96147. Number=13649
96148. Confirmed=X
96149. Filename=services.exe
96150. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
96151. Source=Paul Collins Startup list
96152.  
96153. [WMAudio]
96154. Number=13650
96155. Confirmed=X
96156. Filename=winlogon.exe
96157. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
96158. Source=Paul Collins Startup list
96159.  
96160. [WMBoot]
96161. Number=13651
96162. Confirmed=N
96163. Filename=N/A
96164. Description=Associated with Logitech Wingman game controllers. <font color="#FF0000"> Not required but what does it do?</font>
96165. Source=Paul Collins Startup list
96166.  
96167. [wmcbaaca]
96168. Number=13652
96169. Confirmed=X
96170. Filename=rundll32.exe [path] wmcbaaca.dll, EnableRunDLL32
96171. Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target=_blank>LZIO.com</a> adware downloader
96172. Source=Paul Collins Startup list
96173.  
96174. [WMC_RebootCheck]
96175. Number=13653
96176. Confirmed=N
96177. Filename=unregmp2.exe
96178. Description=Corrects problems with installations of Windows Media Player from version 9 onwards - see <a href="http://zachd.com/pss/pss.html" target="_blank">here</a> and search for "unregmp2.exe"
96179. Source=Paul Collins Startup list
96180.  
96181. [WMI Application Interface]
96182. Number=13654
96183. Confirmed=X
96184. Filename=wmiapi.exe
96185. Description=Added by the <a href="http://sarc.com/avcenter/venc/data/w32.spybot.rby.html" target=_blank>SPYBOT.RBY</a> WORM!
96186. Source=Paul Collins Startup list
96187.  
96188. [WMIEXE.exe]
96189. Number=13655
96190. Confirmed=U
96191. Filename=wmiexe.exe
96192. Description=NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed
96193. Source=Paul Collins Startup list
96194.  
96195. [Wminf]
96196. Number=13656
96197. Confirmed=X
96198. Filename=Wminf.exe
96199. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
96200. Source=Paul Collins Startup list
96201.  
96202. [Wminfo]
96203. Number=13657
96204. Confirmed=X
96205. Filename=Wminfo.exe
96206. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-121616-1945-99" target="_blank">GEMA</a> TROJAN!
96207. Source=Paul Collins Startup list
96208.  
96209. [wmiprv]
96210. Number=13658
96211. Confirmed=X
96212. Filename=wmiprv.exe
96213. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwm.html" target=_blank>RBOT-WM</a> WORM!
96214. Source=Paul Collins Startup list
96215.  
96216. [wmon]
96217. Number=13659
96218. Confirmed=X
96219. Filename=jusched.exe
96220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotow.html" target=_blank>AGOBOT-OW</a> WORM!
96221. Source=Paul Collins Startup list
96222.  
96223. [WMP54Gv4]
96224. Number=13660
96225. Confirmed=Y
96226. Filename=WMP54Gv4.exe
96227. Description=Linksys WMP54Gv4 wireless PCI adapter driver - required in order to automatically connect to the wireless router/gateway at bootup. Note - may not install correctly on Windows9x/ME computers which have Slipstream accelerator installed. Uninstall Slipstream first, disabling slipcore and slipgui are insufficient
96228. Source=Paul Collins Startup list
96229.  
96230. [wmplayer.exe]
96231. Number=13661
96232. Confirmed=X
96233. Filename=wmplayer.exe
96234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancz.html" target=_blank>BANCBAN-CZ</a> TROJAN!
96235. Source=Paul Collins Startup list
96236.  
96237. [wmpnscfg]
96238. Number=13662
96239. Confirmed=U
96240. Filename=wmpnscfg.exe
96241. Description="Microsoft Windows uses wmpnscfg.exe to alert users when media rendering devices are found on the network. Wmpnscfg starts the Windows Media Player Network Sharing Service (NSS) and then waits for notifications from the service. When wmpnscfg is notified that a new media device is available on the network, it displays a popup in the system tray that informs the user about the availability of the new device. If the user clicks the popup, wmpnscfg launches Windows Media Player, which displays a dialog box that asks the user to either allow or deny sharing with the new device." - see <a href="http://windowssdk.msdn.microsoft.com/en-us/library/ms739434.aspx" target="_blank">here</a>
96242. Source=Paul Collins Startup list
96243.  
96244. [wms3]
96245. Number=13663
96246. Confirmed=X
96247. Filename=wms3.exe
96248. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqg.html" target="_blank">LEGMIR-AQG</a> TROJAN!
96249. Source=Paul Collins Startup list
96250.  
96251. [wmsys32]
96252. Number=13664
96253. Confirmed=X
96254. Filename=wmsys32.exe
96255. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112015-4721-99" target="_blank">BANPAES.B</a> TROJAN!
96256. Source=Paul Collins Startup list
96257.  
96258. [wmv]
96259. Number=13665
96260. Confirmed=X
96261. Filename=winmonv.exe
96262. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentdg.html" target= blank>AGENT-DG</a> TROJAN!
96263. Source=Paul Collins Startup list
96264.  
96265. [WM_LOGIN]
96266. Number=13666
96267. Confirmed=?
96268. Filename=MSGLOGIN.EXE
96269. Description=<font color="#FF0000">Part of McAfee Firewall. What is it for and is it needed?</font>
96270. Source=Paul Collins Startup list
96271.  
96272. [WN Services]
96273. Number=13667
96274. Confirmed=X
96275. Filename=wnsvc.exe
96276. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32kbbota.html" target=_blank>KBBOT-A</a> TROJAN!
96277. Source=Paul Collins Startup list
96278.  
96279. [WNAD]
96280. Number=13668
96281. Confirmed=X
96282. Filename=WNAD.EXE
96283. Description=Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). See <a href="http://www.cexx.org/osama.htm" target="_blank">here</a> for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like
96284. Source=Paul Collins Startup list
96285.  
96286. [wnddrv]
96287. Number=13669
96288. Confirmed=X
96289. Filename=svchost.exe
96290. Description=Added by an unidentified TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
96291. Source=Paul Collins Startup list
96292.  
96293. [WNILOGON]
96294. Number=13670
96295. Confirmed=X
96296. Filename=WNILOGON.exe
96297. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32leworm.html" target=_blank>LEWOR-M</a> TROJAN!
96298. Source=Paul Collins Startup list
96299.  
96300. [WNSC]
96301. Number=13671
96302. Confirmed=X
96303. Filename=wns*****.exe [* = random char]
96304. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96305. Source=Paul Collins Startup list
96306.  
96307. [Wnsck2 driver]
96308. Number=13672
96309. Confirmed=X
96310. Filename=wlogf.exe
96311. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32spybotaf.html" target=_blank>SPYBOT-AF</a> WORM!
96312. Source=Paul Collins Startup list
96313.  
96314. [WNSI]
96315. Number=13673
96316. Confirmed=X
96317. Filename=wnscp**.exe [* = random char]
96318. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96319. Source=Paul Collins Startup list
96320.  
96321. [WNSO]
96322. Number=13674
96323. Confirmed=X
96324. Filename=WNSO.exe
96325. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Baidu.SoBar&threatid=92336" target="_blank">Baidu.SoBar</a> adware
96326. Source=Paul Collins Startup list
96327.  
96328. [WNST]
96329. Number=13675
96330. Confirmed=X
96331. Filename=wns*****.exe [* = random char]
96332. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96333. Source=Paul Collins Startup list
96334.  
96335. [wntlgns]
96336. Number=13676
96337. Confirmed=X
96338. Filename=wntlgns.exe
96339. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
96340. Source=Paul Collins Startup list
96341.  
96342. [wnxpupdate]
96343. Number=13677
96344. Confirmed=X
96345. Filename=spvspool.exe
96346. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-123011-1931-99" target=_blank>DABORA.B</a> WORM!
96347. Source=Paul Collins Startup list
96348.  
96349. [wnxupdate]
96350. Number=13678
96351. Confirmed=X
96352. Filename=updatexp.exe
96353. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32combrag.html" target=_blank>COMBRA-G</a> WORM!
96354. Source=Paul Collins Startup list
96355.  
96356. [won update]
96357. Number=13679
96358. Confirmed=X
96359. Filename=WAPDATE.EXE
96360. Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39780" target=_blank>RBOT.N</a> WORM!
96361. Source=Paul Collins Startup list
96362.  
96363. [WonderFrog]
96364. Number=13680
96365. Confirmed=U
96366. Filename=WonderFrog.exe
96367. Description=<a href="http://www.3d3r.com/wonderfrog/" target="_blank">Wonder Frog</a> typing monitor
96368. Source=Paul Collins Startup list
96369.  
96370. [WooCnxMon]
96371. Number=13681
96372. Confirmed=N
96373. Filename=CnxMon.exe
96374. Description=Wanadoo ISP software related - not required - <a href="http://www.faqoe.com/index.php?bas=/connexionmanel.htm" target=_blank>here's</a> how to bypass it
96375. Source=Paul Collins Startup list
96376.  
96377. [Woods Inc]
96378. Number=13682
96379. Confirmed=X
96380. Filename=wcmd.exe
96381. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkillfilo.html" target=_blank>KILLFIL-O</a> TROJAN!
96382. Source=Paul Collins Startup list
96383.  
96384. [woopie]
96385. Number=13683
96386. Confirmed=X
96387. Filename=winamp.exe
96388. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.XV" target="_blank">AGOBOT.XV</a> WORM! Note - this is NOT the popular <a href="http://www.winamp.com/" target="_blank">Winamp</a> media player
96389. Source=Paul Collins Startup list
96390.  
96391. [WOOTASKBARICON]
96392. Number=13684
96393. Confirmed=N
96394. Filename=TaskbarIcon.exe
96395. Description=Wanadoo ISP taskbar icon - not required
96396. Source=Paul Collins Startup list
96397.  
96398. [Woowatch]
96399. Number=13685
96400. Confirmed=N
96401. Filename=Watch.exe
96402. Description=Wanadoo ISP software, not required
96403. Source=Paul Collins Startup list
96404.  
96405. [word pair]
96406. Number=13686
96407. Confirmed=X
96408. Filename=bopotsvr.exe
96409. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsheda.html" target= blank>SHED-A</a> TROJAN!
96410. Source=Paul Collins Startup list
96411.  
96412. [WordQ carat flag]
96413. Number=13687
96414. Confirmed=Y
96415. Filename=WordQcrs.exe
96416. Description=Related to <a href="http://www.wordq.com/" target=_blank>WordQ</a> Writing Aid Software
96417. Source=Paul Collins Startup list
96418.  
96419. [WordWeb]
96420. Number=13688
96421. Confirmed=N
96422. Filename=wweb32.exe
96423. Description=<a href="http://wordweb.info/free/" target="_blank">WordWeb</a> - free theasaurus and dictionary. Start manually
96424. Source=Paul Collins Startup list
96425.  
96426. [Workflo]
96427. Number=13689
96428. Confirmed=?
96429. Filename=workflow.exe
96430. Description=Related to <a href="http://www.broadjump.com/" target="_blank">BroadJump</a> Client Foundation - broadband troubleshooting software installed by various companies. <font color="#FF0000">Is it required?</font>
96431. Source=Paul Collins Startup list
96432.  
96433. [Working System Analyzer]
96434. Number=13690
96435. Confirmed=X
96436. Filename=syswork.exe
96437. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfz.html" target=_blank>FORBOT-FZ</a> WORM!
96438. Source=Paul Collins Startup list
96439.  
96440. [worknote1]
96441. Number=13691
96442. Confirmed=X
96443. Filename=[filename]
96444. Description=Added by the <a href="http://sarc.com/avcenter/venc/data/w32.meetot.html" target=_blank>MEETOT</a> WORM!
96445. Source=Paul Collins Startup list
96446.  
96447. [WorkPace 3.0]
96448. Number=13692
96449. Confirmed=U
96450. Filename=workpace.exe
96451. Description=<a href="http://www.workpace.com/" target=_blank>WorkPace</a> - stress injury prevention software
96452.  
96453. Source=Paul Collins Startup list
96454.  
96455. [Works Calendar Reminder]
96456. Number=13693
96457. Confirmed=N
96458. Filename=wkcalrem.exe
96459. Description=Produces a pop-up reminder of events scheduled using the MS Works Calendar
96460. Source=Paul Collins Startup list
96461.  
96462. [WorksFUD]
96463. Number=13694
96464. Confirmed=N
96465. Filename=wkfud.exe
96466. Description=A marketing program for MS Works
96467. Source=Paul Collins Startup list
96468.  
96469. [Workstation Scheduler]
96470. Number=13695
96471. Confirmed=U
96472. Filename=wm95.exe
96473. Description=Desktop Management Scheduler. Part of Novell's <a href="http://www.novell.com/products/netware/" target="_blank">Netware</a> Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog
96474. Source=Paul Collins Startup list
96475.  
96476. [Workstation Services]
96477. Number=13696
96478. Confirmed=X
96479. Filename=wrkstn.exe
96480. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotoj.html" target=_blank>RBOT-OJ</a> WORM!
96481.  
96482. Source=Paul Collins Startup list
96483.  
96484. [Workstation Ver 5.0]
96485. Number=13697
96486. Confirmed=X
96487. Filename=vmware.exe
96488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotahb.html" target=_blank>RBOT-AHB</a> WORM!
96489. Source=Paul Collins Startup list
96490.  
96491. [WorldAntiSpy]
96492. Number=13698
96493. Confirmed=X
96494. Filename=worldantispy.exe
96495. Description=WorldAntiSpy, "rogue" spyware remover, installed as part of <a href="http://www.spywareguide.com/articles/article_show.php?id=88" target=_blank>this scam</a>
96496. Source=Paul Collins Startup list
96497.  
96498. [Worm Detector]
96499. Number=13699
96500. Confirmed=U
96501. Filename=wd.exe
96502. Description=<a href="http://www.kl-soft.com/wd.php" target="_blank">Worm Detector</a> - antivirus add-on for Outlook 2K or XP for handling worms and spam
96503. Source=Paul Collins Startup list
96504.  
96505. [wormexe]
96506. Number=13700
96507. Confirmed=X
96508. Filename=winstart.exe
96509. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072512-1609-99" target="_blank">EARLYBIRD</a> WORM!
96510. Source=Paul Collins Startup list
96511.  
96512. [wovax]
96513. Number=13701
96514. Confirmed=X
96515. Filename=wovax.exe
96516. Description=Added by the <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wovax/" target="_blank">DAQA.A</a> TROJAN!
96517. Source=Paul Collins Startup list
96518.  
96519. [wow]
96520. Number=13702
96521. Confirmed=X
96522. Filename=bar.exe
96523. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96524. Source=Paul Collins Startup list
96525.  
96526. [wow]
96527. Number=13703
96528. Confirmed=X
96529. Filename=wwf.exe
96530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagey.html" target=_blank>LINEAGE-Y</a> TROJAN!
96531. Source=Paul Collins Startup list
96532.  
96533. [wow]
96534. Number=13704
96535. Confirmed=X
96536. Filename=Launcher.exe
96537. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfdor.html" target="_blank">DELF-DOR</a> TROJAN!
96538. Source=Paul Collins Startup list
96539.  
96540. [Wpctrl]
96541. Number=13705
96542. Confirmed=N
96543. Filename=wpctrlnt.exe
96544. Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
96545. Source=Paul Collins Startup list
96546.  
96547. [Wpctrl]
96548. Number=13706
96549. Confirmed=N
96550. Filename=wpctrl95.exe
96551. Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
96552. Source=Paul Collins Startup list
96553.  
96554. [wpctrl95]
96555. Number=13707
96556. Confirmed=N
96557. Filename=wpctrlnt.exe
96558. Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
96559. Source=Paul Collins Startup list
96560.  
96561. [wpctrl95]
96562. Number=13708
96563. Confirmed=N
96564. Filename=wpctrl95.exe
96565. Description=WinPortrait plug-in for PivotPro from <a href="http://www.portrait.com/" target="_blank"> Portrait Studios</a> - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
96566. Source=Paul Collins Startup list
96567.  
96568. [WPCUMI]
96569. Number=13709
96570. Confirmed=Y
96571. Filename=WpcUmi.exe
96572. Description=Windows Vista <a href="http://windowshelp.microsoft.com/Windows/en-US/Help/585539d0-0862-41e4-9b39-53467648efc51033.mspx" target="_blank">Parental Control</a> Notifications from Microsoft Corporation
96573. Source=Paul Collins Startup list
96574.  
96575. [WPCycle.exe]
96576. Number=13710
96577. Confirmed=Y
96578. Filename=WpCycleWin.exe
96579. Description=Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing)
96580. Source=Paul Collins Startup list
96581.  
96582. [wpds.exe]
96583. Number=13711
96584. Confirmed=X
96585. Filename=doriot.exe
96586. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallky.html" target=_blank>SMALL-KY</a> TROJAN!
96587.  
96588. Source=Paul Collins Startup list
96589.  
96590. [wpds.exe]
96591. Number=13712
96592. Confirmed=X
96593. Filename=wwnrot.exe
96594. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbagledlb.html" target=_blank>BAGLEDI-D</a> TROJAN!
96595. Source=Paul Collins Startup list
96596.  
96597. [wpwmgrs]
96598. Number=13713
96599. Confirmed=X
96600. Filename=wpwmgrs.exe
96601. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32mytobdh.html" target=_blank>MYTOB-DH</a> WORM!
96602. Source=Paul Collins Startup list
96603.  
96604. [WQK]
96605. Number=13714
96606. Confirmed=X
96607. Filename=WQK.exe
96608. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-041714-3225-99" target="_blank">KLEZ.H</a> WORM!
96609. Source=Paul Collins Startup list
96610.  
96611. [wr]
96612. Number=13715
96613. Confirmed=?
96614. Filename=WR.EXE
96615. Description=<font color="#FF0000">??</font>
96616. Source=Paul Collins Startup list
96617.  
96618. [WR Command]
96619. Number=13716
96620. Confirmed=?
96621. Filename=wr.exe
96622. Description=<font color="#FF0000">??</font>
96623. Source=Paul Collins Startup list
96624.  
96625. [WrCtrl]
96626. Number=13717
96627. Confirmed=N
96628. Filename=WrCtrl.exe
96629. Description=Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time
96630. Source=Paul Collins Startup list
96631.  
96632. [WRDialer]
96633. Number=13718
96634. Confirmed=X
96635. Filename=WrDialer.exe
96636. Description=WinPoet DSL dialler
96637. Source=Paul Collins Startup list
96638.  
96639. [WRECK GUARD]
96640. Number=13719
96641. Confirmed=?
96642. Filename=??
96643. Description=<font color="#FF0000">??</font>
96644. Source=Paul Collins Startup list
96645.  
96646. [WregBios]
96647. Number=13720
96648. Confirmed=?
96649. Filename=wregbios.exe
96650. Description=Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. <font color="#FF0000">Is it required?</font>
96651. Source=Paul Collins Startup list
96652.  
96653. [wrexec]
96654. Number=13721
96655. Confirmed=U
96656. Filename=wrexec.exe
96657. Description=Watch Right - monitoring program, part of the <a href="http://www.bpssoft.com/PowerTools/index.htm" target="_blank"> PowerTools</a> add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online
96658. Source=Paul Collins Startup list
96659.  
96660. [wriste]
96661. Number=13722
96662. Confirmed=?
96663. Filename=wriste.exe
96664. Description=<font color="#FF0000">??</font>
96665. Source=Paul Collins Startup list
96666.  
96667. [Write DVD-R!]
96668. Number=13723
96669. Confirmed=U
96670. Filename=saimon.exe
96671. Description=Saimon's WriteDVD! "gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks"
96672. Source=Paul Collins Startup list
96673.  
96674. [ws2 32]
96675. Number=13724
96676. Confirmed=X
96677. Filename=svchst.exe
96678. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojvokena.html" target= blank>VOKEN-A</a> TROJAN!
96679. Source=Paul Collins Startup list
96680.  
96681. [ws2help]
96682. Number=13725
96683. Confirmed=X
96684. Filename=ws2help.exe
96685. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AN" target=_blank>SMALL.AN</a> TROJAN!
96686.  
96687. Source=Paul Collins Startup list
96688.  
96689. [WSAConfiguration]
96690. Number=13726
96691. Confirmed=X
96692. Filename=wmon32.exe
96693. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080214-3122-99" target="_blank">GAOBOT.BAJ</a> WORM!
96694. Source=Paul Collins Startup list
96695.  
96696. [WSAConfiguration]
96697. Number=13727
96698. Confirmed=X
96699. Filename=svchostt.exe
96700. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZT" target="_blank">AGOBOT.ZT</a> WORM!
96701. Source=Paul Collins Startup list
96702.  
96703. [WSAConfiguration]
96704. Number=13728
96705. Confirmed=X
96706. Filename=rpcxmn32.exe
96707. Description=Added by the <a href="http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?id=66485&VName=WORM_AGOBOT.ABG&VSect=T" target=_blank>AGOBOT.ABG</a> WORM!
96708. Source=Paul Collins Startup list
96709.  
96710. [WSAConfiguration]
96711. Number=13729
96712. Confirmed=X
96713. Filename=win32upd.exe
96714. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
96715. Source=Paul Collins Startup list
96716.  
96717. [WSAConfiguration]
96718. Number=13730
96719. Confirmed=X
96720. Filename=drrss.exe
96721. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target="_blank">AGOBOT/GAOBOT</a> WORM!
96722. Source=Paul Collins Startup list
96723.  
96724. [WSAConfiguration]
96725. Number=13731
96726. Confirmed=X
96727. Filename=winlogon32.exe
96728. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotwc.html" target= blank>AGOBOT-WC</a> WORM!
96729. Source=Paul Collins Startup list
96730.  
96731. [WSAConfiguration]
96732. Number=13732
96733. Confirmed=X
96734. Filename=ntguard32.exe
96735. Description=Added by a variant of the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN" target=_blank>AGOBOT/GAOBOT</a> WORM!
96736. Source=Paul Collins Startup list
96737.  
96738. [WSAConfiguration]
96739. Number=13733
96740. Confirmed=X
96741. Filename=csrsvcs.exe
96742. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VI&VSect=P" target=_blank>AGOBOT.VI</a> WORM!
96743. Source=Paul Collins Startup list
96744.  
96745. [WSAConfiguration1]
96746. Number=13734
96747. Confirmed=X
96748. Filename=csass.exe
96749. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH" target=_blank>AGOBOT.WH</a> WORM!
96750. Source=Paul Collins Startup list
96751.  
96752. [wsass32]
96753. Number=13735
96754. Confirmed=X
96755. Filename=wsass32.exe
96756. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankemv.html" target="_blank">BANKEM-V</a> TROJAN!
96757. Source=Paul Collins Startup list
96758.  
96759. [wsbklite]
96760. Number=13736
96761. Confirmed=?
96762. Filename=wsbklite.exe
96763. Description=Related to the Acer Soft Button on Acer Tablet PCs. <font color="#FF0000">Appears to do nothing so is it required?</a>
96764. Source=Paul Collins Startup list
96765.  
96766. [WScheduler]
96767. Number=13737
96768. Confirmed=U
96769. Filename=WScheduler.exe
96770. Description=<a href="http://www.splinterware.com/products/wincron.htm" target="_blank">Windows Scheduler</a> - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events."
96771. Source=Paul Collins Startup list
96772.  
96773. [wscntfys]
96774. Number=13738
96775. Confirmed=X
96776. Filename=wsscntfy.exe
96777. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbottn.html" target="_blank">SDBOT-TN</a> WORM!
96778. Source=Paul Collins Startup list
96779.  
96780. [wscript.exe]
96781. Number=13739
96782. Confirmed=X
96783. Filename=vabian.vbs
96784. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091512-2543-99" target="_blank">VABI</a> VIRUS!
96785. Source=Paul Collins Startup list
96786.  
96787. [wscsvc.exe]
96788. Number=13740
96789. Confirmed=X
96790. Filename=wscsvc.exe
96791. Description=Added by a password stealing <a href="http://vil.nai.com/vil/content/v_132052.htm" target=_blank>BANKER</a> TROJAN!
96792. Source=Paul Collins Startup list
96793.  
96794. [Wsdata service]
96795. Number=13741
96796. Confirmed=X
96797. Filename=WSconf.exe
96798. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZU" target=_blank>SDBOT.ZU</a> WORM!
96799. Source=Paul Collins Startup list
96800.  
96801. [wserv]
96802. Number=13742
96803. Confirmed=X
96804. Filename=wserv.exe
96805. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
96806. Source=Paul Collins Startup list
96807.  
96808. [wserver]
96809. Number=13743
96810. Confirmed=X
96811. Filename=wserver.exe
96812. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-050313-3914-99" target="_blank">NETSKY.AC</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-082413-3637-99" target="_blank">SASSER.G</a> WORMS!
96813. Source=Paul Collins Startup list
96814.  
96815. [WService]
96816. Number=13744
96817. Confirmed=U
96818. Filename=WService.exe
96819. Description=Tablet client Driver for <a href="http://www.uc-logic.com" target="_blank"> UC-Logic</a> Pen/Graphics Tablet
96820. Source=Paul Collins Startup list
96821.  
96822. [wsg32]
96823. Number=13745
96824. Confirmed=U
96825. Filename=wsg32.exe
96826. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040812-2639-99" target="_blank">GoldenKeylog</a> keystroke logger/monitoring program - remove unless you installed it yourself!
96827. Source=Paul Collins Startup list
96828.  
96829. [wskrnl]
96830. Number=13746
96831. Confirmed=U
96832. Filename=wskrnl.exe
96833. Description=<a href="http://www.sarc.com/avcenter/venc/data/spyware.actmon.html" target="_blank">ActMon</a> surveillance software. Uninstall this software unless you put it there yourself
96834. Source=Paul Collins Startup list
96835.  
96836. [wsock32]
96837. Number=13747
96838. Confirmed=X
96839. Filename=svchost.exe
96840. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojhorsta.html" target=_blank>HORST-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
96841. Source=Paul Collins Startup list
96842.  
96843. [wsrv32]
96844. Number=13748
96845. Confirmed=X
96846. Filename=wsrv32.exe
96847. Description=Added by a <a href="http://www.f-secure.com/v-descs/trojclik.shtml" target="_blank">CLICKER</a> TROJAN! Identified by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Win32.Agent.ep
96848. Source=Paul Collins Startup list
96849.  
96850. [WSSAConfiguration]
96851. Number=13749
96852. Confirmed=X
96853. Filename=wmmon32.exe
96854. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotkc.html" target="_blank">AGOBOT-KC</a> WORM!
96855. Source=Paul Collins Startup list
96856.  
96857. [wssys]
96858. Number=13750
96859. Confirmed=U
96860. Filename=wssys.exe
96861. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.webpi.html" target=_blank>WebPI</a> logs keystrokes and captures screenshots. If you didn't install this yourself remove it
96862. Source=Paul Collins Startup list
96863.  
96864. [Wstat32 driver]
96865. Number=13751
96866. Confirmed=X
96867. Filename=Wstat32.exe
96868. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-022613-5836-99" target="_blank">LOONBOT</a> TROJAN!
96869. Source=Paul Collins Startup list
96870.  
96871. [wstimeb]
96872. Number=13752
96873. Confirmed=Y
96874. Filename=wstimeb.exe
96875. Description=Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it
96876. Source=Paul Collins Startup list
96877.  
96878. [wsttrs]
96879. Number=13753
96880. Confirmed=X
96881. Filename=wsttrs.exe
96882. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojldpinchqs.html" target="_blank">LDPINCH-QS</a> TROJAN!
96883. Source=Paul Collins Startup list
96884.  
96885. [wsvbs]
96886. Number=13754
96887. Confirmed=X
96888. Filename=wsvbs.exe
96889. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojpwsaeb.html" target="_blank">PWS-AEB</a> TROJAN!
96890. Source=Paul Collins Startup list
96891.  
96892. [WSVCS]
96893. Number=13755
96894. Confirmed=U
96895. Filename=SERVICES.EXE
96896. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-102117-4941-99" target="_blank">WSLogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
96897. Source=Paul Collins Startup list
96898.  
96899. [wswpd]
96900. Number=13756
96901. Confirmed=Y
96902. Filename=wswpd.exe
96903. Description=Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work 
96904. Source=Paul Collins Startup list
96905.  
96906. [wsys.exe]
96907. Number=13757
96908. Confirmed=U
96909. Filename=wsys.exe
96910. Description=<a href="http://sarc.com/avcenter/venc/data/spyware.spylopcmonitor.html" target=_blank>SpyloPCMonitor</a> is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
96911. Source=Paul Collins Startup list
96912.  
96913. [ws_d]
96914. Number=13758
96915. Confirmed=X
96916. Filename=ws32.exe
96917. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmirrl.html" target=_blank>LEGMIR-RL</a> TROJAN!
96918. Source=Paul Collins Startup list
96919.  
96920. [WT Game Channel]
96921. Number=13759
96922. Confirmed=N
96923. Filename=GameChannel.exe
96924. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
96925. Source=Paul Collins Startup list
96926.  
96927. [WT Game Channel]
96928. Number=13760
96929. Confirmed=N
96930. Filename=wtgamechannel.exe
96931. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
96932. Source=Paul Collins Startup list
96933.  
96934. [WT GameChannel]
96935. Number=13761
96936. Confirmed=N
96937. Filename=GameChannel.exe
96938. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
96939. Source=Paul Collins Startup list
96940.  
96941. [WT GameChannel]
96942. Number=13762
96943. Confirmed=N
96944. Filename=wtgamechannel.exe
96945. Description=<a href="http://www.wildtangent.com/default.asp?pageID=webdriver_download" target="_blank">WildTangent GameChannel</a> - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's <a href="http://www.wildtangent.com/default.asp?pageID=privacy" target="_blank">privacy policy</a> used to state that they also collect and share individuals information but this is no longer the case
96946. Source=Paul Collins Startup list
96947.  
96948. [WTF Test]
96949. Number=13763
96950. Confirmed=X
96951. Filename=wtftest.exe
96952. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotacm.html" target= blank>RBOT-ACM</a> WORM!
96953. Source=Paul Collins Startup list
96954.  
96955. [WTIndicator]
96956. Number=13764
96957. Confirmed=U
96958. Filename=SchedInd.exe
96959. Description=<a href="http://www.wintask.com/" target="_blank">WinTask</a> - software that automates a variety of routine tasks quickly and simply
96960. Source=Paul Collins Startup list
96961.  
96962. [WTSI]
96963. Number=13765
96964. Confirmed=X
96965. Filename=wapisvit.exe
96966. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96967. Source=Paul Collins Startup list
96968.  
96969. [WTSS]
96970. Number=13766
96971. Confirmed=X
96972. Filename=wap***.exe [* = random char]
96973. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96974. Source=Paul Collins Startup list
96975.  
96976. [WTST]
96977. Number=13767
96978. Confirmed=X
96979. Filename=wapisvtr.exe
96980. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
96981. Source=Paul Collins Startup list
96982.  
96983. [WU713STA.EXE]
96984. Number=13768
96985. Confirmed=Y
96986. Filename=WU713STA.EXE
96987. Description=Blitzz Technology wireless NIC adapter driver
96988. Source=Paul Collins Startup list
96989.  
96990. [wuanguard]
96991. Number=13769
96992. Confirmed=X
96993. Filename=wuanguard32.exe
96994. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaaf.html" target=_blank>RBOT-AAF</a> WORM!
96995. Source=Paul Collins Startup list
96996.  
96997. [WUOLService]
96998. Number=13770
96999. Confirmed=Y
97000. Filename=WUOLService9x.exe
97001. Description=Remote wakeup status agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a>. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)
97002. Source=Paul Collins Startup list
97003.  
97004. [wuosdial]
97005. Number=13771
97006. Confirmed=X
97007. Filename=wuosdial.exe
97008. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
97009. Source=Paul Collins Startup list
97010.  
97011. [WUPD]
97012. Number=13772
97013. Confirmed=X
97014. Filename=iglmtray.exe
97015. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072815-4637-99" target="_blank">TZET</a> WORM!
97016. Source=Paul Collins Startup list
97017.  
97018. [wupd]
97019. Number=13773
97020. Confirmed=X
97021. Filename=symcsvc.exe
97022. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-072216-2140-99" target="_blank">ABWIZ.C</a> TROJAN!
97023. Source=Paul Collins Startup list
97024.  
97025. [wupd]
97026. Number=13774
97027. Confirmed=X
97028. Filename=win32.exe
97029. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorsec.html" target=_blank>ORSE-C</a> TROJAN!
97030. Source=Paul Collins Startup list
97031.  
97032. [wupdate]
97033. Number=13775
97034. Confirmed=X
97035. Filename=wisvccz.exe
97036. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojorseb.html" target=_blank>ORSE-B</a> TROJAN!
97037. Source=Paul Collins Startup list
97038.  
97039. [wupdate]
97040. Number=13776
97041. Confirmed=X
97042. Filename=wi32.exe
97043. Description=Downloader trojan, detected by <a href="http://www.pandasoftware.com/home/default.asp" target= blank>Panda</a> antivirus as Adware/Trustbid
97044. Source=Paul Collins Startup list
97045.  
97046. [WUpdate]
97047. Number=13777
97048. Confirmed=X
97049. Filename=1037v.exe
97050. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojclaggerar.html" target="_blank">CLAGGER-AR</a> TROJAN!
97051. Source=Paul Collins Startup list
97052.  
97053. [Wupdate driver]
97054. Number=13778
97055. Confirmed=X
97056. Filename=[various filenames]
97057. Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
97058. Source=Paul Collins Startup list
97059.  
97060. [WUpdates]
97061. Number=13779
97062. Confirmed=X
97063. Filename=WUpdates.exe
97064. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-121515-5145-99" target=_blank>SWEPDAT</a> TROJAN!
97065. Source=Paul Collins Startup list
97066.  
97067. [Wupdm32]
97068. Number=13780
97069. Confirmed=X
97070. Filename=Wupdm32.exe
97071. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112716-2823-99" target=_blank>MIDLAK</a> WORM!
97072. Source=Paul Collins Startup list
97073.  
97074. [wupdmgr32.exe]
97075. Number=13781
97076. Confirmed=X
97077. Filename=wupdmgr32.exe
97078. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojcertifi.html" target=_blank>CERTIF-I</a> TROJAN!
97079. Source=Paul Collins Startup list
97080.  
97081. [wupdt]
97082. Number=13782
97083. Confirmed=X
97084. Filename=wupdt.exe
97085. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A" target=_blank>IMISERV.A</a> TROJAN!
97086. Source=Paul Collins Startup list
97087.  
97088. [WUSB11B.exe]
97089. Number=13783
97090. Confirmed=Y
97091. Filename=WUSB11B.exe
97092. Description=Linksys WUSB11 WLAN USB adapter
97093. Source=Paul Collins Startup list
97094.  
97095. [WUSB54Gv2]
97096. Number=13784
97097. Confirmed=Y
97098. Filename=InvokeSvc3.exe
97099. Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
97100. Source=Paul Collins Startup list
97101.  
97102. [WUSB54Gv4]
97103. Number=13785
97104. Confirmed=Y
97105. Filename=WUSB54Gv4.exe
97106. Description=Wireless-G USB Wireless Network Adapter related - would appear to be required
97107. Source=Paul Collins Startup list
97108.  
97109. [wuviewer]
97110. Number=13786
97111. Confirmed=X
97112. Filename=wuviewer.exe
97113. Description=Added by a <a href="http://www.f-secure.com/v-descs/trojprox.shtml" target=_blank>Proxy Trojan</a> variant
97114. Source=Paul Collins Startup list
97115.  
97116. [WUx_RegSvr]
97117. Number=13787
97118. Confirmed=?
97119. Filename=RegSvr32.exe
97120. Description=<font color="#FF0000">x is any number??</font>
97121. Source=Paul Collins Startup list
97122.  
97123. [WWKS]
97124. Number=13788
97125. Confirmed=X
97126. Filename=wsass.exe
97127. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotbt.html" target= blank>SDBOT-BT</a> WORM!
97128. Source=Paul Collins Startup list
97129.  
97130. [www.hidro.4t.com]
97131. Number=13789
97132. Confirmed=X
97133. Filename=enbiei.exe
97134. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090105-2513-99" target="_blank">BLASTER.F</a> WORM!
97135. Source=Paul Collins Startup list
97136.  
97137. [www.symantec.com]
97138. Number=13790
97139. Confirmed=X
97140. Filename=oz11111.exe
97141. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091411-5523-99" target="_blank">MYDOOM.W</a> WORM
97142. Source=Paul Collins Startup list
97143.  
97144. [WXcmeinst]
97145. Number=13791
97146. Confirmed=X
97147. Filename=[path to file]
97148. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojranckcd.html" target=_blank>RANCK-CD</a> TROJAN!
97149. Source=Paul Collins Startup list
97150.  
97151. [Wxp4]
97152. Number=13792
97153. Confirmed=X
97154. Filename=Norton Update.exe
97155. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-121413-4703-99" target=_blank>ERKEZ.D</a> WORM!
97156. Source=Paul Collins Startup list
97157.  
97158. [WXProcMgr Module]
97159. Number=13793
97160. Confirmed=N
97161. Filename=WXprocMgr.exe
97162. Description=<a href="http://www.tvtonic.com/" target="_blank">TVTonic</a> from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system
97163. Source=Paul Collins Startup list
97164.  
97165. [WZCBDLService]
97166. Number=13794
97167. Confirmed=U
97168. Filename=WZCBDL9X.exe
97169. Description=WZCBDLService Launcher from D-Link - configuration/drivers
97170. Source=Paul Collins Startup list
97171.  
97172. [wzdmg]
97173. Number=13795
97174. Confirmed=X
97175. Filename=wzdmg.exe
97176. Description=Added by a generic downloader TROJAN - see <a href="http://www.greatis.com/appdata/d/w/wzdmg.exe.htm" target="_blank">here</a>
97177. Source=Paul Collins Startup list
97178.  
97179. [wzhelper]
97180. Number=13796
97181. Confirmed=X
97182. Filename=wzhelper.exe
97183. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077927" target="_blank">Searchcentrix</a> hijacker
97184. Source=Paul Collins Startup list
97185.  
97186. [wzservice]
97187. Number=13797
97188. Confirmed=X
97189. Filename=hess.exe
97190. Description=Added by the HACKARMY.W TROJAN!
97191. Source=Paul Collins Startup list
97192.  
97193. [X Server]
97194. Number=13798
97195. Confirmed=U
97196. Filename=X.exe
97197. Description="XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network
97198. Source=Paul Collins Startup list
97199.  
97200. [X-Cleaner Deluxe]
97201. Number=13799
97202. Confirmed=U
97203. Filename=xcleaner.exe
97204. Description=<a href="http://www.xblock.com/deluxe.shtml" target=_blank>X-Cleaner Deluxe</a> - privacy and anti-spy application
97205. Source=Paul Collins Startup list
97206.  
97207. [X-Cleaner Freeware]
97208. Number=13800
97209. Confirmed=U
97210. Filename=XCLEAN~1.EXE
97211. Description=<a href="http://www.xblock.com/download-freeware.php" target=_blank>X-Cleaner Freeware</a> - "cookie cleaning, Internet cache cleaning, scans for many popular spy software packages and performs permanent file shredding"
97212. Source=Paul Collins Startup list
97213.  
97214. [X-Grabber]
97215. Number=13801
97216. Confirmed=N
97217. Filename=sswizard.exe
97218. Description=<a target="_blank" href="http://www.lamantine.com/ssw/index.html">ScreenShot Wizard</a>
97219. Source=Paul Collins Startup list
97220.  
97221. [X1]
97222. Number=13802
97223. Confirmed=U
97224. Filename=X1.exe
97225. Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
97226. Source=Paul Collins Startup list
97227.  
97228. [X1 System Tray]
97229. Number=13803
97230. Confirmed=U
97231. Filename=X1Systray.exe
97232. Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
97233. Source=Paul Collins Startup list
97234.  
97235. [X10 Device Network Service]
97236. Number=13804
97237. Confirmed=U
97238. Filename=x10nets.exe
97239. Description=Belongs to X10 video streaming device(s)
97240. Source=Paul Collins Startup list
97241.  
97242. [X10Weax]
97243. Number=13805
97244. Confirmed=X
97245. Filename=WTHRTRAY.EXE
97246. Description=<a href="http://www.download.com/WeatherCheck/3000-2381_4-10284439.html" target=_blank>WeatherCheck</a> - "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller
97247.  
97248. Source=Paul Collins Startup list
97249.  
97250. [X1FileMonitor.exe]
97251. Number=13806
97252. Confirmed=U
97253. Filename=X1FileMonitor.exe
97254. Description=Part of <a href="http://www.x1.com/" target="_blank">X1's</a> Enterprise Desktop Search Resource Center. An enterprise desktop search engine
97255. Source=Paul Collins Startup list
97256.  
97257. [x3watch]
97258. Number=13807
97259. Confirmed=U
97260. Filename=x3watch.exe
97261. Description="program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable"
97262. Source=Paul Collins Startup list
97263.  
97264. [x3yy]
97265. Number=13808
97266. Confirmed=X
97267. Filename=[path to trojan]
97268. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100718-0015-99" target="_blank">TANNICK</a> TROJAN!
97269. Source=Paul Collins Startup list
97270.  
97271. [Xanadu]
97272. Number=13809
97273. Confirmed=N
97274. Filename=Xanadu.exe
97275. Description=<a href="http://www.foreignword.biz/software/xanadu/" target="_blank">Xanadu</a> - free language and translation wizard from Foreignword
97276. Source=Paul Collins Startup list
97277.  
97278. [xBrotherMeCom]
97279. Number=13810
97280. Confirmed=?
97281. Filename=BrMeCom.exe
97282. Description=Related to Brother MFC-9200c printer. <font color="#FF0000">What does it do and is it required?</font>
97283. Source=Paul Collins Startup list
97284.  
97285. [xbtl]
97286. Number=13811
97287. Confirmed=U
97288. Filename=bootldr.exe
97289. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100918-2057-99" target=blank>Active Keylogger</a> keystroke logger/monitoring program - remove unless you installed it yourself!
97290. Source=Paul Collins Startup list
97291.  
97292. [Xcpy1]
97293. Number=13812
97294. Confirmed=X
97295. Filename=Xcpy1.exe
97296. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-080114-4631-99" target="_blank">BroadcastPC</a> adware variant
97297. Source=Paul Collins Startup list
97298.  
97299. [xdxqa]
97300. Number=13813
97301. Confirmed=X
97302. Filename=dewa.exe
97303. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyb.html" target= blank>SDBOT-YB</a> WORM!
97304. Source=Paul Collins Startup list
97305.  
97306. [XE 8x LM Status]
97307. Number=13814
97308. Confirmed=U
97309. Filename=lmsxxe.exe
97310. Description=Xerox XE8 series laser printer status monitor
97311. Source=Paul Collins Startup list
97312.  
97313. [Xecuter.bat]
97314. Number=13815
97315. Confirmed=X
97316. Filename=psexec.bat
97317. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-072806-1847-99" target="_blank">BOOHOO</a> WORM!
97318. Source=Paul Collins Startup list
97319.  
97320. [XemiCo]
97321. Number=13816
97322. Confirmed=U
97323. Filename=ADC.EXE
97324. Description=XemiComputers <a href="http://www.xemico.com/adc/index.html" target="_blank">Active Desktop Calendar</a>
97325. Source=Paul Collins Startup list
97326.  
97327. [XeroxScannerDaemon]
97328. Number=13817
97329. Confirmed=U
97330. Filename=XrxFTPLt.exe
97331. Description=<a href="http://www.xerox.com/" target="_blank">Xerox Scanner Daemon</a> - driver for Xerox Scanner model fu621d
97332. Source=Paul Collins Startup list
97333.  
97334. [XFILTER]
97335. Number=13818
97336. Confirmed=Y
97337. Filename=xfilter.exe
97338. Description=<a href="http://www.filseclab.com/eng/products/firewall.htm" target="_blank">Filseclab</a> Personal Firewall Professional Edition
97339. Source=Paul Collins Startup list
97340.  
97341. [Xfire]
97342. Number=13819
97343. Confirmed=N
97344. Filename=Xfire.exe
97345. Description=Terratec DMXFire 1024 soundcard control panel
97346. Source=Paul Collins Startup list
97347.  
97348. [xflash]
97349. Number=13820
97350. Confirmed=X
97351. Filename=xflash.exe
97352. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancja.html" target=_blank>BANCJ-A</a> TROJAN!
97353. Source=Paul Collins Startup list
97354.  
97355. [xftpGraber]
97356. Number=13821
97357. Confirmed=X
97358. Filename=Xftpgraber.exe
97359. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-122209-2659-99" target=_blank>ENVID.C</a> WORM!
97360. Source=Paul Collins Startup list
97361.  
97362. [XGIWatchDog]
97363. Number=13822
97364. Confirmed=?
97365. Filename=XWatDog.exe
97366. Description=Related to XGI Technology's <a href="http://www.xgitech.com/products/products_2.asp?P=4http://www.xgitech.com/products/products_2.asp?P=4" target=_blank>Volari</a> graphics cards - <font color="#FF0000">what does it do and is it required?</font>
97367. Source=Paul Collins Startup list
97368.  
97369. [xhi]
97370. Number=13823
97371. Confirmed=X
97372. Filename=xhi.exe
97373. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojscloga.html" target=_blank>SCLOG-A</a> TROJAN!
97374. Source=Paul Collins Startup list
97375.  
97376. [xhrmy]
97377. Number=13824
97378. Confirmed=X
97379. Filename=Xhrmy.exe
97380. Description=<a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_HYPLINKER.A" target=_blank>HyperLinker</a> adware
97381. Source=Paul Collins Startup list
97382.  
97383. [xicon]
97384. Number=13825
97385. Confirmed=?
97386. Filename=xicon.exe
97387. Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
97388. Source=Paul Collins Startup list
97389.  
97390. [XiD]
97391. Number=13826
97392. Confirmed=X
97393. Filename=mmx.exe
97394. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-081514-2309-99" target="_blank">ANALOGX</a> TROJAN!
97395. Source=Paul Collins Startup list
97396.  
97397. [XircWinModem4]
97398. Number=13827
97399. Confirmed=Y
97400. Filename=ltcm000c.exe
97401. Description=WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
97402. Source=Paul Collins Startup list
97403.  
97404. [xitami]
97405. Number=13828
97406. Confirmed=U
97407. Filename=Xiwin32.exe
97408. Description=<a href="http://www.xitami.com/" target="_blank">Xitami</a> Multiplatform Open Source web server
97409. Source=Paul Collins Startup list
97410.  
97411. [xkstartup]
97412. Number=13829
97413. Confirmed=?
97414. Filename=RunDll32 InstZ82.dll, SetUsbPrinterPort
97415. Description=On a system with a Lexmark printer
97416. Source=Paul Collins Startup list
97417.  
97418. [xload32]
97419. Number=13830
97420. Confirmed=X
97421. Filename=netdd.exe
97422. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075581" target="_blank">NETSPY</a> TROJAN!
97423. Source=Paul Collins Startup list
97424.  
97425. [xloadnet]
97426. Number=13831
97427. Confirmed=X
97428. Filename=xloadnet.exe
97429. Description=Added by the VB.NCK TROJAN!
97430. Source=Paul Collins Startup list
97431.  
97432. [XML Service]
97433. Number=13832
97434. Confirmed=X
97435. Filename=msxml.exe
97436. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbothd.html" target=_blank>RBOT-HD</a> WORM!
97437.  
97438. Source=Paul Collins Startup list
97439.  
97440. [XNSearchAssistant]
97441. Number=13833
97442. Confirmed=X
97443. Filename=SrchAsst.exe
97444. Description=iWon Search Assistant - spyware
97445. Source=Paul Collins Startup list
97446.  
97447. [XoftSpy]
97448. Number=13834
97449. Confirmed=U
97450. Filename=XoftSpy.exe
97451. Description=XoftSpy antispyware software
97452. Source=Paul Collins Startup list
97453.  
97454. [xor]
97455. Number=13835
97456. Confirmed=X
97457. Filename=svchost.exe
97458. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-072102-0936-99" target=_blank>XORDOOR</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in a "xor" subfolder
97459. Source=Paul Collins Startup list
97460.  
97461. [xor]
97462. Number=13836
97463. Confirmed=X
97464. Filename=svshost.exe
97465. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.DC" target="_blank">AGENT.DC</a> TROJAN!
97466. Source=Paul Collins Startup list
97467.  
97468. [Xordate]
97469. Number=13837
97470. Confirmed=X
97471. Filename=wuauclt10.exe
97472. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgkn.html" target="_blank">RBOT-GKN</a> WORM!
97473. Source=Paul Collins Startup list
97474.  
97475. [Xordate]
97476. Number=13838
97477. Confirmed=X
97478. Filename=wuauclt11.exe
97479. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotgli.html" target="_blank">RBOT-GLI</a> WORM!
97480. Source=Paul Collins Startup list
97481.  
97482. [Xordate]
97483. Number=13839
97484. Confirmed=X
97485. Filename=wuauclt12.exe
97486. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglq.html" target="_blank">RBOT-GLQ</a> WORM!
97487. Source=Paul Collins Startup list
97488.  
97489. [Xordate]
97490. Number=13840
97491. Confirmed=X
97492. Filename=wuauclt13.exe
97493. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotglm.html" target="_blank">RBOT-GLM</a> WORM!
97494. Source=Paul Collins Startup list
97495.  
97496. [xp]
97497. Number=13841
97498. Confirmed=X
97499. Filename=winis.exe
97500. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotwo.html" target= blank>RBOT-WO</a> WORM!
97501. Source=Paul Collins Startup list
97502.  
97503. [Xp]
97504. Number=13842
97505. Confirmed=X
97506. Filename=p2pnetworking.exe
97507. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XA" target="_blank">SDBOT.XA</a> WORM!
97508. Source=Paul Collins Startup list
97509.  
97510. [xp service pack 2]
97511. Number=13843
97512. Confirmed=X
97513. Filename=xpsp2.exe
97514. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotkw.html" target="_blank">RBOT-KW</a> WORM!
97515. Source=Paul Collins Startup list
97516.  
97517. [XP Tools]
97518. Number=13844
97519. Confirmed=U
97520. Filename=xptools.exe
97521. Description=<a href="http://www.xptools.net/" target=_blank>XPTools</a> - "integrated suite of powerful PC Utilities to fix, speed up, maintain and protect your computer"
97522.  
97523. Source=Paul Collins Startup list
97524.  
97525. [xp32win]
97526. Number=13845
97527. Confirmed=X
97528. Filename=xpupdater02.exe
97529. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosucka.html" target=_blank>MOSUCK-A</a> TROJAN!
97530. Source=Paul Collins Startup list
97531.  
97532. [Xpagent]
97533. Number=13846
97534. Confirmed=?
97535. Filename=xpagent.exe
97536. Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
97537. Source=Paul Collins Startup list
97538.  
97539. [XPAgent]
97540. Number=13847
97541. Confirmed=X
97542. Filename=XPAgent.exe
97543. Description=Reported as the CLICKER.LE TROJAN by Panda Anti-Virus. Do not confuse this with the IBM/XPoint Rapid Restore file which is generally located in the PROGRAM FILES\XPOINT\AGENT folder
97544. Source=Paul Collins Startup list
97545.  
97546. [xpcfg]
97547. Number=13848
97548. Confirmed=?
97549. Filename=xpcfg.exe
97550. Description=<font color="#FF0000">??</font>
97551. Source=Paul Collins Startup list
97552.  
97553. [Xpclient]
97554. Number=13849
97555. Confirmed=?
97556. Filename=xpclient.exe
97557. Description=Part of the IBM/XPoint Rapid Restore utility. <font color="#FF0000">What does it do and is it required?</font>
97558. Source=Paul Collins Startup list
97559.  
97560. [XPCPHOST Settings]
97561. Number=13850
97562. Confirmed=X
97563. Filename=xpcphost.exe
97564. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
97565. Source=Paul Collins Startup list
97566.  
97567. [xpiupdate]
97568. Number=13851
97569. Confirmed=X
97570. Filename=xpiupdate.exe
97571. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaab.html" target=_blank>RBOT-AAB</a> WORM!
97572. Source=Paul Collins Startup list
97573.  
97574. [xPlanetControl]
97575. Number=13852
97576. Confirmed=U
97577. Filename=xPlanetControl.exe
97578. Description=<a href="http://www.xplanetcontrol.de/download.php">Tool</a> that displays a globe with current day/night zones and clouds on users desktop.
97579. Source=Paul Collins Startup list
97580.  
97581. [XPSoft]
97582. Number=13853
97583. Confirmed=X
97584. Filename=CVDAsDW.exe
97585. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html" target=_blank>SDBOT-SY</a> WORM!
97586. Source=Paul Collins Startup list
97587.  
97588. [XPSP2 Firewall]
97589. Number=13854
97590. Confirmed=X
97591. Filename=xpsp2fw.exe
97592. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallrn.html" target=_blank>SMALL-RN</a> TROJAN!
97593. Source=Paul Collins Startup list
97594.  
97595. [xpstart]
97596. Number=13855
97597. Confirmed=X
97598. Filename=wini.exe
97599. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041414-1527-99" target=_blank>PICRATE.A</a> WORM!
97600. Source=Paul Collins Startup list
97601.  
97602. [xpstat]
97603. Number=13856
97604. Confirmed=X
97605. Filename=winlogins.exe
97606. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotaar.html" target=_blank>RBOT-AAR</a> WORM!
97607. Source=Paul Collins Startup list
97608.  
97609. [XPsys]
97610. Number=13857
97611. Confirmed=X
97612. Filename=XPsys.exe
97613. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdelfkq.html" target=_blank>DELF-KQ</a> TROJAN!
97614. Source=Paul Collins Startup list
97615.  
97616. [xpsystem]
97617. Number=13858
97618. Confirmed=X
97619. Filename=y.exe
97620. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
97621. Source=Paul Collins Startup list
97622.  
97623. [Xpsystem]
97624. Number=13859
97625. Confirmed=X
97626. Filename=SERVICES.EXE
97627. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A" target="_blank">DAEMOZ.A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "SERVICES" subfolder
97628. Source=Paul Collins Startup list
97629.  
97630. [xpsystem]
97631. Number=13860
97632. Confirmed=X
97633. Filename=services.exe
97634. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target=_blank>services.exe</a> process, which should not appear in Msconfig/Startup!
97635. Source=Paul Collins Startup list
97636.  
97637. [xpsystem]
97638. Number=13861
97639. Confirmed=X
97640. Filename=MSXMIDI.EXE
97641. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant, identified by <a href="http://www.kaspersky.com/" target=_blank>Kaspersky</a> antivirus as TrojanDropper.Win32.Small.cw
97642. Source=Paul Collins Startup list
97643.  
97644. [xpupdate]
97645. Number=13862
97646. Confirmed=X
97647. Filename=updates.exe
97648. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-020711-2146-99" target=_blank>BROPIA.L</a> WORM!
97649. Source=Paul Collins Startup list
97650.  
97651. [xp_system]
97652. Number=13863
97653. Confirmed=X
97654. Filename=[filename]
97655. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-113014-4818-99" target=_blank>BOOKMARKER.J</a> TROJAN! This file is located in a Windows\inet20004 or Winnt\inet20004 folder
97656. Source=Paul Collins Startup list
97657.  
97658. [xp_system]
97659. Number=13864
97660. Confirmed=X
97661. Filename=winlogon.exe
97662. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkrepperg.html" target=_blank>KREPPER-G</a> TROJAN! - a <a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target=_blank>winlogon.exe</a>, which should not figure in Msconfig/Startup!
97663. Source=Paul Collins Startup list
97664.  
97665. [xp_system]
97666. Number=13865
97667. Confirmed=X
97668. Filename=services.exe
97669. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkreppern.html" target=_blank>KREPPER-N</a> TROJAN and variants! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in a "inet*****" subfolder of the Windows or Winnt folder - where ***** varies dependent upon the variant, examples are 20088, 20001, 10066
97670. Source=Paul Collins Startup list
97671.  
97672. [XSC SIP Client]
97673. Number=13866
97674. Confirmed=U
97675. Filename=X-Lite.exe
97676. Description="CounterPath's <a href="http://www.counterpath.com/" target="_blank">X-Lite 3.0</a> is the market's leading free SIP based softphone available for download". For VOIP and broadband users
97677. Source=Paul Collins Startup list
97678.  
97679. [xserv]
97680. Number=13867
97681. Confirmed=X
97682. Filename=[path to trojan]
97683. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstumpya.html" target=_blank>STUMPY-A</a> TROJAN!
97684. Source=Paul Collins Startup list
97685.  
97686. [XStop95]
97687. Number=13868
97688. Confirmed=U
97689. Filename=XStop95.exe
97690. Description=<a href="http://www.xstop.com/" target="_blank">XStop</a> - internet filter
97691. Source=Paul Collins Startup list
97692.  
97693. [xswin]
97694. Number=13869
97695. Confirmed=N
97696. Filename=xswin.exe
97697. Description=Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error
97698. Source=Paul Collins Startup list
97699.  
97700. [XTCsgloader]
97701. Number=13870
97702. Confirmed=?
97703. Filename=XTCsgloader.exe
97704. Description=<font color="#FF0000">Another Xupiter toolbar variant??</font>
97705. Source=Paul Collins Startup list
97706.  
97707. [XTN Service Drivers]
97708. Number=13871
97709. Confirmed=X
97710. Filename=winxtn.exe
97711. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotyk.html" target=_blank>SDBOT-YK</a> WORM!
97712. Source=Paul Collins Startup list
97713.  
97714. [XTNDConnect PC - 3CmPlm]
97715. Number=13872
97716. Confirmed=U
97717. Filename=Autodet.exe
97718. Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between Palm PDAs  and Microsoft Outlook
97719. Source=Paul Collins Startup list
97720.  
97721. [XTNDConnect PC - ErPhn2]
97722. Number=13873
97723. Confirmed=U
97724. Filename=ErPhn2.exe
97725. Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
97726. Source=Paul Collins Startup list
97727.  
97728. [XTNDConnect PC - ErTray]
97729. Number=13874
97730. Confirmed=U
97731. Filename=ErTray.exe
97732. Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
97733. Source=Paul Collins Startup list
97734.  
97735. [XTNDConnect PC - LtNts4]
97736. Number=13875
97737. Confirmed=U
97738. Filename=NtsAgnt.exe
97739. Description=Component of <a href="#EasySync%20Pro">EasySync Pro</a>
97740. Source=Paul Collins Startup list
97741.  
97742. [Xtray]
97743. Number=13876
97744. Confirmed=X
97745. Filename=xtray_link.exe
97746. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VB.JL" target="_blank">VB.JL</a> TROJAN!
97747. Source=Paul Collins Startup list
97748.  
97749. [XtreamLok License Manager]
97750. Number=13877
97751. Confirmed=U
97752. Filename=xl.exe
97753. Description=License manager for <a href="http://www.xtreamlok.com/">xLok</a> (XtreamLok) - prevents software being reverse engineered
97754. Source=Paul Collins Startup list
97755.  
97756. [Xtrem parental control]
97757. Number=13878
97758. Confirmed=U
97759. Filename=pcx.exe
97760. Description=ParentXtreme is a surviellance software program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it
97761. Source=Paul Collins Startup list
97762.  
97763. [XTServiceUpdate]
97764. Number=13879
97765. Confirmed=X
97766. Filename=XTServiceUpdate.exe
97767. Description=hahame.net adware downloader
97768. Source=Paul Collins Startup list
97769.  
97770. [XtTb.exe]
97771. Number=13880
97772. Confirmed=X
97773. Filename=XtTb.exe
97774. Description=Top-banners.com adware
97775. Source=Paul Collins Startup list
97776.  
97777. [xuio.exe]
97778. Number=13881
97779. Confirmed=?
97780. Filename=xuio.exe
97781. Description=<font color="#FF0000">??</font>
97782. Source=Paul Collins Startup list
97783.  
97784. [Xupiter Startup]
97785. Number=13882
97786. Confirmed=X
97787. Filename=XupiterStartup.exe
97788. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
97789. Source=Paul Collins Startup list
97790.  
97791. [XupiterCfgLoader]
97792. Number=13883
97793. Confirmed=X
97794. Filename=XTCfgLoader.exe
97795. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
97796. Source=Paul Collins Startup list
97797.  
97798. [XupiterCfgLoader]
97799. Number=13884
97800. Confirmed=X
97801. Filename=BWCfgLoader.exe
97802. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
97803. Source=Paul Collins Startup list
97804.  
97805. [xupiterstartup2003]
97806. Number=13885
97807. Confirmed=X
97808. Filename=xupiterstartup2003.exe
97809. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
97810. Source=Paul Collins Startup list
97811.  
97812. [XupiterToolbarLoader]
97813. Number=13886
97814. Confirmed=X
97815. Filename=XupiterToolbarLoader.exe
97816. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Xupiter&threatid=12203" target=_blank>Xupiter</a> - adware and homepage hijacker. Use Spybot S&D, Adware or similar to detect and remove and to prevent it re-installing in the future see <a href="http://www.alanluber.com/pcfearfactor/officialxupiterpage.htm" target=_blank>here</a>
97817. Source=Paul Collins Startup list
97818.  
97819. [xv_ctrl]
97820. Number=13887
97821. Confirmed=U
97822. Filename=v_ctrl.exe
97823. Description=3dfx Underground Tools - "Gives direct hardware control to your video graphics adapter"
97824. Source=Paul Collins Startup list
97825.  
97826. [xware]
97827. Number=13888
97828. Confirmed=X
97829. Filename=xware.exe
97830. Description=Malware downloader from xxsware.com, causes adult content popups
97831. Source=Paul Collins Startup list
97832.  
97833. [xware]
97834. Number=13889
97835. Confirmed=X
97836. Filename=cskware.exe
97837. Description=Malware downloader from xxsware.com, produces adult content popups
97838. Source=Paul Collins Startup list
97839.  
97840. [XWMSUSBAPI]
97841. Number=13890
97842. Confirmed=?
97843. Filename=XWMSAPI.EXE
97844. Description=Part of the installation of a Xerox WorkCentre printer/scanner.<font color="#FF0000"> Is it required?</font>
97845. Source=Paul Collins Startup list
97846.  
97847. [xxcm]
97848. Number=13891
97849. Confirmed=X
97850. Filename=sys.exe
97851. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32krisworma.html" target= blank>KRISWORM-A</a> WORM!
97852. Source=Paul Collins Startup list
97853.  
97854. [xxsrSrv32]
97855. Number=13892
97856. Confirmed=X
97857. Filename=xxsrsrv.exe
97858. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancsdee.html" target=_blank>BANCSDE-E</a> TROJAN!
97859. Source=Paul Collins Startup list
97860.  
97861. [XXXmpeg]
97862. Number=13893
97863. Confirmed=X
97864. Filename=XXXmpeg.exe
97865. Description=Adult content dialler
97866. Source=Paul Collins Startup list
97867.  
97868. [xxxvideo]
97869. Number=13894
97870. Confirmed=X
97871. Filename=xxxvideo.exe
97872. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074901" target="_blank">AccessPlugin</a> premium rate adult content dialler
97873.  
97874. Source=Paul Collins Startup list
97875.  
97876. [xy]
97877. Number=13895
97878. Confirmed=X
97879. Filename=svhost32.exe
97880. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.FAI" target="_blank">DELF.FAI</a> TROJAN!
97881. Source=Paul Collins Startup list
97882.  
97883. [x[Number from 1 to 7]]
97884. Number=13896
97885. Confirmed=X
97886. Filename=x[Number from 1 to 7].exe
97887. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdadobraa.html" target=_blank>DADOBRA-A</a> TROJAN!
97888. Source=Paul Collins Startup list
97889.  
97890. [Y!TunnelBasic]
97891. Number=13897
97892. Confirmed=U
97893. Filename=YTBasic.exe
97894. Description=<a href="http://www.ytunnelpro.com/xmod.php?bif=content&page=features" target="_blank">Y!TunnelBasic</a> software provides additional features to Yahoo! Messenger
97895. Source=Paul Collins Startup list
97896.  
97897. [Y!TunnelPro]
97898. Number=13898
97899. Confirmed=U
97900. Filename=YTunnelPro.exe
97901. Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
97902. Source=Paul Collins Startup list
97903.  
97904. [Y!TunnelPro]
97905. Number=13899
97906. Confirmed=U
97907. Filename=YTPro.exe
97908. Description=Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
97909. Source=Paul Collins Startup list
97910.  
97911. [Y'z Shadow]
97912. Number=13900
97913. Confirmed=U
97914. Filename=YzShadow.exe
97915. Description=<a href="http://www.winmatrix.com/forums/index.php?showtopic=1161" target="_blank">Y'z Shadow</a> 'adds a shadow effect to the windows in pursuit of the "beauty of a shadow".
97916. It also allows the user the option of making menus transparent'
97917. Source=Paul Collins Startup list
97918.  
97919. [Y'z Toolbar]
97920. Number=13901
97921. Confirmed=U
97922. Filename=YzToolBar.exe
97923. Description=<a href="http://www.winmatrix.com/forums/index.php?showtopic=1161" target="_blank">Y'z Toolbar</a> "allows the user to change the toolbar icons in Explorer and Internet Explorer.
97924. The user can also create and add their own themes"
97925. Source=Paul Collins Startup list
97926.  
97927. [Ya Salam]
97928. Number=13902
97929. Confirmed=X
97930. Filename=NancyAjram.exe
97931. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-020917-5202-99" target=_blank>JALABED</a> WORM!
97932. Source=Paul Collins Startup list
97933.  
97934. [yaemu.exe]
97935. Number=13903
97936. Confirmed=X
97937. Filename=yaemu.exe
97938. Description=Added by the WIN32.DNSCHANGER.S TROJAN!
97939. Source=Paul Collins Startup list
97940.  
97941. [yahoo groups]
97942. Number=13904
97943. Confirmed=X
97944. Filename=upgrdmgr.exe
97945. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
97946. Source=Paul Collins Startup list
97947.  
97948. [Yahoo HP Reminder 1.1]
97949. Number=13905
97950. Confirmed=?
97951. Filename=yr.exe
97952. Description=<font color="#FF0000">??</font>
97953. Source=Paul Collins Startup list
97954.  
97955. [Yahoo Instant Messengar]
97956. Number=13906
97957. Confirmed=X
97958. Filename=YahooMsgr.exe
97959. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088763" target="_blank">SDBOT.GEN</a> TROJAN!
97960. Source=Paul Collins Startup list
97961.  
97962. [Yahoo Messenger]
97963. Number=13907
97964. Confirmed=X
97965. Filename=Yahoomsg.exe
97966. Description=Added by an unidentified WORM or TROJAN!
97967.  
97968. Source=Paul Collins Startup list
97969.  
97970. [Yahoo Messenger]
97971. Number=13908
97972. Confirmed=X
97973. Filename=YPager.exe
97974. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotqo.html" target=_blank>RBOT-QO</a> WORM!
97975. Source=Paul Collins Startup list
97976.  
97977. [Yahoo Messenger]
97978. Number=13909
97979. Confirmed=X
97980. Filename=svchost32.exe
97981. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanap.html" target="_blank">SOHANA-P</a> WORM!
97982. Source=Paul Collins Startup list
97983.  
97984. [Yahoo Messengger]
97985. Number=13910
97986. Confirmed=X
97987. Filename=SVICHHOST.exe
97988. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojtiotuac.html" target="_blank">TIOTUA-C</a> TROJAN!
97989. Source=Paul Collins Startup list
97990.  
97991. [Yahoo Messengger]
97992. Number=13911
97993. Confirmed=X
97994. Filename=RVHOST.exe
97995. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sillyfdcg.html" target="_blank">SILLYFDC-G</a> WORM!
97996. Source=Paul Collins Startup list
97997.  
97998. [Yahoo Messengger]
97999. Number=13912
98000. Confirmed=X
98001. Filename=SSVICHOSST.exe
98002. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sohanar.html" target="_blank">SOHANA-R</a> WORM!
98003. Source=Paul Collins Startup list
98004.  
98005. [Yahoo Update]
98006. Number=13913
98007. Confirmed=X
98008. Filename=Yahoo!.exe
98009. Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=7045" target="_blank">YAHOO!</a> TROJAN!
98010. Source=Paul Collins Startup list
98011.  
98012. [Yahoo Updater]
98013. Number=13914
98014. Confirmed=X
98015. Filename=Messenger.exe
98016. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotfe.html" target=_blank>FORBOT-FE</a> WORM!
98017. Source=Paul Collins Startup list
98018.  
98019. [Yahoo! Pager]
98020. Number=13915
98021. Confirmed=N
98022. Filename=ypager.exe
98023. Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
98024. Source=Paul Collins Startup list
98025.  
98026. [Yahoo! Pager]
98027. Number=13916
98028. Confirmed=N
98029. Filename=YAHOOM~1.EXE
98030. Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
98031. Source=Paul Collins Startup list
98032.  
98033. [Yahoo2000]
98034. Number=13917
98035. Confirmed=X
98036. Filename=Anti.exe
98037. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ATK" target=_blank>RBOT.ATK</a> WORM!
98038. Source=Paul Collins Startup list
98039.  
98040. [Yahoo2000]
98041. Number=13918
98042. Confirmed=X
98043. Filename=Anti.exe
98044. Description=Added by an unknown Malware, possibly a variant of the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotfam.html" target=_blank>RBOT-RAM</a> WORM!
98045. Source=Paul Collins Startup list
98046.  
98047. [YahooStock]
98048. Number=13919
98049. Confirmed=X
98050. Filename=Prmvr.exe
98051. Description=<a href="http://sarc.com/avcenter/venc/data/adware.adtomi.html" target=_blank>Adtomi</a> adware
98052. Source=Paul Collins Startup list
98053.  
98054. [YahooStock]
98055. Number=13920
98056. Confirmed=X
98057. Filename=ystckAO32.exe
98058. Description=<a href="http://sarc.com/avcenter/venc/data/adware.adtomi.html" target=_blank>Adtomi</a> adware
98059. Source=Paul Collins Startup list
98060.  
98061. [yahoo_toolbar lptt01]
98062. Number=13921
98063. Confirmed=X
98064. Filename=yahoo_toolbar.exe
98065. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
98066. Source=Paul Collins Startup list
98067.  
98068. [yahoo_toolbar ml097e]
98069. Number=13922
98070. Confirmed=X
98071. Filename=yahoo_toolbar.exe
98072. Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "yahoo_toolbar" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>
98073. Source=Paul Collins Startup list
98074.  
98075. [YAMAHA AC-XG Power Utility]
98076. Number=13923
98077. Confirmed=?
98078. Filename=yacpower.exe
98079. Description=YAMAHA AC-XG Power Utility. <font color="#FF0000">What does it do and is it required?</font>
98080. Source=Paul Collins Startup list
98081.  
98082. [YAMAHA DS-XG Launcher]
98083. Number=13924
98084. Confirmed=N
98085. Filename=dslaunch.exe
98086. Description=System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups
98087. Source=Paul Collins Startup list
98088.  
98089. [Yankee Clipper III]
98090. Number=13925
98091. Confirmed=N
98092. Filename=YankClip.exe
98093. Description=<a href="http://www.yankee-clipper.net/index.htm" target="_blank">Yankee Clipper III</a> - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware
98094. Source=Paul Collins Startup list
98095.  
98096. [YBrowser]
98097. Number=13926
98098. Confirmed=N
98099. Filename=ybrwicon.exe
98100. Description=SBC Yahoo! Browser system tray icon
98101. Source=Paul Collins Startup list
98102.  
98103. [YCentral]
98104. Number=13927
98105. Confirmed=U
98106. Filename=YahooCentral.exe
98107. Description=<a href="http://help.yahoo.com/l/us/yahoo/ycentral/general/general-57577.html" target=_blank>Yahoo! Central</a> - "alerts you if your default home page, search, or email is changed or if updates are available for your Yahoo! software. You can manage your default Internet settings and get updates to your software from Yahoo!"
98108.  
98109. Source=Paul Collins Startup list
98110.  
98111. [yeahdude.exe]
98112. Number=13928
98113. Confirmed=X
98114. Filename=hallowelt.exe
98115. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032210-1627-99" target="_blank">GAOBOT.RS</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032315-2723-99" target="_blank">GAOBOT.SA</a> WORMS!
98116. Source=Paul Collins Startup list
98117.  
98118. [yemarvd]
98119. Number=13929
98120. Confirmed=X
98121. Filename=sysmon.exe
98122. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojagentch.html" target="_blank">AGENT-CH</a> TROJAN!
98123. Source=Paul Collins Startup list
98124.  
98125. [YeppStudioAgent]
98126. Number=13930
98127. Confirmed=N
98128. Filename=SamsungMediaStudioAgent.exe
98129. Description=Samsung Media Studio MP3 player file management software - see <a href="http://www.pcstats.com/articleview.cfm?articleid=1933&page=3" target="_blank">here</a> for an example
98130. Source=Paul Collins Startup list
98131.  
98132. [YhooUapdates]
98133. Number=13931
98134. Confirmed=X
98135. Filename=ymssmsgs.exe
98136. Description=Added by a variant of the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=659c34742109" target="_blank">SMALL_K</a> TROJAN!
98137. Source=Paul Collins Startup list
98138.  
98139. [YhooUpdates]
98140. Number=13932
98141. Confirmed=X
98142. Filename=ymsmsgs.exe
98143. Description=Added by the <a href="http://virusinfo.prevx.com/pxparall.asp?PXC=659c34742109" target="_blank">SMALL_K</a> TROJAN!
98144. Source=Paul Collins Startup list
98145.  
98146. [ying]
98147. Number=13933
98148. Confirmed=X
98149. Filename=ying.exe
98150. Description=<a href="http://fileinfo.prevx.com/fileinfo.asp?PXC=a7c073784121" target="_blank">Constructor VC2000</a> malware
98151. Source=Paul Collins Startup list
98152.  
98153. [ymetray]
98154. Number=13934
98155. Confirmed=N
98156. Filename=ymetray.exe
98157. Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ymetray/" target=_blank>Yahoo! Music</a> system tray icon
98158. Source=Paul Collins Startup list
98159.  
98160. [YOP]
98161. Number=13935
98162. Confirmed=N
98163. Filename=yop.exe
98164. Description=Dashboard Module for SBC Yahoo! <a href="http://onlineprotection.yahoo.com/sbc/" target=_blank>Online Protection</a>
98165. Source=Paul Collins Startup list
98166.  
98167. [You've Got Pictures Screensaver]
98168. Number=13936
98169. Confirmed=U
98170. Filename=ygpsstra.exe
98171. Description=AOL You've Got Pictures Screensaver
98172. Source=Paul Collins Startup list
98173.  
98174. [YOW tuner]
98175. Number=13937
98176. Confirmed=?
98177. Filename=WatchPNM.exe
98178. Description=<font color="#FF0000">??</font>
98179. Source=Paul Collins Startup list
98180.  
98181. [ypager]
98182. Number=13938
98183. Confirmed=N
98184. Filename=ypager.exe
98185. Description=Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
98186. Source=Paul Collins Startup list
98187.  
98188. [YPC]
98189. Number=13939
98190. Confirmed=U
98191. Filename=ypc.exe
98192. Description=Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access"
98193. Source=Paul Collins Startup list
98194.  
98195. [YPOPs]
98196. Number=13940
98197. Confirmed=U
98198. Filename=YPOPs.exe
98199. Description=<a href="http://www.ypopsemail.com/" target="_blank">YPOPs!</a> - an application that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to its POP3 service in 2002. This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo! account
98200. Source=Paul Collins Startup list
98201.  
98202. [YTrayMagic Lite 1]
98203. Number=13941
98204. Confirmed=Y
98205. Filename=YTRAYMAGIC.EXE
98206. Description=<a href="http://www.freedownloadscenter.com/Shell_and_Desktop/System_Tray_Enhancers/YTrayMagic_Lite.html" target="_blank">YTrayMagic</a> from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored
98207. Source=Paul Collins Startup list
98208.  
98209. [Yumgo's Homepage Protector V1]
98210. Number=13942
98211. Confirmed=U
98212. Filename=YumgoHomepageProtector.exe
98213. Description=<a href="http://www.yumgo.co.uk/protect.asp" target=_blank>Yumgo's</a> Homepage Protector
98214. Source=Paul Collins Startup list
98215.  
98216. [ywwvc.exe]
98217. Number=13943
98218. Confirmed=X
98219. Filename=ywwvc.exe
98220. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpahr.html" target=_blank>STARTPA-HR</a> TROJAN!
98221. Source=Paul Collins Startup list
98222.  
98223. [ywzizdon]
98224. Number=13944
98225. Confirmed=X
98226. Filename=ywzizdon.exe
98227. Description=Free_Scratch_Cards foistware
98228. Source=Paul Collins Startup list
98229.  
98230. [yx]
98231. Number=13945
98232. Confirmed=X
98233. Filename=uu.exe
98234. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotyx.html" target=_blank>AGOBOT-YX</a> WORM!
98235. Source=Paul Collins Startup list
98236.  
98237. [yyyyyyyy]
98238. Number=13946
98239. Confirmed=X
98240. Filename=[path to trojan]
98241. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100209-5502-99" target="_blank">MUMUBOY.B</a> TROJAN!
98242. Source=Paul Collins Startup list
98243.  
98244. [yz.exe]
98245. Number=13947
98246. Confirmed=X
98247. Filename=yz.exe
98248. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092817-2031-99" target="_blank">VARDO</a> TROJAN!
98249. Source=Paul Collins Startup list
98250.  
98251. [YZH]
98252. Number=13948
98253. Confirmed=X
98254. Filename=YZH.exe
98255. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32legmirbm.html" target=_blank>LEGMIR-BM</a> VIRUS!
98256. Source=Paul Collins Startup list
98257.  
98258. [YZH.SYS]
98259. Number=13949
98260. Confirmed=X
98261. Filename=YZH.exe
98262. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101316-5429-99" target=_blank>PHILIS.C</a> VIRUS!
98263. Source=Paul Collins Startup list
98264.  
98265. [Z]
98266. Number=13950
98267. Confirmed=X
98268. Filename=zmon.exe
98269. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32delbotao.html" target="_blank">DELBOT-AO</a> WORM!
98270. Source=Paul Collins Startup list
98271.  
98272. [z-WrDialer]
98273. Number=13951
98274. Confirmed=U
98275. Filename=WrDialer.exe
98276. Description=WinPoet DSL dialer
98277. Source=Paul Collins Startup list
98278.  
98279. [ZaCker]
98280. Number=13952
98281. Confirmed=X
98282. Filename=[filename].PIF
98283. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A" target="_blank">HOLAR.A</a> WORM!
98284. Source=Paul Collins Startup list
98285.  
98286. [Zacker]
98287. Number=13953
98288. Confirmed=X
98289. Filename=Zacker.exe
98290. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-020411-4428-99" target="_blank">GEMEL</a> WORM!
98291.  
98292. Source=Paul Collins Startup list
98293.  
98294. [zango]
98295. Number=13954
98296. Confirmed=X
98297. Filename=zango.exe
98298. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
98299. Source=Paul Collins Startup list
98300.  
98301. [Zango SiteFinder]
98302. Number=13955
98303. Confirmed=X
98304. Filename=ZangoSiteFinder.exe
98305. Description=180Solutions <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050416-3519-99" target=_blank>ZangoSearch</a> adware variant
98306. Source=Paul Collins Startup list
98307.  
98308. [Zango TvTimes]
98309. Number=13956
98310. Confirmed=X
98311. Filename=ZANGOT~1.EXE
98312. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050416-3519-99" target="_blank">ZangoSearch</a> adware
98313. Source=Paul Collins Startup list
98314.  
98315. [zanu]
98316. Number=13957
98317. Confirmed=X
98318. Filename=zanu.exe
98319. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
98320. Source=Paul Collins Startup list
98321.  
98322. [Zapro]
98323. Number=13958
98324. Confirmed=Y
98325. Filename=Zapro.exe
98326. Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a> - paid for version
98327. Source=Paul Collins Startup list
98328.  
98329. [zBrowser Launcher]
98330. Number=13959
98331. Confirmed=U
98332. Filename=iTouch.exe
98333. Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
98334. Source=Paul Collins Startup list
98335.  
98336. [zBrowser Launcher]
98337. Number=13960
98338. Confirmed=U
98339. Filename=Commandr.exe
98340. Description=For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them
98341. Source=Paul Collins Startup list
98342.  
98343. [zcb]
98344. Number=13961
98345. Confirmed=?
98346. Filename=zcb.exe
98347. Description=<font color="#FF0000">??</font>
98348. Source=Paul Collins Startup list
98349.  
98350. [Zcfgsvc]
98351. Number=13962
98352. Confirmed=U
98353. Filename=ZCfgSvc.exe
98354. Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
98355. Source=Paul Collins Startup list
98356.  
98357. [zcproo]
98358. Number=13963
98359. Confirmed=X
98360. Filename=qssstiej.exe
98361. Description=Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise
98362. Source=Paul Collins Startup list
98363.  
98364. [ZDConfig]
98365. Number=13964
98366. Confirmed=?
98367. Filename=ZDConfig.exe
98368. Description=Related to various brands of Wireless USB LAN Adapter - <font color="#FF0000">what does it do and is it required?</font>
98369. Source=Paul Collins Startup list
98370.  
98371. [zdnet]
98372. Number=13965
98373. Confirmed=N
98374. Filename=kontiki.exe
98375. Description=<a href="http://www.kontiki.com/products/deliverymanager/index.html" target="_blank">Kontiki Delivery Manager</a> - Windows-based client software that enables secure delivery of content to users' desktops
98376. Source=Paul Collins Startup list
98377.  
98378. [Zebus]
98379. Number=13966
98380. Confirmed=N
98381. Filename=msdc32.exe
98382. Description=Runs a HTML tutorial on the Zebus web-site
98383. Source=Paul Collins Startup list
98384.  
98385. [Zekio Startups]
98386. Number=13967
98387. Confirmed=X
98388. Filename=znksvc32.exe
98389. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotagi.html" target= blank>AGOBOT-AGI</a> WORM!
98390. Source=Paul Collins Startup list
98391.  
98392. [Zen.A]
98393. Number=13968
98394. Confirmed=X
98395. Filename=[path to trojan]
98396. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/perlzoomena.html" target="_blank">ZOOMEN-A</a> TROJAN!
98397. Source=Paul Collins Startup list
98398.  
98399. [Zenet]
98400. Number=13969
98401. Confirmed=X
98402. Filename=rundll32 CNBabe.dll, DllStartup
98403. Description=<a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=1" target="_blank">CommonName Toolbar</a> spyware. To uninstall see <a href="http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4">here</a>
98404. Source=Paul Collins Startup list
98405.  
98406. [Zeno]
98407. Number=13970
98408. Confirmed=X
98409. Filename=*sys****.exe [* = random char/digit]
98410. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be rsyssx2d.exe, rsyssx2d.exe, rsystu2d.exe and ysysyz2d.exe but there are others
98411. Source=Paul Collins Startup list
98412.  
98413. [Zeno]
98414. Number=13971
98415. Confirmed=X
98416. Filename=*winspez.exe [* = rand letter]
98417. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
98418. Source=Paul Collins Startup list
98419.  
98420. [Zeno]
98421. Number=13972
98422. Confirmed=X
98423. Filename=nwinrqez.exe
98424. Description=Added by the <a href="http://fileinfo.prevx.com/spyware/qqc24224310217-NWIN16820811/NWINRQEZ.EXE.html" target="_blank">QEXREZ</a> family of TROJANS!
98425. Source=Paul Collins Startup list
98426.  
98427. [ZENRC]
98428. Number=13973
98429. Confirmed=Y
98430. Filename=zenrc32.exe
98431. Description=The main component of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management".<font color="#FF0000"> </font>Leave well alone
98432. Source=Paul Collins Startup list
98433.  
98434. [ZENRC Tray Icon]
98435. Number=13974
98436. Confirmed=Y
98437. Filename=zentray.exe
98438. Description=Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management".<font color="#FF0000"> </font>Best left alone
98439. Source=Paul Collins Startup list
98440.  
98441. [ZENworks Imaging Service]
98442. Number=13975
98443. Confirmed=Y
98444. Filename=ZISWin.exe
98445. Description=Imaging Agent. Part of Novell's <a href="http://www.novell.com/products/zenworks/" target="_blank">ZenWorks</a> - "Complete End-to-End Directory-enabled Network Management"
98446. Source=Paul Collins Startup list
98447.  
98448. [Zero PoPup Killer XP]
98449. Number=13976
98450. Confirmed=U
98451. Filename=zpk_xp.exe
98452. Description=Intelligent anti-pop-up software product by <a href="http://www.ax-soft.com/" target=_blank>Ax-Soft</a>
98453. Source=Paul Collins Startup list
98454.  
98455. [ZeroAds]
98456. Number=13977
98457. Confirmed=U
98458. Filename=0
98459. Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually
98460. Source=Paul Collins Startup list
98461.  
98462. [ZeroAds]
98463. Number=13978
98464. Confirmed=U
98465. Filename=LAS0Ads.exe
98466. Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - culls ads, cookies and pop-ups. Required for the cookie interception to work
98467. Source=Paul Collins Startup list
98468.  
98469. [ZeroAds]
98470. Number=13979
98471. Confirmed=U
98472. Filename=Zeroads.exe
98473. Description=<a href="http://www.fbmsoftware.com/pmain.aspx?id=2&sid=9858289" target="_blank">ZeroAds</a> - a popular Internet accelerator and anti-adware application
98474. Source=Paul Collins Startup list
98475.  
98476. [ZeroSpyware]
98477. Number=13980
98478. Confirmed=U
98479. Filename=ZeroSpyware.exe
98480. Description=FBM Software ZeroSpyware 2004 spyware detector and remover
98481. Source=Paul Collins Startup list
98482.  
98483. [zervpack2]
98484. Number=13981
98485. Confirmed=X
98486. Filename=update2.exe
98487. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.WD&VSect=T" target=_blank>SDBOT.WD</a> WORM!
98488.  
98489. Source=Paul Collins Startup list
98490.  
98491. [ZGNUBI]
98492. Number=13982
98493. Confirmed=?
98494. Filename=ZGNUBI.exe
98495. Description=<font color="#FF0000">??</font>
98496. Source=Paul Collins Startup list
98497.  
98498. [Zi5]
98499. Number=13983
98500. Confirmed=X
98501. Filename=AntiVirus Update.exe
98502. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100616-4203-99" target=_blank>ERKEZ.G</a> WORM!
98503. Source=Paul Collins Startup list
98504.  
98505. [ZIBMACC]
98506. Number=13984
98507. Confirmed=U
98508. Filename=rundll.exe ZIBMACC.INF
98509. Description=ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
98510. Source=Paul Collins Startup list
98511.  
98512. [ZincgrubInc]
98513. Number=13985
98514. Confirmed=X
98515. Filename=Lsass.exe
98516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32voumita.html" target=_blank>VOUMIT-A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
98517. Source=Paul Collins Startup list
98518.  
98519. [ZingSpooler]
98520. Number=13986
98521. Confirmed=U
98522. Filename=ZingSpooler.exe
98523. Description=Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
98524. Source=Paul Collins Startup list
98525.  
98526. [Zinio DLM]
98527. Number=13987
98528. Confirmed=N
98529. Filename=ZDLM.EXE
98530. Description=<a href="http://www.zinio.com/main" target="_blank">Zinio</a> - used to read magazines in digital rather than paper format
98531. Source=Paul Collins Startup list
98532.  
98533. [Zinio DLM]
98534. Number=13988
98535. Confirmed=N
98536. Filename=ZinioDeliveryManager.exe
98537. Description=Related to <a href="http://www.zinio.com/" target=_blank>Zinio</a> used to read magazines in digital rather than paper format
98538. Source=Paul Collins Startup list
98539.  
98540. [Zip Driver Loader]
98541. Number=13989
98542. Confirmed=X
98543. Filename=ZipLoader32.exe
98544. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
98545. Source=Paul Collins Startup list
98546.  
98547. [Zip Driver Loader]
98548. Number=13990
98549. Confirmed=X
98550. Filename=msload32.exe
98551. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2001-102313-2131-99" target="_blank">OBLIVION</a> TROJAN! This executable is one of the most common but there are more
98552. Source=Paul Collins Startup list
98553.  
98554. [ZipDisk Icons]
98555. Number=13991
98556. Confirmed=U
98557. Filename=IMGICON.EXE
98558. Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
98559. Source=Paul Collins Startup list
98560.  
98561. [ZipGenius Clean]
98562. Number=13992
98563. Confirmed=N
98564. Filename=zg.exe
98565. Description=<a href="http://www.zipgenius.it/eng/index.php" target="_blank">ZipGenius</a> file compression utility
98566. Source=Paul Collins Startup list
98567.  
98568. [ziphelp]
98569. Number=13993
98570. Confirmed=X
98571. Filename=ziphelp.exe
98572. Description=<a href="http://cwshredder.net/cwshredder/cwschronicles.html" target=_blank>CoolWebSearch</a> parasite variant
98573. Source=Paul Collins Startup list
98574.  
98575. [ZipMagic]
98576. Number=13994
98577. Confirmed=N
98578. Filename=zm32.exe
98579. Description=Zip utility by <a href="http://www.ontrack.com/" target="_blank">Ontrack</a>. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first
98580. Source=Paul Collins Startup list
98581.  
98582. [zlclient]
98583. Number=13995
98584. Confirmed=Y
98585. Filename=zlclient.exe
98586. Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
98587. Source=Paul Collins Startup list
98588.  
98589. [ZLH]
98590. Number=13996
98591. Confirmed=U
98592. Filename=ZLH.EXE
98593. Description=System Tray icon for <a href="http://www.norman.com/" target="_blank">Norman Antivirus</a>
98594. Source=Paul Collins Startup list
98595.  
98596. [ZNN]
98597. Number=13997
98598. Confirmed=X
98599. Filename=znnsvc.exe
98600. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdaa.html" target="_blank">SDBOT-DAA</a> WORM!
98601. Source=Paul Collins Startup list
98602.  
98603. [Zolero Translator]
98604. Number=13998
98605. Confirmed=X
98606. Filename=ZoleroTranslator.exe
98607. Description=<a href="http://www.bleepingcomputer.com/uninstall/1794/Zolero-Translator.html" target="_blank">Zolero Translator</a> - added by Clickspring, the makers of Purityscan, products and are bundled with the Outer Info Network Client, or OIN client
98608. Source=Paul Collins Startup list
98609.  
98610. [Zonavirus]
98611. Number=13999
98612. Confirmed=X
98613. Filename=0
98614. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070414-5310-99" target="_blank"> KITRO.D</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ARGEN.A&VSect=T" target="_blank">ARGEN.A</a>) WORM!
98615.  
98616. Source=Paul Collins Startup list
98617.  
98618. [Zone Alarm]
98619. Number=14000
98620. Confirmed=X
98621. Filename=vsmon.exe
98622. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BO" target="_blank">RBOT.BO</a> WORM! If this was the ZoneAlarm firewall the name column would be TrueVector
98623. Source=Paul Collins Startup list
98624.  
98625. [zone alarm security]
98626. Number=14001
98627. Confirmed=X
98628. Filename=zlclint.exe
98629. Description=Added by the <a href="http://vil.nai.com/vil/content/v_141674.htm" target="_blank">NIRBOT</a> WORM!
98630. Source=Paul Collins Startup list
98631.  
98632. [Zone Labs Client]
98633. Number=14002
98634. Confirmed=Y
98635. Filename=zlclient.exe
98636. Description=Firewall program from <a href="http://www.zonelabs.com/download/index.html" target="_blank">Zonelabs</a>. Pro version inlcudes other online security options
98637. Source=Paul Collins Startup list
98638.  
98639. [Zone Labs Client Ex]
98640. Number=14003
98641. Confirmed=X
98642. Filename=svchost.exe
98643. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-030309-2458-99" target=_blank>NETSKY.F</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder
98644. Source=Paul Collins Startup list
98645.  
98646. [Zone system]
98647. Number=14004
98648. Confirmed=X
98649. Filename=szchost.exe
98650. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmultidrac.html" target=_blank>MULTIDR-AC</a> TROJAN!
98651. Source=Paul Collins Startup list
98652.  
98653. [ZoneAlarm]
98654. Number=14005
98655. Confirmed=Y
98656. Filename=zonealarm.exe
98657. Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - free version
98658. Source=Paul Collins Startup list
98659.  
98660. [zonealarm]
98661. Number=14006
98662. Confirmed=X
98663. Filename=[random filename]
98664. Description=Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running
98665. Source=Paul Collins Startup list
98666.  
98667. [Zonealarm]
98668. Number=14007
98669. Confirmed=X
98670. Filename=Removeme.exe
98671. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotbg.html" target=_blank>FORBOT-BG</a> WORM!
98672.  
98673. Source=Paul Collins Startup list
98674.  
98675. [Zonealarm]
98676. Number=14008
98677. Confirmed=X
98678. Filename=iexplore.exe
98679. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotcp.html" target=_blank>FORBOT-CP</a> WORM! Note - this is not the legitimate Internet Explorer (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target=_blank>iexplore.exe</a>) process, which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
98680. Source=Paul Collins Startup list
98681.  
98682. [ZoneAlarm Plus]
98683. Number=14009
98684. Confirmed=Y
98685. Filename=zaplus.exe
98686. Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
98687. Source=Paul Collins Startup list
98688.  
98689. [ZoneAlarm Pro]
98690. Number=14010
98691. Confirmed=Y
98692. Filename=Zapro.exe
98693. Description=Firewall program from <a href="http://www.zonelabs.com/store/content/home.jsp" target="_blank">Zonelabs</a> - paid for version
98694. Source=Paul Collins Startup list
98695.  
98696. [Zonesoft Cleaner]
98697. Number=14011
98698. Confirmed=X
98699. Filename=rnsys.exe
98700. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
98701. Source=Paul Collins Startup list
98702.  
98703. [Zoom]
98704. Number=14012
98705. Confirmed=U
98706. Filename=zoom.exe
98707. Description=<a href="http://www.foxpop.ndirect.co.uk/pc/dachshund_04.htm" target="_blank">Zoom</a> - speeds up Windows startup and manages startup applications
98708. Source=Paul Collins Startup list
98709.  
98710. [Zooming]
98711. Number=14013
98712. Confirmed=U
98713. Filename=ZoomingHook.exe 
98714. Description=Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text
98715. Source=Paul Collins Startup list
98716.  
98717. [ZoomingHook]
98718. Number=14014
98719. Confirmed=U
98720. Filename=ZoomingHook.exe
98721. Description=Toshiba Zooming Utility - found on Toshiba laptops. It allows users to zoom in (or magnify) text
98722. Source=Paul Collins Startup list
98723.  
98724. [ZPoint]
98725. Number=14015
98726. Confirmed=X
98727. Filename=winmuse.exe
98728. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloadrvj.html" target=_blank>VJ</a> TROJAN!
98729.  
98730. Source=Paul Collins Startup list
98731.  
98732. [ZPOINT32]
98733. Number=14016
98734. Confirmed=Y
98735. Filename=ZPOINT32.exe
98736. Description=USB graphics/writing tablet driver
98737. Source=Paul Collins Startup list
98738.  
98739. [zSearch]
98740. Number=14017
98741. Confirmed=X
98742. Filename=Zstb.exe
98743. Description=TotalVelocity zSearch <a href="http://www.spywareguide.com/product_show.php?id=763" target="_blank">parasite</a>
98744. Source=Paul Collins Startup list
98745.  
98746. [zSecurity Service]
98747. Number=14018
98748. Confirmed=X
98749. Filename=szsvc.exe
98750. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32sdbotdab.html" target="_blank">SDBOT-DAB</a> WORM!
98751. Source=Paul Collins Startup list
98752.  
98753. [zsms]
98754. Number=14019
98755. Confirmed=X
98756. Filename=smss.exe
98757. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosck.html" target=_blank>BANCOS-CK</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
98758. Source=Paul Collins Startup list
98759.  
98760. [zsmsgs]
98761. Number=14020
98762. Confirmed=X
98763. Filename=iservice.exe
98764. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosbu.html" target= blank>BANCOS-BU</a> TROJAN!
98765. Source=Paul Collins Startup list
98766.  
98767. [zsmss]
98768. Number=14021
98769. Confirmed=X
98770. Filename=smss.exe
98771. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdd.html" target=_blank>BANCOS-DD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target=_blank>smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
98772. Source=Paul Collins Startup list
98773.  
98774. [zSPGuard]
98775. Number=14022
98776. Confirmed=U
98777. Filename=Spguard.exe
98778. Description="<a href="http://pjwalczak.com/spguard/index.php" target="_blank">StartPage Guard</a> (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."
98779. Source=Paul Collins Startup list
98780.  
98781. [ZSScheduler]
98782. Number=14023
98783. Confirmed=U
98784. Filename=zsscheduler.dll
98785. Description=<a href="http://fbmsoftware.com/pmain~id~3.html" target="_blank">ZeroSpyware</a> from FBM Software
98786. Source=Paul Collins Startup list
98787.  
98788. [ZStart]
98789. Number=14024
98790. Confirmed=X
98791. Filename=[various filenames]
98792. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=VX2.Transponder&threatid=12517" target=_blank>VX2.Transponder</a> parasite updater/installer related
98793. Source=Paul Collins Startup list
98794.  
98795. [Zstart]
98796. Number=14025
98797. Confirmed=X
98798. Filename=cxdxregt.exe
98799. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
98800. Source=Paul Collins Startup list
98801.  
98802. [ZtgServerSwitch]
98803. Number=14026
98804. Confirmed=X
98805. Filename=server.vbs
98806. Description=ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
98807. Source=Paul Collins Startup list
98808.  
98809. [Zune Launcher]
98810. Number=14027
98811. Confirmed=U
98812. Filename=ZuneLauncher.exe
98813. Description=Only needed if running Microsoft's new Zune software for use with their new Zune music player. Similar to iTunes for the iPod
98814. Source=Paul Collins Startup list
98815.  
98816. [Zupdate]
98817. Number=14028
98818. Confirmed=X
98819. Filename=Zupdate.exe
98820. Description=Associated with <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrilliantDigital&threatid=3334" target="_blank">B3d Projector</a> foistware - see <a href="http://www.greatis.com/appdata/u/z/zupdate.exe.htm" target="_blank">here</a>
98821. Source=Paul Collins Startup list
98822.  
98823. [zzb]
98824. Number=14029
98825. Confirmed=X
98826. Filename=zzb.exe
98827. Description=<a href="http://sarc.com/avcenter/venc/data/adware.iagold.html" target="_blank">IAGold</a> adware downloader
98828. Source=Paul Collins Startup list
98829.  
98830. [zzb]
98831. Number=14030
98832. Confirmed=X
98833. Filename=zzb.exe
98834. Description=<a href="http://sarc.com/avcenter/venc/data/adware.iagold.html" target="_blank">IAGold</a> adware downloader
98835. Source=Paul Collins Startup list
98836.  
98837. [zzgshp]
98838. Number=14031
98839. Confirmed=X
98840. Filename=gshp.vbs
98841. Description=Homepage hi-jacker that re-defines your IE or Netscape start page
98842. Source=Paul Collins Startup list
98843.  
98844. [zztp]
98845. Number=14032
98846. Confirmed=X
98847. Filename=svchost.exe
98848. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-012017-0708-99" target="_blank">TANNICK.B</a> TROJAN!  Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which should NOT appear in Msconfig/Startup!
98849. Source=Paul Collins Startup list
98850.  
98851. [zzz-hpi-boot]
98852. Number=14033
98853. Confirmed=?
98854. Filename=hpi-boot.exe
98855. Description=<font color="#FF0000">Associated with HP Photosmart printers</font>
98856. Source=Paul Collins Startup list
98857.  
98858. [zzzCamlnSuitelll]
98859. Number=14034
98860. Confirmed=?
98861. Filename=setup.exe 46***
98862. Description=<font color="#FF0000">??</font>
98863. Source=Paul Collins Startup list
98864.  
98865. [zzzhpsetup]
98866. Number=14035
98867. Confirmed=?
98868. Filename=setup.exe
98869. Description=<font color="#FF0000">??</font>
98870. Source=Paul Collins Startup list
98871.  
98872. [Z_Start]
98873. Number=14036
98874. Confirmed=X
98875. Filename=********.exe [* = 8 random chars]
98876. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware. Note - the most frequent filenames appear to be dwdsregt.exe, rkdsregm.exe, psdsregm.exe and ZIFI002.exe but there are others
98877. Source=Paul Collins Startup list
98878.  
98879. [[3-4 random letters]]
98880. Number=14037
98881. Confirmed=X
98882. Filename=nslookup.exe
98883. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Not to be confused with the legitimate <a href="http://support.microsoft.com/kb/200525" target="_blank">nslookup.exe</a> which is found in the System32 folder
98884. Source=Paul Collins Startup list
98885.  
98886. [[3-4 random letters]Srv32]
98887. Number=14038
98888. Confirmed=X
98889. Filename=[path to file]
98890. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancsdea.html" target=_blank>BANCSADE-A</a> TROJAN!
98891. Source=Paul Collins Startup list
98892.  
98893. [[decimal number]]
98894. Number=14039
98895. Confirmed=X
98896. Filename=[path to worm]
98897. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32opossuma.html" target=_blank>OPOSSUM-A</a> WORM! The decimal number can be anything, eg, 0.12345678
98898. Source=Paul Collins Startup list
98899.  
98900. [[default]]
98901. Number=14040
98902. Confirmed=X
98903. Filename=DrWatson32.exe
98904. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022222-5440-99" target=_blank>DREMN</a> TROJAN!
98905. Source=Paul Collins Startup list
98906.  
98907. [[Entry name]]
98908. Number=14041
98909. Confirmed=X
98910. Filename=System.exe
98911. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojnethiefn.html" target=_blank>NETHIEF-N</a> TROJAN!
98912. Source=Paul Collins Startup list
98913.  
98914. [[Ephemeral 2.5] by TreeHugger,]
98915. Number=14042
98916. Confirmed=X
98917. Filename=[path to worm]
98918. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32lemoorc.html" target=_blank>LEMOOR-C</a> WORM!
98919. Source=Paul Collins Startup list
98920.  
98921. [[Ephemeral 2.x] by TreeHugger,]
98922. Number=14043
98923. Confirmed=X
98924. Filename=[path to worm]
98925. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-071115-5228-99" target="_blank">LEMOOR.A</a> WORM! where "x" represents 3 or 4
98926. Source=Paul Collins Startup list
98927.  
98928. [[executed file name]]
98929. Number=14044
98930. Confirmed=X
98931. Filename=App.exe
98932. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-090213-4905-99" target="_blank">WAXPOW</a> WORM!
98933. Source=Paul Collins Startup list
98934.  
98935. [[executed file name]]
98936. Number=14045
98937. Confirmed=X
98938. Filename=Regsrv32.com
98939. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-112812-3725-99" target="_blank">SOUTHGHOST</a> WORM!
98940. Source=Paul Collins Startup list
98941.  
98942. [[filename]]
98943. Number=14046
98944. Confirmed=X
98945. Filename=svchost.scr
98946. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbankercc.html" target=_blank>BANKER-CC</a> TROJAN!
98947. Source=Paul Collins Startup list
98948.  
98949. [[original filename]]
98950. Number=14047
98951. Confirmed=X
98952. Filename=svchost.scr
98953. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancx.html" target=_blank>BANCBAN-CX</a> TROJAN!
98954. Source=Paul Collins Startup list
98955.  
98956. [[original filename]]
98957. Number=14048
98958. Confirmed=X
98959. Filename=xphost.scr
98960. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanhm.html" target=_blank>BANCBAN-HM</a> TROJAN!
98961. Source=Paul Collins Startup list
98962.  
98963. [[random 12 digit number]]
98964. Number=14049
98965. Confirmed=X
98966. Filename=avifile5.exe
98967. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
98968. Source=Paul Collins Startup list
98969.  
98970. [[random 12 digit number]]
98971. Number=14050
98972. Confirmed=X
98973. Filename=bootvid4.exe
98974. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
98975. Source=Paul Collins Startup list
98976.  
98977. [[random 12 digit number]]
98978. Number=14051
98979. Confirmed=X
98980. Filename=browser8.exe
98981. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target="_blank">Adsrv.com/IeDriver</a> adware variant
98982. Source=Paul Collins Startup list
98983.  
98984. [[random 12 digit number]]
98985. Number=14052
98986. Confirmed=X
98987. Filename=atitvo32.exe
98988. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
98989.  
98990. Source=Paul Collins Startup list
98991.  
98992. [[random 12 digit number]]
98993. Number=14053
98994. Confirmed=X
98995. Filename=autodisc.exe
98996. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
98997.  
98998. Source=Paul Collins Startup list
98999.  
99000. [[random 12 digit number]]
99001. Number=14054
99002. Confirmed=X
99003. Filename=cabview1.exe
99004. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99005.  
99006. Source=Paul Collins Startup list
99007.  
99008. [[random 12 digit number]]
99009. Number=14055
99010. Confirmed=X
99011. Filename=advpack1.exe
99012. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99013. Source=Paul Collins Startup list
99014.  
99015. [[random 12 digit number]]
99016. Number=14056
99017. Confirmed=X
99018. Filename=batmeter.exe
99019. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99020. Source=Paul Collins Startup list
99021.  
99022. [[random 12 digit number]]
99023. Number=14057
99024. Confirmed=X
99025. Filename=bidispl2.exe
99026. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99027. Source=Paul Collins Startup list
99028.  
99029. [[random 12 digit number]]
99030. Number=14058
99031. Confirmed=X
99032. Filename=asferror.exe
99033. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99034. Source=Paul Collins Startup list
99035.  
99036. [[random 12 digit number]]
99037. Number=14059
99038. Confirmed=X
99039. Filename=catsrvps.exe
99040. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target= blank>Adsrv.com/IeDriver</a> adware variant
99041. Source=Paul Collins Startup list
99042.  
99043. [[random 12 digit number]]
99044. Number=14060
99045. Confirmed=X
99046. Filename=admparse.exe
99047. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99048. Source=Paul Collins Startup list
99049.  
99050. [[random 12 digit number]]
99051. Number=14061
99052. Confirmed=X
99053. Filename=audiosrv.exe
99054. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99055. Source=Paul Collins Startup list
99056.  
99057. [[random 12 digit number]]
99058. Number=14062
99059. Confirmed=X
99060. Filename=bootvid2.exe
99061. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99062. Source=Paul Collins Startup list
99063.  
99064. [[random 12 digit number]]
99065. Number=14063
99066. Confirmed=X
99067. Filename=cmpbk321.exe
99068. Description=<a href="http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html" target=_blank>Adsrv.com/IeDriver</a> adware variant
99069. Source=Paul Collins Startup list
99070.  
99071. [[random characters]]
99072. Number=14064
99073. Confirmed=X
99074. Filename=securewinload32x.exe
99075. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojoptixpn.html" target=_blank>OPTIXP-N</a> TROJAN! Note - this trojan file is found in the System (9x/Me) or System32 (NT/2K/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted
99076. Source=Paul Collins Startup list
99077.  
99078. [[random characters]]
99079. Number=14065
99080. Confirmed=X
99081. Filename=rsbmsc.exe
99082. Description=Detected by <a href="http://www.avira.com/" target="_blank">AntiVir</a> antivirus as the BDS/Agent.adt TROJAN!
99083. Source=Paul Collins Startup list
99084.  
99085. [[random filename]]
99086. Number=14066
99087. Confirmed=X
99088. Filename=slk8x2peu.exe
99089. Description=<a href="http://www.superadblocker.com/definition/slk8x2peu/" target="_blank">QuickLinks</a> adware  
99090. Source=Paul Collins Startup list
99091.  
99092. [[random names]]
99093. Number=14067
99094. Confirmed=X
99095. Filename=eee2.exe
99096. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
99097. Source=Paul Collins Startup list
99098.  
99099. [[random name]]
99100. Number=14068
99101. Confirmed=X
99102. Filename=Svchosts.exe
99103. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsdbotn.html" target="_blank">SDBOT.N</a> TROJAN!
99104. Source=Paul Collins Startup list
99105.  
99106. [[random name]]
99107. Number=14069
99108. Confirmed=X
99109. Filename=wincpu.exe
99110. Description=Added by an unidentified VIRUS, WORM or TROJAN!
99111. Source=Paul Collins Startup list
99112.  
99113. [[random name]]
99114. Number=14070
99115. Confirmed=X
99116. Filename=m?dtc.exe
99117. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99118. Source=Paul Collins Startup list
99119.  
99120. [[random name]]
99121. Number=14071
99122. Confirmed=X
99123. Filename=ping.exe
99124. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Note - do not confuse with the Microsoft utility of the same name as described <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/ping/" target=_blank>here</a>
99125. Source=Paul Collins Startup list
99126.  
99127. [[random name]]
99128. Number=14072
99129. Confirmed=X
99130. Filename=CXTPLS_LOADER.EXE
99131. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AproposMedia&threatid=14978" target="_blank">AproposMedia</a> adware
99132. Source=Paul Collins Startup list
99133.  
99134. [[random name]]
99135. Number=14073
99136. Confirmed=X
99137. Filename=??plorer.exe
99138. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99139. Source=Paul Collins Startup list
99140.  
99141. [[random name]]
99142. Number=14074
99143. Confirmed=X
99144. Filename=?hkdsk.exe
99145. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99146. Source=Paul Collins Startup list
99147.  
99148. [[random name]]
99149. Number=14075
99150. Confirmed=X
99151. Filename=?hkntfs.exe
99152. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99153. Source=Paul Collins Startup list
99154.  
99155. [[random name]]
99156. Number=14076
99157. Confirmed=X
99158. Filename=l?gonui.exe
99159. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99160. Source=Paul Collins Startup list
99161.  
99162. [[random name]]
99163. Number=14077
99164. Confirmed=X
99165. Filename=m?iexec.exe
99166. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99167. Source=Paul Collins Startup list
99168.  
99169. [[random name]]
99170. Number=14078
99171. Confirmed=X
99172. Filename=r?gsvr32.exe
99173. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99174. Source=Paul Collins Startup list
99175.  
99176. [[random name]]
99177. Number=14079
99178. Confirmed=X
99179. Filename=t?skmgr.exe
99180. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99181. Source=Paul Collins Startup list
99182.  
99183. [[random name]]
99184. Number=14080
99185. Confirmed=X
99186. Filename=w?auboot.exe
99187. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99188. Source=Paul Collins Startup list
99189.  
99190. [[random name]]
99191. Number=14081
99192. Confirmed=X
99193. Filename=w?auclt.exe
99194. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99195. Source=Paul Collins Startup list
99196.  
99197. [[random name]]
99198. Number=14082
99199. Confirmed=X
99200. Filename=w?crtupd.exe
99201. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99202. Source=Paul Collins Startup list
99203.  
99204. [[random name]]
99205. Number=14083
99206. Confirmed=X
99207. Filename=w?wexec.exe
99208. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99209. Source=Paul Collins Startup list
99210.  
99211. [[random name]]
99212. Number=14084
99213. Confirmed=X
99214. Filename=??erinit.exe
99215. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99216. Source=Paul Collins Startup list
99217.  
99218. [[random name]]
99219. Number=14085
99220. Confirmed=X
99221. Filename=d?dplay.exe
99222. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99223. Source=Paul Collins Startup list
99224.  
99225. [[random name]]
99226. Number=14086
99227. Confirmed=X
99228. Filename=n?tepad.exe
99229. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99230. Source=Paul Collins Startup list
99231.  
99232. [[random name]]
99233. Number=14087
99234. Confirmed=X
99235. Filename=??chost.exe
99236. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99237. Source=Paul Collins Startup list
99238.  
99239. [[random name]]
99240. Number=14088
99241. Confirmed=X
99242. Filename=??oolsv.exe
99243. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99244. Source=Paul Collins Startup list
99245.  
99246. [[random name]]
99247. Number=14089
99248. Confirmed=X
99249. Filename=??xplore.exe
99250. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99251. Source=Paul Collins Startup list
99252.  
99253. [[random name]]
99254. Number=14090
99255. Confirmed=X
99256. Filename=r?ndll32.exe
99257. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99258. Source=Paul Collins Startup list
99259.  
99260. [[random name]]
99261. Number=14091
99262. Confirmed=X
99263. Filename=se?vices.exe
99264. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99265. Source=Paul Collins Startup list
99266.  
99267. [[random name]]
99268. Number=14092
99269. Confirmed=X
99270. Filename=w?nlogon.exe
99271. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99272. Source=Paul Collins Startup list
99273.  
99274. [[random name]]
99275. Number=14093
99276. Confirmed=X
99277. Filename=w?nword.exe
99278. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99279. Source=Paul Collins Startup list
99280.  
99281. [[random name]]
99282. Number=14094
99283. Confirmed=X
99284. Filename=??anregw.exe
99285. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99286. Source=Paul Collins Startup list
99287.  
99288. [[random name]]
99289. Number=14095
99290. Confirmed=X
99291. Filename=?ttrib.exe
99292. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99293. Source=Paul Collins Startup list
99294.  
99295. [[random name]]
99296. Number=14096
99297. Confirmed=X
99298. Filename=j?vaw.exe
99299. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99300. Source=Paul Collins Startup list
99301.  
99302. [[random name]]
99303. Number=14097
99304. Confirmed=X
99305. Filename=l?ass.exe
99306. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99307. Source=Paul Collins Startup list
99308.  
99309. [[random name]]
99310. Number=14098
99311. Confirmed=X
99312. Filename=m?config.exe
99313. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99314. Source=Paul Collins Startup list
99315.  
99316. [[random name]]
99317. Number=14099
99318. Confirmed=X
99319. Filename=n?lookup.exe
99320. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99321. Source=Paul Collins Startup list
99322.  
99323. [[random name]]
99324. Number=14100
99325. Confirmed=X
99326. Filename=n?pdb.exe
99327. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99328. Source=Paul Collins Startup list
99329.  
99330. [[random name]]
99331. Number=14101
99332. Confirmed=X
99333. Filename=??ool32.exe
99334. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99335. Source=Paul Collins Startup list
99336.  
99337. [[random name]]
99338. Number=14102
99339. Confirmed=X
99340. Filename=??rss.exe
99341. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99342. Source=Paul Collins Startup list
99343.  
99344. [[random name]]
99345. Number=14103
99346. Confirmed=X
99347. Filename=??rvices.exe
99348. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99349. Source=Paul Collins Startup list
99350.  
99351. [[random name]]
99352. Number=14104
99353. Confirmed=X
99354. Filename=?ti2evxx.exe
99355. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99356. Source=Paul Collins Startup list
99357.  
99358. [[random name]]
99359. Number=14105
99360. Confirmed=X
99361. Filename=chkdsk.exe
99362. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Unlike this file, the legitimate Windows chkdisk.exe will in Windows XP/2K/NT always be located in the Winnt\System32 or Windows\System32 folder, and ought moreover NOT to figure among the startups!
99363. Source=Paul Collins Startup list
99364.  
99365. [[random name]]
99366. Number=14106
99367. Confirmed=X
99368. Filename=d?xplore.exe
99369. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99370. Source=Paul Collins Startup list
99371.  
99372. [[random name]]
99373. Number=14107
99374. Confirmed=X
99375. Filename=dvdplay.exe
99376. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99377. Source=Paul Collins Startup list
99378.  
99379. [[random name]]
99380. Number=14108
99381. Confirmed=X
99382. Filename=spoolsv.exe
99383. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Do not confuse with the legitimate Microsoft Printer Spooler Service (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/" target=_blank>spoolsv.exe</a>)
99384. Source=Paul Collins Startup list
99385.  
99386. [[random name]]
99387. Number=14109
99388. Confirmed=X
99389. Filename=w?aclt.exe
99390. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99391. Source=Paul Collins Startup list
99392.  
99393. [[random name]]
99394. Number=14110
99395. Confirmed=X
99396. Filename=wucrtupd.exe
99397. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Do not confuse with the legitimate Windows Critical Update Notification (<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wucrtupd/" target=_blank>wucrtupd.exe</a>)
99398. Source=Paul Collins Startup list
99399.  
99400. [[random name]]
99401. Number=14111
99402. Confirmed=X
99403. Filename=charmapnt.exe
99404. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancosdr.html" target=_blank>BANCOS-DR</a> TROJAN!
99405. Source=Paul Collins Startup list
99406.  
99407. [[random name]]
99408. Number=14112
99409. Confirmed=X
99410. Filename=n?tdde.exe
99411. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99412. Source=Paul Collins Startup list
99413.  
99414. [[random name]]
99415. Number=14113
99416. Confirmed=X
99417. Filename=r?gedit.exe
99418. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99419. Source=Paul Collins Startup list
99420.  
99421. [[random name]]
99422. Number=14114
99423. Confirmed=X
99424. Filename=r?ndll.exe
99425. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99426. Source=Paul Collins Startup list
99427.  
99428. [[random name]]
99429. Number=14115
99430. Confirmed=X
99431. Filename=scanregw.exe
99432. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99433. Source=Paul Collins Startup list
99434.  
99435. [[random name]]
99436. Number=14116
99437. Confirmed=X
99438. Filename=wuauboot.exe
99439. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware. Note - do not confuse with the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/wuauboot/" target=_blank>wuauboot.exe</a> file, which should not figure in Msconfig/Startup!
99440. Source=Paul Collins Startup list
99441.  
99442. [[random name]]
99443. Number=14117
99444. Confirmed=X
99445. Filename=w?nspool.exe
99446. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
99447. Source=Paul Collins Startup list
99448.  
99449. [[random name]]
99450. Number=14118
99451. Confirmed=X
99452. Filename=svchost.exe
99453. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanjc.html" target=_blank>BANCBAN-JC</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "config" subfolder of the Winnt or Windows folder
99454. Source=Paul Collins Startup list
99455.  
99456. [[random name]]
99457. Number=14119
99458. Confirmed=X
99459. Filename=[random name].dll
99460. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-071912-4640-99" target="_blank">SearchNet</a> adware
99461. Source=Paul Collins Startup list
99462.  
99463. [[random name]]
99464. Number=14120
99465. Confirmed=X
99466. Filename=iexpl0ra.exe
99467. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ULPM.BD" target="_blank">ULPM.BD</a> TROJAN!
99468. Source=Paul Collins Startup list
99469.  
99470. [[random name]]
99471. Number=14121
99472. Confirmed=X
99473. Filename=rundl13a.exe
99474. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojgampassl.html" target="_blank">GAMPASS-L</a> TROJAN!
99475. Source=Paul Collins Startup list
99476.  
99477. [[random name]]
99478. Number=14122
99479. Confirmed=X
99480. Filename=Servere.exe
99481. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlegmiraqm.html" target="_blank">LEGMIR-AQM</a> TROJAN!
99482. Source=Paul Collins Startup list
99483.  
99484. [[random number]]
99485. Number=14123
99486. Confirmed=X
99487. Filename=explorer.exe
99488. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojkeylogan.html" target="_blank">KEYLOG-AN</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one copies it's self under 9 additional file names in the System (9x/Me) or System32 (NT/2K/XP) folder
99489. Source=Paul Collins Startup list
99490.  
99491. [[Randomly chosen existing folder name]]
99492. Number=14124
99493. Confirmed=X
99494. Filename=_autorun.exe
99495. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99496. Source=Paul Collins Startup list
99497.  
99498. [[Randomly chosen existing folder name]]
99499. Number=14125
99500. Confirmed=X
99501. Filename=_cfg.exe
99502. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99503. Source=Paul Collins Startup list
99504.  
99505. [[Randomly chosen existing folder name]]
99506. Number=14126
99507. Confirmed=X
99508. Filename=_config.exe
99509. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99510. Source=Paul Collins Startup list
99511.  
99512. [[Randomly chosen existing folder name]]
99513. Number=14127
99514. Confirmed=X
99515. Filename=_env.exe
99516. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99517. Source=Paul Collins Startup list
99518.  
99519. [[Randomly chosen existing folder name]]
99520. Number=14128
99521. Confirmed=X
99522. Filename=_loader.exe
99523. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99524. Source=Paul Collins Startup list
99525.  
99526. [[Randomly chosen existing folder name]]
99527. Number=14129
99528. Confirmed=X
99529. Filename=_login.exe
99530. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99531. Source=Paul Collins Startup list
99532.  
99533. [[Randomly chosen existing folder name]]
99534. Number=14130
99535. Confirmed=X
99536. Filename=_setup.exe
99537. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99538. Source=Paul Collins Startup list
99539.  
99540. [[Randomly chosen existing folder name]]
99541. Number=14131
99542. Confirmed=X
99543. Filename=_start.exe
99544. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32antinnyl.html" target="_blank">ANTINNY-L</a> WORM!
99545. Source=Paul Collins Startup list
99546.  
99547. [[random]]
99548. Number=14132
99549. Confirmed=X
99550. Filename=lsass.scr
99551. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancw.html" target=_blank>BANCBAN-CW</a> TROJAN!
99552. Source=Paul Collins Startup list
99553.  
99554. [[random]]
99555. Number=14133
99556. Confirmed=X
99557. Filename=svchost.scr
99558. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbancy.html" target=_blank>BANCBAN-CY</a> TROJAN!
99559. Source=Paul Collins Startup list
99560.  
99561. [[trojan filename]]
99562. Number=14134
99563. Confirmed=X
99564. Filename=Install.exe
99565. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanfs.html" target=_blank>BANCBAN-FS</a> TROJAN!
99566. Source=Paul Collins Startup list
99567.  
99568. [[trojan name]]
99569. Number=14135
99570. Confirmed=X
99571. Filename=svchost.exe
99572. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojbancbanci.html" target=_blank>BANCBAN-CL</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which should not normally figure in Msconfig/Startup!
99573. Source=Paul Collins Startup list
99574.  
99575. [[username] config]
99576. Number=14136
99577. Confirmed=X
99578. Filename=[path to trojan]
99579. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojmosuckh.html" target=_blank>MOSUCK-H</a> TROJAN!
99580. Source=Paul Collins Startup list
99581.  
99582. [[various filenames]]
99583. Number=14137
99584. Confirmed=X
99585. Filename=qtsks.exe
99586. Description=Added by the WEBDOR.Y TROJAN
99587. Source=Paul Collins Startup list
99588.  
99589. [[various names]]
99590. Number=14138
99591. Confirmed=X
99592. Filename=elf.exe
99593. Description=Elf is a hacker program, tied to a trojan server
99594. Source=Paul Collins Startup list
99595.  
99596. [[various names]]
99597. Number=14139
99598. Confirmed=X
99599. Filename=crsrs.exe
99600. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32forbotak.html" target="_blank">FORBOT-AK</a> WORM!
99601. Source=Paul Collins Startup list
99602.  
99603. [[various names]]
99604. Number=14140
99605. Confirmed=X
99606. Filename=Windows32.exe
99607. Description=Added by any of a number of WORM or TROJAN variants
99608. Source=Paul Collins Startup list
99609.  
99610. [[various names]]
99611. Number=14141
99612. Confirmed=X
99613. Filename=bling.exe
99614. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotni.html" target=_blank>RBOT-NI</a> WORM!
99615.  
99616. Source=Paul Collins Startup list
99617.  
99618. [[various names]]
99619. Number=14142
99620. Confirmed=X
99621. Filename=mediaplayer32.exe
99622. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
99623.  
99624. Source=Paul Collins Startup list
99625.  
99626. [[various names]]
99627. Number=14143
99628. Confirmed=X
99629. Filename=winlogon32.exe
99630. Description=Added by an unidentified WORM or TROJAN!
99631.  
99632. Source=Paul Collins Startup list
99633.  
99634. [[various names]]
99635. Number=14144
99636. Confirmed=X
99637. Filename=svchostss.exe
99638. Description=Added by a variant of the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437" target=_blank>RBOT</a> WORM!
99639.  
99640. Source=Paul Collins Startup list
99641.  
99642. [[various names]]
99643. Number=14145
99644. Confirmed=X
99645. Filename=win32snd.exe
99646. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32rbotdq.html" target=_blank>RBOT-DQ</a> WORM!
99647.  
99648. Source=Paul Collins Startup list
99649.  
99650. [[various names]]
99651. Number=14146
99652. Confirmed=X
99653. Filename=shch.exe
99654. Description=Premium rate adult content dialler
99655. Source=Paul Collins Startup list
99656.  
99657. [[various names]]
99658. Number=14147
99659. Confirmed=X
99660. Filename=PasswdMon.exe
99661. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99662. Source=Paul Collins Startup list
99663.  
99664. [[various names]]
99665. Number=14148
99666. Confirmed=X
99667. Filename=runload32.exe
99668. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99669. Source=Paul Collins Startup list
99670.  
99671. [[various names]]
99672. Number=14149
99673. Confirmed=X
99674. Filename=dstart2.exe
99675. Description=Adware - recognized by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> antivirus as Trojan-Downloader.Small.alw
99676. Source=Paul Collins Startup list
99677.  
99678. [[various names]]
99679. Number=14150
99680. Confirmed=X
99681. Filename=msdos32.exe
99682. Description=Added by a variant of the AGENT.AH TROJAN!
99683. Source=Paul Collins Startup list
99684.  
99685. [[various names]]
99686. Number=14151
99687. Confirmed=X
99688. Filename=sitebar.exe
99689. Description=Added by an unidentified TROJAN!
99690. Source=Paul Collins Startup list
99691.  
99692. [[various names]]
99693. Number=14152
99694. Confirmed=X
99695. Filename=backorif.exe
99696. Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
99697. Source=Paul Collins Startup list
99698.  
99699. [[various names]]
99700. Number=14153
99701. Confirmed=X
99702. Filename=bhoserv.exe
99703. Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
99704. Source=Paul Collins Startup list
99705.  
99706. [[various names]]
99707. Number=14154
99708. Confirmed=X
99709. Filename=driver32.exe
99710. Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM!
99711. Source=Paul Collins Startup list
99712.  
99713. [[various names]]
99714. Number=14155
99715. Confirmed=X
99716. Filename=hyandex.exe
99717. Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
99718. Source=Paul Collins Startup list
99719.  
99720. [[various names]]
99721. Number=14156
99722. Confirmed=X
99723. Filename=Uint32.exe
99724. Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
99725. Source=Paul Collins Startup list
99726.  
99727. [[various names]]
99728. Number=14157
99729. Confirmed=X
99730. Filename=Uint32.exe
99731. Description=Added by a <a href="http://vil.nai.com/vil/content/v_99877.htm" target="_blank">NTROOTKIT</a> TROJAN variant!
99732. Source=Paul Collins Startup list
99733.  
99734. [[various names]]
99735. Number=14158
99736. Confirmed=X
99737. Filename=_ctcp.exe
99738. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99739. Source=Paul Collins Startup list
99740.  
99741. [[various names]]
99742. Number=14159
99743. Confirmed=X
99744. Filename=10010.exe
99745. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99746. Source=Paul Collins Startup list
99747.  
99748. [[various names]]
99749. Number=14160
99750. Confirmed=X
99751. Filename=321102.exe
99752. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99753. Source=Paul Collins Startup list
99754.  
99755. [[various names]]
99756. Number=14161
99757. Confirmed=X
99758. Filename=34763.exe
99759. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99760. Source=Paul Collins Startup list
99761.  
99762. [[various names]]
99763. Number=14162
99764. Confirmed=X
99765. Filename=abrek.exe
99766. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99767. Source=Paul Collins Startup list
99768.  
99769. [[various names]]
99770. Number=14163
99771. Confirmed=X
99772. Filename=ActionScr.exe
99773. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99774. Source=Paul Collins Startup list
99775.  
99776. [[various names]]
99777. Number=14164
99778. Confirmed=X
99779. Filename=AliceSD.exe
99780. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99781. Source=Paul Collins Startup list
99782.  
99783. [[various names]]
99784. Number=14165
99785. Confirmed=X
99786. Filename=AppMasterCenter.exe
99787. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99788. Source=Paul Collins Startup list
99789.  
99790. [[various names]]
99791. Number=14166
99792. Confirmed=X
99793. Filename=atl_helper.exe
99794. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99795. Source=Paul Collins Startup list
99796.  
99797. [[various names]]
99798. Number=14167
99799. Confirmed=X
99800. Filename=ATLIEHELPER.exe
99801. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99802. Source=Paul Collins Startup list
99803.  
99804. [[various names]]
99805. Number=14168
99806. Confirmed=X
99807. Filename=avpmondll.exe
99808. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99809. Source=Paul Collins Startup list
99810.  
99811. [[various names]]
99812. Number=14169
99813. Confirmed=X
99814. Filename=awinrar.exe
99815. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99816. Source=Paul Collins Startup list
99817.  
99818. [[various names]]
99819. Number=14170
99820. Confirmed=X
99821. Filename=backd.exe
99822. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99823. Source=Paul Collins Startup list
99824.  
99825. [[various names]]
99826. Number=14171
99827. Confirmed=X
99828. Filename=backorif.exe
99829. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99830. Source=Paul Collins Startup list
99831.  
99832. [[various names]]
99833. Number=14172
99834. Confirmed=X
99835. Filename=barint.exe
99836. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99837. Source=Paul Collins Startup list
99838.  
99839. [[various names]]
99840. Number=14173
99841. Confirmed=X
99842. Filename=bhoserv.exe
99843. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99844. Source=Paul Collins Startup list
99845.  
99846. [[various names]]
99847. Number=14174
99848. Confirmed=X
99849. Filename=bingo9.exe
99850. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99851. Source=Paul Collins Startup list
99852.  
99853. [[various names]]
99854. Number=14175
99855. Confirmed=X
99856. Filename=bnui.exe
99857. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99858. Source=Paul Collins Startup list
99859.  
99860. [[various names]]
99861. Number=14176
99862. Confirmed=X
99863. Filename=Bogobot.exe
99864. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99865. Source=Paul Collins Startup list
99866.  
99867. [[various names]]
99868. Number=14177
99869. Confirmed=X
99870. Filename=borlandg.exe
99871. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99872. Source=Paul Collins Startup list
99873.  
99874. [[various names]]
99875. Number=14178
99876. Confirmed=X
99877. Filename=BoundRec.exe
99878. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99879. Source=Paul Collins Startup list
99880.  
99881. [[various names]]
99882. Number=14179
99883. Confirmed=X
99884. Filename=br0ken.exe
99885. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99886. Source=Paul Collins Startup list
99887.  
99888. [[various names]]
99889. Number=14180
99890. Confirmed=X
99891. Filename=Brong32.exe
99892. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99893. Source=Paul Collins Startup list
99894.  
99895. [[various names]]
99896. Number=14181
99897. Confirmed=X
99898. Filename=clamav.exe
99899. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99900. Source=Paul Collins Startup list
99901.  
99902. [[various names]]
99903. Number=14182
99904. Confirmed=X
99905. Filename=cmon14.exe
99906. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99907. Source=Paul Collins Startup list
99908.  
99909. [[various names]]
99910. Number=14183
99911. Confirmed=X
99912. Filename=cnftips.exe
99913. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99914. Source=Paul Collins Startup list
99915.  
99916. [[various names]]
99917. Number=14184
99918. Confirmed=X
99919. Filename=control64.exe
99920. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99921. Source=Paul Collins Startup list
99922.  
99923. [[various names]]
99924. Number=14185
99925. Confirmed=X
99926. Filename=corrida.exe
99927. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99928. Source=Paul Collins Startup list
99929.  
99930. [[various names]]
99931. Number=14186
99932. Confirmed=X
99933. Filename=CToolBar.exe
99934. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99935. Source=Paul Collins Startup list
99936.  
99937. [[various names]]
99938. Number=14187
99939. Confirmed=X
99940. Filename=DCC_send.exe
99941. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99942. Source=Paul Collins Startup list
99943.  
99944. [[various names]]
99945. Number=14188
99946. Confirmed=X
99947. Filename=defect08.exe
99948. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99949. Source=Paul Collins Startup list
99950.  
99951. [[various names]]
99952. Number=14189
99953. Confirmed=X
99954. Filename=Dest068.exe
99955. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99956. Source=Paul Collins Startup list
99957.  
99958. [[various names]]
99959. Number=14190
99960. Confirmed=X
99961. Filename=dialer423.exe
99962. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99963. Source=Paul Collins Startup list
99964.  
99965. [[various names]]
99966. Number=14191
99967. Confirmed=X
99968. Filename=diskserv.exe
99969. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99970. Source=Paul Collins Startup list
99971.  
99972. [[various names]]
99973. Number=14192
99974. Confirmed=X
99975. Filename=driver64.exe
99976. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99977. Source=Paul Collins Startup list
99978.  
99979. [[various names]]
99980. Number=14193
99981. Confirmed=X
99982. Filename=DTOURS.exe
99983. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99984. Source=Paul Collins Startup list
99985.  
99986. [[various names]]
99987. Number=14194
99988. Confirmed=X
99989. Filename=ERTYDF.exe
99990. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99991. Source=Paul Collins Startup list
99992.  
99993. [[various names]]
99994. Number=14195
99995. Confirmed=X
99996. Filename=ExchangeMaster.exe
99997. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
99998. Source=Paul Collins Startup list
99999.  
100000. [[various names]]
100001. Number=14196
100002. Confirmed=X
100003. Filename=EXE32EXE.exe
100004. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100005. Source=Paul Collins Startup list
100006.  
100007. [[various names]]
100008. Number=14197
100009. Confirmed=X
100010. Filename=expoler.exe
100011. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100012. Source=Paul Collins Startup list
100013.  
100014. [[various names]]
100015. Number=14198
100016. Confirmed=X
100017. Filename=FLKPT.exe
100018. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100019. Source=Paul Collins Startup list
100020.  
100021. [[various names]]
100022. Number=14199
100023. Confirmed=X
100024. Filename=forces_elite.exe
100025. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100026. Source=Paul Collins Startup list
100027.  
100028. [[various names]]
100029. Number=14200
100030. Confirmed=X
100031. Filename=ftbar.exe
100032. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100033. Source=Paul Collins Startup list
100034.  
100035. [[various names]]
100036. Number=14201
100037. Confirmed=X
100038. Filename=gabber.exe
100039. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100040. Source=Paul Collins Startup list
100041.  
100042. [[various names]]
100043. Number=14202
100044. Confirmed=X
100045. Filename=hyandex.exe
100046. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100047. Source=Paul Collins Startup list
100048.  
100049. [[various names]]
100050. Number=14203
100051. Confirmed=X
100052. Filename=iehelper.exe
100053. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100054. Source=Paul Collins Startup list
100055.  
100056. [[various names]]
100057. Number=14204
100058. Confirmed=X
100059. Filename=iesetupdll.exe
100060. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100061. Source=Paul Collins Startup list
100062.  
100063. [[various names]]
100064. Number=14205
100065. Confirmed=X
100066. Filename=init32.exe
100067. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100068. Source=Paul Collins Startup list
100069.  
100070. [[various names]]
100071. Number=14206
100072. Confirmed=X
100073. Filename=InpriseMon.exe
100074. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100075. Source=Paul Collins Startup list
100076.  
100077. [[various names]]
100078. Number=14207
100079. Confirmed=X
100080. Filename=install2.exe
100081. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100082. Source=Paul Collins Startup list
100083.  
100084. [[various names]]
100085. Number=14208
100086. Confirmed=X
100087. Filename=jopplerg.exe
100088. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100089. Source=Paul Collins Startup list
100090.  
100091. [[various names]]
100092. Number=14209
100093. Confirmed=X
100094. Filename=Kargo.exe
100095. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100096. Source=Paul Collins Startup list
100097.  
100098. [[various names]]
100099. Number=14210
100100. Confirmed=X
100101. Filename=keybdll.exe
100102. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100103. Source=Paul Collins Startup list
100104.  
100105. [[various names]]
100106. Number=14211
100107. Confirmed=X
100108. Filename=KeywordFinder.exe
100109. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100110. Source=Paul Collins Startup list
100111.  
100112. [[various names]]
100113. Number=14212
100114. Confirmed=X
100115. Filename=killall.exe
100116. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100117. Source=Paul Collins Startup list
100118.  
100119. [[various names]]
100120. Number=14213
100121. Confirmed=X
100122. Filename=LOPTCON.exe
100123. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100124. Source=Paul Collins Startup list
100125.  
100126. [[various names]]
100127. Number=14214
100128. Confirmed=X
100129. Filename=media64.exe
100130. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100131. Source=Paul Collins Startup list
100132.  
100133. [[various names]]
100134. Number=14215
100135. Confirmed=X
100136. Filename=MNTP.exe
100137. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100138. Source=Paul Collins Startup list
100139.  
100140. [[various names]]
100141. Number=14216
100142. Confirmed=X
100143. Filename=MON76234.exe
100144. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100145. Source=Paul Collins Startup list
100146.  
100147. [[various names]]
100148. Number=14217
100149. Confirmed=X
100150. Filename=moniter.exe
100151. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100152. Source=Paul Collins Startup list
100153.  
100154. [[various names]]
100155. Number=14218
100156. Confirmed=X
100157. Filename=mozilla-text.exe
100158. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100159. Source=Paul Collins Startup list
100160.  
100161. [[various names]]
100162. Number=14219
100163. Confirmed=X
100164. Filename=msag.exe
100165. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100166. Source=Paul Collins Startup list
100167.  
100168. [[various names]]
100169. Number=14220
100170. Confirmed=X
100171. Filename=ms-its.exe
100172. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100173. Source=Paul Collins Startup list
100174.  
100175. [[various names]]
100176. Number=14221
100177. Confirmed=X
100178. Filename=MsNetHelper.exe
100179. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100180. Source=Paul Collins Startup list
100181.  
100182. [[various names]]
100183. Number=14222
100184. Confirmed=X
100185. Filename=new32.exe
100186. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100187. Source=Paul Collins Startup list
100188.  
100189. [[various names]]
100190. Number=14223
100191. Confirmed=X
100192. Filename=newbreed.exe
100193. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100194. Source=Paul Collins Startup list
100195.  
100196. [[various names]]
100197. Number=14224
100198. Confirmed=X
100199. Filename=nmdllw.exe
100200. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100201. Source=Paul Collins Startup list
100202.  
100203. [[various names]]
100204. Number=14225
100205. Confirmed=X
100206. Filename=NopeZ.exe
100207. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100208. Source=Paul Collins Startup list
100209.  
100210. [[various names]]
100211. Number=14226
100212. Confirmed=X
100213. Filename=NsCplTray.exe
100214. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100215. Source=Paul Collins Startup list
100216.  
100217. [[various names]]
100218. Number=14227
100219. Confirmed=X
100220. Filename=NSYSCPLSTR.exe
100221. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100222. Source=Paul Collins Startup list
100223.  
100224. [[various names]]
100225. Number=14228
100226. Confirmed=X
100227. Filename=NukeSpan.exe
100228. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100229. Source=Paul Collins Startup list
100230.  
100231. [[various names]]
100232. Number=14229
100233. Confirmed=X
100234. Filename=openstre.exe
100235. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100236. Source=Paul Collins Startup list
100237.  
100238. [[various names]]
100239. Number=14230
100240. Confirmed=X
100241. Filename=panel_its.exe
100242. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100243. Source=Paul Collins Startup list
100244.  
100245. [[various names]]
100246. Number=14231
100247. Confirmed=X
100248. Filename=ParisM.exe
100249. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100250. Source=Paul Collins Startup list
100251.  
100252. [[various names]]
100253. Number=14232
100254. Confirmed=X
100255. Filename=pizda.exe
100256. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100257. Source=Paul Collins Startup list
100258.  
100259. [[various names]]
100260. Number=14233
100261. Confirmed=X
100262. Filename=powerdll.exe
100263. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100264. Source=Paul Collins Startup list
100265.  
100266. [[various names]]
100267. Number=14234
100268. Confirmed=X
100269. Filename=PrcIdle.exe
100270. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100271. Source=Paul Collins Startup list
100272.  
100273. [[various names]]
100274. Number=14235
100275. Confirmed=X
100276. Filename=prcmon.exe
100277. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100278. Source=Paul Collins Startup list
100279.  
100280. [[various names]]
100281. Number=14236
100282. Confirmed=X
100283. Filename=Preliminary.exe
100284. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100285. Source=Paul Collins Startup list
100286.  
100287. [[various names]]
100288. Number=14237
100289. Confirmed=X
100290. Filename=prgsys0984.exe
100291. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100292. Source=Paul Collins Startup list
100293.  
100294. [[various names]]
100295. Number=14238
100296. Confirmed=X
100297. Filename=progmen.exe
100298. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100299. Source=Paul Collins Startup list
100300.  
100301. [[various names]]
100302. Number=14239
100303. Confirmed=X
100304. Filename=qwe.exe
100305. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100306. Source=Paul Collins Startup list
100307.  
100308. [[various names]]
100309. Number=14240
100310. Confirmed=X
100311. Filename=RtlFindVal.exe
100312. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100313. Source=Paul Collins Startup list
100314.  
100315. [[various names]]
100316. Number=14241
100317. Confirmed=X
100318. Filename=SAPSTR.exe
100319. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100320. Source=Paul Collins Startup list
100321.  
100322. [[various names]]
100323. Number=14242
100324. Confirmed=X
100325. Filename=sbin.exe
100326. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100327. Source=Paul Collins Startup list
100328.  
100329. [[various names]]
100330. Number=14243
100331. Confirmed=X
100332. Filename=scanSYS.exe
100333. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100334. Source=Paul Collins Startup list
100335.  
100336. [[various names]]
100337. Number=14244
100338. Confirmed=X
100339. Filename=Serviceprocess.exe
100340. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100341. Source=Paul Collins Startup list
100342.  
100343. [[various names]]
100344. Number=14245
100345. Confirmed=X
100346. Filename=SetupExeDll.exe
100347. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100348. Source=Paul Collins Startup list
100349.  
100350. [[various names]]
100351. Number=14246
100352. Confirmed=X
100353. Filename=Shaitan1678.exe
100354. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100355. Source=Paul Collins Startup list
100356.  
100357. [[various names]]
100358. Number=14247
100359. Confirmed=X
100360. Filename=slamm.exe
100361. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100362. Source=Paul Collins Startup list
100363.  
100364. [[various names]]
100365. Number=14248
100366. Confirmed=X
100367. Filename=sound64.exe
100368. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100369. Source=Paul Collins Startup list
100370.  
100371. [[various names]]
100372. Number=14249
100373. Confirmed=X
100374. Filename=SpyElim.exe
100375. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100376. Source=Paul Collins Startup list
100377.  
100378. [[various names]]
100379. Number=14250
100380. Confirmed=X
100381. Filename=srbho.exe
100382. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100383. Source=Paul Collins Startup list
100384.  
100385. [[various names]]
100386. Number=14251
100387. Confirmed=X
100388. Filename=ssweeper.exe
100389. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100390. Source=Paul Collins Startup list
100391.  
100392. [[various names]]
100393. Number=14252
100394. Confirmed=X
100395. Filename=StartCpl.exe
100396. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100397. Source=Paul Collins Startup list
100398.  
100399. [[various names]]
100400. Number=14253
100401. Confirmed=X
100402. Filename=startman.exe
100403. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100404. Source=Paul Collins Startup list
100405.  
100406. [[various names]]
100407. Number=14254
100408. Confirmed=X
100409. Filename=StatusCheck.exe
100410. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100411. Source=Paul Collins Startup list
100412.  
100413. [[various names]]
100414. Number=14255
100415. Confirmed=X
100416. Filename=stuffmon.exe
100417. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100418. Source=Paul Collins Startup list
100419.  
100420. [[various names]]
100421. Number=14256
100422. Confirmed=X
100423. Filename=sysconf16.exe
100424. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100425. Source=Paul Collins Startup list
100426.  
100427. [[various names]]
100428. Number=14257
100429. Confirmed=X
100430. Filename=SysEntry.exe
100431. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100432. Source=Paul Collins Startup list
100433.  
100434. [[various names]]
100435. Number=14258
100436. Confirmed=X
100437. Filename=sysmon12.exe
100438. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100439. Source=Paul Collins Startup list
100440.  
100441. [[various names]]
100442. Number=14259
100443. Confirmed=X
100444. Filename=syspanel.exe
100445. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100446. Source=Paul Collins Startup list
100447.  
100448. [[various names]]
100449. Number=14260
100450. Confirmed=X
100451. Filename=SysSupport.exe
100452. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100453. Source=Paul Collins Startup list
100454.  
100455. [[various names]]
100456. Number=14261
100457. Confirmed=X
100458. Filename=SYSTRAV.exe
100459. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100460. Source=Paul Collins Startup list
100461.  
100462. [[various names]]
100463. Number=14262
100464. Confirmed=X
100465. Filename=TemplateDongle.exe
100466. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100467. Source=Paul Collins Startup list
100468.  
100469. [[various names]]
100470. Number=14263
100471. Confirmed=X
100472. Filename=teqq32.exe
100473. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100474. Source=Paul Collins Startup list
100475.  
100476. [[various names]]
100477. Number=14264
100478. Confirmed=X
100479. Filename=Testimonials.exe
100480. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100481. Source=Paul Collins Startup list
100482.  
100483. [[various names]]
100484. Number=14265
100485. Confirmed=X
100486. Filename=TForm1.exe
100487. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100488. Source=Paul Collins Startup list
100489.  
100490. [[various names]]
100491. Number=14266
100492. Confirmed=X
100493. Filename=TorontoMail.exe
100494. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100495. Source=Paul Collins Startup list
100496.  
100497. [[various names]]
100498. Number=14267
100499. Confirmed=X
100500. Filename=Trayz.exe
100501. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100502. Source=Paul Collins Startup list
100503.  
100504. [[various names]]
100505. Number=14268
100506. Confirmed=X
100507. Filename=TRPT.exe
100508. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100509. Source=Paul Collins Startup list
100510.  
100511. [[various names]]
100512. Number=14269
100513. Confirmed=X
100514. Filename=trycrt.exe
100515. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100516. Source=Paul Collins Startup list
100517.  
100518. [[various names]]
100519. Number=14270
100520. Confirmed=X
100521. Filename=typeconf.exe
100522. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100523. Source=Paul Collins Startup list
100524.  
100525. [[various names]]
100526. Number=14271
100527. Confirmed=X
100528. Filename=Uint32.exe
100529. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100530. Source=Paul Collins Startup list
100531.  
100532. [[various names]]
100533. Number=14272
100534. Confirmed=X
100535. Filename=uio.exe
100536. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100537. Source=Paul Collins Startup list
100538.  
100539. [[various names]]
100540. Number=14273
100541. Confirmed=X
100542. Filename=UserSp1.exe
100543. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100544. Source=Paul Collins Startup list
100545.  
100546. [[various names]]
100547. Number=14274
100548. Confirmed=X
100549. Filename=utsgmon.exe
100550. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100551. Source=Paul Collins Startup list
100552.  
100553. [[various names]]
100554. Number=14275
100555. Confirmed=X
100556. Filename=vxdman.exe
100557. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100558. Source=Paul Collins Startup list
100559.  
100560. [[various names]]
100561. Number=14276
100562. Confirmed=X
100563. Filename=WhatsNewBot.exe
100564. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100565. Source=Paul Collins Startup list
100566.  
100567. [[various names]]
100568. Number=14277
100569. Confirmed=X
100570. Filename=WinInitDll.exe
100571. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100572. Source=Paul Collins Startup list
100573.  
100574. [[various names]]
100575. Number=14278
100576. Confirmed=X
100577. Filename=wormexe.exe
100578. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100579. Source=Paul Collins Startup list
100580.  
100581. [[various names]]
100582. Number=14279
100583. Confirmed=X
100584. Filename=WTFCTF.exe
100585. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100586. Source=Paul Collins Startup list
100587.  
100588. [[various names]]
100589. Number=14280
100590. Confirmed=X
100591. Filename=XTermInit.exe
100592. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100593. Source=Paul Collins Startup list
100594.  
100595. [[various names]]
100596. Number=14281
100597. Confirmed=X
100598. Filename=xwiz.exe
100599. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100600. Source=Paul Collins Startup list
100601.  
100602. [[various names]]
100603. Number=14282
100604. Confirmed=X
100605. Filename=xxtoolbar.exe
100606. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100607. Source=Paul Collins Startup list
100608.  
100609. [[various names]]
100610. Number=14283
100611. Confirmed=X
100612. Filename=zantu.exe
100613. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100614. Source=Paul Collins Startup list
100615.  
100616. [[various names]]
100617. Number=14284
100618. Confirmed=X
100619. Filename=zxc.exe
100620. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100621. Source=Paul Collins Startup list
100622.  
100623. [[various names]]
100624. Number=14285
100625. Confirmed=X
100626. Filename=ABCXYZ.exe
100627. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100628. Source=Paul Collins Startup list
100629.  
100630. [[various names]]
100631. Number=14286
100632. Confirmed=X
100633. Filename=dePloy.exe
100634. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100635. Source=Paul Collins Startup list
100636.  
100637. [[various names]]
100638. Number=14287
100639. Confirmed=X
100640. Filename=JAguAr.exe
100641. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100642. Source=Paul Collins Startup list
100643.  
100644. [[various names]]
100645. Number=14288
100646. Confirmed=X
100647. Filename=80d0.exe
100648. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
100649. Source=Paul Collins Startup list
100650.  
100651. [[various names]]
100652. Number=14289
100653. Confirmed=X
100654. Filename=exe81.exe
100655. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
100656. Source=Paul Collins Startup list
100657.  
100658. [[various names]]
100659. Number=14290
100660. Confirmed=X
100661. Filename=exe82.exe
100662. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
100663. Source=Paul Collins Startup list
100664.  
100665. [[various names]]
100666. Number=14291
100667. Confirmed=X
100668. Filename=MSTCPDLL.exe
100669. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Misc.WareOut&threatid=40280" target=_blank>Wareout</a> - malware masquerading as a spyware and dialer remover
100670. Source=Paul Collins Startup list
100671.  
100672. [[various names]]
100673. Number=14292
100674. Confirmed=X
100675. Filename=seli.exe
100676. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=MediaMotor&threatid=15001" target="_blank">MediaMotor</a> adware
100677. Source=Paul Collins Startup list
100678.  
100679. [\IEService.exe]
100680. Number=14293
100681. Confirmed=X
100682. Filename=IEService.exe
100683. Description=FastFind parasite variant
100684. Source=Paul Collins Startup list
100685.  
100686. [\Pribi.exe]
100687. Number=14294
100688. Confirmed=X
100689. Filename=Pribi.exe
100690. Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110218-2201-99" target=_blank>FastFind</a> adware variant
100691. Source=Paul Collins Startup list
100692.  
100693. [\SysInit]
100694. Number=14295
100695. Confirmed=X
100696. Filename=svchost.exe
100697. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojstartpabd.html" target=_blank>STARTPA-BD</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target=_blank>svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Common Files folder
100698. Source=Paul Collins Startup list
100699.  
100700. [\\TOOLS.exe]
100701. Number=14296
100702. Confirmed=X
100703. Filename=tools.exe
100704. Description=Lycos SideSearch/Fastfind.org adware
100705. Source=Paul Collins Startup list
100706.  
100707. [^`d}qZxu]
100708. Number=14297
100709. Confirmed=X
100710. Filename=~`d}qzxu3zYF
100711. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031915-3501-99" target="_blank">GAOBOT.GEN!POLY</a> WORM!
100712. Source=Paul Collins Startup list
100713.  
100714. [_AntiSpyware]
100715. Number=14298
100716. Confirmed=U
100717. Filename=MssCli.exe
100718. Description=Part of McAfee <a href="http://www.mcafee.com/us/smb/products/anti_spyware/anti_spyware.html" target=_blank>AntiSpyware</a>
100719. Source=Paul Collins Startup list
100720.  
100721. [_AntiSpyware]
100722. Number=14299
100723. Confirmed=U
100724. Filename=masalert.exe
100725. Description=Part of McAfee <a href="http://www.mcafee.com/us/smb/products/anti_spyware/anti_spyware.html" target=_blank>AntiSpyware</a>
100726.  
100727. Source=Paul Collins Startup list
100728.  
100729. [_Cat1]
100730. Number=14300
100731. Confirmed=X
100732. Filename=nmmst.exe
100733. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.SD" target="_blank">SMALL.SD</a> TROJAN!
100734. Source=Paul Collins Startup list
100735.  
100736. [_Cat2]
100737. Number=14301
100738. Confirmed=X
100739. Filename=nmstt.exe
100740. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldt.html" target=_blank>SMALL-DT</a> TROJAN!
100741. Source=Paul Collins Startup list
100742.  
100743. [_Cat3]
100744. Number=14302
100745. Confirmed=X
100746. Filename=msmsgrxp.exe
100747. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalldt.html" target=_blank>SMALL-DT</a> downloader TROJAN
100748. Source=Paul Collins Startup list
100749.  
100750. [_Cat4]
100751. Number=14303
100752. Confirmed=X
100753. Filename=msmsgr2.exe
100754. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmalleb.html" target=_blank>SMALL-EB</a> TROJAN!
100755. Source=Paul Collins Startup list
100756.  
100757. [_Hazafibb]
100758. Number=14304
100759. Confirmed=X
100760. Filename=[path to file]
100761. Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.B" target="_blank">ZAFI.B</a> WORM!
100762. Source=Paul Collins Startup list
100763.  
100764. [_mzu_stonedrv2]
100765. Number=14305
100766. Confirmed=X
100767. Filename=_mzu_stonedrv2.exe
100768. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">DWNLDR-FTB</a> TROJAN!
100769. Source=Paul Collins Startup list
100770.  
100771. [_mzu_stonedrv3]
100772. Number=14306
100773. Confirmed=X
100774. Filename=_mzu_stonedrv3.exe
100775. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">DWNLDR-FTB</a> TROJAN!
100776. Source=Paul Collins Startup list
100777.  
100778. [_mzu_stonedrv7]
100779. Number=14307
100780. Confirmed=Y
100781. Filename=_mzu_stonedrv7.exe
100782. Description=Added by a variant of the <a href="http://www.sophos.com/virusinfo/analyses/trojdwnldrftb.html" target="_blank">FTB</a> TROJAN!
100783. Source=Paul Collins Startup list
100784.  
100785. [_ntrdlhost]
100786. Number=14308
100787. Confirmed=X
100788. Filename=_Ntrdlhost.exe
100789. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html" target= blank>DLOADER-JV</a> TROJAN!
100790. Source=Paul Collins Startup list
100791.  
100792. [_ntrRescueService]
100793. Number=14309
100794. Confirmed=X
100795. Filename=_ntrrs.exe
100796. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html" target= blank>DLOADER-JV</a> TROJAN!
100797. Source=Paul Collins Startup list
100798.  
100799. [_pnd_Panda Antivirus]
100800. Number=14310
100801. Confirmed=X
100802. Filename=_pnd_*****.exe [* = random char/digit]
100803. Description=Added by the AGENT.NAK TROJAN!
100804. Source=Paul Collins Startup list
100805.  
100806. [_Setv]
100807. Number=14311
100808. Confirmed=X
100809. Filename=Setv.com
100810. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-100415-3108-99" target=_blank>BESAM</a> WORM!
100811. Source=Paul Collins Startup list
100812.  
100813. [_svchost.con]
100814. Number=14312
100815. Confirmed=X
100816. Filename=svchost.com
100817. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-102721-4657-99" target=_blank>ERKEZ.C</a> WORM!
100818. Source=Paul Collins Startup list
100819.  
100820. [_SystemBoot]
100821. Number=14313
100822. Confirmed=X
100823. Filename=services.exe
100824. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsoberq.html" target= blank>SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
100825. Source=Paul Collins Startup list
100826.  
100827. [_SystemDriver]
100828. Number=14314
100829. Confirmed=X
100830. Filename=csrss.exe
100831. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-033116-3150-99" target="_blank">ASCETIC.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a \addins\explorer subfolder of the Winnt or Windows folder
100832. Source=Paul Collins Startup list
100833.  
100834. [_System_Run]
100835. Number=14315
100836. Confirmed=X
100837. Filename=_svchost_.exe
100838. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojlineagez.html" target=_blank>LINEAGE-Z</a> TROJAN!
100839. Source=Paul Collins Startup list
100840.  
100841. [_tdiserv_]
100842. Number=14316
100843. Confirmed=X
100844. Filename=_tdicli_.exe
100845. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-062209-1757-99" target=_blank>TDISERV.A</a> WORM!
100846. Source=Paul Collins Startup list
100847.  
100848. [_winadm]
100849. Number=14317
100850. Confirmed=U
100851. Filename=winadm.exe
100852. Description=<a href="http://people.freenet.de/winadm/anleitung_eng.htm" target="_blank">Parents Friend</a> - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"
100853. Source=Paul Collins Startup list
100854.  
100855. [_WinCheck]
100856. Number=14318
100857. Confirmed=X
100858. Filename=services.exe
100859. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111511-0644-99" target=_blank>SOBER.V</a> WORM!
100860. Source=Paul Collins Startup list
100861.  
100862. [_WinData]
100863. Number=14319
100864. Confirmed=X
100865. Filename=services.exe
100866. Description=Added by the <a href="http://www.f-secure.com/v-descs/email-worm_w32_sober_aa.shtml" target="_blank">SOBER.AA</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "PoolData" subfolder of the Windows or Winnt folder
100867. Source=Paul Collins Startup list
100868.  
100869. [_Windows]
100870. Number=14320
100871. Confirmed=X
100872. Filename=services.exe
100873. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target=_blank>SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
100874. Source=Paul Collins Startup list
100875.  
100876. [_WinMain]
100877. Number=14321
100878. Confirmed=X
100879. Filename=winexec.exe
100880. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojdloaderxx.html" target=_blank>DLOADER-XX</a> TROJAN!
100881. Source=Paul Collins Startup list
100882.  
100883. [_WinStart]
100884. Number=14322
100885. Confirmed=X
100886. Filename=services.exe
100887. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
100888. Source=Paul Collins Startup list
100889.  
100890. [_winsystem.sys]
100891. Number=14323
100892. Confirmed=X
100893. Filename=smss.exe
100894. Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target=_blank>SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target=_blank>lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
100895. Source=Paul Collins Startup list
100896.  
100897. [_x-Finder]
100898. Number=14324
100899. Confirmed=X
100900. Filename=_x-Finder.exe
100901. Description=Disconnects and redials an ISP modem to an adult content site
100902. Source=Paul Collins Startup list
100903.  
100904. [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
100905. Number=14325
100906. Confirmed=U
100907. Filename=gnotify.exe
100908. Description=Google <a href="http://mail.google.com/mail/help/notifier/notifier_windows.html" target="_blank">Gmail Notifier</a>. Alerts you when you have new Gmail messages
100909. Source=Paul Collins Startup list
100910.  
100911. [{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
100912. Number=14326
100913. Confirmed=U
100914. Filename=PBKScheduler.exe
100915. Description=Scheduler for CyberLink <a href="http://www.cyberlink.com/multi/products/main_29_ENU.html" target=_blank>PowerBackup</a> - archiving/backup utility
100916. Source=Paul Collins Startup list
100917.  
100918. [{12EE7A5E-0674-42f9-A76B-000000004D00}]
100919. Number=14327
100920. Confirmed=X
100921. Filename=rundll32.exe [path] stlb2.dll, DllRunMain
100922. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
100923. Source=Paul Collins Startup list
100924.  
100925. [{1C-CC-C5-54-ZN}]
100926. Number=14328
100927. Confirmed=X
100928. Filename=dwdsregt.exe
100929. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
100930. Source=Paul Collins Startup list
100931.  
100932. [{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
100933. Number=14329
100934. Confirmed=X
100935. Filename=rundll32.exe stlbdist.dll, DllRunMain
100936. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
100937. Source=Paul Collins Startup list
100938.  
100939. [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}]
100940. Number=14330
100941. Confirmed=X
100942. Filename=rundll32.exe stlbupdt.DLL, DllRunMain
100943. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
100944. Source=Paul Collins Startup list
100945.  
100946. [{2F-FF-F4-4C-ZN}]
100947. Number=14331
100948. Confirmed=X
100949. Filename=omdsregk.exe
100950. Description=<a href="http://virusinfo.prevx.com/pxparall.asp?PXC=a44b38614297" target="_blank">ZenoSearch</a> adware
100951. Source=Paul Collins Startup list
100952.  
100953. [{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
100954. Number=14332
100955. Confirmed=X
100956. Filename=[path to svchost.exe]
100957. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallaq.html" target="_blank">SMALL-AQ</a> TROJAN!
100958. Source=Paul Collins Startup list
100959.  
100960. [{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
100961. Number=14333
100962. Confirmed=X
100963. Filename=services.exe
100964. Description=Added by <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99&tabid=1" target=_blank>FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
100965. Source=Paul Collins Startup list
100966.  
100967. [{357AA41A-B7A8-4632-A27D-5B980B25CF43}]
100968. Number=14334
100969. Confirmed=X
100970. Filename=[path to trojan]
100971. Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/trojsmallep.html" target=_blank>SMALL-EP</a> TROJAN!
100972. Source=Paul Collins Startup list
100973.  
100974. [{8C-C4-4A-A4-ZN}]
100975. Number=14335
100976. Confirmed=X
100977. Filename=dwdsregt.exe
100978. Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094810" target="_blank">ZenoSearch</a> adware
100979. Source=Paul Collins Startup list
100980.  
100981. [{A70F6A1D-0195-42a2-934C-D8AC0F7C08EB}]
100982. Number=14336
100983. Confirmed=X
100984. Filename=rundll32.exe E6F1873B.DLL, D9EBC318C
100985. Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware
100986. Source=Paul Collins Startup list
100987.  
100988. [╡Torrent]
100989. Number=14337
100990. Confirmed=U
100991. Filename=utorrent.exe
100992. Description=<a href="http://www.utorrent.com/" target="_blank">╡Torrent</a> - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
100993. Source=Paul Collins Startup list
100994.  
100995.