[] Number=1 Confirmed=X Filename=system32.exe Description=Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=2 Confirmed=X Filename=pathex.exe Description=Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=3 Confirmed=X Filename=svchost.exe Description=Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=4 Confirmed=X Filename=MSPF.EXE Description=Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=5 Confirmed=X Filename=dllvirtual.exe Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=6 Confirmed=X Filename=dllvirtual.dll Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=7 Confirmed=X Filename=dllvirtual.js Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=8 Confirmed=X Filename=ajsha5.exe Description=Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=9 Confirmed=X Filename=ne.exe Description=Added by the IRCBOT-ZL TROJAN! Source=Paul Collins Startup list [ SystemBoot] Number=10 Confirmed=X Filename=services.exe Description=Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder Source=Paul Collins Startup list [ WinCheck] Number=11 Confirmed=X Filename=services.exe Description=Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder Source=Paul Collins Startup list [ Windows] Number=12 Confirmed=X Filename=services.exe Description=Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder Source=Paul Collins Startup list [ WinStart] Number=13 Confirmed=X Filename=services.exe Description=Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder Source=Paul Collins Startup list [ winsystem.sys] Number=14 Confirmed=X Filename=smss.exe Description=Added by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [!1_pgaccount] Number=15 Confirmed=Y Filename=pgaccount.exe Description=DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly Source=Paul Collins Startup list [!1_ProcessGuard_Startup] Number=16 Confirmed=Y Filename=procguard.exe Description=DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks Source=Paul Collins Startup list [!AVG Anti-Spyware] Number=17 Confirmed=U Filename=avgas.exe Description=Part of AVG Anti-Spyware from Grisoft Source=Paul Collins Startup list [!ewido] Number=18 Confirmed=U Filename=ewido.exe Description=Part of Ewido anti-spyware Source=Paul Collins Startup list [!NoLoad] Number=19 Confirmed=N Filename=winrecon.exe Description=WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [$EnterNet] Number=20 Confirmed=? Filename=Enternet.exe Description=Connection manager for the EnterNet ISP. You can also use RASPPOE Source=Paul Collins Startup list [$sys$cmp] Number=21 Confirmed=X Filename=$sys$xp.exe Description=Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Source=Paul Collins Startup list [$sys$crash] Number=22 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$crash] Number=23 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$crash] Number=24 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$drv] Number=25 Confirmed=X Filename=$sys$drv.exe Description=Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Source=Paul Collins Startup list [$sys$momomomochin] Number=26 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$momomomochin] Number=27 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$momomomochin] Number=28 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=29 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=30 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=31 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$Volumouse$] Number=32 Confirmed=U Filename=volumouse.exe Description=Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" Source=Paul Collins Startup list [$WindowsRegKey%update] Number=33 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [%cmpmixtitle%] Number=34 Confirmed=N Filename=%cmpmixstr% Description=Possibly related to C-Media Mixer Control panel? Source=Paul Collins Startup list [%FP%012-L2TP fts.exe] Number=35 Confirmed=N Filename=fts.exe Description=012.Net.il Israeli ISP software front-end Source=Paul Collins Startup list [%FP%012-L2TP FWPortal.exe] Number=36 Confirmed=U Filename=FWPortal.exe Description=012.Net.il Israeli ISP dial-up software Source=Paul Collins Startup list [%FP%1776 Internet fts.exe] Number=37 Confirmed=N Filename=fts.exe Description=1776 Internet US ISP software ISP software front-end Source=Paul Collins Startup list [%FP%1776 Internet FWPortal.exe] Number=38 Confirmed=U Filename=FWPortal.exe Description=1776 Internet US ISP dial-up software Source=Paul Collins Startup list [%FP%AIRTEL fts.exe] Number=39 Confirmed=N Filename=fts.exe Description=Bharti Airtel Broadband - Indian ISP software front-end Source=Paul Collins Startup list [%FP%Barak013 fts.exe] Number=40 Confirmed=N Filename=fts.exe Description=Barak013 Israeli ISP software front-end Source=Paul Collins Startup list [%FP%Barak013 FWPortal.exe] Number=41 Confirmed=U Filename=FWPortal.exe Description=Barak013 Israeli ISP dial-up software Source=Paul Collins Startup list [%FP%Friendly fts.exe] Number=42 Confirmed=N Filename=fts.exe Description=Friendly ISP software front-end Source=Paul Collins Startup list [\NvCpTDaemon] Number=43 Confirmed=X Filename=wuauqmr.exe Description=Added by the CULT-B WORM! Source=Paul Collins Startup list [µTorrent] Number=44 Confirmed=U Filename=utorrent.exe Description=µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients Source=Paul Collins Startup list [(*)API Machine] Number=45 Confirmed=X Filename=winSOCKS.exe Description=Homepage hijacker, see here (* = any digit) Source=Paul Collins Startup list [(*)Run] Number=46 Confirmed=X Filename=win32API.exe Description=Homepage hijacker, see here (* = any digit) Source=Paul Collins Startup list [(Default)] Number=47 Confirmed=X Filename=media_driver.exe Description=Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=48 Confirmed=X Filename=Shania.vbs Description=Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=49 Confirmed=X Filename=NOTEPAD.exe Description=Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=50 Confirmed=X Filename=[random filename].exe Description=Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=51 Confirmed=X Filename=twunk_32.exe Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=52 Confirmed=X Filename=winhelp.exe Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=53 Confirmed=X Filename=spolsvr2.exe Description=Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=54 Confirmed=X Filename=winbas12.exe Description=Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=55 Confirmed=X Filename=Systrsy.exe Description=Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=56 Confirmed=X Filename=llsass.exe Description=Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=57 Confirmed=X Filename=syspol.exe Description=Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=58 Confirmed=X Filename=winlog.exe Description=Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(default)] Number=59 Confirmed=X Filename=rundll32.exe [path to DLL file], Do98Work Description=Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [(Default)] Number=60 Confirmed=X Filename=winligom.exe Description=Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=61 Confirmed=X Filename=5640.exe Description=Added by the DOWNLD-ABF TROJAN! Source=Paul Collins Startup list [(Default)] Number=62 Confirmed=X Filename=QQUpdate.exe Description=Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=63 Confirmed=X Filename=Mcafee.exe Description=Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=64 Confirmed=X Filename=fada.exe Description=Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(L4r1$$4) (4nt1) (V1ruz)] Number=65 Confirmed=X Filename=SP00Lsv32.pif Description=Added by the ASSIRAL.B WORM! Source=Paul Collins Startup list [*Bandook] Number=66 Confirmed=X Filename=msdll.exe Description=Added by an unidentified TROJAN - see here Source=Paul Collins Startup list [*JanisRuckenbrodII] Number=67 Confirmed=X Filename=janis.com Description=Added by the POPS WORM! Source=Paul Collins Startup list [*Microsoft Update] Number=68 Confirmed=X Filename=ctxma.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=69 Confirmed=X Filename=cxma.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=70 Confirmed=X Filename=wstcl.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=71 Confirmed=X Filename=wucxt.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=72 Confirmed=X Filename=wuytc.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*MS Setup] Number=73 Confirmed=X Filename=[random filename] Description=Virtumondo adware, also known as the VUNDO TROJAN! Source=Paul Collins Startup list [*MSConfig32] Number=74 Confirmed=X Filename=aecache.exe Description=Detected by F-secure as the OBFUSCATED.GP TROJAN! Source=Paul Collins Startup list [*Restore] Number=75 Confirmed=Y Filename=rstrui.exe Description=Part of Windows System Restore and added as a RunOnce registry entry. Leave alone Source=Paul Collins Startup list [*Security Center] Number=76 Confirmed=X Filename=secctr.exe Description=Added by the SDBOT.BRO WORM! Source=Paul Collins Startup list [*StateMgr] Number=77 Confirmed=Y Filename=statemgr.exe Description=Windows ME default for System Restore. Do NOT disable! Source=Paul Collins Startup list [*WerKernelReporting] Number=78 Confirmed=N Filename=WerFault.exe Description=Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here Source=Paul Collins Startup list [*windows update] Number=79 Confirmed=X Filename=wrauclt.exe Description=Added by the RBOT-QU WORM! Source=Paul Collins Startup list [*windows update] Number=80 Confirmed=X Filename=wuanclt.exe Description=Added by the RBOT-PG WORM! Source=Paul Collins Startup list [*windows update] Number=81 Confirmed=X Filename=wuaucrlt.exe Description=Added by the SPYBOT.HUR WORM! Source=Paul Collins Startup list [*windows update] Number=82 Confirmed=X Filename=wuraclt.exe Description=Added by the RBOT-PO WORM! Source=Paul Collins Startup list [*windows update] Number=83 Confirmed=X Filename=wurauclt.exe Description=Added by the RBOT-SY WORM! Source=Paul Collins Startup list [*windows update] Number=84 Confirmed=X Filename=wsctl.exe Description=Added by the SPYBOT.PR WORM! Source=Paul Collins Startup list [*windows update] Number=85 Confirmed=X Filename=wkmst.exe Description=Added by the SDBOT.AVD WORM! Source=Paul Collins Startup list [*windows update] Number=86 Confirmed=X Filename=wscxt.exe Description=Added by the RBOT.AOS WORM! Source=Paul Collins Startup list [*windows update] Number=87 Confirmed=X Filename=waurclt.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [*Windows [filename] Checker] Number=88 Confirmed=X Filename=[filename] Description=Added by the KEDEBE-B WORM! Source=Paul Collins Startup list [*WindowsAudio] Number=89 Confirmed=X Filename=systemupd.exe Description=Added by the AGENT-TH WORM! Source=Paul Collins Startup list [*WinLogon] Number=90 Confirmed=X Filename=[trojan path] ren time:[random number] Description=Added by the VUNDO TROJAN! Source=Paul Collins Startup list [*winstats] Number=91 Confirmed=X Filename=winstats.exe Description=Added by the GARGAFX TROJAN! Source=Paul Collins Startup list [*wuauclt.exe] Number=92 Confirmed=X Filename=w****.exe [* = random char] Description=Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... Source=Paul Collins Startup list [,main drive Loader] Number=93 Confirmed=X Filename=wininfo.exe Description=Suspected malware as it appears in 3 different registry locations - see here Source=Paul Collins Startup list [-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+] Number=94 Confirmed=X Filename=ISASS.exe Description=Added by the ASSIRAL.B WORM! Source=Paul Collins Startup list [-FreedomNeedsReboot] Number=95 Confirmed=Y Filename=ZkRunOnceR.exe Description=Internet Security Suite used by ISPs to protect customers against many attacks Source=Paul Collins Startup list [..] Number=96 Confirmed=X Filename=ABC2007.exe Description=Added by the DLOADR-ASH TROJAN! Source=Paul Collins Startup list [.mscdr] Number=97 Confirmed=X Filename=lassa.exe Description=Added by the WEBUS.C TROJAN! Source=Paul Collins Startup list [.mscdr] Number=98 Confirmed=X Filename=lsvchost.exe Description=Added by the WEBUS.D TROJAN! Source=Paul Collins Startup list [.mscdsr] Number=99 Confirmed=X Filename=lsvchost.exe Description=Added by the CR TROJAN! Source=Paul Collins Startup list [.mscsbl] Number=100 Confirmed=X Filename=svhost.exe Description=Added by the CMQ TROJAN! Source=Paul Collins Startup list [.msfupdate] Number=101 Confirmed=X Filename=msveup.exe Description=Added by the ALLOCUP.A WORM! Source=Paul Collins Startup list [.mssecure] Number=102 Confirmed=X Filename=mssecure.exe Description=Added by the DDOS_BOXED.X TROJAN! Source=Paul Collins Startup list [.NET config] Number=103 Confirmed=? Filename=sysmon32.exe Description=?? Source=Paul Collins Startup list [.NET.] Number=104 Confirmed=X Filename=msnmgnr.exe Description=Added by the DELF.AYF WORM! Source=Paul Collins Startup list [.norton] Number=105 Confirmed=X Filename=rchost.exe Description=Added by the BOXED-H TROJAN! Source=Paul Collins Startup list [.nvsvc] Number=106 Confirmed=X Filename=smss.exe Description=Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.nvsvcb] Number=107 Confirmed=X Filename=smssb.exe Description=Added by the BOXED.CG TROJAN! Source=Paul Collins Startup list [.Prog] Number=108 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [.Prog] Number=109 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [.protected] Number=110 Confirmed=X Filename=N/A Description=Smitfraud variant Source=Paul Collins Startup list [.svchost] Number=111 Confirmed=N Filename=PALNETAW~1.EXE Description=Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start → Programs. Delete the shortcut in Start → Programs → StartUp as well otherwise it will be reinstated Source=Paul Collins Startup list [.TEXTCONV] Number=112 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.TEXTCONV] Number=113 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [.WMAudio] Number=114 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.WMAudio] Number=115 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [/l:eng] Number=116 Confirmed=N Filename=N/A Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function Source=Paul Collins Startup list [000] Number=117 Confirmed=U Filename=pit.exe Description=PrivateEye surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [000hpdllhos] Number=118 Confirmed=X Filename=hpdllhost.exe Description=LZIO.com adware downloader Source=Paul Collins Startup list [000StTHK] Number=119 Confirmed=U Filename=000StTHK.exe Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) Source=Paul Collins Startup list [0050726-007-i32-1] Number=120 Confirmed=X Filename=0050726-007-i32-1.exe Description=Added by the BANCBAN-EC TROJAN! Source=Paul Collins Startup list [00DSKSVR00] Number=121 Confirmed=? Filename=desksaver.exe Description=Related to Advanced Desktop Shield Source=Paul Collins Startup list [00DSKSVR01] Number=122 Confirmed=? Filename=desksaver.exe Description=Related to Advanced Desktop Shield Source=Paul Collins Startup list [00PCTFW] Number=123 Confirmed=Y Filename=FirewallGUI.exe Description=PC Tools Firewall Plus - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network" Source=Paul Collins Startup list [00TCrdMain] Number=124 Confirmed=Y Filename=TCrdMain.exe Description=Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards Source=Paul Collins Startup list [00THotkey] Number=125 Confirmed=U Filename=00THotKey.exe Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. Source=Paul Collins Startup list [00THotkey] Number=126 Confirmed=U Filename=system32THotkey.exe Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev Source=Paul Collins Startup list [0190 Warner] Number=127 Confirmed=U Filename=WARN0190.EXE Description=Anti-dialer program (Germany) Source=Paul Collins Startup list [0900 Warner] Number=128 Confirmed=U Filename=WARN0900.EXE Description=Anti-dialer program (Germany) Source=Paul Collins Startup list [0mcamcap] Number=129 Confirmed=X Filename=0mcamcap.exe Description=Added by the COSIAM-H TROJAN! Source=Paul Collins Startup list [0utlook Express] Number=130 Confirmed=X Filename=*****.exe [* = random char] Description=Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" Source=Paul Collins Startup list [1] Number=131 Confirmed=X Filename=1.exe Description=Added by the ESTEEMS TROJAN! Source=Paul Collins Startup list [1] Number=132 Confirmed=X Filename=lsass.scr Description=Added by the BANCOS.V TROJAN! Source=Paul Collins Startup list [1] Number=133 Confirmed=X Filename=svchost.scr Description=Added by the BANCOS.X TROJAN! Source=Paul Collins Startup list [1] Number=134 Confirmed=X Filename=mrcmgr.exe Description=Detected by Kaspersky as the BANKER.RQK TROJAN! See here Source=Paul Collins Startup list [1&1 EasyLogin] Number=135 Confirmed=N Filename=EasyLogin.exe Description=1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray Source=Paul Collins Startup list [101Clips] Number=136 Confirmed=U Filename=101Clips.exe Description=101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" Source=Paul Collins Startup list [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] Number=137 Confirmed=X Filename=sysockeu.exe Description=Detected by McAfee as the FAKEALERT-AH TROJAN! See here Source=Paul Collins Startup list [1111swapmgr.exe] Number=138 Confirmed=X Filename=1111swapmgr.exe Description=Added by the IC TROJAN! Source=Paul Collins Startup list [123456] Number=139 Confirmed=X Filename=rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl Description=Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number Source=Paul Collins Startup list [1234klsjdc uiar924c af] Number=140 Confirmed=X Filename=sxgnsvuxct.exe Description=Detected by McAfee as the FAKEALERT-AM TROJAN! See here Source=Paul Collins Startup list [1234klsjdc uiar924c af] Number=141 Confirmed=X Filename=sysvtypkbjx.exe Description=Detected by McAfee as the FAKEALERT-AM TROJAN! See here Source=Paul Collins Startup list [12Ghosts Backup] Number=142 Confirmed=U Filename=12backup.exe Description=12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" Source=Paul Collins Startup list [12Ghosts Clip] Number=143 Confirmed=U Filename=12clip.exe Description=12Ghosts Clip - "Screen shots made easy" Source=Paul Collins Startup list [12Ghosts JustAWindow] Number=144 Confirmed=U Filename=12window.exe Description=12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" Source=Paul Collins Startup list [12Ghosts Popup-Killer] Number=145 Confirmed=U Filename=12popup.exe Description=12Ghosts Popup-Killer Source=Paul Collins Startup list [12Ghosts SaveLayout] Number=146 Confirmed=U Filename=12autosl.exe Description=12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" Source=Paul Collins Startup list [12Ghosts SetColor] Number=147 Confirmed=U Filename=12color.exe Description=12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" Source=Paul Collins Startup list [12Ghosts ShowTime] Number=148 Confirmed=U Filename=12showtime.exe Description=12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" Source=Paul Collins Startup list [12Ghosts Synchronize] Number=149 Confirmed=U Filename=12sync.exe Description=12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" Source=Paul Collins Startup list [12Ghosts Tower] Number=150 Confirmed=U Filename=12tower.exe Description=12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" Source=Paul Collins Startup list [12Ghosts TrayProtect] Number=151 Confirmed=U Filename=12srvc.exe Description=12Ghosts TrayProtect - "Hide tray icons, restore after a crash" Source=Paul Collins Startup list [12Ghosts Wash] Number=152 Confirmed=U Filename=12wash.exe Description=12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" Source=Paul Collins Startup list [12Voip] Number=153 Confirmed=N Filename=12Voip.exe Description=12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [17779Proj2002] Number=154 Confirmed=? Filename=N/A Description=?? Source=Paul Collins Startup list [180adsolution] Number=155 Confirmed=X Filename=180adsolution.exe Description=NCase adware Source=Paul Collins Startup list [180ax] Number=156 Confirmed=X Filename=180ax.exe Description=NCase adware Source=Paul Collins Startup list [180ClientStubInstall] Number=157 Confirmed=X Filename=stubinstaller****.exe [* = digit] Description=180Solutions adware related Source=Paul Collins Startup list [180ClientStubInstall] Number=158 Confirmed=X Filename=[path to trojan] Description=180Solutions adware related Source=Paul Collins Startup list [180ClientStubInstall] Number=159 Confirmed=X Filename=******.tmp [* = random digit/char] Description=180Solutions adware related Source=Paul Collins Startup list [1916435341.exe] Number=160 Confirmed=X Filename=1916435341.exe Description=Added by the DLOADR-AXU TROJAN! Source=Paul Collins Startup list [196_150_ni] Number=161 Confirmed=X Filename=196_150_ni.exe Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here Source=Paul Collins Startup list [197_150_ni_3] Number=162 Confirmed=X Filename=197_150_ni_3.exe Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here Source=Paul Collins Startup list [1:] Number=163 Confirmed=N Filename=hpdrv.exe Description=HP utility for monitoring when and how many recoveries have been done Source=Paul Collins Startup list [1A:MacVisionTrayMonitor] Number=164 Confirmed=N Filename=TrayMonitor.exe Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) Source=Paul Collins Startup list [1A:Stardock MCP] Number=165 Confirmed=Y Filename=mcpserver.exe Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications Source=Paul Collins Startup list [1A:Stardock TrayMonitor] Number=166 Confirmed=Y Filename=TrayServer.exe Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX Source=Paul Collins Startup list [1CmailS] Number=167 Confirmed=? Filename=NETMAIL.EXE Description=?? Source=Paul Collins Startup list [1on1] Number=168 Confirmed=X Filename=1on1.exe Description=Adult content dialler Source=Paul Collins Startup list [1Srv32] Number=169 Confirmed=U Filename=SpyAgent4.exe Description=SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." Source=Paul Collins Startup list [1u7] Number=170 Confirmed=X Filename=1u7.exe Description=Added by the MURBAC-A TROJAN! Source=Paul Collins Startup list [1Win32Cfg] Number=171 Confirmed=U Filename=SpyBuddy.exe Description=SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [1Win32Cfg] Number=172 Confirmed=U Filename=Keyloggerpro.exe Description=Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [1WinCfg32] Number=173 Confirmed=X Filename=WebMailSpy.exe Description=WebMailSpy spyware Source=Paul Collins Startup list [2020Downloader] Number=174 Confirmed=X Filename=mssvr.exe Description=2020Search Toolbar Source=Paul Collins Startup list [2177F056-0AA6-4D6C-A944-13F71F341C29] Number=175 Confirmed=X Filename=sysokuaw.exe Description=Detected by McAfee as the FAKEALERT-AH TROJAN! See here Source=Paul Collins Startup list [24Online Client] Number=176 Confirmed=U Filename=CyberoamClient.exe Description=Related to Cyberroam from Elitecore Technologies Ltd Source=Paul Collins Startup list [252] Number=177 Confirmed=X Filename=winmgr.exe Description=Added by the LEGMIR-AT TROJAN! Source=Paul Collins Startup list [27] Number=178 Confirmed=X Filename=slsorve.exe Description=Added by the SLSORVE-A TROJAN! Source=Paul Collins Startup list [27] Number=179 Confirmed=X Filename=csrss32.exe Description=Added by the SLSORVE-D TROJAN! Source=Paul Collins Startup list [27] Number=180 Confirmed=X Filename=msm32.exe Description=Added by the SLSORVE-E TROJAN! Source=Paul Collins Startup list [2Search] Number=181 Confirmed=X Filename=main.exe Description=2Search adware Source=Paul Collins Startup list [2thousandbuck] Number=182 Confirmed=X Filename=[path to file] Description=Added by the RANKY.L TROJAN! Source=Paul Collins Startup list [2wSysTray] Number=183 Confirmed=U Filename=2portalmon.exe Description=2Wire Homeportal user interface Source=Paul Collins Startup list [32-bit Thunking service] Number=184 Confirmed=X Filename=thunk32.exe Description=Added by the DERDERO.A WORM! Source=Paul Collins Startup list [333] Number=185 Confirmed=X Filename=svchost.exe Description=Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory Source=Paul Collins Startup list [36X Raid Configurer] Number=186 Confirmed=Y Filename=JMRaidSetup.exe Description=JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers Source=Paul Collins Startup list [388529725448] Number=187 Confirmed=X Filename=AutomaticUpdates.exe Description=Added by the SDBOT-DEN WORM! Source=Paul Collins Startup list [39ELTFH25Z8SKF] Number=188 Confirmed=? Filename=Ezg1q5.exe Description=Seems to be associated with software by Resplendence SP ? Source=Paul Collins Startup list [3c1807pd] Number=189 Confirmed=Y Filename=3cmlink.exe 3cpipe-3c1807pd Description=3Com WinModem driver. See here for more WinModem information Source=Paul Collins Startup list [3capplnk] Number=190 Confirmed=Y Filename=3capplnk.exe Description=US Robotics Modem driver Source=Paul Collins Startup list [3cdminic] Number=191 Confirmed=N Filename=3CDMINIC.EXE Description=3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Source=Paul Collins Startup list [3CM Link] Number=192 Confirmed=Y Filename=3cmcnkw.exe Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it Source=Paul Collins Startup list [3Cmlink] Number=193 Confirmed=Y Filename=3CmlinkW.exe Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information Source=Paul Collins Startup list [3ComDMIAgent] Number=194 Confirmed=N Filename=3CDMINIC.EXE Description=3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Source=Paul Collins Startup list [3cpipe-USRpdA] Number=195 Confirmed=Y Filename=USRmlnkA.exe Description=Modem driver files from US Robotics Source=Paul Collins Startup list [3D Text] Number=196 Confirmed=X Filename=3D Text.scr Description=Added by the JERMY.A WORM! Source=Paul Collins Startup list [3Deep Control Panel] Number=197 Confirmed=U Filename=3DeepCTL.EXE Description=Now superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games Source=Paul Collins Startup list [3Dfx Acc] Number=198 Confirmed=X Filename=GFXACC.EXE Description=Added by the GIBE WORM! Source=Paul Collins Startup list [3dfx Task Manager] Number=199 Confirmed=N Filename=3dfxMan.exe Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs Source=Paul Collins Startup list [3dfx Tools] Number=200 Confirmed=Y Filename=3dfxCmn.dll Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards Source=Paul Collins Startup list [3dfxv2ps.dll] Number=201 Confirmed=Y Filename=3dfxv2ps.dll Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards Source=Paul Collins Startup list [3Dlabs Taskbar Display Manager] Number=202 Confirmed=? Filename=3DLman.exe Description=3DLabs graphics driver related. System Tray access to display settings? Source=Paul Collins Startup list [3DLabsHelperDemon] Number=203 Confirmed=U Filename=3dldemon.exe Description=Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled Source=Paul Collins Startup list [3DMouse.EXE] Number=204 Confirmed=Y Filename=3DMouse.EXE Description=Dritek System Inc. 3D Mouse driver Source=Paul Collins Startup list [3d_sound] Number=205 Confirmed=X Filename=3d_sound.exe Description=Added by the RIADOS-A TROJAN! Source=Paul Collins Startup list [3qdctl.exe] Number=206 Confirmed=U Filename=3qdctl.exe Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ Source=Paul Collins Startup list [3ware 3DM] Number=207 Confirmed=Y Filename=3dm.exe Description=Monitors status of the disk array on 3ware IDE RAID controllers Source=Paul Collins Startup list [456655] Number=208 Confirmed=X Filename=explorer.exe Description=Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [4684735485910] Number=209 Confirmed=X Filename=netdll32.exe Description=Added by the SDBOT-DEV WORM! Source=Paul Collins Startup list [4da92ad5.exe] Number=210 Confirmed=X Filename=4da92ad5.exe Description=Added by the DLOADR-WZ TROJAN! Source=Paul Collins Startup list [4oD] Number=211 Confirmed=U Filename=KHost.exe Description=Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [4wd!!!] Number=212 Confirmed=X Filename=Natal!.pif Description=Added by the OPASERV.AI WORM! Source=Paul Collins Startup list [5-1-61-96] Number=213 Confirmed=X Filename=members-area.exe Description=Adult content dialler Source=Paul Collins Startup list [5-2-46-112] Number=214 Confirmed=X Filename=5-2-46-112.exe Description=Adult content pop-up dialler. Removal instructions here Source=Paul Collins Startup list [55278] Number=215 Confirmed=X Filename=grepclient1.exe Description=Added by the LINEAGE-S TROJAN! Source=Paul Collins Startup list [5p4m] Number=216 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-C TROJAN! Source=Paul Collins Startup list [5whgue21] Number=217 Confirmed=X Filename=5whgue21.exe Description=ClearSearch adware Source=Paul Collins Startup list [666] Number=218 Confirmed=X Filename=Ska.exe Description=Added by the PIPES TROJAN! Source=Paul Collins Startup list [678] Number=219 Confirmed=X Filename=lsas32.exe Description=Added by the SLSORVE-B TROJAN! Source=Paul Collins Startup list [756349DC-6D9E-4F2A-9B24-269661F073C3] Number=220 Confirmed=X Filename=sysoghcx.exe Description=Detected by McAfee as the FAKEALERT-AH TROJAN! See here Source=Paul Collins Startup list [7f8e] Number=221 Confirmed=X Filename=z****.exe 9idf Description=Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder Source=Paul Collins Startup list [802.11b+g USB Wireless LAN Utility] Number=222 Confirmed=U Filename=ZDWlan.exe Description=802.11b+g USB Wireless LAN Utility Source=Paul Collins Startup list [802.11g Wireless Adatper] Number=223 Confirmed=U Filename=Monitor.exe Description=Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled Source=Paul Collins Startup list [852EBF20-A95D-4F1F-B9C2-B2CD24350F3E] Number=224 Confirmed=X Filename=sysodkcs.exe Description=Detected by McAfee as the FAKEALERT-AH TROJAN! See here Source=Paul Collins Startup list [98D0CE0C16B1] Number=225 Confirmed=X Filename=rundll32.exe D0CE0C16B1, D0CE0C16B1 Description=BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [9m] Number=226 Confirmed=X Filename=winlog0n.exe Description=Added by the LEGMIR-AQK TROJAN! Source=Paul Collins Startup list [9xadiras] Number=227 Confirmed=Y Filename=9xadiras.exe Description=Allied Telesyn AT series router/modem related - apparently required Source=Paul Collins Startup list [9xHtProtect] Number=228 Confirmed=X Filename=AVprotect9x.exe Description=Added by the NETSKY.M WORM! Source=Paul Collins Startup list [;Rundll] Number=229 Confirmed=X Filename=[filename] Description=Added by the PWSLEGMIR.E TROJAN! Source=Paul Collins Startup list [?ekio Startups] Number=230 Confirmed=X Filename=?nksvc32.exe Description=Added by the AGOBOT-OV WORM where ? is a random character Source=Paul Collins Startup list [@] Number=231 Confirmed=X Filename=regedit -s ..win.dll Description=Added by the SEEKER.K TROJAN! Source=Paul Collins Startup list [@] Number=232 Confirmed=X Filename=iexpl0res.exe Description=Added by the RBOT.AEX WORM! Source=Paul Collins Startup list [@] Number=233 Confirmed=X Filename=wincms.exe Description=Added by the RBOT.CBR WORM! Source=Paul Collins Startup list [@Hoc Toolbar] Number=234 Confirmed=N Filename=AtHoc.exe Description=One-click activated browsing toolbar used by various web-sites. See here for more info Source=Paul Collins Startup list [@loha] Number=235 Confirmed=N Filename=reminder.exe Description=Registration reminder for @loha@home E-mail utility Source=Paul Collins Startup list [@tour_ww] Number=236 Confirmed=X Filename=@tour_ww[1].exe Description=Adult content dialler Source=Paul Collins Startup list [a] Number=237 Confirmed=X Filename=a.exe Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website Source=Paul Collins Startup list [a] Number=238 Confirmed=X Filename=jesse.exe Description=Added by the MELO-A WORM! Source=Paul Collins Startup list [A New Windows Updater] Number=239 Confirmed=X Filename=w32NTupdt.exe Description=Added by the MYTOB.BM WORM! Source=Paul Collins Startup list [A Note] Number=240 Confirmed=N Filename=A Note.exe Description="A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" Source=Paul Collins Startup list [A Verizon App] Number=241 Confirmed=U Filename=VERIZO~1.EXE Description=Part of Verizon Online Support Manager Source=Paul Collins Startup list [a-squared] Number=242 Confirmed=U Filename=a2guard.exe Description=a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature Source=Paul Collins Startup list [a-squared Anti-Dialer] Number=243 Confirmed=Y Filename=a2adguard.exe Description=a-sqaured Anti-Dialer Source=Paul Collins Startup list [a-winpoet-service] Number=244 Confirmed=Y Filename=winpppoverethernet.exe Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking Source=Paul Collins Startup list [A1000 Settings Utility] Number=245 Confirmed=U Filename=cpqa1000.exe Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features Source=Paul Collins Startup list [A4Proxy] Number=246 Confirmed=U Filename=A4Proxy.exe Description=Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites Source=Paul Collins Startup list [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] Number=247 Confirmed=X Filename=rundll32.exe E6F1873B.DLL, D9EBC318C Description=BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [a?] Number=248 Confirmed=U Filename=a2guard.exe Description=a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature Source=Paul Collins Startup list [aa bbcc dde effgghh jj] Number=249 Confirmed=X Filename=update.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [AAACLEAN] Number=250 Confirmed=? Filename=AAACLEAN.INF Description=?? Source=Paul Collins Startup list [AAAKeyboard] Number=251 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [AAATraySaver] Number=252 Confirmed=N Filename=TraySaver.exe Description=System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray Source=Paul Collins Startup list [AAK] Number=253 Confirmed=U Filename=aak.exe Description=Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" Source=Paul Collins Startup list [aaLDISCN32] Number=254 Confirmed=U Filename=LDISCN32.EXE Description=LANDesk? Management Suite software component Source=Paul Collins Startup list [aaLDTaskCompletion] Number=255 Confirmed=U Filename=amclient.EXE Description=LANDesk? Management Suite software component Source=Paul Collins Startup list [AAMSFree702] Number=256 Confirmed=X Filename=Avengine.com Description=Added by the DELF.LJ TROJAN! Source=Paul Collins Startup list [AAMSFree702] Number=257 Confirmed=X Filename=sys.exe Description=Added by the BACKDOOR-CPC TROJAN! Source=Paul Collins Startup list [Aaou] Number=258 Confirmed=X Filename=amee.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aapp] Number=259 Confirmed=X Filename=adprot.exe Description=AdBlaster adware Source=Paul Collins Startup list [aauclient] Number=260 Confirmed=? Filename=ACNUpdater.exe Description=Appears to be related to software from Accenture.com Source=Paul Collins Startup list [AAW] Number=261 Confirmed=U Filename=Ad-Aware.exe Description=Ad-Aware anti-spyware tool from Lavasoft Source=Paul Collins Startup list [AAWTray] Number=262 Confirmed=U Filename=AAWTray.exe Description=System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [ab EazyScheduler] Number=263 Confirmed=? Filename=ezsched.exe Description=?? Source=Paul Collins Startup list [abass] Number=264 Confirmed=X Filename=abass.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [ABBYY Community Agent] Number=265 Confirmed=N Filename=CAGENT.EXE Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software Source=Paul Collins Startup list [ABC] Number=266 Confirmed=U Filename=keylogger.exe Description=Keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [abcdefgh] Number=267 Confirmed=X Filename=abcdefgh.exe Description=EPJ TROJAN! Source=Paul Collins Startup list [ABIT uGuru] Number=268 Confirmed=U Filename=uGuru.exe Description=ABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin Source=Paul Collins Startup list [ABITEQ] Number=269 Confirmed=N Filename=abiteq.exe Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds Source=Paul Collins Startup list [Abrada WIN32] Number=270 Confirmed=X Filename=abrada.exe Description=Added by the DERMON-G TROJAN! Source=Paul Collins Startup list [ABRegmon] Number=271 Confirmed=Y Filename=ABregmon.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? Source=Paul Collins Startup list [Absolute Shield] Number=272 Confirmed=U Filename=dseraser.exe Description=Absolute Shield Evidence Eliminator - internet history eraser Source=Paul Collins Startup list [Absolute StartUp monitor] Number=273 Confirmed=U Filename=ASMon.exe Description=Absolute Startup - startup monitor from F-Group Software Source=Paul Collins Startup list [AbsoluteShield Internet Eraser] Number=274 Confirmed=U Filename=cseraser.exe Description=AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" Source=Paul Collins Startup list [ABsr] Number=275 Confirmed=X Filename=absr.exe Description=Added by the AUTOUPDER TROJAN! Source=Paul Collins Startup list [absr] Number=276 Confirmed=X Filename=mwsvm.exe Description=SeekSeek search hijacker related - see here Source=Paul Collins Startup list [abtu] Number=277 Confirmed=X Filename=mp3serch.exe Description=Loads the executable for Lop.com - final version Source=Paul Collins Startup list [abtu] Number=278 Confirmed=X Filename=lopsearch.exe Description=Loads the executable for Lop.com - beta version Source=Paul Collins Startup list [AbyssWebServer] Number=279 Confirmed=U Filename=abyssws.exe Description=Abyss web server Source=Paul Collins Startup list [Ac97Sound] Number=280 Confirmed=X Filename=snddrv.exe Description=Detected by Sophos as the SILLYFDC-A TROJAN! Source=Paul Collins Startup list [AcBtnMgr_X63] Number=281 Confirmed=U Filename=AcBtnMgr_X63.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X63.exe] Number=282 Confirmed=U Filename=AcBtnMgr_X63.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X73] Number=283 Confirmed=U Filename=AcBtnMgr_X73.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X83] Number=284 Confirmed=U Filename=AcBtnMgr_X83.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X84-X85] Number=285 Confirmed=U Filename=AcBtnMgr_X84-X85.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [acc] Number=286 Confirmed=U Filename=acc.exe Description=Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" Source=Paul Collins Startup list [ACCDEFRAGINFO] Number=287 Confirmed=X Filename=[path to worm] Description=Added by the DARBY-O WORM! Source=Paul Collins Startup list [Accelerate] Number=288 Confirmed=U Filename=accelerate.exe Description=Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection Source=Paul Collins Startup list [Access Control App] Number=289 Confirmed=X Filename=winsto.exe Description=Detected by Kaspersky as the AGENT.DGO TROJAN! See here Source=Paul Collins Startup list [Access Ramp Monitor] Number=290 Confirmed=N Filename=armon32.exe Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again Source=Paul Collins Startup list [Access WebControl] Number=291 Confirmed=X Filename=[path to file] Description=Added by the PPDOOR-M TROJAN! Source=Paul Collins Startup list [AccessManager] Number=292 Confirmed=U Filename=AccessMgr.exe Description=Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" Source=Paul Collins Startup list [AccessMedia P2P Loader] Number=293 Confirmed=X Filename=amp2pl.exe Description=My AccessMedia toolbar related, stealth installed! Source=Paul Collins Startup list [AccessoriesPlus] Number=294 Confirmed=U Filename=clockplus.exe Description=Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock Source=Paul Collins Startup list [AccessRamp Monitor01] Number=295 Confirmed=N Filename=ARMon32a.exe Description=From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." Source=Paul Collins Startup list [AccessRampLAN01] Number=296 Confirmed=N Filename=ARUpld32.exe Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 Source=Paul Collins Startup list [AcctMgr] Number=297 Confirmed=U Filename=AcctMgr.exe Description=Norton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC Source=Paul Collins Startup list [AccuWeather.com? Desktop] Number=298 Confirmed=N Filename=AccuWeatherDesktop.exe Description=Desktop weather from AccuWeather Source=Paul Collins Startup list [accwizz.exe] Number=299 Confirmed=X Filename=accwizz.exe Description=Added by the RULAND.A WORM! Source=Paul Collins Startup list [accwizzz.exe] Number=300 Confirmed=X Filename=accwizzz.exe Description=Added by the RULAND.A WORM! Source=Paul Collins Startup list [acdllib3] Number=301 Confirmed=X Filename=bcdlmem.exe Description=Added by the MAILBOT-BA TROJAN! Source=Paul Collins Startup list [ACDSee] Number=302 Confirmed=N Filename=ACDSee8Pro.exe Description=ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories Source=Paul Collins Startup list [Ace bows] Number=303 Confirmed=? Filename=Ace bows.exe Description=?? Source=Paul Collins Startup list [AceGain LiveUpdate] Number=304 Confirmed=N Filename=LiveUpdate.exe Description="AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" Source=Paul Collins Startup list [Acer ePower Management] Number=305 Confirmed=U Filename=Acer ePower Management.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Source=Paul Collins Startup list [Acer ePresentation HPD] Number=306 Confirmed=N Filename=ePresentation.exe Description=Allows you to connect your Acer laptop to a projector Source=Paul Collins Startup list [Acer Product Registration] Number=307 Confirmed=N Filename=ACE1.exe Description=Acer Product Registration - remove when registration is completed Source=Paul Collins Startup list [Acer Tour Reminder] Number=308 Confirmed=N Filename=Reminder.exe Description=Popup reminder to take the tour of your new Acer laptop Source=Paul Collins Startup list [AcerGoto] Number=309 Confirmed=U Filename=AcerGoto.exe Description=Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer Source=Paul Collins Startup list [AcerNotebookManager] Number=310 Confirmed=U Filename=almxptray.exe Description=System Tray access on some Acer Notebooks to give faster access to system settings Source=Paul Collins Startup list [AcerPowerkey] Number=311 Confirmed=U Filename=Powerkey.exe Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 Source=Paul Collins Startup list [Acess2007a] Number=312 Confirmed=X Filename=access2007a.exe Description=Added by the GAOBOT.PQA WORM! Source=Paul Collins Startup list [Aceu] Number=313 Confirmed=X Filename=[random filename] Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [acEventServ] Number=314 Confirmed=Y Filename=acevtsrv.exe Description=ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication Source=Paul Collins Startup list [AClntUsr] Number=315 Confirmed=U Filename=AClntUsr.exe Description=Altiris AClient Service Windows Tray Icon Source=Paul Collins Startup list [Acme.PCHButton] Number=316 Confirmed=N Filename=pchbutton.exe Description=Used by HP Instant Support Source=Paul Collins Startup list [ACMonitor_X63] Number=317 Confirmed=U Filename=ACMonitor_X63.exe Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Source=Paul Collins Startup list [ACMonitor_X63.exe] Number=318 Confirmed=U Filename=ACMonitor_X63.exe Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Source=Paul Collins Startup list [ACMonitor_X73] Number=319 Confirmed=U Filename=ACMonitor_X73.exe Description=Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" Source=Paul Collins Startup list [ACMonitor_X83] Number=320 Confirmed=U Filename=ACMonitor_X83.exe Description=Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" Source=Paul Collins Startup list [ACMonitor_X84-X85] Number=321 Confirmed=U Filename=ACMonitor_X84-X85.exe Description=Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" Source=Paul Collins Startup list [acocash] Number=322 Confirmed=X Filename=fastdown.exe Description=Adult content dialler Source=Paul Collins Startup list [acocash] Number=323 Confirmed=X Filename=fastdown.exe Description=Adult content dialler Source=Paul Collins Startup list [Acombo3dmouse] Number=324 Confirmed=U Filename=Acombo3d.exe Description=Mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [Aconti] Number=325 Confirmed=X Filename=aconti.exe Description=Adult content dialler Source=Paul Collins Startup list [acoustic] Number=326 Confirmed=U Filename=acoustic.exe Description=Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained Source=Paul Collins Startup list [acpart] Number=327 Confirmed=N Filename=agpart11.exe Description=Program for finding trucks on-line Source=Paul Collins Startup list [Acrobat] Number=328 Confirmed=X Filename=acrmon32.exe Description=Added by the SMALL-ECT TROJAN! Source=Paul Collins Startup list [Acrobat Assistant *.*] Number=329 Confirmed=U Filename=ACROTRAY.EXE Description=Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version Source=Paul Collins Startup list [Acrobat Read] Number=330 Confirmed=X Filename=acroup32.exe Description=Added by the VANBOT-BQ TROJAN! Source=Paul Collins Startup list [Acrobat Speed Launch] Number=331 Confirmed=N Filename=acrobat_sl.exe Description=Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards Source=Paul Collins Startup list [ACROMOUSE] Number=332 Confirmed=U Filename=ACROMAPP.exe Description=Related to ACROMOUSE Laser mouse control Source=Paul Collins Startup list [Acronis Popup Blocker] Number=333 Confirmed=U Filename=RunDll32.exe [path] Blocker.dll, Run Description=Part of Acronis Privacy Expert - anti-spyware and security suite Source=Paul Collins Startup list [Acronis Scheduler Helper] Number=334 Confirmed=U Filename=schedhlp.exe Description=Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Source=Paul Collins Startup list [Acronis Scheduler2 Service] Number=335 Confirmed=U Filename=schedhlp.exe Description=Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Source=Paul Collins Startup list [Acronis True Image] Number=336 Confirmed=U Filename=TimounterMonitor.exe Description=Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Source=Paul Collins Startup list [Acronis True Image Monitor] Number=337 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [Acronis TrueImage Monitor] Number=338 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [AcronisTimounterMonitor] Number=339 Confirmed=U Filename=TimounterMonitor.exe Description=Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Source=Paul Collins Startup list [AcronisTrueImage Monitor] Number=340 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [Act! Preloader] Number=341 Confirmed=U Filename=Act8.exe Description=Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" Source=Paul Collins Startup list [Action Manager 32] Number=342 Confirmed=N Filename=am32.exe Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs Source=Paul Collins Startup list [ActionAgent] Number=343 Confirmed=? Filename=actionagent.exe Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? Source=Paul Collins Startup list [Activation] Number=344 Confirmed=N Filename=Activation.exe Description=Part of Microsoft Money Source=Paul Collins Startup list [Activboard] Number=345 Confirmed=U Filename=MMKeybd.exe Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys Source=Paul Collins Startup list [Active Bit Station] Number=346 Confirmed=X Filename=abs.exe Description=Added by the MYTOB.BZ WORM! Source=Paul Collins Startup list [Active CPU] Number=347 Confirmed=N Filename=acpu.exe Description=Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" Source=Paul Collins Startup list [Active Desktop Calendar] Number=348 Confirmed=U Filename=ADC.EXE Description=XemiComputers Active Desktop Calendar Source=Paul Collins Startup list [Active Email Monitor] Number=349 Confirmed=U Filename=aem25.exe Description=Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email Source=Paul Collins Startup list [Active shield] Number=350 Confirmed=U Filename=Activeshield.exe Description=Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" Source=Paul Collins Startup list [ActiveDesktop] Number=351 Confirmed=X Filename=systray32.exe Description=Added by the DABOOM WORM! Source=Paul Collins Startup list [ACTIVEDS] Number=352 Confirmed=X Filename=ACTIVEDS.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [ActiveEyes] Number=353 Confirmed=N Filename=ActiveEyes.exe Description=ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut Source=Paul Collins Startup list [ActiveKeys.AAB635BD7D054a37A576] Number=354 Confirmed=U Filename=akeys.exe Description="Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" Source=Paul Collins Startup list [ActiveMenu] Number=355 Confirmed=U Filename=ActiveMenu.exe Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [ActivePlus] Number=356 Confirmed=U Filename=activeplus.exe Description=Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) Source=Paul Collins Startup list [ActiveScan Antivirus] Number=357 Confirmed=X Filename=ActiveScan.exe Description=Added by the RBOT-FKQ WORM! Source=Paul Collins Startup list [ActiveScript32] Number=358 Confirmed=X Filename=nod.exe Description=Added by the SOHANA-AJ WORM! Source=Paul Collins Startup list [ActiveShield] Number=359 Confirmed=Y Filename=MCVSSHLD.EXE Description=McAfee VirusScan On-line. See also the McAgentExe entry Source=Paul Collins Startup list [ActiveSpeed] Number=360 Confirmed=N Filename=AS.exe Description=Ascentive ActiveSpeed internet optimizer - not recommended, see here and here Source=Paul Collins Startup list [ActiveSync] Number=361 Confirmed=X Filename=wcescom32.exe Description=Added by the MANCSYN-E TROJAN! Source=Paul Collins Startup list [ActiveWords] Number=362 Confirmed=N Filename=AWMonitor.exe Description=ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined Source=Paul Collins Startup list [ActiveX File Registration Service] Number=363 Confirmed=X Filename=filereg.exe Description=Added by the RBOT-DVD WORM! Source=Paul Collins Startup list [ActiveX Streamer] Number=364 Confirmed=X Filename=msgfix.exe Description=Added by the SDBOT.NQ WORM! Source=Paul Collins Startup list [ActiveXUpdate] Number=365 Confirmed=X Filename=svcss.exe Description=Added by a variant of the DEDLER.C TROJAN! Source=Paul Collins Startup list [Activity] Number=366 Confirmed=U Filename=actik.exe Description=ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ActivSurf] Number=367 Confirmed=N Filename=backweb*****.exe Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates Source=Paul Collins Startup list [ActMaker] Number=368 Confirmed=U Filename=ActMak25.exe Description="ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" Source=Paul Collins Startup list [ActMaker] Number=369 Confirmed=U Filename=ActMaker25.exe Description=ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload Source=Paul Collins Startup list [ACTray] Number=370 Confirmed=U Filename=ACTray.exe Description=System Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" Source=Paul Collins Startup list [Actual Window Manager] Number=371 Confirmed=U Filename=ActualWindowManagerCenter.exe Description=Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" Source=Paul Collins Startup list [Actual Window Minimizer] Number=372 Confirmed=U Filename=ActualWindowMinimizerCenter.exe Description=Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" Source=Paul Collins Startup list [ACTX1] Number=373 Confirmed=X Filename=v1201.exe Description=Added by the VB.IS TROJAN! Source=Paul Collins Startup list [ACU] Number=374 Confirmed=U Filename=ACU.exe Description=Atheros wireless Client Utility Source=Paul Collins Startup list [ACU_QSB] Number=375 Confirmed=U Filename=ACU.exe Description=Atheros wireless Client Utility Source=Paul Collins Startup list [ACWLIcon] Number=376 Confirmed=U Filename=ACWLIcon.exe Description=Related to IBM ThinkVantage Connectivity Solution Source=Paul Collins Startup list [Ad Blocker] Number=377 Confirmed=U Filename=blocker.exe Description=Ad Blocker - blocks popups, and also removes banners, image ads and flash ads Source=Paul Collins Startup list [Ad Blocker Pro] Number=378 Confirmed=U Filename=Ad Blocker Pro.exe Description=Ad Away popup and banner remover Source=Paul Collins Startup list [Ad Muncher] Number=379 Confirmed=U Filename=AdMunch.exe Description=Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Source=Paul Collins Startup list [Ad Online Guide] Number=380 Confirmed=? Filename=adonlineguide.exe Description=?? Source=Paul Collins Startup list [Ad-aware] Number=381 Confirmed=U Filename=Ad-aware.exe Description=Ad-aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [Ad-Aware] Number=382 Confirmed=X Filename=Ad-Aware.exe Description=Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-aware spware/adware removal tool and is located in the Winnt\System32 or Windows\System32 directory Source=Paul Collins Startup list [Ad-Eliminator] Number=383 Confirmed=X Filename=ad-eliminator.exe Description=Ad-Eliminator spyware remover - not recommended, see here Source=Paul Collins Startup list [Ad-Muncher] Number=384 Confirmed=U Filename=ADMUNCH.EXE Description=Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Source=Paul Collins Startup list [Ad-Protect] Number=385 Confirmed=U Filename=ad-protect.exe Description=Ad-Protect spyware and spam monitoring tool Source=Paul Collins Startup list [Ad-watch] Number=386 Confirmed=U Filename=Ad-watch.exe Description=Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Source=Paul Collins Startup list [AD2KClient] Number=387 Confirmed=U Filename=AD2KClient.exe Description=Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk Source=Paul Collins Startup list [Adaptec DirectCD] Number=388 Confirmed=N Filename=Directcd.exe Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Source=Paul Collins Startup list [AdaptecDirectCD] Number=389 Confirmed=N Filename=Directcd.exe Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Source=Paul Collins Startup list [AdAware] Number=390 Confirmed=X Filename=wini.exe Description=Added by the RBOT-XN WORM! Source=Paul Collins Startup list [Adaware Bootup] Number=391 Confirmed=U Filename=ad-aware.exe Description=Ad-aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [Adaware lptt01] Number=392 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware Source=Paul Collins Startup list [Adaware ml097e] Number=393 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware Source=Paul Collins Startup list [AdBin] Number=394 Confirmed=U Filename=AdBin.exe Description=AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" Source=Paul Collins Startup list [Add**.exe [* = random char]] Number=395 Confirmed=X Filename=Add**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Add**32.exe [* = random char]] Number=396 Confirmed=X Filename=Add**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [AddClass] Number=397 Confirmed=X Filename=AddClass.exe Description=CoolWebSearch Addclass parasite variant Source=Paul Collins Startup list [AddClass] Number=398 Confirmed=X Filename=[Installation_Path] Description=Added by the STARTPAGE.F hijacker Source=Paul Collins Startup list [AddClass] Number=399 Confirmed=X Filename=[path to trojan] Description=Added by the SECDL-A TROJAN! Source=Paul Collins Startup list [AdDelete] Number=400 Confirmed=U Filename=AdDelete.exe Description=Banner advertisment blocker Source=Paul Collins Startup list [AdDestroyer] Number=401 Confirmed=X Filename=AdDestroyer.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [ADDITIONAL Services] Number=402 Confirmed=X Filename=pkgadd.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [addproxy] Number=403 Confirmed=? Filename=addproxy.exe Description=Related to Adobe Photoshop Source=Paul Collins Startup list [ADG] Number=404 Confirmed=? Filename=ADG.exe Description= SoundBlaster Audigy related? Source=Paul Collins Startup list [ADGJdet] Number=405 Confirmed=N Filename=ADGJDet.exe Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection Source=Paul Collins Startup list [aDir] Number=406 Confirmed=X Filename=adirss.exe Description=Added by the SPAMSRV-E TROJAN! Source=Paul Collins Startup list [Adiras] Number=407 Confirmed=Y Filename=Adiras.exe Description=ADSL USB modem related Source=Paul Collins Startup list [adirka] Number=408 Confirmed=X Filename=adirka.exe Description=Added by the TIBS-QT TROJAN! Source=Paul Collins Startup list [AdKiller] Number=409 Confirmed=U Filename=AD Defender.exe Description=Part of Advanced Spyware Remover anti-spyware tool Source=Paul Collins Startup list [adlhidp] Number=410 Confirmed=X Filename=psncc32.exe Description=Detected by Kaspersky as the SLAPER.AI TROJAN! See here Source=Paul Collins Startup list [ADM Library Loader] Number=411 Confirmed=X Filename=admlib32.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Admanager Controller] Number=412 Confirmed=X Filename=AdManCtl.exe Description=Adware, probably a Windupdates variant Source=Paul Collins Startup list [Admilli Service] Number=413 Confirmed=X Filename=AdmilliServ.exe Description=Windupdates adware variant Source=Paul Collins Startup list [Administrator] Number=414 Confirmed=X Filename=svchost.scr Description=Added by the NOVACAL TROJAN! Source=Paul Collins Startup list [Administrator] Number=415 Confirmed=X Filename=winlogon.exe Description=Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Administrator di Dago] Number=416 Confirmed=X Filename=Dago.exe Description=Added by the PUNYA-B WORM! Source=Paul Collins Startup list [AdminSoft] Number=417 Confirmed=X Filename=sysfile.vbs Description=Added by the STARGRUB-A WORM! Source=Paul Collins Startup list [admtray.exe] Number=418 Confirmed=U Filename=admtray.exe Description=Related to Acer Inc. destop tray Source=Paul Collins Startup list [Adobe] Number=419 Confirmed=X Filename=Adobe.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Adobe] Number=420 Confirmed=X Filename=sysconfig.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [adobe] Number=421 Confirmed=X Filename=gam.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Adobe] Number=422 Confirmed=X Filename=sysbat32.exe Description=Added by the LOWZONES.T TROJAN! Source=Paul Collins Startup list [Adobe] Number=423 Confirmed=X Filename=zteam.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Adobe Acrobat] Number=424 Confirmed=N Filename=READER~1.EXE Description=Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Acrobat Distiller Application] Number=425 Confirmed=X Filename=acrotray.exe Description=Added by the RANDEX.DFJ WORM! Source=Paul Collins Startup list [Adobe Acrobat Reader CFG] Number=426 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Adobe Acrobat Speed Launcher] Number=427 Confirmed=N Filename=acrobat_sl.exe Description=Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards Source=Paul Collins Startup list [Adobe Filter Platform] Number=428 Confirmed=X Filename=afilterplatform.exe Description=Added by the RBOT-OP WORM! Source=Paul Collins Startup list [Adobe Gamma Loader] Number=429 Confirmed=U Filename=Adobe Gamma Loader.exe Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine Source=Paul Collins Startup list [Adobe Photo Downloader] Number=430 Confirmed=N Filename=apdproxy.exe Description=Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) Source=Paul Collins Startup list [Adobe Reader Speed Launch] Number=431 Confirmed=N Filename=Reader_sl.exe Description=Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Speed Launch] Number=432 Confirmed=N Filename=READER~1.EXE Description=Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Speed Launcher] Number=433 Confirmed=N Filename=Reader_sl.exe Description=Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Synchronizer] Number=434 Confirmed=U Filename=AdobeCollabSync.exe Description=Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information Source=Paul Collins Startup list [Adobe Version Cue CS2] Number=435 Confirmed=U Filename=VersionCueCS2Tray.exe Description=File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" Source=Paul Collins Startup list [AdobeA] Number=436 Confirmed=X Filename=adobes.exe Description=Added by the FLOOD.BA TROJAN! Source=Paul Collins Startup list [AdobeFonts] Number=437 Confirmed=X Filename=fonts.hta Description=Browser hijacker - redirecting to Hugesearch.net Source=Paul Collins Startup list [AdobeManager] Number=438 Confirmed=X Filename=rundtl.exe Description=Detected by Trend Micro as the INJECT.IB TROJAN! See here Source=Paul Collins Startup list [adobemgr] Number=439 Confirmed=X Filename=adobemgr.exe Description=Added by the ADCLICKER TROJAN! Source=Paul Collins Startup list [AdobeReader] Number=440 Confirmed=X Filename=msni.exe Description=Added by the RBOT.DAO TROJAN! Source=Paul Collins Startup list [AdobeReaderPro] Number=441 Confirmed=X Filename=msnxpsp.exe Description=Added by the RBOT-ASK or RBOT-AUS WORMS! Source=Paul Collins Startup list [AdobeReaderPro] Number=442 Confirmed=X Filename=ntkernell32.exe Description=Added by the RBOT-ATY WORM! Source=Paul Collins Startup list [AdobeReaderPro] Number=443 Confirmed=X Filename=msnserve.exe Description=Added by the SDBOT-AKH WORM! Source=Paul Collins Startup list [AdobeReaderPro] Number=444 Confirmed=X Filename=updt.exe Description=Added by the IRCBOT-VQ WORM! Source=Paul Collins Startup list [AdobeReaderProfessional] Number=445 Confirmed=X Filename=msx64.exe Description=Added by the RBOT-GAT WORM! Source=Paul Collins Startup list [AdobeReaderPros] Number=446 Confirmed=X Filename=sysmsn.exe Description=Added by the RBOT-BGH WORM! Source=Paul Collins Startup list [AdobeUpdater] Number=447 Confirmed=N Filename=AdobeUpdater.exe Description=Automatic updater for Adobe software - run manually Source=Paul Collins Startup list [AdobeVersionCue] Number=448 Confirmed=N Filename=VersionCueTray.exe Description="An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" Source=Paul Collins Startup list [Adobe_ID0EYTHM] Number=449 Confirmed=? Filename=VERSIO~2.EXE Description=Part of an Adobe product. What does it do and is it required? Source=Paul Collins Startup list [adodemaster] Number=450 Confirmed=X Filename=adodemaster.exe Description=Downloader of Korean origin, detected as ADOD.28672 Source=Paul Collins Startup list [Adope File Manager] Number=451 Confirmed=X Filename=lsasv.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [adp] Number=452 Confirmed=X Filename=adp.exe Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc Source=Paul Collins Startup list [AdPopup] Number=453 Confirmed=X Filename=dcf5678.exe Description=Added by the AGENT-FZ TROJAN! Source=Paul Collins Startup list [adprot] Number=454 Confirmed=X Filename=adprot.exe Description=AdBlaster adware Source=Paul Collins Startup list [ADQuickAccess] Number=455 Confirmed=N Filename=Adtray.exe Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 Source=Paul Collins Startup list [ADriver] Number=456 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [AdRoarUpdate] Number=457 Confirmed=X Filename=ARUpdate.exe Description=AdRoar adware updater Source=Paul Collins Startup list [AdRotator.Application] Number=458 Confirmed=X Filename=[path to csrss.exe] Description=Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [AdRotator.Application] Number=459 Confirmed=X Filename=services.exe Description=FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder Source=Paul Collins Startup list [ADS Adware Remover] Number=460 Confirmed=X Filename=ADS Adware Remover.exe Description=ADS Adware Remover - not recommended, see here Source=Paul Collins Startup list [AdsBlocker] Number=461 Confirmed=X Filename=stopAds.exe Description=Reported as DILAER.DW by NOD32 Source=Paul Collins Startup list [AdsCleaner] Number=462 Confirmed=U Filename=AdsCleaner.exe Description="AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" Source=Paul Collins Startup list [ADService] Number=463 Confirmed=U Filename=ADService.exe Description=Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk Source=Paul Collins Startup list [AdsGone] Number=464 Confirmed=U Filename=Adsgone.exe Description=AdsGone - pop-up stopper Source=Paul Collins Startup list [ADSL Diagnostic Tools] Number=465 Confirmed=N Filename=mapiicon.exe Description=System tray access to ADSL modem diagnostic tools. Available via Start -> Programs Source=Paul Collins Startup list [ADSLSYSTEMTRAY] Number=466 Confirmed=? Filename=SystemtrayV100B.exe Description=Apparently Annex A ADSL modem related. What does it do and is it required? Source=Paul Collins Startup list [AdslTaskBar] Number=467 Confirmed=Y Filename=rundll32.exe stmctrl.dll, TaskBar Description=ISP software, initializes DSL modem Source=Paul Collins Startup list [AdslTaskBars] Number=468 Confirmed=X Filename=taskmng.exe Description=Added by the RBOT-AXZ WORM! Source=Paul Collins Startup list [ADSL_A2] Number=469 Confirmed=? Filename=A2Installed Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? Source=Paul Collins Startup list [ADSS] Number=470 Confirmed=Y Filename=ADSS.exe Description=ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied Source=Paul Collins Startup list [adstartup] Number=471 Confirmed=X Filename=automove.exe Description=Adlogix adware variant Source=Paul Collins Startup list [adstartup] Number=472 Confirmed=X Filename=Adstartup.exe Description=Adlogix adware variant Source=Paul Collins Startup list [AdStatus Service] Number=473 Confirmed=X Filename=AdStatServ.exe Description=WindUpdates AdStatus Service adware Source=Paul Collins Startup list [AdSubtract] Number=474 Confirmed=U Filename=adsub.exe Description=AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by Trend Micro AntiSpyware Source=Paul Collins Startup list [adtech2005] Number=475 Confirmed=X Filename=adtech2005.exe Description=Detected by Kaspersky as the STARTPAGE.AW TROJAN! Source=Paul Collins Startup list [adtech2006] Number=476 Confirmed=X Filename=adtech2006.exe Description=Detected by Kaspersky as the VB.KC WORM! Source=Paul Collins Startup list [Adtools Service] Number=477 Confirmed=X Filename=AdTools.exe Description=Windupdates Adware Source=Paul Collins Startup list [ADU] Number=478 Confirmed=? Filename=adu.exe Description=Related to Cisco Aironet wireless products. What does it do and is it required? Source=Paul Collins Startup list [AdultX] Number=479 Confirmed=X Filename=AdultX.exe Description=Adult content dialler and hijacker Source=Paul Collins Startup list [Adult_Chat] Number=480 Confirmed=X Filename=Adult_Chat.exe Description=Adult content dialler Source=Paul Collins Startup list [Adult_Chat1] Number=481 Confirmed=X Filename=Adult_Chat1.exe Description=Adult content dialler Source=Paul Collins Startup list [AdUpdater] Number=482 Confirmed=X Filename=sysupudt.exe Description=Unidentified adware downloader/updater Source=Paul Collins Startup list [ADUserMon] Number=483 Confirmed=U Filename=ADUserMon.exe Description=Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk Source=Paul Collins Startup list [Advanced DHTML Enable] Number=484 Confirmed=X Filename=exo32.exe Description=Added by the RANCK-FI TROJAN! Source=Paul Collins Startup list [Advanced DHTML Enable] Number=485 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT.GLQ TROJAN! Source=Paul Collins Startup list [Advanced Internet Protocol] Number=486 Confirmed=X Filename=cerf.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Advanced Protection System] Number=487 Confirmed=X Filename=advpsys.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Advanced Spyware Remover] Number=488 Confirmed=U Filename=Asr.exe Description=Advanced Spyware Remover anti spyware tool Source=Paul Collins Startup list [Advanced Tool Checks] Number=489 Confirmed=X Filename=advchks.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Advanced Tools Check] Number=490 Confirmed=N Filename=ADVCHK.EXE Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget Source=Paul Collins Startup list [Advanced Uninstaller PRO Installation Monitor] Number=491 Confirmed=U Filename=monitor.exe Description=Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" Source=Paul Collins Startup list [AdvancedCleaner Free] Number=492 Confirmed=X Filename=UADC.exe Description=AdvancedCleaner misleading security software - not recommended, see here Source=Paul Collins Startup list [AdVantage] Number=493 Confirmed=X Filename=AdVantage.exe Description=MediaAdVantage adware Source=Paul Collins Startup list [advap32] Number=494 Confirmed=X Filename=[path to trojan] Description=Detected by Trend Micro as the MUTANT.AT TROJAN! See here Source=Paul Collins Startup list [Advapi] Number=495 Confirmed=X Filename=Advapi.exe Description=Added by the NETDEVIL.12 WORM! Source=Paul Collins Startup list [ADVCHK] Number=496 Confirmed=N Filename=ADVCHK.EXE Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget Source=Paul Collins Startup list [Advertising Killer] Number=497 Confirmed=U Filename=Akiller.exe Description=Advertising Killer - popup stopper Source=Paul Collins Startup list [advmon32] Number=498 Confirmed=X Filename=advmon32.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [Adware Agent] Number=499 Confirmed=U Filename=adware agent.exe Description=Adware Agent popup blocker Source=Paul Collins Startup list [Adware Spy] Number=500 Confirmed=X Filename=AdwareSpy.exe Description=Adware Spy adware remover - not recommended, see here Source=Paul Collins Startup list [AdwareAlert] Number=501 Confirmed=U Filename=AdwareAlert.Exe Description=Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version Source=Paul Collins Startup list [AdwareDelete] Number=502 Confirmed=X Filename=adwaredelete.exe Description=AdwareDelete adware remover - not recommended, see here Source=Paul Collins Startup list [AdwareKiller_schedules] Number=503 Confirmed=X Filename=schedules.exe Description=EAdwareKiller spyware remover - not recommended, see here Source=Paul Collins Startup list [AdwareKiller_tray] Number=504 Confirmed=X Filename=tray.exe Description=EAdwareKiller spyware remover - not recommended, see here Source=Paul Collins Startup list [AdwareProMFC] Number=505 Confirmed=X Filename=Ad-Ware Pro.exe Description=Ad-Ware Pro rogue security software - not recommended, see here Source=Paul Collins Startup list [AdwareProMFC] Number=506 Confirmed=X Filename=AntiTrojan Pro.exe Description=AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro Source=Paul Collins Startup list [AdwareRemover2007] Number=507 Confirmed=X Filename=AdwareRemover2007.exe Description=AdwareRemover2007 spyware remover - not recommended, see here Source=Paul Collins Startup list [Aeiwlsta.exe] Number=508 Confirmed=? Filename=Aeiwlsta.exe Description=IBM High Rate Wireless LAN Adapter driver. Is it required? Source=Paul Collins Startup list [AELaunch] Number=509 Confirmed=N Filename=AELaunch.exe Description=Audio Applications Launcher for the Philips Acoustic Edge soundcard Source=Paul Collins Startup list [AERVICESN] Number=510 Confirmed=X Filename=AERVICESN.exe Description=Added by the RANDON-AO WORM! Source=Paul Collins Startup list [AeXAgentLogon] Number=511 Confirmed=N Filename=AeXAgentActivate.exe Description=Altiris Agent transmits information about your machine for the purpose of asset management and deployment Source=Paul Collins Startup list [AeXSWDUsr] Number=512 Confirmed=? Filename=AeXSWDUsr.exe Description=Altiris Express NS Client Manager software. Is it required? Source=Paul Collins Startup list [AEZBProc] Number=513 Confirmed=U Filename=aptezbp.exe Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions Source=Paul Collins Startup list [AFAFilter] Number=514 Confirmed=U Filename=windefault.exe Description=AFAFilter - internet filter software Source=Paul Collins Startup list [afskfask8] Number=515 Confirmed=X Filename=fsfjasj8.exe Description=Added by the ONLINEG-L TROJAN! Source=Paul Collins Startup list [AGEIA PhysX SysTray] Number=516 Confirmed=N Filename=TrayIcon.exe Description=System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop Source=Paul Collins Startup list [Agent] Number=517 Confirmed=N Filename=Agent.exe Description=Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs Source=Paul Collins Startup list [Agent] Number=518 Confirmed=X Filename=alsys.exe Description=Added by the DREF-V VIRUS! Source=Paul Collins Startup list [agent] Number=519 Confirmed=X Filename=ppl.exe Description=Added by the DREF-U VIRUS! Source=Paul Collins Startup list [Agent Browser] Number=520 Confirmed=X Filename=[random filename] Description=Added by the PPdoor.M-bdr backdoor TROJAN! Source=Paul Collins Startup list [Agent Explorer] Number=521 Confirmed=X Filename=[random filename] Description=Unidentified adware Source=Paul Collins Startup list [Agente] Number=522 Confirmed=? Filename=Remupd.exe Description=Part of Panda Antivirus . Is this an update reminder (guess because of the name), virus definition update reminder or something similar? Source=Paul Collins Startup list [agentsvr] Number=523 Confirmed=X Filename=agentsvr.exe Description=Malware, detected by Kaspersky as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder Source=Paul Collins Startup list [AgfaCLnk] Number=524 Confirmed=U Filename=AgfaCLnk.exe Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive Source=Paul Collins Startup list [agp] Number=525 Confirmed=X Filename=agp32.exe Description=Added by the GAOBOT.SY WORM! Source=Paul Collins Startup list [AGRSMMSG] Number=526 Confirmed=Y Filename=AGRSMMSG.exe Description=IBM AMR modem driver Source=Paul Collins Startup list [AGSatellite] Number=527 Confirmed=N Filename=AGSatellite.exe Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs Source=Paul Collins Startup list [ahfp] Number=528 Confirmed=U Filename=ahfp.exe Description=Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" Source=Paul Collins Startup list [ahfprog] Number=529 Confirmed=U Filename=ahfp.exe Description=Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" Source=Paul Collins Startup list [AHNSD] Number=530 Confirmed=Y Filename=AhnSD.exe Description=AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis Source=Paul Collins Startup list [AHNUE] Number=531 Confirmed=? Filename=AHNUE.exe Description=?? Source=Paul Collins Startup list [ahost] Number=532 Confirmed=X Filename=ahost.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [AHQInit] Number=533 Confirmed=N Filename=ahqinit.exe Description=Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required Source=Paul Collins Startup list [Ahst] Number=534 Confirmed=X Filename=iebs.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [AHU] Number=535 Confirmed=X Filename=[path to worm] Description=Added by the ANACON-B WORM! Source=Paul Collins Startup list [AHU] Number=536 Confirmed=X Filename=ANACON.EXE Description=Added by the NACO.A WORM! Source=Paul Collins Startup list [ahui32.exe] Number=537 Confirmed=X Filename=ahui32.exe Description=Added by the CERTIF-M TROJAN! Source=Paul Collins Startup list [Ai Nap] Number=538 Confirmed=U Filename=AiNap.exe Description=Part of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away" Source=Paul Collins Startup list [Ai Quicker Help] Number=539 Confirmed=N Filename=AsRc.exe Description=ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" Source=Paul Collins Startup list [Aica] Number=540 Confirmed=X Filename=tuaa.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aida] Number=541 Confirmed=X Filename=ttuh.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aida] Number=542 Confirmed=X Filename=eetu.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [AidemHotKey] Number=543 Confirmed=? Filename=DVMAIN.EXE Description=Keyboard related Source=Paul Collins Startup list [AidemHotKey] Number=544 Confirmed=? Filename=KEYAPP.EXE Description=Keyboard related Source=Paul Collins Startup list [aiepk] Number=545 Confirmed=U Filename=aiepk2.exe Description=Another IE Popup Killer - pop-up stopper Source=Paul Collins Startup list [AIM] Number=546 Confirmed=N Filename=aim.exe Description=AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs Source=Paul Collins Startup list [AIM] Number=547 Confirmed=U Filename=AIM+.exe Description=AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software Source=Paul Collins Startup list [AIM Instant Message Cookies] Number=548 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AFV WORM! Source=Paul Collins Startup list [AIM Logger] Number=549 Confirmed=N Filename=AIMLogger.exe Description=AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM Source=Paul Collins Startup list [Aim Plugin] Number=550 Confirmed=X Filename=aimplugin.exe Description=Added by the GUAP-F WORM! Source=Paul Collins Startup list [AIM reminder] Number=551 Confirmed=X Filename=AIM reminder.exe Description=Added by the BUDDY TROJAN! Source=Paul Collins Startup list [Aim6] Number=552 Confirmed=N Filename=AOLLaunch.exe Description=AOL Instant Messenger - start it when you want to use it Source=Paul Collins Startup list [Aim6] Number=553 Confirmed=N Filename=aim6.exe Description=AOL Instant Messenger - start it when you want to use it Source=Paul Collins Startup list [AIM95 Startup] Number=554 Confirmed=X Filename=aim95.exe Description=Added by the AGOBOT.AEE WORM! Source=Paul Collins Startup list [aimaol lptt01] Number=555 Confirmed=X Filename=aimaol.exe Description=RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [aimaol ml097e] Number=556 Confirmed=X Filename=aimaol.exe Description=RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [aimb.exe] Number=557 Confirmed=U Filename=aimb.exe Description=IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it Source=Paul Collins Startup list [AimingClick] Number=558 Confirmed=N Filename=AimingClick.exe Description=AimingClick from AimingTech. Web searching tool. Available via Start -> Programs Source=Paul Collins Startup list [AIMPro] Number=559 Confirmed=U Filename=aimpro.exe Description=AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing Source=Paul Collins Startup list [AIMster] Number=560 Confirmed=N Filename=?? Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs Source=Paul Collins Startup list [AIMWDInstall] Number=561 Confirmed=N Filename=AIMWDInstall.exe Description=Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [Aiptek Graphics Tablet (USB)] Number=562 Confirmed=Y Filename=atwtusb.exe Description=USB interface for Aiptek Graphics Tablet (USB) Source=Paul Collins Startup list [aircity] Number=563 Confirmed=X Filename=aircity.exe Description=Related to "Prutect" malware from e2Give Source=Paul Collins Startup list [AirPort Base Station Agent] Number=564 Confirmed=U Filename=APAgent.exe Description=Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" Source=Paul Collins Startup list [AJC Active Backup] Number=565 Confirmed=U Filename=AJCActBk.exe Description=AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" Source=Paul Collins Startup list [AKEYNAME] Number=566 Confirmed=X Filename=WinServ.exe Description=Added by the EVILBOT.C TROJAN! Source=Paul Collins Startup list [akeys] Number=567 Confirmed=U Filename=akeys.exe Description="Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" Source=Paul Collins Startup list [akgkagaksad9] Number=568 Confirmed=X Filename=fsakfask9.exe Description=Added by the ONLINEG-M TROJAN! Source=Paul Collins Startup list [AKiller] Number=569 Confirmed=U Filename=akiller.exe Description=Advertising Killer - popup stopper Source=Paul Collins Startup list [ala.exe] Number=570 Confirmed=X Filename=ala.exe Description=Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer Source=Paul Collins Startup list [Alarm Manager] Number=571 Confirmed=U Filename=Alarmapp.exe Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop Source=Paul Collins Startup list [AlarmWatcher] Number=572 Confirmed=? Filename=AlarmWatcher.exe Description=Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? Source=Paul Collins Startup list [Album Fast Start] Number=573 Confirmed=N Filename=ABMTSR.EXE Description=Scanner software, not required for scanner to work Source=Paul Collins Startup list [AlcFDMonitor] Number=574 Confirmed=? Filename=ALCFDRTM.EXE Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? Source=Paul Collins Startup list [ALCFDRTM16] Number=575 Confirmed=? Filename=ALCFDRTM16.com Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? Source=Paul Collins Startup list [Alchem] Number=576 Confirmed=X Filename=Alchem.exe Description=ClickAlchemy adware Source=Paul Collins Startup list [Alcmtr] Number=577 Confirmed=U Filename=Alcmtr.exe Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation Source=Paul Collins Startup list [Alcohol] Number=578 Confirmed=U Filename=Alcohol.exe Description=Alcohol 120% - CD/DVD emulation/writing/copying software Source=Paul Collins Startup list [Alcohol Autorun] Number=579 Confirmed=U Filename=Alcohol.exe Description=Alcohol 120% - CD/DVD emulation/writing/copying software Source=Paul Collins Startup list [AlcoholAutomount] Number=580 Confirmed=U Filename=axcmd.exe Description=Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images Source=Paul Collins Startup list [Alcom PCL Capture] Number=581 Confirmed=? Filename=FMW_PCAP.EXE Description=?? Source=Paul Collins Startup list [AlcWzrd] Number=582 Confirmed=N Filename=ALCWZRD.EXE Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one Source=Paul Collins Startup list [AlcxMonitor] Number=583 Confirmed=U Filename=Alcxmntr.exe Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation Source=Paul Collins Startup list [aldefr ere service] Number=584 Confirmed=X Filename=tay0x.exe Description=Added by the RBOT-XS WORM! Source=Paul Collins Startup list [alerter] Number=585 Confirmed=X Filename=alerter.exe Description=Added by the MAHA.F TROJAN! Source=Paul Collins Startup list [Alevir] Number=586 Confirmed=X Filename=Alevir.exe Description=Added by the OPASERV-A WORM! Source=Paul Collins Startup list [AlevirOld] Number=587 Confirmed=X Filename=[worm filename] Description=Added by the OPASERV WORM! Source=Paul Collins Startup list [Alexa] Number=588 Confirmed=N Filename=alexa.exe Description=Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended Source=Paul Collins Startup list [AlexaToolbar] Number=589 Confirmed=X Filename=alt.exe Description=Reported as the DELF.EB hijacker by Ewido Security Suite Source=Paul Collins Startup list [AlfaCleaner] Number=590 Confirmed=X Filename=AlfaCleaner.exe Description=AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware Source=Paul Collins Startup list [AlfaClock Classic] Number=591 Confirmed=U Filename=AlfaClock.exe Description=AlfaClock from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" Source=Paul Collins Startup list [AlfaClock2] Number=592 Confirmed=U Filename=AlfaClock2.exe Description=AlfaClock2 - tray/desktop clock and time synchronization software Source=Paul Collins Startup list [ALFY Accellerator] Number=593 Confirmed=? Filename=AlfyAC~1.exe Description=?? Source=Paul Collins Startup list [ALG.EXE] Number=594 Confirmed=X Filename=iexplorer .exe Description=Added by the DEMOTRY-B WORM! Source=Paul Collins Startup list [ALG32] Number=595 Confirmed=X Filename=ALG32.EXE Description=Added by the STARTPAGE.K hijacker Source=Paul Collins Startup list [algchk.exe] Number=596 Confirmed=X Filename=algchk.exe Description=Detected by Kaspersky as the VB.ATE TROJAN! Source=Paul Collins Startup list [ALGU] Number=597 Confirmed=X Filename=ALGU.EXE Description=Added by the CWS-I TROJAN! Source=Paul Collins Startup list [ALi5289] Number=598 Confirmed=U Filename=ALi5289.exe Description=Related to Uli Integrated Drivers from Uli Electronics Inc Source=Paul Collins Startup list [Alias SketchBook Snapshot] Number=599 Confirmed=N Filename=ALIASS~2.EXE Description=Screen-capture utility for Alias Sketchbook Source=Paul Collins Startup list [AlienAutopsy] Number=600 Confirmed=N Filename=Test_BS.exe Description=Alienware computer technical support software Source=Paul Collins Startup list [ALiSndMgr] Number=601 Confirmed=Y Filename=ALiSndMg.exe Description=ALi AC97 Sound driver Source=Paul Collins Startup list [AliUSBfix] Number=602 Confirmed=? Filename=GREENMK.exe Description=May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? Source=Paul Collins Startup list [Alive SYstem] Number=603 Confirmed=X Filename=scchost.exe Description=Added by the TOFDROP-B TROJAN! Source=Paul Collins Startup list [Alive SYstem] Number=604 Confirmed=X Filename=scchostc.exe Description=Added by the TOFDROP-B TROJAN! Source=Paul Collins Startup list [alkasr] Number=605 Confirmed=X Filename=?????.exe Description=Added by the BALKART TROJAN! Source=Paul Collins Startup list [All Aboard Status] Number=606 Confirmed=U Filename=stswin.exe Description=All Aboard! Internet Connection Sharing status icon Source=Paul Collins Startup list [All Sea screen saver] Number=607 Confirmed=X Filename=TaskTray.exe Description=Free screensaver, installs lots of foistware - remove it Source=Paul Collins Startup list [All Sea web link] Number=608 Confirmed=X Filename=FWLink.exe Description=Free screensaver, installs lots of foistware - remove it Source=Paul Collins Startup list [AllerCalc] Number=609 Confirmed=N Filename=AllerCalc.exe Description=AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually Source=Paul Collins Startup list [Allopassw] Number=610 Confirmed=X Filename=[path to trojan] Description=Added by the RANKY.CU TROJAN! Source=Paul Collins Startup list [AllSeeingEye] Number=611 Confirmed=U Filename=ase.exe Description=All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" Source=Paul Collins Startup list [allSnap] Number=612 Confirmed=U Filename=allSnap.exe Description="allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" Source=Paul Collins Startup list [AllToTray] Number=613 Confirmed=U Filename=ALLTOTRAY.EXE Description=AlltoTray from DNTSoft - minimize any program to your System Tray Source=Paul Collins Startup list [Alogrithm Link Queue] Number=614 Confirmed=X Filename=alq.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Alogserv] Number=615 Confirmed=U Filename=Alogserv.exe Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up Source=Paul Collins Startup list [ALPass] Number=616 Confirmed=U Filename=ALPass.exe Description=ALPass password manager Source=Paul Collins Startup list [alpha] Number=617 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Alps Electric USB Server] Number=618 Confirmed=Y Filename=Monserv.exe Description=Alps Electric USB Server - required according to this article Source=Paul Collins Startup list [AlpsPoint] Number=619 Confirmed=U Filename=Apoint.exe Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work Source=Paul Collins Startup list [ALServ] Number=620 Confirmed=U Filename=2portalmon.exe Description=2Wire Homeportal user interface Source=Paul Collins Startup list [Altnet] Number=621 Confirmed=X Filename=points manager.exe Description=Altnet TopSearch adware Source=Paul Collins Startup list [AltnetPointsManager] Number=622 Confirmed=X Filename=points manager.exe Description=Altnet TopSearch adware Source=Paul Collins Startup list [AltoMB_service] Number=623 Confirmed=U Filename=AltoMBsrv.exe Description=Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [ALTOOLS] Number=624 Confirmed=U Filename=AccessL.exe Description=ALTools family of PC utilities Source=Paul Collins Startup list [AltPayments] Number=625 Confirmed=X Filename=AltPayments.exe Description=WeirdOnTheWeb adware Source=Paul Collins Startup list [ALU Scheduler Service] Number=626 Confirmed=N Filename=ALUSchedulerSvc.exe Description=Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security Source=Paul Collins Startup list [ALUAlert] Number=627 Confirmed=U Filename=ALUNotify.exe Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis Source=Paul Collins Startup list [Aluria Security Center] Number=628 Confirmed=N Filename=SecurityCenter.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here Source=Paul Collins Startup list [Aluria's Pop-Up Stopper] Number=629 Confirmed=U Filename=eps.exe Description=Aluria Pop-Stopper Source=Paul Collins Startup list [Aluria's Spyware Eliminator] Number=630 Confirmed=N Filename=ASE.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here Source=Paul Collins Startup list [AlwaysOnTopMaker] Number=631 Confirmed=U Filename=AlwaysOnTopMaker.exe Description=Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop Source=Paul Collins Startup list [AlwaysReady Power Message APP] Number=632 Confirmed=N Filename=ARPWRMSG.EXE Description=Related to HP and Compaq Desktop PCs. Read this article Source=Paul Collins Startup list [AmazingTens] Number=633 Confirmed=X Filename=AmazingTens.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [AMD PowerNow!] Number=634 Confirmed=U Filename=GemBack.exe Description=AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" Source=Paul Collins Startup list [amd_dc_opt] Number=635 Confirmed=Y Filename=amd_dc_opt.exe Description=AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" Source=Paul Collins Startup list [America Online *.* Tray Icon] Number=636 Confirmed=N Filename=aoltray.exe Description=Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs Source=Paul Collins Startup list [AME_CSA] Number=637 Confirmed=N Filename=rundll32 amecsa.cpl, RUN_DLL Description=Loads ADSL modem Control Panel applet Source=Paul Collins Startup list [AModemLockDown] Number=638 Confirmed=U Filename=ModemLockDown.exe Description=ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc Source=Paul Collins Startup list [Amon] Number=639 Confirmed=Y Filename=AMON.EXE Description=Monitoring part of Eset's NOD32 virus-scanner Source=Paul Collins Startup list [Amonitor] Number=640 Confirmed=Y Filename=amon.exe Description=Tiny Personal Firewall Source=Paul Collins Startup list [AMP WinOFF] Number=641 Confirmed=U Filename=winoff.exe Description=WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" Source=Paul Collins Startup list [AMSG] Number=642 Confirmed=U Filename=Amsg.exe Description=Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" Source=Paul Collins Startup list [amsgupdate] Number=643 Confirmed=X Filename=ams.exe Description=Added by a variant of the MAILBOT TROJAN! Source=Paul Collins Startup list [AMSN] Number=644 Confirmed=N Filename=amsn.exe Description=aMSN Messenger is a multiplatform MSN messenger clone Source=Paul Collins Startup list [amsn] Number=645 Confirmed=X Filename=amsn.exe Description=Added by the BANKER-BNZ TROJAN! Source=Paul Collins Startup list [amva] Number=646 Confirmed=X Filename=amvo.exe Description=Added by the SILLYFDC-BR WORM! Source=Paul Collins Startup list [Anapod Manager] Number=647 Confirmed=N Filename=anamgr.exe Description=Anapod Explorer "is the most advanced Windows iPod software available, offering iPod management through full Windows Explorer integration under My Computer" Source=Paul Collins Startup list [anbv32] Number=648 Confirmed=X Filename=nabv32.exe Description=Added by the TITOG.C WORM! Source=Paul Collins Startup list [angeleyes] Number=649 Confirmed=X Filename=msdll.exe Description=Detected by Kaspersky as the VB.PI TROJAN! See here Source=Paul Collins Startup list [ANIWZCS2Service] Number=650 Confirmed=Y Filename=WZCSLDR2.exe Description=ALPHA Networks wireless driver Source=Paul Collins Startup list [ANIWZCSService] Number=651 Confirmed=? Filename=WZCSLDR.exe Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity Source=Paul Collins Startup list [AnnotateCheck] Number=652 Confirmed=? Filename=AnnCheck.exe Description=Genius Wizard Pen Tablet driver related. Is it required? Source=Paul Collins Startup list [Announcements] Number=653 Confirmed=N Filename=Annclist.exe Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it Source=Paul Collins Startup list [Anntext] Number=654 Confirmed=N Filename=Anntext.exe Description=Caere Pagekeeper text annotation server Source=Paul Collins Startup list [AnonymityGateway] Number=655 Confirmed=U Filename=Anonymity Gateway.exe Description=Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers Source=Paul Collins Startup list [Anonymizer Total Net Shield] Number=656 Confirmed=U Filename=AnonTns.exe Description=Anonymizer Total Net Shield - ID protection and privacy software Source=Paul Collins Startup list [ANONYMIZER_SPYWAREKILLER] Number=657 Confirmed=U Filename=SpyWareKiller.exe Description=Anonymizer Spyware Killer - now Anti-Spyware Source=Paul Collins Startup list [ANONYMIZER_SPYWAREKILLER] Number=658 Confirmed=U Filename=AnonAntiSpyware.exe Description=Anonymizer Spyware Killer - now Anti-Spyware Source=Paul Collins Startup list [Another Internet Explorer Popup Killer] Number=659 Confirmed=U Filename=aiepk2.exe Description=Another IE Popup Killer - pop-up stopper Source=Paul Collins Startup list [ansjava] Number=660 Confirmed=X Filename=[path to worm] Description=Added by the RANDON-AN WORM! Source=Paul Collins Startup list [Anskya] Number=661 Confirmed=X Filename=PYSKY.NET.exe Description=Added by the DLOADER-MW TROJAN! Source=Paul Collins Startup list [Answer Problem] Number=662 Confirmed=X Filename=dSAFsqs.exe Description=Added by the SDBOT-SC WORM! Source=Paul Collins Startup list [AnswerTool] Number=663 Confirmed=U Filename=AnswerTool.exe Description=AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again Source=Paul Collins Startup list [Anti] Number=664 Confirmed=X Filename=Isass.exe Description=Added by the BROPIA.K WORM! Source=Paul Collins Startup list [Anti Spam Service] Number=665 Confirmed=X Filename=spamsvc.exe Description=Added by the MYTOB-BK WORM! Source=Paul Collins Startup list [Anti-Blaxx Manager] Number=666 Confirmed=N Filename=Anti-Blaxx.exe Description=Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives Source=Paul Collins Startup list [Anti-keylogger check] Number=667 Confirmed=U Filename=antikey.exe Description=Anti-keylogger - protects against keylogger programs monitoring your keystrokes Source=Paul Collins Startup list [Anti-Trojan-Watch] Number=668 Confirmed=U Filename=ATWatch.exe Description=Anti-Trojan Watch - trojan detector Source=Paul Collins Startup list [Anti-Virus] Number=669 Confirmed=X Filename=vpms.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [Anti-Virus] Number=670 Confirmed=X Filename=[random filename].exe Description=Added by the CAPROBAD-A TROJAN! Source=Paul Collins Startup list [Anti-Virus Product Sync] Number=671 Confirmed=X Filename=[unprintable character][3 characters]log.exe Description=Added by the KEDEBE.D WORM! Source=Paul Collins Startup list [Anti-Virus Update Scheduler] Number=672 Confirmed=X Filename=[path to trojan] Description=Added by the SPAMMIT-A TROJAN! Source=Paul Collins Startup list [Anti-Virus Update Scheduler] Number=673 Confirmed=X Filename=winsp3.exe Description=Malware - detected by Kaspersky as the AGENT.FP TROJAN! Source=Paul Collins Startup list [Anti-Virus Update Scheduler V1.39.12R] Number=674 Confirmed=X Filename=[path to trojan] Description=Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... Source=Paul Collins Startup list [AntiClicker] Number=675 Confirmed=X Filename=SVCHST32.EXE Description=Added by the CBH TROJAN! Source=Paul Collins Startup list [antidialer.co.uk] Number=676 Confirmed=U Filename=Dialer_Watcher.exe Description=Dialer_Watcher is an application that allows you to detect dialers on your computer Source=Paul Collins Startup list [antihost] Number=677 Confirmed=X Filename=ahr.exe Description=Added by the BANCBAN-QJ TROJAN! Source=Paul Collins Startup list [AntiMalwareGuard] Number=678 Confirmed=X Filename=amg.exe Description=AntiMalwareGuard rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiPopUp] Number=679 Confirmed=U Filename=AntiPopUp.exe Description=AntiPopUp for IE - pop-up stopper Source=Paul Collins Startup list [antispy] Number=680 Confirmed=X Filename=ANTIVIR.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=681 Confirmed=X Filename=ANTIVIRUS.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=682 Confirmed=X Filename=ieav.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=683 Confirmed=X Filename=scan.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [AntiSpyKit *.*] Number=684 Confirmed=X Filename=AntiSpyKit *.*.exe Description=EAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here Source=Paul Collins Startup list [AntispyStorm] Number=685 Confirmed=X Filename=AntispyStorm.exe Description=AntiSpyStorm misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiSpyware] Number=686 Confirmed=X Filename=Antispyware.exe Description=AntiSpywareApp spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareBot] Number=687 Confirmed=X Filename=AntiSpywareBot.exe Description=AntiSpywareBot spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareExpert] Number=688 Confirmed=X Filename=ase.exe Description=AntiSpywareExpert rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareMaster] Number=689 Confirmed=X Filename=asm.exe Description=AntiSpywareMaster spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareShield] Number=690 Confirmed=X Filename=AntiSpywareShield.exe Description=AntiSpywareShield spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiVerminser] Number=691 Confirmed=X Filename=AntiVerminser.exe Description=AntiVerminser spyware remover - not recommended, see here Source=Paul Collins Startup list [antiviirus] Number=692 Confirmed=X Filename=antiviirus.exe Description=Added by a variant of the AGENT.KEU TROJAN! Source=Paul Collins Startup list [Antivir] Number=693 Confirmed=X Filename=svchst.exe Description=Added by the RAGRUK-A TROJAN! Source=Paul Collins Startup list [AntiVir] Number=694 Confirmed=X Filename=scvhost.exe Description=Added by the AGENT-DSF TROJAN! Source=Paul Collins Startup list [AntiVir] Number=695 Confirmed=X Filename=winlog.exe Description=Added by the IRCBOT-TJ TROJAN! Source=Paul Collins Startup list [AntiVir XP] Number=696 Confirmed=Y Filename=AVwin.exe Description=AntiVir? PersonalEdition Classic - antivirus Source=Paul Collins Startup list [Antivir64] Number=697 Confirmed=X Filename=Antivir64.exe Description=Antivir64 rogue security software - not recommended, see here Source=Paul Collins Startup list [AntiVirGear *.*] Number=698 Confirmed=X Filename=AntiVirGear *.*.exe Description=AntiVirGear misleading security software, where *.* represents the version number - not recommended, see here Source=Paul Collins Startup list [Antivirus] Number=699 Confirmed=X Filename=av.exe Description=Added by the SINKIN TROJAN! Resets IE start page to realphx.com Source=Paul Collins Startup list [Antivirus] Number=700 Confirmed=X Filename=maja.exe Description=Added by the NETSKY.H WORM! Source=Paul Collins Startup list [Antivirus] Number=701 Confirmed=X Filename=iexpl0res.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AntiVirus] Number=702 Confirmed=X Filename=kaspery.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [AntiVirus] Number=703 Confirmed=X Filename=AntiVirus.exe Description=Added by the BANKER-EHB TROJAN! Source=Paul Collins Startup list [Antivirus] Number=704 Confirmed=X Filename=antvrs.exe Description=Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [Antivirus] Number=705 Confirmed=X Filename=avm.exe Description=Antivirus Master rogue security software - not recommended, see Source=Paul Collins Startup list [Antivirus] Number=706 Confirmed=X Filename=vav.exe Description=Vista Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [Antivirus Installer] Number=707 Confirmed=X Filename=[path to trojan] Description=Added by the BADGENT-A TROJAN! Source=Paul Collins Startup list [AntiVirus Process] Number=708 Confirmed=X Filename=virprot.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Antivirus Protection Services] Number=709 Confirmed=X Filename=ccapp2.exe Description=Added by the RBOT.EXI WORM! Source=Paul Collins Startup list [AntiVirus Update] Number=710 Confirmed=X Filename=updates.exe Description=Added by the RBOT-JF WORM! Source=Paul Collins Startup list [AntiVirus Update] Number=711 Confirmed=X Filename=antivirus.exe Description=Added by the RBOT-IF WORM! Source=Paul Collins Startup list [Antivirus-2008.exe] Number=712 Confirmed=X Filename=Antivirus-2008.exe Description=Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! Source=Paul Collins Startup list [antivirus-2008pro.exe] Number=713 Confirmed=X Filename=antivirus-2008pro.exe Description=Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! Source=Paul Collins Startup list [Antivirus-Golden] Number=714 Confirmed=X Filename=Antivirus-Golden.exe Description=Antivirus-Golden misleading security software - not recommended, see here Source=Paul Collins Startup list [Antivirus2008y] Number=715 Confirmed=X Filename=antvrs.exe Description=Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [antivirus32] Number=716 Confirmed=X Filename=antivirus.exe Description=Added by the SPYBOT.KAI WORM! Source=Paul Collins Startup list [AntivirusGold] Number=717 Confirmed=X Filename=AntivirusGold.exe Description=AntivirusGold malware Source=Paul Collins Startup list [AntiVirusPro] Number=718 Confirmed=X Filename=AntiVirusPro.exe Description=AntiVirusPro misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiVirusProMFC] Number=719 Confirmed=X Filename=Antivirus Pro.exe Description=AntiVirusPro misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiVirusProtection] Number=720 Confirmed=? Filename=qumk.exe Description=?? Source=Paul Collins Startup list [AntiVituS] Number=721 Confirmed=X Filename=Base.exe Description=Added by the BAS.A WORM! Source=Paul Collins Startup list [antiware] Number=722 Confirmed=X Filename=elite***32.exe [*** = random char] Description=Added by the DLOADER-HW TROJAN! Source=Paul Collins Startup list [AntiWindowsMessenger] Number=723 Confirmed=U Filename=AntiMsMsg.exe Description=Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory Source=Paul Collins Startup list [anti_troj] Number=724 Confirmed=X Filename=anti_troj.exe Description=Added by the LODEAR.D TROJAN! Source=Paul Collins Startup list [AnVir] Number=725 Confirmed=Y Filename=AnVir.exe Description=AnVir Task Manager - protects computer against viruses and manages running processes and startup files Source=Paul Collins Startup list [AnVir Task Manager] Number=726 Confirmed=Y Filename=AnVir.exe Description=AnVir Task Manager - protects computer against viruses and manages running processes and startup files Source=Paul Collins Startup list [anvshell] Number=727 Confirmed=U Filename=anvshell.exe Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar Source=Paul Collins Startup list [Any To-Do List] Number=728 Confirmed=U Filename=anytodo.exe Description=Any To-Do List "the ultimate software solution to keep yourself organized and reminded" Source=Paul Collins Startup list [anycom bluetooth] Number=729 Confirmed=? Filename=ftflauncher.exe Description=Associated with an Anycom bluetooth wireless card. What does it do and is it required? Source=Paul Collins Startup list [AnyDVD] Number=730 Confirmed=U Filename=AnyDVD.exe Description=AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation Source=Paul Collins Startup list [AnyTime] Number=731 Confirmed=U Filename=Atw.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AnyTime Organizer] Number=732 Confirmed=U Filename=AtDem.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AnyTime Organizer] Number=733 Confirmed=U Filename=Atw.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AO Tray] Number=734 Confirmed=N Filename=AOTray.Exe Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [aol] Number=735 Confirmed=Y Filename=avp.exe Description=AOL's Active Virus Shield (by Kaspersky) - found in an AOL\Active Virus Shield sub-directory Source=Paul Collins Startup list [AOL 9.0 Optimized] Number=736 Confirmed=X Filename=AOLClient.exe Description=Added by the SPYBOTER.A TROJAN! Source=Paul Collins Startup list [AOL Broadband Check-Up] Number=737 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [AOL Companion] Number=738 Confirmed=N Filename=companion.exe Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use Source=Paul Collins Startup list [Aol Configuration Loader] Number=739 Confirmed=X Filename=aimsng.exe Description=Added by the SDBOT-XE WORM! Source=Paul Collins Startup list [AOL Fast Start] Number=740 Confirmed=? Filename=AOL.exe Description=AOL ISP software related. What does it do and is it required? Source=Paul Collins Startup list [AOL Instant Messanger] Number=741 Confirmed=X Filename=aim.exe Description=Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility Source=Paul Collins Startup list [AOL Instant Messengar] Number=742 Confirmed=X Filename=aol.exe Description=Added by the AGOBOT-FN WORM! Source=Paul Collins Startup list [AOL Instant Messenger] Number=743 Confirmed=X Filename=AlM.EXE Description=Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename Source=Paul Collins Startup list [Aol Instant Messenger] Number=744 Confirmed=X Filename=aolmsg.exe Description=Added by the KELVIR.AL WORM! Source=Paul Collins Startup list [AOL Instant Messenger] Number=745 Confirmed=X Filename=aimsgr.exe Description=Added by the IRCBOT.N TROJAN! Source=Paul Collins Startup list [AOL Instant Messenger 7.213] Number=746 Confirmed=X Filename=aim9283.exe Description=Added by the SDBOT-ZF WORM! Source=Paul Collins Startup list [Aol Instant Messenger Fix] Number=747 Confirmed=X Filename=aolfix.exe Description=Added by the SDBOT-ABJ WORM! Source=Paul Collins Startup list [AOL Messenger] Number=748 Confirmed=X Filename=[random filename] Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [AOL Messenger] Number=749 Confirmed=X Filename=aolmsngr.exe Description=Added by the SDBOT-JF WORM! Source=Paul Collins Startup list [AOL Messenger Optimized] Number=750 Confirmed=X Filename=AOLOpt.exe Description=Added by the AOLOPT TROJAN! Source=Paul Collins Startup list [AOL Services Hosts] Number=751 Confirmed=X Filename=aolserviceshosts.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AOL Spyware Protection] Number=752 Confirmed=U Filename=AOLSP Scheduler.exe Description=AOL's spyware protection program Source=Paul Collins Startup list [AOL TopSpeedMonitor] Number=753 Confirmed=U Filename=aoltsmon.exe Description=AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up Source=Paul Collins Startup list [AolAcsDaemon1] Number=754 Confirmed=Y Filename=Acsd.exe Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually Source=Paul Collins Startup list [AolAcsDaemon1] Number=755 Confirmed=Y Filename=AOLACSD.EXE Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually Source=Paul Collins Startup list [AOLCC] Number=756 Confirmed=? Filename=ACCAgnt.exe Description=AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? Source=Paul Collins Startup list [AolCon] Number=757 Confirmed=X Filename=config.com Description=Added by the TAPLAK WORM! Source=Paul Collins Startup list [AOLDialer] Number=758 Confirmed=N Filename=AOLDial.exe Description=AOL ISP software dialer - can be activated through a desktop shortcut Source=Paul Collins Startup list [AolFix] Number=759 Confirmed=N Filename=AolFix.exe Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once Source=Paul Collins Startup list [AOLRegKey32] Number=760 Confirmed=X Filename=AOREGSVR512.EXE Description=Unidentified malware - see here Source=Paul Collins Startup list [AOLSAV] Number=761 Confirmed=? Filename=AOLAgent.exe Description=AOL ISP related. What does it do and is it required? Source=Paul Collins Startup list [AOLStart] Number=762 Confirmed=X Filename=AOLStart.exe Description=Added by the KRAIMER.12 TROJAN! Source=Paul Collins Startup list [aolupdater.exe] Number=763 Confirmed=X Filename=aolupdater.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Aornum] Number=764 Confirmed=X Filename=aornum.exe Description=Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware Source=Paul Collins Startup list [AOTray] Number=765 Confirmed=N Filename=AOTray.Exe Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [aouei] Number=766 Confirmed=X Filename=sysrtmvs.exe Description=Chivio dialer Source=Paul Collins Startup list [APC UPS Status] Number=767 Confirmed=Y Filename=Display.exe Description=APC PowerChute Personal Edition status icon Source=Paul Collins Startup list [APC_SERVICE] Number=768 Confirmed=U Filename=mainserv.exe Description=PowerChute? Personal Edition - "safe system shutdown software with sophisticated power management functions" Source=Paul Collins Startup list [apc_tray] Number=769 Confirmed=Y Filename=apc_tray.exe Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure Source=Paul Collins Startup list [APD123] Number=770 Confirmed=X Filename=APD123.exe Description=PacerD Media/Pacimedia.com adware Source=Paul Collins Startup list [Api**.exe [* = random char]] Number=771 Confirmed=X Filename=Api**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Api**32.exe [* = random char]] Number=772 Confirmed=X Filename=Api**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [API32] Number=773 Confirmed=X Filename=api32.exe Description=Added by the IRCBOT-B TROJAN! Source=Paul Collins Startup list [APIClass] Number=774 Confirmed=X Filename=lexplore_.exe Description=Added by the MSNOPT-A TROJAN! Source=Paul Collins Startup list [APIMon] Number=775 Confirmed=X Filename=apimonx.exe Description=Added by the TIBSER.A downloader TROJAN! Source=Paul Collins Startup list [APIMon] Number=776 Confirmed=X Filename=winapix.exe Description=Added by a variant of the TIBSER.A downloader TROJAN! Source=Paul Collins Startup list [APIMon] Number=777 Confirmed=X Filename=msreg.exe Description=Added by the DROPPER.Z TROJAN! Source=Paul Collins Startup list [apisvc.exe] Number=778 Confirmed=X Filename=apisvc.exe Description=Added by a variant of the LAMEBOT TROJAN! Source=Paul Collins Startup list [APL] Number=779 Confirmed=U Filename=APL.exe Description=Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application Source=Paul Collins Startup list [Apmsrv9x] Number=780 Confirmed=? Filename=APMSRV9X.EXE Description=Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? Source=Paul Collins Startup list [Apoint] Number=781 Confirmed=U Filename=Apoint.exe Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work Source=Paul Collins Startup list [App**32.exe [* = random char]] Number=782 Confirmed=X Filename=App**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [App.EXEName] Number=783 Confirmed=X Filename=[path to worm]\.exe Description=Added by the BODIRU WORM! Source=Paul Collins Startup list [Appcon] Number=784 Confirmed=U Filename=vAppCon.exe Description=Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established Source=Paul Collins Startup list [appconn] Number=785 Confirmed=X Filename=appconn.exe Description=Added by the CARGAO WORM! Source=Paul Collins Startup list [AppExtender] Number=786 Confirmed=U Filename=AppExtCB.exe Description=Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received Source=Paul Collins Startup list [appis.exe] Number=787 Confirmed=X Filename=appis.exe Description=Added by the AGENT-BC TROJAN! Source=Paul Collins Startup list [AppleSyncNotifier] Number=788 Confirmed=N Filename=AppleSyncNotifier.exe Description=From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information Source=Paul Collins Startup list [AppletINIT] Number=789 Confirmed=X Filename=INITIATE.EXE Description=Added by the AGOBOT.XV TROJAN! Source=Paul Collins Startup list [Application] Number=790 Confirmed=Y Filename=mdmsetsp.exe Description=Aztech Labs modem driver Source=Paul Collins Startup list [Application Adapter] Number=791 Confirmed=X Filename=abvsvc.exe Description=Added by the CHECKOUT WORM! See here Source=Paul Collins Startup list [Application Explorer] Number=792 Confirmed=U Filename=Naldesk.exe Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." Source=Paul Collins Startup list [Application Explorer] Number=793 Confirmed=U Filename=NalView.exe Description=Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications Source=Paul Collins Startup list [Application Launcher] Number=794 Confirmed=U Filename=Application Launcher.exe Description=Application launcher from the Sony Ericsson PC Suite for their mobile phones Source=Paul Collins Startup list [Application Layer Browser] Number=795 Confirmed=X Filename=abgsvc.exe Description=Added by the ULPM.FX TROJAN! Source=Paul Collins Startup list [Application Layer Browser] Number=796 Confirmed=X Filename=apnsvc.exe Description=Added by the CHECKOUT WORM! See here Source=Paul Collins Startup list [Application Layer Gateway Service] Number=797 Confirmed=X Filename=algs.exe Description=Added by the LINKBOT.M WORM! Source=Paul Collins Startup list [Application Layer Scheduler] Number=798 Confirmed=X Filename=agtsvc.exe Description=Detected by PCTools as the IRCBOT.BJJ TROJAN! See here Source=Paul Collins Startup list [Application Layer Services] Number=799 Confirmed=X Filename=avrsvc.exe Description=Detected by PCTools as the IRCBOT.BJM TROJAN! See here Source=Paul Collins Startup list [Application Manager] Number=800 Confirmed=X Filename=acnsvc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [ApplicationProtocolRun] Number=801 Confirmed=X Filename=smsbvl32.exe Description=Added by the IRCBOT-CX TROJAN! Source=Paul Collins Startup list [AppPlus] Number=802 Confirmed=U Filename=AppPlus.exe Description=AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" Source=Paul Collins Startup list [Apvxd] Number=803 Confirmed=Y Filename=APVXDWIN.EXE Description=Part of Panda Antivirus. Required to enable permanent virus protection Source=Paul Collins Startup list [Apvxdwin] Number=804 Confirmed=Y Filename=APVXDWIN.EXE Description=Part of Panda Antivirus. Required to enable permanent virus protection Source=Paul Collins Startup list [APVXDWIN] Number=805 Confirmed=U Filename=ClShield.exe Description="Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" Source=Paul Collins Startup list [Apwheel] Number=806 Confirmed=Y Filename=Apwheel.exe Description=Wheel support for an Alps mouse Source=Paul Collins Startup list [apyginapygin] Number=807 Confirmed=X Filename=simenu.exe Description=Added by the SDBOT.BTR WORM! Source=Paul Collins Startup list [AQ3HelperStartUp] Number=808 Confirmed=U Filename=AQ3HEL~1.EXE Description=ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [aqadcup.exe] Number=809 Confirmed=X Filename=aqadcup.exe Description=Added by the AGENT.BG WORM! Source=Paul Collins Startup list [Aqua Dock] Number=810 Confirmed=Y Filename=Aqua Dock.exe Description=Aqua Dock - "free program that allows you to have an ?OS X? style, nice animated launchbar / taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure" Source=Paul Collins Startup list [Aqujyjax] Number=811 Confirmed=X Filename=[path to file] Description=Added by the RANCK-CQ TROJAN! Source=Paul Collins Startup list [Aqujyjax] Number=812 Confirmed=X Filename=aqujyjax.exe Description=Added by the SDBOT-YC WORM! Source=Paul Collins Startup list [ara-key] Number=813 Confirmed=X Filename=[random filename] Description=Added by the ANTINNY WORM! Source=Paul Collins Startup list [ArabLionZ Drive] Number=814 Confirmed=? Filename=ArabLionZ.Drive.exe Description=ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? Source=Paul Collins Startup list [ArcaCheck] Number=815 Confirmed=Y Filename=ArcaCheck.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? Source=Paul Collins Startup list [arcaderockstar] Number=816 Confirmed=X Filename=arcaderockstar32.exe Description=Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer Source=Paul Collins Startup list [Archive] Number=817 Confirmed=X Filename=archive.exe Description=Adware - detected by Kaspersky as the CENTIM.A TROJAN! Source=Paul Collins Startup list [ARCHIVE CONTROL] Number=818 Confirmed=X Filename=fixupdattr.exe Description=Added by the MYTOB.GU WORM! Source=Paul Collins Startup list [ARCSolo Recovery] Number=819 Confirmed=N Filename=N/A Description=Backup software by Computer Associates - no longer supported Source=Paul Collins Startup list [Ardamax Keylogger] Number=820 Confirmed=U Filename=akl.exe Description=Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ares] Number=821 Confirmed=N Filename=ares.exe Description="Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" Source=Paul Collins Startup list [areslite] Number=822 Confirmed=N Filename=AresLite.exe Description="Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" Source=Paul Collins Startup list [Argentum Backup] Number=823 Confirmed=U Filename=ab.exe Description=Argentum Backup - a small backup program that lets you easily back up your documents and folders Source=Paul Collins Startup list [Aritima] Number=824 Confirmed=X Filename=aritima.exe Description=Added by the ARITIM WORM! Source=Paul Collins Startup list [ARMOR2NET] Number=825 Confirmed=N Filename=Armor2net.exe Description=Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see here Source=Paul Collins Startup list [aromis] Number=826 Confirmed=X Filename=aromis.exe Description=Added by the NUWAR.JQ WORM! Source=Paul Collins Startup list [AROReminder] Number=827 Confirmed=N Filename=aro.exe Description=Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode Source=Paul Collins Startup list [ARPWRMSG] Number=828 Confirmed=N Filename=ARPWRMSG.EXE Description=Related to HP and Compaq Desktop PCs. Read this article Source=Paul Collins Startup list [Artera] Number=829 Confirmed=U Filename=arteraui.exe Description=Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance Source=Paul Collins Startup list [AS00 Gear511] Number=830 Confirmed=? Filename=Gear511.exe Description=Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? Source=Paul Collins Startup list [AS00_Gear511] Number=831 Confirmed=N Filename=Gear511.exe Description=Netgear wireless LAN configuration utility Source=Paul Collins Startup list [AS00_WN511B] Number=832 Confirmed=U Filename=WN511B.exe Description=Netgear RangeMax NEXT wireless adapter configuration utility Source=Paul Collins Startup list [AS00_WPN511] Number=833 Confirmed=? Filename=WPN511.exe Description=NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? Source=Paul Collins Startup list [ASDPLUGIN] Number=834 Confirmed=X Filename=dsldbaccess.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=835 Confirmed=X Filename=canada.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=836 Confirmed=X Filename=france.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=837 Confirmed=X Filename=fullgames.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=838 Confirmed=X Filename=100171be.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=839 Confirmed=X Filename=100176br.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=840 Confirmed=X Filename=adult1.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=841 Confirmed=X Filename=Austria.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=842 Confirmed=X Filename=belgium nm.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=843 Confirmed=X Filename=czech.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=844 Confirmed=X Filename=dbaccess.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=845 Confirmed=X Filename=dslgeaccess.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=846 Confirmed=X Filename=Finland.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=847 Confirmed=X Filename=geaccess.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=848 Confirmed=X Filename=mexico.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=849 Confirmed=X Filename=netherlands.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=850 Confirmed=X Filename=turkey.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=851 Confirmed=X Filename=uk nm.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=852 Confirmed=X Filename=Xadult1.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [ASDPLUGIN] Number=853 Confirmed=X Filename=temp532.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [asdsaxcxz13] Number=854 Confirmed=X Filename=dasxcsx13.exe Description=Added by the LEGMIR-ARF TROJAN! Source=Paul Collins Startup list [asdx] Number=855 Confirmed=X Filename=xwinrpc32.exe Description=Added by the AGOBOT.VO WORM! Source=Paul Collins Startup list [ASE Scheduler] Number=856 Confirmed=N Filename=ASE Scheduler.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here Source=Paul Collins Startup list [Ashampoo FireWall] Number=857 Confirmed=Y Filename=FireWall.exe Description=Ashampoo FireWall Free version Source=Paul Collins Startup list [Ashampoo FireWall PRO] Number=858 Confirmed=Y Filename=FireWall.exe Description=Ashampoo FireWall PRO version Source=Paul Collins Startup list [Ashampoo PopUpBlocker] Number=859 Confirmed=U Filename=PopUpKiller.exe Description=Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) Source=Paul Collins Startup list [ashAvast] Number=860 Confirmed=Y Filename=ashAvast.exe Description=Part of Avast antivirus Source=Paul Collins Startup list [ashDsp.exe] Number=861 Confirmed=X Filename=ashDsp.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [ASHLT] Number=862 Confirmed=X Filename=Ashlt.exe Description=Ashlt adware Source=Paul Collins Startup list [ashMaiSv] Number=863 Confirmed=Y Filename=ashmaisv.exe Description=Part of Avast! anti-virus software - E-mail scanner Source=Paul Collins Startup list [Asicfc] Number=864 Confirmed=X Filename=icfca.exe Description=Added by the AGENT.AAJE WORM! Source=Paul Collins Startup list [AsioReg] Number=865 Confirmed=U Filename=regsvr32.exe ctasio.dll Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality Source=Paul Collins Startup list [AsioThk32Reg] Number=866 Confirmed=U Filename=rregsvr32.exe ctasio.dll Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality Source=Paul Collins Startup list [ASK] Number=867 Confirmed=U Filename=rundll32.exe [path] ASK.dll rdl Description=Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [asl] Number=868 Confirmed=X Filename=Aslru.exe Description=Added by the BANCOS-CU TROJAN! Source=Paul Collins Startup list [ASM] Number=869 Confirmed=U Filename=ASMonitor.exe Description=Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection Source=Paul Collins Startup list [Asmw Soft Popups Burner] Number=870 Confirmed=U Filename=popups burner.exe Description=Popup blocker, part of Asmw Soft PC Optimizer Source=Paul Collins Startup list [asnconsole] Number=871 Confirmed=X Filename=msasn.exe Description=Added by the RBOT.EVU TROJAN! Source=Paul Collins Startup list [ASocksrv] Number=872 Confirmed=X Filename=SocksA.exe Description=Added by the VB.CBW WORM! Source=Paul Collins Startup list [asp-srvc] Number=873 Confirmed=X Filename=asp-srvc.exe Description=Added by the AGOBOT-KG WORM! Source=Paul Collins Startup list [ASP.NET State Service] Number=874 Confirmed=X Filename=csrss.exe Description=Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [ASP.NET State Service] Number=875 Confirmed=X Filename=crsass.exe Description=Added by the BANLOAD-M TROJAN! Source=Paul Collins Startup list [ASP.NET State Service] Number=876 Confirmed=X Filename=servicos..exe Description=Added by the DADOBRA-I TROJAN! Source=Paul Collins Startup list [asp4tray] Number=877 Confirmed=N Filename=asp4tray.exe Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [AspireTimeMachine] Number=878 Confirmed=Y Filename=acertmb.exe Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry Source=Paul Collins Startup list [asrupdate.exe] Number=879 Confirmed=X Filename=asrupdate.exe Description=Added by the VB.ATZ TROJAN! Source=Paul Collins Startup list [assistse] Number=880 Confirmed=X Filename=ASSISTSE.EXE Description=CnsMin (Chinese Keywords) hijacker related Source=Paul Collins Startup list [AST] Number=881 Confirmed=X Filename=AST Description=Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS! Source=Paul Collins Startup list [AST] Number=882 Confirmed=X Filename=AST Description=Added by the VB.AH TROJAN! Source=Paul Collins Startup list [AST] Number=883 Confirmed=X Filename=AST.exe Description=AutoStarter parasite Source=Paul Collins Startup list [ASTART] Number=884 Confirmed=U Filename=astart.exe Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings Source=Paul Collins Startup list [AStart] Number=885 Confirmed=X Filename=AStart Description=Added by the VB.AH TROJAN! Source=Paul Collins Startup list [asTray] Number=886 Confirmed=N Filename=Astray.exe Description=Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer Source=Paul Collins Startup list [Astro] Number=887 Confirmed=N Filename=Astro.exe Description=Checks for updates to Quicken on a system reboot Source=Paul Collins Startup list [ASUS Live Update] Number=888 Confirmed=N Filename=ALU.exe Description=ASUS Live Update utility for their motherboards Source=Paul Collins Startup list [ASUS Probe] Number=889 Confirmed=N Filename=AsusProb.exe Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area Source=Paul Collins Startup list [ASUS SmartDoctor] Number=890 Confirmed=U Filename=VGAProbe.exe Description=ASUS video card fan/thermal monitor Source=Paul Collins Startup list [ASUS TweakEnable] Number=891 Confirmed=U Filename=astart.exe Description=Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings Source=Paul Collins Startup list [ASUSGamerOSD] Number=892 Confirmed=N Filename=GamerOSD.exe Description=GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game." Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards Source=Paul Collins Startup list [ASUSKey] Number=893 Confirmed=N Filename=V38SHELL.EXE Description=System tray Icon for quickly changing video modes Source=Paul Collins Startup list [asustweakenable] Number=894 Confirmed=U Filename=ATweak.exe Description=Asus tweaking utility - for fine tuning the settings of your ASUS display card Source=Paul Collins Startup list [ASWDP] Number=895 Confirmed=N Filename=ASWDP.exe Description=MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market Source=Paul Collins Startup list [ASWnk] Number=896 Confirmed=X Filename=aswnk.exe Description=Adult content dialler Source=Paul Collins Startup list [AT&T Self Support Tool] Number=897 Confirmed=U Filename=matcli.exe Description=AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [AT-Watch] Number=898 Confirmed=U Filename=ATWatch.exe Description=Anti-Trojan Watch - trojan detector Source=Paul Collins Startup list [atapidrv] Number=899 Confirmed=X Filename=atapidrv.exe Description=Added by the AGOBOT-SL WORM! Source=Paul Collins Startup list [atchk] Number=900 Confirmed=U Filename=atchk.exe Description=AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT Source=Paul Collins Startup list [Athan] Number=901 Confirmed=U Filename=Athan.exe Description=Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world Source=Paul Collins Startup list [ATI Active Graphics Card Monitor] Number=902 Confirmed=X Filename=atievx.exe Description=Added by the IRCBOT-TL WORM! Source=Paul Collins Startup list [ATI AS Filter] Number=903 Confirmed=X Filename=msnse.exe Description=Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites Source=Paul Collins Startup list [ATI Catalyst™ System Tray] Number=904 Confirmed=N Filename=CLI.exe SystemTray Description=System Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop Source=Paul Collins Startup list [ATI DeviceDetect] Number=905 Confirmed=N Filename=ATIDtct.EXE Description=Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled Source=Paul Collins Startup list [ATI Display] Number=906 Confirmed=X Filename=ATIDisplay.exe Description=Added by the BDOOR-AFH TROJAN! Source=Paul Collins Startup list [ATI Display Driver] Number=907 Confirmed=X Filename=atixd.exe Description=Added by the RBOT-FOV WORM! Source=Paul Collins Startup list [Ati Display Settings] Number=908 Confirmed=X Filename=atividx.exe Description=Added by the RBOT-GAS WORM! Source=Paul Collins Startup list [ATI GART Set-up Utility] Number=909 Confirmed=N Filename=Atigart.exe Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed Source=Paul Collins Startup list [ATI Launchpad] Number=910 Confirmed=U Filename=launchpd.exe Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu Source=Paul Collins Startup list [ATI Rage3d Pro] Number=911 Confirmed=X Filename=AtiRage4dPro.exe Description=Added by the AGOBOT-OG WORM! Source=Paul Collins Startup list [ATI Remote Control] Number=912 Confirmed=Y Filename=ATIRW.exe Description=Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it Source=Paul Collins Startup list [ATI Remote Control] Number=913 Confirmed=Y Filename=ATIX10.exe Description=ATI Remote Wonder? - PC wireless remote control driver. Required if you use it Source=Paul Collins Startup list [ATI Scheduler] Number=914 Confirmed=N Filename=Atisched.exe Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see Source=Paul Collins Startup list [ATI Task Application] Number=915 Confirmed=N Filename=Atitkad.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATI Task Application (Atikey)] Number=916 Confirmed=N Filename=Atitask.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATI Technology Startup] Number=917 Confirmed=X Filename=techstart.exe Description=Added by the RBOT-AEU WORM! Source=Paul Collins Startup list [ATI Video Driver Control] Number=918 Confirmed=X Filename=atigfx.exe Description=Added by the RBOT-FWL WORM! Source=Paul Collins Startup list [ATI Video Driver Control] Number=919 Confirmed=X Filename=btorrent.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [ATI Video Driver Controls] Number=920 Confirmed=X Filename=[path to worm] Description=Added by the SDBOT-DDS WORM! Source=Paul Collins Startup list [ATI VIDEO REGKEY] Number=921 Confirmed=X Filename=ati2vid.exe Description=Added by the SDBOT.UR WORM! Source=Paul Collins Startup list [Ati2cwxx] Number=922 Confirmed=? Filename=Ati2cwxx.exe Description=For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it Source=Paul Collins Startup list [Ati2evxx] Number=923 Confirmed=X Filename=Ati2evxx.com Description=Added by the BACKDOOR-CPC TROJAN! Source=Paul Collins Startup list [ati2f104] Number=924 Confirmed=X Filename=ati2f104.exe Description=Added by the DLOADR-BBW TROJAN! Source=Paul Collins Startup list [Ati2mdxx] Number=925 Confirmed=U Filename=Ati2mdxx.exe Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager Source=Paul Collins Startup list [ATICCC] Number=926 Confirmed=N Filename=cli.exe runtime Description=ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows Source=Paul Collins Startup list [ATICCC] Number=927 Confirmed=N Filename=CLIStart.exe Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs Source=Paul Collins Startup list [aticpaxx.exe] Number=928 Confirmed=X Filename=aticpaxx.exe Description=Added by the RBOT-XP WORM! Source=Paul Collins Startup list [AtiCwd] Number=929 Confirmed=U Filename=AtiCwd.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd] Number=930 Confirmed=U Filename=AtiCwd32.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd] Number=931 Confirmed=U Filename=Ati2cwad.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=932 Confirmed=U Filename=AtiCwd.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=933 Confirmed=U Filename=AtiCwd32.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=934 Confirmed=U Filename=Ati2cwad.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiDisplayDrv] Number=935 Confirmed=X Filename=atidrvxx.exe Description=Added by the RBOT-VZ WORM! Source=Paul Collins Startup list [atidriver] Number=936 Confirmed=X Filename=reaIplayer.exe Description=Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" Source=Paul Collins Startup list [AtiGart] Number=937 Confirmed=N Filename=Atigart.exe Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed Source=Paul Collins Startup list [AtiKey] Number=938 Confirmed=N Filename=AtiKey32.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [AtiKey] Number=939 Confirmed=? Filename=atiptkad.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [Atikey] Number=940 Confirmed=N Filename=Atitask.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATIMACE] Number=941 Confirmed=U Filename=MACE.exe Description=ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component Source=Paul Collins Startup list [ATIModeChange] Number=942 Confirmed=U Filename=Ati2mdxx.exe Description=System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager Source=Paul Collins Startup list [AtiPanel] Number=943 Confirmed=X Filename=atip.exe Description=Added by the TACTSLAY.U TROJAN! Source=Paul Collins Startup list [atipatxx] Number=944 Confirmed=X Filename=atipatxx.exe Description=Added by the SMALL-ED TROJAN! Source=Paul Collins Startup list [ATIPOLAB] Number=945 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [ATIPOLAB] Number=946 Confirmed=U Filename=ati2evae.exe Description=ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks Source=Paul Collins Startup list [ATIPOLL] Number=947 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [AtiPTA] Number=948 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTA] Number=949 Confirmed=U Filename=Atiptaxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTA] Number=950 Confirmed=U Filename=Atiptaab.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTAAA] Number=951 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTAAA] Number=952 Confirmed=U Filename=Atiptaxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [atiptaxx] Number=953 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [atiptaxx] Number=954 Confirmed=U Filename=Atiptaxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [atiptext] Number=955 Confirmed=X Filename=atiptext.exe Description=Added by the COSIAM-A TROJAN! Source=Paul Collins Startup list [AtiQiPcl] Number=956 Confirmed=U Filename=AtiQiPcl.exe Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's Source=Paul Collins Startup list [ATISmart] Number=957 Confirmed=U Filename=ati2s9ag.exe Description=ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings Source=Paul Collins Startup list [AtiSound] Number=958 Confirmed=U Filename=csrss.exe Description=WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder Source=Paul Collins Startup list [atisrc2] Number=959 Confirmed=X Filename=windfind.exe Description=Added by the WINDFIND-A TROJAN! Source=Paul Collins Startup list [ATITech] Number=960 Confirmed=X Filename=Active.exe Description=Added by the ROAMER-A TROJAN! Source=Paul Collins Startup list [atitray] Number=961 Confirmed=U Filename=atitray.exe Description=ATI Tray Tools - allows quick access to ATI graphics card settings Source=Paul Collins Startup list [AtiTrayTools] Number=962 Confirmed=U Filename=atitray.exe Description=ATI Tray Tools - allows quick access to ATI graphics card settings Source=Paul Collins Startup list [atiupdate] Number=963 Confirmed=X Filename=ATIUPDATE5.EXE Description=Added by the DEBESKI.A TROJAN! Source=Paul Collins Startup list [atiupdate] Number=964 Confirmed=X Filename=msshed32.exe Description=Added by the DELF.EP downloader TROJAN! Source=Paul Collins Startup list [ATIUpdater] Number=965 Confirmed=X Filename=atiupdxx.exe Description=Added by the RBOT-ABX WORM! Source=Paul Collins Startup list [Atiupdpl] Number=966 Confirmed=X Filename=atiupdpl.exe Description=Added by the SMALL.AOS TROJAN! Source=Paul Collins Startup list [ativopen] Number=967 Confirmed=X Filename=ativopen.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [ATIX10] Number=968 Confirmed=Y Filename=atix10.exe Description=ATI Remote Wonder? - PC wireless remote control driver. Required if you use it Source=Paul Collins Startup list [ATKMEDIA] Number=969 Confirmed=? Filename=DMEDIA.EXE Description=ATK Media utility for ASUS laptops - what does it do and is it required? Source=Paul Collins Startup list [Atl**.exe [* = random char]] Number=970 Confirmed=X Filename=Atl**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Atl**32.exe [* = random char]] Number=971 Confirmed=X Filename=Atl**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [ATM Control] Number=972 Confirmed=X Filename=adpn.exe Description=Added by the MMS.A WORM! Source=Paul Collins Startup list [ATnotes] Number=973 Confirmed=N Filename=atnotes.exe Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs Source=Paul Collins Startup list [Atomic Time Synchronizer] Number=974 Confirmed=U Filename=TimeSync.exe Description=TimeSync - lets you synchronize your computer's clock with any internet atomic clock Source=Paul Collins Startup list [Atomic-x27] Number=975 Confirmed=X Filename=Atomic-x27.exe Description=Added by the KATOMIK-A WORM! Source=Paul Collins Startup list [Atomic-x27C] Number=976 Confirmed=X Filename=AtomicpartC.exe Description=Added by the KATOMIK-A WORM! Source=Paul Collins Startup list [Atomic.exe] Number=977 Confirmed=U Filename=Atomic.exe Description=Atomic Clock Sync - synchronizes your computer's time with the NIST time server Source=Paul Collins Startup list [Atomica] Number=978 Confirmed=N Filename=atomica.exe Description=Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key Source=Paul Collins Startup list [AtomicTime] Number=979 Confirmed=U Filename=ATOMICTIME.EXE Description=AtomicTime - utility that synchronizes your PC clock to an atomic clock Source=Paul Collins Startup list [Atrack] Number=980 Confirmed=U Filename=atrack.exe Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert Source=Paul Collins Startup list [Atray] Number=981 Confirmed=U Filename=Atray.exe Description=Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons Source=Paul Collins Startup list [ATSpooler] Number=982 Confirmed=U Filename=AppsTraka.exe Description=DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ATTBroadbandUpdate] Number=983 Confirmed=U Filename=SAUpdate.exe Description=Big Brother from Quest Software. System and network monitor Source=Paul Collins Startup list [ATTRedUpdate] Number=984 Confirmed=U Filename=AutoUpdate.exe Description=Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates Source=Paul Collins Startup list [AttuneClientEngine] Number=985 Confirmed=X Filename=attune_ce.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneContentUpdater] Number=986 Confirmed=X Filename=attune_cu.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneDiscovery] Number=987 Confirmed=X Filename=attune_di.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [Attunel] Number=988 Confirmed=X Filename=Attunel.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneSystray] Number=989 Confirmed=X Filename=attune_st.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [aTuner] Number=990 Confirmed=N Filename=atuner.exe Description=aTuner - tweak tool for GeForce based graphics cards Source=Paul Collins Startup list [atwtusb] Number=991 Confirmed=Y Filename=atwtusb.exe Description=USB interface for Aiptek Graphics Tablet (USB) Source=Paul Collins Startup list [AtxBrw] Number=992 Confirmed=X Filename=Iexplor.exe Description="Pop Marketing" adware Source=Paul Collins Startup list [au] Number=993 Confirmed=U Filename=DealioAu.exe Description=Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products Source=Paul Collins Startup list [AU Agent] Number=994 Confirmed=N Filename=CAGENT.EXE Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software Source=Paul Collins Startup list [au.exe] Number=995 Confirmed=X Filename=au.exe Description=Added by the BEAGLE.B WORM! Source=Paul Collins Startup list [AUCBPNP] Number=996 Confirmed=Y Filename=aucbnpn.exe Description=Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot Source=Paul Collins Startup list [Aucompat] Number=997 Confirmed=X Filename=Aucompat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Audcntr] Number=998 Confirmed=X Filename=audcntr.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [AudCtrl] Number=999 Confirmed=? Filename=RunDll32 AudCtrl.dll, RCMonitor Description=Audio control panel? Source=Paul Collins Startup list [audi32] Number=1000 Confirmed=Y Filename=web3trap.exe Description=PC-Cillin 2000 anti-virus software → ActiveX filter. Guards against malicious ActiveX programs, etc Source=Paul Collins Startup list [AUDIO] Number=1001 Confirmed=X Filename=SOUND.exe Description=Added by the PLOYB-A TROJAN! Source=Paul Collins Startup list [Audio Device Manager] Number=1002 Confirmed=X Filename=winfp.exe Description=Detected by PCTools as the IRCBOT.BIV TROJAN! See here Source=Paul Collins Startup list [Audio Device Manager] Number=1003 Confirmed=X Filename=WinNT.exe Description=Added by the BANKER.BTG TROJAN! Source=Paul Collins Startup list [Audio Device Manager] Number=1004 Confirmed=X Filename=WNDXP.exe Description=Detected by Kaspersky as the IRCBOT.AJL TROJAN! See here Source=Paul Collins Startup list [audiocfg.exe] Number=1005 Confirmed=X Filename=audiocfg.exe Description=Added by the VB.ATE WORM! Source=Paul Collins Startup list [Audiocntl] Number=1006 Confirmed=X Filename=audiocntl.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [AudioDeck] Number=1007 Confirmed=N Filename=ADeck.exe Description=ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items Source=Paul Collins Startup list [Audiodrv] Number=1008 Confirmed=X Filename=audiodrv.exe Description=Added by the CRYPTER-C TROJAN! Source=Paul Collins Startup list [AudioDrvEmulator] Number=1009 Confirmed=U Filename=DLLML.exe AudDrvEm.dll Description=Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [AudioHQ] Number=1010 Confirmed=N Filename=Ahqtb.exe Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs Source=Paul Collins Startup list [AudioHQ] Number=1011 Confirmed=X Filename=audiohq.exe Description=Added by the BANKER-EHK TROJAN! Source=Paul Collins Startup list [AudioHQU] Number=1012 Confirmed=N Filename=AHQTBU.EXE Description=System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs Source=Paul Collins Startup list [audioinf] Number=1013 Confirmed=X Filename=audioinf.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [AudioMan] Number=1014 Confirmed=X Filename=Explorer.sm1 Description=Added by the HUPIGON.IFZ BACKDOOR! Source=Paul Collins Startup list [audlmne32] Number=1015 Confirmed=X Filename=dcmsxe.exe Description=Added by the MAILBOT-CF TROJAN! Source=Paul Collins Startup list [auloadplx] Number=1016 Confirmed=X Filename=mplprogsm.exe Description=Added by the SLAPER.K TROJAN! Source=Paul Collins Startup list [AUNPS2] Number=1017 Confirmed=X Filename=RUNDLL32 AUNPS2.DLL, _Run@16 Description=AUNPS adware Source=Paul Collins Startup list [aupd] Number=1018 Confirmed=X Filename=symcsvc.exe Description=Added by the ABWIZ.D TROJAN! Source=Paul Collins Startup list [aupd] Number=1019 Confirmed=X Filename=sysvcs.exe Description=Added by the ABWIZ.C TROJAN! Source=Paul Collins Startup list [aupd] Number=1020 Confirmed=X Filename=sywsvcs.exe Description=Added by the ORSE-M TROJAN! Source=Paul Collins Startup list [Aureal A3D Interactive Audio] Number=1021 Confirmed=Y Filename=sa3dsrv.exe Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled Source=Paul Collins Startup list [Aureal A3D Interactive Audio Init] Number=1022 Confirmed=Y Filename=A3dInit.exe Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled Source=Paul Collins Startup list [ausvc] Number=1023 Confirmed=X Filename=ausvc.exe Description=Added by the AUTOUPDER TROJAN! Source=Paul Collins Startup list [Auth Starter Ident] Number=1024 Confirmed=X Filename=startauth.exe Description=Added by the RBOT-WP WORM! Source=Paul Collins Startup list [Authentic-ID Toolbar] Number=1025 Confirmed=Y Filename=wintmr.exe Description=System Tray access to Child Control parental control software by Salfield Source=Paul Collins Startup list [Authentic-ID Toolbar] Number=1026 Confirmed=Y Filename=rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon Description=Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example Source=Paul Collins Startup list [authz] Number=1027 Confirmed=X Filename=authz.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [auto] Number=1028 Confirmed=X Filename=win32.exe Description=Added by the SMALL!SD5 TROJAN! Source=Paul Collins Startup list [Auto CD-ROM Startup] Number=1029 Confirmed=X Filename=cdaccess.exe Description=Added by the SPYBOT.BLA WORM! Source=Paul Collins Startup list [Auto EPSON Stylus C45 Series on X] Number=1030 Confirmed=U Filename=E_S4I3T1.EXE Description=Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C48 Series on X] Number=1031 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C48 Series on X] Number=1032 Confirmed=U Filename=E_S4I091.EXE Description=Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C60 Series on X] Number=1033 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C62 Series on X] Number=1034 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C64 Series on X] Number=1035 Confirmed=U Filename=E_S4I2C1.EXE Description=Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C82 Series on X] Number=1036 Confirmed=U Filename=E_S0HIC1.EXE Description=Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C84 Series on X] Number=1037 Confirmed=U Filename=E_S4I2D1.EXE Description=Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C87 Series on X] Number=1038 Confirmed=U Filename=E_FATIABL.EXE Description=Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3200 on X] Number=1039 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3600 Series on X] Number=1040 Confirmed=U Filename=E_FATI9BE.EXE Description=Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3800 Series on X] Number=1041 Confirmed=U Filename=E_FATIACA.EXE Description=Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4200 Series on X] Number=1042 Confirmed=U Filename=E_FATIAEA.EXE Description=Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4500 Series on X] Number=1043 Confirmed=U Filename=E_FATI9AP.EXE Description=Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX5000 Series on X] Number=1044 Confirmed=U Filename=E_FATIBVA.EXE Description=Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX5400 on X] Number=1045 Confirmed=U Filename=E_S4I2G1.EXE Description=Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6000 Series on X] Number=1046 Confirmed=U Filename=E_FATIBIA.EXE Description=Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6400 on X] Number=1047 Confirmed=U Filename=E_S4I2L1.EXE Description=Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6600 Series on X] Number=1048 Confirmed=U Filename=E_FATI9EE.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6600 Series on X] Number=1049 Confirmed=U Filename=E_FATI9EA.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX7400 Series on X] Number=1050 Confirmed=U Filename=E_FATICDA.EXE Description=Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX7800 Series on X] Number=1051 Confirmed=U Filename=E_FATIACA.EXE Description=Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX9400Fax Series on X] Number=1052 Confirmed=U Filename=E_FATICFA.EXE Description=Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus D78 Series on X] Number=1053 Confirmed=U Filename=E_FATIBGE.EXE Description=Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus D88 Series on X] Number=1054 Confirmed=U Filename=E_FATIABE.EXE Description=Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX3800 Series on X] Number=1055 Confirmed=U Filename=E_FATIACE.EXE Description=Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX4800 Series on X] Number=1056 Confirmed=U Filename=E_FATIADE.EXE Description=Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX6000 Series on X] Number=1057 Confirmed=U Filename=E_FATIBIE.EXE Description=Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo 820 Series on X] Number=1058 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R1800 on X] Number=1059 Confirmed=U Filename=E_FATI9LA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R200 Series on X] Number=1060 Confirmed=U Filename=E_S4I2H1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R200 Series on X] Number=1061 Confirmed=U Filename=E_S4I0H2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R220 Series on X] Number=1062 Confirmed=U Filename=E_FATIAIE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R2400 on X] Number=1063 Confirmed=U Filename=E_FATI9SA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R260 Series on X] Number=1064 Confirmed=U Filename=E_FATIBNA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R300 Series on X] Number=1065 Confirmed=U Filename=E_S4I2F1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R300 Series on X] Number=1066 Confirmed=U Filename=E_S4I0F2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R320 Series on X] Number=1067 Confirmed=U Filename=E_FATI9FA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R800 on X] Number=1068 Confirmed=U Filename=E_FATI9YE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX420 Series on X] Number=1069 Confirmed=U Filename=E_FATI9CE.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX500 on X] Number=1070 Confirmed=U Filename=E_S4I2K1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX600 on X] Number=1071 Confirmed=U Filename=E_S4I2M1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Pro 7600 on X] Number=1072 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto File System Conversion Utility] Number=1073 Confirmed=X Filename=scricon.exe Description=Added by the SDBOT.EYB WORM! Source=Paul Collins Startup list [auto repair system] Number=1074 Confirmed=X Filename=qualityx.exe Description=Added by an unidentified WORM or TROJAN - probably a SPYBOT variant Source=Paul Collins Startup list [Auto Switch] Number=1075 Confirmed=U Filename=TASKBAR.exe Description=Related to 2-port Bitronics AutoSwitch kit from Belkin Source=Paul Collins Startup list [Auto T Bar] Number=1076 Confirmed=N Filename=autotbar.exe Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled Source=Paul Collins Startup list [Auto Updat] Number=1077 Confirmed=X Filename=WindowsSys32.exe Description=Added by a variant of the FORBOT WORM! Source=Paul Collins Startup list [Auto updat] Number=1078 Confirmed=X Filename=crcss.exe Description=Added by the SDBOT.AAG WORM! Source=Paul Collins Startup list [Auto Update] Number=1079 Confirmed=X Filename=AUP.exe Description=Added by an unididentified WORM or TROJAN! Source=Paul Collins Startup list [Auto Update] Number=1080 Confirmed=X Filename=dma.exe Description=Added by the RBOT-AVO WORM! Source=Paul Collins Startup list [Auto Update] Number=1081 Confirmed=X Filename=svchost.exe Description=Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Auto Updates] Number=1082 Confirmed=X Filename=svchost.exe Description=Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Auto WinUpdate] Number=1083 Confirmed=X Filename=taskmrg.exe Description=Added by the RBOT-AFA WORM! Source=Paul Collins Startup list [AutoAdministrator] Number=1084 Confirmed=X Filename=SERVICES.EXE Description=Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Autobar] Number=1085 Confirmed=U Filename=autobar.exe Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers Source=Paul Collins Startup list [AutoCAD Startup Accelerator] Number=1086 Confirmed=U Filename=acstart16.exe Description=Preloads some libraries that are used by AutoCAD in order to make the software load faster Source=Paul Collins Startup list [autoclk] Number=1087 Confirmed=U Filename=autoclk.exe Description=Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" Source=Paul Collins Startup list [AutoEA] Number=1088 Confirmed=N Filename=Ahqrun.exe Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ Source=Paul Collins Startup list [AUTOEXE] Number=1089 Confirmed=X Filename=AUTOEXE.exe Description=Added by the SEMAPI-A WORM! Source=Paul Collins Startup list [autoload] Number=1090 Confirmed=X Filename=cftmon.exe Description=Detected by Symantec as the SILLYFDC WORM! See here Source=Paul Collins Startup list [autoload] Number=1091 Confirmed=X Filename=spooll.exe Description=Detected by Symantec as the SILLYFDC WORM! See here Source=Paul Collins Startup list [autoload] Number=1092 Confirmed=X Filename=windowsupdate.exe Description=Detected by Trend Micro as the POLYCRYP.DY TROJAN! See here Source=Paul Collins Startup list [Autoloaderaproposclient] Number=1093 Confirmed=X Filename=Apropos_Client_Loader.exe Description=AproposMedia adware Source=Paul Collins Startup list [Autoloaderaproposclient] Number=1094 Confirmed=X Filename=cxtpls_loader.exe Description=AproposMedia adware Source=Paul Collins Startup list [AutoLoaderEnvoloAutoUpdater] Number=1095 Confirmed=X Filename=auto_update_loader.exe Description=Envolo/AproposMedia adware updater Source=Paul Collins Startup list [AutoMate Task Service ] Number=1096 Confirmed=N Filename=automate.exe Description=Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs Source=Paul Collins Startup list [AutoMate5] Number=1097 Confirmed=U Filename=Am5HkWnd.exe Description="Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" Source=Paul Collins Startup list [AutoMate6] Number=1098 Confirmed=U Filename=AMEM.exe Description=AutoMate 6 for automating repetitive tasks Source=Paul Collins Startup list [Automated Windows Updates] Number=1099 Confirmed=X Filename=wauclt.exe Description=Added by the GAOBOT.AJD WORM! Source=Paul Collins Startup list [Automatic Defrag Manager] Number=1100 Confirmed=X Filename=defrag.exe Description=Added by the RBOT-AKE WORM! Source=Paul Collins Startup list [Automatic Media Update] Number=1101 Confirmed=X Filename=CACHE.RVD Description=Added by an unidentified WORM/TROJAN! Source=Paul Collins Startup list [Automatic Media Update] Number=1102 Confirmed=X Filename=HPLNT32.RVD Description=Added by an unidentified WORM/TROJAN! Source=Paul Collins Startup list [Automatic Microsoft Windows Updater] Number=1103 Confirmed=X Filename=suchost.exe Description=Added by the RBOT-EQ WORM! Source=Paul Collins Startup list [Automatic Updates] Number=1104 Confirmed=X Filename=algs.exe Description=Added by the IRCBOT-AAM TROJAN! Source=Paul Collins Startup list [Automatic Windows Updater] Number=1105 Confirmed=X Filename=Update.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Automatically launches the United Devices Agent when you start your computer] Number=1106 Confirmed=N Filename=UD.EXE Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs Source=Paul Collins Startup list [Autopdate] Number=1107 Confirmed=X Filename=Autopdate.exe Description=Added by the RBOT-AGL WORM! Source=Paul Collins Startup list [AUTOPROP] Number=1108 Confirmed=N Filename=REGPROP.EXE WMPADDIN.DLL Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension Source=Paul Collins Startup list [AUTOPROTECTU] Number=1109 Confirmed=X Filename=navapq32.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [autorepair] Number=1110 Confirmed=X Filename=dexs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Autoroute SMTP] Number=1111 Confirmed=U Filename=AutoSmtp.exe Description=Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers Source=Paul Collins Startup list [autorun] Number=1112 Confirmed=X Filename=autorun.exe Description=Added by the AUTOM-B WORM! Source=Paul Collins Startup list [autorun] Number=1113 Confirmed=X Filename=sxs.exe Description=Added by the SMALLVBS-A WORM! Source=Paul Collins Startup list [autorun] Number=1114 Confirmed=X Filename=winmain.exe Description=Added by a variant of the DELF.CNS TROJAN! Source=Paul Collins Startup list [autorundemo] Number=1115 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT-FPX TROJAN! Source=Paul Collins Startup list [AutoShutdown] Number=1116 Confirmed=? Filename=pssvc.exe Description=Utility to fix vCard Export in MS Outlook 2000 - although why are these together? Source=Paul Collins Startup list [AutoSizer] Number=1117 Confirmed=U Filename=AUTOSIZER.EXE Description=AutoSizer - utility that automatically maximizes windows when they're opened Source=Paul Collins Startup list [AutoSpell] Number=1118 Confirmed=N Filename=autospel.exe Description=AutoSpell - spell checker (version 6.*) Source=Paul Collins Startup list [AutoSpell 5] Number=1119 Confirmed=N Filename=ASWATC32.EXE Description=AutoSpell - spell checker Source=Paul Collins Startup list [AutoSys] Number=1120 Confirmed=U Filename=autosys.exe Description=Winguardian surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [autotbar] Number=1121 Confirmed=N Filename=autotbar.exe Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled Source=Paul Collins Startup list [AutoTKit] Number=1122 Confirmed=N Filename=AUTOTKIT.EXE Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled Source=Paul Collins Startup list [autoupd] Number=1123 Confirmed=N Filename=autoupd.exe Description=Raxco Software Auto Update utility."Used to keep your software up-to-date" Source=Paul Collins Startup list [autoupd] Number=1124 Confirmed=X Filename=autoupd.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name Source=Paul Collins Startup list [autoupdate] Number=1125 Confirmed=X Filename=WINUP2DATE.DLL, SHStart Description=Unidentified adware - detected by Panda antivirus as the CLICKER.CY TROJAN! Source=Paul Collins Startup list [autoupdate] Number=1126 Confirmed=X Filename=rundll32 DATADX.DLL,SHStart Description=Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% Source=Paul Collins Startup list [autoupdate] Number=1127 Confirmed=X Filename=rundll32 SUPDATE.DLL,SHStart Description=Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% Source=Paul Collins Startup list [AutoUpdate] Number=1128 Confirmed=X Filename=smss.exe Description=Added by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Autoupdate Service] Number=1129 Confirmed=X Filename=kaka.exe Description=Added by the SYMPE-B TROJAN! Source=Paul Collins Startup list [AutoUpdater] Number=1130 Confirmed=X Filename=aupdate.exe Description=Tinybar variant Source=Paul Collins Startup list [AutoUpdater] Number=1131 Confirmed=X Filename=AutoUpdate.exe Description=PeopleonPage foistware Source=Paul Collins Startup list [autoupdatev2] Number=1132 Confirmed=X Filename=[path to file] Description=Added by the DROPPER-BM TROJAN! Source=Paul Collins Startup list [autoupdatev2] Number=1133 Confirmed=X Filename=autoupdatev2.exe Description=Detected by Kaspersky as the AGENT.FQ TROJAN! Source=Paul Collins Startup list [AutoVirusProtection] Number=1134 Confirmed=X Filename=ciscv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [auto__antiav__key] Number=1135 Confirmed=X Filename=antiav_exe.exe Description=Added by the BAGLEDI-AA TROJAN! Source=Paul Collins Startup list [auto__hloader__key] Number=1136 Confirmed=X Filename=hloader_exe.exe Description=Added by the BAGLE.AB TROJAN! Source=Paul Collins Startup list [aux.exe] Number=1137 Confirmed=X Filename=aux.exe Description=Added by the ZINS TROJAN! Source=Paul Collins Startup list [auxAudioDevice] Number=1138 Confirmed=X Filename=aux32.exe Description=Added by the AIZU WORM! Source=Paul Collins Startup list [AUXXTRAY] Number=1139 Confirmed=N Filename=au30setp.exe Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [AV] Number=1140 Confirmed=X Filename=UPDATE-28062004.exe[25 blank spaces].vbs Description=Added by the MIDFIN WORM! Source=Paul Collins Startup list [AV Client] Number=1141 Confirmed=X Filename=patch31345.exe Description=Added by the MYDOOM.AD WORM! Source=Paul Collins Startup list [AV Industry] Number=1142 Confirmed=X Filename=patch31345.exe Description=Added by the MYDOOM.AD WORM! Source=Paul Collins Startup list [AV UpDate] Number=1143 Confirmed=X Filename=Update.exe Description=Added by the FUROOT-A TROJAN! Source=Paul Collins Startup list [AvaFind] Number=1144 Confirmed=N Filename=AvaFind.exe Description=AvaFind file search utility Source=Paul Collins Startup list [AVantivirus] Number=1145 Confirmed=X Filename=Avconsol.exe Description=Added by the MSNVB-D WORM! Source=Paul Collins Startup list [avast] Number=1146 Confirmed=X Filename=troyan.exe Description=Added by the SMALL.CZ TROJAN! Source=Paul Collins Startup list [Avast!] Number=1147 Confirmed=Y Filename=ashserv.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [avast!] Number=1148 Confirmed=Y Filename=ashDisp.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [avast! Web Scanner] Number=1149 Confirmed=Y Filename=Ashwebsv.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [Avast32] Number=1150 Confirmed=Y Filename=Astart32.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [avc] Number=1151 Confirmed=X Filename=avmon.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [AvconsoleEXE] Number=1152 Confirmed=U Filename=Avconsol.exe Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it Source=Paul Collins Startup list [Avengine] Number=1153 Confirmed=X Filename=Avengine.com Description=Added by the DELF.LJ TROJAN! Source=Paul Collins Startup list [AveoAttune] Number=1154 Confirmed=X Filename=atmdlusr.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AVFX Engine] Number=1155 Confirmed=U Filename=StartFX.exe Description=Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" Source=Paul Collins Startup list [AvG] Number=1156 Confirmed=X Filename=svchost323.exe Description=Added by the RBOT-ZA WORM! Source=Paul Collins Startup list [AVG Anti-Virus system] Number=1157 Confirmed=Y Filename=avgcc.exe Description=AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates Source=Paul Collins Startup list [Avg Antivirus] Number=1158 Confirmed=X Filename=icpldrvx.exe Description=Added by the BANKER.BYU TROJAN! Source=Paul Collins Startup list [AVG Grisoft Updater] Number=1159 Confirmed=X Filename=updater.exe Description=Added by the AGOBOT-OT WORM! Source=Paul Collins Startup list [AVG7_AMSVR] Number=1160 Confirmed=Y Filename=Avgamsvr.exe Description=AVG antivirus related Source=Paul Collins Startup list [AVG7_CC] Number=1161 Confirmed=Y Filename=avgcc.exe Description=AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates Source=Paul Collins Startup list [AVG7_EMC] Number=1162 Confirmed=Y Filename=AVGEMC.exe Description=AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses Source=Paul Collins Startup list [AVG7_Run] Number=1163 Confirmed=Y Filename=avgw.exe Description=AVG Anti-Virus 7.0 related Source=Paul Collins Startup list [AVG8_TRAY] Number=1164 Confirmed=U Filename=avgtray.exe Description=System Tray access to AVG internet security software Source=Paul Collins Startup list [avgamsvr.exe] Number=1165 Confirmed=Y Filename=Avgamsvr.exe Description=AVG antivirus related Source=Paul Collins Startup list [avgcc32] Number=1166 Confirmed=Y Filename=avgcc32.exe Description=AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates Source=Paul Collins Startup list [AVGCtrl] Number=1167 Confirmed=Y Filename=AVGCtrl.exe Description=Part of AntiVir? PersonalEdition Classic antivirus Source=Paul Collins Startup list [avgfwsrv] Number=1168 Confirmed=Y Filename=AVGFWSRV.EXE Description=Firewall part of the AVG Plus Firewall Edition Source=Paul Collins Startup list [avgmsvr.exe] Number=1169 Confirmed=Y Filename=avgmsvr.exe Description=AVG Anti-Virus 7.0 related Source=Paul Collins Startup list [AVGnt] Number=1170 Confirmed=Y Filename=AVGnt.exe Description=AntiVir? PersonalEdition Classic antivirus. System Tray icon and control program Source=Paul Collins Startup list [Avgserv9.exe] Number=1171 Confirmed=Y Filename=Avgserv9.exe Description=AVG antivirus background monitoring Source=Paul Collins Startup list [AVGuard] Number=1172 Confirmed=Y Filename=AVGuard.exe Description=AntiVir? PersonalEdition Classic antivirus. Background task which scans files transparently Source=Paul Collins Startup list [AVG_CC] Number=1173 Confirmed=Y Filename=avgcc32.exe Description=AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates Source=Paul Collins Startup list [AVG_EMC] Number=1174 Confirmed=Y Filename=AVGEMC.exe Description=AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses Source=Paul Collins Startup list [AVG_RegCleaner] Number=1175 Confirmed=Y Filename=AVGREGCL.exe Description=AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems Source=Paul Collins Startup list [avidrv] Number=1176 Confirmed=X Filename=drvsc.exe Description=Detected by Kaspersky as the AGENT.PH TROJAN! Source=Paul Collins Startup list [Avimgt] Number=1177 Confirmed=X Filename=Avimgt.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Avimgt32] Number=1178 Confirmed=X Filename=Avimgt32.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [avinit] Number=1179 Confirmed=Y Filename=AVINIT9X.EXE Description=Command Antivirus related Source=Paul Collins Startup list [Avira Anti-Virus Pro 2008] Number=1180 Confirmed=X Filename=explorear.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AVK Mail Checker] Number=1181 Confirmed=Y Filename=AVKPop.exe Description=eXtendia AVK AntiVirus email checker Source=Paul Collins Startup list [AVKBar] Number=1182 Confirmed=Y Filename=AVKBar.exe Description=GData AntiVirusKit Anti-virus Source=Paul Collins Startup list [AVKTray] Number=1183 Confirmed=U Filename=AVKTray.exe Description=System Tray access to AntiVirenKit InternetSecurity from G DATA Software AG Source=Paul Collins Startup list [AvMaiSrv] Number=1184 Confirmed=Y Filename=Avmaisrv.exe Description=Part of Avast! anti-virus software - E-mail scanner Source=Paul Collins Startup list [AvMenu] Number=1185 Confirmed=? Filename=AVMenu.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? Source=Paul Collins Startup list [AVMWlanClient] Number=1186 Confirmed=Y Filename=wlangui.exe Description=Related to broadband products from avm.de Source=Paul Collins Startup list [avnort] Number=1187 Confirmed=X Filename=formatsys.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avnort] Number=1188 Confirmed=X Filename=msmbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avnort] Number=1189 Confirmed=X Filename=serbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avp] Number=1190 Confirmed=Y Filename=avp.exe Description=Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory Source=Paul Collins Startup list [AVP] Number=1191 Confirmed=X Filename=[path to trojan] Description=Added by the MUTBO-A TROJAN! Source=Paul Collins Startup list [avp] Number=1192 Confirmed=X Filename=avp.exe Description=Detected by Kaspersky as the ALPHABET.B TROJAN! Source=Paul Collins Startup list [avp] Number=1193 Confirmed=X Filename=win*.tmp.exe [* is a number] Description=Added by a variant of the ALPHABET TROJAN! Source=Paul Collins Startup list [avp] Number=1194 Confirmed=X Filename=xar6000v7.exe Description=Detected by Kaspersky as the ALPHABET.B TROJAN! Source=Paul Collins Startup list [AVP-SE] Number=1195 Confirmed=X Filename=avp-32.exe Description=Added by the AGOBOT.FS WORM! Source=Paul Collins Startup list [avpa] Number=1196 Confirmed=X Filename=avpo.exe Description=Added by the LEGMIR-ARK TROJAN! Source=Paul Collins Startup list [avpcc] Number=1197 Confirmed=Y Filename=avpcc.exe Description=Kaspersky Labs anti-virus Source=Paul Collins Startup list [avpm] Number=1198 Confirmed=Y Filename=avpm.exe Description=Kaspersky anti-virus Source=Paul Collins Startup list [AvpM] Number=1199 Confirmed=X Filename=AvpM.exe Description=Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWS\pchealth\UploadLB\Config directory Source=Paul Collins Startup list [avpms] Number=1200 Confirmed=X Filename=avpms.exe Description=Detected by Kaspersky as the ONLINEGAMES.CPV TROJAN! See here Source=Paul Collins Startup list [Avpr] Number=1201 Confirmed=X Filename=avpr.exe Description=Added by the MYDOOM.AF WORM! Source=Paul Collins Startup list [AVPSrv] Number=1202 Confirmed=X Filename=AVPSrv.exe Description=Added by the ONLINE-GEN TROJAN! Source=Paul Collins Startup list [avptask] Number=1203 Confirmed=X Filename=[path to trojan] Description=Added by the NOFERE-G TROJAN! Source=Paul Collins Startup list [avptask] Number=1204 Confirmed=X Filename=expl0rer.exe Description=Added by the AGENT.JJO TROJAN! Source=Paul Collins Startup list [Avptask] Number=1205 Confirmed=X Filename=rund1132.exe Description=Added by the AGENT.PKZ TROJAN! Source=Paul Collins Startup list [AvpWx] Number=1206 Confirmed=X Filename=WErcx.exe Description=Detected by Kaspersky as a variant of the AGENT.A TROJAN! Source=Paul Collins Startup list [Avril Lavigne - Muse] Number=1207 Confirmed=X Filename=[random filename] Description=Added by the AVRIL-A WORM! Source=Paul Collins Startup list [AVSCHED32] Number=1208 Confirmed=Y Filename=AVSched32.exe Description=AntiVir? PersonalEdition Classic - antivirus Source=Paul Collins Startup list [AVSchedScan] Number=1209 Confirmed=Y Filename=SCHSC9X.EXE Description=Command Antivirus related Source=Paul Collins Startup list [AvSer] Number=1210 Confirmed=X Filename=dsm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1211 Confirmed=X Filename=msmpatch.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1212 Confirmed=X Filename=svosm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1213 Confirmed=X Filename=sysup.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [avserve.exe] Number=1214 Confirmed=X Filename=avserve.exe Description=Added by the SASSER WORM! Source=Paul Collins Startup list [avserve2.exe] Number=1215 Confirmed=X Filename=avserve2.exe Description=Added by the SASSER.B or SASSER.C WORMS! Source=Paul Collins Startup list [avserve3.exe] Number=1216 Confirmed=X Filename=avserve3.exe Description=Added by the SASSER.G WORM! Source=Paul Collins Startup list [AVStation premium] Number=1217 Confirmed=U Filename=AVStation agent.exe Description=Related to Samsung AV Station - instant playback of music, photos, videos Source=Paul Collins Startup list [avtapi] Number=1218 Confirmed=X Filename=avtapi.exe Description=Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" Source=Paul Collins Startup list [Avtray] Number=1219 Confirmed=N Filename=Avtray.exe Description=Command Antivirus tray icon Source=Paul Collins Startup list [AVupdate32 Update] Number=1220 Confirmed=X Filename=AVupdate32.exe Description=Added by the RBOT.CNI TROJAN! Source=Paul Collins Startup list [AVWLPSTA] Number=1221 Confirmed=? Filename=AVWLPSTA.exe Description=PRISM Status Tray Applet - but what is it for and is it required? Source=Paul Collins Startup list [AVWUpd32] Number=1222 Confirmed=Y Filename=AVWUPD32.EXE Description=AntiVir? PersonalEdition Classic - updater Source=Paul Collins Startup list [avx communicator] Number=1223 Confirmed=Y Filename=xcommsur.exe Description=Anti-virus part of BitDefender virus scanner/firewall Source=Paul Collins Startup list [Avxlive] Number=1224 Confirmed=Y Filename=avxlive.exe Description=Bullguard or BitDefender antivirus Source=Paul Collins Startup list [avxlni] Number=1225 Confirmed=Y Filename=avxinit.exe Description=Anti-virus part of BitDefender virus scanner/firewall Source=Paul Collins Startup list [Avxnews] Number=1226 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [Awatch] Number=1227 Confirmed=U Filename=Awatch.exe Description=Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products Source=Paul Collins Startup list [AwaySch] Number=1228 Confirmed=U Filename=AwaySch.EXE Description=Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" Source=Paul Collins Startup list [awhost32] Number=1229 Confirmed=N Filename=awhost32.exe Description=Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended Source=Paul Collins Startup list [AWMON] Number=1230 Confirmed=U Filename=Ad-Watch.exe Description=Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Source=Paul Collins Startup list [AWMON] Number=1231 Confirmed=U Filename=Ad-Monitor.exe Description=F-Secure Anti-Spyware Source=Paul Collins Startup list [awplite] Number=1232 Confirmed=U Filename=awplite.exe Description=AllWallpapers Lite desktop wallpaper changer Source=Paul Collins Startup list [AWUSGSTA] Number=1233 Confirmed=? Filename=AWUSGSTA.exe Description=Reportedly related to a USB Wifi Adapter - is it required at startup? Source=Paul Collins Startup list [awxDTools] Number=1234 Confirmed=U Filename=awxDTools.dll, awxRegisterDll Description=AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) Source=Paul Collins Startup list [AxFilter] Number=1235 Confirmed=? Filename=Rundll32 AXFILTER.DLL, Rundll32 Description=?? Source=Paul Collins Startup list [AXPFixer] Number=1236 Confirmed=X Filename=AXPFixer.exe Description=AdvancedXPFixer rogue security software - not recommended, see here Source=Paul Collins Startup list [AXVenore] Number=1237 Confirmed=X Filename=AXVenore.exe Description=Added by an unidentified TROJAN - see here Source=Paul Collins Startup list [AzMixerSel] Number=1238 Confirmed=U Filename=AzMixerSel.exe Description=Related to Realtek_Azalia Mixer Selector Source=Paul Collins Startup list [azmodem] Number=1239 Confirmed=Y Filename=azexe.exe Description=Aztech Labs modem driver Source=Paul Collins Startup list [a_vpd] Number=1240 Confirmed=? Filename=vpd.exe Description=Located in the IBMTOOLS\VPD sub-directory. What does it do and is it required? Source=Paul Collins Startup list [B'sCLiP] Number=1241 Confirmed=N Filename=BSCLIP.exe Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required Source=Paul Collins Startup list [b.exe] Number=1242 Confirmed=X Filename=b.exe Description=Added by the SDBOT.BND WORM! Source=Paul Collins Startup list [B.Reader] Number=1243 Confirmed=N Filename=remin.exe Description=Birthday Reminder 5.0 - as the name implies Source=Paul Collins Startup list [b3d] Number=1244 Confirmed=X Filename=BDEsecureinstall.exe Description=B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents Source=Paul Collins Startup list [b3dUpdate] Number=1245 Confirmed=X Filename=Zupdate.exe Description=Associated with B3d Projector foistware - see here Source=Paul Collins Startup list [b9] Number=1246 Confirmed=U Filename=B9.exe Description=FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" Source=Paul Collins Startup list [b99] Number=1247 Confirmed=X Filename=msmm.exe Description=ClientMan parasite variant Source=Paul Collins Startup list [bab] Number=1248 Confirmed=X Filename=svchst32.exe Description=Added by the AGENT.Q TROJAN! Source=Paul Collins Startup list [babeie] Number=1249 Confirmed=X Filename=rundll32 cnbabe.dll, dllstartup Description=CommonName Toolbar spyware. To uninstall see here Source=Paul Collins Startup list [Babylon Client] Number=1250 Confirmed=N Filename=Babylon.exe Description=Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" Source=Paul Collins Startup list [Babylon Translator] Number=1251 Confirmed=N Filename=Babylon.exe Description="Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" Source=Paul Collins Startup list [Back Updates] Number=1252 Confirmed=X Filename=Uninstall.log.vbs Description=Added by the YPSAN.D WORM! Source=Paul Collins Startup list [Back2zip] Number=1253 Confirmed=U Filename=Back2zip.exe Description=Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up Source=Paul Collins Startup list [Backdoor.NuAgent] Number=1254 Confirmed=X Filename=agent.exe Description=Added by the AGENT-DP TROJAN! Source=Paul Collins Startup list [Background Intelligent Transfer Service] Number=1255 Confirmed=X Filename=rundll32.exe Description=Added by the VB-ZD TROJAN! Note - this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate rundll32.exe file! Source=Paul Collins Startup list [BackgroundSwitcher] Number=1256 Confirmed=U Filename=bgswitch.exe Description=Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change Source=Paul Collins Startup list [BackgroundSwitcher] Number=1257 Confirmed=U Filename=BackgroundSwitcher.exe Description=John?s Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting Source=Paul Collins Startup list [Backpack UDF] Number=1258 Confirmed=N Filename=bpudfmon.exe Description=Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk Source=Paul Collins Startup list [backup] Number=1259 Confirmed=X Filename=[path to worm] Description=Added by the AGOBOT-H WORM! Source=Paul Collins Startup list [Backup Service] Number=1260 Confirmed=X Filename=backup.svc Description=Unidentified adware Source=Paul Collins Startup list [Backup4all OTB Agent] Number=1261 Confirmed=U Filename=B4AOTB.exe Description="Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" Source=Paul Collins Startup list [BackupExecScheduler] Number=1262 Confirmed=U Filename=besch.exe Description=Veritas "Back Up My PC" software Source=Paul Collins Startup list [BackupNotify] Number=1263 Confirmed=? Filename=backupnotify.exe Description=HP Digital Imaging related. What does it do and is it required? Source=Paul Collins Startup list [BackWeb] Number=1264 Confirmed=N Filename=backweb.exe Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs Source=Paul Collins Startup list [Backwork] Number=1265 Confirmed=N Filename=Backwork.exe Description=Backwork trojan detector Source=Paul Collins Startup list [BACPI10] Number=1266 Confirmed=U Filename=bacpi10a.exe Description=Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray Source=Paul Collins Startup list [BacsTray] Number=1267 Confirmed=N Filename=BacsTray.exe Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems Source=Paul Collins Startup list [BADDATE] Number=1268 Confirmed=X Filename=BADDATE.EXE Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [BagleAV] Number=1269 Confirmed=X Filename=csrss.exe Description=Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [Bakra] Number=1270 Confirmed=X Filename=IEHost.EXE Description=Added by the MULTIDR-AH TROJAN! Source=Paul Collins Startup list [bal] Number=1271 Confirmed=X Filename=SYSMONMS.EXE Description=Added by the FAKEALERT TROJAN! Source=Paul Collins Startup list [Band-Aid] Number=1272 Confirmed=X Filename=[path to file] Description=Added by the RANKY.O TROJAN! Source=Paul Collins Startup list [bandmon] Number=1273 Confirmed=U Filename=bandmon.exe Description=Rokario Bandwidth Monitor Source=Paul Collins Startup list [Bandook] Number=1274 Confirmed=X Filename=ali.exe Description=Added by the EXEMAS-B TROJAN! Source=Paul Collins Startup list [Bandwidth Monitor Pro] Number=1275 Confirmed=U Filename=Bandwidth Monitor Pro.exe Description=Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP Source=Paul Collins Startup list [Banpopup by Pratik] Number=1276 Confirmed=U Filename=Banpopup.exe Description=Banpopup - popup killer Source=Paul Collins Startup list [bantool] Number=1277 Confirmed=X Filename=ie_ban.exe Description=Detected as the VB.PO TROJAN! Source=Paul Collins Startup list [Bar Ding lolt] Number=1278 Confirmed=X Filename=Analiz.exe Description=Added by the RBOT-RP WORM! Source=Paul Collins Startup list [bargains] Number=1279 Confirmed=X Filename=bargains.exe Description=BargainBuddy foistware Source=Paul Collins Startup list [bargains] Number=1280 Confirmed=X Filename=bargainbuddy.exe Description=BargainBuddy foistware Source=Paul Collins Startup list [Bart Station] Number=1281 Confirmed=? Filename=station.sbrt Description=Related to PeoplePC ISP. May be a dialler for dial-up accounts? Source=Paul Collins Startup list [Bart Station] Number=1282 Confirmed=U Filename=PPCOLink.exe Description=Dialer for PeoplePC ISP Source=Paul Collins Startup list [BarTheme] Number=1283 Confirmed=X Filename=bartent32.exe Description=Added by the AGOBOT-UG WORM! Source=Paul Collins Startup list [bascstray] Number=1284 Confirmed=N Filename=BascsTray.exe Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems Source=Paul Collins Startup list [Bat] Number=1285 Confirmed=X Filename=secure2.bat Description=Added by the ZCREW.C TROJAN! Source=Paul Collins Startup list [Batchreg1] Number=1286 Confirmed=N Filename=N/A Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here Source=Paul Collins Startup list [BatInfEx] Number=1287 Confirmed=U Filename=rundll32.exe Description=Displays battery status information on an IBM Thinkpad Source=Paul Collins Startup list [BatSrv] Number=1288 Confirmed=X Filename=batserv2.exe Description=Detected by Kaspersky as the LOCKSY.M WORM! Source=Paul Collins Startup list [Battery Scope] Number=1289 Confirmed=U Filename=batmgr.exe Description=Monitors battery levels on a notebook/laptop PC Source=Paul Collins Startup list [BatteryBar] Number=1290 Confirmed=U Filename=batterybar.exe Description=BatteryBar - displays battery usage, and the current percentage of battery power left Source=Paul Collins Startup list [batterymiser] Number=1291 Confirmed=Y Filename=batterymiser.exe Description=Battery Miser power management utility for LG Notebooks Source=Paul Collins Startup list [BatteryMiser 5] Number=1292 Confirmed=Y Filename=BatteryMiser5.exe Description=Battery Miser 5 power management utility for LG Notebooks Source=Paul Collins Startup list [BatzBack] Number=1293 Confirmed=X Filename=BatzBack.scr Description=Added by the BACKZAT WORM! Source=Paul Collins Startup list [BAUSB] Number=1294 Confirmed=U Filename=BAUSB.exe Description=Boston Acoustics Audio, USB driver Source=Paul Collins Startup list [bawindo] Number=1295 Confirmed=X Filename=bawindo.exe Description=Added by the BEAGLE.AR or BEAGLE.AU WORMS! Source=Paul Collins Startup list [BayMgr] Number=1296 Confirmed=U Filename=DockApp.exe Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [Bayswap] Number=1297 Confirmed=U Filename=bayswap.exe Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [Bayswap2] Number=1298 Confirmed=U Filename=TbUpdate.exe Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [BBC Alerts] Number=1299 Confirmed=N Filename=BBC_Alerts.exe Description=BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" Source=Paul Collins Startup list [BBC News alerts] Number=1300 Confirmed=U Filename=skinkers.exe Description=BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens Source=Paul Collins Startup list [BBDial] Number=1301 Confirmed=? Filename=BT Broadband.exe Description=Part of BT Broandband - is it required? Source=Paul Collins Startup list [BBLauncher.exe] Number=1302 Confirmed=N Filename=BBLauncher.exe Description=BounceBack Professional - back-up software Source=Paul Collins Startup list [bbSysTray] Number=1303 Confirmed=N Filename=bbSysTray.exe Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" Source=Paul Collins Startup list [bbui] Number=1304 Confirmed=U Filename=bbui.exe Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection Source=Paul Collins Startup list [bca] Number=1305 Confirmed=U Filename=bca.exe Description=BeClean Agent - registry, history, temp files, etc cleaner Source=Paul Collins Startup list [BCDetect] Number=1306 Confirmed=U Filename=bcdetect.exe Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see Source=Paul Collins Startup list [BCMDMMSG] Number=1307 Confirmed=Y Filename=bcmdmmsg.exe Description=BCM voicemodem driver. Required for dial-up if you have one of these modems Source=Paul Collins Startup list [BCMHal] Number=1308 Confirmed=U Filename=rundll32.exe bcmhal9x.dll, bcinit Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings Source=Paul Collins Startup list [BCMSMMSG] Number=1309 Confirmed=Y Filename=BCMSMMSG.exe Description=BCM voicemodem driver. Required for dial-up if you have one of these modems Source=Paul Collins Startup list [bcmwltry] Number=1310 Confirmed=? Filename=bcmwltry.exe Description=Broadcom Corporation Wireless Network Tray Applet. Is it required? Source=Paul Collins Startup list [BCNT] Number=1311 Confirmed=N Filename=bcnt.exe Description=AWS Weatherbug related. What does it do? Source=Paul Collins Startup list [BCPC] Number=1312 Confirmed=X Filename=bcpc.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [bcpc_c] Number=1313 Confirmed=X Filename=bcpc_c.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [BCTweak] Number=1314 Confirmed=U Filename=bctweak.exe Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings Source=Paul Collins Startup list [Bcvsrv32] Number=1315 Confirmed=X Filename=bcvsrv32.exe Description=Added by the GAOBOT.BQJ WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1316 Confirmed=X Filename=he3.exe Description=Added by the AGOBOT.AKB WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1317 Confirmed=X Filename=msxml22.exe Description=Added by the AGOBOT.AKH WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1318 Confirmed=X Filename=msc32.exe Description=Added by the AGOBOT.AKD WORM! Source=Paul Collins Startup list [BCWipeTM] Number=1319 Confirmed=N Filename=bcwipetm.exe Description=BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed Source=Paul Collins Startup list [BD] Number=1320 Confirmed=X Filename=dc.exe Description=Added by the RASDOOR-A TROJAN! Source=Paul Collins Startup list [BDAgent] Number=1321 Confirmed=U Filename=bdagent.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BDMCon] Number=1322 Confirmed=Y Filename=Bdmcon.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BDNewsAgent] Number=1323 Confirmed=Y Filename=bdnagent.exe Description=BitDefender antivirus - updater Source=Paul Collins Startup list [BDOESRV] Number=1324 Confirmed=Y Filename=bdoesrv.exe Description=Bitdefender 8 antivirus and firewall Source=Paul Collins Startup list [BDRegion] Number=1325 Confirmed=U Filename=brs.exe Description=Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD Source=Paul Collins Startup list [BDSwitchAgent] Number=1326 Confirmed=Y Filename=bdswitch.exe Description=Bitdefender 8 antivirus and firewall Source=Paul Collins Startup list [BearFlix] Number=1327 Confirmed=U Filename=BearFlix.exe Description=BearFlix is optimized for the fast download of video files Source=Paul Collins Startup list [BearShare] Number=1328 Confirmed=N Filename=bearshare.exe Description=BearShare file sharing client. Versions known to include spyware - see here Source=Paul Collins Startup list [BeatNik Internet Clock] Number=1329 Confirmed=U Filename=BeatNik.exe Description=BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock Source=Paul Collins Startup list [Beawver] Number=1330 Confirmed=X Filename=saqevre.exe Description=Added by a variant of the RANKY TROJAN! Source=Paul Collins Startup list [Beegees Update] Number=1331 Confirmed=X Filename=beegees.exe Description=Added by the SDBOT-ADK WORM! Source=Paul Collins Startup list [BEEI] Number=1332 Confirmed=? Filename=beei.exe Description=?? Source=Paul Collins Startup list [BeFaster] Number=1333 Confirmed=U Filename=befaster3.exe Description=BeFaster internet connection optimization tool Source=Paul Collins Startup list [BEHL] Number=1334 Confirmed=? Filename=BEHL.exe Description=?? Source=Paul Collins Startup list [BEHLO] Number=1335 Confirmed=? Filename=BEHLO.exe Description=?? Source=Paul Collins Startup list [beidsystemtray] Number=1336 Confirmed=U Filename=beidsystemtray.exe Description=Related to Belgium Identity Card card reader Source=Paul Collins Startup list [Belkin PCMCIA WLAN Monitor] Number=1337 Confirmed=N Filename=monitorbk.exe Description=Belkin USB Network Adapter Management utility - can be started manually Source=Paul Collins Startup list [Belkin Wireless Utility] Number=1338 Confirmed=N Filename=Belkinwcui.exe Description=Wireles configuration utility for some Belkin cards such as the Wireless G Desktop Card Source=Paul Collins Startup list [BellSouthAlertManager.exe] Number=1339 Confirmed=U Filename=BellSouthAlertManager.exe Description=Related to BellSouth Alert Manager Source=Paul Collins Startup list [BelNotify] Number=1340 Confirmed=U Filename=rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify Description="BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" Source=Paul Collins Startup list [BELORVBI] Number=1341 Confirmed=? Filename=BELORVBI.exe Description=?? Source=Paul Collins Startup list [Belsta.exe] Number=1342 Confirmed=? Filename=Belsta.exe Description=Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? Source=Paul Collins Startup list [Belt] Number=1343 Confirmed=X Filename=Belt.exe Description=VX2.Transponder parasite updater/installer related Source=Paul Collins Startup list [Benadril Alert Tool] Number=1344 Confirmed=X Filename=benadrilalert.exe Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril Source=Paul Collins Startup list [BestCrypt Auto Open] Number=1345 Confirmed=U Filename=BestCrypt.exe Description=BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" Source=Paul Collins Startup list [BestPopUpKiller] Number=1346 Confirmed=X Filename=BestPopupKiller.exe Description=Popup killer by Swanksoft - not recommended, see here Source=Paul Collins Startup list [BestSync 2008] Number=1347 Confirmed=U Filename=BestSyncApp.exe Description=System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" Source=Paul Collins Startup list [BeSys] Number=1348 Confirmed=X Filename=[path to file] Description=BeSys adware Source=Paul Collins Startup list [beta] Number=1349 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [BF4P] Number=1350 Confirmed=X Filename=bf4p.exe Description=Added by the IRCBOT.GEN WORM! Source=Paul Collins Startup list [bg] Number=1351 Confirmed=Y Filename=bullguard.exe Description=Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster Source=Paul Collins Startup list [BGInfo] Number=1352 Confirmed=U Filename=Bginfo.exe Description=BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more Source=Paul Collins Startup list [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] Number=1353 Confirmed=U Filename=NMBgMonitor.exe Description=Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here Source=Paul Collins Startup list [BGNewsAgent] Number=1354 Confirmed=Y Filename=bgnewsag.exe Description=BullGuard antivirus updater Source=Paul Collins Startup list [bgsmsnd] Number=1355 Confirmed=N Filename=bgsmsnd.exe Description=Printer driver to generate PDF files from any program Source=Paul Collins Startup list [Bharatayuda] Number=1356 Confirmed=X Filename=GNB.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [BHOCop] Number=1357 Confirmed=N Filename=BHOCop.exe Description=PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware Source=Paul Collins Startup list [BHODemon 2.0] Number=1358 Confirmed=U Filename=BHODemon.exe Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand Source=Paul Collins Startup list [BHR] Number=1359 Confirmed=U Filename=BHR.exe Description=Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc Source=Paul Collins Startup list [BI1HelperStartUp] Number=1360 Confirmed=U Filename=BI1HEL~1.EXE Description=ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [BIE] Number=1361 Confirmed=X Filename=Rundll32.exe [path] BDSrHook.dll, Rundll32 Description=BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [BIG] Number=1362 Confirmed=X Filename=biggy.exe Description=Added by the DELBOT-AG WORM! Source=Paul Collins Startup list [BigDog303] Number=1363 Confirmed=U Filename=VM303_STI.EXE Description=Related to VIMICRO USB for PC Camera Source=Paul Collins Startup list [BigDog305] Number=1364 Confirmed=N Filename=VM305_STI.EXE Description=Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed Source=Paul Collins Startup list [BigDogPath] Number=1365 Confirmed=? Filename=VM_STI.EXE Description=Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? Source=Paul Collins Startup list [bigfix] Number=1366 Confirmed=N Filename=BIGFIX.EXE Description=BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet? Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog Source=Paul Collins Startup list [biglow] Number=1367 Confirmed=X Filename=biglow.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [bigoris] Number=1368 Confirmed=X Filename=bigoris.exe Description=Added by the DORF-AZ TROJAN! Source=Paul Collins Startup list [BigPond Toolbar] Number=1369 Confirmed=U Filename=bpumTray.exe Description=Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" Source=Paul Collins Startup list [BigPondCable] Number=1370 Confirmed=N Filename=bpcable.exe Description=Telstra Bigpond Cable login software - can be started manually Source=Paul Collins Startup list [BigPondWirelessBroadbandCM] Number=1371 Confirmed=Y Filename=BigPond_CM.exe Description=Related to BigPond_Wireless_Broadband Service by Telstra Source=Paul Collins Startup list [bikini] Number=1372 Confirmed=X Filename=bikini.exe Description=Added by the LOWZONE-CX TROJAN! Source=Paul Collins Startup list [BillGatesLoh.exe] Number=1373 Confirmed=X Filename=BillGatesLoh.exe Description=Added by the AGENT-FZO TROJAN! Source=Paul Collins Startup list [Billminder] Number=1374 Confirmed=N Filename=Billmind.exe Description=Can be setup in Quicken to remind user of due payments. Available via Start -> Programs Source=Paul Collins Startup list [bin32hpu] Number=1375 Confirmed=X Filename=ppstub.exe Description=PrecisionPop adware Source=Paul Collins Startup list [bingdian] Number=1376 Confirmed=X Filename=Bingdian.vbs Description=Added by the BINGD WORM! Source=Paul Collins Startup list [Bingo Charm] Number=1377 Confirmed=? Filename=charms.exe Description=Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? Source=Paul Collins Startup list [Biomenu] Number=1378 Confirmed=U Filename=menusw.exe Description=Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor Source=Paul Collins Startup list [Bionix Wallpaper 5] Number=1379 Confirmed=U Filename=Bionix Wallpaper 5.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1380 Confirmed=U Filename=Bionix Wallpaper 5beta.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1381 Confirmed=U Filename=BioniX Wallper.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1382 Confirmed=U Filename=BionixWallpaper5.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [Bios] Number=1383 Confirmed=X Filename=Bios32.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [bios] Number=1384 Confirmed=X Filename=bios.exe Description=Added by the BANCBAN-PW TROJAN! Source=Paul Collins Startup list [BIOS XP Loader] Number=1385 Confirmed=X Filename=[random filename] Description=Added by the RBOT-IC WORM! Source=Paul Collins Startup list [BIOS1] Number=1386 Confirmed=X Filename=BIOS1.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [BIOVCIP] Number=1387 Confirmed=? Filename=BIOVCIP.exe Description=?? Source=Paul Collins Startup list [BitComet] Number=1388 Confirmed=N Filename=BitComet.exe Description=BitComet P2P client - can be launched from Start -> Programs Source=Paul Collins Startup list [BitDefender Antiphishing Helper] Number=1389 Confirmed=Y Filename=IEShow.exe Description=Antiphishing component of BitDefender 2008 products Source=Paul Collins Startup list [BitDefender Antivirus] Number=1390 Confirmed=X Filename=BITDEFENDERX.EXE Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [BitDefender Communicator] Number=1391 Confirmed=Y Filename=xcommsvr.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender for MSN Messenger] Number=1392 Confirmed=U Filename=msnmon.exe Description=Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitDefender for Yahoo! Messenger] Number=1393 Confirmed=U Filename=yahmon.exe Description=Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitDefender Live! Init] Number=1394 Confirmed=Y Filename=bdinit.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender Scan Server] Number=1395 Confirmed=Y Filename=bdss.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender Virus Shield] Number=1396 Confirmed=Y Filename=vsserv.exe Description=BitDefender antivirus Source=Paul Collins Startup list [bitdefenderlive] Number=1397 Confirmed=Y Filename=avxlive.exe Description=Main program of BitDefender virus scanner/firewall Source=Paul Collins Startup list [BitDefender_P2P_Startup] Number=1398 Confirmed=U Filename=BitDefender_P2P_Startup.exe Description=Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitTorrent DNA] Number=1399 Confirmed=U Filename=btdna.exe Description="BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content" Source=Paul Collins Startup list [BitWare Print Monitor] Number=1400 Confirmed=N Filename=bwprnmon.exe Description=FaxServe network fax software Source=Paul Collins Startup list [BJ Printer Status Monitor] Number=1401 Confirmed=N Filename=Cjstsr.exe Description=Canon BJ printer status monitor Source=Paul Collins Startup list [BJ Status Monitor 5xx] Number=1402 Confirmed=N Filename=CJSTRxx.EXE Description=Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers Source=Paul Collins Startup list [bjcfd] Number=1403 Confirmed=N Filename=cdf.exe Description=BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs Source=Paul Collins Startup list [BJPD HID Control] Number=1404 Confirmed=U Filename=TVMon.exe Description=Related to Canon Photo viewer Source=Paul Collins Startup list [BlackICE PC Protection] Number=1405 Confirmed=N Filename=blackice.exe Description=Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD Source=Paul Collins Startup list [BlackIce Utility] Number=1406 Confirmed=N Filename=blackice.exe Description=Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD Source=Paul Collins Startup list [blads] Number=1407 Confirmed=U Filename=blads.exe Description=A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks Source=Paul Collins Startup list [blah service] Number=1408 Confirmed=X Filename=winupdate.exe Description=Added by the GAOBOT.BIA WORM! Source=Paul Collins Startup list [blah service] Number=1409 Confirmed=X Filename=winsysengine.exe Description=Added by the RBOT-KI WORM! Source=Paul Collins Startup list [blah service] Number=1410 Confirmed=X Filename=internet.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1411 Confirmed=X Filename=smnp.exe Description=Added by the RBOT.IZ WORM! Source=Paul Collins Startup list [blah service] Number=1412 Confirmed=X Filename=msnmsgrr.exe Description=Added by the RBOT.PZ WORM! Source=Paul Collins Startup list [blah service] Number=1413 Confirmed=X Filename=tazkmgr.exe Description=Added by the RBOT.UA WORM! Source=Paul Collins Startup list [blah service] Number=1414 Confirmed=X Filename=FaLeH.exe Description=Added by the RBOT-AES WORM! Source=Paul Collins Startup list [blah service] Number=1415 Confirmed=X Filename=microsoft.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1416 Confirmed=X Filename=evosys.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1417 Confirmed=X Filename=win32.exe Description=Added by the RBOT-AXO WORM! Source=Paul Collins Startup list [Blah service] Number=1418 Confirmed=X Filename=CCAPPS32.EXE Description=Added by the RBOT.TV WORM! Source=Paul Collins Startup list [blah services] Number=1419 Confirmed=X Filename=iczw.exe Description=Added by the RBOT-GMP WORM! Source=Paul Collins Startup list [blahh service] Number=1420 Confirmed=X Filename=msengine.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blahx service] Number=1421 Confirmed=X Filename=msnjompa.exe Description=Added by the SDBOT.AML WORM! Source=Paul Collins Startup list [Blank AntiViri] Number=1422 Confirmed=X Filename=AUT0EXEC.BAT Description=Detected by Symantec as the SILLYFDC WORM! See here Source=Paul Collins Startup list [BlazeChanger] Number=1423 Confirmed=N Filename=FBZPaper.exe Description=Ember graphic file viewer, manager, and touch-up system Source=Paul Collins Startup list [bldbubg] Number=1424 Confirmed=N Filename=bldbubg.exe Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system Source=Paul Collins Startup list [BLF] Number=1425 Confirmed=X Filename=blf.exe Description=Added by the DELBOT-M WORM! Source=Paul Collins Startup list [blinkx] Number=1426 Confirmed=U Filename=blinkx.exe Description=Blinkx Desktop "Smart Folders" software Source=Paul Collins Startup list [Blitzz BWI715] Number=1427 Confirmed=N Filename=WLANmon.exe Description=Blitzz Technology BWI715 Wireless PC modem connection monitor Source=Paul Collins Startup list [BLMessagingIntegration] Number=1428 Confirmed=X Filename=blengine.exe Description=BuddyLinks adware Source=Paul Collins Startup list [BlockAds] Number=1429 Confirmed=U Filename=blads.exe Description=A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks Source=Paul Collins Startup list [BlockChecker] Number=1430 Confirmed=X Filename=Block-checker.exe Description=BlockChecker adware Source=Paul Collins Startup list [Blocker System611 Monitoring] Number=1431 Confirmed=X Filename=PopUpBlocker611.exe Description=Added by the RBOT.BLJ WORM! Source=Paul Collins Startup list [BlockTracker] Number=1432 Confirmed=N Filename=BlockTracker.exe Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file Source=Paul Collins Startup list [BLOG] Number=1433 Confirmed=U Filename=rundll32.exe [path] BatLogEx.DLL, StartBattLog Description=IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc Source=Paul Collins Startup list [blsloader] Number=1434 Confirmed=U Filename=blsloader.exe Description=BellSouth ISP Internet Tools Source=Paul Collins Startup list [blss] Number=1435 Confirmed=X Filename=blss.exe Description=Added by the BLARUL TROJAN! Source=Paul Collins Startup list [BLSTAPP] Number=1436 Confirmed=N Filename=blstapp.exe Description=Puts access to Creative's BlasterControl in the System Tray Source=Paul Collins Startup list [Blubster] Number=1437 Confirmed=N Filename=Blubster.exe Description=Related to Blubster Music sharing service Source=Paul Collins Startup list [Blue Frog] Number=1438 Confirmed=U Filename=bluefrog.exe Description=Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive Source=Paul Collins Startup list [Blue Service] Number=1439 Confirmed=X Filename=[path to trojan] Description=Added by the BANCOS-BCW TROJAN! Source=Paul Collins Startup list [BlueLight_uoltray] Number=1440 Confirmed=? Filename=exec.exe Description=Related to BlueLight Internet. What does it do and is it required? Source=Paul Collins Startup list [BlueSoleil] Number=1441 Confirmed=U Filename=BLUESO~1.EXE Description=BlueSoleil Bluetooth wireless manager from IVT Corporation Source=Paul Collins Startup list [BlueSpace NE] Number=1442 Confirmed=U Filename=BlueSpaceNE.exe Description="BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs Source=Paul Collins Startup list [Bluetooth Config] Number=1443 Confirmed=X Filename=btwindin32.exe Description=Added by the SDBOT-DFN WORM! Source=Paul Collins Startup list [Bluetooth Connection Assistant] Number=1444 Confirmed=U Filename=LBTWiz.exe Description=Bluetooth connection manager for Logitech based bluetooth wireless products Source=Paul Collins Startup list [BlueToothAuthentication Agent] Number=1445 Confirmed=U Filename=RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent Description=Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup Source=Paul Collins Startup list [Blueyonder Instant Support Tool] Number=1446 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BMail Installation] Number=1447 Confirmed=N Filename=FTP_back.exe Description=Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not Source=Paul Collins Startup list [Bman] Number=1448 Confirmed=X Filename=BMan1.exe Description=Abcsearch.com/DealHelper adware variant Source=Paul Collins Startup list [BMMGAG] Number=1449 Confirmed=U Filename=Rundll32 PWRMONIT.DLL, StartPwrMonitor Description=Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window Source=Paul Collins Startup list [BMMLREF] Number=1450 Confirmed=U Filename=BMMLREF.EXE Description=Battery Manager for IBM ThinkPad laptops Source=Paul Collins Startup list [BMMMONWND] Number=1451 Confirmed=U Filename=rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor Description=Battery power management utility for Lenovo (IBM) ThinkPad laptops Source=Paul Collins Startup list [BMO MasterCard Wallet] Number=1452 Confirmed=U Filename=EWALLET.EXE Description=The wallet conveniently stores billing, shipping and payment information on your PC Source=Paul Collins Startup list [BMonq] Number=1453 Confirmed=X Filename=bmonq.exe Description=Detected by Trend Micro as the CLICKER.HZ TROJAN! See here Source=Paul Collins Startup list [BMupdate] Number=1454 Confirmed=N Filename=BMupdate.exe Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install Source=Paul Collins Startup list [BMZ] Number=1455 Confirmed=X Filename=bmz.exe Description=NCase adware Source=Paul Collins Startup list [Bndt32] Number=1456 Confirmed=X Filename=Bndt32.exe Description=Added by the LACON WORM! Source=Paul Collins Startup list [Bnexe] Number=1457 Confirmed=X Filename=[random filename] Description=Added by the KITRO.D (or ARGEN.A) WORM! Source=Paul Collins Startup list [BO1HelperStartUp] Number=1458 Confirmed=U Filename=BO1HEL~1.EXE Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [BO1HelperStartUp] Number=1459 Confirmed=U Filename=Bo1helper.exe Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [Boarddata] Number=1460 Confirmed=X Filename=[path] repcale.exe [path] palsp.exe Description=Added by a variant of the RANDON.AN WORM! Source=Paul Collins Startup list [boat32] Number=1461 Confirmed=X Filename=boat32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [boby] Number=1462 Confirmed=X Filename=csrs.scr Description=Added by the BANCBAN-PC TROJAN! Source=Paul Collins Startup list [BOC-412] Number=1463 Confirmed=Y Filename=BOC412.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 Source=Paul Collins Startup list [BOC-420] Number=1464 Confirmed=Y Filename=BOC420.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 Source=Paul Collins Startup list [BOC-421] Number=1465 Confirmed=Y Filename=BOC421.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 Source=Paul Collins Startup list [BOC-422] Number=1466 Confirmed=Y Filename=BOC422.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 Source=Paul Collins Startup list [BOC-423] Number=1467 Confirmed=Y Filename=BOC423.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 Source=Paul Collins Startup list [BOC-424] Number=1468 Confirmed=Y Filename=BOC424.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 Source=Paul Collins Startup list [BOC-425] Number=1469 Confirmed=Y Filename=BOC425.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 Source=Paul Collins Startup list [BOC-426] Number=1470 Confirmed=Y Filename=BOC426.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 Source=Paul Collins Startup list [BOC-427] Number=1471 Confirmed=Y Filename=BOC427.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 Source=Paul Collins Startup list [BOCleanautostart] Number=1472 Confirmed=Y Filename=Boclean.exe Description=NSClean's BOClean anti-trojan software Source=Paul Collins Startup list [BOINC Manager] Number=1473 Confirmed=U Filename=boincmgr.exe Description=BOINC manager - "controls the use of your computer's disk, network, and processor resources" Source=Paul Collins Startup list [Boingo Wireless Utility] Number=1474 Confirmed=U Filename=Icon###XXX#X#.exe Description=Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs Source=Paul Collins Startup list [bolenja] Number=1475 Confirmed=X Filename=bolenja.exe Description=Added by the WANTVI.BF TROJAN! Source=Paul Collins Startup list [bolenjx] Number=1476 Confirmed=X Filename=bolenjx.exe Description=Added by the ELDYCOW.O TROJAN! Source=Paul Collins Startup list [boler.exe] Number=1477 Confirmed=X Filename=syser.exe Description=Added by the RBOT-AYS WORM! Source=Paul Collins Startup list [bombshel] Number=1478 Confirmed=U Filename=BOMB32.EXE Description=Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems Source=Paul Collins Startup list [Bonzi Buddy] Number=1479 Confirmed=X Filename=?? Description=Bonzi Buddy adware - see here for removal instructions Source=Paul Collins Startup list [boo] Number=1480 Confirmed=X Filename=boo.exe Description=Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! Source=Paul Collins Startup list [BookedSpace] Number=1481 Confirmed=X Filename=RunDLL32.EXE bs2.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [BookmarkCentral] Number=1482 Confirmed=N Filename=BMLauncher.exe Description=Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" Source=Paul Collins Startup list [BookMarkSink] Number=1483 Confirmed=N Filename=syncit.exe Description=Bookmark synchronization utility Source=Paul Collins Startup list [BookMarkSync] Number=1484 Confirmed=N Filename=syncit.exe Description=Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing Source=Paul Collins Startup list [BookMarkSync2It] Number=1485 Confirmed=N Filename=sync2it.exe Description=Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing Source=Paul Collins Startup list [Boost XP Service] Number=1486 Confirmed=U Filename=bxservice.exe Description=Boost XP from Systweak - WinXP tweaking utility Source=Paul Collins Startup list [boot] Number=1487 Confirmed=X Filename=boot.exe Description=Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Boot] Number=1488 Confirmed=U Filename=Boot.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "Acer\Empowering Technology\ePower" directory Source=Paul Collins Startup list [Boot Check] Number=1489 Confirmed=X Filename=bootchk.exe Description=Added by the DELBOT-AB WORM! Source=Paul Collins Startup list [Boot Config] Number=1490 Confirmed=X Filename=bootconfig.exe Description=Added by the FLOOD-EV TROJAN! Source=Paul Collins Startup list [Boot K] Number=1491 Confirmed=X Filename=bootk.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Manager] Number=1492 Confirmed=X Filename=Njgal.exe Description=Added by the KILO TROJAN! Source=Paul Collins Startup list [Boot Manager] Number=1493 Confirmed=X Filename=bootmng.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Boot Server] Number=1494 Confirmed=X Filename=bootserver.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Service] Number=1495 Confirmed=X Filename=bootservice.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Service] Number=1496 Confirmed=X Filename=bootsv.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Verify] Number=1497 Confirmed=X Filename=bootvfy.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [BootCfg] Number=1498 Confirmed=X Filename=Install.log.vbs Description=Added by the YPSAN.D WORM! Source=Paul Collins Startup list [BootCTRL] Number=1499 Confirmed=X Filename=bootctrl.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [BootLoader] Number=1500 Confirmed=X Filename=BootLoader.exe.vbs Description=Added by the WATERWORKS WORM! Source=Paul Collins Startup list [bootpd.exe] Number=1501 Confirmed=X Filename=bootpd.exe Description=Added by the AGENT-DT TROJAN! Source=Paul Collins Startup list [BootsCfg] Number=1502 Confirmed=X Filename=wscript.exe [path] Date.POP.vbs Description=Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1503 Confirmed=X Filename=wscript.exe [path] All Users.vbs Description=Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1504 Confirmed=X Filename=wscript.exe [path] All Users.vbe Description=Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1505 Confirmed=X Filename=wscript.exe Install.log.vbs Description=Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [BootStatus] Number=1506 Confirmed=U Filename=BOOTST~1.EXE Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources Source=Paul Collins Startup list [BootWarn] Number=1507 Confirmed=U Filename=BootWarn.exe Description=From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start \ Programs \ Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" Source=Paul Collins Startup list [boot_reg] Number=1508 Confirmed=X Filename=[path to file] Description=Added by the BANCBAN-CA TROJAN! Source=Paul Collins Startup list [Bose Wave/PC Monitor] Number=1509 Confirmed=N Filename=wavepcmonitor.exe Description=System Tray access for this system (more info on the system here). Available via Start -> Programs Source=Paul Collins Startup list [BossIdea] Number=1510 Confirmed=X Filename=winlogin.exe Description=Added by the LINEAGE-I TROJAN! Source=Paul Collins Startup list [Boston] Number=1511 Confirmed=? Filename=Boston.exe Description=Part of the Boston Acoustics USB speaker systems. What does it do and is it required? Source=Paul Collins Startup list [Bot Loader] Number=1512 Confirmed=X Filename=svchostt.exe Description=Added by the GAOBOT.ALV WORM! Source=Paul Collins Startup list [Bouncer RunStartup] Number=1513 Confirmed=X Filename=bouncer.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [Bouncer RunStartup] Number=1514 Confirmed=X Filename=LiveUpdate.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [boy lovers of bsd] Number=1515 Confirmed=X Filename=ilikeboys.exe Description=Added by the MYTOB.LY WORM! Source=Paul Collins Startup list [bpcpost.exe] Number=1516 Confirmed=U Filename=bpcpost.exe Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it Source=Paul Collins Startup list [BPCv2 re] Number=1517 Confirmed=X Filename=bpc2 re inst.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [BPK] Number=1518 Confirmed=U Filename=bpk.exe Description=Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [BPServer] Number=1519 Confirmed=N Filename=ICQLite.exe Description=ICQ Lite - compact version of the popular messaging program Source=Paul Collins Startup list [BQTray.exe] Number=1520 Confirmed=U Filename=BQTray.exe Description=System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually Source=Paul Collins Startup list [Brasil] Number=1521 Confirmed=X Filename=Brasil.exe Description=Added by the OPASERV.E WORM! Source=Paul Collins Startup list [Brasil] Number=1522 Confirmed=X Filename=BRASIL.PIF Description=Added by the OPASERV.E WORM! Source=Paul Collins Startup list [BrasilOld] Number=1523 Confirmed=X Filename=[worm filename] Description=Added by the OPASERV.P WORM! Source=Paul Collins Startup list [BraveSentry] Number=1524 Confirmed=X Filename=BraveSentry.exe Description=BraveSentry spyware remover - not recommended, see here Source=Paul Collins Startup list [braviax] Number=1525 Confirmed=X Filename=braviax.exe Description=Added by the FAKEALER.LE TROJAN! Source=Paul Collins Startup list [Brct] Number=1526 Confirmed=X Filename=trdb.exe Description=Detected by Kaspersky as the PURITYSCAN.Y TROJAN! Source=Paul Collins Startup list [Break_Reminder] Number=1527 Confirmed=U Filename=BREAK REMINDER.exe Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here Source=Paul Collins Startup list [Bredbandsbolaget] Number=1528 Confirmed=Y Filename=servicecenter.exe Description=Related to the Brebband Swedish Broadband provider Source=Paul Collins Startup list [Breg] Number=1529 Confirmed=X Filename=bcre.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Breg] Number=1530 Confirmed=X Filename=bptre.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Breg] Number=1531 Confirmed=X Filename=breg.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Bridge] Number=1532 Confirmed=X Filename=rundll32.exe ...Bridge.dll Description=Flingstone.com browser hijacker Source=Paul Collins Startup list [Brindys BriTray] Number=1533 Confirmed=Y Filename=BRITRAY.EXE Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired Source=Paul Collins Startup list [BrmfRmPA] Number=1534 Confirmed=U Filename=BrmfRmPA.exe Description=Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate Source=Paul Collins Startup list [broadband medic] Number=1535 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntl\broadband Help is required to run with the Help and Support program. If you uncheck ntl\broadband Help and and then run Help and Support it will add another ntl\broadband Help in the startup menu. If you remove the ntl\broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [Broadband Wizard] Number=1536 Confirmed=N Filename=bbwiz.exe Description=Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs Source=Paul Collins Startup list [BroadCamRun] Number=1537 Confirmed=N Filename=broadCam.exe Description=BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone Source=Paul Collins Startup list [Broadcom Wireless Manager UI] Number=1538 Confirmed=U Filename=bcmntray.exe Description=Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [Broadcom Wireless Manager UI] Number=1539 Confirmed=N Filename=wltray.exe Description=System tray access to wireless LAN card configuration options Source=Paul Collins Startup list [Bron-Spizaetus] Number=1540 Confirmed=X Filename=CVT.exe Description=Added by the RONTOKBRO WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1541 Confirmed=X Filename=norBtok.exe Description=Added by the RONTOKBRO.B WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1542 Confirmed=X Filename=[path to file] Description=Added by the BRONTOK-F WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1543 Confirmed=X Filename=bronstab.exe Description=Added by the RONTOKBRO.C WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1544 Confirmed=X Filename=eksplorasi.exe Description=Added by the RONTOKBRO.J WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1545 Confirmed=X Filename=ElnorB.exe Description=Added by the RONTOKBRO.D WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1546 Confirmed=X Filename=sempalong.exe Description=Added by the BRONTOK-E WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1547 Confirmed=X Filename=RakyatKelaparan.exe Description=Added by the BRONTOK-J or BRONTOK-L WORMS! Source=Paul Collins Startup list [Bron-Spizaetus-5118REPM] Number=1548 Confirmed=X Filename=komodo-6321422.exe Description=Added by the BRONTOK-R WORM! Source=Paul Collins Startup list [Bron-Spizaetus-cfgmktoq] Number=1549 Confirmed=X Filename=bbm-qotkmgfc.exe Description=Added by the BRONTOK-M WORM! Source=Paul Collins Startup list [Bron-Spizaetus-cfgmmnru] Number=1550 Confirmed=X Filename=bbm-urnmmgfc.exe Description=Added by the BRONTOK-N WORM! Source=Paul Collins Startup list [BrowseProxy] Number=1551 Confirmed=X Filename=FindService.exe Description=Actual Names (AdvSearch) Internet Keywords parasite Source=Paul Collins Startup list [browser] Number=1552 Confirmed=X Filename=msgaol.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1553 Confirmed=X Filename=s_menu.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1554 Confirmed=X Filename=browse.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1555 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser aid] Number=1556 Confirmed=X Filename=browseraid.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [Browser Help Svc] Number=1557 Confirmed=X Filename=BHSV.EXE Description=Added by the RBOT-AVQ WORM! Source=Paul Collins Startup list [Browser Hijack Blaster] Number=1558 Confirmed=Y Filename=bhblaster.exe Description=Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard Source=Paul Collins Startup list [Browser Launcher] Number=1559 Confirmed=U Filename=Commandr.exe Description=Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys Source=Paul Collins Startup list [Browser Pal] Number=1560 Confirmed=X Filename=adblck.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [Browser Sentinel] Number=1561 Confirmed=U Filename=BrowserSentinel.exe Description=Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page Source=Paul Collins Startup list [BrowserUpdateSched] Number=1562 Confirmed=X Filename=[random filename] Description=ZenoSearch adware Source=Paul Collins Startup list [BrowserWebCheck] Number=1563 Confirmed=N Filename=loadwc.exe Description=Checks to make sure that IE is still your default browser Source=Paul Collins Startup list [BrO_AcT] Number=1564 Confirmed=X Filename=BrO-AcT.exe Description=Added by the SILLYFDC-D WORM! Source=Paul Collins Startup list [brwdiag] Number=1565 Confirmed=X Filename=[path to worm] Description=Added by the STRATIO-BN WORM! Source=Paul Collins Startup list [BS Player] Number=1566 Confirmed=N Filename=bsplayer.exe Description=BSplayer - A video player used to play avi, mpg, wmv and other multimedia files Source=Paul Collins Startup list [BsCLiP] Number=1567 Confirmed=N Filename=BSCLIP.exe Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required Source=Paul Collins Startup list [Bsoft lppt01] Number=1568 Confirmed=X Filename=Bsoft.exe Description=RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [bsplayer] Number=1569 Confirmed=N Filename=bsplayer.exe Description=BSplayer - a video player used to play avi, mpg, wmv and other multimedia files Source=Paul Collins Startup list [BSserver] Number=1570 Confirmed=X Filename=FileKan.exe Description=Added by the VB.CBW WORM! Source=Paul Collins Startup list [BSVCHOST] Number=1571 Confirmed=X Filename=SVCH0ST.EXE Description=Added by the VOXOM TROJAN! Source=Paul Collins Startup list [Bsx3] Number=1572 Confirmed=X Filename=RunDLL32.EXE bs3.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [BT] Number=1573 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-B TROJAN! Source=Paul Collins Startup list [BT Broadband Desktop Help] Number=1574 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BT Broadband Help] Number=1575 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BT00003*] Number=1576 Confirmed=X Filename=abcdefg23.exe Description=Added by the VB-VT TROJAN where * = 5,6 or 7! Source=Paul Collins Startup list [BT00003*] Number=1577 Confirmed=X Filename=hiklmnop27.exe Description=Added by the VB-VT TROJAN where * = 2,3 or 4! Source=Paul Collins Startup list [btbb_wcm_McciTrayApp] Number=1578 Confirmed=U Filename=McciTrayApp.exe Description=System tray access to Motive's Broadband 2.0 configuration and repair utility Source=Paul Collins Startup list [btinst] Number=1579 Confirmed=? Filename=btinst.exe Description=Associated with an Anycom bluetooth wireless card. What does it do and is it required? Source=Paul Collins Startup list [BTModemProtection] Number=1580 Confirmed=U Filename=BTModemProtection.exe Description=BT Privacy Online modem protection software, see here Source=Paul Collins Startup list [btmsre.exe] Number=1581 Confirmed=X Filename=btmsre.exe Description=Detected by PCTools as the SDBOT.ACIK BACKDOOR! See here Source=Paul Collins Startup list [BTopenworld] Number=1582 Confirmed=U Filename=DialBTYahoo.exe Description=BT Yahoo! internet connection manager Source=Paul Collins Startup list [BTSETBOOTKEY] Number=1583 Confirmed=? Filename=BTSetBootKey.exe Description=Related to a USB Bluetooth adaptor. What does it do and is it required? Source=Paul Collins Startup list [BtStart] Number=1584 Confirmed=U Filename=btstart.exe Description=Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software Source=Paul Collins Startup list [bttray] Number=1585 Confirmed=U Filename=bttray.exe Description=System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device Source=Paul Collins Startup list [BTUSRBDG] Number=1586 Confirmed=Y Filename=BtUsrBdg.exe Description=Used with a Mitsumi USB Bluetooth adaptor (and maybe others) Source=Paul Collins Startup list [BTUSRBDGF] Number=1587 Confirmed=Y Filename=BtUsrBdg.exe Description=Used with a Mitsumi USB Bluetooth adaptor (and maybe others) Source=Paul Collins Startup list [BTV] Number=1588 Confirmed=X Filename=btv.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Bubble] Number=1589 Confirmed=Y Filename=Bubble.exe Description=Added by Windows SteadyState which "helps make it easy for you to keep your computers running the way you want them to, no matter who uses them." Bubble allows notification messages to appear on a computer managed by Windows SteadyState Source=Paul Collins Startup list [Buddyizer] Number=1590 Confirmed=N Filename=Buddyizer.exe Description=Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network Source=Paul Collins Startup list [BudgetSip] Number=1591 Confirmed=N Filename=BudgetSip.exe Description=BudgetSip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [BUFFALO Power Save Utility for HD] Number=1592 Confirmed=U Filename=HDManage.exe Description=Power Save utility for Buffalo backup hard discs Source=Paul Collins Startup list [Bug Eliminator] Number=1593 Confirmed=N Filename=Bug_Elim.exe Description=Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!" Source=Paul Collins Startup list [bugwatcher service] Number=1594 Confirmed=U Filename=bugwatcher.exe Description=Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures Source=Paul Collins Startup list [BuildBU] Number=1595 Confirmed=N Filename=bldbubg.exe Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system Source=Paul Collins Startup list [BuildLab] Number=1596 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [BuildLab] Number=1597 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [BuildLabs] Number=1598 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [BuildLabs] Number=1599 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [Bulldog Service] Number=1600 Confirmed=U Filename=upsd.exe Description=Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link Source=Paul Collins Startup list [BulletProof FTP Server] Number=1601 Confirmed=N Filename=bpftpserver.exe Description=BulletProof FTP Server Source=Paul Collins Startup list [BullGuard] Number=1602 Confirmed=Y Filename=mgui.exe Description=Part of Bullguard antivirus Source=Paul Collins Startup list [BullGuard] Number=1603 Confirmed=Y Filename=BullGuard.exe Description=Part of BullGuard antivirus Source=Paul Collins Startup list [BullGuard Update] Number=1604 Confirmed=U Filename=avxlive.exe Description=Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions Source=Paul Collins Startup list [BullGuard XComm] Number=1605 Confirmed=Y Filename=XCOMMSVR.EXE Description=Part of Bullguard antivirus Source=Paul Collins Startup list [BullGuardInit] Number=1606 Confirmed=Y Filename=AVXINIT.EXE Description=Part of Bullguard antivirus Source=Paul Collins Startup list [BullguardoptIn] Number=1607 Confirmed=Y Filename=bulldownload.exe Description=Part of Bullguard antivirus Source=Paul Collins Startup list [BullsEye] Number=1608 Confirmed=X Filename=bargains.exe Description=BargainBuddy adware Source=Paul Collins Startup list [BullsEye Network] Number=1609 Confirmed=X Filename=bargains.exe Description=BargainBuddy adware Source=Paul Collins Startup list [BullsEye Tracker] Number=1610 Confirmed=? Filename=BeTrack.exe Description=Bullseye - intelligent research assistant Source=Paul Collins Startup list [Bunx] Number=1611 Confirmed=X Filename=beagle.exe Description=Added by the LEBREAT-E WORM! Source=Paul Collins Startup list [buritos] Number=1612 Confirmed=X Filename=buritos.exe Description=Identified as a variant of the Downloader.FraudLoad.C malware Source=Paul Collins Startup list [BurnQuick Queue] Number=1613 Confirmed=N Filename=BQTray.exe Description=System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually Source=Paul Collins Startup list [Button Server] Number=1614 Confirmed=U Filename=bttnserv.exe Description=Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required Source=Paul Collins Startup list [ButtonKey] Number=1615 Confirmed=N Filename=ButtonKey.exe Description=CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut Source=Paul Collins Startup list [Buzme] Number=1616 Confirmed=N Filename=Bmui.exe Description=Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem Source=Paul Collins Startup list [BuzMe] Number=1617 Confirmed=U Filename=RCUI.exe Description=Display Client for the BuzMe Internet Call Waiting Service Source=Paul Collins Startup list [Buzof.exe] Number=1618 Confirmed=U Filename=buzof.exe Description=Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes" Source=Paul Collins Startup list [BVWORSFM] Number=1619 Confirmed=X Filename=bvworsfm.exe Description=Added by the DLUCA-AD TROJAN! Source=Paul Collins Startup list [bwprnmon.exe] Number=1620 Confirmed=N Filename=bwprnmon.exe Description=FaxServe network fax software Source=Paul Collins Startup list [bxproxy] Number=1621 Confirmed=X Filename=bxproxy.exe Description=Added by the BXPROXY TROJAN! Source=Paul Collins Startup list [bxproxy] Number=1622 Confirmed=X Filename=[random].dll Description=Spyware Soft Stop misleading security software - not recommended, see here and here Source=Paul Collins Startup list [bxsx5] Number=1623 Confirmed=X Filename=RunDLL32.EXE bsx5.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [bxxs5] Number=1624 Confirmed=X Filename=RunDLL32.EXE bxxs5.dll, dllrun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Bymer.Scanner] Number=1625 Confirmed=X Filename=Wininit.exe Description=Added by the BYMER WORM! Source=Paul Collins Startup list [Bymer.Scanner] Number=1626 Confirmed=X Filename=Msinit.exe Description=Added by the BYMER WORM! Source=Paul Collins Startup list [BySoft FreeRAM] Number=1627 Confirmed=U Filename=FreeRAM.exe Description="Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [c] Number=1628 Confirmed=X Filename=c:\archiv~1\win.com Description=Added by the CUYDOC TROJAN! Source=Paul Collins Startup list [C-Media Echo Control] Number=1629 Confirmed=U Filename=EchoCtrl.exe Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer Source=Paul Collins Startup list [C-Media Mixer] Number=1630 Confirmed=N Filename=Mixer.exe Description=C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs Source=Paul Collins Startup list [C2K] Number=1631 Confirmed=U Filename=CYB2K.EXE Description=CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser Source=Paul Collins Startup list [c32cs2] Number=1632 Confirmed=U Filename=c32cs2.exe Description=Cyber Sentinel - internet filtering software Source=Paul Collins Startup list [C7] Number=1633 Confirmed=X Filename=[path to worm] Description=Added by the MEDIAKILL.A WORM! Source=Paul Collins Startup list [C:\Program Files\NetMeter\NetMeter.exe] Number=1634 Confirmed=U Filename=NetMeter.exe Description="Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems" Source=Paul Collins Startup list [C:\WINDOWS\IEXPLOR.EXE] Number=1635 Confirmed=X Filename=IEXPLOR.EXE Description="Pop Marketing" adware Source=Paul Collins Startup list [C:\WINDOWS\system32\SetupCmd.exe] Number=1636 Confirmed=X Filename=SetupCmd.exe Description=Detected by Kaspersky as the AGENT.AAW TROJAN! Source=Paul Collins Startup list [C:\WINDOWS\WinTask.exe] Number=1637 Confirmed=X Filename=WinTask.exe Description="Pop Marketing" adware Source=Paul Collins Startup list [CA-AMAgent] Number=1638 Confirmed=U Filename=amagent.exe Description=Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting Source=Paul Collins Startup list [CaAvTray] Number=1639 Confirmed=Y Filename=CAVTray.exe Description=eTrust? EZ Antivirus system tray application from Computer Associates Source=Paul Collins Startup list [Cabchk] Number=1640 Confirmed=X Filename=Cabchk.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Cabchk32] Number=1641 Confirmed=X Filename=Cabchk32.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [CABCInstall] Number=1642 Confirmed=X Filename=CABCInstall.exe Description=Ignite Technologies (was CABC) content delivery software Source=Paul Collins Startup list [Cable Modem Adapter] Number=1643 Confirmed=X Filename=WindowsSec.exe Description=Added by the WOOTBOT.A WORM! Source=Paul Collins Startup list [CacheBoost] Number=1644 Confirmed=U Filename=trayicon.exe Description=CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost" Source=Paul Collins Startup list [CacheLoader] Number=1645 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADER-NZ TROJAN! Source=Paul Collins Startup list [Cacheman] Number=1646 Confirmed=N Filename=Cacheman.exe Description=Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up Source=Paul Collins Startup list [CacheMgr] Number=1647 Confirmed=Y Filename=CacheMgr.exe Description=Sophos Antivirus Remote Update Source=Paul Collins Startup list [CacheSentry Pro] Number=1648 Confirmed=U Filename=CacheSentry Pro.exe Description="CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache" Source=Paul Collins Startup list [CACStarter] Number=1649 Confirmed=N Filename=cacstart.exe Description=Cash A Check - check writing software Source=Paul Collins Startup list [Caddais BackupOnDemand] Number=1650 Confirmed=U Filename=BODMon.exe Description=Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location" Source=Paul Collins Startup list [Cadenza] Number=1651 Confirmed=U Filename=CdzSvc.exe Description=Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices Source=Paul Collins Startup list [CADS] Number=1652 Confirmed=U Filename=cads.exe Description=Cyber Sentinel - internet filtering software Source=Paul Collins Startup list [CafeStation] Number=1653 Confirmed=U Filename=CafeStation.exe Description="CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics" Source=Paul Collins Startup list [cafwc] Number=1654 Confirmed=Y Filename=cafw.exe Description=CA Personal Firewall - part of the CA Internet Security Suite Source=Paul Collins Startup list [CAgent] Number=1655 Confirmed=N Filename=CAgent.exe Description=Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents Source=Paul Collins Startup list [cAgOu] Number=1656 Confirmed=X Filename=[filename].hta Description=Added by the KAKWORM WORM! Source=Paul Collins Startup list [CahootWebcard] Number=1657 Confirmed=N Filename=CahootWebcard.exe Description="The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed Source=Paul Collins Startup list [caidiysetup] Number=1658 Confirmed=X Filename=diynetsetupuni.exe Description=DIYNet adware Source=Paul Collins Startup list [CAISafe] Number=1659 Confirmed=Y Filename=isafe.exe Description=Part of Computer Associates eTrust EZ Antivirus Source=Paul Collins Startup list [CaISSDT] Number=1660 Confirmed=U Filename=caissdt.exe Description=Computer Associates Dashboard Tray applet Source=Paul Collins Startup list [Cal Reminder Shortcut] Number=1661 Confirmed=N Filename=calrem.exe Description=Produces a pop-up reminder of events scheduled using the MS Office Calendar Source=Paul Collins Startup list [Calc Microsoft Windows] Number=1662 Confirmed=X Filename=wincalc.exe Description=Added by an unidentied WORM or TROJAN! Source=Paul Collins Startup list [CALC32] Number=1663 Confirmed=X Filename=CALC32.EXE Description=Added by the SPYBOT-EC WORM! Source=Paul Collins Startup list [Calendar 200X Reminder] Number=1664 Confirmed=N Filename=calendar.exe Description=Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc Source=Paul Collins Startup list [Calendarscope] Number=1665 Confirmed=U Filename=cs.exe Description=Calendarscope calendar software Source=Paul Collins Startup list [calk] Number=1666 Confirmed=X Filename=calk.exe Description=Added by the STARTPA-FH TROJAN! Source=Paul Collins Startup list [Call Function System32] Number=1667 Confirmed=X Filename=sddriver.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Call32] Number=1668 Confirmed=X Filename=Call32.exe Description=Added by the SPAMMIT-H TROJAN! Source=Paul Collins Startup list [CallBumping] Number=1669 Confirmed=Y Filename=cbpopw.exe Description=Related to the Gazel 128 PCI ISDN adapter. Required if you use it Source=Paul Collins Startup list [CallCenter Main Application] Number=1670 Confirmed=U Filename=V3calmcp.exe Description="V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application Source=Paul Collins Startup list [CallCenter Printer Interface] Number=1671 Confirmed=U Filename=V3faxecp.exe Description="V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer Source=Paul Collins Startup list [CallControl] Number=1672 Confirmed=N Filename=ftctrl32.exe Description=FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows Source=Paul Collins Startup list [CamCheck] Number=1673 Confirmed=N Filename=CamCheck.exe Description=NuCam camera software related Source=Paul Collins Startup list [Cameno] Number=1674 Confirmed=U Filename=Cameno.exe Description=Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above Source=Paul Collins Startup list [Camera Assistant Software] Number=1675 Confirmed=U Filename=traybar.exe Description=Camera Assistant Software utility for Toshiba laptops - allows you to take pictures with and control the integrated WebCam Source=Paul Collins Startup list [Camera Detector] Number=1676 Confirmed=U Filename=CAMDET~*.EXE Description=ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically Source=Paul Collins Startup list [Camera Detector] Number=1677 Confirmed=U Filename=Camdetect.exe Description=ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically Source=Paul Collins Startup list [Camera Detector] Number=1678 Confirmed=U Filename=DEVDET~*.EXE Description=ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically Source=Paul Collins Startup list [Camio Viewer x] Number=1679 Confirmed=N Filename=IXApplet.exe Description=Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version Source=Paul Collins Startup list [CamMonitor] Number=1680 Confirmed=? Filename=hpqcmon.exe Description=From HP and related to digital imaging Source=Paul Collins Startup list [Canada] Number=1681 Confirmed=N Filename=Canada.exe Description=Known to be a dialler - but is it maliscous or clean? Source=Paul Collins Startup list [Canary] Number=1682 Confirmed=U Filename=canary-std.exe Description=Canary keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [candy] Number=1683 Confirmed=X Filename=command32.exe Description=Added by the RBOT-LV WORM! Source=Paul Collins Startup list [candynet] Number=1684 Confirmed=X Filename=Taskmsg.exe Description=Added by the RBOT-NA WORM! Source=Paul Collins Startup list [Canon MultiPASS Status Monitor] Number=1685 Confirmed=U Filename=monitr32.exe Description=Cannon Multi-Pass status monitor - your choice Source=Paul Collins Startup list [Canon PC1200 iC D600 iR1200G Status Window] Number=1686 Confirmed=? Filename=CAPM1LAK.EXE Description=Cannon printer related - is it required in startup? Source=Paul Collins Startup list [Canon Printer Monitor BJCxxx] Number=1687 Confirmed=N Filename=Cjstlst.exe Description=Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs Source=Paul Collins Startup list [CanonMyPrinter] Number=1688 Confirmed=U Filename=BJMyPrt.exe Description=Printer software for Canon Bubblejet printers Source=Paul Collins Startup list [CanonSolutionMenu] Number=1689 Confirmed=U Filename=CNSLMAIN.exe Description=Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files Source=Paul Collins Startup list [CAP3ON] Number=1690 Confirmed=? Filename=CAP3ONN.EXE Description=Canon driver, purpose unknown. Is it required in startup? Source=Paul Collins Startup list [capfasem] Number=1691 Confirmed=Y Filename=capfasem.exe Description=CA Personal Firewall - part of the CA Internet Security Suite Source=Paul Collins Startup list [Capfax] Number=1692 Confirmed=N Filename=capfax.exe Description=PhoneTools fax software Source=Paul Collins Startup list [capfupgrade] Number=1693 Confirmed=U Filename=capfupgrade.exe Description=CA Personal Firewall - part of the CA Internet Security Suite Source=Paul Collins Startup list [CAPing] Number=1694 Confirmed=U Filename=CAPing.exe Description=Citibank Citianywhere software Source=Paul Collins Startup list [Capon] Number=1695 Confirmed=Y Filename=Capon.exe Description=Canon printer driver Source=Paul Collins Startup list [Capon] Number=1696 Confirmed=Y Filename=Caponn.exe Description=Canon printer driver Source=Paul Collins Startup list [CaptionMgr32] Number=1697 Confirmed=X Filename=crssr.exe Description=Added by the ZAR.A WORM! Source=Paul Collins Startup list [capture] Number=1698 Confirmed=X Filename=capture.exe Description=Added by the THEEF-B TROJAN! Source=Paul Collins Startup list [Capture Express 2000] Number=1699 Confirmed=N Filename=capexp.exe Description=Capture Express - screen capture utility Source=Paul Collins Startup list [CaptureBat] Number=1700 Confirmed=N Filename=Capture.exe Description=!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats" Source=Paul Collins Startup list [Carbonite Backup] Number=1701 Confirmed=N Filename=CarboniteUI.exe Description="Carbonite?s online backup service starts automatically and works quietly and continuously in the background protecting your data" Source=Paul Collins Startup list [Card Monitor] Number=1702 Confirmed=N Filename=REGCNT09.exe Description=For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs Source=Paul Collins Startup list [Care20] Number=1703 Confirmed=X Filename=Care20.exe Description=TopMoxie adware Source=Paul Collins Startup list [Care2GTU] Number=1704 Confirmed=U Filename=Care2GTU.exe Description=Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it Source=Paul Collins Startup list [carpserv] Number=1705 Confirmed=U Filename=carpserv.exe Description=Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example Source=Paul Collins Startup list [CARPserver] Number=1706 Confirmed=X Filename=CARPserver.exe Description=Added by the BANKER-AN TROJAN! Source=Paul Collins Startup list [CARPservice] Number=1707 Confirmed=U Filename=carpserv.exe Description=Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example Source=Paul Collins Startup list [cartao] Number=1708 Confirmed=X Filename=[path to file] Description=Added by the DLOADER-QD TROJAN! Source=Paul Collins Startup list [cartao] Number=1709 Confirmed=X Filename=conflicted.exe Description=Added by the DADOBRA-DV TROJAN! Source=Paul Collins Startup list [cartao] Number=1710 Confirmed=X Filename=killing.exe Description=Added by the DLOADER-QN TROJAN! Source=Paul Collins Startup list [CAS Client] Number=1711 Confirmed=X Filename=casclient.exe Description=CasinoClient adware Source=Paul Collins Startup list [Cas2Stub] Number=1712 Confirmed=X Filename=cas2stub.exe Description=CasinoClient adware Source=Paul Collins Startup list [CasAgnt] Number=1713 Confirmed=U Filename=CasAgnt.exe Description=Program by Extended Systems which allows you to sync your Casio PDA with your PC Source=Paul Collins Startup list [Casdvqwa] Number=1714 Confirmed=X Filename=bmqnzkg.exe Description=Added by the RANDEX.BE WORM! Source=Paul Collins Startup list [caseyvideo] Number=1715 Confirmed=X Filename=CaseyVideo.exe Description=Malware causing p0rn popups Source=Paul Collins Startup list [caseyvideo] Number=1716 Confirmed=X Filename=caseyvideo[*].exe [* = digit] Description=Malware causing p0rn popups Source=Paul Collins Startup list [CashBack] Number=1717 Confirmed=X Filename=cashback.exe Description=Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch Source=Paul Collins Startup list [CashFiesta] Number=1718 Confirmed=X Filename=Cashfiesta.exe Description=CASHFIESTA.A pay-per-surf adware Source=Paul Collins Startup list [Cashsurfers Cashbar Navigator] Number=1719 Confirmed=N Filename=Cashbar.Exe Description=Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" Source=Paul Collins Startup list [CashToolbar] Number=1720 Confirmed=X Filename=MSCStat.exe Description=Added by the DOWNLOADER-MY TROJAN! Source=Paul Collins Startup list [CashToolbar] Number=1721 Confirmed=X Filename=svchost.exe Description=BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Casino Royale] Number=1722 Confirmed=X Filename=jamesbond.exe Description=Added by the RBOT-FZO WORM! Source=Paul Collins Startup list [Cassandra] Number=1723 Confirmed=X Filename=[10 to 14 random char]THD.EXE Description=Added by the KREPPER-AI TROJAN! Source=Paul Collins Startup list [Cassandra] Number=1724 Confirmed=X Filename=cassandra.exe Description=SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN! Source=Paul Collins Startup list [CasStub] Number=1725 Confirmed=X Filename=casstub.exe Description=Added by the CASS-A TROJAN! Source=Paul Collins Startup list [Catalyst Control Centre] Number=1726 Confirmed=X Filename=atixvdm.exe Description=Added by the RBOT.DMW TROJAN! Source=Paul Collins Startup list [catsrv] Number=1727 Confirmed=X Filename=catsrv.exe Description=Added by the PAPLOK TROJAN! Source=Paul Collins Startup list [CAVRID] Number=1728 Confirmed=Y Filename=CAVRID.exe Description=eTrust? EZ Antivirus Real Time Infection Report from Computer Associates Source=Paul Collins Startup list [CAVS] Number=1729 Confirmed=Y Filename=CAVS.exe Description=Cheyenne (now eTrust) antivirus Source=Paul Collins Startup list [CAZNOVAS] Number=1730 Confirmed=X Filename=CAZNOVAS.exe Description=Added by the CAZNO TROJAN! Source=Paul Collins Startup list [CBACK.EXE] Number=1731 Confirmed=X Filename=CBACK.EXE Description=Added by the PENTA-A TROJAN! Source=Paul Collins Startup list [CBWAttn] Number=1732 Confirmed=U Filename=CBWAttn.exe Description=Required for Bitware to answer incoming faxes, can cause sleep mode problems Source=Paul Collins Startup list [CBWHost] Number=1733 Confirmed=U Filename=CBWHost.exe Description=Required for Bitware to answer incoming faxes, can cause sleep mode problems Source=Paul Collins Startup list [CBWUser] Number=1734 Confirmed=? Filename=CBWDial.exe Description=Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop Source=Paul Collins Startup list [CC2KUI] Number=1735 Confirmed=X Filename=comet.exe Description=Comet Cursor adware Source=Paul Collins Startup list [Ccao] Number=1736 Confirmed=X Filename=regedit.exe Description=Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change Source=Paul Collins Startup list [ccApp] Number=1737 Confirmed=Y Filename=ccApp.exe Description=Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this Source=Paul Collins Startup list [ccApp] Number=1738 Confirmed=X Filename=[random filename] Description=Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus Source=Paul Collins Startup list [ccApp] Number=1739 Confirmed=X Filename=WMADZ.EXE Description=Added by the RBOT-LJ WORM! Source=Paul Collins Startup list [ccApp] Number=1740 Confirmed=X Filename=.EXE Description=Added by the RBOT-LJ WORM! Source=Paul Collins Startup list [ccApp] Number=1741 Confirmed=X Filename=gcasServ.exe Description=Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name Source=Paul Collins Startup list [ccAppr] Number=1742 Confirmed=X Filename=svcrhost.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccAppr] Number=1743 Confirmed=X Filename=expIorer.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccAppr] Number=1744 Confirmed=X Filename=outIook.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccAppr] Number=1745 Confirmed=X Filename=svcshost.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccApps] Number=1746 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [ccApps] Number=1747 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [ccApps] Number=1748 Confirmed=X Filename=N/A Description=Added by the KANGAROO-A TROJAN! Source=Paul Collins Startup list [ccApps] Number=1749 Confirmed=X Filename=ccApps.exe Description=Added by the KANGAROO-B WORM! Source=Paul Collins Startup list [ccctp] Number=1750 Confirmed=X Filename=HistoryJMTi.exe Description=Added by the GANBATE.A WORM! Source=Paul Collins Startup list [CCD Manager] Number=1751 Confirmed=U Filename=DDS.EXE Description=Project Labs Century CD manager for their CD/DVD storage device Source=Paul Collins Startup list [Ccdecode] Number=1752 Confirmed=N Filename=rundll32.exe streamci, StreamingDeviceSetup Description=Part of the closed caption decdoder/MS VBI codec. Should only run once Source=Paul Collins Startup list [CCDoctorLogonTesting] Number=1753 Confirmed=Y Filename=ccdoctor.exe Description=Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product Source=Paul Collins Startup list [ccenter] Number=1754 Confirmed=Y Filename=CCenter.exe Description=RAV AntiVirus Source=Paul Collins Startup list [CcEvtMgr] Number=1755 Confirmed=Y Filename=ccEvtMgr.exe Description=Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this Source=Paul Collins Startup list [ccEvtMrg.exe] Number=1756 Confirmed=X Filename=ccEvtMrg.exe Description=Added by the RBOT.GZ WORM! Source=Paul Collins Startup list [ccExecute] Number=1757 Confirmed=X Filename=bootcfg1.exe Description=Added by the NEMSI-B VIRUS! Source=Paul Collins Startup list [ccHelp] Number=1758 Confirmed=X Filename=ccHelp.hta Description="Searchq" adware Source=Paul Collins Startup list [ccleaner] Number=1759 Confirmed=U Filename=ccleaner.exe Description=CCleaner - removes unused files from your system Source=Paul Collins Startup list [ccpApps] Number=1760 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [ccpApps] Number=1761 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [ccProxy] Number=1762 Confirmed=U Filename=CCPROXY.EXE Description=Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage Source=Paul Collins Startup list [ccPrxy.exe] Number=1763 Confirmed=X Filename=ccPrxy.exe Description=Added by the SHIPUP-H WORM! Source=Paul Collins Startup list [CcPxySvc] Number=1764 Confirmed=Y Filename=CCPXYSVC.exe Description=Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall Source=Paul Collins Startup list [ccreg] Number=1765 Confirmed=X Filename=explorer.exe Description=Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [CcRegVfy] Number=1766 Confirmed=Y Filename=ccRegVfy.exe Description=Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack" Source=Paul Collins Startup list [ccRegVfY] Number=1767 Confirmed=X Filename=expIorer.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccRegVfY] Number=1768 Confirmed=X Filename=svcrhost.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccRegVfY] Number=1769 Confirmed=X Filename=svcshost.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccRegVfY] Number=1770 Confirmed=X Filename=outIook.exe Description=Added by the TACTSLAY.A TROJAN! Source=Paul Collins Startup list [ccrss] Number=1771 Confirmed=X Filename=msdtc.exe Description=Added by the STAP-C WORM! Source=Paul Collins Startup list [ccSetMgr] Number=1772 Confirmed=Y Filename=ccSetMgr.exe Description=Part of Norton AntiVirus 2004. What does it do? Source=Paul Collins Startup list [ccSvcHst.exe] Number=1773 Confirmed=X Filename=ccSvcHst.exe Description=Added by the SDBOT-DIW WORM! Source=Paul Collins Startup list [ccsvit.exe] Number=1774 Confirmed=X Filename=ccsvit.exe Description=Added by the STARTPA-HP TROJAN! Source=Paul Collins Startup list [cctray] Number=1775 Confirmed=U Filename=cctray.exe Description=Part of CA Internet Security Suite Source=Paul Collins Startup list [ccUpdate] Number=1776 Confirmed=X Filename=ccUpdate.exe Description=Added by the AGOBOT.YS WORM! Source=Paul Collins Startup list [ccUpdMgr] Number=1777 Confirmed=U Filename=ccUpdMgr.exe Description=In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself! Source=Paul Collins Startup list [CCUTRAYICON] Number=1778 Confirmed=U Filename=CCU_TrayIcon.exe Description=Related to Traybar Launcher from Intel Corporation belonging to Intel(R) Viiv? Source=Paul Collins Startup list [ccWasher] Number=1779 Confirmed=U Filename=aolwasher.exe Description=Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL Source=Paul Collins Startup list [CCWC7a] Number=1780 Confirmed=U Filename=ac.exe Description=Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free Source=Paul Collins Startup list [CCWC7I] Number=1781 Confirmed=U Filename=idxl.exe Description=Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free Source=Paul Collins Startup list [CCWC7s] Number=1782 Confirmed=U Filename=stealth.exe Description=Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free Source=Paul Collins Startup list [CCWinTray] Number=1783 Confirmed=Y Filename=wintmr.exe Description=System Tray access to Child Control parental control software by Salfield Source=Paul Collins Startup list [CD Storage Master] Number=1784 Confirmed=N Filename=cdstorager.exe Description=CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection Source=Paul Collins Startup list [cd1] Number=1785 Confirmed=X Filename=cd1.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [CDANTSRV] Number=1786 Confirmed=N Filename=CDANTSRV.exe Description=C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually Source=Paul Collins Startup list [Cdcompat] Number=1787 Confirmed=X Filename=Cdcompat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [cddrv32] Number=1788 Confirmed=X Filename=cddrv32.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [CDInterceptor] Number=1789 Confirmed=N Filename=cdi.exe Description=CD indexer for measuring the speed of CD players Source=Paul Collins Startup list [cdloader] Number=1790 Confirmed=Y Filename=cdloader2.exe Description=From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge" Source=Paul Collins Startup list [CdnCtr] Number=1791 Confirmed=X Filename=cdnup.exe Description=CNNIC Update pest Source=Paul Collins Startup list [CDriver] Number=1792 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [CDriver] Number=1793 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Cdrom Controller] Number=1794 Confirmed=X Filename=cdromcntrl.exe Description=Added by the BATTRY-A TROJAN! Source=Paul Collins Startup list [cds] Number=1795 Confirmed=X Filename=cds.exe Description=Added by the SPYMON TROJAN! Source=Paul Collins Startup list [CDSpeed.exe] Number=1796 Confirmed=X Filename=CDSpeed.exe Description=Detected by Kaspersky as the IRCBOT.AEX TROJAN! Source=Paul Collins Startup list [CDTray] Number=1797 Confirmed=N Filename=CDTray.exe Description=On HP PCs, this is the small CD icon next to the time Source=Paul Collins Startup list [CeEKEY] Number=1798 Confirmed=U Filename=CeEKey.exe Description=Hot Key utility included on Toshiba Satellite laptops Source=Paul Collins Startup list [CeEPOWER] Number=1799 Confirmed=U Filename=cepmtray.exe Description=Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times Source=Paul Collins Startup list [Ceic] Number=1800 Confirmed=? Filename=Ceic.exe Description=?? Source=Paul Collins Startup list [Cekirge] Number=1801 Confirmed=X Filename=[path to worm] Description=Added by the KERGEZ.A WORM! Source=Paul Collins Startup list [center] Number=1802 Confirmed=X Filename=[random name]32.exe Description=Added by the BOFRA.A WORM! Source=Paul Collins Startup list [CentralProcessor] Number=1803 Confirmed=X Filename=taskimgr.exe Description=Added by the BANCOS.J TROJAN! Source=Paul Collins Startup list [CEPA] Number=1804 Confirmed=? Filename=wsot.exe Description=?? Source=Paul Collins Startup list [CertificateRegistration] Number=1805 Confirmed=U Filename=SafeSignCertReg.exe Description=SafeSign Certificate Registration Utility for Microsoft Crypto applications Source=Paul Collins Startup list [CertReg] Number=1806 Confirmed=U Filename=certreg.exe Description=Related to Gemplus Card Reader Source=Paul Collins Startup list [CertStoreInit] Number=1807 Confirmed=Y Filename=CertStoreInit Description=Aladdin eToken authentication and password management Source=Paul Collins Startup list [CesarFTP FTP Server] Number=1808 Confirmed=N Filename=server.exe Description=CesarFTPd - FTP server Source=Paul Collins Startup list [cesmain.dll] Number=1809 Confirmed=X Filename=Rundll32.exe [path] cmail.dll, Rundll32 Description=CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [CEventMgr] Number=1810 Confirmed=X Filename=Cell.exe Description=Added by the BIFROSE-AK TROJAN! Source=Paul Collins Startup list [CFD] Number=1811 Confirmed=N Filename=CFD.exe Description=BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs Source=Paul Collins Startup list [CFDStart] Number=1812 Confirmed=X Filename=WinMuschi.exe Description=WINMUSCHI dialler Source=Paul Collins Startup list [cfgboost] Number=1813 Confirmed=X Filename=cfgboot.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [cfgintpr] Number=1814 Confirmed=Y Filename=cfgintpr.exe Description=Configuration Interpreter - part of Tiny Personal Firewall V4 Source=Paul Collins Startup list [cfgmgr51] Number=1815 Confirmed=X Filename=RunDLL32.EXE cfgmgr51.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [cfgmgr52] Number=1816 Confirmed=X Filename=RunDLL32.EXE cfgmgr52.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [cfgwiz] Number=1817 Confirmed=N Filename=cfgwiz.exe Description=Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it Source=Paul Collins Startup list [cFosDNT] Number=1818 Confirmed=? Filename=cFosDNT.exe Description=cFos DSL Modem driver related. What does it do and is it required? Source=Paul Collins Startup list [cFosInst_Check] Number=1819 Confirmed=? Filename=cfosinst.exe Description=cFos DSL Modem driver related. What does it do and is it required? Source=Paul Collins Startup list [cFosSpeed] Number=1820 Confirmed=U Filename=cFosSpeed.exe Description=cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly Source=Paul Collins Startup list [CFSServ.exe] Number=1821 Confirmed=U Filename=CFSServ.exe Description=Belongs to Toshiba's configfree utility and searches for Wireless Devices Source=Paul Collins Startup list [cftmon] Number=1822 Confirmed=X Filename=sfcmonit.exe Description=Added by a variant of the AGENT.ERG TROJAN! Source=Paul Collins Startup list [cftmon32] Number=1823 Confirmed=X Filename=taskmgr*.exe [* = number] Description=Added by the SOWSAT.C and SOWSAT.J WORMS! Source=Paul Collins Startup list [cfy] Number=1824 Confirmed=X Filename=cfy.exe Description=Surfenhance.com SearchForIt adware variant Source=Paul Collins Startup list [CGI Firewall Script] Number=1825 Confirmed=X Filename=CGIAGENT.EXE Description=Added by the BROPIA-U WORM! Source=Paul Collins Startup list [CGServer] Number=1826 Confirmed=U Filename=cgserver.exe Description=Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs Source=Paul Collins Startup list [Cgtask Services] Number=1827 Confirmed=X Filename=cgtask.exe Description=Added by the LALA.B TROJAN! Source=Paul Collins Startup list [Cgywin] Number=1828 Confirmed=X Filename=cgywin32.exe Description=Added by the RBOT-AEI WORM! Source=Paul Collins Startup list [ChamClock] Number=1829 Confirmed=U Filename=ChamClock.exe Description=Chameleon Clock - system tray clock replacement Source=Paul Collins Startup list [change-me-now] Number=1830 Confirmed=X Filename=msgfix1.exe Description=Added by the SDBOT.ZD WORM! Source=Paul Collins Startup list [ChangeICON] Number=1831 Confirmed=U Filename=SPMSMON.EXE Description=Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem Source=Paul Collins Startup list [ChangeLines] Number=1832 Confirmed=? Filename=chngline.exe Description=?? Source=Paul Collins Startup list [Charter High-Speed Security Suite] Number=1833 Confirmed=Y Filename=fspex.exe Description=Charter High-Speed Security Suite - security software in collaboration with F-Secure Source=Paul Collins Startup list [Chatango] Number=1834 Confirmed=N Filename=Chatango.exe Description=Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately Source=Paul Collins Startup list [ChatStat] Number=1835 Confirmed=U Filename=ChatStat.exe Description=ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive Source=Paul Collins Startup list [Chcenter] Number=1836 Confirmed=N Filename=chcenter.exe Description=IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files" Source=Paul Collins Startup list [Chckup] Number=1837 Confirmed=X Filename=Netverchk.exe Description=Covert Sys Exec malware variant Source=Paul Collins Startup list [chcp.exe] Number=1838 Confirmed=X Filename=chcp.exe Description=Detected by Kaspersky as the SDBOT.BMH WORM! See here Source=Paul Collins Startup list [che32] Number=1839 Confirmed=X Filename=che.ocx.vbs Description=Added by the ADENU-B VIRUS! Source=Paul Collins Startup list [Cheatle] Number=1840 Confirmed=X Filename=GigaByte.exe Description=Added by the SHODI.B VIRUS! Source=Paul Collins Startup list [Check] Number=1841 Confirmed=X Filename=Check.exe Description=Added by the VB-DRN WORM! Source=Paul Collins Startup list [Check for One Touch Update] Number=1842 Confirmed=N Filename=wiseupdt.exe Description=Checks for updates for Visioneer OneTouch scanners Source=Paul Collins Startup list [Check for TWS Updates] Number=1843 Confirmed=N Filename=WiseUpdt.exe Description=Interactive Brokers - check for update to their standalone Java-based trading platform Source=Paul Collins Startup list [Check Messenger] Number=1844 Confirmed=U Filename=cmesseng.exe Description=Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness Source=Paul Collins Startup list [Check&Get] Number=1845 Confirmed=U Filename=Check&Get.exe Description=Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents Source=Paul Collins Startup list [CheckCustomWorksUpdate] Number=1846 Confirmed=N Filename=CheckCWupdate.exe Description=Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations" Source=Paul Collins Startup list [CheckDialer] Number=1847 Confirmed=U Filename=ChkDial.exe Description=Added by the CheckDialer modem connection monitoring tool Source=Paul Collins Startup list [Checkdisk] Number=1848 Confirmed=X Filename=mscas.exe Description=Added by the VAGON-A TROJAN! Source=Paul Collins Startup list [CheckFaultKernel] Number=1849 Confirmed=X Filename=mswdm.exe Description=Added by the SMALL-CSK TROJAN! Source=Paul Collins Startup list [CheckIt] Number=1850 Confirmed=U Filename=ToolBox.exe Description=CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify Source=Paul Collins Startup list [CheckIt 86] Number=1851 Confirmed=U Filename=CheckIt86.exe Description=CheckIt 86 popup blocker Source=Paul Collins Startup list [CheckMsgPlus] Number=1852 Confirmed=Y Filename=MsgPlusH.dll, VerifyInstallation Description=Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info. Source=Paul Collins Startup list [checkrun] Number=1853 Confirmed=X Filename=elite***32.exe [* = random char] Description=EliteBar adware Source=Paul Collins Startup list [checkrun] Number=1854 Confirmed=X Filename=elitelsj32.exe Description=Added by the MULTIDR-ER TROJAN! Source=Paul Collins Startup list [CheckScan32] Number=1855 Confirmed=X Filename=regload16.exe Description=Added by the AEBOT.K WORM! Source=Paul Collins Startup list [checktime] Number=1856 Confirmed=? Filename=ct.exe Description=Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required? Source=Paul Collins Startup list [CheckVCR] Number=1857 Confirmed=Y Filename=IOMagic.exe Description=Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) Source=Paul Collins Startup list [CheckWinPerf] Number=1858 Confirmed=X Filename=perfinfo.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [CherryKeyMan] Number=1859 Confirmed=U Filename=KeyMan.exe Description=Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys Source=Paul Collins Startup list [chiCkie] Number=1860 Confirmed=X Filename=chiCkie.exe Description=Added by the CHIKO WORM! Source=Paul Collins Startup list [ChicoSys] Number=1861 Confirmed=U Filename=webtmr.exe Description=Child Control parental control software Source=Paul Collins Startup list [ChikkaDefault] Number=1862 Confirmed=U Filename=ChikkaLauncher.exe Description=Chikka PC text messanger and IM client Source=Paul Collins Startup list [china11msn] Number=1863 Confirmed=X Filename=CHINA11MSN.EXE Description=Added by the ENVID.O WORM! Source=Paul Collins Startup list [ChineseStar] Number=1864 Confirmed=U Filename=cstar.exe Description=Chinese language support software Source=Paul Collins Startup list [CHIPDRIVEPinManager] Number=1865 Confirmed=U Filename=sokscmpn.exe Description=ChipDrive Smartcard software Source=Paul Collins Startup list [CHIPDRIVESmartcardManager] Number=1866 Confirmed=U Filename=SCMgr.exe Description=ChipDrive Smartcard software Source=Paul Collins Startup list [CHK Disker] Number=1867 Confirmed=X Filename=chkdsker.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [CHK NT] Number=1868 Confirmed=X Filename=chkntf.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [CHKADMIN] Number=1869 Confirmed=N Filename=CHKADMIN.EXE Description=Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability" Source=Paul Collins Startup list [ChkDisk] Number=1870 Confirmed=X Filename=chk_disk.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [chkdrv] Number=1871 Confirmed=X Filename=iemon.exe Description=Detected by Symantec as the ADCLICKER TROJAN! Source=Paul Collins Startup list [chkdsk] Number=1872 Confirmed=X Filename=autoexec.bat Description=Added by the ANPES WORM! Source=Paul Collins Startup list [ChkMail] Number=1873 Confirmed=U Filename=ChkMail.exe Description=Mail-checking program supplied with Acer notebooks Source=Paul Collins Startup list [ChoiceMail] Number=1874 Confirmed=U Filename=CHOICEMAIL.EXE Description=ChoiceMail from DigiPortal Software. Block spam with an Email firewall Source=Paul Collins Startup list [Choke] Number=1875 Confirmed=X Filename=Choke.exe-blahh Description=Added by the CHOKE WORM! Source=Paul Collins Startup list [chope] Number=1876 Confirmed=X Filename=runlli32.exe Description=Added by the QQPASS-U TROJAN! Source=Paul Collins Startup list [chostsv] Number=1877 Confirmed=X Filename=chostsv.exe Description=Added by the BANPAES.C TROJAN! Source=Paul Collins Startup list [CHotKey] Number=1878 Confirmed=U Filename=mhotkey.exe Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features Source=Paul Collins Startup list [CHotKey] Number=1879 Confirmed=U Filename=MK9805.EXE Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features Source=Paul Collins Startup list [CHotKey] Number=1880 Confirmed=U Filename=zHotkey.exe Description=Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features Source=Paul Collins Startup list [Christmas Music Player] Number=1881 Confirmed=N Filename=TTEST6.EXE Description="Christmas Music Player brings the music of the Christmas Holiday to your desktop" Source=Paul Collins Startup list [ChromeMark] Number=1882 Confirmed=? Filename=keysh.exe Description=Related to this. Don't know what keysh.exe does though and if it's required Source=Paul Collins Startup list [ChronitelInitTV] Number=1883 Confirmed=? Filename=CHTVINIT.EXE Description=?? Source=Paul Collins Startup list [chrono] Number=1884 Confirmed=U Filename=chrono.exe Description=Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over Source=Paul Collins Startup list [Ci Svr] Number=1885 Confirmed=X Filename=cisvr.exe Description=Detected by Trend Micro as the IRCBOT.AWN BACKDOOR! See here Source=Paul Collins Startup list [ci1gnt] Number=1886 Confirmed=X Filename=ci1gnt.exe Description=Detected by Kaspersky as the AGENT.DHU TROJAN! Source=Paul Collins Startup list [CiaBackdoor] Number=1887 Confirmed=X Filename=msldr.com Description=Added by a VIRUS! Source=Paul Collins Startup list [cihost.exe] Number=1888 Confirmed=X Filename=cihost.exe Description=Added by the LINST TROJAN! Source=Paul Collins Startup list [CIJxP2PSERVER] Number=1889 Confirmed=N Filename=CIJxP2PS.EXE Description=Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 Source=Paul Collins Startup list [Cingular Communication Manager] Number=1890 Confirmed=Y Filename=CingularCCM.exe Description=Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office" Source=Paul Collins Startup list [Cinnabd Prompt32] Number=1891 Confirmed=X Filename=CmdPrompt32.pif Description=Added by the ASSIRAL-B WORM! Source=Paul Collins Startup list [CIO] Number=1892 Confirmed=N Filename=che7e1~1.exe Description=ChatItOut webcam chat program Source=Paul Collins Startup list [Ciodiag] Number=1893 Confirmed=X Filename=DECCONF.EXE Description=Added by the STRAT.EL TROJAN! Source=Paul Collins Startup list [CirebonPunya] Number=1894 Confirmed=X Filename=XXrocks.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [Cisco Systems VPN Client] Number=1895 Confirmed=U Filename=ipsecdialer.exe Description=Cisco VPN Client - lets local users gain Administrator privileges on the operating system Source=Paul Collins Startup list [Cisco Systems VPN Client] Number=1896 Confirmed=N Filename=vpngui.exe Description=Sets up IPSec communications for Cisco's VPN Client Source=Paul Collins Startup list [CISrvr Program] Number=1897 Confirmed=N Filename=CISRVR.EXE Description=Related to internet setup on Compaq PC's Source=Paul Collins Startup list [Cissi] Number=1898 Confirmed=X Filename=Cissi.exe Description=Added by the CISSI.A WORM! Source=Paul Collins Startup list [CitiUCS] Number=1899 Confirmed=U Filename=CitiUCS.exe Description=Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online" Source=Paul Collins Startup list [CitiVAN] Number=1900 Confirmed=N Filename=CitiVAN.exe Description=Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again Source=Paul Collins Startup list [cjb] Number=1901 Confirmed=X Filename=cjb.exe Description=Added by and unidentified WORM or TROJAN! See here Source=Paul Collins Startup list [CJET] Number=1902 Confirmed=X Filename=CJet.exe Description=FFToolBar adware toolbar Source=Paul Collins Startup list [Cjstcom] Number=1903 Confirmed=Y Filename=Cjstcom.exe Description=Canon printer BJ status language monitor Source=Paul Collins Startup list [ClamWin] Number=1904 Confirmed=Y Filename=ClamTray.exe Description=ClamWin antivirus Source=Paul Collins Startup list [Classes] Number=1905 Confirmed=X Filename=int1.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1906 Confirmed=X Filename=intl.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1907 Confirmed=X Filename=run_21.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1908 Confirmed=X Filename=srv.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1909 Confirmed=X Filename=srv2.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1910 Confirmed=X Filename=MSTAR2.EXE Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [Classes] Number=1911 Confirmed=X Filename=mstart.exe Description="Switch" premium rate adult content dialler variant Source=Paul Collins Startup list [clcbt.exe] Number=1912 Confirmed=X Filename=clcbt.exe Description=Added by the AGENT.CBA TROJAN! Source=Paul Collins Startup list [clcl3] Number=1913 Confirmed=X Filename=clcl3.exe Description=Added by the AGENT.ES TROJAN! Source=Paul Collins Startup list [clcl7] Number=1914 Confirmed=X Filename=clcl7.exe Description=Added by a variant of the Covert Sys Exec TROJAN! Source=Paul Collins Startup list [CLCLSet] Number=1915 Confirmed=U Filename=CLCL.exe Description=CLCL clipboard caching utility Source=Paul Collins Startup list [Clean Access Agent] Number=1916 Confirmed=N Filename=CCAAgent.exe Description=Cisco Clean Access Agent from Cisco Systems, Inc Source=Paul Collins Startup list [Clean Mgr] Number=1917 Confirmed=X Filename=cleanmg.exe Description=Detected by Trend Micro as the IRCBOT.BBO BACKDOOR! See here Source=Paul Collins Startup list [Clean up] Number=1918 Confirmed=X Filename=service.exe Description=Added by the AGENT-FPY TROJAN! Source=Paul Collins Startup list [CleanEasyImg] Number=1919 Confirmed=? Filename=cleanall.exe Description=?? Source=Paul Collins Startup list [CleanRegPath] Number=1920 Confirmed=? Filename=CleanReg.exe Description=Apparently Annex A ADSL modem related. What does it do and is it required? Source=Paul Collins Startup list [CleanSweep Smart Sweep- Internet Sweep] Number=1921 Confirmed=U Filename=Csinsm32.exe Description=Automatic logging of installs from Norton CleanSweep - available via Start -> Programs Source=Paul Collins Startup list [CleanSweep Useage Watch] Number=1922 Confirmed=N Filename=CSUSEM32.EXE Description=Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time Source=Paul Collins Startup list [CleanTemp] Number=1923 Confirmed=U Filename=CLEANT~1.EXEB Description=CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory Source=Paul Collins Startup list [CleanTemp] Number=1924 Confirmed=U Filename=CleanTemp.exe Description=CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory Source=Paul Collins Startup list [Cleanup] Number=1925 Confirmed=N Filename=ONICTASK.EXE Description=Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet Source=Paul Collins Startup list [CleanUp] Number=1926 Confirmed=Y Filename=mcappins.exe Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled Source=Paul Collins Startup list [CleanupProgram] Number=1927 Confirmed=? Filename=cleanup.exe Description=In a C:\Sony\sys folder - Sony Vaio related? Source=Paul Collins Startup list [clean_service] Number=1928 Confirmed=X Filename=clean_service.cmd Description=Added by the REFAZ WORM! Source=Paul Collins Startup list [CleverKeys] Number=1929 Confirmed=U Filename=CK.exe Description=CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more ? from almost all Windows programs, including word processors, Web browsers and most e-mail programs" Source=Paul Collins Startup list [clfmon] Number=1930 Confirmed=X Filename=clfmon.exe Description=Added by the TACTSLAY.E TROJAN! Source=Paul Collins Startup list [clfmon] Number=1931 Confirmed=X Filename=nvsvca32.exe Description=Added by the TACTSLAY.E TROJAN! Source=Paul Collins Startup list [clfmon.exe] Number=1932 Confirmed=X Filename=clfmon.exe Description=Added by the AGENT-BJ TROJAN! Source=Paul Collins Startup list [Cli Confg] Number=1933 Confirmed=X Filename=cliconfig.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [CLI Services] Number=1934 Confirmed=X Filename=clisrv.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Click Radio Tuner] Number=1935 Confirmed=N Filename=clickr~1.exe Description=ClickRadio - subscription service playing radio music via the internet Source=Paul Collins Startup list [Click Tray Calendar] Number=1936 Confirmed=N Filename=ClickT~1.EXE Description=ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc Source=Paul Collins Startup list [ClickMe] Number=1937 Confirmed=N Filename=ClickMe.exe Description=ClickM "JOKE" program Source=Paul Collins Startup list [Clickoff] Number=1938 Confirmed=U Filename=Clickoff.exe Description=Clickoff automatically dismisses annoying dialog boxes Source=Paul Collins Startup list [ClickTheButton] Number=1939 Confirmed=X Filename=CTB.EXE Description=ClickTheButton adware Source=Paul Collins Startup list [ClickTheButton] Number=1940 Confirmed=X Filename=csrss.exe Description=ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder Source=Paul Collins Startup list [ClickTheButton] Number=1941 Confirmed=X Filename=cd_load.exe Description=Added by the DOWNLOADER-MY TROJAN! Source=Paul Collins Startup list [CLICONFG] Number=1942 Confirmed=X Filename=CLICONFG.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [Client Access API Daemon] Number=1943 Confirmed=U Filename=cwbappcd.exe Description=IBM iSeries Client Access, see here Source=Paul Collins Startup list [Client Access Check Version] Number=1944 Confirmed=N Filename=cwbckver.exe Description=Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources Source=Paul Collins Startup list [Client Access Express Welcome] Number=1945 Confirmed=? Filename=cwbwlwiz.exe Description=Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? Source=Paul Collins Startup list [Client Access Help Update] Number=1946 Confirmed=N Filename=cwbinhlp.exe Description=Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries Source=Paul Collins Startup list [Client Access Service] Number=1947 Confirmed=N Filename=CwbSvStr.Exe Description=Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources Source=Paul Collins Startup list [Client Access Taskbar] Number=1948 Confirmed=U Filename=cwbuitsk.exe Description=IBM iSeries Client Access taskbar, see here Source=Paul Collins Startup list [Client Agent] Number=1949 Confirmed=X Filename=ipxwping.exe Description=Added by the PPDOOR-N TROJAN! Source=Paul Collins Startup list [Client Agent] Number=1950 Confirmed=X Filename=photes.exe Description=Added by the PPDOOR-P TROJAN! Source=Paul Collins Startup list [Client Agent] Number=1951 Confirmed=X Filename=[path to file] Description=Added by the PPDOOR-J TROJAN! Source=Paul Collins Startup list [Client agent for ARCserve] Number=1952 Confirmed=? Filename=W95AGENT.EXE Description=Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required? Source=Paul Collins Startup list [Client for Microsoft Networks] Number=1953 Confirmed=X Filename=msclient32.exe Description=Added by the SDBOT-BXQ WORM! Source=Paul Collins Startup list [Client Server Control Process] Number=1954 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT-HR TROJAN! Source=Paul Collins Startup list [Client Server Run Time Proccess] Number=1955 Confirmed=X Filename=csrsrv.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Client Server Runtime] Number=1956 Confirmed=X Filename=[path to worm] Description=Added by the POEBOT-KR WORM! Source=Paul Collins Startup list [Client Server Runtime Process] Number=1957 Confirmed=X Filename=csrsss.exe Description=Added by the SDBOT-LD WORM! Source=Paul Collins Startup list [Client Server Runtime Process] Number=1958 Confirmed=X Filename=csrs.exe Description=Added by the LINKBOT.M WORM! Source=Paul Collins Startup list [Client Server Runtime Process] Number=1959 Confirmed=X Filename=smmss.exe Description=Backdoor TROJAN! Possible SDBOT-GEN variant Source=Paul Collins Startup list [Client Update] Number=1960 Confirmed=X Filename=wup.exe Description=Added by the OPANKI.O WORM! Source=Paul Collins Startup list [ClientMan1] Number=1961 Confirmed=X Filename=mscman.exe Description=ClientMan parasite variant Source=Paul Collins Startup list [Clik Status Monitor] Number=1962 Confirmed=N Filename=toolsclickstat.exe Description=Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed Source=Paul Collins Startup list [Clip Service Manager] Number=1963 Confirmed=X Filename=clipmg.exe Description=Detected by Kaspersky as the DELF.DXJ TROJAN! See here Source=Paul Collins Startup list [Clip Servicer] Number=1964 Confirmed=X Filename=clipsrvc.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Clip Srv] Number=1965 Confirmed=X Filename=clipsv.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [clipboard.exe] Number=1966 Confirmed=X Filename=clipboard.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Clipbook Service] Number=1967 Confirmed=N Filename=Clipsrv.exe Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks Source=Paul Collins Startup list [clipdiary] Number=1968 Confirmed=U Filename=clipdiary.exe Description=Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history" Source=Paul Collins Startup list [ClipMate5x] Number=1969 Confirmed=N Filename=ClipMt5x.exe Description=Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs Source=Paul Collins Startup list [Clipmate6] Number=1970 Confirmed=N Filename=CLIPMT60.EXE Description=Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs Source=Paul Collins Startup list [ClipMate7] Number=1971 Confirmed=N Filename=ClipMate.exe Description=Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard Source=Paul Collins Startup list [Clipomatic] Number=1972 Confirmed=N Filename=Clipomatic.exe Description=Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data Source=Paul Collins Startup list [Clipsrv] Number=1973 Confirmed=N Filename=Clipsrv.exe Description=Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks Source=Paul Collins Startup list [ClipSrv] Number=1974 Confirmed=X Filename=clipserv.exe Description=Added by the SDBOT-AAV and SDBOT-AFE WORMS! Source=Paul Collins Startup list [ClipSrv] Number=1975 Confirmed=X Filename=CLIPBRD3D.EXE Description=Added by the MOFEI-D WORM! Source=Paul Collins Startup list [ClipTrak] Number=1976 Confirmed=N Filename=ClipTrak.exe Description=ClipTrak - clipboard extender Source=Paul Collins Startup list [ClipTrakker] Number=1977 Confirmed=N Filename=ClipTrakker.exe Description=Cliptrakker - clipboard extender Source=Paul Collins Startup list [CLISTART] Number=1978 Confirmed=N Filename=CLIStart.exe Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs Source=Paul Collins Startup list [clkhost] Number=1979 Confirmed=X Filename=[path to trojan] Description=Added by the WIXUD-B TROJAN! Source=Paul Collins Startup list [CLMFrontPanel] Number=1980 Confirmed=U Filename=clmpanel.exe Description=System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost Source=Paul Collins Startup list [clnwall] Number=1981 Confirmed=? Filename=rundll.exe setupx.dll, InstallHinfSection ..delwall.inf Description=?? Source=Paul Collins Startup list [clock] Number=1982 Confirmed=X Filename=[various filenames] Description=LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe Source=Paul Collins Startup list [Clock Manager] Number=1983 Confirmed=X Filename=amsngr.exe Description=Added by the SDBOT-XM TROJAN! Source=Paul Collins Startup list [ClockSync] Number=1984 Confirmed=X Filename=Sync.exe Description=ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available Source=Paul Collins Startup list [ClockWise] Number=1985 Confirmed=U Filename=CLOCKWISE.EXE Description=ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync Source=Paul Collins Startup list [ClocX] Number=1986 Confirmed=U Filename=ClocX.exe Description=ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc? Source=Paul Collins Startup list [CloneCD] Number=1987 Confirmed=U Filename=CloneCDTray.exe Description=System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions Source=Paul Collins Startup list [CloneCDElbyCDFL] Number=1988 Confirmed=U Filename=ElbyCheck.exe Description=From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it Source=Paul Collins Startup list [CloneCDTray] Number=1989 Confirmed=U Filename=CloneCDTray.exe Description=System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions Source=Paul Collins Startup list [Clotusorgreg0] Number=1990 Confirmed=? Filename=prtStart.exe [path] Orgprt.exe Description=IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does? Source=Paul Collins Startup list [Clre] Number=1991 Confirmed=X Filename=mmdc.exe Description=Added by the PURSCAN-AI TROJAN! Source=Paul Collins Startup list [ClrSchLoader] Number=1992 Confirmed=X Filename=[path to file] Description=ClearSearch adware Source=Paul Collins Startup list [CLSID] Number=1993 Confirmed=X Filename=com.exe Description=Adult content dialler Source=Paul Collins Startup list [CLSID] Number=1994 Confirmed=X Filename=dll.exe Description=Adult content dialler Source=Paul Collins Startup list [CLSID] Number=1995 Confirmed=X Filename=msgplus.exe Description=Adult content dialler Source=Paul Collins Startup list [CLSID] Number=1996 Confirmed=X Filename=plugin.exe Description=Adult content dialler Source=Paul Collins Startup list [CLSID] Number=1997 Confirmed=X Filename=sed.exe Description=Adult content dialler Source=Paul Collins Startup list [CLSID] Number=1998 Confirmed=X Filename=msgplus.exe Description=Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension Source=Paul Collins Startup list [CLSRSS] Number=1999 Confirmed=X Filename=LSACS.EXE Description=Added by the SILLYFDC-X WORM! Source=Paul Collins Startup list [CM-SmWizard] Number=2000 Confirmed=? Filename=SmWizard.exe Description=SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required? Source=Paul Collins Startup list [cma] Number=2001 Confirmed=U Filename=cma.exe Description=DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center" Source=Paul Collins Startup list [CMAPP] Number=2002 Confirmed=X Filename=cmappclient.exe Description=CasClient adware - also detected as the CMAPP TROJAN! Source=Paul Collins Startup list [Cmaudio] Number=2003 Confirmed=N Filename=Rundll32 cmicnfg.cpl, CMICtrlWnd Description=System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [Cmd] Number=2004 Confirmed=X Filename=cmd32.exe Description=Added by the TANKED WORM! Source=Paul Collins Startup list [cmd32] Number=2005 Confirmed=X Filename=configs.exe Description=Hijacker, also detected as the QURL-2 TROJAN! Source=Paul Collins Startup list [cmd64] Number=2006 Confirmed=X Filename=cmd64.exe Description=CoolWebSearch Search X parasite variant Source=Paul Collins Startup list [cmdbcs] Number=2007 Confirmed=X Filename=cmdbcs.exe Description=Added by the LINEAG-GKW TROJAN! Source=Paul Collins Startup list [cmdcon] Number=2008 Confirmed=X Filename=cmdcon.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [cmds] Number=2009 Confirmed=X Filename=vtsqn.dll Description=Added by a variant of the VUNDO TROJAN! Source=Paul Collins Startup list [CmdShell.exe] Number=2010 Confirmed=X Filename=CmdShell.exe Description=Added by the BCKDR-QHY TROJAN! Source=Paul Collins Startup list [CME] Number=2011 Confirmed=X Filename=cme.exe Description=Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [CmeSYS] Number=2012 Confirmed=X Filename=CMEsys.exe Description=Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [CmeUPD] Number=2013 Confirmed=X Filename=CMEupd.exe Description=Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [CMFibula] Number=2014 Confirmed=X Filename=CMFibula.exe Description=CASClient adware Source=Paul Collins Startup list [CmFlywaveName] Number=2015 Confirmed=N Filename=CmFlywav.exe Description=Driver for Linksys Wireless-G Music Bridge Source=Paul Collins Startup list [CMGrdian] Number=2016 Confirmed=? Filename=CMGrdian.exe Description=One of the McAfee shared components. What does it do and is it required? Source=Paul Collins Startup list [CMGShieldUI] Number=2017 Confirmed=U Filename=CMGShieldUI.exe Description=UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs Source=Paul Collins Startup list [CMMan] Number=2018 Confirmed=X Filename=CMMan.exe Description=Added by the CMAPP TROJAN! Source=Paul Collins Startup list [Cmmon32Sys] Number=2019 Confirmed=X Filename=cmmon32.exe Description=Added by the SMALL.CL TROJAN! Source=Paul Collins Startup list [cmonitor] Number=2020 Confirmed=X Filename=startupmon.exe Description=SystemDoctor misleading security software - not recommended, see here Source=Paul Collins Startup list [CmPCIaudio] Number=2021 Confirmed=U Filename=RunDll32 CMICNFG3.CPL, CMICtrlWnd Description=Registers the Control Panel applet for a C-Media PCI sound card Source=Paul Collins Startup list [CMPDPSRV] Number=2022 Confirmed=U Filename=CMPDPSRV.EXE Description=Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers Source=Paul Collins Startup list [Cmpnt] Number=2023 Confirmed=X Filename=Devices2.exe Description=Added by the TOMPAI-D TROJAN! Source=Paul Collins Startup list [Cmpnt] Number=2024 Confirmed=X Filename=mainsv.exe Description=Added by the TOMPAI-C TROJAN! Source=Paul Collins Startup list [cmrss] Number=2025 Confirmed=X Filename=cmrss.exe Description=Added by the DELF.DU TROJAN! Source=Paul Collins Startup list [cmrss] Number=2026 Confirmed=X Filename=crmss.exe Description=Added by the DLOADER-EK TROJAN! Source=Paul Collins Startup list [cmrss] Number=2027 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADER-QQ TROJAN! Source=Paul Collins Startup list [cmrst] Number=2028 Confirmed=X Filename=cmrst.exe Description=Added by the BANCOS.S TROJAN! Source=Paul Collins Startup list [cmrst] Number=2029 Confirmed=X Filename=cmrst.scr Description=Added by the DLOADER-FP TROJAN! Source=Paul Collins Startup list [cms] Number=2030 Confirmed=X Filename=iserver.exe Description=Added by the DLOADER-WK TROJAN! Source=Paul Collins Startup list [CMSETTINGS] Number=2031 Confirmed=U Filename=ctmn.exe Description=Part of NetNanny Chat Monitor Source=Paul Collins Startup list [cmsound] Number=2032 Confirmed=X Filename=vcpdll.exe Description=Added by the TCXMEDI-D downloader TROJAN! Source=Paul Collins Startup list [cmsound] Number=2033 Confirmed=X Filename=vcsystem.exe Description=Added by the TCXMEDI-D downloader TROJAN! Source=Paul Collins Startup list [cmss] Number=2034 Confirmed=X Filename=system.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [cmssapp] Number=2035 Confirmed=X Filename=iexplore_.exe Description=Added by the BANCBAN-CQ TROJAN! Source=Paul Collins Startup list [cmssapp] Number=2036 Confirmed=X Filename=iexplore.exe Description=Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [cmssSystemProcess] Number=2037 Confirmed=X Filename=csmss.exe Description=Added by the AGENT-CO TROJAN! Source=Paul Collins Startup list [cmssSystemProcess] Number=2038 Confirmed=X Filename=mcsmss.exe Description=Added by a variant of the AGENT.EI TROJAN! Source=Paul Collins Startup list [cmssSystemProcess] Number=2039 Confirmed=X Filename=csms.exe Description=Added by the AGENT-Y TROJAN! Source=Paul Collins Startup list [CMSystem] Number=2040 Confirmed=X Filename=CMSystem.exe Description=CASClient adware Source=Paul Collins Startup list [cmt101] Number=2041 Confirmed=X Filename=cmt101.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [CmUCRRun] Number=2042 Confirmed=? Filename=CmUCReye.exe Description=Related to Medion Display Information. What does it do and is it required? Source=Paul Collins Startup list [cmx32] Number=2043 Confirmed=X Filename=cmx32.exe Description=Added by the GEMA.D TROJAN! Source=Paul Collins Startup list [Cn323] Number=2044 Confirmed=X Filename=cnfrm33.exe Description=Added by the MIMAIL.G WORM! Source=Paul Collins Startup list [Cn911] Number=2045 Confirmed=X Filename=ODBCJET.exe Description=Added by the BIFROSE-PR TROJAN! Source=Paul Collins Startup list [CNBABE] Number=2046 Confirmed=X Filename=CNBABE.EXE Description=Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing Source=Paul Collins Startup list [cnet] Number=2047 Confirmed=N Filename=kontiki.exe Description=Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [cnfgCav] Number=2048 Confirmed=Y Filename=CMain.exe Description=Part of Comodo Antivirus Source=Paul Collins Startup list [Cnfrm32] Number=2049 Confirmed=X Filename=cnfrm.exe Description=Added by the MIMAIL.D WORM! Source=Paul Collins Startup list [CnsMax] Number=2050 Confirmed=X Filename=Internat.exe Description=Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% Source=Paul Collins Startup list [CnsMin] Number=2051 Confirmed=X Filename=Rundll32.exe [path] CNSMIN.DLL, Rundll32 Description=CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [CnwiDeviceAgent] Number=2052 Confirmed=Y Filename=cnwida.exe Description=Part of the Canon imagePROGRAF W8400 printer management software Source=Paul Collins Startup list [CnxAdslL] Number=2053 Confirmed=Y Filename=CnxAdslL.exe Description=DLink, Zoom, or Conexant modem driver Source=Paul Collins Startup list [CnxDslTaskBar] Number=2054 Confirmed=N Filename=CnxDslTb.exe Description=Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems Source=Paul Collins Startup list [Cobian Backup 8 interface] Number=2055 Confirmed=U Filename=cbInterface.exe Description="Cobian Backup is a backup program that can be executed in 2 ways: as a normal application or as a Windows Service. The program can schedule automatic backups for files and directories locally or to FTP servers and can use compression and encryption" Source=Paul Collins Startup list [CodeClean] Number=2056 Confirmed=X Filename=CCIntro.exe Description=CodeClean spyware remover - not recommended, see here Source=Paul Collins Startup list [Codename Dashboard] Number=2057 Confirmed=U Filename=dashboard.exe Description=Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time" Source=Paul Collins Startup list [cof.updit] Number=2058 Confirmed=X Filename=[random filename] Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [CognizanceTS] Number=2059 Confirmed=U Filename=rundll32.exe [path] AsTsVcc.dll, RegisterModule Description=Cognizance Corp Identity And Access Management suite Source=Paul Collins Startup list [Coldlife -icmp] Number=2060 Confirmed=X Filename=Systray.exe Description=Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process Source=Paul Collins Startup list [CollaborationHost] Number=2061 Confirmed=N Filename=p2phost.exe Description=People Near Me Microsoft? Windows? Peer-to-Peer Networking platform for Windows Vista Source=Paul Collins Startup list [coloreal] Number=2062 Confirmed=U Filename=coloreal.exe Description=Makes colours sharper and brighter, but will only work with coloreal capable monitors Source=Paul Collins Startup list [Colorific Control Panel] Number=2063 Confirmed=N Filename=Hgcctl95.exe Description=From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor Source=Paul Collins Startup list [COM Service] Number=2064 Confirmed=X Filename=mscom32.com Description=Added by the BEASTY.H TROJAN! Source=Paul Collins Startup list [COM Service] Number=2065 Confirmed=X Filename=msynvr.com Description=Added by the BEASTY.G TROJAN! Source=Paul Collins Startup list [COM Service] Number=2066 Confirmed=X Filename=msjclh.com Description=Added by the BEASTY.E TROJAN! Source=Paul Collins Startup list [COM Service] Number=2067 Confirmed=X Filename=msdrce.com Description=Added by the BEASTY.I TROJAN! Source=Paul Collins Startup list [COM Service] Number=2068 Confirmed=X Filename=msflyx.com Description=Added by the BEASTDO-O TROJAN! Source=Paul Collins Startup list [COM+ Event System] Number=2069 Confirmed=X Filename=DRWTSN16.EXE Description=Added by the LOVGATE.AB WORM! Source=Paul Collins Startup list [COM+ EventSystem Services] Number=2070 Confirmed=X Filename=ECSERVER.EXE Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Com+ Sys] Number=2071 Confirmed=X Filename=csrs.exe Description=Added by the FORBOT-BT WORM! Source=Paul Collins Startup list [COM+ System Applications] Number=2072 Confirmed=X Filename=lsas.exe Description=Added by the AGOBOT.SE WORM! Source=Paul Collins Startup list [COM++ System] Number=2073 Confirmed=X Filename=exploier.exe Description=Added by the LOVGATE.Z WORM! Source=Paul Collins Startup list [COM++ System] Number=2074 Confirmed=X Filename=suchost.exe Description=Added by the LOVGATE-F WORM! Source=Paul Collins Startup list [COM++ System] Number=2075 Confirmed=X Filename=svchost.exe... Description=Added by a variant of the LOVGATE WORM! Source=Paul Collins Startup list [COM-IP] Number=2076 Confirmed=N Filename=COMIP.EXE Description=COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) Source=Paul Collins Startup list [com.codeode.cactusspamfilter] Number=2077 Confirmed=U Filename=cactusspamfilter.exe Description=Cactus Spam - free easy-to-use spam blocker Source=Paul Collins Startup list [com.codeode.privacymantra] Number=2078 Confirmed=U Filename=privacymantra.exe Description="Privacy Mantra keeps your computer clean from online and offline tracks" Source=Paul Collins Startup list [ComAgent] Number=2079 Confirmed=U Filename=ComAgent.exe Description=ComAgent - MDaemon's instant messaging client Source=Paul Collins Startup list [combo.exe] Number=2080 Confirmed=X Filename=combo.exe Description=Added by the CHIMO-C TROJAN! Source=Paul Collins Startup list [combop.exe] Number=2081 Confirmed=X Filename=combop.exe Description=Added by the BOWFEED-A TROJAN! Source=Paul Collins Startup list [Comcast Network] Number=2082 Confirmed=X Filename=ribiva.exe Description=Added by a variant of the IRC TROJAN! Source=Paul Collins Startup list [ComcastSUPPORT] Number=2083 Confirmed=X Filename=tgkill.exe Description=Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs Source=Paul Collins Startup list [COMCFG] Number=2084 Confirmed=X Filename=comcfg.exe Description=Added by the TOADCOM.A TROJAN! Source=Paul Collins Startup list [comctl32] Number=2085 Confirmed=X Filename=comctl32.exe Description=Adware - detected by Kaspersky as the AGENT.AM TROJAN! Source=Paul Collins Startup list [COMDRV32] Number=2086 Confirmed=U Filename=svdhost.exe Description=Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/ Source=Paul Collins Startup list [Comm Driver] Number=2087 Confirmed=U Filename=commh32.exe Description=G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! Source=Paul Collins Startup list [Command] Number=2088 Confirmed=X Filename=system.exe Description=Added by the GATECRASH.A or GATECRASH.B TROJANS! Source=Paul Collins Startup list [Command] Number=2089 Confirmed=X Filename=Gotit.exe Description=Added by the TITOG WORM! Source=Paul Collins Startup list [COMMAND] Number=2090 Confirmed=X Filename=command.exe Description=Added by the QQPASS.E TROJAN! Source=Paul Collins Startup list [command] Number=2091 Confirmed=X Filename=javaw.exe Description=Added by the AGOBOT-LG WORM! Source=Paul Collins Startup list [Command Prompt32] Number=2092 Confirmed=X Filename=CmdPrompt32.pif Description=Added by the ASSIRAL.B WORM! Source=Paul Collins Startup list [Command WorkStation 4] Number=2093 Confirmed=U Filename=cws 4.exe Description=EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments Source=Paul Collins Startup list [command32] Number=2094 Confirmed=X Filename=command32.exe Description=Added by the LINEADI-A TROJAN! Source=Paul Collins Startup list [CommCtr] Number=2095 Confirmed=N Filename=commctr.exe Description="Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs Source=Paul Collins Startup list [COMMUNICATOR] Number=2096 Confirmed=Y Filename=Communicator.exe Description=Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video Source=Paul Collins Startup list [Comodo Firewall] Number=2097 Confirmed=U Filename=CPF.exe Description=Comodo Firewall Source=Paul Collins Startup list [COMODO Firewall Pro] Number=2098 Confirmed=Y Filename=cfp.exe Description=Comodo Firewall Pro Source=Paul Collins Startup list [Comodo Launch Pad Tray] Number=2099 Confirmed=U Filename=CLPTray.exe Description=System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here Source=Paul Collins Startup list [COMODO Memory Firewall] Number=2100 Confirmed=Y Filename=cmf.exe Description="Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack" Source=Paul Collins Startup list [CompanionWizard] Number=2101 Confirmed=X Filename=compwiz.exe Description=WinAntiVirus 2006 misleading virus software - not recommended, see here Source=Paul Collins Startup list [Compaq Alerter] Number=2102 Confirmed=U Filename=CPQAlert.exe Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information Source=Paul Collins Startup list [Compaq Computer Corp SCCenter Module] Number=2103 Confirmed=N Filename=SCCENTER.EXE Description=For Compaq PC's. Part of Backweb Source=Paul Collins Startup list [Compaq Computer Security] Number=2104 Confirmed=? Filename=Rundll32.exe SECURE32.CPL, Service Description=?? Source=Paul Collins Startup list [Compaq Connections] Number=2105 Confirmed=N Filename=COMPAQ~1.EXE Description=See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" Source=Paul Collins Startup list [Compaq Connections] Number=2106 Confirmed=N Filename=BackWeb-1940576.exe Description=See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit Source=Paul Collins Startup list [Compaq Connections] Number=2107 Confirmed=N Filename=Compaq Connections.exe Description=See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners" Source=Paul Collins Startup list [Compaq DMI] Number=2108 Confirmed=N Filename=cpqdmi.exe Description=Compaq version of the Desktop Management Interface Source=Paul Collins Startup list [Compaq Drivers] Number=2109 Confirmed=X Filename=F1rewalls.exe Description=Added by the SDBOT-WD WORM! Source=Paul Collins Startup list [Compaq Internet Setup] Number=2110 Confirmed=N Filename=inetwizard.exe Description=For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list Source=Paul Collins Startup list [Compaq Jes Drivers] Number=2111 Confirmed=X Filename=winjes.exe Description=Added by the SDBOT-XR WORM! Source=Paul Collins Startup list [Compaq Knowledge Center] Number=2112 Confirmed=U Filename=silent.exe & matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide Source=Paul Collins Startup list [Compaq Message Server] Number=2113 Confirmed=N Filename=COMPAQ-RBA.EXE Description=Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems Source=Paul Collins Startup list [Compaq PK Daemon] Number=2114 Confirmed=U Filename=cpqkl.exe Description=For Compaq laptops for programming user configurable keys. Not required unless you use them Source=Paul Collins Startup list [Compaq Print Fax] Number=2115 Confirmed=X Filename=cpqa1000.exe Description=Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm Source=Paul Collins Startup list [Compaq Service Drivers] Number=2116 Confirmed=X Filename=systeminfos.exe Description=Added by the SDBOT-XC WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2117 Confirmed=X Filename=compq.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2118 Confirmed=X Filename=navapqwa.exe Description=Added by the SDBOT.BBQ WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2119 Confirmed=X Filename=amsn.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2120 Confirmed=X Filename=compqs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2121 Confirmed=X Filename=msnt.exe Description=Added by the SDBOT.CQL WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2122 Confirmed=X Filename=NtKernelSystem.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2123 Confirmed=X Filename=wincmd.exe Description=Added by the RBOT.ATV WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2124 Confirmed=X Filename=wind32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2125 Confirmed=X Filename=winmsn.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2126 Confirmed=X Filename=compaq.exe Description=Added by the SDBOT-AFU WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2127 Confirmed=X Filename=msnsvc.exe Description=Added by the RBOT.BKT WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2128 Confirmed=X Filename=ntsys32.exe Description=Added by the RBOT.CIW WORM! Source=Paul Collins Startup list [Compaq Service Drivers] Number=2129 Confirmed=X Filename=winsvc.exe Description=Added by the SDBOT-AGD WORM! Source=Paul Collins Startup list [Compaq Service Drivers 32] Number=2130 Confirmed=X Filename=compq32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Compaq Service Drivrs] Number=2131 Confirmed=X Filename=copq.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Compaq Services Drivers] Number=2132 Confirmed=X Filename=ndt32.exe Description=Added by the RBOT.CQZ WORM! Source=Paul Collins Startup list [Compaq Sound Drivers For WINDOWS] Number=2133 Confirmed=X Filename=sounddr.exe Description=Added by the SDBOT-XG WORM! Source=Paul Collins Startup list [Compaq Video CD Watcher] Number=2134 Confirmed=N Filename=?? Description=For Compaq PC's. MPEG viewer Source=Paul Collins Startup list [Compaq32 Service Drivers] Number=2135 Confirmed=X Filename=ms32.exe Description=Added by the SDBOT.BWH WORM! Source=Paul Collins Startup list [Compaq32 Service Drivers] Number=2136 Confirmed=X Filename=msconfig32.exe Description=Added by the SDBOT-ADC WORM! Source=Paul Collins Startup list [Compaq32 Service Drivers] Number=2137 Confirmed=X Filename=msnt32.exe Description=Added by the RBOT.BVF WORM! Source=Paul Collins Startup list [CompaqHW Comp Manager] Number=2138 Confirmed=? Filename=cpqhcm.exe Description=Running on a Compaq laptop - any ideas? Source=Paul Collins Startup list [CompaqPrinTray] Number=2139 Confirmed=N Filename=printray.exe Description=Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop Source=Paul Collins Startup list [Compaqs Service Driver] Number=2140 Confirmed=X Filename=copypad32.exe Description=Added by the SDBOT.CSO WORM! Source=Paul Collins Startup list [Compaqs Service Drivers] Number=2141 Confirmed=X Filename=compqs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [CompaqSystray] Number=2142 Confirmed=N Filename=cpqpscp.exe Description=Compaq System Tray icon Source=Paul Collins Startup list [Compatibility Service Process] Number=2143 Confirmed=X Filename=regsvs.exe Description=Added by the GAOBOT.YN WORM! Source=Paul Collins Startup list [Compd Service Drivrs] Number=2144 Confirmed=X Filename=codq.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [ComproRemote] Number=2145 Confirmed=U Filename=ComproRemote.exe Description=VideoMate TV tuner and capture card - remote control driver Source=Paul Collins Startup list [ComproSchedulerDTV] Number=2146 Confirmed=U Filename=ComproSchedulerDTV.exe Description=VideoMate TV tuner and capture card - scheduler Source=Paul Collins Startup list [Computing Technologie Firewall] Number=2147 Confirmed=X Filename=lsauth.exe Description=Added by the SDBOT-WX WORM! Source=Paul Collins Startup list [COMSMDEXE] Number=2148 Confirmed=N Filename=comsmd.exe Description=3Com tray icon Source=Paul Collins Startup list [ComStart] Number=2149 Confirmed=X Filename=Trojan Guarder.exe Description=TrojanGuarder misleading security software - not recommended, see here Source=Paul Collins Startup list [ComTry Web Searcher] Number=2150 Confirmed=X Filename=wstray.exe Description=Comtry MP3 Downloader related - spyware Source=Paul Collins Startup list [comxt] Number=2151 Confirmed=X Filename=comxt.exe Description=Added by the COMXT TROJAN! Source=Paul Collins Startup list [con] Number=2152 Confirmed=X Filename=[path to trojan] Description=Added by the BRAVE-A TROJAN! Source=Paul Collins Startup list [ConfidentUser] Number=2153 Confirmed=X Filename=SRP.exe Description=ConfidentUser misleading security software - the site's "online scanner" detected by Kaspersky antivirus as WinFixer.ba Source=Paul Collins Startup list [Config] Number=2154 Confirmed=X Filename=service.exe Description=Added by the ISRAZ.B WORM! Source=Paul Collins Startup list [Config] Number=2155 Confirmed=X Filename=WinService32.exe Description=Added by the CRUTCHA-A TROJAN! Source=Paul Collins Startup list [Config Loadation] Number=2156 Confirmed=X Filename=iEEexplore.exe Description=Added by the SDBOT.H TROJAN! Source=Paul Collins Startup list [Config Loadatiorin] Number=2157 Confirmed=X Filename=I3Explorer.exe Description=Added by the SDBOT.H TROJAN! Source=Paul Collins Startup list [Config Loader] Number=2158 Confirmed=X Filename=svchosl.exe Description=Added by the GAOBOT.P WORM! Source=Paul Collins Startup list [Config Loader] Number=2159 Confirmed=X Filename=sysldr32.exe Description=Added by the GAOBOT WORM! Source=Paul Collins Startup list [Config Loader] Number=2160 Confirmed=X Filename=scvhost.exe Description=Added by the GAOBOT.AE or GAOBOT.AO WORMS! Source=Paul Collins Startup list [Config Loader] Number=2161 Confirmed=X Filename=svhost.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Config Loader for Microsoft Windows] Number=2162 Confirmed=X Filename=mwincfg32.exe Description=Added by the AGOBOT.BD WORM! Source=Paul Collins Startup list [Config Loader2] Number=2163 Confirmed=X Filename=explores.exe Description=Added by the GAOBOT.BT WORM! Source=Paul Collins Startup list [Config Loadr] Number=2164 Confirmed=X Filename=winsys32.exe Description=Added by the AGOBOT-HN WORM! Source=Paul Collins Startup list [Config33.exe] Number=2165 Confirmed=X Filename=Config33.exe Description=Added by the SDBOT.T TROJAN! Source=Paul Collins Startup list [ConfiggLoader] Number=2166 Confirmed=X Filename=cart322.exe Description=Added by the GAOBOT.DJ WORM! Source=Paul Collins Startup list [ConfigSafe] Number=2167 Confirmed=U Filename=CFGSAFE.EXE Description=ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice Source=Paul Collins Startup list [ConfigSafe] Number=2168 Confirmed=U Filename=AUTOCHK.EXE Description=ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice Source=Paul Collins Startup list [ConfigServices] Number=2169 Confirmed=N Filename=Config.exe Description=Part of initial setup on a Compaq PC Source=Paul Collins Startup list [configsetup] Number=2170 Confirmed=X Filename=configsetup32.exe Description=Added by the AGOBOT-AFP WORM! Source=Paul Collins Startup list [Configuration] Number=2171 Confirmed=X Filename=explorer32.exe Description=Added by the SDBOT-ML WORM! Source=Paul Collins Startup list [configuration] Number=2172 Confirmed=X Filename=apphost.exe Description=Added by the SDBOT-VP WORM! Source=Paul Collins Startup list [Configuration] Number=2173 Confirmed=X Filename=ntsys32.exe Description=Added by the SDBOT-LN WORM! Source=Paul Collins Startup list [Configuration Default] Number=2174 Confirmed=X Filename=Wuxat.exe Description=Added by the SPYBOT-CA WORM! Source=Paul Collins Startup list [Configuration File] Number=2175 Confirmed=X Filename=Winset32.exe Description=Added by the FLUX.101 TROJAN! Source=Paul Collins Startup list [Configuration Loaded] Number=2176 Confirmed=X Filename=wupdated.exe Description=Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS! Source=Paul Collins Startup list [Configuration Loaded] Number=2177 Confirmed=X Filename=lssas.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2178 Confirmed=X Filename=aim95.exe Description=Added by the LOADCFG or SDBOT TROJANS! Source=Paul Collins Startup list [Configuration Loader] Number=2179 Confirmed=X Filename=cmd32.exe Description=Added by the LOADCFG or SDBOT TROJANS! Source=Paul Collins Startup list [Configuration Loader ] Number=2180 Confirmed=X Filename=syscfg32.exe Description=Added by the SDBOT.B TROJAN! Source=Paul Collins Startup list [Configuration Loader] Number=2181 Confirmed=X Filename=service5.exe Description=Added by the GAOBOT.AF WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2182 Confirmed=? Filename=lfass.exe Description=?? Source=Paul Collins Startup list [Configuration Loader] Number=2183 Confirmed=X Filename=sycfg34.exe Description=Added by the GAOBOT.AN WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2184 Confirmed=X Filename=wincrt32.exe Description=Added by the GAOBOT.BF WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2185 Confirmed=X Filename=windex.exe Description=Added by the GAOBOT.BZ WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2186 Confirmed=X Filename=dosrun32.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2187 Confirmed=X Filename=Service.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2188 Confirmed=X Filename=Servicess.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2189 Confirmed=X Filename=sw32.exe Description=Added by the AGOBOT.BQ WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2190 Confirmed=X Filename=System.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2191 Confirmed=X Filename=Winreg.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2192 Confirmed=X Filename=sysinfo.exe Description=Added by the GAOBOT.FQ WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2193 Confirmed=X Filename=microsoft.exe Description=Added by the GAOBOT.JB WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2194 Confirmed=X Filename=confgldr.exe Description=Added by the GAOBOT.GEN!POLY WORM! Source=Paul Collins Startup list [configuration loader] Number=2195 Confirmed=X Filename=winicfg32.exe Description=Added by the GAOBOT.RQ WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2196 Confirmed=X Filename=svhst.exe Description=Added by the GAOBOT.YC WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2197 Confirmed=X Filename=msgfix.exe Description=Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS! Source=Paul Collins Startup list [Configuration Loader] Number=2198 Confirmed=X Filename=msnss.exe Description=Added by the GAOBOT.AUS WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2199 Confirmed=X Filename=IEXPL0RE.EXE Description=Added by the LOADCFG or SDBOT TROJANS! Source=Paul Collins Startup list [Configuration Loader] Number=2200 Confirmed=X Filename=loadcfg32.exe Description=Added by the LOADCFG or SDBOT TROJANS! Source=Paul Collins Startup list [Configuration Loader] Number=2201 Confirmed=X Filename=MSTasks.exe Description=Added by the LOADCFG or SDBOT TROJANS! Source=Paul Collins Startup list [Configuration Loader] Number=2202 Confirmed=X Filename=systemry.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2203 Confirmed=X Filename=ccSort.exe Description=Added by the AGOBOT.SR WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2204 Confirmed=X Filename=smss32.exe Description=Added by the AGOBOT.MB WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2205 Confirmed=X Filename=wincffg.exe Description=Added by the AGOBOT.A3 WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2206 Confirmed=X Filename=seru32.exe Description=Added by the SDBOT-VR WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2207 Confirmed=X Filename=botss.exe Description=Added by the SDBOT-XS WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2208 Confirmed=X Filename=ldasp.exe Description=Added by the AGOBOT.BH WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2209 Confirmed=X Filename=msgcfgsrv.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2210 Confirmed=X Filename=smsai.exe Description=Added by the SDBOT-YE WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2211 Confirmed=X Filename=svupdate.exe Description=Added by the RANDEX.DXP WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2212 Confirmed=X Filename=crcss.exe Description=Added by the AGOBOT.ADG WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2213 Confirmed=X Filename=lexplore.exe Description=Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [Configuration Loader] Number=2214 Confirmed=X Filename=scvhost.exe Description=Added by the AGOBOT-AAE and SDBOT.AR WORMS! Source=Paul Collins Startup list [Configuration Loader] Number=2215 Confirmed=X Filename=svchost.exe Description=Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [Configuration Loader] Number=2216 Confirmed=X Filename=svchost2.exe Description=Added by the AGOBOT.JR WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2217 Confirmed=X Filename=dezi.exe Description=Added by the SDBOT-OB WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2218 Confirmed=X Filename=mouse.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2219 Confirmed=X Filename=msg.exe Description=Added by the SDBOT.BT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2220 Confirmed=X Filename=WinHelper.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2221 Confirmed=X Filename=extrac.exe Description=Added by the SDBOT-AFP WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2222 Confirmed=X Filename=DVD-Player.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2223 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Configuration Loader] Number=2224 Confirmed=X Filename=svchost.exe Description=Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Configuration Loader] Number=2225 Confirmed=X Filename=wincore.exe Description=Added by the SDBOT.BHE WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2226 Confirmed=X Filename=configldr.exe Description=Added by the AGOBOT-PP TROJAN! Source=Paul Collins Startup list [Configuration Loader] Number=2227 Confirmed=X Filename=ahnhst.exe Description=Added by the AGOBOT.MX WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2228 Confirmed=X Filename=ntdm.exe Description=Added by the AGOBOT.RV WORM! Source=Paul Collins Startup list [Configuration Loader] Number=2229 Confirmed=X Filename=svschost.exe Description=Added by the SDBOT-NS WORM! Source=Paul Collins Startup list [Configuration Loader Service] Number=2230 Confirmed=X Filename=Winsys32.exe Description=Added by the RBOT-YV WORM! Source=Paul Collins Startup list [Configuration Loader Service] Number=2231 Confirmed=X Filename=devl32.exe Description=Added by the SDBOT-XY WORM! Source=Paul Collins Startup list [Configuration Loader10] Number=2232 Confirmed=X Filename=ip7.exe Description=Added by the AGOBOT-ANZ WORM! Source=Paul Collins Startup list [Configuration Loading] Number=2233 Confirmed=X Filename=svchos1.exe Description=Added by the GAOBOT.DK WORM! Source=Paul Collins Startup list [Configuration Loading] Number=2234 Confirmed=X Filename=configldr.exe Description=Added by the AGOBOT-EC WORM! Source=Paul Collins Startup list [Configuration Loading Service] Number=2235 Confirmed=X Filename=wscel.exe Description=Added by the SDBOT-WJ WORM! Source=Paul Collins Startup list [Configuration Loadr] Number=2236 Confirmed=X Filename=iexplore.exee Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Configuration Manager] Number=2237 Confirmed=X Filename=CNFGLD32.EXE Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [Configuration Manager] Number=2238 Confirmed=X Filename=Cnfgldr.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [Configuration Manager] Number=2239 Confirmed=X Filename=cfg32.exe Description=BookedSpace parasite. Note - the "cfg32.exe" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Configuration Servecie] Number=2240 Confirmed=X Filename=sewins.exe Description=Added by the SDBOT-COH WORM! Source=Paul Collins Startup list [Configuration Service] Number=2241 Confirmed=X Filename=suchost.exe Description=Added by the TREB TROJAN! Source=Paul Collins Startup list [Configuration Services] Number=2242 Confirmed=X Filename=mswords.exe Description=Added by the SDBOT-YM WORM! Source=Paul Collins Startup list [Configuration Utility] Number=2243 Confirmed=N Filename=CONFIG.EXE Description=Controls linksys wireless connection. Available from the Desktop Source=Paul Collins Startup list [Configuration Utility] Number=2244 Confirmed=U Filename=wlanutil.exe Description=NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards) Source=Paul Collins Startup list [Configuration Wizard] Number=2245 Confirmed=X Filename=Cfgwiz32.exe Description=Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) Source=Paul Collins Startup list [Configuration32 Loader32] Number=2246 Confirmed=X Filename=winamp32.exe Description=Added by the SDBOT-BIC WORM! Source=Paul Collins Startup list [ConfigUtility] Number=2247 Confirmed=U Filename=ConfigUtility.exe Description=Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc Source=Paul Collins Startup list [ConfLoader] Number=2248 Confirmed=X Filename=sysconf16.exe Description=Added by the SDBOT-FB TROJAN! Source=Paul Collins Startup list [Conmgr] Number=2249 Confirmed=N Filename=conmgr.exe Description=Starts Winfax pro at startup Source=Paul Collins Startup list [ConMgr.exe] Number=2250 Confirmed=U Filename=conmgr.exe Description=Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut Source=Paul Collins Startup list [conmswf] Number=2251 Confirmed=X Filename=conrnbne.exe Description=Added by the SDBOT-DEX WORM! Source=Paul Collins Startup list [Connect Kasamba] Number=2252 Confirmed=U Filename=Kasamba.exe Description="Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need" Source=Paul Collins Startup list [Connect2Party] Number=2253 Confirmed=X Filename=connect2party.exe Description=Adult content dialler Source=Paul Collins Startup list [Connection Keeper] Number=2254 Confirmed=U Filename=ConKeepM.exe Description="Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity" Source=Paul Collins Startup list [Connection Manager] Number=2255 Confirmed=U Filename=stswin.exe Description=All Aboard! Internet Connection Sharing status icon Source=Paul Collins Startup list [Connectivity Tool] Number=2256 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-E TROJAN! Source=Paul Collins Startup list [Connector] Number=2257 Confirmed=X Filename=SYS.EXE Description=Nunci premium rate dialer Source=Paul Collins Startup list [Connector] Number=2258 Confirmed=X Filename=sms.EXE Description=Added by the ExDial-B premium rate adult content dialer Source=Paul Collins Startup list [CONNECTScheduler] Number=2259 Confirmed=N Filename=CONNECTScheduler.exe Description=Scheduler for updating Sony's CONNECT music download service Source=Paul Collins Startup list [Cons] Number=2260 Confirmed=X Filename=consol32.exe Description=Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed Source=Paul Collins Startup list [conscorr] Number=2261 Confirmed=X Filename=conscorr.exe Description=VX2.Transponder parasite updater/installer related Source=Paul Collins Startup list [Console de Gerenciamento Microsoft] Number=2262 Confirmed=X Filename=csrss.exe Description=Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder Source=Paul Collins Startup list [Console de Gerenciamento Microsoft] Number=2263 Confirmed=X Filename=csrss.exe Description=Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder Source=Paul Collins Startup list [Consumer Input] Number=2264 Confirmed=U Filename=ConsumerInput.exe Description=Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ Source=Paul Collins Startup list [Consumer Input Rewarded with MyPoints, Consumer Input] Number=2265 Confirmed=U Filename=ConsumerInputRewardedwithMyPoints, ConsumerInput.exe Description=Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ Source=Paul Collins Startup list [Consumer Input Rewarded with MyPoints, Consumer Input Update] Number=2266 Confirmed=U Filename=ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe Description=Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ Source=Paul Collins Startup list [Contacte] Number=2267 Confirmed=? Filename=contacte.exe Description=Some kind of driver? Source=Paul Collins Startup list [Content connector] Number=2268 Confirmed=X Filename=[random filename].exe Description=Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder Source=Paul Collins Startup list [ContentDownload] Number=2269 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [ContentService] Number=2270 Confirmed=X Filename=winservn.exe Description=Homepage hijacker Source=Paul Collins Startup list [ContinueInstall] Number=2271 Confirmed=X Filename=bpsinstall.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [ContraVirus] Number=2272 Confirmed=X Filename=ContraVirusPro.exe Description=ContraVirus misleading security software - not recommended, see here Source=Paul Collins Startup list [Control] Number=2273 Confirmed=X Filename=rundll32.exe ctrlpan.dll, Restore ControlPanel Description=CoolWebSearch Msconfd parasite variant Source=Paul Collins Startup list [Control Center] Number=2274 Confirmed=U Filename=Center.exe Description=Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities Source=Paul Collins Startup list [Control handler] Number=2275 Confirmed=X Filename=***********.exe [* = random char] Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [Control handler] Number=2276 Confirmed=X Filename=ahjinst.exe Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [Control handler] Number=2277 Confirmed=X Filename=[10 to 14 random char]THD.EXE Description=Added by the KREPPER-AI TROJAN! Source=Paul Collins Startup list [control panel] Number=2278 Confirmed=N Filename=smctrlw.exe Description=System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card Source=Paul Collins Startup list [Control Panel] Number=2279 Confirmed=X Filename=System.exe Description=Added by the DANI TROJAN! Source=Paul Collins Startup list [control panel software service] Number=2280 Confirmed=X Filename=cprs.exe Description=Added by the RBOT-FPI WORM! Source=Paul Collins Startup list [Controladores] Number=2281 Confirmed=X Filename=[path to trojan] Description=Added by the TELEFO-A TROJAN! Source=Paul Collins Startup list [ControlCenter] Number=2282 Confirmed=Y Filename=ctlcntr.exe Description=Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers Source=Paul Collins Startup list [ControlCenter2.0] Number=2283 Confirmed=N Filename=brctrcen.exe Description=Brother scanner 'Control Center' application - can be started manually Source=Paul Collins Startup list [ControlCentreTray] Number=2284 Confirmed=N Filename=XWCTray.exe Description=System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc Source=Paul Collins Startup list [Controlled Resource System Service] Number=2285 Confirmed=X Filename=crss.exe Description=Added by the AGOBOT.GH WORM! Source=Paul Collins Startup list [Controller] Number=2286 Confirmed=N Filename=WFXCTL32.EXE Description=From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs Source=Paul Collins Startup list [ControlPanel] Number=2287 Confirmed=X Filename=rundll32 internat.dll, LoadKeyboardProfile Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [ControlPanel] Number=2288 Confirmed=X Filename=host32.exe internat.dll, LoadKeyboardProfile Description=Added by a vairant of the DELF.DW TROJAN! Source=Paul Collins Startup list [ControlPanel] Number=2289 Confirmed=X Filename=cmd32.exe internat.dll, LoadKeyboardProfile Description=Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [ControlPanel] Number=2290 Confirmed=X Filename=systemctrl.exe internet.dll, LoadNetworkProfile Description=Browser hijacker, also detected as STARTPA-FX Source=Paul Collins Startup list [ControlPanel] Number=2291 Confirmed=X Filename=internat.dll, LoadKeyboardProfile Description=Added by the BIZVES-A TROJAN! Source=Paul Collins Startup list [ControlPanel] Number=2292 Confirmed=U Filename=pmxinit.exe Description=Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma Source=Paul Collins Startup list [ControlPanel] Number=2293 Confirmed=X Filename=popcorn64.exe Description=Browser hijacker, redirecting to loadcash.biz Source=Paul Collins Startup list [ControlPanel] Number=2294 Confirmed=X Filename=popcorn64.exe rundll.dll, LoadMouseProfile Description=Added by the DLOADER-OI TROJAN! Source=Paul Collins Startup list [ControlPanel] Number=2295 Confirmed=X Filename=popcorn72.exe rundll.dll, LoadMouseProfile Description=Added by the DLOADER-RA TROJAN! Source=Paul Collins Startup list [ControlPanel] Number=2296 Confirmed=X Filename=svcc.exe Description=WorldSearch adware - re-directing searches to "world-search.biz" Source=Paul Collins Startup list [ControlPanel] Number=2297 Confirmed=X Filename=popcorn320.exe rundll.dll, LoadMouseProfile Description=Added by a variant of the DLOADER-RA TROJAN! Source=Paul Collins Startup list [ControlPanel] Number=2298 Confirmed=X Filename=private.exe internat.dll, LoadMouseCarpetProfile Description=Reported by Norman Virus Control as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the C:\WINDOWS\SYSTEM32 directory creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [ControlServiceMgr] Number=2299 Confirmed=X Filename=csmsv.exe Description=Added by the AGENT-XC TROJAN! Source=Paul Collins Startup list [Cookie Cop 2] Number=2300 Confirmed=U Filename=CookieCop.exe Description=Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return Source=Paul Collins Startup list [Cookie Pal] Number=2301 Confirmed=U Filename=CPBRWTCH.EXE Description=Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return Source=Paul Collins Startup list [CookieJar] Number=2302 Confirmed=U Filename=Cookiejar.exe Description=Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported Source=Paul Collins Startup list [CookiePatrol] Number=2303 Confirmed=U Filename=CookiePatrol.exe Description=CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition Source=Paul Collins Startup list [CookieWall] Number=2304 Confirmed=U Filename=cookie.exe Description=CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return Source=Paul Collins Startup list [Cool Desk] Number=2305 Confirmed=U Filename=cdesk.exe Description=Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you Source=Paul Collins Startup list [CoolDownloads] Number=2306 Confirmed=U Filename=JogServ2.exe Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features Source=Paul Collins Startup list [CoolMon] Number=2307 Confirmed=U Filename=CoolMon.exe Description="CoolMon monitors vital system stats and almost anything else you wish to display on the desktop" Source=Paul Collins Startup list [CoolMP3] Number=2308 Confirmed=U Filename=JogServ2.exe Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features Source=Paul Collins Startup list [CoolSwitch] Number=2309 Confirmed=U Filename=taskswitch.exe Description=ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen Source=Paul Collins Startup list [Coolwallpaper] Number=2310 Confirmed=N Filename=cwm_tray.exe Description=Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers Source=Paul Collins Startup list [coolwebprogram] Number=2311 Confirmed=X Filename=clrssn.exe Description=CoolWebSearch Smartsearch parasite variant Source=Paul Collins Startup list [Copernic Desktop Search] Number=2312 Confirmed=N Filename=DesktopSearch.exe Description=Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" Source=Paul Collins Startup list [Copernic Desktop Search 2] Number=2313 Confirmed=U Filename=DesktopSearchService.exe Description=Copernic Desktop Search - search agent Source=Paul Collins Startup list [CopernicPerUserTaskMgr] Number=2314 Confirmed=U Filename=CopernicPerUserTaskMgr.exe Description=Automatic tasking feature of Copernic Pro multi-search engine tool Source=Paul Collins Startup list [Copperhead] Number=2315 Confirmed=Y Filename=razerhid.exe Description=Razer Copperhead mouse driver Source=Paul Collins Startup list [Copy handler] Number=2316 Confirmed=U Filename=Copy Handler.exe Description=Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes Source=Paul Collins Startup list [Copyright] Number=2317 Confirmed=N Filename=mwcpyrt.exe Description=Displays copyright information on IBM ThinkPads Source=Paul Collins Startup list [Core Process Aplication] Number=2318 Confirmed=X Filename=ccapl.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Core Process Aplication x16] Number=2319 Confirmed=X Filename=ccapl16.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [Core Process Aplication x32] Number=2320 Confirmed=X Filename=ccapl32.exe Description=Detected by Kaspersky as the SRAMLER.E TROJAN! See here Source=Paul Collins Startup list [Core System Hardware] Number=2321 Confirmed=X Filename=syscorehd.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [CoreCenter] Number=2322 Confirmed=U Filename=CoreCenter.exe Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking Source=Paul Collins Startup list [CoreCenter] Number=2323 Confirmed=U Filename=CORECE~1.EXE Description=MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking Source=Paul Collins Startup list [Corel Colleagues & Contacts Reminders] Number=2324 Confirmed=N Filename=cffrem.exe Description=Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office Source=Paul Collins Startup list [Corel Desktop Application Director] Number=2325 Confirmed=N Filename=dadx.exe Description=The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs Source=Paul Collins Startup list [Corel Family & Friends reminders] Number=2326 Confirmed=N Filename=CFFREM.EXE Description=Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic Source=Paul Collins Startup list [Corel Photo Downloader] Number=2327 Confirmed=N Filename=MediaDetect.exe Description=Related to Corel Photo Album Source=Paul Collins Startup list [Corel Registration] Number=2328 Confirmed=N Filename=Remind32.exe Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it Source=Paul Collins Startup list [Corel Registration Reminder] Number=2329 Confirmed=N Filename=Remind32.exe Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it Source=Paul Collins Startup list [Corel Reminder] Number=2330 Confirmed=N Filename=NAVBROWSER.EXE Description=If you don't want to register Corel products and be reminded about it every 2 weeks disable it Source=Paul Collins Startup list [Corel Reminder] Number=2331 Confirmed=N Filename=NAVBrowser.exe Description=Registration reminder for CorelDRAW 10 Source=Paul Collins Startup list [CorelCENTRAL 10] Number=2332 Confirmed=N Filename=I_26dadCC.exe Description=CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs Source=Paul Collins Startup list [CorelDraw Toolbox] Number=2333 Confirmed=X Filename=CorelDraw.exe Description=Added by the SDBOT-VZ WORM! Source=Paul Collins Startup list [CorelMedia FoldersIndexer8] Number=2334 Confirmed=N Filename=MFindexer.exe Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office Source=Paul Collins Startup list [CorelMedia FoldersIndexer8] Number=2335 Confirmed=N Filename=MFINDE~1.EXE Description=Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office Source=Paul Collins Startup list [CoreSrv] Number=2336 Confirmed=X Filename=coresrv.exe Description=Some IRC trojans/worms use this - see here for more information Source=Paul Collins Startup list [CORESYS] Number=2337 Confirmed=? Filename=coresys.exe Description=?? Source=Paul Collins Startup list [Corporate Microsoft Update] Number=2338 Confirmed=X Filename=uptask.exe Description=Added by the RBOT-GVB WORM! Source=Paul Collins Startup list [CorrectConnect] Number=2339 Confirmed=N Filename=CConnect.exe Description=Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available Source=Paul Collins Startup list [cosine] Number=2340 Confirmed=X Filename=cosine.exe Description=Added by the RBOT-SW WORM! Source=Paul Collins Startup list [CostAware] Number=2341 Confirmed=U Filename=niIPCApp.exe Description=NetInternals CostAware - download quota measuring tool Source=Paul Collins Startup list [Counterstrike Service Agent] Number=2342 Confirmed=X Filename=czrzns.exe Description=Added by the MEDBOT.AR WORM! Source=Paul Collins Startup list [Country Select] Number=2343 Confirmed=N Filename=pctptt.exe Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required Source=Paul Collins Startup list [CountrySelection] Number=2344 Confirmed=N Filename=pctptt.exe Description=Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required Source=Paul Collins Startup list [Coupon Offers] Number=2345 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [couponica] Number=2346 Confirmed=X Filename=couponica.exe Description=Adware - see here Source=Paul Collins Startup list [CP] Number=2347 Confirmed=? Filename=CopyProtectionNotifier.exe Description=Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition Source=Paul Collins Startup list [CP32NOT] Number=2348 Confirmed=U Filename=CP32BTN.EXE Description=For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons Source=Paul Collins Startup list [CP4HPOT] Number=2349 Confirmed=U Filename=OneTouch.EXE Description=One Touch keyboard driver. Required if you use the additional keys Source=Paul Collins Startup list [CP888M1] Number=2350 Confirmed=N Filename=CP888M1.EXE Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops Source=Paul Collins Startup list [CPA9P2PSERVER] Number=2351 Confirmed=? Filename=CPA9P2PS.exe Description=Found on a Compaq Presario but what is it? Source=Paul Collins Startup list [cpanel] Number=2352 Confirmed=X Filename=winlogin32.exe Description=Added by the RBOT-FOY WORM! Source=Paul Collins Startup list [CPATR10] Number=2353 Confirmed=U Filename=CPATR10.EXE Description=Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast Source=Paul Collins Startup list [CPBrWtch] Number=2354 Confirmed=U Filename=CPBrWtch.exe Description=Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return Source=Paul Collins Startup list [CPD_EXE] Number=2355 Confirmed=Y Filename=CPD.EXE Description=Firewall bundled with McAfee VirusScan 6.* Source=Paul Collins Startup list [cpl] Number=2356 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [cpl] Number=2357 Confirmed=X Filename=msgaol.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [cpl] Number=2358 Confirmed=X Filename=s_menu.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [cpl] Number=2359 Confirmed=X Filename=browse.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [CplBTQ00] Number=2360 Confirmed=N Filename=CplBTQ00.EXE Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops Source=Paul Collins Startup list [CPLDBL10] Number=2361 Confirmed=N Filename=CPLDBL10.exe Description=Related to EZbutton quick launcher for the Media player app that comes with certain laptops Source=Paul Collins Startup list [cpntmgc] Number=2362 Confirmed=X Filename=wincomp.exe Description=Added by the WINTRIM_A TROJAN! Source=Paul Collins Startup list [cpntmgc] Number=2363 Confirmed=X Filename=simcss.exe Description=Added by the MAGICON.A TROJAN! Source=Paul Collins Startup list [cpntmgc] Number=2364 Confirmed=X Filename=navpmc.exe Description=Added by the SIMCSS TROJAN! Source=Paul Collins Startup list [cpntmgc] Number=2365 Confirmed=X Filename=winmgts.exe Description=Added by the WINTRIM-B TROJAN! Source=Paul Collins Startup list [CPortPatch] Number=2366 Confirmed=? Filename=cppatch.exe Description=CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? Source=Paul Collins Startup list [CPQAcDc] Number=2367 Confirmed=Y Filename=CPQAcDc.exe Description=Compaq PowerCon power management software for laptops Source=Paul Collins Startup list [CPQAlert] Number=2368 Confirmed=U Filename=CPQAlert.exe Description=Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information Source=Paul Collins Startup list [CPQBootPerfDB] Number=2369 Confirmed=N Filename=CPQBootPerfDB.EXE Description=See the entry for Compaq Message Server Source=Paul Collins Startup list [CPQCalib] Number=2370 Confirmed=Y Filename=CPQCalib.exe Description=Compaq PowerCon power management software for laptops Source=Paul Collins Startup list [CPQDFWAG] Number=2371 Confirmed=N Filename=CpqDfwAg.exe Description=For Compaq PC's. Runs Compaq diagnostics on every boot Source=Paul Collins Startup list [CPQEASYACC] Number=2372 Confirmed=U Filename=cpqeadm.exe Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys Source=Paul Collins Startup list [CPQEASYACC] Number=2373 Confirmed=U Filename=StartEAK.exe Description=Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys Source=Paul Collins Startup list [CPQEASYACC] Number=2374 Confirmed=U Filename=STARTDRV.exe Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys Source=Paul Collins Startup list [cpqeaui] Number=2375 Confirmed=U Filename=cpqeaui.exe Description=For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys Source=Paul Collins Startup list [cpqek] Number=2376 Confirmed=U Filename=kcpqek.exe Description=For Compaq PC's. Easy Access button support for the keyboard Source=Paul Collins Startup list [CPQInet Runtime Service] Number=2377 Confirmed=U Filename=CpqInet.exe Description=For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers Source=Paul Collins Startup list [CPQINKAGENT] Number=2378 Confirmed=N Filename=cpqinkag.exe Description=That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) Source=Paul Collins Startup list [cpqns] Number=2379 Confirmed=U Filename=cpqnpcss.exe Description=Related to Compaq.Net - not required if you don't use that Source=Paul Collins Startup list [Cpqset] Number=2380 Confirmed=N Filename=PresRdy.exe Description=HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" Source=Paul Collins Startup list [CPQSTUTFIX] Number=2381 Confirmed=Y Filename=stutfix.exe Description=For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton Source=Paul Collins Startup list [CPQTEAM] Number=2382 Confirmed=U Filename=cpqteam.exe Description=This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool Source=Paul Collins Startup list [cpr] Number=2383 Confirmed=X Filename=cpr Description=Adroar.com adware downloader Source=Paul Collins Startup list [cprocsvc] Number=2384 Confirmed=X Filename=cproc.exe Description=Added by MSIL.AGENT.C TROJAN! Source=Paul Collins Startup list [CPU Manager] Number=2385 Confirmed=X Filename=cpumgr.exe Description=Added by the PANDEM.B WORM! Source=Paul Collins Startup list [CPU Temp Control] Number=2386 Confirmed=X Filename=wuitgurd.exe Description=Added by the RBOT-AHV WORM! Source=Paul Collins Startup list [CPU Watcher] Number=2387 Confirmed=X Filename=rundll32.exe cpu.dll, load Description=Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [CPU Windows Status] Number=2388 Confirmed=X Filename=cpustats.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [CPUcool] Number=2389 Confirmed=U Filename=Cpucool.exe Description=Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [CPUMon] Number=2390 Confirmed=N Filename=CPUMon.exe Description="CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area" Source=Paul Collins Startup list [Cpusave] Number=2391 Confirmed=X Filename=Cpusave.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Cpusave32] Number=2392 Confirmed=X Filename=Cpusave32.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [CPVHOST Settings] Number=2393 Confirmed=X Filename=cpvhost.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [cpyt] Number=2394 Confirmed=X Filename=hidep.exe Description=Added by the MIRJACK-A TROJAN! Source=Paul Collins Startup list [cqlyg] Number=2395 Confirmed=X Filename=world_cup_.bat Description=Added by the WCUP.A WORM! Source=Paul Collins Startup list [CQSCP2P SERVER] Number=2396 Confirmed=? Filename=?? Description="Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed Source=Paul Collins Startup list [CQSCP2PS] Number=2397 Confirmed=? Filename=?? Description="Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed Source=Paul Collins Startup list [Cr**.exe [* = random char]] Number=2398 Confirmed=X Filename=Cr**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Cr**.exe [* = random char]] Number=2399 Confirmed=X Filename=Cr**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Cr**32.exe [* = random char]] Number=2400 Confirmed=X Filename=Cr**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [cracked_windows1] Number=2401 Confirmed=U Filename=cracked_windows1.exe Description=Cracked Windows popup killer Source=Paul Collins Startup list [CrazyTalk Serve] Number=2402 Confirmed=N Filename=rundll32.exe CrazyTalk.dll, DIIServeMediaFile Description=CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS Source=Paul Collins Startup list [CRBroadCasting] Number=2403 Confirmed=U Filename=CRBroadCasting.exe Description=CardReader2 from On Track Inovations Ltd. USB Card Reader Source=Paul Collins Startup list [CRC Value Verifier] Number=2404 Confirmed=X Filename=crsss32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [CRC Value Verifier] Number=2405 Confirmed=X Filename=Crsss64.exe Description=Added by the RBOT-NY WORM! Source=Paul Collins Startup list [CRC Value Verifier] Number=2406 Confirmed=X Filename=svchost32.exe Description=Added by the RBOT-OA WORM! Source=Paul Collins Startup list [CRC Value Verifier] Number=2407 Confirmed=X Filename=crsss.exe Description=Added by the SPYBOT.UK WORM! Source=Paul Collins Startup list [Crc32stats Dependencies] Number=2408 Confirmed=U Filename=Pnpchk.exe Description=Aztech Labs Sound 3 PnP driver Source=Paul Collins Startup list [CRCSS] Number=2409 Confirmed=X Filename=crcss.exe Description=Added by the IRCBOT-TH WORM! Source=Paul Collins Startup list [Creata Mail] Number=2410 Confirmed=U Filename=JMSrvr.exe Description=Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express Source=Paul Collins Startup list [Create A Monster] Number=2411 Confirmed=X Filename=createAMonster.exe Description=Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related Source=Paul Collins Startup list [CreateCD] Number=2412 Confirmed=N Filename=Createcd.exe Description=Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs Source=Paul Collins Startup list [CreateCD50] Number=2413 Confirmed=N Filename=Createcd50.exe Description=Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs Source=Paul Collins Startup list [Creates stractures for system management] Number=2414 Confirmed=X Filename=stacture.exe Description=Added by the SDBOT-DHS WORM! Source=Paul Collins Startup list [Creative AGP Wizard] Number=2415 Confirmed=N Filename=agpwiz.exe Description=Part of Creative's BlasterControl Source=Paul Collins Startup list [Creative Audio Drivers] Number=2416 Confirmed=X Filename=creative.exe Description=Added by the RBOT-FKR WORM! Source=Paul Collins Startup list [Creative Detector] Number=2417 Confirmed=N Filename=CTDetect.exe Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again Source=Paul Collins Startup list [Creative Launcher] Number=2418 Confirmed=N Filename=CTLauncher.exe Description=For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs Source=Paul Collins Startup list [Creative Live! Cam Manager] Number=2419 Confirmed=U Filename=CTLCMgr.exe Description=Creative Live! Cam Manager Source=Paul Collins Startup list [Creative MediaSource Go] Number=2420 Confirmed=N Filename=CTCMSGo.exe Description="Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats" Source=Paul Collins Startup list [Creative MediaSource Go] Number=2421 Confirmed=N Filename=CTCMSGoU.exe Description=Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats" Source=Paul Collins Startup list [Creative PCI Audio Configuration Utility] Number=2422 Confirmed=N Filename=starter.exe Description=System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer Source=Paul Collins Startup list [Creative Service for CDROM Access] Number=2423 Confirmed=N Filename=Ctsvccda.exe Description=Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs Source=Paul Collins Startup list [Creative Software Update] Number=2424 Confirmed=N Filename=AutoUpdate.exe Description=Auto-updater for Creative Labs software Source=Paul Collins Startup list [Creative WebCam Tray] Number=2425 Confirmed=N Filename=Camtray.exe Description=Creative WebCam tray control - can be started manually Source=Paul Collins Startup list [Creative.exe] Number=2426 Confirmed=X Filename=Creative.exe Description=Added by the PROLIN WORM! Source=Paul Collins Startup list [CreativeDiscNotifier] Number=2427 Confirmed=N Filename=CTNOTIFY.EXE Description=For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [CreativeMixer] Number=2428 Confirmed=U Filename=CTMIX32.EXE Description=Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon Source=Paul Collins Startup list [CreativeTaskScheduler] Number=2429 Confirmed=? Filename=CTSched.exe Description=Creative Task Scheduler. What does it do and is it required? Source=Paul Collins Startup list [Critical Error Safe32] Number=2430 Confirmed=X Filename=GetWaylayer32.exe Description=Added by the RBOT.IAL WORM! Source=Paul Collins Startup list [Critical Update Check] Number=2431 Confirmed=X Filename=battlenet.exe Description=Added by the DELF-LB TROJAN! Source=Paul Collins Startup list [CriticalUpdate] Number=2432 Confirmed=N Filename=Wucrtupd.exe Description=MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site Source=Paul Collins Startup list [CriticalUpdate] Number=2433 Confirmed=X Filename=wucrtupd.exe Description=Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here Source=Paul Collins Startup list [crmssrlt] Number=2434 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [Crnsava] Number=2435 Confirmed=X Filename=scrnsave.pif Description=Added by the SDBOT-ZV WORM! Source=Paul Collins Startup list [cronos] Number=2436 Confirmed=X Filename=MARCO!.SCR Description=Added by the OPASERV.G WORM! Source=Paul Collins Startup list [CrossMenu] Number=2437 Confirmed=X Filename=CrossMenu Description=Toshiba CrossMenu Utility - allows the user to create their own menus Source=Paul Collins Startup list [CRP386 Networking] Number=2438 Confirmed=X Filename=crp386.exe Description=Added by the IRCBOT.N TROJAN! Source=Paul Collins Startup list [crs] Number=2439 Confirmed=X Filename=crs.exe Description=Added by the AGOBOT-TJ WORM! Source=Paul Collins Startup list [CRSSXP SysInfo] Number=2440 Confirmed=X Filename=crssxp.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Crusty] Number=2441 Confirmed=X Filename=dmcpl.exe Description=Added by the RUSTY WORM! Source=Paul Collins Startup list [cryptdlg] Number=2442 Confirmed=X Filename=cryptdlg.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [cryptoexpert] Number=2443 Confirmed=U Filename=cexpert.exe Description=CryptoExpert from SecureAction Research. Advanced on the fly encryption system Source=Paul Collins Startup list [Cryptographic Service] Number=2444 Confirmed=X Filename=******.exe [* = random char] Description=Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! Source=Paul Collins Startup list [Crystal 3D Audio Control] Number=2445 Confirmed=? Filename=CWD3DSND.EXE Description=Crystal 3D Audio sound driver. Is it required? Source=Paul Collins Startup list [CS Update] Number=2446 Confirmed=X Filename=copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll Description=Added by an unidentified malware Source=Paul Collins Startup list [csaRem] Number=2447 Confirmed=N Filename=spqmdmui.exe Description=Compaq modem country selection Source=Paul Collins Startup list [CSAV_CheckViruses] Number=2448 Confirmed=Y Filename=vchk.exe Description=Command Antivirus related Source=Paul Collins Startup list [csc] Number=2449 Confirmed=U Filename=csc.exe Description=Command line compiler for Microsoft C# it gets installed with the .NET SDK Source=Paul Collins Startup list [cscripts] Number=2450 Confirmed=X Filename=cscripts.exe Description=Added by the BDOOR-AAP BACKDOOR! Source=Paul Collins Startup list [CSCRS Value] Number=2451 Confirmed=X Filename=cscrs.exe Description=Added by the RBOT-AAA WORM! Source=Paul Collins Startup list [CSCRS Value Check] Number=2452 Confirmed=X Filename=MsPMSPSd.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [CSINJECT.EXE] Number=2453 Confirmed=U Filename=CSINJECT.EXE Description=Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes" Source=Paul Collins Startup list [csm Win Updates] Number=2454 Confirmed=X Filename=csm.exe Description=Added by the ZOTOB.B WORM! Source=Paul Collins Startup list [CSNetManagerXp] Number=2455 Confirmed=X Filename=isass.exe Description=Added by the HIDER-O TROJAN! Source=Paul Collins Startup list [csoftok] Number=2456 Confirmed=X Filename=softok.exe Description=Added by the QQPASS.G TROJAN! Source=Paul Collins Startup list [csos] Number=2457 Confirmed=X Filename=csos.exe Description=Added by the SDBOT-DFE WORM! Source=Paul Collins Startup list [csrs] Number=2458 Confirmed=X Filename=csrs.exe Description=Added by the GAOBOT.GEN!POLY WORM! Source=Paul Collins Startup list [csrsc] Number=2459 Confirmed=X Filename=csrsc.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [CSRSS] Number=2460 Confirmed=X Filename=CSRSS.EXE Description=Search page hijacker, redirecting to h**p://www.search-aide.com/. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Csrss] Number=2461 Confirmed=X Filename=csrss.exe Description=Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder Source=Paul Collins Startup list [csrss] Number=2462 Confirmed=X Filename=csrss.exe Description=Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [csrss] Number=2463 Confirmed=X Filename=csrss.exe Description=Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder Source=Paul Collins Startup list [csrss] Number=2464 Confirmed=X Filename=msmsgs.exe Description=Added by the CHODE-J WORM! Source=Paul Collins Startup list [csrss] Number=2465 Confirmed=X Filename=nwiz.exe Description=Added by the CHODE-J WORM! Source=Paul Collins Startup list [csrss] Number=2466 Confirmed=U Filename=csrss.exe Description=BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec Source=Paul Collins Startup list [Csrss] Number=2467 Confirmed=X Filename=CSRSS.EXE Description=Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS Source=Paul Collins Startup list [csrss] Number=2468 Confirmed=X Filename=ssms.exe Description=Added by an unidentified malware Source=Paul Collins Startup list [Csrss Host] Number=2469 Confirmed=X Filename=csrhost.exe Description=Detected by Trend Micro as the IRCBOT.BIZ WORM! See here Source=Paul Collins Startup list [CSRSS Loader] Number=2470 Confirmed=X Filename=csrsss.exe Description=Added by the AGOBOT.TX WORM! Source=Paul Collins Startup list [csrss.exe] Number=2471 Confirmed=X Filename=csrss.exe Description=Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [csrssLevel4] Number=2472 Confirmed=X Filename=csrss.exe Description=Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Level4" subfolder Source=Paul Collins Startup list [CSRSSU] Number=2473 Confirmed=X Filename=CSRSSU.exe Description=CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! Source=Paul Collins Startup list [CSRSSW] Number=2474 Confirmed=X Filename=CSRSSW.EXE Description=Added by the CWS-F TROJAN! Source=Paul Collins Startup list [CSRSWIN] Number=2475 Confirmed=X Filename=[trojan filename] Description=Added by the WINSHELL.50 TROJAN! Source=Paul Collins Startup list [CSRSX] Number=2476 Confirmed=X Filename=[trojan filename] Description=Added by the WINSHELL.50.B TROJAN! Source=Paul Collins Startup list [csrvss] Number=2477 Confirmed=X Filename=csrvss.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [CSS Server] Number=2478 Confirmed=U Filename=CSSServer.exe Description=ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [cssauth] Number=2479 Confirmed=U Filename=cssauth.exe Description=Related to IBM ThinkVantage Client Security Solution Source=Paul Collins Startup list [cssauthe] Number=2480 Confirmed=? Filename=cssauthe.exe Description=Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?" Source=Paul Collins Startup list [CSScheduleCheck] Number=2481 Confirmed=Y Filename=SCHWIZEX.EXE Description=Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot Source=Paul Collins Startup list [cssrs] Number=2482 Confirmed=X Filename=cssrs.exe Description=Added by the BANCBAN-DW TROJAN! Source=Paul Collins Startup list [csss] Number=2483 Confirmed=X Filename=Csss.exe Description=Added by the BALICK TROJAN! Source=Paul Collins Startup list [CSS_Central] Number=2484 Confirmed=U Filename=CSS_1631.EXE Description=CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central? provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console" Source=Paul Collins Startup list [CSV10P1] Number=2485 Confirmed=X Filename=CSP001.exe Description=ClearSearch adware Source=Paul Collins Startup list [CSV10P70] Number=2486 Confirmed=X Filename=CSv10P070.exe Description=ClearSearch adware Source=Paul Collins Startup list [CSV7P26] Number=2487 Confirmed=X Filename=CSV7P26.exe Description=ClearSearch adware Source=Paul Collins Startup list [CSV7P70] Number=2488 Confirmed=X Filename=CSV7P070.exe Description=ClearSearch adware Source=Paul Collins Startup list [CSV7P91] Number=2489 Confirmed=X Filename=CSV7P91.exe Description=ClearSearch adware Source=Paul Collins Startup list [csvdea] Number=2490 Confirmed=U Filename=csvdea.exe Description=SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [csvhost.exe] Number=2491 Confirmed=X Filename=csvhost.exe Description=Added by the CIMUZ-BD TROJAN! Source=Paul Collins Startup list [ct] Number=2492 Confirmed=Y Filename=ct.exe Description=ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it Source=Paul Collins Startup list [CT Control Settings] Number=2493 Confirmed=X Filename=CTSVCCD.EXE Description=Added by the RBOT-YS WORM! Source=Paul Collins Startup list [CTAPR2] Number=2494 Confirmed=U Filename=CTAPR2.exe Description=Console Launcher for the Creative Sound Blaster X-Fi series Source=Paul Collins Startup list [CTAVTray] Number=2495 Confirmed=N Filename=CTAvTray.exe Description=For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ Source=Paul Collins Startup list [CTCMonitor] Number=2496 Confirmed=U Filename=CTCMonitor.exe Description=Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required Source=Paul Collins Startup list [CTDrive] Number=2497 Confirmed=X Filename=rundll32.exe drvmod.dll Description=Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [CTDVDDet] Number=2498 Confirmed=N Filename=CTDVDDet.exe Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again Source=Paul Collins Startup list [CTDVDDet] Number=2499 Confirmed=N Filename=CTDetect.exe Description=Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again Source=Paul Collins Startup list [ctf.exe] Number=2500 Confirmed=X Filename=ctf.exe Description=Added by a variant of the BIFROSE TROJAN! Source=Paul Collins Startup list [ctflog manager] Number=2501 Confirmed=X Filename=ctflog.exe Description=Added by the DONBOMB.A TROJAN! Source=Paul Collins Startup list [CTFM0N.exe] Number=2502 Confirmed=X Filename=CTFM0N.exe Description=Added by the STARTPAGE.P TROJAN! Source=Paul Collins Startup list [ctfmon] Number=2503 Confirmed=U Filename=ctfmon.exe Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example Source=Paul Collins Startup list [ctfmon] Number=2504 Confirmed=X Filename=taskmgr32*.exe [* = number] Description=Added by the SOWSAT.B WORM! Source=Paul Collins Startup list [ctfmon] Number=2505 Confirmed=X Filename=cftmon.exe Description=Added by the DELIVE-A TROJAN! Note - this file is found in C:\Windows or C:\Winnt and is not the valid MS Office file of the same name (see here) Source=Paul Collins Startup list [ctfmon] Number=2506 Confirmed=X Filename=mIRC.dll Description=Added by the DELBOT-E TROJAN! Source=Paul Collins Startup list [ctfmon] Number=2507 Confirmed=X Filename=WinConst.exe Description=Added by the ASSASIN-G TROJAN! Source=Paul Collins Startup list [CTFMon] Number=2508 Confirmed=U Filename=ctfmon.exe Description=Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %System%\CTF Source=Paul Collins Startup list [ctfmon] Number=2509 Confirmed=X Filename=msnmsgr.exe Description=Added by the JV TROJAN! Source=Paul Collins Startup list [Ctfmon.exe] Number=2510 Confirmed=X Filename=ctfmon32.exe Description=CoolWebSearch Ctfmon32 parasite variant Source=Paul Collins Startup list [ctfmon.exe] Number=2511 Confirmed=X Filename=ctfmon.exe Description=Added by the RAIDYS TROJAN! Note - this should not be confused with the valid Office XP file, see here Source=Paul Collins Startup list [ctfmon.exe] Number=2512 Confirmed=X Filename=msupdate32.exe Description=Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe Source=Paul Collins Startup list [ctfmon.exe] Number=2513 Confirmed=U Filename=ctfmon.exe Description=CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example Source=Paul Collins Startup list [ctfmon.exe] Number=2514 Confirmed=X Filename=ctfmon.exe eminem.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [CTFMON32] Number=2515 Confirmed=X Filename=CTFMON32.EXE Description=CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN! Source=Paul Collins Startup list [ctfmon32] Number=2516 Confirmed=X Filename=[random filename].exe Description=Added by the RBOT-GSN WORM! Source=Paul Collins Startup list [ctfmona] Number=2517 Confirmed=X Filename=ctfmona.exe Description=AntiVirusPro misleading security software - not recommended, see here Source=Paul Collins Startup list [CTFMONSS] Number=2518 Confirmed=X Filename=CTFMONSS.EXE Description=Added by the CWS-F TROJAN! Source=Paul Collins Startup list [ctfmun] Number=2519 Confirmed=X Filename=ctfmun.exe Description=Detected by Trend Micro as AGENT.ACEZ spyware - see here Source=Paul Collins Startup list [ctfnnon] Number=2520 Confirmed=X Filename=ctfmon.exe Description=Detected by Kaspersky as the TURKOJAN.IL BACKDOOR! See here. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% Source=Paul Collins Startup list [ctfnom] Number=2521 Confirmed=X Filename=rundIl32.exe Description=Added by the LEGMIR-AW TROJAN! Source=Paul Collins Startup list [ctfnom.exe] Number=2522 Confirmed=X Filename=SVOHOST.exe Description=Added by the DIGIDOR-A TROJAN! Source=Paul Collins Startup list [ctfnom.exe] Number=2523 Confirmed=X Filename=OSRSS.exe Description=Added by the DLOADER-UQ TROJAN! Source=Paul Collins Startup list [cthelp] Number=2524 Confirmed=X Filename=cthelp.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [CTHELPER] Number=2525 Confirmed=U Filename=CTHELPER.EXE Description=CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it Source=Paul Collins Startup list [CTHelper] Number=2526 Confirmed=X Filename=cthelper.exe Description=Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here Source=Paul Collins Startup list [CTime] Number=2527 Confirmed=X Filename=[path to trojan] Description=Added by the HTTPDOS TROJAN! Source=Paul Collins Startup list [CTin10] Number=2528 Confirmed=X Filename=CTin10.exe Description=Added by the BANCOS.E TROJAN! Source=Paul Collins Startup list [CtModule] Number=2529 Confirmed=X Filename=CtModule.exe Description=Added by the CLICKER-EG TROJAN! Source=Paul Collins Startup list [CTMON.EXE] Number=2530 Confirmed=X Filename=cfmon.exe Description=Added by the CLCKR-AN TROJAN! Source=Paul Collins Startup list [CTNMRUN] Number=2531 Confirmed=U Filename=ctnmrun.exe Description=Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected Source=Paul Collins Startup list [CTPDPSRV] Number=2532 Confirmed=? Filename=CTPDPSRV.EXE Description=Printer driver (in the WINDOWS\System32\spool\DRIVERS\W32\X86 folder). Is it required? Source=Paul Collins Startup list [CTPerformanceUtility] Number=2533 Confirmed=N Filename=CTPowUti.exe Description=Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [ctpmon] Number=2534 Confirmed=X Filename=ctpmon.exe Description=System Registry Cleaner - stealth installed foistware from sysregistry.com Source=Paul Collins Startup list [CTRegRun] Number=2535 Confirmed=N Filename=CTRegRun.exe Description=For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative Source=Paul Collins Startup list [CtrlVol] Number=2536 Confirmed=U Filename=CtrlVol.exe Description=Volume control key on Acer, Fujitsu and other laptops Source=Paul Collins Startup list [CTSched] Number=2537 Confirmed=? Filename=CTSched.exe Description=Creative Task Scheduler. What does it do and is it required? Source=Paul Collins Startup list [CTStartup] Number=2538 Confirmed=N Filename=CTEaxSpl.exe Description=Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard Source=Paul Collins Startup list [CTSVolFE] Number=2539 Confirmed=U Filename=CTSVolFE.exe Description=Creative Labs Mixer applet for the Sound Blaster Audigy Source=Paul Collins Startup list [CTSVolFE.exe] Number=2540 Confirmed=U Filename=CTSVolFE.exe Description=Creative Labs Mixer applet for the Sound Blaster Audigy Source=Paul Collins Startup list [CTSyncU.exe] Number=2541 Confirmed=N Filename=CTSyncU.exe Description=Creative Sync Manager - synchronizes music tracks on your computer with your player Source=Paul Collins Startup list [CTsysVol] Number=2542 Confirmed=U Filename=CTSYSVOL.exe Description=Creative sound card volume controls Source=Paul Collins Startup list [cttdpsrv] Number=2543 Confirmed=? Filename=cttdpsrv.exe Description=?? Source=Paul Collins Startup list [CTUpdate] Number=2544 Confirmed=X Filename=ctupdclt.exe Description=Added by the RBOT-ABG WORM! Source=Paul Collins Startup list [CTxfiHlp] Number=2545 Confirmed=N Filename=CTXFIHLP.EXE Description=Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card Source=Paul Collins Startup list [CTXFIREG] Number=2546 Confirmed=N Filename=CTxfiReg.exe Description=Creative Labs sound card driver related. It appears that it isn't required and maybe registration related Source=Paul Collins Startup list [Ctykd] Number=2547 Confirmed=X Filename=[path to file] Description=SMALL.SN spyware Source=Paul Collins Startup list [CTZDetec.exe] Number=2548 Confirmed=N Filename=CTZDetec.exe Description=Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player Source=Paul Collins Startup list [CU1] Number=2549 Confirmed=X Filename=VCClient.exe Description=Associated with the Surf Sidekick adware and should be removed Source=Paul Collins Startup list [CU2] Number=2550 Confirmed=X Filename=VCMain.exe Description=Associated with the Surf Sidekick adware and should be removed Source=Paul Collins Startup list [cuagentExe] Number=2551 Confirmed=Y Filename=Cuagent.exe Description=Command Antivirus related Source=Paul Collins Startup list [CueX44] Number=2552 Confirmed=X Filename=Dago.exe Description=Added by the PUNYA-B WORM! Source=Paul Collins Startup list [CueX44_stil_here] Number=2553 Confirmed=X Filename=WINLOGON.EXE Description=Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [cuo] Number=2554 Confirmed=X Filename=cuo.exe Description=Added by the BUGBEAR.A WORM! Source=Paul Collins Startup list [Current Security Config] Number=2555 Confirmed=X Filename=csecure.exe Description=Added by the RBOT-AMO WORM! Source=Paul Collins Startup list [CurseClient] Number=2556 Confirmed=N Filename=CurseClient.exe Description=CurseClient add-on manager for World of Warcraft and Warhammer Online games Source=Paul Collins Startup list [cursor] Number=2557 Confirmed=N Filename=Screendragon_VS_Taskbar.exe Description=ScreenDragon video player Source=Paul Collins Startup list [CursorXP] Number=2558 Confirmed=N Filename=CursorXP.exe Description=CursorXP from Stardock - tool for creating mouse cursors Source=Paul Collins Startup list [Curtain] Number=2559 Confirmed=U Filename=Curtain.exe Description=Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray" Source=Paul Collins Startup list [Customizer2000] Number=2560 Confirmed=U Filename=logon.exe Description=Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes" Source=Paul Collins Startup list [CuteMX] Number=2561 Confirmed=N Filename=CuteMX.EXE Description=File sharing utility Source=Paul Collins Startup list [Cvfjx] Number=2562 Confirmed=X Filename=ANACON.EXE Description=Added by the NACO.A WORM! Source=Paul Collins Startup list [cvmonitor.exe] Number=2563 Confirmed=X Filename=cvmonitor.exe Description=Added by the SDBOT.BV WORM! Source=Paul Collins Startup list [cvmsyslpd] Number=2564 Confirmed=X Filename=sdservss.exe Description=Added by the MAILBOT-BY TROJAN! Source=Paul Collins Startup list [CVPND] Number=2565 Confirmed=Y Filename=cvpnd.exe Description=Sub-system used by Cisco VPN client for making a connection to a remote IPSec server Source=Paul Collins Startup list [CW] Number=2566 Confirmed=U Filename=cw4.exe Description=Chat Watch "is a monitoring and logging software for online chat and instant messaging programs" Source=Paul Collins Startup list [CWatch] Number=2567 Confirmed=U Filename=cw.exe Description=ChatWatch - chat monitoring tool Source=Paul Collins Startup list [cwbckver] Number=2568 Confirmed=N Filename=cwbckver.exe Description=Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources Source=Paul Collins Startup list [cwbinhlp] Number=2569 Confirmed=N Filename=cwbinhlp.exe Description=Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries Source=Paul Collins Startup list [cwbsvstr] Number=2570 Confirmed=N Filename=cwbsvstr.exe Description=Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources Source=Paul Collins Startup list [cwbwlwiz] Number=2571 Confirmed=? Filename=cwbwlwiz.exe Description=Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required? Source=Paul Collins Startup list [Cwcdschk.exe] Number=2572 Confirmed=? Filename=Cwcdschk.exe Description=IBM Thinkpad related? Source=Paul Collins Startup list [cwcptray] Number=2573 Confirmed=U Filename=cwcptray.exe Description=Related to ContentWatch Parental Control internet filter Source=Paul Collins Startup list [cwingllib] Number=2574 Confirmed=X Filename=atllsimm.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [cwupdate] Number=2575 Confirmed=U Filename=cwupdate.exe Description=ContentProtect from ContentWatch - internet filter Source=Paul Collins Startup list [CXMon] Number=2576 Confirmed=N Filename=Hpi_Monitor.exe Description=Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs Source=Paul Collins Startup list [Cyber] Number=2577 Confirmed=N Filename=cyberchk.exe Description=Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed Source=Paul Collins Startup list [Cyber Trio] Number=2578 Confirmed=U Filename=showmode.exe Description=From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs Source=Paul Collins Startup list [Cyber-Defender 2003] Number=2579 Confirmed=U Filename=uwcdsvr.exe Description=Cyber Defender 2003 Source=Paul Collins Startup list [Cyber-shot Viewer Media Check Tool] Number=2580 Confirmed=? Filename=SPUVolumeWatcher.exe Description=Part of the Sony Picture Uility software supplied with Sony Cybershot digital cameras. What does it do and is it required? Source=Paul Collins Startup list [cyberfree.exe] Number=2581 Confirmed=X Filename=****.dat [* = random char] Description=Unidentified adware Source=Paul Collins Startup list [Cyberhawk] Number=2582 Confirmed=U Filename=CHTray.exe Description=Cyberhawk from Novatix. Protects against viruses, spyware, identity theft Source=Paul Collins Startup list [CyberLat Ram Cleaner] Number=2583 Confirmed=U Filename=CLRamCleaner.exe Description=CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [CyberLat Ram Cleaner] Number=2584 Confirmed=U Filename=CyberLat Ram Cleaner 1.1.exe Description=CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [CyberMedia Agent] Number=2585 Confirmed=N Filename=CMAGENT.EXE Description=Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled Source=Paul Collins Startup list [CyberPatrolNew] Number=2586 Confirmed=U Filename=cphq.exe Description="CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today" Source=Paul Collins Startup list [CyberWolf] Number=2587 Confirmed=X Filename=CyberWolf.exe Description=Added by the KICKIN.A (or CYDOG.C) WORM! Source=Paul Collins Startup list [CyDoor] Number=2588 Confirmed=X Filename=CD_Load.exe Description=Adware. Check here for information about Cy-Door and here for a program that can remove it Source=Paul Collins Startup list [CydoorUpdate] Number=2589 Confirmed=X Filename=CD_Load.exe Description=Adware. Check here for information about Cy-Door and here for a program that can remove it Source=Paul Collins Startup list [CYNHKey] Number=2590 Confirmed=? Filename=CYNHKey.exe Description=?? Source=Paul Collins Startup list [CyphTray] Number=2591 Confirmed=N Filename=CyphTray.exe Description=Cypherus - encryption software Source=Paul Collins Startup list [CypressLinkMon] Number=2592 Confirmed=U Filename=CypressLinkMon.exe Description=Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC" Source=Paul Collins Startup list [D SYSTEM] Number=2593 Confirmed=X Filename=dd.exe Description=Added by the MYTOB-FN WORM! Source=Paul Collins Startup list [D-Link Air USB Utility] Number=2594 Confirmed=Y Filename=AirCFG.exe Description=D-Link wireless PCI adapter related Source=Paul Collins Startup list [D-Link Air Utility] Number=2595 Confirmed=Y Filename=AirCFG.exe Description=D-Link wireless PCI adapter related Source=Paul Collins Startup list [D-Link AirPlus DWL-650+ Utility] Number=2596 Confirmed=N Filename=WLANMON.exe Description=D-Link Air Plus Wireless PC modem connection monitor Source=Paul Collins Startup list [D-Link AirPlus G] Number=2597 Confirmed=Y Filename=AirGCFG.exe Description=D-Link Airplus Wireless Router driver Source=Paul Collins Startup list [D-Link AirPlus G Wireless Utility] Number=2598 Confirmed=Y Filename=AirPlus.exe Description=D-Link AirPlus G wireless configuration and monitoring utility Source=Paul Collins Startup list [D-Link AirPlus XtremeG] Number=2599 Confirmed=U Filename=AirPlusCFG.exe Description=D-Link AirPlus XtremeG wireless configuration utility Source=Paul Collins Startup list [D066UUtility] Number=2600 Confirmed=N Filename=D066UUTY.EXE Description=TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software Source=Paul Collins Startup list [D3**.exe [* = random char]] Number=2601 Confirmed=X Filename=D3**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [D3**32.exe [* = random char]] Number=2602 Confirmed=X Filename=D3**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [d3dupdate.exe] Number=2603 Confirmed=X Filename=bbeagle.exe Description=Added by the BEAGLE.A WORM! Source=Paul Collins Startup list [D4] Number=2604 Confirmed=U Filename=D4.exe Description=Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down Source=Paul Collins Startup list [dabrun] Number=2605 Confirmed=X Filename=rundll32.exe dabapi.dll, Rundll32 Description=SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [DACONFIGEXE] Number=2606 Confirmed=N Filename=daconfig.exe Description=3Com NIC Diagnostics. Available via Start -> Programs Source=Paul Collins Startup list [DadApp] Number=2607 Confirmed=Y Filename=dadapp.exe Description="DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell Source=Paul Collins Startup list [Daemon] Number=2608 Confirmed=N Filename=DAEMON32.EXE Description=Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs Source=Paul Collins Startup list [Daemon] Number=2609 Confirmed=U Filename=Daemon.exe Description=Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive Source=Paul Collins Startup list [Daemon] Number=2610 Confirmed=X Filename=daemon.exe c daemon2.exe Description=Added by the SELOTIMA.A WORM! Source=Paul Collins Startup list [DAEMON Tools] Number=2611 Confirmed=U Filename=daemon.exe Description=Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive Source=Paul Collins Startup list [DAEMON Tools Pro Agent] Number=2612 Confirmed=U Filename=DTProAgent.exe Description="DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called ?disc image? files, which run directly on your hard drive" Source=Paul Collins Startup list [DAEMON Tools-1033] Number=2613 Confirmed=U Filename=Daemon.exe Description=Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive Source=Paul Collins Startup list [dago] Number=2614 Confirmed=X Filename=fault.exe Description=Added by the PUNYA-A WORM! Source=Paul Collins Startup list [Daily Planner] Number=2615 Confirmed=N Filename=dayplan.exe Description=Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them Source=Paul Collins Startup list [Daily Weather Forecast] Number=2616 Confirmed=X Filename=weather.exe Description=Added by the DLOADER-IP TROJAN! Source=Paul Collins Startup list [DamedWare Services] Number=2617 Confirmed=X Filename=dwdrce.exe Description=Added by the RBOT-AOJ WORM! Source=Paul Collins Startup list [DanBtR270414] Number=2618 Confirmed=X Filename=DanBtR270414.exe Description=Added by the VB-NIB WORM! Source=Paul Collins Startup list [Dancer] Number=2619 Confirmed=U Filename=DncLE.exe Description=Part of Microsoft Plus! Digital Media Edition - see here Source=Paul Collins Startup list [Danton*] Number=2620 Confirmed=X Filename=[random filename] Description=Added by the DANTON TROJAN! where * = random number Source=Paul Collins Startup list [Dap] Number=2621 Confirmed=N Filename=DAP.exe Description=Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based Source=Paul Collins Startup list [dark] Number=2622 Confirmed=X Filename=imgst.scr Description=Added by the BANCOS.U TROJAN! Source=Paul Collins Startup list [dark] Number=2623 Confirmed=X Filename=imgrt.scr Description=Added by the BANCBAN-FH TROJAN! Source=Paul Collins Startup list [dark] Number=2624 Confirmed=X Filename=csrs.scr Description=Added by the BANCBAN-GT or BANCBAN-GU TROJANS! Source=Paul Collins Startup list [DarkDevil.Grasiele.BR] Number=2625 Confirmed=X Filename=Grasiele.VBS Description=Added by the LEMBRA WORM! Source=Paul Collins Startup list [DarKNesS LsasS] Number=2626 Confirmed=X Filename=LsasS23.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [DashIE] Number=2627 Confirmed=? Filename=N/A Description=Could be related to "Dash Power Shopping" tool bar in IE? Source=Paul Collins Startup list [daskaskfsak6] Number=2628 Confirmed=X Filename=dsfids6.exe Description=Added by the ONLINEG-J TROJAN! Source=Paul Collins Startup list [daskgfkkcx15] Number=2629 Confirmed=X Filename=dasdsaads15.exe Description=Added by the ONLINEG-Q TROJAN! Source=Paul Collins Startup list [dasxdads] Number=2630 Confirmed=X Filename=fsdqd.exe Description=Added by the GAOBOT.BIQ WORM! Source=Paul Collins Startup list [Data] Number=2631 Confirmed=X Filename=System.dat.vbs Description=Added by the BISCUIT.A WORM! Source=Paul Collins Startup list [data] Number=2632 Confirmed=X Filename=msngs.exe Description=Added by the RBOT-ADQ WORM! Source=Paul Collins Startup list [Data LifeGuard] Number=2633 Confirmed=N Filename=BACKWE~1.EXE Description=Data LifeGuard diagnostic tools for Western Digital's series of hard drives Source=Paul Collins Startup list [Data LifeGuard LifeLine Lite installer] Number=2634 Confirmed=N Filename=DLGLI.EXE Description=Backweb installer - see here Source=Paul Collins Startup list [Data Restore Service] Number=2635 Confirmed=X Filename=prq8.exe Description=Added by the KELVIR.AI WORM! Source=Paul Collins Startup list [Data789] Number=2636 Confirmed=X Filename=Regedit.exe ....data789.tmp Description=Homepage hijacker Source=Paul Collins Startup list [DATABASE MySql] Number=2637 Confirmed=X Filename=[path] repcale.exe [path] beird.exe Description=Added by a variant of the RANDON.AN WORM! Source=Paul Collins Startup list [DataCaching] Number=2638 Confirmed=N Filename=FlashKsk.exe Description=SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon Source=Paul Collins Startup list [DataKeeper] Number=2639 Confirmed=U Filename=DataKeeper.exe Description=PowerQuest DataKeeper (now owned by Symantec) backup software Source=Paul Collins Startup list [DataLayer] Number=2640 Confirmed=U Filename=DataLayer.exe Description=Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on Source=Paul Collins Startup list [DataViz Inc Messenger] Number=2641 Confirmed=N Filename=DvzIncMsgr.exe Description=Installed with DataViz "Documents to Go" software Source=Paul Collins Startup list [DataViz Messenger] Number=2642 Confirmed=N Filename=DvzMsgr.exe Description=DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" Source=Paul Collins Startup list [Datcheck] Number=2643 Confirmed=X Filename=datcheck.exe Description=Added by the KEYPANIC TROJAN! Source=Paul Collins Startup list [Date Manager] Number=2644 Confirmed=X Filename=datemanager.exe Description=Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [Datechecker] Number=2645 Confirmed=? Filename=N/A Description=Could be related to this? Source=Paul Collins Startup list [DateMakerIntl] Number=2646 Confirmed=X Filename=DateMakerIntl.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [DAupdate] Number=2647 Confirmed=X Filename=DAupdate.exe Description=NavEnhance adware Source=Paul Collins Startup list [DAW9532.exe] Number=2648 Confirmed=? Filename=DAW9532.EXE Description=Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? Source=Paul Collins Startup list [DayToday] Number=2649 Confirmed=U Filename=DAYTODAY.EXE Description=DayToday from RoboMagic Software Corp. Displays the date on the taskbar Source=Paul Collins Startup list [DAZEL Delivery Agent] Number=2650 Confirmed=U Filename=DcDaemon.exe Description=Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP Source=Paul Collins Startup list [dbar_starter] Number=2651 Confirmed=X Filename=starter.exe Description=Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com Source=Paul Collins Startup list [DbgHlp32] Number=2652 Confirmed=X Filename=DbgHlp32.exe Description=Added by the WINKO.AO WORM! Source=Paul Collins Startup list [DBISQL9] Number=2653 Confirmed=U Filename=dbisqlg.exe Description=Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies Source=Paul Collins Startup list [dbserv] Number=2654 Confirmed=N Filename=dbserv.exe Description=Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled Source=Paul Collins Startup list [dc] Number=2655 Confirmed=X Filename=dc.exe Description=Added by the COIDUNG-A WORM! Source=Paul Collins Startup list [dc2k5] Number=2656 Confirmed=X Filename=SVIQ.EXE Description=Added by the COIDUNG-A WORM! Source=Paul Collins Startup list [DC300 Monitor] Number=2657 Confirmed=U Filename=cmonitor.exe Description=Monitor for a Acer DC300 digital camera Source=Paul Collins Startup list [DC6CW] Number=2658 Confirmed=X Filename=DC6CW.EXE Description=DriveCleaner misleading security program - not recommended, see here Source=Paul Collins Startup list [DC6_Check] Number=2659 Confirmed=X Filename=uwasdc.exe Description=WinAntiSpyware 2006 spyware remover - not recommended, see here Source=Paul Collins Startup list [DC6_check] Number=2660 Confirmed=X Filename=dc6_startupmon.exe Description=WinAntiVirus 2006 misleading virus software - not recommended, see here Source=Paul Collins Startup list [dc6_check] Number=2661 Confirmed=X Filename=dcmon.exe Description=SystemDoctor misleading security software - not recommended, see here Source=Paul Collins Startup list [DCE Manager] Number=2662 Confirmed=X Filename=dcemgr.exe Description=Added by the TUMAG TROJAN! Source=Paul Collins Startup list [DCfssvc] Number=2663 Confirmed=U Filename=dcfssvc.exe Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example Source=Paul Collins Startup list [dcfssve] Number=2664 Confirmed=U Filename=dcfssvc.exe Description=Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example Source=Paul Collins Startup list [Dcom System Patch] Number=2665 Confirmed=X Filename=Microsoft.exe Description=Added by the RANDEX.MS WORM! Source=Paul Collins Startup list [dcsm] Number=2666 Confirmed=X Filename=dcsm.exe Description=DriveCleaner rogue security software - not recommended, see here Source=Paul Collins Startup list [DDCActiveMenu] Number=2667 Confirmed=N Filename=DDCActiveMenu.exe Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [DDCM] Number=2668 Confirmed=N Filename=AolFix.exe Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once Source=Paul Collins Startup list [DDCMan] Number=2669 Confirmed=N Filename=DDCMan.exe Description=Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [ddeproc] Number=2670 Confirmed=X Filename=ddeproc.exe Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here Source=Paul Collins Startup list [ddhelper] Number=2671 Confirmed=U Filename=W815DM.EXE Description=Enuff Parental Control Software by Akrontech Source=Paul Collins Startup list [DDialler] Number=2672 Confirmed=X Filename=DDialler.exe Description=Adult content dialler Source=Paul Collins Startup list [ddivmwa] Number=2673 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [ddoctorv2] Number=2674 Confirmed=U Filename=sprtcmd.exe /P ddoctorv2 Description=Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service Source=Paul Collins Startup list [DDriver] Number=2675 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [DDriver] Number=2676 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [DDT] Number=2677 Confirmed=? Filename=N/A Description=?? Source=Paul Collins Startup list [DDWMon] Number=2678 Confirmed=U Filename=ddwmon.exe Description=Direct Disc Writer Event Monitor from TOSHIBA Source=Paul Collins Startup list [de32gen] Number=2679 Confirmed=X Filename=de32gen.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [DeadAIM] Number=2680 Confirmed=N Filename=rundll32.exe DeadAIM.ocm, ExportedCheckODLs Description=DeadAIM - feature enhancing product for AOL's Instant Messenger program Source=Paul Collins Startup list [DeadKitty] Number=2681 Confirmed=X Filename=DeadKitty.exe Description=Added by the DEADCAT-A WORM! Source=Paul Collins Startup list [DealHelperBrwsr] Number=2682 Confirmed=X Filename=dhbrwsr.exe Description=DealHelper adware Source=Paul Collins Startup list [DealHelperDown] Number=2683 Confirmed=X Filename=download.exe Description=DealHelper adware Source=Paul Collins Startup list [DealHelperUpdate] Number=2684 Confirmed=X Filename=DHUpdt.exe Description=DealHelper adware Source=Paul Collins Startup list [Death.exe] Number=2685 Confirmed=X Filename=Death.exe Description=Added by the DELF-ERW TROJAN! Source=Paul Collins Startup list [Debug] Number=2686 Confirmed=X Filename=DebugW32.exe Description=Added by the GUBED TROJAN! Source=Paul Collins Startup list [Debugger] Number=2687 Confirmed=X Filename=dbg32.exe Description=Added by the MYTOB-FW WORM! Source=Paul Collins Startup list [Debugger] Number=2688 Confirmed=X Filename=explorer32dbg.exe Description=Added by the CWS-M TROJAN! Source=Paul Collins Startup list [Debugger] Number=2689 Confirmed=X Filename=iexplore_dbg.exe Description=Added by the CWS-M TROJAN! Source=Paul Collins Startup list [debugger] Number=2690 Confirmed=X Filename=help.pif Description=Added by the DELF-DRA WORM! Source=Paul Collins Startup list [DebugMonitor] Number=2691 Confirmed=X Filename=debugmonitor.exe Description=Added by the MYDOOM.BG WORM! Source=Paul Collins Startup list [DeeEnEs] Number=2692 Confirmed=U Filename=DeeEnEs.exe Description=DeeEnEs - automatically updates a dynamic IP address when it changes Source=Paul Collins Startup list [deejay] Number=2693 Confirmed=X Filename=forboo.exe Description=Added by the FORBOT-AY WORM! Source=Paul Collins Startup list [Deewoo] Number=2694 Confirmed=X Filename=ncntnkwd.exe Description=Identified as a variant of the AdWare.Win32.ZenoSearch.am malware Source=Paul Collins Startup list [Default] Number=2695 Confirmed=X Filename=explore.vbs Description=Added by the ALLEM WORM! Source=Paul Collins Startup list [Default] Number=2696 Confirmed=X Filename=mtask.vbe Description=Added by the ALLEM WORM! Source=Paul Collins Startup list [default] Number=2697 Confirmed=X Filename=shell32.exe Description=Added by the BINGHE TROJAN! Source=Paul Collins Startup list [Default] Number=2698 Confirmed=X Filename=_default.pif Description=Added by the RUBBLE-C WORM! Source=Paul Collins Startup list [Default System Research] Number=2699 Confirmed=X Filename=vhchost.exe Description=Added by the TARNO.I TROJAN! Source=Paul Collins Startup list [Default web browser] Number=2700 Confirmed=X Filename=IexpIore.exe Description=Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" Source=Paul Collins Startup list [Default_Page_URL] Number=2701 Confirmed=X Filename=http://find.naupoint.com Description=Naupoint browser hijacker Source=Paul Collins Startup list [Default_Search_URL] Number=2702 Confirmed=X Filename=http://find.naupoint.com Description=Naupoint browser hijacker Source=Paul Collins Startup list [defender] Number=2703 Confirmed=X Filename=defender25.exe Description=DollarRevenue adware Source=Paul Collins Startup list [defender] Number=2704 Confirmed=X Filename=dfndref_7.exe Description=DollarRevenue adware Source=Paul Collins Startup list [defergui] Number=2705 Confirmed=? Filename=defergui.exe Description=Related to IBM Standard Software Installer. What does it do and is it required? Source=Paul Collins Startup list [defragm_check] Number=2706 Confirmed=X Filename=defragment.exe Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [defragsys] Number=2707 Confirmed=X Filename=svchost.exe Description=Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [defwatch] Number=2708 Confirmed=U Filename=defwatch.exe Description=Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis Source=Paul Collins Startup list [Deko550] Number=2709 Confirmed=U Filename=Deko550.exe Description=Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology Source=Paul Collins Startup list [Delay] Number=2710 Confirmed=U Filename=delayrun.exe Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers Source=Paul Collins Startup list [DelayLoad] Number=2711 Confirmed=X Filename=msprint.exe Description=Added by a variant of the Win32.Agent.ryo malware - see here Source=Paul Collins Startup list [Delayrun] Number=2712 Confirmed=U Filename=delayrun.exe Description=On HP PCs this program is used to help prevent conflicts or timing issues on fast computers Source=Paul Collins Startup list [DelayShred] Number=2713 Confirmed=N Filename=ShrCL.EXE Description=McAfee Delay Shreder - not required at startup. You can use QuickClean manually via McAfee Security Center and run it from there Source=Paul Collins Startup list [delcab] Number=2714 Confirmed=? Filename=deltreew.exe C:\cabs Description=?? Source=Paul Collins Startup list [Delete Me] Number=2715 Confirmed=X Filename=worm.exe Description=Added by the DOOMHUNTER WORM! Source=Paul Collins Startup list [DeleteHistoryFree] Number=2716 Confirmed=U Filename=dhf.exe Description=Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" Source=Paul Collins Startup list [Dell AIO Printer A920] Number=2717 Confirmed=U Filename=dlbkbmgr.exe Description=System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons Source=Paul Collins Startup list [Dell AIO Printer A940] Number=2718 Confirmed=U Filename=dlbabmgr.exe Description=System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons Source=Paul Collins Startup list [Dell AIO Printer A960] Number=2719 Confirmed=U Filename=dlbfbmgr.exe Description=System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons Source=Paul Collins Startup list [Dell Alert] Number=2720 Confirmed=N Filename=DAMon.exe Description="Dell Alert" utility, that's supposed to make interaction with Support easier Source=Paul Collins Startup list [Dell Photo AIO Printer 922] Number=2721 Confirmed=U Filename=dlbtbmgr.exe Description=System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons Source=Paul Collins Startup list [Dell Photo AIO Printer 942] Number=2722 Confirmed=U Filename=dlbubmgr.exe Description=System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons Source=Paul Collins Startup list [Dell Photo AIO Printer 962] Number=2723 Confirmed=U Filename=dlbxmon.exe Description=DellPhoto AIO Printer 962 Device Monitor Source=Paul Collins Startup list [Dell QuickSet] Number=2724 Confirmed=N Filename=quickset.exe Description=Dell taskbar icon allowing you to quickly change settings Source=Paul Collins Startup list [DELL Webcam Manager] Number=2725 Confirmed=N Filename=DellWMgr.exe Description=Dell Webcam Manager - Webcam management software provided on Dell PCs Source=Paul Collins Startup list [Dell Wireless Manager UI] Number=2726 Confirmed=N Filename=wltray.exe Description=System tray access to wireless LAN card configuration options Source=Paul Collins Startup list [DellDMI] Number=2727 Confirmed=? Filename=delldmi.exe Description=Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? Source=Paul Collins Startup list [DELLMMKB] Number=2728 Confirmed=U Filename=DELLMMKB.EXE Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys Source=Paul Collins Startup list [DellSC] Number=2729 Confirmed=N Filename=dellsc.exe Description=Dell Solution Center - web-based troubleshooting tools and educational offerings Source=Paul Collins Startup list [DellSupport] Number=2730 Confirmed=U Filename=DSAgnt.exe Description=Dell Support Agent offers additional support and update features for your Dell computer or laptop Source=Paul Collins Startup list [DellSupportCenter] Number=2731 Confirmed=U Filename=sprtcmd.exe /P DellSupportCenter Description=Dell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service Source=Paul Collins Startup list [DellTouch] Number=2732 Confirmed=U Filename=MMKeybd.exe Description=Dell multimedia keyboard manager. Required if you use the additional keys Source=Paul Collins Startup list [DellTouch] Number=2733 Confirmed=U Filename=DELLMMKB.EXE Description=Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys Source=Paul Collins Startup list [DellTransferAgent] Number=2734 Confirmed=? Filename=TransferAgent.exe Description=Found on Dell computers. What does it do and is it required? Source=Paul Collins Startup list [delmsbb] Number=2735 Confirmed=X Filename=delmsbb.exe Description=NCase adware Source=Paul Collins Startup list [delsaap] Number=2736 Confirmed=X Filename=delsaap.exe Description=NCase adware Source=Paul Collins Startup list [delstart] Number=2737 Confirmed=? Filename=delstart.exe Description=Reportedly part of BT ISP software - what does it do and is it required in startup? Source=Paul Collins Startup list [delsubmit] Number=2738 Confirmed=X Filename=rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [DeltaIITaskbarApp] Number=2739 Confirmed=U Filename=DeltaIITray.exe Description=System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards Source=Paul Collins Startup list [DelTmp] Number=2740 Confirmed=? Filename=DelTemp.exe Description=Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? Source=Paul Collins Startup list [DeltTray] Number=2741 Confirmed=N Filename=deltray.exe Description=System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel Source=Paul Collins Startup list [DeluxeCommunications] Number=2742 Confirmed=X Filename=Dxc.exe Description=Deluxe Communications, a SurfSideKick adware variant Source=Paul Collins Startup list [DELXP Protocol] Number=2743 Confirmed=X Filename=delxp.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [demon] Number=2744 Confirmed=? Filename=demon.exe Description=Part of the French Wanadoo ADSL extense pack. What does it do and is it required? Source=Paul Collins Startup list [Deneca] Number=2745 Confirmed=X Filename=Virus salvado Description=Added by the DELUZ VIRUS! Source=Paul Collins Startup list [DepFrez] Number=2746 Confirmed=U Filename=frzstate.exe Description=Deep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example Source=Paul Collins Startup list [Description of Shortcuts] Number=2747 Confirmed=? Filename=*.exe Description=* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) Source=Paul Collins Startup list [Desire] Number=2748 Confirmed=X Filename=desires.exe Description=Adult content dialler Source=Paul Collins Startup list [desk-top-service] Number=2749 Confirmed=? Filename=desk-top-service.exe Description=?? Source=Paul Collins Startup list [DeskAd Service] Number=2750 Confirmed=X Filename=DeskAdServ.exe Description=DeskAd.Service adware Source=Paul Collins Startup list [DeskColor] Number=2751 Confirmed=N Filename=DESKCOLOR.EXE Description=Provides transparent icon text backgrounds and coloured icon text Source=Paul Collins Startup list [Deskflag] Number=2752 Confirmed=N Filename=Deskflag.exe Description=DeskFlag - animated USA flag on the desktop Source=Paul Collins Startup list [DeskMateAutoUpdate] Number=2753 Confirmed=X Filename=DeskMateAutoUpdate.exe Description=DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related Source=Paul Collins Startup list [Desksite CMA] Number=2754 Confirmed=? Filename=APMSRV9X.EXE Description=Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? Source=Paul Collins Startup list [DeskSlide] Number=2755 Confirmed=U Filename=DeskSlide.exe Description="DeskSlide is utility for automating wallpaper changes on your desktop" Source=Paul Collins Startup list [Desktop] Number=2756 Confirmed=X Filename=rundll32.exe msconfd.dll, Restore ControlPanel Description=Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [desktop] Number=2757 Confirmed=X Filename=desktop.exe Description=Added by the SDBOT.MD WORM! Source=Paul Collins Startup list [Desktop] Number=2758 Confirmed=X Filename=Desktop.com Description=Added by the VB-DRN WORM! Source=Paul Collins Startup list [desktop] Number=2759 Confirmed=X Filename=desktop.ini.vbs Description=IE-Title malware Source=Paul Collins Startup list [Desktop Architect] Number=2760 Confirmed=N Filename=DATRAY.EXE Description=Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc Source=Paul Collins Startup list [Desktop Calendar] Number=2761 Confirmed=U Filename=Desktop Calendar.exe Description=Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis" Source=Paul Collins Startup list [Desktop Plant] Number=2762 Confirmed=N Filename=AZARE10S.PLT Description=Vritual plant from here - this version is an Azalea, there are others so the filename may be different Source=Paul Collins Startup list [Desktop Search] Number=2763 Confirmed=X Filename=desktop.exe Description=iSearch "Desktop Search" hijacker Source=Paul Collins Startup list [Desktop Service Centre] Number=2764 Confirmed=N Filename=DSC.exe Description=OptusNet DSL or Dial-Up connection software Source=Paul Collins Startup list [Desktop Weather] Number=2765 Confirmed=N Filename=THE WEATHER CHANNEL.exe Description=Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc Source=Paul Collins Startup list [Desktop Weather 3] Number=2766 Confirmed=N Filename=THE WEATHER CHANNEL.exe Description=Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc Source=Paul Collins Startup list [Desktop Weather 3] Number=2767 Confirmed=N Filename=THEWEA~1.EXE Description=Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc Source=Paul Collins Startup list [DesktopIconToy] Number=2768 Confirmed=U Filename=DesktopIconToy.exe Description="Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons" Source=Paul Collins Startup list [desktopmgr] Number=2769 Confirmed=N Filename=desktopmgr.exe Description=Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry" Source=Paul Collins Startup list [DesktopUpdate] Number=2770 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [DesktopX] Number=2771 Confirmed=U Filename=DESKTOPX.EXE Description=A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking Source=Paul Collins Startup list [deskup] Number=2772 Confirmed=N Filename=deskup.exe Description=Adds Iomega Zip drive icons to the desktop Source=Paul Collins Startup list [destroyb11] Number=2773 Confirmed=X Filename=destroyb11.exe Description=Added by the DELF-KO TROJAN! Source=Paul Collins Startup list [detect] Number=2774 Confirmed=U Filename=idetect.exe Description=iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled Source=Paul Collins Startup list [detect] Number=2775 Confirmed=? Filename=turbodetect.exe Description=?? Source=Paul Collins Startup list [Detector] Number=2776 Confirmed=N Filename=detector.exe Description=USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software Source=Paul Collins Startup list [DetectorApp] Number=2777 Confirmed=U Filename=DetectorApp.exe Description=Related to Roxio MyDVD (was Sonic) DVD authoring software Source=Paul Collins Startup list [DevconDefaultDB] Number=2778 Confirmed=? Filename=READREG Description=Appears to be related to older Creative Soundblaster soundcards Source=Paul Collins Startup list [Development Environment] Number=2779 Confirmed=X Filename=devenv.exe Description=Added by the DELBOT-AH WORM! Source=Paul Collins Startup list [DEventAgent] Number=2780 Confirmed=U Filename=eventagt.exe Description=DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this Source=Paul Collins Startup list [devenv] Number=2781 Confirmed=X Filename=smvss.exe Description=Added by the DEDLER-G TROJAN! Source=Paul Collins Startup list [Device Configuration Loader] Number=2782 Confirmed=X Filename=msdvc32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Device Detector] Number=2783 Confirmed=U Filename=DevDetect.exe Description=ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically Source=Paul Collins Startup list [Device Detector 2] Number=2784 Confirmed=N Filename=DevDtct2.exe Description=Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources Source=Paul Collins Startup list [Device Hardware] Number=2785 Confirmed=X Filename=devicehnd.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Device IO System] Number=2786 Confirmed=X Filename=deviceio.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Device Manager] Number=2787 Confirmed=X Filename=wfxmgr.exe Description=Added by the RBOT.AJU WORM! Source=Paul Collins Startup list [Device Security] Number=2788 Confirmed=X Filename=dvcsecure.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Device Security Driver] Number=2789 Confirmed=X Filename=devicesec.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Device Security Manager] Number=2790 Confirmed=X Filename=dvcsecure.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [DeviceDiscovery] Number=2791 Confirmed=U Filename=hpotdd01.exe Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" Source=Paul Collins Startup list [DevicePath] Number=2792 Confirmed=X Filename=Proyecto1.exe Description=Added by the GRUEL WORM! Source=Paul Collins Startup list [DevicePath] Number=2793 Confirmed=X Filename=Root.exe Description=Added by the GRUEL WORM! Source=Paul Collins Startup list [Devices] Number=2794 Confirmed=U Filename=olesvr.exe Description=Salfeld Child Control - parental control software Source=Paul Collins Startup list [Devicewin] Number=2795 Confirmed=X Filename=[path to trojan] Description=Added by the BANKER-AEV TROJAN! Source=Paul Collins Startup list [devldr16] Number=2796 Confirmed=U Filename=devldr16.exe Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices Source=Paul Collins Startup list [devldr16.exe] Number=2797 Confirmed=U Filename=devldr16.exe Description=Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices Source=Paul Collins Startup list [Devlog] Number=2798 Confirmed=? Filename=devlog.exe Description=Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required Source=Paul Collins Startup list [dfgfdgrergd] Number=2799 Confirmed=X Filename=[path to trojan] Description=Added by the RANKY.CK TROJAN! Source=Paul Collins Startup list [DGJM] Number=2800 Confirmed=? Filename=DGJM.exe Description=?? Source=Paul Collins Startup list [dgtstart] Number=2801 Confirmed=X Filename=dgtstart.exe Description=DigitalNames.g adware Source=Paul Collins Startup list [dguard] Number=2802 Confirmed=U Filename=dguard.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [DHCP] Number=2803 Confirmed=X Filename=smss.exe Description=Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [DHCP Server] Number=2804 Confirmed=X Filename=regsvr.exe Description=Added by the RBOT-PR WORM! Source=Paul Collins Startup list [DHCP32] Number=2805 Confirmed=X Filename=services.exe Description=Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [dhcpagnt] Number=2806 Confirmed=Y Filename=dhcpagnt.exe Description=Intel DSL modem driver - leave enabled or you'll have to re-install the drivers Source=Paul Collins Startup list [DHNUXB] Number=2807 Confirmed=? Filename=DHNUXB.exe Description=?? Source=Paul Collins Startup list [diagent] Number=2808 Confirmed=N Filename=diagent.exe Description=System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs Source=Paul Collins Startup list [Diagnostic] Number=2809 Confirmed=X Filename=diagnostic.exe Description=Added by the ALPHA-C TROJAN! Source=Paul Collins Startup list [Dial22] Number=2810 Confirmed=X Filename=dlm.exe Description=Adult content dialler Source=Paul Collins Startup list [Dial33] Number=2811 Confirmed=X Filename=dlm.exe Description=Adult content dialler Source=Paul Collins Startup list [Dialer] Number=2812 Confirmed=X Filename=rundll32.exe msa32chk.dll Description=Unidentfied malware Source=Paul Collins Startup list [Dialer Control] Number=2813 Confirmed=U Filename=dc.exe Description=Dialer-Control. Detects and protects from premium rate p0rn diallers Source=Paul Collins Startup list [Dialer Detect] Number=2814 Confirmed=U Filename=dd.exe Description=DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it Source=Paul Collins Startup list [Dialgo SDK] Number=2815 Confirmed=U Filename=PhoneAnswer.exe Description=Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" Source=Paul Collins Startup list [DialNet] Number=2816 Confirmed=X Filename=mxt32.exe Description=Adult content dialler Source=Paul Collins Startup list [Dialog Box Assistant] Number=2817 Confirmed=N Filename=OSDEx.exe Description=Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders Source=Paul Collins Startup list [Dialog Helper] Number=2818 Confirmed=N Filename=PDDLGHLP.EXE Description=Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs Source=Paul Collins Startup list [DialUp Network Application] Number=2819 Confirmed=X Filename=Rnaap.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Diam prlaer] Number=2820 Confirmed=X Filename=oqedrhg.exe Description=Added by the SDBOT-DEU WORM! Source=Paul Collins Startup list [Diamondview] Number=2821 Confirmed=? Filename=Diamondview.exe Description=Manulife Financial Insurance program. Is it required at startup? Source=Paul Collins Startup list [DIECOX] Number=2822 Confirmed=X Filename=csrss.exe Description=Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Diesel] Number=2823 Confirmed=X Filename=Recalculate.exe Description=Added by the LAZAR TROJAN! Source=Paul Collins Startup list [DietK] Number=2824 Confirmed=U Filename=DietK.exe Description=Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" Source=Paul Collins Startup list [DigiCell] Number=2825 Confirmed=U Filename=DigiCell.exe Description=MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" Source=Paul Collins Startup list [DigiD] Number=2826 Confirmed=X Filename=DigitalSound.exe Description=Adware downloader Source=Paul Collins Startup list [DigiGuide] Number=2827 Confirmed=N Filename=CLIENT.EXE Description=TV guide and reminder Source=Paul Collins Startup list [DigiGuide] Number=2828 Confirmed=N Filename=client01.exe Description=TV guide and reminder Source=Paul Collins Startup list [Digisoft AntiDialer] Number=2829 Confirmed=U Filename=AntiDialer.exe Description=Digisoft AntiDialer Source=Paul Collins Startup list [DigiSrv] Number=2830 Confirmed=U Filename=DigiSrv.exe Description=Related to camera software from DigitalDreams Source=Paul Collins Startup list [Digital Dashboard] Number=2831 Confirmed=Y Filename=Apwheel.exe Description=Wheel support for an Alps mouse Source=Paul Collins Startup list [Digital Line Detect] Number=2832 Confirmed=N Filename=DLG.exe Description=Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems Source=Paul Collins Startup list [Digital Patrol Update 5] Number=2833 Confirmed=U Filename=update.exe Description=Digital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets" Source=Paul Collins Startup list [Digital River eBot] Number=2834 Confirmed=N Filename=downlo~1.exe Description=Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here Source=Paul Collins Startup list [DigitalNames] Number=2835 Confirmed=X Filename=DigitalNamesStart.exe Description=DigitalNames spyware variant Source=Paul Collins Startup list [DigitalWizard] Number=2836 Confirmed=N Filename=ISWizard.exe Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content Source=Paul Collins Startup list [DigitalWizard Monitor] Number=2837 Confirmed=N Filename=dwMon.exe Description=InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content Source=Paul Collins Startup list [DIGServices] Number=2838 Confirmed=U Filename=DIGServices Description=Created by Disney but licensed to ESPN for watching videos Source=Paul Collins Startup list [DIGServices] Number=2839 Confirmed=N Filename=DIGServices.exe Description=Created by Disney but licensed to ESPN for watching videos Source=Paul Collins Startup list [DIGStream] Number=2840 Confirmed=N Filename=digstream.exe Description=DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically Source=Paul Collins Startup list [Dimension] Number=2841 Confirmed=U Filename=Dimension.exe Description=Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol Source=Paul Collins Startup list [Dimension4] Number=2842 Confirmed=U Filename=d4.exe Description=Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down Source=Paul Collins Startup list [Dino3] Number=2843 Confirmed=X Filename=dino3.exe Description=Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result Source=Paul Collins Startup list [Dinst] Number=2844 Confirmed=X Filename=dinst.exe Description=IMIServer/IEPlugin adware Source=Paul Collins Startup list [Dir1] Number=2845 Confirmed=X Filename=caKe Description=Added by the CAKE WORM! Source=Paul Collins Startup list [Direct settings] Number=2846 Confirmed=X Filename=sdchost.exe Description=Added by the DAEMONI-I TROJAN! Source=Paul Collins Startup list [Direct Update] Number=2847 Confirmed=U Filename=DUControl.exe Description=DirectUpdate dynamic DNS updater Source=Paul Collins Startup list [Direct X Direct3D] Number=2848 Confirmed=X Filename=dxd3d.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Direct X Opengl] Number=2849 Confirmed=X Filename=dxopengl.exe Description=Added by a variant of the RBOT-CJ WORM! Source=Paul Collins Startup list [direct3d.exe] Number=2850 Confirmed=X Filename=direct3d.exe Description=Added by the CERTIF-F TROJAN! Source=Paul Collins Startup list [DirectCD] Number=2851 Confirmed=N Filename=DirectCD.exe Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Source=Paul Collins Startup list [Directory Opus Desktop Dblclk] Number=2852 Confirmed=Y Filename=dopusrt.exe Description=Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more" Source=Paul Collins Startup list [directs.exe] Number=2853 Confirmed=X Filename=directs.exe Description=Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! Source=Paul Collins Startup list [DIRECTVDSL] Number=2854 Confirmed=U Filename=Directvdsl.exe Description=Starts DirectTV DSL modem at boot up. Can also be started manually Source=Paul Collins Startup list [DirectX] Number=2855 Confirmed=X Filename=ddhelp32.exe Description=Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe Source=Paul Collins Startup list [directx] Number=2856 Confirmed=X Filename=Directx.exe Description=Added by the SDBOT.D TROJAN! Source=Paul Collins Startup list [directx] Number=2857 Confirmed=X Filename=Sqlexploit.exe Description=Added by the SDBOT.D TROJAN! Source=Paul Collins Startup list [DirectX] Number=2858 Confirmed=X Filename=DirectX.exe Description=Added by the BLAXE or LOGPOLE WORMS! Source=Paul Collins Startup list [directx] Number=2859 Confirmed=X Filename=NTCmd.exe Description=Added by the SDBOT.D TROJAN! Source=Paul Collins Startup list [directx] Number=2860 Confirmed=X Filename=PipeCmd.exe Description=Added by the SDBOT.D TROJAN! Source=Paul Collins Startup list [DirectX 32] Number=2861 Confirmed=X Filename=directx32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [DirectX Driver] Number=2862 Confirmed=X Filename=stdhost.exe Description=Added by a variant of the RBOT WORM! See here Source=Paul Collins Startup list [DirectX Driver] Number=2863 Confirmed=X Filename=stdhost.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [DirectX For Microsoft Windows] Number=2864 Confirmed=X Filename=dtxservice.exe Description=Added by the PROGENT TROJAN! Source=Paul Collins Startup list [DirectX for Microsoft Windows] Number=2865 Confirmed=X Filename=Fservice.exe Description=Added by the PRORAT TROJAN! Source=Paul Collins Startup list [DirectX for Microsoft Windows] Number=2866 Confirmed=X Filename=Sservice.exe Description=Added by the PRORAT TROJAN! Source=Paul Collins Startup list [DirectX For Microsoft? Windows] Number=2867 Confirmed=X Filename=fservice.exe Description=Added by the PRORAT-P TROJAN! Source=Paul Collins Startup list [DirectX shell driver] Number=2868 Confirmed=X Filename=[path to trojan] Description=Added by the MARKTMAN-B TROJAN! Source=Paul Collins Startup list [Directx Startup Drivers] Number=2869 Confirmed=X Filename=direct.exe Description=Detected by PCTools as the RBOT.UXL WORM! See here Source=Paul Collins Startup list [DirectX Video Driver] Number=2870 Confirmed=X Filename=dxterm5.exe Description=Added by the WILAB-A TROJAN! Source=Paul Collins Startup list [DirectX64] Number=2871 Confirmed=X Filename=DirectXset.exe Description=Added by the BROWNEY.A WORM! Source=Paul Collins Startup list [DirectX9] Number=2872 Confirmed=X Filename=direct3d.exe Description=Detected by Kaspersky as the AGENT.EDW TROJAN! See here Source=Paul Collins Startup list [DirectX9 Diag] Number=2873 Confirmed=X Filename=dx9diag.exe Description=Added by the RBOT-ALT WORM! Source=Paul Collins Startup list [Dirkey] Number=2874 Confirmed=U Filename=Dirkey.exe Description=Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders Source=Paul Collins Startup list [Disable EHCI] Number=2875 Confirmed=? Filename=nousb20.exe Description=?? Source=Paul Collins Startup list [Disc Detector] Number=2876 Confirmed=N Filename=CtNotify.exe Description=For Creative sound cards. Detects when you insert a CD, DVD, etc Source=Paul Collins Startup list [disc detector] Number=2877 Confirmed=? Filename=qnetquestnotifty.exe Description=?? Source=Paul Collins Startup list [discoveg] Number=2878 Confirmed=? Filename=discoveg.exe Description=?? Source=Paul Collins Startup list [DISCover] Number=2879 Confirmed=? Filename=DISCover.exe Description=Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required? Source=Paul Collins Startup list [DiscoverDeskshop] Number=2880 Confirmed=N Filename=Deskshop.exe Description=Discover Deskshop - single use "virtual" credit card Source=Paul Collins Startup list [DiscUpdateManager] Number=2881 Confirmed=U Filename=DiscUpdMgr.exe Description=Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games Source=Paul Collins Startup list [DiscUpdateManager] Number=2882 Confirmed=N Filename=DiscUpdateMgr.exe Description=DISCover from Digital Interactive Systems Corporation Inc. "The company?s patented Drop ?n? Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" Source=Paul Collins Startup list [DiscWizardMonitor.exe] Number=2883 Confirmed=U Filename=DiscWizardMonitor.exe Description=Seagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drives Source=Paul Collins Startup list [Disk Check] Number=2884 Confirmed=X Filename=chkdsk32.exe Description=Added by the IM TROJAN! Source=Paul Collins Startup list [Disk Cleaner] Number=2885 Confirmed=U Filename=DiskCleaner.Exe Description=Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH Source=Paul Collins Startup list [Disk Defragmentation Loader] Number=2886 Confirmed=X Filename=pmsvcr.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Disk Essensial Tools] Number=2887 Confirmed=X Filename=detsvc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Disk Keeper] Number=2888 Confirmed=X Filename=[path to trojan] Description=Added by the SMALL-VE TROJAN! Source=Paul Collins Startup list [Disk Keeper] Number=2889 Confirmed=X Filename=SECURITY.EXE Description=Daosearch adware Source=Paul Collins Startup list [Disk Manager] Number=2890 Confirmed=X Filename=diskver.exe Description=Added by the RBOT.AQT WORM! Source=Paul Collins Startup list [Disk Master] Number=2891 Confirmed=X Filename=[trojan name] Description=Added by the DISTER TROJAN! - a spam relayer Source=Paul Collins Startup list [Disk Panel Configuration] Number=2892 Confirmed=X Filename=dpcsvc.exe Description=Detected by PCTools as the IRCBOT.BSQ TROJAN! See here Source=Paul Collins Startup list [Disk Panel Setup] Number=2893 Confirmed=X Filename=npcsvc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [DiskCheck] Number=2894 Confirmed=X Filename=msdarkend.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [DiskeeperSystray] Number=2895 Confirmed=N Filename=DkIcon.exe Description=DisKeeper defragmentation software - can be started manually Source=Paul Collins Startup list [diskinf] Number=2896 Confirmed=X Filename=diskinf.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [DISKMON.EXE] Number=2897 Confirmed=? Filename=DISKMON.EXE Description=?? Source=Paul Collins Startup list [Disknag] Number=2898 Confirmed=N Filename=disknag.exe Description=Dell program that reminds you to make your backup diskettes Source=Paul Collins Startup list [Diskstart] Number=2899 Confirmed=X Filename=Code.exe Description=Adult content dialler Source=Paul Collins Startup list [Diskstart] Number=2900 Confirmed=X Filename=cat.exe Description=MS-Connect dialler Source=Paul Collins Startup list [Diskstart] Number=2901 Confirmed=X Filename=hit.exe Description=Adult content dialler Source=Paul Collins Startup list [Diskstart] Number=2902 Confirmed=X Filename=Snt.exe Description=Adult content dialler Source=Paul Collins Startup list [Disk_Monitor] Number=2903 Confirmed=U Filename=Disk_Monitor.exe Description=Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader Source=Paul Collins Startup list [disnisa] Number=2904 Confirmed=X Filename=disnisa.exe Description=Added by the DORF-AE WORM! Source=Paul Collins Startup list [Dispatcher] Number=2905 Confirmed=X Filename=dispatcher.exe Description=Added by the DLOADR-AS TROJAN! Source=Paul Collins Startup list [display] Number=2906 Confirmed=U Filename=The_Eye.exe Description=ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [Display Drivers] Number=2907 Confirmed=X Filename=cssrs.exe Description=Added by the AGOBOT.FX WORM! Source=Paul Collins Startup list [Display Settings] Number=2908 Confirmed=N Filename=hptasks.exe Description=Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers Source=Paul Collins Startup list [DisplayFusion] Number=2909 Confirmed=U Filename=DisplayFusion.exe Description=DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows" Source=Paul Collins Startup list [DisplayTrayIcon] Number=2910 Confirmed=N Filename=TrayIcon.exe Description=System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display Source=Paul Collins Startup list [Disspy] Number=2911 Confirmed=U Filename=disspy.exe Description=Disspy spyware detection and removal software Source=Paul Collins Startup list [Distiller Assistant 3.01] Number=2912 Confirmed=N Filename=DISTASST.EXE Description=From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs Source=Paul Collins Startup list [Distributed File System] Number=2913 Confirmed=X Filename=Dfsvc.exe Description=Added by the MYFIP.A or MYFIP.K WORMS! Source=Paul Collins Startup list [Distributed File System] Number=2914 Confirmed=X Filename=kernel32dll.exe Description=Added by the MYFIP-C or MYFIP.K WORMS! Source=Paul Collins Startup list [Distributed File System] Number=2915 Confirmed=X Filename=blade.exe Description=Added by the MYFIP.AC WORM! Source=Paul Collins Startup list [Distributed File System] Number=2916 Confirmed=U Filename=win.exe Description=Added by the MYFIP.AB WORM! Source=Paul Collins Startup list [distributed.net client] Number=2917 Confirmed=U Filename=DNETC.EXE Description=Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses Source=Paul Collins Startup list [Dit] Number=2918 Confirmed=Y Filename=dit.exe Description="Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found Source=Paul Collins Startup list [Dit] Number=2919 Confirmed=X Filename=dit.exe Description=Added by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [DiTask.exe] Number=2920 Confirmed=N Filename=DiTask.exe Description=Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs Source=Paul Collins Startup list [Divamon.exe] Number=2921 Confirmed=? Filename=Divamon.exe Description=Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required? Source=Paul Collins Startup list [divx] Number=2922 Confirmed=X Filename=divxenc.exe Description=Added by the SPBOT.B TROJAN! Source=Paul Collins Startup list [Divx] Number=2923 Confirmed=X Filename=codll.exe Description=Added by the GRAVEBOT-A TROJAN! Source=Paul Collins Startup list [DivX MediaPlayer 7.0] Number=2924 Confirmed=X Filename=Dr.DivX.exe Description=Added by the ALADINZ.G TROJAN! Source=Paul Collins Startup list [DivX Player] Number=2925 Confirmed=X Filename=DivXPlayer.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [DivX Updater] Number=2926 Confirmed=X Filename=DivX.Exe Description=Added by the NALDEM TROJAN or MASTAK VIRUS! Source=Paul Collins Startup list [DIVX Video Player] Number=2927 Confirmed=X Filename=DIVXPloyer.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Divx4 codec] Number=2928 Confirmed=X Filename=devldr32.exe Description=Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file Source=Paul Collins Startup list [DJREGFIX] Number=2929 Confirmed=N Filename=regedit /s c:\hpdjregfix.reg Description=DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers Source=Paul Collins Startup list [DJSNetCN] Number=2930 Confirmed=? Filename=DJSNetCN.exe Description="Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required? Source=Paul Collins Startup list [djtopr1150.exe] Number=2931 Confirmed=X Filename=djtopr1150.exe Description=WebRebates adware Source=Paul Collins Startup list [dKernel] Number=2932 Confirmed=X Filename=dKernel.exe Description=Added by the DECOY-A WORM! Source=Paul Collins Startup list [DkService] Number=2933 Confirmed=Y Filename=DkService.exe Description=From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. Source=Paul Collins Startup list [DKTime] Number=2934 Confirmed=X Filename=dktime.exe Description=Added by the LUNII TROJAN! Source=Paul Collins Startup list [Dkware lptt01] Number=2935 Confirmed=X Filename=dkware.exe Description=RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Dkware ml097e] Number=2936 Confirmed=X Filename=dkware.exe Description=RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [dkzzixm] Number=2937 Confirmed=? Filename=dkzzixm.exe Description=?? Source=Paul Collins Startup list [dla] Number=2938 Confirmed=Y Filename=tfswctrl.exe Description=Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" Source=Paul Collins Startup list [DLA] Number=2939 Confirmed=U Filename=DLACTRLW.EXE Description=Sonic CD/DVD burning applications Source=Paul Collins Startup list [DlaTray] Number=2940 Confirmed=N Filename=Dlatray.exe Description=System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" Source=Paul Collins Startup list [dlbcserv] Number=2941 Confirmed=N Filename=dlbcserv.exe Description=Related to Dell Photo Printers and provides additional configuration options for these devices Source=Paul Collins Startup list [DLBTCATS] Number=2942 Confirmed=Y Filename=rundll32 [path] DLBTtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [DLBUCATS] Number=2943 Confirmed=Y Filename=rundll32 [path] DLBUtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [DLBXCATS] Number=2944 Confirmed=Y Filename=rundll32 [path] DLBXtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [DLCCCATS] Number=2945 Confirmed=Y Filename=rundll32 [path] DLCCtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:\WINDOWS\System32\spool\drivers\W32\x86\3DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here Source=Paul Collins Startup list [dlccmon.exe] Number=2946 Confirmed=U Filename=dlccmon.exe Description=Dell Photo AIO Printer 924 device monitor Source=Paul Collins Startup list [DLCDCATS] Number=2947 Confirmed=Y Filename=rundll32 [path] DLCDtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcdmon.exe] Number=2948 Confirmed=U Filename=dlcdmon.exe Description=Dell Photo AIO Printer 944 device monitor Source=Paul Collins Startup list [DLCFCATS] Number=2949 Confirmed=Y Filename=rundll32 [path] DLCFtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [DLCGCATS] Number=2950 Confirmed=Y Filename=rundll32 [path] DLCGtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcgmon.exe] Number=2951 Confirmed=U Filename=dlcgmon.exe Description=Dell Photo AIO Printer 810 device monitor Source=Paul Collins Startup list [DLCICATS] Number=2952 Confirmed=Y Filename=rundll32 [path] DLCItime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcipscl] Number=2953 Confirmed=X Filename=dcpavss.exe Description=Added by the MAILBOT-CB TROJAN! Source=Paul Collins Startup list [DLCJCATS] Number=2954 Confirmed=Y Filename=rundll32 [path] DLCJtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcjmon.exe] Number=2955 Confirmed=U Filename=dlcjmon.exe Description=Dell Photo AIO Printer 964 device monitor Source=Paul Collins Startup list [DLCQCATS] Number=2956 Confirmed=Y Filename=rundll32 [path] DLCQtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcqmon.exe] Number=2957 Confirmed=U Filename=dlcqmon.exe Description=Dell Photo AIO Printer 964 device monitor Source=Paul Collins Startup list [DLCXCATS] Number=2958 Confirmed=Y Filename=rundll32 [path] DLCXtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [dlcxmon.exe] Number=2959 Confirmed=U Filename=dlcxmon.exe Description=Dell Photo AIO Printer 926 device monitor Source=Paul Collins Startup list [dlder] Number=2960 Confirmed=X Filename=dlder.exe Description=Dlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilities Source=Paul Collins Startup list [DlDir1] Number=2961 Confirmed=X Filename=caKe Description=Added by the CAKE WORM! Source=Paul Collins Startup list [DLForcerExe] Number=2962 Confirmed=? Filename=DLForcerEXE.exe Description=?? Source=Paul Collins Startup list [DLF_00000B00] Number=2963 Confirmed=N Filename=Vcdlf.exe Description=Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown Source=Paul Collins Startup list [DLG] Number=2964 Confirmed=N Filename=DLGCHBW.exe Description=Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates Source=Paul Collins Startup list [DLHelperEXE] Number=2965 Confirmed=N Filename=WATCH.exe Description=Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished Source=Paul Collins Startup list [DLHelperEXE.exe] Number=2966 Confirmed=X Filename=N/A Description=Downloader for Microgaming/Casino software - stealth installed Source=Paul Collins Startup list [dlhost] Number=2967 Confirmed=X Filename=dlhost.exe Description=Added by the EXPHOOK-A TROJAN! Source=Paul Collins Startup list [DLINK dfe drivers for Windows NT] Number=2968 Confirmed=X Filename=windfe.exe Description=Added by the RANDEX.AK WORM! Source=Paul Collins Startup list [DLink System Tray] Number=2969 Confirmed=U Filename=dlnetst.exe Description=Related to D-Link DGE-530T PCI card for servers and workstations Source=Paul Collins Startup list [Dlite] Number=2970 Confirmed=X Filename=dllmanager.exe Description=Added by the WOOTBOT.DN WORM! Source=Paul Collins Startup list [Dll Boot Loader on Startup (do not remove this)] Number=2971 Confirmed=X Filename=[various filenames] Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Dll Link] Number=2972 Confirmed=X Filename=svchoist.exe Description=Added by the AUTOSKY WORM! Source=Paul Collins Startup list [Dll Link] Number=2973 Confirmed=X Filename=svchost.exe Description=Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Documents and Settings\\Favourites folder Source=Paul Collins Startup list [DLL Manager] Number=2974 Confirmed=X Filename=dllmngr32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [DLL Service Manager] Number=2975 Confirmed=X Filename=[path to worm] Description=Added by the RPCBOT.F TROJAN! Source=Paul Collins Startup list [dll services] Number=2976 Confirmed=X Filename=[random filename].exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [DLL32] Number=2977 Confirmed=X Filename=dllmem32.exe Description=Added by the KWBOT.E WORM! Source=Paul Collins Startup list [DLL32] Number=2978 Confirmed=X Filename=dllhost.dll Description=Added by the SUCLOVE.A WORM! Source=Paul Collins Startup list [DllCacherv2] Number=2979 Confirmed=X Filename=dllcachev2.exe Description=Added by the LATEDA TROJAN! Source=Paul Collins Startup list [dllcvss] Number=2980 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [dlldmt] Number=2981 Confirmed=X Filename=dlldmt.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [DllExecutable] Number=2982 Confirmed=X Filename=[path to file] Description=Added by the VB-SP WORM! Source=Paul Collins Startup list [dllhelp] Number=2983 Confirmed=X Filename=dllhelp.exe Description=Added by the STARTPAGE.DQ hijacker Source=Paul Collins Startup list [dllhelp] Number=2984 Confirmed=X Filename=dllhlp.exe Description=Added by the Downloader-HI TROJAN! Source=Paul Collins Startup list [DLLHost] Number=2985 Confirmed=X Filename=dllhst.exe Description=Added by the DELBOT-AC WORM! Source=Paul Collins Startup list [dllhostxp.exe] Number=2986 Confirmed=X Filename=dllhostxp.exe Description=Browser hijacker and adware downloader Source=Paul Collins Startup list [DllLoader] Number=2987 Confirmed=X Filename=lssas.exe Description=Added by the JE WORM! Source=Paul Collins Startup list [Dlload] Number=2988 Confirmed=X Filename=killer.exe Description=Added by the KILLAV-FK TROJAN! Source=Paul Collins Startup list [dllreg] Number=2989 Confirmed=X Filename=dllreg.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [DLLService32] Number=2990 Confirmed=X Filename=dllsvc32.exe Description=Added by the AGOBOT.VX WORM! Source=Paul Collins Startup list [DLLUPDATE32] Number=2991 Confirmed=X Filename=dllupdate32.exe Description=Added by the AGOBOT.IA WORM! Source=Paul Collins Startup list [DLM.exe] Number=2992 Confirmed=N Filename=DLM.exe Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser Source=Paul Collins Startup list [dlmMgr] Number=2993 Confirmed=N Filename=AdobeDownloadManager.exe Description=Adobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible Source=Paul Collins Startup list [DLPSP] Number=2994 Confirmed=U Filename=DLPSP.EXE Description=Dell laser printer status monitor Source=Paul Collins Startup list [dlsp2mx] Number=2995 Confirmed=X Filename=dlsp2mx.exe Description=Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx" Source=Paul Collins Startup list [DLT] Number=2996 Confirmed=? Filename=dlt.exe Description=?? Source=Paul Collins Startup list [dluca] Number=2997 Confirmed=X Filename=dluca.exe Description=Added by the DLUCA.C TROJAN! Source=Paul Collins Startup list [dluxde] Number=2998 Confirmed=X Filename=dluxde.exe Description=All-In-One-Telcom (adult content dialler) variant Source=Paul Collins Startup list [Dluxjp] Number=2999 Confirmed=X Filename=Dluxjp.exe Description=Added by the DLUCA.D TROJAN! Source=Paul Collins Startup list [Dm Hr] Number=3000 Confirmed=X Filename=lpns.exe Description=Added by the IRCBOT.WORM.61673 WORM! Source=Paul Collins Startup list [DM mgr] Number=3001 Confirmed=X Filename=dm_mgr.exe Description=Added by the JITTAR TROJAN! Source=Paul Collins Startup list [dm***.exe [* = random char]] Number=3002 Confirmed=X Filename=dm***.exe [* = random char] Description=Wareout - malware masquerading as a spyware and dialer remover Source=Paul Collins Startup list [DMAScheduler] Number=3003 Confirmed=N Filename=DMAScheduler.exe Description=Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [DMC] Number=3004 Confirmed=X Filename=dmc.exe Description=Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! Source=Paul Collins Startup list [DMHotKey] Number=3005 Confirmed=U Filename=DMLoader.exe Description=HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1 Source=Paul Collins Startup list [DMILDR] Number=3006 Confirmed=N Filename=dmildr.exe Description=Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs Source=Paul Collins Startup list [DMISL] Number=3007 Confirmed=N Filename=DMISL.EXE Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information Source=Paul Collins Startup list [DMISLAPP] Number=3008 Confirmed=N Filename=DMISLAPP.exe Description=DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information Source=Paul Collins Startup list [dmjay] Number=3009 Confirmed=? Filename=dmjay.exe Description=?? Source=Paul Collins Startup list [dmloader] Number=3010 Confirmed=X Filename=dmloader.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Dmsvc32] Number=3011 Confirmed=X Filename=Dmsvc32.exe Description=Added by the AGOBOT.ABU WORM! Source=Paul Collins Startup list [dmtdll] Number=3012 Confirmed=X Filename=dmtdll.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [DmwClient] Number=3013 Confirmed=U Filename=dmwclient.exe Description=DMW "anti-cheating" software for online gaming Source=Paul Collins Startup list [DMXLauncher] Number=3014 Confirmed=U Filename=DMXLauncher.exe Description=Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files Source=Paul Collins Startup list [dm[3 random letters].exe] Number=3015 Confirmed=X Filename=dm[3 random letters].exe Description=Added by the RUINDEM TROJAN! Source=Paul Collins Startup list [DM_server] Number=3016 Confirmed=X Filename=dmserver.exe Description=Comet Cursor adware Source=Paul Collins Startup list [dm_service] Number=3017 Confirmed=X Filename=[path to file] Description=Added by the MITGLIEDER.P TROJAN! Source=Paul Collins Startup list [dnam] Number=3018 Confirmed=X Filename=d140113.a.Stub.EXE Description=Added by the STUB_A TROJAN! Source=Paul Collins Startup list [Dnar] Number=3019 Confirmed=N Filename=Dnar.exe Description=Installed on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do? Source=Paul Collins Startup list [DNE Binding Watchdog] Number=3020 Confirmed=Y Filename=rundll dnes.dll, DnDneCheckBindings Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work Source=Paul Collins Startup list [DNE DUN Watchdog] Number=3021 Confirmed=Y Filename=rundll dnes.dll, DnDneCheckDUN13 Description=Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work Source=Paul Collins Startup list [DNHelper32] Number=3022 Confirmed=X Filename=DNHlp32.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [DNS] Number=3023 Confirmed=X Filename=mc-58-12-0000080.exe Description=Shorty adware - also detected as the AGENT.FD TROJAN! Source=Paul Collins Startup list [DNS] Number=3024 Confirmed=X Filename=mc-58-12-0000093.exe Description=Shorty adware - also detected as the AGENT.FD TROJAN! Source=Paul Collins Startup list [DNS] Number=3025 Confirmed=X Filename=mc-110-12-0000079.exe Description=Shorty adware - also detected as the AGENT.FD TROJAN! Source=Paul Collins Startup list [DNS] Number=3026 Confirmed=X Filename=mc-58-12-0000120.exe Description=Shorty adware - also detected as the AGENT.FD TROJAN! Source=Paul Collins Startup list [DNS] Number=3027 Confirmed=X Filename=mc-58-12-0000140.exe Description=Shorty adware - also detected as the AGENT.FD TROJAN! Source=Paul Collins Startup list [DNS] Number=3028 Confirmed=X Filename=[worm filename] Description=Added by the CQG WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Common Files folder Source=Paul Collins Startup list [Dns Resolver] Number=3029 Confirmed=X Filename=dnsrslve.exe Description=Added by the RBOT-WS WORM! Source=Paul Collins Startup list [DNS Service] Number=3030 Confirmed=X Filename=dnsresolver.exe Description=Added by the RBOT-PQ WORM! Source=Paul Collins Startup list [DNS Service] Number=3031 Confirmed=X Filename=dnssvc.exe Description=Added by the DELBOT-Z WORM! Source=Paul Collins Startup list [DNS2GoClient] Number=3032 Confirmed=? Filename=dns2goclient.exe Description=DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required? Source=Paul Collins Startup list [DNS7reminder] Number=3033 Confirmed=N Filename=Ereg.exe Ereg.ini Description=ScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7 Source=Paul Collins Startup list [DNSCacheBoost] Number=3034 Confirmed=X Filename=dnsping.exe Description=Added by the DNSBUST-A TROJAN! Source=Paul Collins Startup list [dnscleaner] Number=3035 Confirmed=X Filename=dnscleaner.exe Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [dnse] Number=3036 Confirmed=X Filename=dnse.exe Description=WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here Source=Paul Collins Startup list [DNXVC] Number=3037 Confirmed=? Filename=dnxvc.exe Description=?? Source=Paul Collins Startup list [doc] Number=3038 Confirmed=X Filename=doc.exe Description=Added by the AGOBOT-BJ WORM! Source=Paul Collins Startup list [DocTor] Number=3039 Confirmed=X Filename=Doctor.exe Description=Added by the DOTOR.A WORM! Source=Paul Collins Startup list [Doctor Antivirus 2008] Number=3040 Confirmed=X Filename=antvr.exe Description=Doctor Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [DocuMagix Init] Number=3041 Confirmed=N Filename=PWATCH.EXE Description=PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed Source=Paul Collins Startup list [Document Manager] Number=3042 Confirmed=U Filename=docmgr.exe Description=Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption" Source=Paul Collins Startup list [Doggy Style] Number=3043 Confirmed=X Filename=MsPMSPSd.exe Description=Added by the SDBOT-AAP WORM! Source=Paul Collins Startup list [DOGStart] Number=3044 Confirmed=X Filename=GSDOGST.EXE Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS Source=Paul Collins Startup list [Doing] Number=3045 Confirmed=? Filename=doing.exe Description=?? Source=Paul Collins Startup list [doit.exe] Number=3046 Confirmed=X Filename=doit.exe Description=Added by the FORBOT-EK WORM! Source=Paul Collins Startup list [Domain Name Resolve Service] Number=3047 Confirmed=X Filename=dnsresolver.exe Description=Added by the KIMAN.A WORM! Source=Paul Collins Startup list [DomPlayer Service] Number=3048 Confirmed=X Filename=wakeservice.exe Description=DomPlayer adware Source=Paul Collins Startup list [Don't Panic] Number=3049 Confirmed=U Filename=dontpanicdemodp.exe Description=30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite." Source=Paul Collins Startup list [Don't Panic Pop-Up Stopper] Number=3050 Confirmed=U Filename=dpps2.exe Description=Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group Source=Paul Collins Startup list [Don't Panic!] Number=3051 Confirmed=U Filename=DP.EXE Description=Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" Source=Paul Collins Startup list [Dopus] Number=3052 Confirmed=U Filename=dopus.exe Description=Directory Opus - a file manager from GPSoft Source=Paul Collins Startup list [DoroServer] Number=3053 Confirmed=N Filename=DoroServer.exe Description=Doro PDF Writer from The SZ Development. All what you need for creating pdf files Source=Paul Collins Startup list [dos] Number=3054 Confirmed=X Filename=dos64.exe Description=Adware downloader trojan Source=Paul Collins Startup list [Dos Prompt Loader] Number=3055 Confirmed=X Filename=cygwin.exe Description=Added by the SDBOT-VV WORM! Source=Paul Collins Startup list [Dosbat] Number=3056 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [Dot1XCfg] Number=3057 Confirmed=X Filename=Dot1XCfg.exe Description=Detected by PCTools as Maxfiles adware - see here Source=Paul Collins Startup list [DoubleDesktop] Number=3058 Confirmed=U Filename=dd.exe Description="DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" Source=Paul Collins Startup list [DoUWantIt] Number=3059 Confirmed=N Filename=duwi.exe Description=DoUWantIt - online shopping assistant. Start it manually Source=Paul Collins Startup list [Dowmingzu] Number=3060 Confirmed=X Filename=Dowmingzu.dll.vbs Description=Added by the SOLOW-E WORM! Source=Paul Collins Startup list [down] Number=3061 Confirmed=X Filename=hlp32.exe Description=Added by the DLOADER.BG TROJAN! Source=Paul Collins Startup list [down] Number=3062 Confirmed=X Filename=[trojan filename] Description=Added by the Small-QJ TROJAN! Source=Paul Collins Startup list [Down2Home] Number=3063 Confirmed=U Filename=Down2Home.exe Description=Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" Source=Paul Collins Startup list [Download Accelerator Manager Free Edition] Number=3064 Confirmed=N Filename=dam.exe Description=Download Accelerator Manager Free Edition from Tensons Corp Source=Paul Collins Startup list [Download Accelerator Plus 5.0] Number=3065 Confirmed=N Filename=DAP.exe Description=Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based Source=Paul Collins Startup list [Download Plus] Number=3066 Confirmed=X Filename=DownloadPlus.exe Description=DownloadPlus adware Source=Paul Collins Startup list [Download Wonder] Number=3067 Confirmed=N Filename=DownloadWonder.exe Description=Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features Source=Paul Collins Startup list [DownloadAccelerator] Number=3068 Confirmed=N Filename=DAP.EXE Description=Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based Source=Paul Collins Startup list [DownloadLegalMusic] Number=3069 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [DownloadMP3] Number=3070 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [DownloadWare] Number=3071 Confirmed=X Filename=dw.exe Description=DownloadWare adware Source=Paul Collins Startup list [DownloadWare Engine] Number=3072 Confirmed=N Filename=gra.exe Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility Source=Paul Collins Startup list [Downxz] Number=3073 Confirmed=X Filename=Downxz.bat Description=Added by the MYDOOM.W WORM Source=Paul Collins Startup list [DPAgnt] Number=3074 Confirmed=N Filename=DPAgnt.exe Description=digitalPersona fingerprint scanner Source=Paul Collins Startup list [DPAS] Number=3075 Confirmed=U Filename=DPASNT.exe Description=DefenderPro AntiSpy - spyware remover Source=Paul Collins Startup list [DPASUpdate] Number=3076 Confirmed=U Filename=DPASAutUpdate.exe Description=Automatic updates for DefenderPro AntiSpy - spyware remover Source=Paul Collins Startup list [DPASUpdate] Number=3077 Confirmed=U Filename=DPASAutoUpdate.exe Description=Defender Pro Antispy Source=Paul Collins Startup list [Dpcnav] Number=3078 Confirmed=Y Filename=dpcnav.exe Description=DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access Source=Paul Collins Startup list [DPConfig] Number=3079 Confirmed=N Filename=DPConfig.exe Description=Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed Source=Paul Collins Startup list [dpcproxy] Number=3080 Confirmed=X Filename=dpcproxy.exe Description=Added by the GOLDENP-A TROJAN! Source=Paul Collins Startup list [DPCProxyLoadOnStartup] Number=3081 Confirmed=Y Filename=dpcstart.exe Description=DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access Source=Paul Collins Startup list [Dpcstart] Number=3082 Confirmed=Y Filename=dpcstart.exe Description=DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access Source=Paul Collins Startup list [dpi] Number=3083 Confirmed=X Filename=dpi.exe Description=Delfin Media Viewer or "Promulgate" adware Source=Paul Collins Startup list [dpnsvr32] Number=3084 Confirmed=X Filename=dpnsvr32.exe Description=Added by the AOLPASS-B TROJAN! Source=Paul Collins Startup list [dpps2] Number=3085 Confirmed=U Filename=dpps2.exe Description=Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group Source=Paul Collins Startup list [dps] Number=3086 Confirmed=X Filename=dps.exe Description=SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" Source=Paul Collins Startup list [dptracker] Number=3087 Confirmed=N Filename=dptracker.exe Description=CamTrack webcam software that enhances the way people video chat Source=Paul Collins Startup list [DpUtil] Number=3088 Confirmed=U Filename=TEDTray.exe Description=Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device Source=Paul Collins Startup list [Drag'n'Drop_Autolaunch] Number=3089 Confirmed=N Filename=Autolaunch.exe Description=Iomega HotBurn - CD-RW burning software Source=Paul Collins Startup list [DragDrop] Number=3090 Confirmed=? Filename=DragDrop.exe Description=?? Source=Paul Collins Startup list [DragnDrop_Autolaunch] Number=3091 Confirmed=N Filename=Autolaunch.exe Description=Iomega HotBurn - CD-RW burning software Source=Paul Collins Startup list [DRam Monitor 23] Number=3092 Confirmed=X Filename=tskman3.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [DRam prmaessor] Number=3093 Confirmed=X Filename=[random filename] Description=Added by the RBOT.CSG WORM! Source=Paul Collins Startup list [DRam prosesor] Number=3094 Confirmed=X Filename=[random filename] Description=Added by the SPYBOT.EE WORM! Source=Paul Collins Startup list [DRam prosessor] Number=3095 Confirmed=X Filename=[random filename] Description=Added by the RBOT.CSG WORM! Source=Paul Collins Startup list [DRam prosessor] Number=3096 Confirmed=X Filename=plscd.exe Description=Added by the RBOT.CYA WORM! Source=Paul Collins Startup list [DRam prosessor] Number=3097 Confirmed=X Filename=HWAPI.exe Description=Added by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filename Source=Paul Collins Startup list [DRam prosessor] Number=3098 Confirmed=X Filename=WindowsUpdate.exe Description=Added by the RBOT-BBZ WORM! Source=Paul Collins Startup list [DRam prosessor] Number=3099 Confirmed=X Filename=msupdate.exe Description=Added by the DELF-FAW TROJAN! Source=Paul Collins Startup list [DRam rar proc] Number=3100 Confirmed=X Filename=winupdaterar.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [DRam rare proc] Number=3101 Confirmed=X Filename=updaterarwin.exe Description=Added by the RBOT-GQW WORM! Source=Paul Collins Startup list [DRan posessor] Number=3102 Confirmed=X Filename=DAP.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [DrCache] Number=3103 Confirmed=X Filename=MSTDC.EXE Description=Added by the JM TROJAN! Source=Paul Collins Startup list [dreams] Number=3104 Confirmed=X Filename=server.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [DrefIW] Number=3105 Confirmed=X Filename=SysDrefIWv2.exe Description=Added by the DREF-C WORM! Source=Paul Collins Startup list [DrefIW] Number=3106 Confirmed=X Filename=SysDref.exe Description=Added by the DREF-D WORM! Source=Paul Collins Startup list [dregfix] Number=3107 Confirmed=? Filename=ph_finder.exe Description=?? Source=Paul Collins Startup list [DrgToDsc] Number=3108 Confirmed=N Filename=DrgToDsc.exe Description=Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly Source=Paul Collins Startup list [dried.exe] Number=3109 Confirmed=? Filename=dried.exe Description=?? Source=Paul Collins Startup list [drin] Number=3110 Confirmed=X Filename=[path to trojan] Description=Added by the SMALL.DPB TROJAN! Source=Paul Collins Startup list [DriveCleaner 2006 Free] Number=3111 Confirmed=X Filename=UDC2006.exe Description=DriveCleaner rogue security software - not recommended, see here Source=Paul Collins Startup list [DriveCleaner Free] Number=3112 Confirmed=X Filename=UDC.exe Description=DriveCleaner misleading security program - not recommended, see here Source=Paul Collins Startup list [DriveIcons] Number=3113 Confirmed=U Filename=DriveIcon.exe Description=Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers Source=Paul Collins Startup list [DriveLED] Number=3114 Confirmed=U Filename=OODLed.exe Description=O&O DriveLED - hard disk monitoring and crash prevention Source=Paul Collins Startup list [Driver] Number=3115 Confirmed=X Filename=gbot.exe Description=Added by the JUNTADOR.K TROJAN! Source=Paul Collins Startup list [Driver32] Number=3116 Confirmed=X Filename=Scam32.exe Description=Added by the SIRCAM WORM! Source=Paul Collins Startup list [DriverCheck] Number=3117 Confirmed=X Filename=svchost.exe Description=Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder Source=Paul Collins Startup list [DriverDB] Number=3118 Confirmed=X Filename=svcmdx32.exe Description=Added by the BERPI TROJAN! Source=Paul Collins Startup list [DriverLoad] Number=3119 Confirmed=X Filename=svchost.exe Description=Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:\DriverLoad folder Source=Paul Collins Startup list [DriverMagicLogon] Number=3120 Confirmed=U Filename=dmschedule.exe Description=Part of DriverMagic - "the easiest way to locate device drivers" Source=Paul Collins Startup list [DriverMax] Number=3121 Confirmed=N Filename=devices.exe Description=DriverMax from Innovative Solutions - "a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other" Source=Paul Collins Startup list [DriverModule] Number=3122 Confirmed=X Filename=csrnvrt.exe Description=Added by the IRCBOT.I TROJAN! Source=Paul Collins Startup list [DriverPath] Number=3123 Confirmed=X Filename=system32.exe Description=Added by the PRORAT-S TROJAN! Source=Paul Collins Startup list [Drivers for Internet Explorer] Number=3124 Confirmed=X Filename=accesweb.exe Description=Added by freewebs.com hijacker! Source=Paul Collins Startup list [DriveSelect] Number=3125 Confirmed=N Filename=driveselect.exe Description=DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs Source=Paul Collins Startup list [drkly16j] Number=3126 Confirmed=U Filename=rundll32.exe drkly16j.dll, ServiceCheck Description=KidsWatch Time Control parental control software Source=Paul Collins Startup list [DRM Upgrade] Number=3127 Confirmed=X Filename=drmupgd.exe Description=Detected by Trend Micro as the IRCBOT.AWU BACKDOOR! See here Source=Paul Collins Startup list [dRMON SmartAgent] Number=3128 Confirmed=U Filename=SmartAgt.exe Description=Part of the network monitoring program group for 3Com NIC cards. See here for more info Source=Paul Collins Startup list [drmsrv32] Number=3129 Confirmed=X Filename=stmhosts.exe Description=Added by the AGENT.AGWU TROJAN! Source=Paul Collins Startup list [drmu] Number=3130 Confirmed=X Filename=W95Mm.exe Description=Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise Source=Paul Collins Startup list [Drmupgds] Number=3131 Confirmed=X Filename=Drmupgds.exe Description=Detected by PCTools as Maxfiles adware - see here Source=Paul Collins Startup list [drocher] Number=3132 Confirmed=X Filename=d.exe Description=Adult content dialler Source=Paul Collins Startup list [DropSpam Lifestyle] Number=3133 Confirmed=X Filename=dslifestyle.exe Description=Dropspam adware Source=Paul Collins Startup list [drvddll.exe] Number=3134 Confirmed=X Filename=drvddll.exe Description=Added by the BEAGLE.AP WORM! Source=Paul Collins Startup list [Drvddll_exe] Number=3135 Confirmed=X Filename=drvddll.exe Description=Added by the BEAGLE.X WORM! Source=Paul Collins Startup list [DrvIcon] Number=3136 Confirmed=U Filename=DrvIcon.exe Description="Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar" Source=Paul Collins Startup list [DrvListnr] Number=3137 Confirmed=? Filename=DrvListnr.exe Description=Analog Devices SoundMAX soundcard related. What does it do and is it required? Source=Paul Collins Startup list [drvlsnr] Number=3138 Confirmed=U Filename=drvlsnr.exe Description=Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly Source=Paul Collins Startup list [DrvMon.exe] Number=3139 Confirmed=U Filename=DrvMon.exe Description=Alcor drive monitor software Source=Paul Collins Startup list [drvnetw] Number=3140 Confirmed=X Filename=drvnetw.exe Description=Added by the BROGGER-B TROJAN! Source=Paul Collins Startup list [drvr32h] Number=3141 Confirmed=X Filename=drvr32h.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [drvrmanager] Number=3142 Confirmed=X Filename=drvrquery32.exe Description=Added by the BOOHOO WORM! Source=Paul Collins Startup list [drvsys.exe] Number=3143 Confirmed=X Filename=drvsys.exe Description=Added by the BEAGLE.W WORM! Source=Paul Collins Startup list [drvsyskit] Number=3144 Confirmed=X Filename=hidr.exe Description=Added by the BAGLE.HR WORM! Source=Paul Collins Startup list [drvupd] Number=3145 Confirmed=X Filename=rundll32 ..drvupd.inf Description=Hijacker - drvupd.inf file installs a "searchforge.com" hijack Source=Paul Collins Startup list [drv_st_key] Number=3146 Confirmed=X Filename=hidn.exe Description=Added by the BEAGLE.FF WORM! Source=Paul Collins Startup list [DrWatson] Number=3147 Confirmed=X Filename=drwatson_.exe Description=Added by the LOHAV-S TROJAN! Source=Paul Collins Startup list [DrWatson] Number=3148 Confirmed=X Filename=drwatson_32.exe Description=Added by the LOHAV-S TROJAN! Source=Paul Collins Startup list [DrWeb Antivirus] Number=3149 Confirmed=X Filename=DRWEBAV.EXE Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Drwebscheduler] Number=3150 Confirmed=Y Filename=Drwebscd.exe Description=DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem Source=Paul Collins Startup list [DR_S] Number=3151 Confirmed=X Filename=DR_S.exe Description=AdShooter adware Source=Paul Collins Startup list [ds] Number=3152 Confirmed=X Filename=ds.exe Description=Added by the SPYMON TROJAN! Source=Paul Collins Startup list [DS Clock] Number=3153 Confirmed=U Filename=dsclock.exe Description=Digital desktop clock including synchronization with atomic servers - see here Source=Paul Collins Startup list [dsa] Number=3154 Confirmed=X Filename=dsa.exe Description=Homepage hijacker - redirecting to downseek.com Source=Paul Collins Startup list [DSAcass] Number=3155 Confirmed=X Filename=[path to file] Description=Added by the RANKY.M TROJAN! Source=Paul Collins Startup list [dsadlsa14] Number=3156 Confirmed=X Filename=dsakfsak14.exe Description=Added by the ONLINEG-P TROJAN! Source=Paul Collins Startup list [DSB] Number=3157 Confirmed=X Filename=DSB.exe Description=EnergyPlugin adware Source=Paul Collins Startup list [dscactivate] Number=3158 Confirmed=U Filename=dsca.exe Description=Dell Support Agent offers additional support and update features for your Dell computer or laptop Source=Paul Collins Startup list [dsd] Number=3159 Confirmed=X Filename=zz.exe Description=Added by the RBOT-FOX WORM! Source=Paul Collins Startup list [DSentry] Number=3160 Confirmed=N Filename=DSentry.exe Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts Source=Paul Collins Startup list [Dsi] Number=3161 Confirmed=X Filename=dp-******.exe Description=Added by an unidentified adware where ****** are random characters Source=Paul Collins Startup list [Dsi] Number=3162 Confirmed=X Filename=dp-him.exe Description=Added by the MULTIDR-AH TROJAN! Source=Paul Collins Startup list [Dskcompat] Number=3163 Confirmed=X Filename=Dskcompat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [DSKEY] Number=3164 Confirmed=U Filename=DsKey.exe Description=Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers Source=Paul Collins Startup list [DSKEY] Number=3165 Confirmed=X Filename=[path to trojan] Description=Added by the STARTER-G TROJAN! Source=Paul Collins Startup list [DSL Monitor] Number=3166 Confirmed=N Filename=spdstrm.exe Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray Source=Paul Collins Startup list [DSLagentexe] Number=3167 Confirmed=Y Filename=DSLagent.exe Description=Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection Source=Paul Collins Startup list [dslmon] Number=3168 Confirmed=Y Filename=dslmon.exe Description=Sagem DSL modem related. Apparently needed to detect the modem Source=Paul Collins Startup list [DSLSTATEXE] Number=3169 Confirmed=U Filename=dslstat.exe Description=System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) Source=Paul Collins Startup list [DsmSer] Number=3170 Confirmed=X Filename=dsm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [DsmSer] Number=3171 Confirmed=X Filename=msmpatch.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [DsmSer] Number=3172 Confirmed=X Filename=svosm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [DsmSer] Number=3173 Confirmed=X Filename=sysup.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [DsplObjects] Number=3174 Confirmed=X Filename=windspl.exe Description=Added by the BEAGLE.DN WORM! Source=Paul Collins Startup list [DSS] Number=3175 Confirmed=X Filename=dssagent.exe Description=DSSAgent by Br?derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info Source=Paul Collins Startup list [DSS] Number=3176 Confirmed=X Filename=[path to trojan] Description=Added by the DSSDOOR-C TROJAN! Source=Paul Collins Startup list [DSService] Number=3177 Confirmed=X Filename=dmrss.exe Description=Added by the AGOBOT-XX WORM! Source=Paul Collins Startup list [DSSSGENS] Number=3178 Confirmed=? Filename=dssagens.exe Description=?? Source=Paul Collins Startup list [dstiosys] Number=3179 Confirmed=X Filename=plsitctl.exe Description=Added by the MAILBOT-BX TROJAN! Source=Paul Collins Startup list [DSystemDriver] Number=3180 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [DT HPW] Number=3181 Confirmed=U Filename=DTHtml.exe Description=Display Tune from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP Source=Paul Collins Startup list [DU Meter] Number=3182 Confirmed=N Filename=DUMETER.EXE Description=Hagel Technologies internet bandwidth monitor Source=Paul Collins Startup list [DualCoreCenter] Number=3183 Confirmed=U Filename=StartUpDualCoreCenter.exe Description=Unified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chip Source=Paul Collins Startup list [duck] Number=3184 Confirmed=X Filename=duck.exe Description=Added by the AGOBOT-AVG WORM! Source=Paul Collins Startup list [Dulux WeatherShield WeatherDesk] Number=3185 Confirmed=N Filename=weather.exe Description=Dulux WeatherShield WeatherDesk - latest weather information from across Australia Source=Paul Collins Startup list [Dumeter Services] Number=3186 Confirmed=X Filename=dumeter.exe Description=Added by the SDBOT-AEQ WORM! Source=Paul Collins Startup list [dumprep] Number=3187 Confirmed=X Filename=spoolc.exe Description=Detected by Kaspersky as a variant of the AGENT.CXF TROJAN! Source=Paul Collins Startup list [dumprep 0 -k] Number=3188 Confirmed=N Filename=dumprep 0 -k Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out Source=Paul Collins Startup list [dumprep 0 -u] Number=3189 Confirmed=N Filename=dumprep 0 -u Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out Source=Paul Collins Startup list [DUN_SERVICES3] Number=3190 Confirmed=X Filename=dun3.exe Description=Added by the SOKIRON TROJAN! Source=Paul Collins Startup list [Duweculey] Number=3191 Confirmed=X Filename=yujixit.exe Description=Added by the SDBOT.BRP WORM! Source=Paul Collins Startup list [Duwee wong Cerbon] Number=3192 Confirmed=X Filename=Cirebons.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [DVD Upgrade] Number=3193 Confirmed=X Filename=dvdupgd.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [dvd43] Number=3194 Confirmed=N Filename=DVD43_Tray.exe Description=DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies" Source=Paul Collins Startup list [DVD43] Number=3195 Confirmed=U Filename=DVD43.exe Description=DVD43 is a small tool that overrides CSS copy-protection found on DVD movies Source=Paul Collins Startup list [dvd98] Number=3196 Confirmed=X Filename=windvd98.exe Description=Added by the CULT.P WORM! Source=Paul Collins Startup list [DVD@ccess] Number=3197 Confirmed=N Filename=DVDAccess.exe Description=Part of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer" Source=Paul Collins Startup list [DVDBitSet] Number=3198 Confirmed=U Filename=DVDBitSet.exe Description=DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used Source=Paul Collins Startup list [DVDCheck] Number=3199 Confirmed=? Filename=DVDCheck.exe Description=Related to an Intervideo program. What does it do and is it required in startup? Source=Paul Collins Startup list [Dvdcompat] Number=3200 Confirmed=X Filename=Dvdcompat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [DVDLauncher] Number=3201 Confirmed=N Filename=DVDLauncher.exe Description=Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion Source=Paul Collins Startup list [DVDSentry] Number=3202 Confirmed=N Filename=DSentry.exe Description=Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts Source=Paul Collins Startup list [DVDTray] Number=3203 Confirmed=N Filename=DVDTray.exe Description=HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware Source=Paul Collins Startup list [DVDUpgrade] Number=3204 Confirmed=N Filename=DVDUpgrd.exe Description=Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs Source=Paul Collins Startup list [DVDXGhost] Number=3205 Confirmed=N Filename=DVDGhost.EXE Description=DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" Source=Paul Collins Startup list [dvHighMem] Number=3206 Confirmed=U Filename=cfgmng32.exe Description=Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use Source=Paul Collins Startup list [Dvp95] Number=3207 Confirmed=Y Filename=Dvp95.exe Description=Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine Source=Paul Collins Startup list [dvpapi9x] Number=3208 Confirmed=Y Filename=DVPAPI9X.exe Description=Command AntiVirus for Windows 95/98/Me Source=Paul Collins Startup list [DvpInitExe] Number=3209 Confirmed=Y Filename=Dvpinit.exe Description=Command Antivirus related Source=Paul Collins Startup list [dvprpt] Number=3210 Confirmed=Y Filename=Dvprpt.exe Description=Command Antivirus related Source=Paul Collins Startup list [dvraudio] Number=3211 Confirmed=X Filename=dvraudio.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [dvsfss] Number=3212 Confirmed=X Filename=fbsfsdrs.exe Description=Added by the SDBOT-QA WORM! Source=Paul Collins Startup list [DVSync] Number=3213 Confirmed=U Filename=dvsync.exe Description=DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC Source=Paul Collins Startup list [DvVideo32] Number=3214 Confirmed=X Filename=dvvid32.exe Description=Detected by Trend Micro as the TINY.FD TROJAN! See here Source=Paul Collins Startup list [Dvx] Number=3215 Confirmed=X Filename=wsxsvc.exe Description=Delfin Media Viewer or "Promulgate" adware variant Source=Paul Collins Startup list [dw] Number=3216 Confirmed=X Filename=dw.exe Description=DownloadWare adware Source=Paul Collins Startup list [DW4] Number=3217 Confirmed=N Filename=Weather.exe Description=Desktop Weather Source=Paul Collins Startup list [DW4] Number=3218 Confirmed=N Filename=DesktopWeather.exe Description=Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc Source=Paul Collins Startup list [DWHeartbeatMonitor] Number=3219 Confirmed=U Filename=DWHeartbeatMonitor.exe Description=DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference Source=Paul Collins Startup list [DwlClient] Number=3220 Confirmed=? Filename=Ati2cwxx.exe Description=For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it Source=Paul Collins Startup list [DWQueuedReporting] Number=3221 Confirmed=Y Filename=dwtrig20.exe Description=Related to System Event Notification Services from Microsoft. Required for Efficient Mobile Network Computing Source=Paul Collins Startup list [dwStart] Number=3222 Confirmed=N Filename=FireWall.exe Description=The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm Source=Paul Collins Startup list [DW_Start] Number=3223 Confirmed=X Filename=rwwnw64d.exe Description=Identified as a variant of the AdWare.Win32.ZenoSearch.am malware Source=Paul Collins Startup list [Dx] Number=3224 Confirmed=X Filename=sys*.exe [* = random number] Description=Added by the DEXTER.A WORM! Source=Paul Collins Startup list [Dx8compat] Number=3225 Confirmed=X Filename=Dx8compat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [dxdiag diagnose] Number=3226 Confirmed=X Filename=msidxdia.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [dxdiags.exe] Number=3227 Confirmed=X Filename=dxdiags.exe Description=Added by the CERTIF-G TROJAN! Source=Paul Collins Startup list [DxDialog] Number=3228 Confirmed=X Filename=dxdlg32.exe Description=Added by the VB-CXT TROJAN! Source=Paul Collins Startup list [dxdll32] Number=3229 Confirmed=X Filename=ntxdll.exe Description=Added by the GAOBOT.CPX WORM! Source=Paul Collins Startup list [DXDllRegExe] Number=3230 Confirmed=N Filename=dxdllreg.exe Description=Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it Source=Paul Collins Startup list [DxLoad] Number=3231 Confirmed=X Filename=DX3DRndr.exe Description=Added by the GIBE.B WORM! Source=Paul Collins Startup list [DXM6Patch_981116] Number=3232 Confirmed=N Filename=p_981116.exe Description=Win32 cabinet self extractor. More info here Source=Paul Collins Startup list [dxmsrv] Number=3233 Confirmed=X Filename=dxmsrv.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Dxsty] Number=3234 Confirmed=X Filename=Dxsty.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Dxupdate.exe] Number=3235 Confirmed=X Filename=Dxupdate.exe Description=Added by the MAFEG WORM! Source=Paul Collins Startup list [dxvid] Number=3236 Confirmed=X Filename=dxvid.exe Description=Added by the DLUCA-Y TROJAN! Source=Paul Collins Startup list [DyFuCA] Number=3237 Confirmed=X Filename=optimize.exe Description=Adult content dialler - see here Source=Paul Collins Startup list [DyFuCA Active Alert] Number=3238 Confirmed=X Filename=actalert.exe Description=Adult content dialler - see here Source=Paul Collins Startup list [Dynamic DHCP] Number=3239 Confirmed=X Filename=dydhcp.exe Description=Added by the RINBOT.B TROJAN! Source=Paul Collins Startup list [Dynamic Dns Binary] Number=3240 Confirmed=X Filename=dynitora.exe Description=Added by the RBOT-WT WORM! Source=Paul Collins Startup list [Dynamic Dns Binary] Number=3241 Confirmed=X Filename=CMD16.EXE Description=Added by the RBOT-XM WORM! Source=Paul Collins Startup list [Dynamic Dns Binary] Number=3242 Confirmed=X Filename=winxp34.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Dynamic Dns Binary] Number=3243 Confirmed=X Filename=WinHelpcfn.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Dynamic Link Library loader] Number=3244 Confirmed=X Filename=Loader32.exe Description=Added by the KOL TROJAN! Source=Paul Collins Startup list [DynDNS Updater] Number=3245 Confirmed=U Filename=DynDNS.exe Description=Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org Source=Paul Collins Startup list [DynDNS-Updater Traytool] Number=3246 Confirmed=N Filename=ddutray.exe Description=DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually Source=Paul Collins Startup list [DynHttp Dns Binary] Number=3247 Confirmed=X Filename=dynizari.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [DynSite] Number=3248 Confirmed=U Filename=DynSite.exe Description=DynSite - dynamic DNS client, also called an automatic IP updater Source=Paul Collins Startup list [Dynu Basic Client] Number=3249 Confirmed=U Filename=dynubas.exe Description=Dynu online dynamic IP update client. Useful when using a dial up modem Source=Paul Collins Startup list [DZKillMe] Number=3250 Confirmed=? Filename=DZSAVEME.EXE Description=?? Source=Paul Collins Startup list [D_V_T] Number=3251 Confirmed=U Filename=dvt.exe Description=DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment" Source=Paul Collins Startup list [D_V_T] Number=3252 Confirmed=? Filename=dvt.exe Description=Installation could be a crack/hack to NOD32 here. Seen and removed in many logs. Investigate it further and if this file is present C:\d_v_t.reg then it should be fixed. Not to be confused with the DICOM entry here. Both files are located in the Windows/Windir directory Source=Paul Collins Startup list [E-Card] Number=3253 Confirmed=X Filename=ecard.exe Description=Added by the YODI WORM! Source=Paul Collins Startup list [E-color] Number=3254 Confirmed=U Filename=IconMgr.Exe Description=Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program Source=Paul Collins Startup list [E-nrgyPlus] Number=3255 Confirmed=X Filename=E-nrgyPlus.exe Description=Added by the Energyplus TRACKWARE! Tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site Source=Paul Collins Startup list [e-Surveiller Station] Number=3256 Confirmed=X Filename=estation.exe Description=ESurveiller spyware. Note - ESurveiller is spyware that monitors and records keystrokes and mouse clicks, instant message conversations, Internet activity and applications used, must be manually installed Source=Paul Collins Startup list [E06DXLRD_7604703] Number=3257 Confirmed=U Filename=EDICT.EXE Description=Related to Microsoft Encarta dictionary functions Source=Paul Collins Startup list [E6TaskPanel] Number=3258 Confirmed=N Filename=TaskPanl.exe Description=Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space Source=Paul Collins Startup list [EA Core] Number=3259 Confirmed=N Filename=Core.exe Description=Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content" Source=Paul Collins Startup list [eabconfg.cpl] Number=3260 Confirmed=U Filename=EabServr.exe Description=Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys Source=Paul Collins Startup list [Eac Download] Number=3261 Confirmed=X Filename=download.exe Description=Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here Source=Paul Collins Startup list [EACLEAN] Number=3262 Confirmed=U Filename=eaclean.exe Description=For Compaq PC's. Easy Access button support for the keyboard Source=Paul Collins Startup list [Eac_Cnry] Number=3263 Confirmed=X Filename=canary.exe Description=Added by the CANARY TROJAN! Source=Paul Collins Startup list [Eac_rnvdl] Number=3264 Confirmed=? Filename=ANTIVIRUS_INSTALL.EXE Description=?? Source=Paul Collins Startup list [EanthologyApp] Number=3265 Confirmed=U Filename=EANTHO~1.EXE Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [EanthologyApp] Number=3266 Confirmed=U Filename=eanthology.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [eanthology_install.exe] Number=3267 Confirmed=U Filename=eanthology_install.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [eanth_critical_update_alert] Number=3268 Confirmed=U Filename=sys_alert.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [eanth_system_patcher] Number=3269 Confirmed=U Filename=sys_alert.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [Eapcisetup] Number=3270 Confirmed=N Filename=sbsetup.exe Description=Rockwell RipTide soundcard application software. Sound works without it Source=Paul Collins Startup list [EAPCISETUP] Number=3271 Confirmed=N Filename=wizard.exe Description=Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation Source=Paul Collins Startup list [Earthlink Protection Control Center] Number=3272 Confirmed=Y Filename=elnk_pcc.exe Description=EarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location" Source=Paul Collins Startup list [EarthLink ToolBar 5.0] Number=3273 Confirmed=N Filename=etoolbar.exe Description=EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time Source=Paul Collins Startup list [Easy Key] Number=3274 Confirmed=U Filename=easykey.exe Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used Source=Paul Collins Startup list [Easy Start Button] Number=3275 Confirmed=N Filename=esb.exe Description=Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys Source=Paul Collins Startup list [Easy-PrintToolBox] Number=3276 Confirmed=U Filename=BJPSMAIN.EXE Description=A utility to launch the applications that are bundled with a Canon bubblejet printer Source=Paul Collins Startup list [EasyAV] Number=3277 Confirmed=X Filename=EasyAV.exe Description=Added by the NETSKY.S or NETSKY.T WORMS! Source=Paul Collins Startup list [EasyDates] Number=3278 Confirmed=X Filename=EasyDates.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [EasyDates_gb] Number=3279 Confirmed=X Filename=EasyDates_gb.exe Description="Edate-A" premium rate adult content dialler Source=Paul Collins Startup list [EasyDates_nl] Number=3280 Confirmed=X Filename=EasyDates_nl.exe Description=Adult content dialler Source=Paul Collins Startup list [EasyKey] Number=3281 Confirmed=U Filename=easykey.exe Description=For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used Source=Paul Collins Startup list [EasyKeyboardLogger] Number=3282 Confirmed=U Filename=EasyKeyboardLogger.exe Description=EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [EasyLinkAdvisor] Number=3283 Confirmed=U Filename=LinksysAgent.exe Description=Linksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network" Source=Paul Collins Startup list [EasyMessage] Number=3284 Confirmed=U Filename=em2.exe Description=Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here Source=Paul Collins Startup list [EasySearchBar] Number=3285 Confirmed=X Filename=ESBUpdate.exe Description=EasySearchBar adware downloader Source=Paul Collins Startup list [easyServ] Number=3286 Confirmed=X Filename=Server.exe Description=Added by the EASYSERV TROJAN! Source=Paul Collins Startup list [EasySpywareCleaner] Number=3287 Confirmed=X Filename=EasySpywareCleaner.exe Description=EasySpywareCleaner spyware remover - not recommended, see here Source=Paul Collins Startup list [EasySync Pro] Number=3288 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [EasyTuneIII] Number=3289 Confirmed=U Filename=EasyTune.exe Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available Source=Paul Collins Startup list [EasyTuneIV] Number=3290 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [EasyTuneV] Number=3291 Confirmed=U Filename=GUI.exe Description=Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available Source=Paul Collins Startup list [easywww] Number=3292 Confirmed=X Filename=easywww2.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [eAudio] Number=3293 Confirmed=U Filename=eAudio.exe Description=Acer eAudio Management provides centralized control over notebook audio, and specialized audio modes for movies, music and games Source=Paul Collins Startup list [EbatesMoeMoneyMaker] Number=3294 Confirmed=X Filename=wjview ...Code Description=Ebates adware Source=Paul Collins Startup list [EbatesMoeMoneyMaker0] Number=3295 Confirmed=X Filename=EbatesMoeMoneyMaker0.exe Description=Ebates adware Source=Paul Collins Startup list [eBay Toolbar] Number=3296 Confirmed=X Filename=EBAYTBAR.EXE Description=eBay Toolbar - reportes as spyware as it "phones home" Source=Paul Collins Startup list [eBayToolbar] Number=3297 Confirmed=U Filename=eBayTBDaemon.exe Description=eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites Source=Paul Collins Startup list [ebmmm] Number=3298 Confirmed=X Filename=ebatesmmmv.exe Description=Ebates adware Source=Paul Collins Startup list [eBoard] Number=3299 Confirmed=U Filename=Eboard.exe Description=eMachines multimedia keyboard manager. Required if you use the extra keys Source=Paul Collins Startup list [eBot] Number=3300 Confirmed=N Filename=DownloadWizard.exe Description=eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs Source=Paul Collins Startup list [EC21] Number=3301 Confirmed=U Filename=EZQ.EXE Description=Related to EC21. "EC21 is the world?s largest B2B marketplace to facilitate online trades between exporters and importers from all around the world" Source=Paul Collins Startup list [ECenter] Number=3302 Confirmed=U Filename=gtb.exe Description=Dell E-Center/Google Toolbar related Source=Paul Collins Startup list [ECenter] Number=3303 Confirmed=N Filename=EULALauncher.exe Description=End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar Source=Paul Collins Startup list [ecko] Number=3304 Confirmed=X Filename=claro.exe Description=Added by the DLOADR-AQJ TROJAN! Source=Paul Collins Startup list [ecpe] Number=3305 Confirmed=? Filename=ECPE.EXE Description=?? Source=Paul Collins Startup list [eDataSecurity Loader] Number=3306 Confirmed=U Filename=eDSloader.exe Description=Part of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms" Source=Paul Collins Startup list [edexter] Number=3307 Confirmed=N Filename=edexter.exe Description=eDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser Source=Paul Collins Startup list [editpad] Number=3308 Confirmed=X Filename=editpad.exe Description=Added by the CONSPER-B TROJAN! Source=Paul Collins Startup list [EDLoader] Number=3309 Confirmed=N Filename=DTLoader.exe Description=Effective Desktop from MiniStars Software - desktop management software no longer being supported Source=Paul Collins Startup list [eDonkey2000] Number=3310 Confirmed=U Filename=edonkey2000.exe Description=File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools Source=Paul Collins Startup list [EDRestore] Number=3311 Confirmed=U Filename=?? Description=Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP" Source=Paul Collins Startup list [educational writer] Number=3312 Confirmed=X Filename=[random filename] Description=Added by the RBOT-LZ WORM! Source=Paul Collins Startup list [Edwizard] Number=3313 Confirmed=U Filename=Edwizard.exe Description=SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks" Source=Paul Collins Startup list [EDxMC110] Number=3314 Confirmed=X Filename=Isass.exe Description=Added by the VB-NIA WORM! Source=Paul Collins Startup list [Edzy AntiVirus] Number=3315 Confirmed=X Filename=dppsfa.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [EEventManager] Number=3316 Confirmed=N Filename=EEventManager.exe Description=Part of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode Source=Paul Collins Startup list [Efata] Number=3317 Confirmed=X Filename=[random 5 characters].exe Description=Added by the FLUKAN-D WORM! Source=Paul Collins Startup list [eFax 4.2] Number=3318 Confirmed=U Filename=J2GDllCmd.exe Description=eFax Messenger fax software Source=Paul Collins Startup list [eFax DllCmd] Number=3319 Confirmed=U Filename=J2GDllCmd.exe Description=eFax Messenger fax software Source=Paul Collins Startup list [eFax Tray Menu] Number=3320 Confirmed=N Filename=HotTray.exe Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here Source=Paul Collins Startup list [eFax Tray Menu] Number=3321 Confirmed=U Filename=J2GTray.exe Description=eFax Messenger fax software tray menu Source=Paul Collins Startup list [eFax.com Tray Menu] Number=3322 Confirmed=N Filename=HotTray.exe Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here Source=Paul Collins Startup list [efaxs lptt01] Number=3323 Confirmed=X Filename=efaxs.exe Description=RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [efaxs ml097e] Number=3324 Confirmed=X Filename=efaxs.exe Description=RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [EFI Hot Folders] Number=3325 Confirmed=U Filename=hffw.exe Description="EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutions Source=Paul Collins Startup list [EFI Job Monitor] Number=3326 Confirmed=U Filename=[path] efjm.dll,run Description=Ricoh Imagio Printer/Scanner driver status monitor Source=Paul Collins Startup list [Efpap.exe] Number=3327 Confirmed=U Filename=Efpap.exe Description=Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching Source=Paul Collins Startup list [egui] Number=3328 Confirmed=U Filename=egui.exe Description=User interface for ESET NOD32 Antivirus and Smart Security Source=Paul Collins Startup list [ehSched] Number=3329 Confirmed=X Filename=ehSched.exe Description=Added by the SDBOT-DHF WORM! Source=Paul Collins Startup list [ehTray] Number=3330 Confirmed=U Filename=ehtray.exe Description=Microsoft Media Center Tray Icon gives easy access to the digital media manager for Windows Vista Home Premium and Media Center Edition Source=Paul Collins Startup list [ei10.exe] Number=3331 Confirmed=X Filename=ei10.exe Description=Added http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotnk.html" target=_blank>AGOBOT-NK WORM! Source=Paul Collins Startup list [Eicon NetworksLAN_DAEMON] Number=3332 Confirmed=U Filename=watch.exe Description=Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually Source=Paul Collins Startup list [Eicon TechnologyLAN_DAEMON] Number=3333 Confirmed=U Filename=watch.exe Description=Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually Source=Paul Collins Startup list [eixfi] Number=3334 Confirmed=X Filename=china.bat Description=Added by the WCUP.A WORM! Source=Paul Collins Startup list [Elbycheck] Number=3335 Confirmed=U Filename=ElbyCheck.exe Description=From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it Source=Paul Collins Startup list [Electron Microscope] Number=3336 Confirmed=U Filename=EMIII.exe Description=Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues Source=Paul Collins Startup list [Element] Number=3337 Confirmed=X Filename=Element.txt Description=Added by the ELEM TROJAN! Source=Paul Collins Startup list [element furth] Number=3338 Confirmed=X Filename=[path] repcale.exe [path] palsp.exe Description=Added by a variant of the RANDON.AN WORM! Source=Paul Collins Startup list [elitemedia] Number=3339 Confirmed=X Filename=elitemediapop.exe Description=Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware Source=Paul Collins Startup list [elm] Number=3340 Confirmed=N Filename=Elmenv.exe Description=ViaTech eLicense for securing, distributing and selling music online Source=Paul Collins Startup list [ELNKProxy] Number=3341 Confirmed=X Filename=smproxy.exe Description=Surfmonkey adware Source=Paul Collins Startup list [ELSA WINman Suite] Number=3342 Confirmed=U Filename=Winmsuit.exe Description=Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU Source=Paul Collins Startup list [ElsaCapiCtl] Number=3343 Confirmed=Y Filename=Rcapi.exe Description=Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem Source=Paul Collins Startup list [ELSAChipGuard] Number=3344 Confirmed=U Filename=elsavect.exe Description=ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking Source=Paul Collins Startup list [ELSBLaunch] Number=3345 Confirmed=U Filename=ELSBLaunch.exe Description=EarthLink SpamBlocker Source=Paul Collins Startup list [EMA.exe] Number=3346 Confirmed=N Filename=EMA.EXE Description=Time management system which helps you to manage your time and appointments Source=Paul Collins Startup list [eMachines eBoard] Number=3347 Confirmed=U Filename=Eboard.exe Description=eMachines multimedia keyboard manager. Required if you use the extra keys Source=Paul Collins Startup list [Email Protection] Number=3348 Confirmed=Y Filename=emlproxy.exe Description=AntiVirus Quick Heal - E-mail protection Source=Paul Collins Startup list [EmailScan] Number=3349 Confirmed=Y Filename=mcvsescn.exe Description=Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails Source=Paul Collins Startup list [eMakeSV] Number=3350 Confirmed=X Filename=EMAKESV.EXE Description="Switch" adult content dialer Source=Paul Collins Startup list [eMakeSV] Number=3351 Confirmed=X Filename=EMAKE2B.EXE Description="Switch" adult content dialer Source=Paul Collins Startup list [EMBASSY Trust Suite Secure Update] Number=3352 Confirmed=U Filename=AutoUpdate.exe Description=Updates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today" Source=Paul Collins Startup list [eMCryT Sh3ars Panagers] Number=3353 Confirmed=X Filename=[path to worm] Description=Added by the RBOT-AWI WORM! Source=Paul Collins Startup list [eMessenger] Number=3354 Confirmed=X Filename=emsn.exe Description=Detected by Trend Micro as the RBOT.BHO BACKDOOR! See here Source=Paul Collins Startup list [EMMeter] Number=3355 Confirmed=U Filename=EMMeter.exe Description="Express Meter provides detailed information about how your software assets are being used. With Express Meter you can monitor application usage, identify software usage patterns, and control application launches?all of which can help you make better decisions about your IT investments" Source=Paul Collins Startup list [emoc0re] Number=3356 Confirmed=X Filename=emo.exe Description=Added by the AGOBOT-AGE WORM! Source=Paul Collins Startup list [Emouse] Number=3357 Confirmed=U Filename=Emouse.exe Description=Genius mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [emoze] Number=3358 Confirmed=U Filename=emoze.exe Description=emoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!" Source=Paul Collins Startup list [empin] Number=3359 Confirmed=X Filename=e121307.exe Description=Delfin Media Viewer adware related Source=Paul Collins Startup list [empin] Number=3360 Confirmed=X Filename=e121307.Stub.exe Description=Delfin Media Viewer adware related Source=Paul Collins Startup list [Empowering Technology Launcher] Number=3361 Confirmed=U Filename=eAPLauncher.exe Description=Empowering Technology Launcher, installed on Acer computer Source=Paul Collins Startup list [emre1] Number=3362 Confirmed=X Filename=emre1.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [emsw.exe] Number=3363 Confirmed=X Filename=emsw.exe Description=Attune HelpExpress - spyware. Disable and uninstall - see here Source=Paul Collins Startup list [emule] Number=3364 Confirmed=X Filename=emule.exe Description=Added by the RBOT-ALZ WORM! Source=Paul Collins Startup list [eMule] Number=3365 Confirmed=N Filename=emule.exe Description=eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release" Source=Paul Collins Startup list [eMuleAutoStart] Number=3366 Confirmed=N Filename=emule.exe Description=eMule - "one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release" Source=Paul Collins Startup list [eMusicClient Systray] Number=3367 Confirmed=N Filename=eMusicClient.exe Description=eMusic MP3 download software Source=Paul Collins Startup list [EM_EXEC] Number=3368 Confirmed=U Filename=EM_EXEC.EXE Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled Source=Paul Collins Startup list [EN4060C Taskbar] Number=3369 Confirmed=N Filename=en4060ct.exe Description=Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray Source=Paul Collins Startup list [enBrowser] Number=3370 Confirmed=X Filename=[name of file] Description=WINBO adware Source=Paul Collins Startup list [encapsulated command tool] Number=3371 Confirmed=? Filename=wintr.com Description=?? Source=Paul Collins Startup list [Encarta Dictionary Quickshelf] Number=3372 Confirmed=N Filename=QSHLFED.EXE Description=Provides quick access to Encarta's Dictionary features? Source=Paul Collins Startup list [ENCMONITOR] Number=3373 Confirmed=N Filename=monitor.exe Description=The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it Source=Paul Collins Startup list [Encoder Agent] Number=3374 Confirmed=N Filename=WMENCAGT.EXE Description=MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed Source=Paul Collins Startup list [Encompass_ENCMONTR] Number=3375 Confirmed=U Filename=ENCMONTR.EXE Description=Optional simple browser from Yahoo (Encompass) Source=Paul Collins Startup list [ENCSurf] Number=3376 Confirmed=? Filename=surfboard.exe Description=?? Source=Paul Collins Startup list [Energizer FileSaver] Number=3377 Confirmed=N Filename=Energizer FileSaver.exe Description=Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended Source=Paul Collins Startup list [EnergyPlugIn] Number=3378 Confirmed=X Filename=EnergyPlugin.exe Description=EnergyPlugin adware variant Source=Paul Collins Startup list [enginecs2] Number=3379 Confirmed=U Filename=enginecs2.exe Description=Cyber Sentinel - internet filtering software Source=Paul Collins Startup list [EngUtil] Number=3380 Confirmed=Y Filename=EngUtil.exe Description=Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking Source=Paul Collins Startup list [Enh Win Updt] Number=3381 Confirmed=X Filename=enhupdt.exe Description=Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN! Source=Paul Collins Startup list [enhance32] Number=3382 Confirmed=X Filename=enhance32.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [EnigmaPopupStop] Number=3383 Confirmed=N Filename=EnigmaPopupStop.exe Description=Part of Enigma SpyHunter - not recommended, see note Source=Paul Collins Startup list [ENSApServer2_0] Number=3384 Confirmed=? Filename=APSERVER.EXE Description=Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? Source=Paul Collins Startup list [ENSMIX32.EXE] Number=3385 Confirmed=? Filename=ENSMIX32.EXE Description=Sound card driver. Is it required? Source=Paul Collins Startup list [EnsoniqMixer] Number=3386 Confirmed=U Filename=starter.exe Description=Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility Source=Paul Collins Startup list [Entbloess 2] Number=3387 Confirmed=U Filename=Entbloess2.exe Description=Related to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Expos?, for Windows 2K/XP Source=Paul Collins Startup list [Enterra Icon Keeper] Number=3388 Confirmed=U Filename=IcnKeepr.exe Description=Icon Keeper - "tool to save and restore icon positions on the desktop" Source=Paul Collins Startup list [Enumerate Service] Number=3389 Confirmed=X Filename=wsys.exe Description=Added by the MANIFEST TROJAN! Source=Paul Collins Startup list [EnvyHFCPL] Number=3390 Confirmed=Y Filename=EnMixCPL.exe Description=VIA Envy24 PCI Audio Controller driver Source=Paul Collins Startup list [eonemng] Number=3391 Confirmed=U Filename=eOneMng.exe Description=eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC Source=Paul Collins Startup list [EOUApp] Number=3392 Confirmed=U Filename=EOUWiz.exe Description=Intel ProSET Wireless related - provides additional configuration options for these devices Source=Paul Collins Startup list [EOUWiz] Number=3393 Confirmed=U Filename=EOUWiz.exe Description=Intel ProSET Wireless related - provides additional configuration options for these devices Source=Paul Collins Startup list [EPM-DM] Number=3394 Confirmed=U Filename=epm-dm.exe Description=Device Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Source=Paul Collins Startup list [ePowerManagement] Number=3395 Confirmed=U Filename=ePM.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Source=Paul Collins Startup list [ePower_DMC] Number=3396 Confirmed=U Filename=ePower_DMC.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Source=Paul Collins Startup list [EPoXUSDM] Number=3397 Confirmed=U Filename=USDM.EXE Description=EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc Source=Paul Collins Startup list [ePrint 3.0 Service] Number=3398 Confirmed=N Filename=EPRINT3.EXE Description=LEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually Source=Paul Collins Startup list [ePrint 4.0 Service] Number=3399 Confirmed=N Filename=EPRINT4.EXE Description=A component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually Source=Paul Collins Startup list [ePrompter] Number=3400 Confirmed=U Filename=ePrompter.exe Description=ePrompter - E-mail notification software Source=Paul Collins Startup list [EPS] Number=3401 Confirmed=N Filename=e_srcv02.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPS] Number=3402 Confirmed=N Filename=e_srcv03.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPSON Background Monitor] Number=3403 Confirmed=N Filename=STMS.EXE Description=Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not Source=Paul Collins Startup list [EPSON CardMonitor] Number=3404 Confirmed=U Filename=EPSON CardMonitor1.0.exe Description=Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint Source=Paul Collins Startup list [EPSON Status Monitor 3 Environment Check] Number=3405 Confirmed=N Filename=e_srcv03.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPSON Status Monitor 3 Environment Check] Number=3406 Confirmed=N Filename=e_srcv02.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPSON Status Monitor 3 Environment Check 2] Number=3407 Confirmed=N Filename=e_srcv03.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPSON Status Monitor 3 Environment Check 2] Number=3408 Confirmed=N Filename=e_srcv02.exe Description=According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check Source=Paul Collins Startup list [EPSON Stylus C40 Series] Number=3409 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C41 Series] Number=3410 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C42 Series] Number=3411 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C43 Series] Number=3412 Confirmed=U Filename=E_S08IC1.EXE Description=Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C43 Series] Number=3413 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C44 Series] Number=3414 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C45 Series] Number=3415 Confirmed=U Filename=E_S4I3T1.EXE Description=Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C46 Series] Number=3416 Confirmed=U Filename=E_S4I0T1.EXE Description=Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C48 Series] Number=3417 Confirmed=U Filename=E_S4I091.EXE Description=Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C60 Series] Number=3418 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C61 Series] Number=3419 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [Epson Stylus C62 Series] Number=3420 Confirmed=U Filename=E-S0BIC1.EXE Description=Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C62 Series] Number=3421 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C63 Series] Number=3422 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C64 Series] Number=3423 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C64 Series] Number=3424 Confirmed=U Filename=E_S4I2C1.EXE Description=Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C66 Series] Number=3425 Confirmed=U Filename=E_S4I0S2.EXE Description=Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C67 Series] Number=3426 Confirmed=U Filename=E_FATIAAL.EXE Description=Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [Epson Stylus C82 Series] Number=3427 Confirmed=U Filename=E_S0HIC1.EXE Description=Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C82 Series] Number=3428 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C84 Series] Number=3429 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C84 Series] Number=3430 Confirmed=U Filename=E_S4I2D1.EXE Description=Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus C87 Series] Number=3431 Confirmed=U Filename=E_FATIABL.EXE Description=Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX2900 Series] Number=3432 Confirmed=U Filename=E_FATIBFP.EXE Description=Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX3200] Number=3433 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX3600 Series] Number=3434 Confirmed=U Filename=E_FATI9BE.EXE Description=Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX3800 Series] Number=3435 Confirmed=U Filename=E_FATIACA.EXE Description=Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX4200 Series] Number=3436 Confirmed=U Filename=E_FATIAEA.EXE Description=Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX4500 Series] Number=3437 Confirmed=U Filename=E_FATI9AP.EXE Description=Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX5000 Series] Number=3438 Confirmed=U Filename=E_FATIBVA.EXE Description=Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX5400] Number=3439 Confirmed=U Filename=E_S4I2G1.EXE Description=Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX6000 Series] Number=3440 Confirmed=U Filename=E_FATIBIA.EXE Description=Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX6500 Series] Number=3441 Confirmed=U Filename=E_FATI9EP.EXE Description=Epson Status Monitor 3 for the Stylus CX6500 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX6600 Series] Number=3442 Confirmed=U Filename=E_FATI9EE.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX6600 Series] Number=3443 Confirmed=U Filename=E_FATI9EA.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX7000F Series] Number=3444 Confirmed=U Filename=E_FATIBKA.EXE Description=Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX7400 Series] Number=3445 Confirmed=U Filename=E_FATICDA.EXE Description=Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX7800 Series] Number=3446 Confirmed=U Filename=E_FATIAFA.EXE Description=Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX8400 Series] Number=3447 Confirmed=U Filename=E_FATICEA.EXE Description=Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus CX9400Fax Series] Number=3448 Confirmed=U Filename=E_FATICFA.EXE Description=Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus D68 Series] Number=3449 Confirmed=U Filename=E_FATIAAE.EXE Description=Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus D78 Series] Number=3450 Confirmed=U Filename=E_FATIBGE.EXE Description=Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus D88 Series] Number=3451 Confirmed=U Filename=E_FATIABE.EXE Description=Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX3800 Series] Number=3452 Confirmed=U Filename=E_FATIACE.EXE Description=Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX4000 Series] Number=3453 Confirmed=U Filename=E_FATIBEE.EXE Description=Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX4400 Series] Number=3454 Confirmed=U Filename=E_FATICAE.EXE Description=Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX4800 Series] Number=3455 Confirmed=U Filename=E_FATIADE.EXE Description=Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX5000 Series] Number=3456 Confirmed=U Filename=E_FATIBVE.EXE Description=Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX6000 Series] Number=3457 Confirmed=U Filename=E_FATIBIE.EXE Description=Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX7400 Series] Number=3458 Confirmed=U Filename=E_FATICDE.EXE Description=Epson Status Monitor 3 for the Stylus DX7400 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus DX8400 Series] Number=3459 Confirmed=U Filename=E_FATICEE.EXE Description=Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo 2200] Number=3460 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo 825] Number=3461 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo 925] Number=3462 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R1800] Number=3463 Confirmed=U Filename=E_FATI9LA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etc Source=Paul Collins Startup list [EPSON Stylus Photo R200 Series] Number=3464 Confirmed=U Filename=E_S4I0H2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R220 Series] Number=3465 Confirmed=U Filename=E_S6I2I1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R220 Series] Number=3466 Confirmed=U Filename=E_FATIAIE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R240 Series] Number=3467 Confirmed=U Filename=E_FATIAHE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R2400] Number=3468 Confirmed=U Filename=E_FATI9SA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [EPSON Stylus Photo R260 Series] Number=3469 Confirmed=U Filename=E_FATIBNA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R300 Series] Number=3470 Confirmed=U Filename=E_S4I2F1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R300 Series] Number=3471 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R300 Series] Number=3472 Confirmed=U Filename=E_S4I0F2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R320 Series] Number=3473 Confirmed=U Filename=E_FATI9FA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R380 Series] Number=3474 Confirmed=U Filename=E_FATIBOA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo R800] Number=3475 Confirmed=U Filename=E_FATI9YE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo RX420 Series] Number=3476 Confirmed=U Filename=E_FATI9CE.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo RX430 Series] Number=3477 Confirmed=U Filename=E_FATI9CP.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX430 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo RX500] Number=3478 Confirmed=U Filename=E_S4I2K1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Photo RX600] Number=3479 Confirmed=U Filename=E_S4I2M1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Pro 4000] Number=3480 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EPSON Stylus Pro 7600] Number=3481 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [EpsonPhotoStarter] Number=3482 Confirmed=U Filename=EPSON_PhotoStarter.exe Description=Only needed if you want to make full use of the capabilities of an Epson printer that included this Source=Paul Collins Startup list [Eptr] Number=3483 Confirmed=X Filename=nopdb.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [EQAdvice] Number=3484 Confirmed=X Filename=EQAdvice.exe Description=NewAds1 adware Source=Paul Collins Startup list [EQArticle] Number=3485 Confirmed=U Filename=EQArticle.exe Description=EQArticle adware Source=Paul Collins Startup list [Equipmen] Number=3486 Confirmed=? Filename=Equipmen.exe Description=?? Source=Paul Collins Startup list [Eraser] Number=3487 Confirmed=U Filename=eraser.exe Description=Eraser allows for complete removal of data from your hard drive Source=Paul Collins Startup list [eRecoveryService] Number=3488 Confirmed=U Filename=check.exe Description=Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity Source=Paul Collins Startup list [eRecoveryService] Number=3489 Confirmed=U Filename=Monitor.exe Description=Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager" Source=Paul Collins Startup list [eRecoveryService] Number=3490 Confirmed=U Filename=eRAgent.exe Description=Acer's eRecovery Management program. This program allows you to create and restore backups of your computer Source=Paul Collins Startup list [EReg] Number=3491 Confirmed=N Filename=reg32.exe Description=EReg is a software registration tool incorporated on products such as those by Br?derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it Source=Paul Collins Startup list [erfgddfk] Number=3492 Confirmed=X Filename=wind2ll2.exe Description=Added by the BEAGLE.CQ WORM! Source=Paul Collins Startup list [erghgjhgdr] Number=3493 Confirmed=X Filename=windlhhl.exe Description=Added by the BEAGLE.BG WORM! Source=Paul Collins Startup list [erghgjhjgdr] Number=3494 Confirmed=X Filename=windlhhl.exe Description=Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS! Source=Paul Collins Startup list [erm] Number=3495 Confirmed=? Filename=erm.exe Description=?? Source=Paul Collins Startup list [Eroca] Number=3496 Confirmed=X Filename=Eroca.exe Description=Detected by Kaspersky as Insider.i adware - see here Source=Paul Collins Startup list [eros.exe] Number=3497 Confirmed=X Filename=eros.exe Description=Adult content dailler Source=Paul Collins Startup list [ErrClean] Number=3498 Confirmed=X Filename=SysRep.exe Description=ErrClean misleading security software - not recommended, see here Source=Paul Collins Startup list [Error Nuker] Number=3499 Confirmed=N Filename=ErrorNuker.exe Description=ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required Source=Paul Collins Startup list [Error Safe] Number=3500 Confirmed=X Filename=ers.exe Description=ErrorSafe misleading security software - not recommended, see here Source=Paul Collins Startup list [ErrorGuard] Number=3501 Confirmed=X Filename=ErrorGuard.exe Description=Spyware remover - not recommended, see here Source=Paul Collins Startup list [errorhandler] Number=3502 Confirmed=X Filename=errorhandler.exe Description=ErrorHandler adware Source=Paul Collins Startup list [ERS] Number=3503 Confirmed=X Filename=ers_startupmon.exe Description=ErrorSafe misleading security software - not recommended, see here Source=Paul Collins Startup list [erscw] Number=3504 Confirmed=X Filename=erscw.exe Description=ErrorSafe misleading security software - not recommended, see here Source=Paul Collins Startup list [ERS_check] Number=3505 Confirmed=X Filename=ers_startupmon.exe Description=ErrorSafe misleading security software - not recommended, see here Source=Paul Collins Startup list [erthegdr] Number=3506 Confirmed=X Filename=windll2.exe Description=Added by the BEAGLE.CG WORM! Source=Paul Collins Startup list [erthgdr] Number=3507 Confirmed=X Filename=windll.exe Description=Added by the BEAGLE.AO or BEAGLE.AQ WORMS! Source=Paul Collins Startup list [erthgdr] Number=3508 Confirmed=X Filename=svc.exe Description=Added by the BEAGLE.BN or BEAGLE.BP WORM! Source=Paul Collins Startup list [erthgdr2] Number=3509 Confirmed=X Filename=svc23.exe Description=Added by the BAGLE.CG WORM! Source=Paul Collins Startup list [ERTS0749] Number=3510 Confirmed=? Filename=ERTS0749.exe Description=IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? Source=Paul Collins Startup list [ERUNT AutoBackup] Number=3511 Confirmed=U Filename=AUTOBACK.EXE Description=ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored Source=Paul Collins Startup list [erwghjjrjt] Number=3512 Confirmed=X Filename=ucbcg.exe Description=Added by the SMALL.CUL TROJAN! Source=Paul Collins Startup list [eSafe Protect] Number=3513 Confirmed=Y Filename=ESPWatch.exe Description=eSafe from Aladdin - internet security for gateway and E-mail servers Source=Paul Collins Startup list [ESB] Number=3514 Confirmed=U Filename=esb.exe Description=Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys Source=Paul Collins Startup list [eScan Monitor] Number=3515 Confirmed=Y Filename=AVKWCTL9X.EXE Description=MicroWorld eScan antivirus Source=Paul Collins Startup list [eScan Scheduler] Number=3516 Confirmed=U Filename=avkserv.exe Description=MicroWorld eScan antivirus scheduler Source=Paul Collins Startup list [eScan Updater] Number=3517 Confirmed=U Filename=Trayicos.exe Description=MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads Source=Paul Collins Startup list [EScorcher] Number=3518 Confirmed=X Filename=escorcher.exe Description=Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead Source=Paul Collins Startup list [ESFTP] Number=3519 Confirmed=N Filename=esftp.exe Description=ESftp - FTP client for transfering files between a local PC and another remote computer Source=Paul Collins Startup list [eSnips] Number=3520 Confirmed=U Filename=ClientGW.exe Description=eSnips Client Gateway from eSnips Source=Paul Collins Startup list [Esoh] Number=3521 Confirmed=X Filename=Esoh123.exe Description=Added by the AGOBOT.FF WORM! Source=Paul Collins Startup list [Especial] Number=3522 Confirmed=X Filename=Deneca.bat Description=Added by the DELUZ VIRUS! Source=Paul Collins Startup list [ESPN BottomLine] Number=3523 Confirmed=N Filename=bline.exe Description=ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." Source=Paul Collins Startup list [ESS Daemon] Number=3524 Confirmed=? Filename=Essd.exe Description=Related to an ESS based soundacard. Is it required? Source=Paul Collins Startup list [essapm] Number=3525 Confirmed=? Filename=essapm.exe Description=ESS Solo soundcard driver. Is it required? Source=Paul Collins Startup list [Essdc] Number=3526 Confirmed=Y Filename=essdc.exe Description=Related to an ESS Solo soundcard. Seems as though it's required Source=Paul Collins Startup list [ESSNDSYS] Number=3527 Confirmed=? Filename=ESSNDSYS.EXE Description=Related to an ESS based soundacard. Is it required? Source=Paul Collins Startup list [ESSOLO] Number=3528 Confirmed=Y Filename=ESSOLO.exe Description=Sound card driver that re-instates itself every time it's removed Source=Paul Collins Startup list [esspk] Number=3529 Confirmed=Y Filename=esspk.exe Description=ESS Technology modem speaker driver file. Required to get on-line with this modem Source=Paul Collins Startup list [EssSpkPhone] Number=3530 Confirmed=U Filename=essspk.exe Description=ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets Source=Paul Collins Startup list [eSupInit] Number=3531 Confirmed=? Filename=eSupCmd.exe Description=Related to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required? Source=Paul Collins Startup list [ETB Tester] Number=3532 Confirmed=X Filename=etbtest.exe Description=Added by the RBOT-ABR WORM! Source=Paul Collins Startup list [etbrun] Number=3533 Confirmed=X Filename=elit***32.exe [* = random char] Description=EliteBar adware Source=Paul Collins Startup list [eTCertManger] Number=3534 Confirmed=U Filename=eTCrtMng.exe Description=eToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutions Source=Paul Collins Startup list [Ethernet] Number=3535 Confirmed=N Filename=tcaudiag.exe Description=3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs Source=Paul Collins Startup list [ethernet] Number=3536 Confirmed=X Filename=airftp.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [ethernet] Number=3537 Confirmed=X Filename=msnger.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [ethernet] Number=3538 Confirmed=X Filename=msftp.exe Description=Added by the SDBOT.BXJ WORM! Source=Paul Collins Startup list [ethernet adapter] Number=3539 Confirmed=X Filename=csrmss.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Ethernet Driver] Number=3540 Confirmed=X Filename=cmsrrs.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Ethernet Drivers] Number=3541 Confirmed=X Filename=smrrs.exe Description=Added by the RBOT-AAK WORM! Source=Paul Collins Startup list [Ethernet Drivers] Number=3542 Confirmed=X Filename=ethernet.exe Description=Added by the GAOBOT.CEZ WORM! Source=Paul Collins Startup list [Ethernet Linking] Number=3543 Confirmed=X Filename=ethernet.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Etraffic] Number=3544 Confirmed=X Filename=JavaRun.exe Description=TopMoxie adware Source=Paul Collins Startup list [eTrust EZ Firewall] Number=3545 Confirmed=Y Filename=efpeadm.exe Description=eTrust EZ Firewall Source=Paul Collins Startup list [eTrust PestPatrol Active Protection] Number=3546 Confirmed=U Filename=PPActiveDetection.exe Description=PestPatrol real-time protection feature. "Stops spyware before it infects your system" Source=Paul Collins Startup list [eTrust Realtime Monitor] Number=3547 Confirmed=X Filename=realmon.exe Description=Added by the LAZAR.B TROJAN! Source=Paul Collins Startup list [eTrustCIPE] Number=3548 Confirmed=Y Filename=ezdsmain.exe Description=eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior Source=Paul Collins Startup list [eTunnel] Number=3549 Confirmed=X Filename=winfw.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Eudora] Number=3550 Confirmed=U Filename=Eudora.exe Description=Eudora from Qualcomm allows you to receive and send Internet e-mails Source=Paul Collins Startup list [EUP Service] Number=3551 Confirmed=X Filename=eupsvc.exe Description=Added by the DELBOT-Q WORM! Source=Paul Collins Startup list [EuroGlot] Number=3552 Confirmed=U Filename=EuroGlot.exe Description=Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian" Source=Paul Collins Startup list [Event Log] Number=3553 Confirmed=? Filename=eventlog.exe Description=?? Source=Paul Collins Startup list [Event Planner Reminders] Number=3554 Confirmed=N Filename=PLNRnote.exe Description=Sierra Event Planner tray icon Source=Paul Collins Startup list [Event Reminder] Number=3555 Confirmed=N Filename=pmremind.exe Description=A calendar/alarm program that installs with Br?derbund Printmaster Source=Paul Collins Startup list [EventApplicationCmd] Number=3556 Confirmed=X Filename=smschk.exe Description=Added by the IRCBOT-AO TROJAN! Source=Paul Collins Startup list [EVENTLISTENER] Number=3557 Confirmed=U Filename=EvLstnr.exe Description=Used with a Nikon digital camera to recognize when the camera is plugged in Source=Paul Collins Startup list [eventmgr] Number=3558 Confirmed=N Filename=eventmgr.exe Description=Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs Source=Paul Collins Startup list [eventwvr] Number=3559 Confirmed=X Filename=eventwvr.exe Description=Added by the COSIAM_G TROJAN! Source=Paul Collins Startup list [EverioService] Number=3560 Confirmed=? Filename=EverioService.exe Description=Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required? Source=Paul Collins Startup list [Evidence Cleaner] Number=3561 Confirmed=U Filename=ecleaner.exe Description=Evidence Cleaner cleans up tracks left by your PC and Internet activities Source=Paul Collins Startup list [Evidence Eliminator] Number=3562 Confirmed=N Filename=ee.exe Description=Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis Source=Paul Collins Startup list [Evil] Number=3563 Confirmed=X Filename=Evil.exe Description=Added by the MYTOB.JM WORM! Source=Paul Collins Startup list [evntsvc] Number=3564 Confirmed=N Filename=evntsc.exe Description=Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK Source=Paul Collins Startup list [EVOLOSTA] Number=3565 Confirmed=U Filename=EVOLOSTA.EXE Description=Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it Source=Paul Collins Startup list [Evoluent Mouse Manager] Number=3566 Confirmed=U Filename=EvoMouExec.exe Description=Mouse manager for Evoluent VertcialMouse Source=Paul Collins Startup list [EvtHtm] Number=3567 Confirmed=X Filename=evthtm.exe Description=Added by the DLUCA-EJ TROJAN! Source=Paul Collins Startup list [EW Message Server] Number=3568 Confirmed=U Filename=msg32.exe Description=Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices Source=Paul Collins Startup list [eWare Startup] Number=3569 Confirmed=N Filename=iWareStart.exe Description=eWare iWare task bar. Not required Source=Paul Collins Startup list [ewupdater] Number=3570 Confirmed=X Filename=ewupdater.exe Description=EasyWebSearch adware updater Source=Paul Collins Startup list [example] Number=3571 Confirmed=X Filename=[random filename].exe Description=Added by the NUCLEAR TROJAN! Note - this trojan file is found in the Windows\NR or Winnt\NR folder Source=Paul Collins Startup list [Excite Platform] Number=3572 Confirmed=N Filename=Exlaunch.exe Description=Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer Source=Paul Collins Startup list [Excite Private Messenger Pipe] Number=3573 Confirmed=? Filename=x8impipe.exe Description=?? Source=Paul Collins Startup list [ExciteAssistantEXE] Number=3574 Confirmed=N Filename=ASSISTANT.EXE Description=With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open Source=Paul Collins Startup list [exdl.exe] Number=3575 Confirmed=X Filename=exdl.exe Description=BargainBuddy foistware Source=Paul Collins Startup list [exe lptt01] Number=3576 Confirmed=X Filename=exe.exe Description=RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [exe ml097e] Number=3577 Confirmed=X Filename=exe.exe Description=RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [execfg4] Number=3578 Confirmed=X Filename=execfg4.exe Description=Added by the ELECTRON WORM! Source=Paul Collins Startup list [ExecUser] Number=3579 Confirmed=X Filename=ExecUser.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Execute] Number=3580 Confirmed=? Filename=delfolders.exe Description=?? Source=Paul Collins Startup list [ExeName32] Number=3581 Confirmed=X Filename=Warm.scr Description=Added by the SCOLD WORM! Source=Paul Collins Startup list [ExFilter] Number=3582 Confirmed=X Filename=Rundll32.exe [path] cdnspie.dll, ExecFilter Description=CNNIC Update pest Source=Paul Collins Startup list [exgiwsl] Number=3583 Confirmed=? Filename=exgiwsl.exe Description=?? Source=Paul Collins Startup list [Exif Launcher] Number=3584 Confirmed=U Filename=Exiflaquickdcr.exe Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly Source=Paul Collins Startup list [Exif Launcher] Number=3585 Confirmed=U Filename=QuickDCF.exe Description=USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly Source=Paul Collins Startup list [ExitKiller] Number=3586 Confirmed=U Filename=Ekiller.exe Description=Exit Killer - automatically closes pop-up windows in your browser Source=Paul Collins Startup list [exmon] Number=3587 Confirmed=? Filename=hpimoniter.exe Description=Some kind of hp digital camera maybe or a photo smart connection probe? Source=Paul Collins Startup list [Exn] Number=3588 Confirmed=X Filename=exn.exe Description=Added by the IRCBOT.RJ WORM! Source=Paul Collins Startup list [exo.exe] Number=3589 Confirmed=X Filename=exo.exe Description=Added by the AGOBOT.ALD WORM! Source=Paul Collins Startup list [Expatch] Number=3590 Confirmed=X Filename=[random filename] Description=Added by the PWSLMIR-G TROJAN! Source=Paul Collins Startup list [expcrt] Number=3591 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [ExpertAntivirus] Number=3592 Confirmed=X Filename=ExpertAntivirus.EXE Description=ExpertAntiVirus misleading antivirus program - not recommended, see here Source=Paul Collins Startup list [EXPL0RE.EXE] Number=3593 Confirmed=X Filename=EXPL0RE.EXE Description=Added by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o" Source=Paul Collins Startup list [Expl0rer soft] Number=3594 Confirmed=X Filename=expl0rer.pif Description=Added by the RBOT-AQR WORM! Source=Paul Collins Startup list [expler] Number=3595 Confirmed=X Filename=Updadv.exe Description=Added by the QQPASS-N TROJAN! Source=Paul Collins Startup list [Explkw] Number=3596 Confirmed=X Filename=expup.exe Description=Keywords hijacker Source=Paul Collins Startup list [explord.exe] Number=3597 Confirmed=X Filename=explord.exe Description=Added by the DLOADR-AYW TROJAN! Source=Paul Collins Startup list [explore] Number=3598 Confirmed=X Filename=explore.exe Description=Added by any number of VIRUSES, WORMS or TROJANS! Source=Paul Collins Startup list [Explore] Number=3599 Confirmed=X Filename=Explorer.exe Description=Added by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Explore] Number=3600 Confirmed=X Filename=explore.exe Description=Adult content dialler Source=Paul Collins Startup list [explore manager] Number=3601 Confirmed=X Filename=explore.exe Description=Added by the DONBOMB.A TROJAN! Source=Paul Collins Startup list [explore.exe] Number=3602 Confirmed=X Filename=Explore.exe Description=Added by the GRAYBIRD.G TROJAN! Source=Paul Collins Startup list [exploreff.exe] Number=3603 Confirmed=X Filename=exploreff.exe Description=Added by the FINFANSE TROJAN! Source=Paul Collins Startup list [explorer] Number=3604 Confirmed=U Filename=explorer.exe Description=Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL Source=Paul Collins Startup list [explorer] Number=3605 Confirmed=X Filename=wscript.exe [filename] Description=Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [Explorer] Number=3606 Confirmed=X Filename=shellexpl.exe Description=Added by the SHELDOR TROJAN! Source=Paul Collins Startup list [explorer] Number=3607 Confirmed=X Filename=expl32.exe Description=Added by the RATSOU TROJAN! Source=Paul Collins Startup list [Explorer] Number=3608 Confirmed=X Filename=[path to worm] Description=Added by the AUTEX WORM! Source=Paul Collins Startup list [Explorer] Number=3609 Confirmed=X Filename=shellexp.exe Description=Added by a variant of the SHELDOR TROJAN! Source=Paul Collins Startup list [EXPLORER] Number=3610 Confirmed=X Filename=EXPL0RER.EXE Description=Added by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o" Source=Paul Collins Startup list [EXPLORER] Number=3611 Confirmed=X Filename=sys.exe Description=Added by the SILLYFDC-A TROJAN! Source=Paul Collins Startup list [Explorer] Number=3612 Confirmed=X Filename=config_.com Description=Added by the FLOPPY-D WORM! Source=Paul Collins Startup list [Explorer] Number=3613 Confirmed=X Filename=drv.exe Description=Added by the SMALL-FD TROJAN! Source=Paul Collins Startup list [explorer] Number=3614 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT-EU TROJAN! Source=Paul Collins Startup list [explorer] Number=3615 Confirmed=X Filename=explorer.exe Description=Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service Source=Paul Collins Startup list [EXPLORER] Number=3616 Confirmed=X Filename=EXPLORER.exe Description=Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExt Source=Paul Collins Startup list [explorer] Number=3617 Confirmed=X Filename=explorer.exe Description=Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\config Source=Paul Collins Startup list [explorer] Number=3618 Confirmed=X Filename=Yinstall.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Explorer] Number=3619 Confirmed=X Filename=Windows Explorer.exe Description=Added by the SILLYFDC-I WORM! Source=Paul Collins Startup list [Explorer] Number=3620 Confirmed=X Filename=explorar.vbs Description=Added by the DESKTO-A WORM! Source=Paul Collins Startup list [Explorer Loader] Number=3621 Confirmed=X Filename=explr32.exe Description=Added by the AGOBOT.N WORM! Source=Paul Collins Startup list [Explorer Loader] Number=3622 Confirmed=X Filename=explorerl.exe Description=Added by the SDBOT-ADI WORM! Source=Paul Collins Startup list [Explorer lptt01] Number=3623 Confirmed=X Filename=explorer.exe Description=RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! Source=Paul Collins Startup list [EXPLORER MICROSOFT SYSTEM] Number=3624 Confirmed=X Filename=explore.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Explorer ml097e] Number=3625 Confirmed=X Filename=explorer.exe Description=RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually! Source=Paul Collins Startup list [Explorer soft] Number=3626 Confirmed=X Filename=explorer.pif Description=Added by the RBOT-APK WORM! Source=Paul Collins Startup list [Explorer soft] Number=3627 Confirmed=X Filename=explorer.com Description=Added by the RBOT-ARM WORM! Source=Paul Collins Startup list [Explorer Updater] Number=3628 Confirmed=X Filename=IEXPLORE.exe Description=Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [explorer.exe] Number=3629 Confirmed=X Filename=explorer.exe Description=Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [explorer.exe] Number=3630 Confirmed=X Filename=explorer.exe Description=Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder Source=Paul Collins Startup list [Explorer32] Number=3631 Confirmed=X Filename=Expl32.exe Description=Added by the HACKTACK.B TROJAN! Source=Paul Collins Startup list [Explorer32] Number=3632 Confirmed=X Filename=explorer6s4.exe Description=Added by the Downloader.Win32.Small.biq TROJAN! Source=Paul Collins Startup list [Explorer32] Number=3633 Confirmed=X Filename=efsdfgxg.exe Description=Added by the CLICKER-Y TROJAN! Source=Paul Collins Startup list [Explorer5] Number=3634 Confirmed=X Filename=config_.com Description=Added by the VB.CBG WORM! Source=Paul Collins Startup list [Explorer6.1.EXE] Number=3635 Confirmed=X Filename=Explorer.exe Description=Added by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! Source=Paul Collins Startup list [ExploreUpdSched] Number=3636 Confirmed=X Filename=[random filename] Description=ZenoSearch adware Source=Paul Collins Startup list [exporet] Number=3637 Confirmed=X Filename=winset.exe Description=Added by the QQPASS-I TROJAN! Source=Paul Collins Startup list [Express ClickYes] Number=3638 Confirmed=U Filename=ClickYes.exe Description="Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications" Source=Paul Collins Startup list [Exshow95] Number=3639 Confirmed=U Filename=EXSHOW95.exe Description=Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices Source=Paul Collins Startup list [Extender Resource Monitor] Number=3640 Confirmed=N Filename=RMSysTry.exe Description=Related to Windows Media Center from Microsoft Source=Paul Collins Startup list [External Dependencies] Number=3641 Confirmed=X Filename=External.exe Description=Added by the MYTOB.EC WORM! Source=Paul Collins Startup list [ExtraDNS] Number=3642 Confirmed=U Filename=ExtraDNS.exe Description=ExtraDNS - DNS configuration tool Source=Paul Collins Startup list [ExtraFilmHemmaAgent] Number=3643 Confirmed=N Filename=Agent.exe Description=ExtraFilm Photo Assistant Source=Paul Collins Startup list [Extranet AutoDial] Number=3644 Confirmed=? Filename=AutoExt.exe Description=Nortel Networks Contivity Extranet Switching Software Source=Paul Collins Startup list [ExxtremeHelperDemon] Number=3645 Confirmed=? Filename=exxdemon.exe Description=Creative Exxtreme graphics card related? Source=Paul Collins Startup list [Eye Tide Launcher] Number=3646 Confirmed=N Filename=oneeyetideone.exe Description=Nascar wallpaper Source=Paul Collins Startup list [EYORE] Number=3647 Confirmed=X Filename=Notepad.scr Description=Added by the GIMLET-A WORM! Source=Paul Collins Startup list [EZ Firewall] Number=3648 Confirmed=Y Filename=ca.exe Description=eTrust EZ Armor Internet Security Source=Paul Collins Startup list [EZ-DUB Finder] Number=3649 Confirmed=U Filename=EZ-DUB.exe Description=Support software for the Lite-On EZ-DUB external DVD writer from Lite-On IT Corporation Source=Paul Collins Startup list [ezagent] Number=3650 Confirmed=N Filename=ezagent.exe Description=EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs Source=Paul Collins Startup list [EzButton] Number=3651 Confirmed=N Filename=EzButton.EXE Description=EZbutton is a quick launcher for the Media player app that comes with certain laptops Source=Paul Collins Startup list [EZDesk] Number=3652 Confirmed=N Filename=EZDESK.EXE Description=Utility that remembers icon locations for each user and resolution. Available here Source=Paul Collins Startup list [EzEjMnAp] Number=3653 Confirmed=N Filename=EzEjMnAp.exe Description=For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs Source=Paul Collins Startup list [ezHelper] Number=3654 Confirmed=N Filename=ezHelper.exe Description=Part of the ezPeer+ ezHelper music sharing program. Source=Paul Collins Startup list [eZmmod] Number=3655 Confirmed=X Filename=mmod.exe Description=eZula TopText adware Source=Paul Collins Startup list [EZNORUN] Number=3656 Confirmed=? Filename=EZNORUN.EXE Description=Easy Internet related? Source=Paul Collins Startup list [EzPrint] Number=3657 Confirmed=N Filename=ezprint.exe Description=Lexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easily Source=Paul Collins Startup list [ezPS_Px] Number=3658 Confirmed=Y Filename=ezSP_PxEngine.exe Description=Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings Source=Paul Collins Startup list [ezPS_Px] Number=3659 Confirmed=Y Filename=ezSP_Px.exe Description=Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings Source=Paul Collins Startup list [ezShieldProtector for Px] Number=3660 Confirmed=Y Filename=ezSP_Px.exe Description=Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings Source=Paul Collins Startup list [ezShieldProtector for Px] Number=3661 Confirmed=Y Filename=ezSP_PxEngine.exe Description=Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings Source=Paul Collins Startup list [EZSMART App] Number=3662 Confirmed=U Filename=ezsmart.exe Description=EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported Source=Paul Collins Startup list [ezula] Number=3663 Confirmed=X Filename=eZmmod.exe Description=eZula TopText adware Source=Paul Collins Startup list [eZulaMain] Number=3664 Confirmed=X Filename=eZulaMain.exe Description=eZula TopText adware Source=Paul Collins Startup list [eZuluMain] Number=3665 Confirmed=X Filename=eZuluMain.exe Description=Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work Source=Paul Collins Startup list [eZWO] Number=3666 Confirmed=X Filename=wo.exe Description=eZula TopText adware Source=Paul Collins Startup list [E_S10IC2] Number=3667 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [E_S23] Number=3668 Confirmed=U Filename=E_SICN03.exe Description=Epson printer status monitor - for checking ink levels, etc. Source=Paul Collins Startup list [E_S4I2F1] Number=3669 Confirmed=U Filename=E_S4I2F1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [E_S4I2G1] Number=3670 Confirmed=N Filename=E_S4I2G1.EXE Description=Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [E_SOEIC1] Number=3671 Confirmed=U Filename=E_SOEIC1.exe Description=Epson Status Monitor 3 - for monitoring printer status, checking ink levels, etc Source=Paul Collins Startup list [F-PROT Antivirus Tray application] Number=3672 Confirmed=U Filename=FProtTray.exe Description=System Tray access to F-PROT Antivirus Source=Paul Collins Startup list [F-Secure 2005] Number=3673 Confirmed=X Filename=svchost.exe Description=Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [F-Secure 2006] Number=3674 Confirmed=Y Filename=fspex.exe Description=F-Secure Anti-Virus automatic updater Source=Paul Collins Startup list [F-Secure Management Agent] Number=3675 Confirmed=U Filename=FSMA32.EXE Description=F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products Source=Paul Collins Startup list [F-Secure Manager] Number=3676 Confirmed=Y Filename=FSM32.EXE Description=F-Secure antivirus - carry out scheduled virus scans automatically Source=Paul Collins Startup list [F-Secure Startup Wizard] Number=3677 Confirmed=Y Filename=FSSW.EXE Description=F-Secure antivirus Source=Paul Collins Startup list [F-Secure TNB] Number=3678 Confirmed=Y Filename=TNBUtil.exe Description=F-Secure antivirus Source=Paul Collins Startup list [F-StopW] Number=3679 Confirmed=Y Filename=F-StopW.exe Description=F-Prot anti-virus background scanner by F-Risk Software Source=Paul Collins Startup list [f1Tray.exe] Number=3680 Confirmed=U Filename=F1TRAY.EXE Description=System Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer" Source=Paul Collins Startup list [f23mxins] Number=3681 Confirmed=? Filename=f23mxins Description=Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? Source=Paul Collins Startup list [f607] Number=3682 Confirmed=X Filename=f607.exe Description=Added by the URAT.B TROJAN! Source=Paul Collins Startup list [f73cdc8ee94e] Number=3683 Confirmed=X Filename=btsendto.exe Description=Associated with mysearchnow.com/searchbar.html Source=Paul Collins Startup list [f94mggfhfghodftdf] Number=3684 Confirmed=X Filename=[path to trojan] Description=Added by the SMALL.JHZ TROJAN! Source=Paul Collins Startup list [Fabrik Ultimate Backup Status] Number=3685 Confirmed=U Filename=fabrikhomestat.exe Description=Status monitor for Fabrik Ultimate Backup from Fabrik Inc. "No matter what happens to the drive on your desk - a spilled drink, a curious toddler, a theft or a natural disaster - you know your files are still safe and secure on Fabrik Ultimate Backup's off-site servers" Source=Paul Collins Startup list [FamilyKeyLogger] Number=3686 Confirmed=U Filename=cisvc.exe Description=Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %System%\CTF Source=Paul Collins Startup list [Fantasia injector] Number=3687 Confirmed=X Filename=wincfg.exe Description=Added by the AGOBOT.US WORM! Source=Paul Collins Startup list [fapmon] Number=3688 Confirmed=? Filename=fapmon.exe Description=Fair Access Policy monitor for DirecPC/DirecWay internet access Source=Paul Collins Startup list [farkrish] Number=3689 Confirmed=X Filename=farkrish.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [farmmext] Number=3690 Confirmed=X Filename=farmmext.exe Description=VX2.Transponder parasite updater/installer related Source=Paul Collins Startup list [Fash] Number=3691 Confirmed=X Filename=Fash.exe Description=Unidentified adware Source=Paul Collins Startup list [faslkakj11] Number=3692 Confirmed=X Filename=kjgagklj11.exe Description=Added by the LEGMIE-ARE TROJAN! Source=Paul Collins Startup list [fast] Number=3693 Confirmed=N Filename=fast.exe Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys Source=Paul Collins Startup list [FAST Defrag] Number=3694 Confirmed=N Filename=FAST2.EXE Description=FastDefrag defragmenting software Source=Paul Collins Startup list [Fast Home] Number=3695 Confirmed=X Filename=svcnvt.exe Description=Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder Source=Paul Collins Startup list [Fast Search] Number=3696 Confirmed=X Filename=svcnv.exe Description=Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf Source=Paul Collins Startup list [Fast start] Number=3697 Confirmed=X Filename=Ntut.exe Description=Adware - deteced by Kaspersky as the FAVADD.I TROJAN! Source=Paul Collins Startup list [Fast start] Number=3698 Confirmed=X Filename=svcnt.exe Description=Adware - detected by Kaspersky as a variant of the FAVADD TROJAN! Source=Paul Collins Startup list [FastCache] Number=3699 Confirmed=U Filename=fc.exe Description=FastCache from AnalogX - speeds up browsing by resolving DNS requests locally Source=Paul Collins Startup list [fastsmell] Number=3700 Confirmed=X Filename=fastsmell.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [FastStart] Number=3701 Confirmed=X Filename=ntnut32.exe Description=Added by the STARTPAGE.L TROJAN! Source=Paul Collins Startup list [FastStart] Number=3702 Confirmed=X Filename=svcnut.exe Description=Browser hijacker - a variant of the STARTPAGE.L TROJAN! Source=Paul Collins Startup list [FastStart] Number=3703 Confirmed=X Filename=svcnut32.exe Description=Browser hijacker - a variant of the STARTPAGE.L TROJAN! Source=Paul Collins Startup list [FastTrack Accelerator] Number=3704 Confirmed=N Filename=SPEED UP.EXE Description=FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus Source=Paul Collins Startup list [FASTTRACKNETVISION] Number=3705 Confirmed=X Filename=NETVISION.exe Description=DialCar-Z premium rate dialer Source=Paul Collins Startup list [FastTVSync] Number=3706 Confirmed=U Filename=FastTVSync.exe Description=Part of InterVideo DVD Copy 5 Platinum - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP? or iPod?. With broad format support and unique CopyLater? technology, DVD Copy saves you time and ensures high-quality output like no other copying software" Source=Paul Collins Startup list [FastUser] Number=3707 Confirmed=N Filename=fast.exe Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys Source=Paul Collins Startup list [FastUsr] Number=3708 Confirmed=N Filename=fast.exe Description=Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys Source=Paul Collins Startup list [FatPipe] Number=3709 Confirmed=U Filename=DHCP Description=Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users Source=Paul Collins Startup list [Fatpipe Dialer] Number=3710 Confirmed=U Filename=fpdialer.exe Description=Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users Source=Paul Collins Startup list [fatrecov] Number=3711 Confirmed=U Filename=fatrecov.exe Description=SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [FavoriteSync] Number=3712 Confirmed=U Filename=FavoriteSync.exe Description=FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync Source=Paul Collins Startup list [FaxCenterServer] Number=3713 Confirmed=U Filename=fm3032.exe Description=FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others Source=Paul Collins Startup list [FaxCenterServer4_in_1] Number=3714 Confirmed=U Filename=fm3032.exe Description=FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others Source=Paul Collins Startup list [FaxCtrl.exe] Number=3715 Confirmed=U Filename=ASMediaProxyServer.exe Description=Part of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers" Source=Paul Collins Startup list [FaxTalk CallControl 6.0] Number=3716 Confirmed=N Filename=FTClCtrl.EXE Description=This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually Source=Paul Collins Startup list [FBDirect] Number=3717 Confirmed=U Filename=FBDirect.exe Description=Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs Source=Paul Collins Startup list [FBI] Number=3718 Confirmed=? Filename=FBISM.exe Description=Compaq related but what does it do? Source=Paul Collins Startup list [fc] Number=3719 Confirmed=X Filename=runfc.exe Description=Added by the CAMPURF WORM! Source=Paul Collins Startup list [FCEngine] Number=3720 Confirmed=X Filename=FCEngine.exe Description=CASClient adware Source=Paul Collins Startup list [FCHelp] Number=3721 Confirmed=X Filename=FCHelp.exe Description=Added by either FCHelp adware or a variant of it Source=Paul Collins Startup list [FCMan] Number=3722 Confirmed=X Filename=FCMan.exe Description=FCHelp adware Source=Paul Collins Startup list [Fdaemon security] Number=3723 Confirmed=X Filename=fsecur.exe Description=Added by the SDBOT.KXO WORM! Source=Paul Collins Startup list [FDD SYSTEM] Number=3724 Confirmed=X Filename=Fdd.exe Description=Added by the MYTOB-FO WORM! Source=Paul Collins Startup list [Fdr Command Module] Number=3725 Confirmed=X Filename=sp2.exe Description=Added by the SDBOT.WP WORM! Source=Paul Collins Startup list [FDriver] Number=3726 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [FD_SAP] Number=3727 Confirmed=U Filename=FD.exe Description=Reported to be the autopassword program from the Sony Microvault thumb drive Source=Paul Collins Startup list [feedreader.exe] Number=3728 Confirmed=U Filename=feedreader.exe Description="Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML" Source=Paul Collins Startup list [feelalright] Number=3729 Confirmed=X Filename=mirc.exe Description=Added by the IRCFLOOD-M WORM! Source=Paul Collins Startup list [FEELitDeviceManager] Number=3730 Confirmed=U Filename=feelitdm.exe Description=Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) Source=Paul Collins Startup list [fegoze] Number=3731 Confirmed=X Filename=SVCH0ST.EXE Description=Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o" Source=Paul Collins Startup list [Fellowes Proxy] Number=3732 Confirmed=U Filename=R3proxy.exe Description=Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice Source=Paul Collins Startup list [Fen Startups] Number=3733 Confirmed=X Filename=fensvc32.exe Description=Added by the RANDEX.CCF WORM! Source=Paul Collins Startup list [FerrariWallPaper] Number=3734 Confirmed=U Filename=FerrariWP.exe Description=Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com Source=Paul Collins Startup list [ffis] Number=3735 Confirmed=X Filename=ffisearch.exe Description=iSearch "Desktop Search" hijacker Source=Paul Collins Startup list [FG1_00] Number=3736 Confirmed=U Filename=frntgate.exe Description=FrontGate MX - e-mail spam blocker Source=Paul Collins Startup list [fgl23DoubleScreenHooks] Number=3737 Confirmed=? Filename=f23happ.exe Description=Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required? Source=Paul Collins Startup list [fGQEGqHOME] Number=3738 Confirmed=X Filename=gwwgtp.exe Description=Added by the RANKY.J TROJAN! Source=Paul Collins Startup list [FHPage] Number=3739 Confirmed=X Filename=shdochp.exe Description=Added by the WINHOUND TROJAN! Source=Paul Collins Startup list [FHStart] Number=3740 Confirmed=X Filename=shdocsvc.exe Description=Added by the WINHOUND TROJAN! Source=Paul Collins Startup list [Fhtisxk] Number=3741 Confirmed=U Filename=fhtisxk.exe Description=XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [FieldForms Sync] Number=3742 Confirmed=U Filename=SyncService.exe Description=Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well Source=Paul Collins Startup list [FiendlyType] Number=3743 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [FILE] Number=3744 Confirmed=X Filename=abcdefg.exe Description=Added by the KELVIR.DD WORM! Source=Paul Collins Startup list [file indexing service] Number=3745 Confirmed=? Filename=msfindfile.exe Description=New version of MS FindFast and still a resource hog? Source=Paul Collins Startup list [file laoder configuration] Number=3746 Confirmed=X Filename=rnd32.exe Description=Added by the RBOT.BQJ WORM! Source=Paul Collins Startup list [File Mapping Services] Number=3747 Confirmed=X Filename=hp-1003.exe Description=Added by the RBOT.FAN WORM! Source=Paul Collins Startup list [File Protection Monitor] Number=3748 Confirmed=X Filename=filemon.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [File System] Number=3749 Confirmed=X Filename=taskmqrs.exe Description=Added by a variant of the TOXBOT/CODBOT WORM! Source=Paul Collins Startup list [File System] Number=3750 Confirmed=X Filename=taskmqr.exe Description=Added by the RBOT.BWQ WORM! Source=Paul Collins Startup list [File System Service] Number=3751 Confirmed=X Filename=wmiprvsc.exe Description=Added by the AGOBOT-HZ TROJAN! Source=Paul Collins Startup list [File-Sharing Wizard] Number=3752 Confirmed=X Filename=shwizard.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [File0_0] Number=3753 Confirmed=X Filename=MD1.exe Description=Added by the DLOADER-OR TROJAN! Source=Paul Collins Startup list [File1] Number=3754 Confirmed=X Filename=Dia Claro.htm Description=Added by the DLOADER-OR TROJAN! Source=Paul Collins Startup list [FileFreedom_Plugin] Number=3755 Confirmed=X Filename=wtm.exe Description=FileFreedom peer-to-peer sharing program Source=Paul Collins Startup list [FileManager32] Number=3756 Confirmed=X Filename=Wscript.exe ChkMgr32.vbs Description=Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [FileSoft] Number=3757 Confirmed=X Filename=Wscript.exe UpdataFiles.vbs Description=Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [FilmLoop] Number=3758 Confirmed=U Filename=FilmLoopService.exe Description=Related to FilmLoop - a photocasting network. Share your pictures with your family and friends Source=Paul Collins Startup list [FilterGate] Number=3759 Confirmed=U Filename=filtergate.exe Description=Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items Source=Paul Collins Startup list [Filterguard] Number=3760 Confirmed=U Filename=Filtrgrd.exe Description=An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon Source=Paul Collins Startup list [Find] Number=3761 Confirmed=X Filename=find.exe Description=Added by the OPANKI WORM! Source=Paul Collins Startup list [Find Fast] Number=3762 Confirmed=X Filename=Findfast.exe Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier Source=Paul Collins Startup list [Find Virus Launch Program] Number=3763 Confirmed=Y Filename=fvlaunch.exe Description=Part of Dr. Solomon's Antivirus Source=Paul Collins Startup list [FindHack] Number=3764 Confirmed=X Filename=[path to trojan] Description=Added by the KELVIR-BA TROJAN! Source=Paul Collins Startup list [FinePrint Dispatcher v4] Number=3765 Confirmed=U Filename=fpdisp4a.exe Description=FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" Source=Paul Collins Startup list [FinePrint Dispatcher v4] Number=3766 Confirmed=U Filename=fpdisp4.exe Description=FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" Source=Paul Collins Startup list [FinePrint Dispatcher v5] Number=3767 Confirmed=U Filename=fpdisp5a.exe Description=FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output" Source=Paul Collins Startup list [FineReader7NewsReaderPro] Number=3768 Confirmed=N Filename=AbbyyNewsReader.exe Description=ABBYY FineReader OCR software - version 7 Source=Paul Collins Startup list [Fire Wall services] Number=3769 Confirmed=X Filename=[random filename] Description=Added by the IRCBOT-QY WORM! Source=Paul Collins Startup list [FireBox Control Panel] Number=3770 Confirmed=? Filename=FireBox.exe Description=Control panel for the Presonus FireBox firewire based music recording system. Is it required? Source=Paul Collins Startup list [FireExplore Update] Number=3771 Confirmed=X Filename=FireExplore.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [FireFox] Number=3772 Confirmed=X Filename=firefox.exe Description=Added by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Firefox Plugin Manager] Number=3773 Confirmed=X Filename=firefoxpgm.exe Description=Added by the MSNPHOTO.E WORM! Source=Paul Collins Startup list [FireFox Service Drivers] Number=3774 Confirmed=X Filename=ssmss.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [FireFox Startup Drivers] Number=3775 Confirmed=X Filename=wuaclt.exe Description=Added by the RBOT.BYX WORM! Source=Paul Collins Startup list [firefox.exe] Number=3776 Confirmed=X Filename=firefox.exe Description=Added by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Firewall] Number=3777 Confirmed=X Filename= wmlaunch .exe Description=Added by the ELIPTER.A or ELIPTER.B WORMS! Source=Paul Collins Startup list [Firewall] Number=3778 Confirmed=X Filename=wmlaunch .exe Description=Added by the ELIPTER.D WORM! Source=Paul Collins Startup list [Firewall] Number=3779 Confirmed=X Filename=SP2 UPDATE.exe Description=Added by the ELITPER.E WORM! Source=Paul Collins Startup list [Firewall] Number=3780 Confirmed=X Filename=Firewall.bat Description=Added by the YPSAN.G WORM! Source=Paul Collins Startup list [firewall] Number=3781 Confirmed=X Filename=fw_304.exe Description=Added by the JQ TROJAN! Source=Paul Collins Startup list [Firewall] Number=3782 Confirmed=X Filename=ctfmon.exe Description=Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir% Source=Paul Collins Startup list [Firewall auto setup] Number=3783 Confirmed=X Filename=winlogon.exe Description=Added by a TROJAN - see here. Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Firewall Controls] Number=3784 Confirmed=X Filename=sys32.exe Description=Added by the SDBOT-DGI WORM! Source=Paul Collins Startup list [Firewall Policy] Number=3785 Confirmed=X Filename=MidiDef32.exe Description=Added by the PIEBOT-A TROJAN! Source=Paul Collins Startup list [Firewall Sp2 system] Number=3786 Confirmed=X Filename=sys32Conf.exe Description=Added by the RBOT-ABT WORM! Source=Paul Collins Startup list [Firewall Update System1] Number=3787 Confirmed=X Filename=WinedowsUpdater1.exe Description=Added by the RBOT-ARU WORM! Source=Paul Collins Startup list [Firewall Updater] Number=3788 Confirmed=X Filename=msnupdateit.exe Description=Added by the RBOT-AAQ WORM! Source=Paul Collins Startup list [Firewall.exe] Number=3789 Confirmed=X Filename=Firewall.exe Description=Added by the AGENT.AGL WORM! Source=Paul Collins Startup list [FirewallActivies] Number=3790 Confirmed=X Filename=csrss.exe Description=Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolder Source=Paul Collins Startup list [FirewallStartup] Number=3791 Confirmed=U Filename=Firewallstartup.exe Description=Innovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape" Source=Paul Collins Startup list [FirewallSvr] Number=3792 Confirmed=X Filename=FirewallSvr.exe Description=Added by the NETSKY.X or NETSKY.Y WORMS! Source=Paul Collins Startup list [firewall_anti] Number=3793 Confirmed=X Filename=firewall_anti.exe Description=Added by the NETDENY-B TROJAN! Source=Paul Collins Startup list [FireWire Driver] Number=3794 Confirmed=X Filename=samx.exe Description=Added by the SDBOT.AE WORM! Source=Paul Collins Startup list [FireWire Service] Number=3795 Confirmed=X Filename=nvscv32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [FireWire Services] Number=3796 Confirmed=X Filename=nvcsv32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [First Home Page] Number=3797 Confirmed=X Filename=http://find.naupoint.com Description=Naupoint browser hijacker Source=Paul Collins Startup list [FIX] Number=3798 Confirmed=X Filename=WinFIX1.0.vbs Description=Added by the GORMLEZ-A WORM! Source=Paul Collins Startup list [Fix-it] Number=3799 Confirmed=Y Filename=mxtask.exe Description=Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required Source=Paul Collins Startup list [Fix-it AV] Number=3800 Confirmed=Y Filename=memcheck.exe Description=Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources Source=Paul Collins Startup list [Fixnice] Number=3801 Confirmed=X Filename=vcvw.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [fjdslssdfd] Number=3802 Confirmed=X Filename=mat2.exe Description=Added by the SLAPEW.C TROJAN! Source=Paul Collins Startup list [FjMenu] Number=3803 Confirmed=U Filename=FjMenu.exe Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable Source=Paul Collins Startup list [FJTWAIN Setup] Number=3804 Confirmed=U Filename=FjtwSetup.exe Description=Fujitsu scanner utility Source=Paul Collins Startup list [FJUPDNV_Chitose] Number=3805 Confirmed=N Filename=fjdvrupd.exe Description=Driver update for a Fujitsu Siemens Lifebook laptop Source=Paul Collins Startup list [FKS v2.0] Number=3806 Confirmed=X Filename=msngr.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [fkSysMon] Number=3807 Confirmed=N Filename=fksysmon.exe Description=fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more" Source=Paul Collins Startup list [FlaCPY] Number=3808 Confirmed=X Filename=flacpy.exe Description=FlashEnhancer adware variant Source=Paul Collins Startup list [Flash Driver] Number=3809 Confirmed=X Filename=[path to trojan] Description=Detected by PCTools as the AGENT.CWVT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3810 Confirmed=X Filename=%%%%%.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3811 Confirmed=X Filename=%%%.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3812 Confirmed=X Filename=[path to trojan] Description=Detected by Trend Micro as the IRCBOT.AUR TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3813 Confirmed=X Filename=^ ^^^ %% % ^% ^%%^ %^ .exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3814 Confirmed=X Filename=^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3815 Confirmed=X Filename=^^^^^.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3816 Confirmed=X Filename=^^^^^^.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Media] Number=3817 Confirmed=X Filename=services.exe Description=Added by a variant of the IRCBOT TROJAN! See here. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Flash Media] Number=3818 Confirmed=X Filename=zrpk??'?'%''msn'?%'fix''.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Flash Player2] Number=3819 Confirmed=X Filename=[path to worm] Description=Detected by Trend Micro as the IRCBOT.PD WORM! See here Source=Paul Collins Startup list [FLASH32] Number=3820 Confirmed=? Filename=-flash32.exe Description=?? Source=Paul Collins Startup list [Flash32] Number=3821 Confirmed=X Filename=FLASH32.COM Description=Added by the STARTER-F TROJAN! Source=Paul Collins Startup list [FlashEnc] Number=3822 Confirmed=U Filename=FlashEnc.exe Description=Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features Source=Paul Collins Startup list [Flashget] Number=3823 Confirmed=N Filename=FlashGet.exe Description=FlashGet download manager Source=Paul Collins Startup list [Flashget Download Manager] Number=3824 Confirmed=X Filename=Flashget.exe Description=Added by the RBOT-AGZ WORM! Source=Paul Collins Startup list [FlashGuard] Number=3825 Confirmed=X Filename=FlashGuard.exe Description=Added by the AUTOIT.AL WORM! Source=Paul Collins Startup list [FlashMute] Number=3826 Confirmed=U Filename=FlashMute.exe Description="FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser" Source=Paul Collins Startup list [FlashPath Monitor] Number=3827 Confirmed=N Filename=SDSTAT.EXE Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs Source=Paul Collins Startup list [FlashPath Monitor] Number=3828 Confirmed=N Filename=FLSHSTAT.EXE Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs Source=Paul Collins Startup list [FlashPath Status] Number=3829 Confirmed=N Filename=SDSTAT.EXE Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs Source=Paul Collins Startup list [FlashPath Status] Number=3830 Confirmed=N Filename=FLSHSTAT.EXE Description=System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs Source=Paul Collins Startup list [Flashy Bot] Number=3831 Confirmed=X Filename=Flashy.exe Description=Added by the GLUPZY.A WORM! Source=Paul Collins Startup list [Flash_Player_Install] Number=3832 Confirmed=X Filename=ying.exe Description=Constructor VC2000 malware Source=Paul Collins Startup list [FlenCPY] Number=3833 Confirmed=X Filename=flencpy.exe Description=FlashEnhancer adware variant Source=Paul Collins Startup list [Flexicd] Number=3834 Confirmed=U Filename=Flexicd.exe Description=CD player - part of the Win95 Power Toys Source=Paul Collins Startup list [FlingRun] Number=3835 Confirmed=U Filename=fling.exe Description=Fling - free FTP software from NCH Software Source=Paul Collins Startup list [FLMBROWSERMOUSE] Number=3836 Confirmed=U Filename=mouse32A.exe Description=Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [FLMK08KB] Number=3837 Confirmed=U Filename=MMKEYBD.EXE Description=Multimedia keyboard manager. Required if you use the additional keys Source=Paul Collins Startup list [FLMK08KB] Number=3838 Confirmed=U Filename=KbdAp32A.exe Description=Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard Source=Paul Collins Startup list [FLMLABTECMOUSE] Number=3839 Confirmed=U Filename=mouse32A.exe Description=Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [FLMMEDIONMOUSE] Number=3840 Confirmed=U Filename=mouse32a.exe Description=Mouse utility for a Medion branded Fellowes mouse Source=Paul Collins Startup list [FLMOFFICE4DMOUSE] Number=3841 Confirmed=U Filename=moffice.exe Description=Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [FLMOFFICE4DMOUSE] Number=3842 Confirmed=U Filename=mouse32a.exe Description=Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [FLMTRUSTKB] Number=3843 Confirmed=U Filename=KbdAp32A.exe Description=Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard Source=Paul Collins Startup list [FLMTRUSTMOUSE] Number=3844 Confirmed=U Filename=mouse32a.exe Description=Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [FlnCPY] Number=3845 Confirmed=X Filename=flncpy.exe Description=FlashEnhancer adware variant Source=Paul Collins Startup list [FLooDNeT] Number=3846 Confirmed=X Filename=FLooDeR.exe Description=Added by the ENDOOL TROJAN! Source=Paul Collins Startup list [Floppy Master] Number=3847 Confirmed=X Filename=[path to trojan] Description=Added by the ZONIT-F TROJAN! Source=Paul Collins Startup list [Flow Go TV] Number=3848 Confirmed=? Filename=flogotv.exe Description=?? Source=Paul Collins Startup list [flps] Number=3849 Confirmed=X Filename=flps.vbs Description=Added by the BYRON WORM! Source=Paul Collins Startup list [flpycntl] Number=3850 Confirmed=X Filename=flpycntl.exe Description=Added by the CRYPTER.C TROJAN! Source=Paul Collins Startup list [FLSVCI] Number=3851 Confirmed=? Filename=FLSVCI.exe Description=?? Source=Paul Collins Startup list [FltProcess] Number=3852 Confirmed=Y Filename=msinet.exe Description=Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done Source=Paul Collins Startup list [FlyswatDesktop] Number=3853 Confirmed=X Filename=flydesk.exe Description=Advertising spyware Source=Paul Collins Startup list [FmctrlTray] Number=3854 Confirmed=U Filename=Fmctrl.EXE Description=Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) Source=Paul Collins Startup list [fmnwebassist] Number=3855 Confirmed=X Filename=fmnwebassist.exe Description=Adware popup generator Source=Paul Collins Startup list [FMStart] Number=3856 Confirmed=U Filename=Fmstart.exe Description=GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop Source=Paul Collins Startup list [FMSZ] Number=3857 Confirmed=X Filename=fmsz.exe Description=Added by the FMSZ TROJAN! Source=Paul Collins Startup list [fnmwebassist] Number=3858 Confirmed=X Filename=fnmwebassist.exe Description=WinPL adware Source=Paul Collins Startup list [Focus] Number=3859 Confirmed=? Filename=Focus.exe Description=ISDN configuration wizard? Source=Paul Collins Startup list [Folder Service] Number=3860 Confirmed=X Filename=wssdtu.exe Description=Added by the MANIFEST TROJAN! Source=Paul Collins Startup list [Folder View] Number=3861 Confirmed=U Filename=folderview.exe Description=Folder View enhances the Windows file Explorer by making all folders you need available in a single click Source=Paul Collins Startup list [FolderClone v*.*.*] Number=3862 Confirmed=U Filename=folderclone.exe Description=Folderclone backup and synchronization software Source=Paul Collins Startup list [FolderRaper] Number=3863 Confirmed=X Filename=[path to worm] Description=Added by the VB.GOZ WORM! Source=Paul Collins Startup list [FolderShare] Number=3864 Confirmed=U Filename=FolderShare.exe Description="FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends" Source=Paul Collins Startup list [Folding@home] Number=3865 Confirmed=N Filename=WINFAH.EXE Description=Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs Source=Paul Collins Startup list [FoneSyncSystemTray] Number=3866 Confirmed=N Filename=FoneSyncSystemTray.exe Description=System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required Source=Paul Collins Startup list [Font Viewer] Number=3867 Confirmed=X Filename=fontviewer.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [FontFix] Number=3868 Confirmed=X Filename=fontfix.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [fontnav] Number=3869 Confirmed=N Filename=FontNav.exe Description=Font Navigator from Bitstream Inc. - a font management utility Source=Paul Collins Startup list [FontsLoader] Number=3870 Confirmed=X Filename=ldfnt32.hta Description=Unidentified malware Source=Paul Collins Startup list [FONTVIEW] Number=3871 Confirmed=X Filename=FONTVIEW.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [FooBar 1.0] Number=3872 Confirmed=U Filename=FooBar.exe Description=FooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar" Source=Paul Collins Startup list [foobin lptt01] Number=3873 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [foobin ml097e] Number=3874 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [FoolProof] Number=3875 Confirmed=Y Filename=fpwinldr.exe Description=FoolProof Security PC security software from SmartStuff Source=Paul Collins Startup list [FoolProofSweep] Number=3876 Confirmed=Y Filename=?? Description=Part of FoolProof Security PC security software from SmartStuff Source=Paul Collins Startup list [Forbes] Number=3877 Confirmed=N Filename=ForbesAlerts.exe Description=Forbes Business News Alerts - displays business news headlines in a little window on the screen Source=Paul Collins Startup list [ForceShow] Number=3878 Confirmed=X Filename=rundll32.exe QaBar.dll, ForceShowBar Description=AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Forget Me Not] Number=3879 Confirmed=N Filename=AGRemind.exe Description=Calendar reminder part of Broderbund's American Greetings? CreataCard? Source=Paul Collins Startup list [FortiClient] Number=3880 Confirmed=X Filename=FortiClient.exe Description=Fortinet security systems are the new generation of real time network protection systems Source=Paul Collins Startup list [Fortis Secure Layer Config] Number=3881 Confirmed=U Filename=cseinst.exe Description=Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information Source=Paul Collins Startup list [FotoStation Easy AutoLaunch] Number=3882 Confirmed=N Filename=FotoStation Easy AutoLaunch.exe Description=Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either Source=Paul Collins Startup list [Foul PX] Number=3883 Confirmed=U Filename=FoulPX.exe Description=Foul PX, Optusnet usage stat checker Source=Paul Collins Startup list [FourthDay] Number=3884 Confirmed=U Filename=FourthDay.exe Description=The Fourth Day - "astronomical clock and almanac for your system tray" Source=Paul Collins Startup list [FoWilCo] Number=3885 Confirmed=X Filename=fowilco.exe Description=Added by the WOOTBOT.CR WORM! Source=Paul Collins Startup list [foxdh] Number=3886 Confirmed=X Filename=foxdhend.exe Description=Added by the MENGHUAN TROJAN! Source=Paul Collins Startup list [foxdh] Number=3887 Confirmed=X Filename=foxdh.exe Description=Added by the GWGHOST-Q TROJAN! Source=Paul Collins Startup list [foxrxjh] Number=3888 Confirmed=X Filename=foxrxjh.exe Description=Added by the GWGHOST-T TROJAN! Source=Paul Collins Startup list [foxwudy9912] Number=3889 Confirmed=X Filename=service.exe Description=Added by the BANCOS-BT TROJAN! Source=Paul Collins Startup list [FP Loader] Number=3890 Confirmed=Y Filename=loadfp.exe Description=FoolProof Security - PC security software from SmartStuff Source=Paul Collins Startup list [FPWGMWZD] Number=3891 Confirmed=? Filename=FPWGMWZD.exe Description=?? Source=Paul Collins Startup list [Fpx] Number=3892 Confirmed=N Filename=mnmsrvc.exe Description=Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations Source=Paul Collins Startup list [fqor] Number=3893 Confirmed=X Filename=stub_113_4_0_4_0.exe Description=TargetSaver adware Source=Paul Collins Startup list [FrameWork 2.5] Number=3894 Confirmed=X Filename=FrameWork.exe Description=Added by the RBOT-FMW WORM! Note - can terminate AV related processes Source=Paul Collins Startup list [France] Number=3895 Confirmed=X Filename=svchost.exe Description=Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Fraps] Number=3896 Confirmed=U Filename=fraps.exe Description=Fraps Real-Time Video Capture software Source=Paul Collins Startup list [Free Download Manager] Number=3897 Confirmed=N Filename=fdm.exe Description="Free Download Manager" - see here Source=Paul Collins Startup list [Free Downloads Monitor] Number=3898 Confirmed=? Filename=fdcmon.exe Description=?? Source=Paul Collins Startup list [Free Ram Optimizer] Number=3899 Confirmed=U Filename=fro.exe Description=Free Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind Source=Paul Collins Startup list [Freebie Notes] Number=3900 Confirmed=N Filename=FreebieNotes.exe Description=Freebie Notes by Power Soft - create electronic notes (stickers) Source=Paul Collins Startup list [FreeCall] Number=3901 Confirmed=N Filename=FreeCall.exe Description=FreeCall - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [Freedom] Number=3902 Confirmed=Y Filename=Freedom.exe Description=Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale Source=Paul Collins Startup list [FreeMem Pro] Number=3903 Confirmed=U Filename=FMEMPRO.EXE Description=FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [FreeMemVn2] Number=3904 Confirmed=U Filename=FreeMem.exe Description=FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [FreeMP3download] Number=3905 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [FreeRAM XP] Number=3906 Confirmed=U Filename=FreeRAM XP Pro *.exe Description=FreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [FreeRAM XP] Number=3907 Confirmed=U Filename=FreeRAM XP Pro.exe Description=FreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [freestyle] Number=3908 Confirmed=X Filename=lockx.exe Description=Added by the RBOT-ATH WORM! Source=Paul Collins Startup list [freesurfer] Number=3909 Confirmed=U Filename=fs20.exe Description=EMS Free Surfer mk II - pop-up stopper Source=Paul Collins Startup list [freexstyle] Number=3910 Confirmed=X Filename=lockbar.exe Description=Added by the LOXBOT.D WORM! Source=Paul Collins Startup list [freexstyle] Number=3911 Confirmed=X Filename=lockbr.exe Description=Added by the LOXBOT.C WORM! Source=Paul Collins Startup list [freinst] Number=3912 Confirmed=X Filename=pgs.exe Description=WinSpyControl spyware remover - not recommended, see here Source=Paul Collins Startup list [Fresh Desktop] Number=3913 Confirmed=U Filename=freshdesktop.exe Description=Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals Source=Paul Collins Startup list [freshclam] Number=3914 Confirmed=N Filename=freshclam.exe Description=Auto update agent of the open source Clamwin virus scanner Source=Paul Collins Startup list [frguk] Number=3915 Confirmed=? Filename=shdrkmck.exe Description=?? Source=Paul Collins Startup list [FridaysInHellInstaller] Number=3916 Confirmed=? Filename=FridaysInHellInstaller.exe Description=?? Source=Paul Collins Startup list [FriendlyType] Number=3917 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [FriendlyTypeName] Number=3918 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [FriendlyTypeName] Number=3919 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [FriendlyWebQuick-Launch] Number=3920 Confirmed=N Filename=SELFCERT.EXE Description=selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well Source=Paul Collins Startup list [FRISK FP-Scheduler] Number=3921 Confirmed=U Filename=F-Sched.exe Description=Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis Source=Paul Collins Startup list [FRITZ!DSL Startcenter] Number=3922 Confirmed=? Filename=StCenter.exe Description=FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required? Source=Paul Collins Startup list [FRITZ!webProtect] Number=3923 Confirmed=U Filename=FwebProt.exe Description=Firewall included in FRITZ! ISP DSL software Source=Paul Collins Startup list [Fromine WinPopup] Number=3924 Confirmed=N Filename=winpopup.exe Description=Instant Messenger program Source=Paul Collins Startup list [froody] Number=3925 Confirmed=X Filename=timoty.exe Description=Added by an unidentified malware Source=Paul Collins Startup list [Frsk] Number=3926 Confirmed=X Filename=frsk.exe Description=Unidentified adware downloader trojan Source=Paul Collins Startup list [frun] Number=3927 Confirmed=X Filename=derc32xz.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [FRW_EXE] Number=3928 Confirmed=Y Filename=FRW.EXE Description=ConSeal Signal9 firewall - now McAfee Personal firewall Source=Paul Collins Startup list [frxmxins] Number=3929 Confirmed=Y Filename=frxmxins.exe Description=ATI 3D Studio MAX/VIZ driver Source=Paul Collins Startup list [FS Agent] Number=3930 Confirmed=X Filename=fagent.exe Description=Added by the VOLVER-B TROJAN! Source=Paul Collins Startup list [FS6519] Number=3931 Confirmed=X Filename=FS6519.dll.vbs Description=Added by the SOLOW.B WORM! Source=Paul Collins Startup list [fsaa] Number=3932 Confirmed=Y Filename=fsaa.exe Description=F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers Source=Paul Collins Startup list [FSCBoss] Number=3933 Confirmed=N Filename=FSCBoss.exe Description=Free Store Club shop online software Source=Paul Collins Startup list [FSDPSRV] Number=3934 Confirmed=? Filename=FSDPSRV.exe Description=?? Source=Paul Collins Startup list [FSH] Number=3935 Confirmed=X Filename=svcnva.exe Description=Malware, detected by Ewido Security Suite as TrojanDownloader.Delf.ks Source=Paul Collins Startup list [fsp] Number=3936 Confirmed=U Filename=fsp.exe Description=Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents Source=Paul Collins Startup list [fspr] Number=3937 Confirmed=Y Filename=FolderShield.exe Description=Folder Shield - hide personal files and folders Source=Paul Collins Startup list [FSScrCtl] Number=3938 Confirmed=N Filename=FSScrCtl.exe Description=Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" Source=Paul Collins Startup list [fsserv] Number=3939 Confirmed=U Filename=fserv.exe Description=Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time Source=Paul Collins Startup list [fstsvc] Number=3940 Confirmed=X Filename=rundll32.exe fstsvc.dll,start Description=Added by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System% Source=Paul Collins Startup list [FSW] Number=3941 Confirmed=X Filename=FSW.exe Description=FreeScratchAndWin parasite Source=Paul Collins Startup list [FSWebServer] Number=3942 Confirmed=U Filename=fsws.exe Description=Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services Source=Paul Collins Startup list [FtkCPY] Number=3943 Confirmed=X Filename=ftkcpy.exe Description=FlashEnhancer adware variant Source=Paul Collins Startup list [FtLnSOP_setup] Number=3944 Confirmed=U Filename=FtLnSOP.exe Description=Fujitsu scanner utility Source=Paul Collins Startup list [FTMSFLT(USB)] Number=3945 Confirmed=U Filename=FTMSFLTU.EXE Description=Fujitsu's Touch Panel Message Notifier Source=Paul Collins Startup list [FTP FOR WINDOWS] Number=3946 Confirmed=X Filename=ftpwin32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [FTPGraber] Number=3947 Confirmed=X Filename=FTPGraber.exe Description=Added by the DLOADER-DT TROJAN! Source=Paul Collins Startup list [FTPManager] Number=3948 Confirmed=N Filename=FTPDM.exe Description="Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually Source=Paul Collins Startup list [Ftpqueue] Number=3949 Confirmed=U Filename=Ftpsched.exe Description=Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers Source=Paul Collins Startup list [FtpServer.exe] Number=3950 Confirmed=? Filename=FtpServer.exe Description=Part of Sharpdesk from Sharp Electronics Corp. "An easy to use desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". Is it required? Source=Paul Collins Startup list [ftutil2] Number=3951 Confirmed=U Filename=rundll32.exe ftutil2.dll, SetWriteCacheMode Description=Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others) Source=Paul Collins Startup list [FuckD3w4] Number=3952 Confirmed=X Filename=FuckD3w4.exe Description=Added by the BRONTOK-DI WORM! Source=Paul Collins Startup list [Fucker] Number=3953 Confirmed=X Filename=fucker.vbs Description=Added by the CATCHER-A WORM! Source=Paul Collins Startup list [Fujitsu Hotkey Utility] Number=3954 Confirmed=U Filename=IndicatorUty.exe Description=Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed Source=Paul Collins Startup list [Fujitsu Menu] Number=3955 Confirmed=U Filename=FjMnuIco.exe Description=From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable Source=Paul Collins Startup list [fukerservice] Number=3956 Confirmed=X Filename=fukerz.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [FUKLBAR] Number=3957 Confirmed=X Filename=bar.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Fun] Number=3958 Confirmed=X Filename=Fun.exe Description=Added by the COIDUNG-A WORM! Source=Paul Collins Startup list [FusionHdtvTray] Number=3959 Confirmed=N Filename=FusionHdtvTray.exe Description=FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software Source=Paul Collins Startup list [FusionRC] Number=3960 Confirmed=U Filename=FusionRC.exe Description=Remote control manager for DVICO FusionHDTV Source=Paul Collins Startup list [FusionRemote] Number=3961 Confirmed=U Filename=FusionRc.exe Description=Remote control manager for DVICO FusionHDTV Source=Paul Collins Startup list [FusionTrayAgent] Number=3962 Confirmed=N Filename=FusionHdtvTray.exe Description=FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software Source=Paul Collins Startup list [fvek] Number=3963 Confirmed=X Filename=fvek.exe Description=Added by the DRIVOL-A TROJAN! Source=Paul Collins Startup list [FveNotify] Number=3964 Confirmed=Y Filename=fveNotify.exe Description=Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see here Source=Paul Collins Startup list [FW Manager] Number=3965 Confirmed=X Filename=fwcheck.exe Description=Added by the DELBOT-H WORM! Source=Paul Collins Startup list [FWDMON.EXE] Number=3966 Confirmed=X Filename=fwdmon.exe Description=Added by the PROXY-S TROJAN! Source=Paul Collins Startup list [fwenc.exe] Number=3967 Confirmed=Y Filename=fwenc.exe Description=Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" Source=Paul Collins Startup list [Fwr Command Module] Number=3968 Confirmed=X Filename=fwr.exe Description=Added by the SDBOT-PP WORM! Source=Paul Collins Startup list [fwrastrc] Number=3969 Confirmed=N Filename=fwrastrc.exe Description=Dial-up software for Friendly Technologies/1NationOnLine free ISP Source=Paul Collins Startup list [fwservice] Number=3970 Confirmed=U Filename=fwservice Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [FX] Number=3971 Confirmed=X Filename=ieloader.exe Description=Added by the SMALL.RR TROJAN! Source=Paul Collins Startup list [fxredir] Number=3972 Confirmed=U Filename=fxredir.exe Description=Canon MultiPASS fax redirector Source=Paul Collins Startup list [fzg] Number=3973 Confirmed=X Filename=svhost32.exe Description=Added by the DLOADER.BDK TROJAN! Source=Paul Collins Startup list [f~a] Number=3974 Confirmed=X Filename=ra32.exe Description=Added by the CAY TROJAN! Source=Paul Collins Startup list [g.exe] Number=3975 Confirmed=X Filename=g.exe Description=Added by the GRAYBIRD.Q TROJAN! Source=Paul Collins Startup list [G00123] Number=3976 Confirmed=X Filename=[worm filename] Description=Added by the BUGBROS WORM! Source=Paul Collins Startup list [G0mez] Number=3977 Confirmed=X Filename=G0mez.vbs Description=Added by the GORMLEZ-A WORM! Source=Paul Collins Startup list [G3] Number=3978 Confirmed=X Filename=GSMedia3.exe Description=Malware downloader - detected by Kaspersky as the VB.UX TROJAN! Source=Paul Collins Startup list [g3dctl] Number=3979 Confirmed=? Filename=g3dctl.exe Description=?? Source=Paul Collins Startup list [G4G] Number=3980 Confirmed=X Filename=[random filename] Description=Detected as Trojan-Downloader.Win32.VB.fki Source=Paul Collins Startup list [GACService] Number=3981 Confirmed=? Filename=GACService.exe Description=Related to a Gemplus product. What does it do and is it required? Source=Paul Collins Startup list [gadkgak12] Number=3982 Confirmed=X Filename=fsafsakx12.exe Description=Added by the ONLINEG-N TROJAN! Source=Paul Collins Startup list [Gadu-Gadu] Number=3983 Confirmed=N Filename=gg.exe Description=Polish language Instant Messaging client Source=Paul Collins Startup list [Gadwin PrintScreen] Number=3984 Confirmed=N Filename=PrintScreen.exe Description=Gadwin PrintScreen - utility to capture, print or save the current window Source=Paul Collins Startup list [GAELICUM.EXE] Number=3985 Confirmed=X Filename=GAELICUM.EXE Description=Added by the PENTA-A TROJAN! Source=Paul Collins Startup list [gah95on6] Number=3986 Confirmed=X Filename=gah95on6.exe Description=ShopAtHome/SAHagent adware Source=Paul Collins Startup list [gaim] Number=3987 Confirmed=U Filename=gaim.exe Description=Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks Source=Paul Collins Startup list [Gainward] Number=3988 Confirmed=U Filename=TBPanel.exe Description=Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [game] Number=3989 Confirmed=X Filename=shit.exe Description=Added by the Netclap Gold backdoor TROJAN! Source=Paul Collins Startup list [game] Number=3990 Confirmed=X Filename=patcher.scr Description=Added by the PSW-ED TROJAN! Source=Paul Collins Startup list [Game Device] Number=3991 Confirmed=N Filename=JOYUPDRV.EXE Description=Genius game controller profile activator Source=Paul Collins Startup list [Game House] Number=3992 Confirmed=X Filename=GameHouse.exe Description=Added by the DELF-DRA WORM! Source=Paul Collins Startup list [GameDrive] Number=3993 Confirmed=N Filename=GDTask.exe Description=GameDrive Virtual Driver from FarStone Technology, Inc. Run PC games without the disc Source=Paul Collins Startup list [Games Acceleration] Number=3994 Confirmed=X Filename=svshost.exe Description=EasySearch adware Source=Paul Collins Startup list [Games Acceleration] Number=3995 Confirmed=X Filename=[path to trojan] Description=Added by the SMUTSRCH-A TROJAN! Source=Paul Collins Startup list [Games Acceleration] Number=3996 Confirmed=X Filename=svshost1.exe Description=Added by the DLOADR-AWD TROJAN! Source=Paul Collins Startup list [Games toolbar] Number=3997 Confirmed=X Filename=rundll32.exe [path] tbGame.dll, DllShowTB Description=Topconverting.com\180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [GameSpot] Number=3998 Confirmed=N Filename=kontiki.exe Description=Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [gameutil.exe] Number=3999 Confirmed=U Filename=gameutil.exe Description=Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot Source=Paul Collins Startup list [gamma] Number=4000 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [GammaHotKeys] Number=4001 Confirmed=U Filename=setgamma.exe Description=Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop Source=Paul Collins Startup list [gangsta] Number=4002 Confirmed=X Filename=gangsta.exe Description=Detected by Kaspersky as the RIMA.A BACKDOOR! See here Source=Paul Collins Startup list [GARO Status Monitor] Number=4003 Confirmed=U Filename=cnwism.exe Description=Print monitor for certain Canon printers Source=Paul Collins Startup list [gaSrv] Number=4004 Confirmed=X Filename=gaSrv.exe Description=Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ Source=Paul Collins Startup list [gaSrve] Number=4005 Confirmed=X Filename=gaSrve.exe Description=Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ Source=Paul Collins Startup list [Gate Personal Firewall] Number=4006 Confirmed=X Filename=Systpl.exe Description=Added by the RBOT.ADC WORM Source=Paul Collins Startup list [Gateway Extended Warranty] Number=4007 Confirmed=N Filename=GWCares.exe Description=Gateway Extended Warranty reminder Source=Paul Collins Startup list [Gator] Number=4008 Confirmed=X Filename=gator.exe Description=Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [Gator eWallet] Number=4009 Confirmed=X Filename=gator.exe Description=Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [Gay_Sexy_**] Number=4010 Confirmed=X Filename=Gay_Sexy_**.exe Description=Premium rate adult content dialler (where * is a random char) Source=Paul Collins Startup list [GazelDisplay] Number=4011 Confirmed=U Filename=gsyno.exe Description=BT Digital Access USB - Gazel ISDN installation System Tray icon Source=Paul Collins Startup list [GBMHome7Agent] Number=4012 Confirmed=Y Filename=GBMAgent.exe Description=Genie Backup Manager Home 7 - backup software Source=Paul Collins Startup list [GBMLite7Agent] Number=4013 Confirmed=Y Filename=GBMAgent.exe Description=Genie Backup Manager Lite 7 - backup software Source=Paul Collins Startup list [GBMPro7Agent] Number=4014 Confirmed=Y Filename=GBMAgent.exe Description=Genie Backup Manager Pro 7 - backup software Source=Paul Collins Startup list [GBSpaceMan] Number=4015 Confirmed=Y Filename=SpaceMan.exe Description=GreenBorder - secure your browsing activities on the internet Source=Paul Collins Startup list [GBTray] Number=4016 Confirmed=U Filename=GBTray.exe Description=System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users Source=Paul Collins Startup list [gCac] Number=4017 Confirmed=X Filename=gcac.exe Description=Added by the TACTSLAY.U TROJAN! Source=Paul Collins Startup list [gcasDtServ] Number=4018 Confirmed=X Filename=gcasDtServ.exe Description=Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup Source=Paul Collins Startup list [gcasServ] Number=4019 Confirmed=U Filename=gcasServ.exe Description=Giant Antipsyware - now superseeded by Microsoft Windows AntiSpyware Source=Paul Collins Startup list [gcasServ] Number=4020 Confirmed=X Filename=realsched.exe Description=Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name Source=Paul Collins Startup list [GCC Reminder] Number=4021 Confirmed=? Filename=gccrem.exe Description=Associated with AcraMax Greeting Card Creator. Is it a registration reminder? Source=Paul Collins Startup list [GCS] Number=4022 Confirmed=N Filename=GrabClipSave.exe Description=GrabClipSave screen capture tool Source=Paul Collins Startup list [GDAX] Number=4023 Confirmed=X Filename=[path to backdoor] Description=Added by the RANKY.K TROJAN! Source=Paul Collins Startup list [gdcw] Number=4024 Confirmed=X Filename=GDCW.exe Description=WinAnonymous spyware remover - not recommended, see here Source=Paul Collins Startup list [Gddlib] Number=4025 Confirmed=X Filename=rundll32.exe gddlib.dll,start Description=Added by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System% Source=Paul Collins Startup list [gdien32] Number=4026 Confirmed=X Filename=gdien32.exe Description=Added by the SINGU-P TROJAN! Source=Paul Collins Startup list [gdimx] Number=4027 Confirmed=X Filename=gdimx.exe Description=MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx" Source=Paul Collins Startup list [GDMgr.exe] Number=4028 Confirmed=U Filename=gdmgr.exe Description=GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer Source=Paul Collins Startup list [GDrive] Number=4029 Confirmed=N Filename=GDriver.exe Description=Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager Source=Paul Collins Startup list [Gearbox] Number=4030 Confirmed=N Filename=confsvr.exe Description=NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here Source=Paul Collins Startup list [GEARsec] Number=4031 Confirmed=N Filename=gearsec.exe Description=Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player Source=Paul Collins Startup list [GEDZAC] Number=4032 Confirmed=X Filename=GEDZAC.exe Description=Added by the GEMEL WORM! Source=Paul Collins Startup list [Gekio Startups] Number=4033 Confirmed=X Filename=gnksvc32.exe Description=Added by the AGOBOT.AFJ WORM! Source=Paul Collins Startup list [GemStRmW] Number=4034 Confirmed=N Filename=GemStRmW.exe Description=For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually Source=Paul Collins Startup list [gencroot] Number=4035 Confirmed=X Filename=gencroot.exe Description=Added by the SDBOT-AED WORM! Source=Paul Collins Startup list [Gene USB Monitor] Number=4036 Confirmed=U Filename=USBMonit.exe Description=Monitors USB ports for insertion of Sandisk USB flashdrives Source=Paul Collins Startup list [general lptt01] Number=4037 Confirmed=X Filename=general.exe Description=RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [general ml097e] Number=4038 Confirmed=X Filename=general.exe Description=RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Generic host proccess for windows] Number=4039 Confirmed=X Filename=SVCHOSTS.EXE Description=Added by the SPYBOT-GQ WORM! Source=Paul Collins Startup list [Generic Host Process] Number=4040 Confirmed=X Filename=SCHOST.EXE Description=Added by the RBOT-NC WORM! Source=Paul Collins Startup list [Generic Host Process] Number=4041 Confirmed=X Filename=svchost.exe Description=Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Generic Host Process] Number=4042 Confirmed=X Filename=camacttiv.exe Description=Detected by AVG Anti-Spyware as the CIADOOR.13 TROJAN! Source=Paul Collins Startup list [Generic Host Process for Win Services] Number=4043 Confirmed=X Filename=mscvs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Service] Number=4044 Confirmed=X Filename=svlhost.exe Description=Added by the WOOTBOT.EX WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Service] Number=4045 Confirmed=X Filename=svchost.exe Description=Added by the SPYBOT.NC WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4046 Confirmed=X Filename=ntspcv.exe Description=Added by the SDBOT.S TROJAN! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4047 Confirmed=X Filename=intspvc.exe Description=Added by the DINFOR.D WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4048 Confirmed=X Filename=winsvc.exe Description=Added by the SDBOT-O WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4049 Confirmed=X Filename=bazzi.exe Description=Added by the AHKER.E WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4050 Confirmed=X Filename=winsvc32.exe Description=Added by the SDBOT-P WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4051 Confirmed=X Filename=lspsvc.exe Description=Added by the MUMU.C WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4052 Confirmed=X Filename=SPSVC.EXE Description=Added by the SDBOT.DA WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4053 Confirmed=X Filename=svchost32.exe Description=Added by the AGOBOT.ALH WORM! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4054 Confirmed=X Filename=sv?h?st.exe Description=Added by the DLOADER.AK TROJAN! Source=Paul Collins Startup list [Generic Host Process for Win32 Services] Number=4055 Confirmed=X Filename=winlogon.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Generic Host Process for WinXP Services] Number=4056 Confirmed=X Filename=mshelp.exe Description=Added by the AGENT-GQP TROJAN! Source=Paul Collins Startup list [Generic Host Process2 System Backup] Number=4057 Confirmed=X Filename=scvhost2.exe Description=Added by the RBOT-BAH WORM! Source=Paul Collins Startup list [Generic Host Process326a System Backup] Number=4058 Confirmed=X Filename=scvhost326a.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Generic Host Service] Number=4059 Confirmed=X Filename=lshost.exe Description=Added by the RBOT.LU WORM! Source=Paul Collins Startup list [Generic Service Process] Number=4060 Confirmed=X Filename=regsvc32.exe Description=Added by the GAOBOT.UJ or GAOBOT.UL WORMS! Source=Paul Collins Startup list [Generic Service Process] Number=4061 Confirmed=X Filename=serv1ces.exe Description=Added by the AGOBOT-JK WORM! Source=Paul Collins Startup list [Generic Service Process] Number=4062 Confirmed=X Filename=nvsvc.exe Description=Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Generic Services Process] Number=4063 Confirmed=X Filename=regsvc32.exe Description=Added by the GAOBOT.SY WORM! Source=Paul Collins Startup list [GenericHostXP] Number=4064 Confirmed=X Filename=WinLoaderXP.exe Description=Added by the BDOOR-ACX TROJAN! Source=Paul Collins Startup list [Genie USB Monitor] Number=4065 Confirmed=Y Filename=USBmonitor.exe Description=Port monitor for an external USB hard drive. Required to enable access to the drive Source=Paul Collins Startup list [Genius Mose Driver] Number=4066 Confirmed=X Filename=svghost.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Geography TX 1.0 NT] Number=4067 Confirmed=X Filename=CompuSpeed.vbs Description=Added by the NEWLEY-A WORM! Source=Paul Collins Startup list [Gerenciamento de arquivos do Windows] Number=4068 Confirmed=X Filename=Winmod32.exe Description=Added by the DLOADER-WG TROJAN! Source=Paul Collins Startup list [german.exe] Number=4069 Confirmed=X Filename=winsystems.exe Description=Added by the BAGLEDl-AE TROJAN! Source=Paul Collins Startup list [german.exe] Number=4070 Confirmed=X Filename=wintems.exe Description=Added by the BAGLE-AS TROJAN! Source=Paul Collins Startup list [Gestionnaire de disques universel] Number=4071 Confirmed=X Filename=sysoobe.exe Description=Added by the TOADER-A TROJAN! Source=Paul Collins Startup list [Get Smile] Number=4072 Confirmed=N Filename=getsmile.exe Description=Puts smilie faces in your E-mail. Run manually when required Source=Paul Collins Startup list [Get-Torrent Service] Number=4073 Confirmed=X Filename=wakeservice.exe Description=Get-Torrent bittorrent client - Installs LOP adware Source=Paul Collins Startup list [Getca] Number=4074 Confirmed=Y Filename=InfoMyCa.exe Description=Monitor for a Belkin USB Wireless adapter Source=Paul Collins Startup list [GetModule18] Number=4075 Confirmed=X Filename=GetModule18.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule19] Number=4076 Confirmed=X Filename=GetModule19.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule20] Number=4077 Confirmed=X Filename=GetModule20.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule21] Number=4078 Confirmed=X Filename=GetModule21.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule23] Number=4079 Confirmed=X Filename=GetModule23.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetModule24] Number=4080 Confirmed=X Filename=GetModule24.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule25] Number=4081 Confirmed=X Filename=GetModule25.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule26] Number=4082 Confirmed=X Filename=GetModule26.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule27] Number=4083 Confirmed=X Filename=GetModule27.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetModule29] Number=4084 Confirmed=X Filename=GetModule29.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetModule30] Number=4085 Confirmed=X Filename=GetModule30.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetMP3] Number=4086 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [GetPack18] Number=4087 Confirmed=X Filename=GetPack18.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetPack19] Number=4088 Confirmed=X Filename=GetPack19.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetPack20] Number=4089 Confirmed=X Filename=GetPack20.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetPack21] Number=4090 Confirmed=X Filename=GetPack21.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetPack22] Number=4091 Confirmed=X Filename=GetPack22.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetPack23] Number=4092 Confirmed=X Filename=GetPack23.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetPack24] Number=4093 Confirmed=X Filename=GetPack24.exe Description=Internet Speed Monitor adware related - see example here Source=Paul Collins Startup list [GetPack25] Number=4094 Confirmed=X Filename=GetPack25.exe Description=Internet Speed Monitor adware related Source=Paul Collins Startup list [GetRight Tray Icon] Number=4095 Confirmed=N Filename=GETRIGHT.EXE Description=GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs Source=Paul Collins Startup list [GetTheMusic] Number=4096 Confirmed=X Filename=rundll32.exe MSA64CHK.dll, DllMostrar Description=MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Getting started with MacDrive] Number=4097 Confirmed=U Filename=MDGetStarted.exe Description=MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Source=Paul Collins Startup list [getwin] Number=4098 Confirmed=X Filename=winB_.exe Description=Added by the BANKER-HS TROJAN! Source=Paul Collins Startup list [gf1.0.0.2] Number=4099 Confirmed=X Filename=ggf.exe Description=Added by the EDFON.A TROJAN! Source=Paul Collins Startup list [gfxtray] Number=4100 Confirmed=X Filename=rundll32 ctccw32.dll, findwnd Description=Detected by Kaspersky as the AGENT.AOU TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Ghost Relay] Number=4101 Confirmed=X Filename=[random filename] Description=Detected by Trend Micro as the DNSCHANG.EK TROJAN! See here Source=Paul Collins Startup list [GhostSecuritySuite] Number=4102 Confirmed=U Filename=gss.exe Description=Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools Source=Paul Collins Startup list [GhostStartService] Number=4103 Confirmed=N Filename=GhostStartService.exe Description=Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard Source=Paul Collins Startup list [GhostStartTrayApp] Number=4104 Confirmed=N Filename=GhostStartTrayApp.exe Description=System Tray access to Norton Ghost - added from the 2003 version Source=Paul Collins Startup list [GhostSurfDelSatellite] Number=4105 Confirmed=Y Filename=DeleteSatellite.exe Description=Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place Source=Paul Collins Startup list [gigabit.exe] Number=4106 Confirmed=X Filename=gigabit.exe Description=Added by the BEAGLE.U WORM! Source=Paul Collins Startup list [GigaByte] Number=4107 Confirmed=X Filename=Cheatle.exe Description=Added by the SHODI.B VIRUS! Source=Paul Collins Startup list [Giganews Accelerator] Number=4108 Confirmed=U Filename=GiganewsAccelerator.exe Description=Giganews Accelerator from Giganews, Inc. - "a software-based news proxy which will allow you to compress headers and enable 256-bit SSL encryption, regardless of whether or not SSL is supported natively by your news client" Source=Paul Collins Startup list [Gilat SOM Enumerator] Number=4109 Confirmed=Y Filename=dllhost.exe Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system Source=Paul Collins Startup list [GilatFTC] Number=4110 Confirmed=Y Filename=ftc.exe Description=For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system Source=Paul Collins Startup list [gimmygames] Number=4111 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADR-LN TROJAN! Source=Paul Collins Startup list [gimmysmileys] Number=4112 Confirmed=X Filename=gimmysmileys.exe Description=GimmySmileys adware Source=Paul Collins Startup list [GinaDll] Number=4113 Confirmed=X Filename=ntgina.dll Description=Added by the ANIG.A WORM! Source=Paul Collins Startup list [GisdnLog] Number=4114 Confirmed=? Filename=gisdnlog.exe Description=BT Digital Access USB Source=Paul Collins Startup list [Glass2k] Number=4115 Confirmed=U Filename=Glass2k.exe Description="Glass2k is a small little program that allows Win2K/XP users to make any window transparent" Source=Paul Collins Startup list [GLF Network Lan Monitor] Number=4116 Confirmed=X Filename=NPFMNTOR.exe Description=Added by the RBOT-AGY WORM! Source=Paul Collins Startup list [Glide] Number=4117 Confirmed=Y Filename=Glidew32.exe Description=Cirque touchpad driver Source=Paul Collins Startup list [Global Startup] Number=4118 Confirmed=X Filename=WinDash.EXE Description=Detected by Kaspersky as the VB.Q WORM! Source=Paul Collins Startup list [GlobalSCAPE] Number=4119 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AYM WORM! Source=Paul Collins Startup list [Glock Suite 1.1] Number=4120 Confirmed=X Filename=glock32.exe Description=Added by the TINY.GV TROJAN! Source=Paul Collins Startup list [GLSetIT32] Number=4121 Confirmed=X Filename=msiexec16.exe Description=Added by the OPTIX PRO TROJAN! Source=Paul Collins Startup list [GLSetIT32] Number=4122 Confirmed=X Filename=isass.exe Description=Added by a variant of the OPTIX PRO TROJAN! Source=Paul Collins Startup list [GLSetT32] Number=4123 Confirmed=X Filename=smsiexec.exe Description=Added by the OPTIX-D TROJAN! Source=Paul Collins Startup list [gluon] Number=4124 Confirmed=? Filename=gluon.exe Description=In a gluon/bin sub-directory Source=Paul Collins Startup list [glv] Number=4125 Confirmed=X Filename=glv.exe Description=Added by the DLOADER-NG TROJAN! Source=Paul Collins Startup list [GMedia2] Number=4126 Confirmed=X Filename=GSM2.exe Description=Malware downloader - detected by Kaspersky as the VB.UX TROJAN! Source=Paul Collins Startup list [GMedia2] Number=4127 Confirmed=X Filename=GSMedia3.exe Description=Malware downloader - detected by Kaspersky as the VB.UX TROJAN! Source=Paul Collins Startup list [Gmouse] Number=4128 Confirmed=Y Filename=Gmouse.exe Description=Amouse mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [Gnetmous] Number=4129 Confirmed=U Filename=gnetmous.exe Description=Genius mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [GNETMOUSE] Number=4130 Confirmed=U Filename=gnetmouse.exe Description=Genius mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [GNP Generic Host Process] Number=4131 Confirmed=X Filename=svchost.exe Description=Added by the ZAPCHAS TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [GNP Generic Host Process] Number=4132 Confirmed=X Filename=svchost.exe Description=Added by the ZAPCHAS-R TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder Source=Paul Collins Startup list [GNP Generic Host Process] Number=4133 Confirmed=X Filename=svchost.exe Description=Added by the ZAPCHAS-AA TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems Source=Paul Collins Startup list [gnub] Number=4134 Confirmed=? Filename=gnub.exe Description=?? Source=Paul Collins Startup list [go] Number=4135 Confirmed=X Filename=cvir.exe Description=Added by the SILOV-A WORM! Source=Paul Collins Startup list [Go!Zilla] Number=4136 Confirmed=X Filename=gozilla.exe Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware Source=Paul Collins Startup list [Go!Zilla Monster Downloads] Number=4137 Confirmed=X Filename=Go.exe Description=Download manager for resuming downloads and choosing multiple download locations. Advertising spyware Source=Paul Collins Startup list [GoBack] Number=4138 Confirmed=U Filename=GBMenu.exe Description=Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users Source=Paul Collins Startup list [GoBack] Number=4139 Confirmed=U Filename=GBTray.exe Description=System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users Source=Paul Collins Startup list [GoBack Polling Service] Number=4140 Confirmed=U Filename=GBPoll.exe Description=Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users Source=Paul Collins Startup list [GoBack Tray Icon] Number=4141 Confirmed=U Filename=GBTray.exe Description=Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users Source=Paul Collins Startup list [GOG] Number=4142 Confirmed=X Filename=GOG.exe Description=Added by the PHILIS.B VIRUS! Source=Paul Collins Startup list [goidr] Number=4143 Confirmed=X Filename=goidr.exe Description=Goidr adware Source=Paul Collins Startup list [Goldensoft_MndlSvr] Number=4144 Confirmed=U Filename=MndlSvr.exe Description=Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking Source=Paul Collins Startup list [Golum] Number=4145 Confirmed=X Filename=services.exe Description=Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [golumm] Number=4146 Confirmed=X Filename=services.exe Description=Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "golumm" subfolder Source=Paul Collins Startup list [good] Number=4147 Confirmed=X Filename=badvir.exe Description=Added by the SILOV-B WORM! Source=Paul Collins Startup list [google] Number=4148 Confirmed=X Filename=google.exe Description=Added by the RBOT-AMW WORM! Source=Paul Collins Startup list [Google Desktop] Number=4149 Confirmed=U Filename=GoogleDesktop.exe Description=Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks" Source=Paul Collins Startup list [Google Desktop Search] Number=4150 Confirmed=N Filename=GoogleDesktop.exe Description=Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks" Source=Paul Collins Startup list [Google Earth] Number=4151 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AXK TROJAN! Source=Paul Collins Startup list [Google Earth Viewer] Number=4152 Confirmed=N Filename=GOOGLEMAPS.EXE Description=Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips" Source=Paul Collins Startup list [Google IME Autoupdater] Number=4153 Confirmed=U Filename=GooglePinyinDaemon.exe Description=Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation Source=Paul Collins Startup list [google Intrenet Explorer] Number=4154 Confirmed=X Filename=google.pif Description=Added by the RBOT-ARA WORM! Source=Paul Collins Startup list [Google service] Number=4155 Confirmed=X Filename=Googlesetup.exe Description=Added by the IRCBOT-RJ WORM! Source=Paul Collins Startup list [Google Service FR] Number=4156 Confirmed=X Filename=GO0GLEFREE.EXE Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [google toolbar] Number=4157 Confirmed=X Filename=ggtb32.exe Description=Added by the AGOBOT-RR WORM! Source=Paul Collins Startup list [Google Updater] Number=4158 Confirmed=N Filename=GOOGLE~1.EXE Description=Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) Source=Paul Collins Startup list [Google Updater] Number=4159 Confirmed=N Filename=GoogleUpdater.exe Description=Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.) Source=Paul Collins Startup list [GoogleBot.exe] Number=4160 Confirmed=X Filename=GoogleBot.exe Description=Added by the GB TROJAN! Source=Paul Collins Startup list [GoogleDCClient] Number=4161 Confirmed=N Filename=GoogleDCC.exe Description=Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported Source=Paul Collins Startup list [googletalk] Number=4162 Confirmed=U Filename=googletalk.exe Description=Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually Source=Paul Collins Startup list [GoToMyPC] Number=4163 Confirmed=U Filename=g2svc.exe Description=ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser Source=Paul Collins Startup list [GotSmiley] Number=4164 Confirmed=X Filename=GotSmiley.exe Description=GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [gouday.exe] Number=4165 Confirmed=X Filename=readme.exe Description=Added by the BEAGLE.C WORM! Source=Paul Collins Startup list [GP Updater] Number=4166 Confirmed=X Filename=gpupdater.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [GPLv3] Number=4167 Confirmed=X Filename=[random name].dll Description=Vundo adware Source=Paul Collins Startup list [gpmce] Number=4168 Confirmed=X Filename=window.exe Description=Detected by Kaspersky as the VB.CK WORM! See here Source=Paul Collins Startup list [GRA] Number=4169 Confirmed=N Filename=gra.exe Description=Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility Source=Paul Collins Startup list [gramdate] Number=4170 Confirmed=? Filename=2Stop.exe Description=?? Source=Paul Collins Startup list [Graphic Driver] Number=4171 Confirmed=X Filename=smss32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Graphic Loader] Number=4172 Confirmed=X Filename=ntvdm32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Graphic Update] Number=4173 Confirmed=X Filename=openglx.exe Description=Detected by PCTools as the IRCBOT.BIM TROJAN! See here Source=Paul Collins Startup list [Graphics] Number=4174 Confirmed=X Filename=_default.pif Description=Added by the AUTOSKY WORM! Source=Paul Collins Startup list [Graphics adapter service] Number=4175 Confirmed=X Filename=windll.exe Description=Added by the ATNAS.A WORM! Source=Paul Collins Startup list [Gravis Appawareloader] Number=4176 Confirmed=U Filename=dbserver.exe Description=Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them Source=Paul Collins Startup list [Gravis Xperience Driver Support] Number=4177 Confirmed=U Filename=Grxp4exe.exe Description=Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used Source=Paul Collins Startup list [GrdSys32] Number=4178 Confirmed=? Filename=GrdSys32.exe Description=X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? Source=Paul Collins Startup list [GreasyPalmUpdate] Number=4179 Confirmed=X Filename=GreasyPalmUpdate.exe Description=SearchFast adware Source=Paul Collins Startup list [Greetings Workshop] Number=4180 Confirmed=N Filename=GWREMIND.EXE Description=You really want to be reminded about somebody's birthday at the expense of resources? Source=Paul Collins Startup list [gremier] Number=4181 Confirmed=X Filename=wscript.exe gpremier.vbs Description=Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Gremlin] Number=4182 Confirmed=X Filename=intrenat.exe Description=Added by the DOOMJUICE WORM! Source=Paul Collins Startup list [grinders] Number=4183 Confirmed=X Filename=grinders.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [Grokster] Number=4184 Confirmed=N Filename=Grokster.exe Description=Grokster Peer-To-Peer File Sharing program Source=Paul Collins Startup list [Groove Virtual Office] Number=4185 Confirmed=Y Filename=Groove.exe Description="Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office Source=Paul Collins Startup list [GrooveMonitor] Number=4186 Confirmed=Y Filename=GrooveMonitor.exe Description=Microsoft Office Groove 2007 - Groove Folder Sharing synchronization (GFS). If you kill it, your GFS workspaces may not synchronize properly (particularly around unread-marks), and you might experience some nagging discomfort Source=Paul Collins Startup list [GrpConv] Number=4187 Confirmed=N Filename=grpconv.exe Description=Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article Source=Paul Collins Startup list [GsAds] Number=4188 Confirmed=X Filename=gms2.exe Description=PacerD_Media/Pacimedia.com adware Source=Paul Collins Startup list [Gscbc] Number=4189 Confirmed=? Filename=Gscbc.exe Description=?? Source=Paul Collins Startup list [gshp] Number=4190 Confirmed=X Filename=zzgshp.vbs Description=Homepage hi-jacker Source=Paul Collins Startup list [Gsiconexe] Number=4191 Confirmed=N Filename=Gsicon.exe Description=ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities Source=Paul Collins Startup list [GsiFinal] Number=4192 Confirmed=? Filename=rundll32 gspndll.dll, postInstall final Description=USB DSL modem related - [what does it do and is it required in startup? Source=Paul Collins Startup list [GSISETUP] Number=4193 Confirmed=? Filename=[path] GsiInst.exe INSTALL [path] V205Res 13 Description=BT Voyager ADSL modem related - what does it do and is it required? Source=Paul Collins Startup list [GSOrganizer] Number=4194 Confirmed=N Filename=GSOrganizer.exe Description=GoldenSection Organizer (now WinOrganizer - personal information manager Source=Paul Collins Startup list [gssomatic] Number=4195 Confirmed=X Filename=gssomatic.exe Description=Searchcentrix hijacker Source=Paul Collins Startup list [gStart] Number=4196 Confirmed=Y Filename=gStart.exe Description=gStart GPS software from Garmin Source=Paul Collins Startup list [GStartup] Number=4197 Confirmed=X Filename=GMT.exe Description=Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [gsv] Number=4198 Confirmed=X Filename=gsv.exe Description=Added by the ROBAL 1.0 backdoor TROJAN! Source=Paul Collins Startup list [GT] Number=4199 Confirmed=X Filename=GT.EXE Description=Added by the SDBOT-AJ WORM! Source=Paul Collins Startup list [GT15J4R49V] Number=4200 Confirmed=X Filename=cpuserv.exe Description=Identified as a variant of the Trojan.Win32.Radi.gu malware Source=Paul Collins Startup list [GTVEpg] Number=4201 Confirmed=U Filename=GTVEpg.exe Description=Part of Got All Media - control your TV tuner and other utilities from your PC Source=Paul Collins Startup list [GTVRec] Number=4202 Confirmed=X Filename=GTVRec.exe Description=Part of Got All Media - control your TV tuner and other utilities from your PC Source=Paul Collins Startup list [Gtwatch] Number=4203 Confirmed=N Filename=gtwatch.exe Description=Associated with a Mustec scanner and not required Source=Paul Collins Startup list [gtydf] Number=4204 Confirmed=X Filename=iisca.exe Description=Added by the CLAGGER-BB TROJAN! Source=Paul Collins Startup list [gtydf] Number=4205 Confirmed=X Filename=iscca.exe Description=Added by the DWNLDR-GTK TROJAN! Source=Paul Collins Startup list [gtydf] Number=4206 Confirmed=X Filename=ggrrgg.exe Description=Added by the DLOADR-AZK TROJAN! Source=Paul Collins Startup list [Guard] Number=4207 Confirmed=U Filename=Guard.exe Description=Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program Source=Paul Collins Startup list [Guardian] Number=4208 Confirmed=N Filename=CMGrdian.exe Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic Source=Paul Collins Startup list [Guardian PC Security Tools] Number=4209 Confirmed=U Filename=Pfft.exe Description=Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite Source=Paul Collins Startup list [guarnset] Number=4210 Confirmed=X Filename=guarnset.exe Description=Adlogix adware Source=Paul Collins Startup list [gummy] Number=4211 Confirmed=X Filename=gummy.exe Description=Added by the VANEBOT-AQ WORM! Source=Paul Collins Startup list [GURL] Number=4212 Confirmed=X Filename=gurl.exe Description=GURLWatcher spyware Source=Paul Collins Startup list [GuruNet] Number=4213 Confirmed=U Filename=GuruNet.exe Description=GuruNet lets you click on any word on your screen to get the relevant information you want Source=Paul Collins Startup list [GustavVED] Number=4214 Confirmed=X Filename=[filename].exe Description=Added by the OPASERV.H WORM! Source=Paul Collins Startup list [gvagfxj] Number=4215 Confirmed=X Filename=rundll32 ...gvagfxj.dll Description=Unidentified adware, spyware or virus Source=Paul Collins Startup list [gw port controller] Number=4216 Confirmed=Y Filename=PORTCT95.EXE Description=From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung Source=Paul Collins Startup list [GWInkMonitor] Number=4217 Confirmed=N Filename=GWInkMonitor.exe Description=Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! Source=Paul Collins Startup list [gwiz] Number=4218 Confirmed=X Filename=ntsystem.exe Description=Added by the NITWIZ.A TROJAN! Source=Paul Collins Startup list [gwiz] Number=4219 Confirmed=X Filename=arpl.exe Description=Detected by F-Prot as W32/Downloader-Sml-based Source=Paul Collins Startup list [GWMDMMSG] Number=4220 Confirmed=N Filename=GWMDMMSG.exe Description=Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly Source=Paul Collins Startup list [GWMDMpi] Number=4221 Confirmed=U Filename=GWMDMpi.exe Description=Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information Source=Paul Collins Startup list [gwum] Number=4222 Confirmed=U Filename=gwum.exe Description=Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers" Source=Paul Collins Startup list [gyy] Number=4223 Confirmed=? Filename=gyy.exe Description=Possibly Gator (and therefore spyware) related? Source=Paul Collins Startup list [G_Server.exe] Number=4224 Confirmed=X Filename=G_Server.exe Description=Added by the FEUTEL-C TROJAN! Source=Paul Collins Startup list [G_Server1.2.exe] Number=4225 Confirmed=X Filename=G_Server1.2.exe Description=Added by the GRAYBIRD-Z TROJAN! Source=Paul Collins Startup list [H/PC Connection Agent] Number=4226 Confirmed=U Filename=WCESCOMM.EXE Description=Active sync for use with Windows CE based palm PC Source=Paul Collins Startup list [H2O] Number=4227 Confirmed=Y Filename=cledx.exe Description=Related to copyright protection products by SyncroSoft Source=Paul Collins Startup list [H2OWIBU] Number=4228 Confirmed=U Filename=CXWibu.exe Description=Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware Source=Paul Collins Startup list [h4te Service Drivers] Number=4229 Confirmed=X Filename=h4te.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [hachimitsu-lemon] Number=4230 Confirmed=X Filename=hachimitsu-lemon.exe Description=Added by the HACHILEM TROJAN! Source=Paul Collins Startup list [HackMuFpt] Number=4231 Confirmed=X Filename=HackMuFpt.exe Description=Added by the SCLOG-AG TROJAN! Source=Paul Collins Startup list [hagent] Number=4232 Confirmed=X Filename=avp.exe Description=Added by the "Herman Agent" remote access TROJAN! Source=Paul Collins Startup list [HalifaxHowardCluster] Number=4233 Confirmed=U Filename=skinkers.exe Description="Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages Source=Paul Collins Startup list [Hamachi] Number=4234 Confirmed=Y Filename=hamachi.exe Description=LogMeIn Hamachi remote control and VPN software Source=Paul Collins Startup list [HaMFrontPanel] Number=4235 Confirmed=U Filename=hampanel.exe Description=Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless Source=Paul Collins Startup list [Handy Backup 3.9] Number=4236 Confirmed=U Filename=hbagent.exe Description=Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers Source=Paul Collins Startup list [HanUpdate] Number=4237 Confirmed=X Filename=hanz.exe Description=Added by the RBOT-GLJ WORM! Source=Paul Collins Startup list [Hard Disk Sentinel] Number=4238 Confirmed=N Filename=HDSentinel.exe Description=Hard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failures Source=Paul Collins Startup list [Hard drive Controller] Number=4239 Confirmed=X Filename=hdcontroller.exe Description=Added by the KIMAN.B WORM! Source=Paul Collins Startup list [Hardware Doctor] Number=4240 Confirmed=U Filename=Hwdoctor.exe Description=Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems Source=Paul Collins Startup list [Hardware Monitor Service] Number=4241 Confirmed=X Filename=mshms.exe Description=Added by the WOLLF-A TROJAN! Source=Paul Collins Startup list [Hardware Profile] Number=4242 Confirmed=X Filename=hxdef.exe Description=Added by the LOVGATE.AB WORM! Source=Paul Collins Startup list [Hardware Profile] Number=4243 Confirmed=X Filename=hxdef.exe... Description=Added by the LOVGATE.Z WORM! Source=Paul Collins Startup list [Hardware Sensors Monitor] Number=4244 Confirmed=U Filename=hmonitor.exe Description=Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems Source=Paul Collins Startup list [Hardware Shell Detection] Number=4245 Confirmed=X Filename=WinHSD.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Hare] Number=4246 Confirmed=U Filename=hare.exe Description=Hare - improve and optimize performance of desktop/laptop PCs Source=Paul Collins Startup list [HATAPE] Number=4247 Confirmed=X Filename=[path to trojan] Description=Added by the BANKER-QF TROJAN! Source=Paul Collins Startup list [HawkEye] Number=4248 Confirmed=U Filename=HAWK_95.EXE Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs Source=Paul Collins Startup list [HawkEye IV Control Panel] Number=4249 Confirmed=U Filename=HAWK_32.EXE Description=Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs Source=Paul Collins Startup list [Hawking HWU54G Utility] Number=4250 Confirmed=U Filename=HWU54G.exe Description=Wireless management utility for the HWU54G Mini Wireless-G USB Adapter from Hawking Technologies, Inc Source=Paul Collins Startup list [Hawking Wireless Utility] Number=4251 Confirmed=U Filename=HWU8DD.exe Description=Wireless management utility for the HWU8DD Hi-Gain™ USB Wireless-G Dish Adapter from Hawking Technologies, Inc Source=Paul Collins Startup list [Hbinst] Number=4252 Confirmed=X Filename=Hbinst.exe Description=Hotbar adware Source=Paul Collins Startup list [HC Reminder] Number=4253 Confirmed=N Filename=hc.exe Description=For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed Source=Paul Collins Startup list [HCDetect] Number=4254 Confirmed=N Filename=HCDetect.exe Description=MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem Source=Paul Collins Startup list [hcenter] Number=4255 Confirmed=U Filename=tgcmd.exe Description=See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation Source=Paul Collins Startup list [hclean32.exe] Number=4256 Confirmed=X Filename=hclean32.exe Description=Wareout - malware masquerading as a spyware and dialer remover Source=Paul Collins Startup list [Hcontrol] Number=4257 Confirmed=U Filename=hcontrol.exe Description=Hotkeys on an ASUS Notebook. Only required if you use the additional keys Source=Paul Collins Startup list [hcsystray] Number=4258 Confirmed=N Filename=hc_tray.exe Description=Kuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there?s a new episode that?s been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information" Source=Paul Collins Startup list [HDAShCut] Number=4259 Confirmed=N Filename=HDAShCut.exe Description=High definition audio page shortcut for Realtek audio devices - not required Source=Paul Collins Startup list [HDAudDeck] Number=4260 Confirmed=U Filename=HDAudioCPL.exe Description=Vista control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B Source=Paul Collins Startup list [HDAudDeck] Number=4261 Confirmed=U Filename=HDeck.exe Description=XP control panel for VIA Vinyl HD Audio Codecs from VIA Technologies, Inc - such as the VT1708B Source=Paul Collins Startup list [HDAudio] Number=4262 Confirmed=X Filename=hda.exe Description=Added by the TACTSLAY.U TROJAN! Source=Paul Collins Startup list [HDAudio Driver 1.0] Number=4263 Confirmed=X Filename=[random filename].exe Description=Added by the TEADOOR-D TROJAN! Source=Paul Collins Startup list [HDAudio Driver 2.0] Number=4264 Confirmed=X Filename=[random filename].exe Description=Added by the TEADOOR-E TROJAN! Source=Paul Collins Startup list [HDDHealth] Number=4265 Confirmed=U Filename=hddhealth.exe Description=HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure" Source=Paul Collins Startup list [HDDlife] Number=4266 Confirmed=U Filename=HDDlife.exe Description=HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks Source=Paul Collins Startup list [HDhelp] Number=4267 Confirmed=? Filename=tbhdhelp.exe Description=Associated with Philips Edge series soundcards. Is it required? Source=Paul Collins Startup list [hdlfoe df98ndf] Number=4268 Confirmed=X Filename=svchots.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [hdlpscom] Number=4269 Confirmed=X Filename=[8 random letters].exe Description=Added by the RBOT-FUL WORM! Source=Paul Collins Startup list [HDtray] Number=4270 Confirmed=N Filename=HDtray.exe Description=Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [he3bbcff] Number=4271 Confirmed=X Filename=rundll32.exe he3bbcff.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [he3e3fc4] Number=4272 Confirmed=X Filename=rundll32.exe he3e3fc4.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Hekio Startups] Number=4273 Confirmed=X Filename=Hnksvc32.exe Description=Added by the AGOBOT-QE WORM! Source=Paul Collins Startup list [HELLBOT TEST] Number=4274 Confirmed=X Filename=1hellbot.exe Description=Added by the MYDOOM.BO WORM! Source=Paul Collins Startup list [HELLBOT3] Number=4275 Confirmed=X Filename=coolbot.exe Description=Added by the MYTOB.AB WORM! Source=Paul Collins Startup list [hellfire] Number=4276 Confirmed=X Filename=svchost.exe Description=Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [hellodolly] Number=4277 Confirmed=X Filename=shost.exe Description=Added by the YODO WORM! Source=Paul Collins Startup list [helloserv] Number=4278 Confirmed=X Filename=helloserv.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [helloworld] Number=4279 Confirmed=X Filename=nb32ext2.exe Description=Added by the MYDOOM.BV WORM! Source=Paul Collins Startup list [helloworld] Number=4280 Confirmed=X Filename=nb32ext3.exe Description=Added by the MYTOB.JT WORM! Source=Paul Collins Startup list [helloworld3] Number=4281 Confirmed=X Filename=nb32ext4.exe Description=Added by the RITDOOR.A WORM! Source=Paul Collins Startup list [Help] Number=4282 Confirmed=? Filename=helpext.exe Description=?? Source=Paul Collins Startup list [help] Number=4283 Confirmed=X Filename=help.scr Description=Added by the BANCOS-BBU TROJAN! Source=Paul Collins Startup list [Help] Number=4284 Confirmed=X Filename=Wizardnil.exe Description=Added by the BANCOS-BCZ TROJAN! Source=Paul Collins Startup list [Help] Number=4285 Confirmed=X Filename=lshost.exe Description=Identified as a variant of the Trojan-Clicker.Win32.Delf.aro malware Source=Paul Collins Startup list [Help and Support Service] Number=4286 Confirmed=X Filename=usnsvc.exe Description=Detected by Kaspersky as the SDBOT.AAD TROJAN! See here Source=Paul Collins Startup list [Help Temp Files] Number=4287 Confirmed=X Filename=netreg.exe Description=Added by the FORBOT-EM WORM! Source=Paul Collins Startup list [helpctl.exe] Number=4288 Confirmed=X Filename=helpctl.exe Description=Added by the GASLIDE TROJAN! Source=Paul Collins Startup list [Helper] Number=4289 Confirmed=X Filename=eschlp.exe Description=Added by the BLASTER.T WORM! Source=Paul Collins Startup list [HELPER] Number=4290 Confirmed=X Filename=greece nm.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [HELPER] Number=4291 Confirmed=X Filename=Netherlands.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [HELPER] Number=4292 Confirmed=X Filename=new zealand.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [HELPER] Number=4293 Confirmed=X Filename=sweden.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [HELPER] Number=4294 Confirmed=X Filename=canada.exe Description=AsdPlug premium rate adult content dialler variant Source=Paul Collins Startup list [HELPER] Number=4295 Confirmed=X Filename=france.exe Description=AsdPlug premium rate adult content dialler variant Source=Paul Collins Startup list [HELPER] Number=4296 Confirmed=X Filename=temp532.exe Description=AsdPlug premium rate adult content dialler variant Source=Paul Collins Startup list [helper.dll] Number=4297 Confirmed=X Filename=rundll32.exe [path] helper.dll Description=CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [HelpExp.exe] Number=4298 Confirmed=X Filename=HelpExp.exe Description=Attune HelpExpress - spyware. Disable and uninstall - see here Source=Paul Collins Startup list [helpmanager] Number=4299 Confirmed=X Filename=spoler.exe Description=Added by the RANDEX.J WORM! Source=Paul Collins Startup list [helpo] Number=4300 Confirmed=X Filename=helpo.exe Description=Added by the BANLOA-BU TROJAN! Source=Paul Collins Startup list [helpw] Number=4301 Confirmed=X Filename=helpw.exe Description=Adware downloader Source=Paul Collins Startup list [hen] Number=4302 Confirmed=X Filename=[filename].exe Description=Added by the TARNO.G TROJAN! Source=Paul Collins Startup list [heomstool] Number=4303 Confirmed=X Filename=heomstool.exe Description=Added by the HEOMS TROJAN! Source=Paul Collins Startup list [HerculesCamService] Number=4304 Confirmed=? Filename=CamService.exe Description=Related to the http://www.hercules.com/us/webcam/bdd/p/20/hercules-dualpix-hd-webcam/" target="_blank">Hercules Dualpix HD Webcam. What does it do and is it required? Source=Paul Collins Startup list [hErcUnes] Number=4305 Confirmed=X Filename=softhost.exe Description=Added by the GARROCH WORM! Source=Paul Collins Startup list [Hermes Messenger] Number=4306 Confirmed=U Filename=DGDRHE~1.EXE Description=A LAN messenger alternative to WinPopUp - Digital Dreams Software Source=Paul Collins Startup list [Hewlett Packard Manager] Number=4307 Confirmed=X Filename=hpmanager.exe Description=Added by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard program Source=Paul Collins Startup list [Hewlett Packard Recorder] Number=4308 Confirmed=N Filename=Remind32.exe Description=HP multifunction registration Source=Paul Collins Startup list [Hf] Number=4309 Confirmed=U Filename=Hf.exe Description=Hide Folders - hide your folders so only you can view them Source=Paul Collins Startup list [HF Security] Number=4310 Confirmed=X Filename=hfsecure.exe Description=Added by the AGOBOT-TI WORM! Source=Paul Collins Startup list [hffsrv] Number=4311 Confirmed=U Filename=hffsrv.exe Description=Hide Files & Folders is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching" Source=Paul Collins Startup list [hfxp] Number=4312 Confirmed=U Filename=hfxp.exe Description=Hide Folders XP - hide your folders so only you can view them Source=Paul Collins Startup list [hgqhp.exe] Number=4313 Confirmed=X Filename=hgqhp.exe Description=Added by the FLUSH.F TROJAN! Source=Paul Collins Startup list [HGTXPEI] Number=4314 Confirmed=N Filename=FirstReboot.exe Description=Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [hhtnsn] Number=4315 Confirmed=X Filename=rnxntup.exe Description=Added by a variant of the ORCU.B TROJAN! Source=Paul Collins Startup list [HiberMonitor] Number=4316 Confirmed=? Filename=HCount.exe Description=?? Source=Paul Collins Startup list [Hibernation] Number=4317 Confirmed=U Filename=hib32.exe Description=Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly Source=Paul Collins Startup list [Hid.exe] Number=4318 Confirmed=X Filename=hid.exe Description=Added by the RATSOU.B TROJAN! Source=Paul Collins Startup list [HideOE] Number=4319 Confirmed=U Filename=HideOE.exe Description=HideOE - allows you to 'hide' Outlook Express or minimize it to the System Tray Source=Paul Collins Startup list [HideRun.exe] Number=4320 Confirmed=X Filename=Hiderun.exe and svhost.exe and pro.gif Description=Added by the BOOHOO WORM! Source=Paul Collins Startup list [HideStyle] Number=4321 Confirmed=X Filename=Ante Browse Trust.exe Description=IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files Source=Paul Collins Startup list [hidserv] Number=4322 Confirmed=U Filename=hidserv.exe Description=This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards Source=Paul Collins Startup list [hid_start] Number=4323 Confirmed=X Filename=gzmrotate.dll Description=AdRotator/IconAds adware Source=Paul Collins Startup list [High Definition Audio Property Page Shortcut] Number=4324 Confirmed=N Filename=HDAudPropShortcut.exe Description=Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required Source=Paul Collins Startup list [High Definition Audio Property Page Shortcut] Number=4325 Confirmed=N Filename=HDAShCut.exe Description=High definition audio page shortcut for Realtek audio devices - not required Source=Paul Collins Startup list [High Definition Audio Property Page Shortcut] Number=4326 Confirmed=U Filename=CHDAudPropShortcut.exe Description=Realtek high definition audio related Source=Paul Collins Startup list [HighPoint ATA RAID Management Software] Number=4327 Confirmed=Y Filename=raidman.exe Description=HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID Source=Paul Collins Startup list [Highspeeddownloader] Number=4328 Confirmed=X Filename=SetupClickHere.EXE Description=Homepage hijacker, redirecting to "turbo-search101.com" - see here Source=Paul Collins Startup list [HijackThis] Number=4329 Confirmed=U Filename=HijackThis.exe Description="HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed Source=Paul Collins Startup list [HijackThis startup scan] Number=4330 Confirmed=U Filename=HijackThis.exe Description="HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs". This option is added when you select Config → "Run HijackThis scan at startup..." once a scan has been performed Source=Paul Collins Startup list [HijSrv32] Number=4331 Confirmed=X Filename=hijsrv.exe Description=Added by the BANKGERM-D TROJAN! Source=Paul Collins Startup list [himem.exe] Number=4332 Confirmed=X Filename=[path to worm] Description=Added by the STRATION-FW WORM! Source=Paul Collins Startup list [HistoriaLout.] Number=4333 Confirmed=X Filename=GDC.exe Description=Added by and unidentified misleading security program Source=Paul Collins Startup list [HistoryKill] Number=4334 Confirmed=N Filename=histkill.exe Description=HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs Source=Paul Collins Startup list [Hitman Pro SurfRight Helper] Number=4335 Confirmed=U Filename=srhelper.exe Description=Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy Source=Paul Collins Startup list [HitQ] Number=4336 Confirmed=X Filename=HitQ.exe Description=Hijacker, for more information see here Source=Paul Collins Startup list [HitwarePKLite] Number=4337 Confirmed=U Filename=HITWAR~1.EXE Description=Hitware Popup Killer Lite Source=Paul Collins Startup list [HIV] Number=4338 Confirmed=X Filename=HIV.exe Description=Added by the HIVA TROJAN! Source=Paul Collins Startup list [hk] Number=4339 Confirmed=U Filename=hk.exe Description=KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [hkcmd] Number=4340 Confirmed=U Filename=hkcmd.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel Source=Paul Collins Startup list [HKEYok] Number=4341 Confirmed=X Filename=runlli32.exe Description=Added by the QQPASS-U TROJAN! Source=Paul Collins Startup list [HKLM\Run] Number=4342 Confirmed=X Filename=windowsupdate.exe Description=Added by the FORBOT-BJ WORM! (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) Source=Paul Collins Startup list [hkserv] Number=4343 Confirmed=U Filename=HKserv.exe Description=Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS Source=Paul Collins Startup list [hkss] Number=4344 Confirmed=U Filename=hkss.exe Description=Compaq HotKey Support - multimedia keyboard support Source=Paul Collins Startup list [HLcleanup] Number=4345 Confirmed=X Filename=hlsetup2.exe Description=LinkReplacer/FFinder adware Source=Paul Collins Startup list [hldrrr] Number=4346 Confirmed=X Filename=hldrrr.exe Description=Added by the BAGLE-KF WORM! Source=Paul Collins Startup list [hlhtxo.exe] Number=4347 Confirmed=X Filename=hlhtxo.exe Description=Added by the QLOWZONES-27 TROJAN! Source=Paul Collins Startup list [HLL Data Parameter] Number=4348 Confirmed=X Filename=hllcxpa.exe Description=Added by the RBOT.AFG WORM! Source=Paul Collins Startup list [HMI PowerSystem] Number=4349 Confirmed=X Filename=hmisvc32.exe Description=Added by the RANDEX.CZZ WORM! Source=Paul Collins Startup list [HML PowerSource] Number=4350 Confirmed=X Filename=hmlsvc32.exe Description=Added by the SDBOT-XL WORM! Source=Paul Collins Startup list [Hmonitor] Number=4351 Confirmed=U Filename=Hmonitor.exe Description=Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status Source=Paul Collins Startup list [HMV PowerSource] Number=4352 Confirmed=X Filename=hmusvc32.exe Description=Added by the SDBOT-YW WORM! Source=Paul Collins Startup list [ho2stdll.exe] Number=4353 Confirmed=X Filename=ho2stdll.exe Description=Added by the BANKER-HO TROJAN! Source=Paul Collins Startup list [HOI Services] Number=4354 Confirmed=X Filename=holsvc32.exe Description=Added by the AGOBOT-SF WORM! Source=Paul Collins Startup list [Holiday Lights] Number=4355 Confirmed=N Filename=Holiday Lights.exe Description=Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs Source=Paul Collins Startup list [Hollaback] Number=4356 Confirmed=X Filename=slvhosts.exe Description=Added by the SDBOT.BMO WORM! Source=Paul Collins Startup list [Home Theater SchSvr] Number=4357 Confirmed=N Filename=SchSvr.exe Description=WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs Source=Paul Collins Startup list [HomeAlarm] Number=4358 Confirmed=U Filename=HomeAlarm.exe Description=Chameleon Clock - system tray clock replacement Source=Paul Collins Startup list [HomeCentre WakeUp] Number=4359 Confirmed=? Filename=LGWAKEUP.EXE Description=Associated with the no longer supported Xerox HomeCentre printer/scanner Source=Paul Collins Startup list [Homeland Network] Number=4360 Confirmed=X Filename=HomelandNetwork.exe Description=Homeland Network Notifier - pops ads Source=Paul Collins Startup list [homepage.monitor.exe] Number=4361 Confirmed=X Filename=isamonitor.exe Description=Added by the ZLOB-QK TROJAN! Source=Paul Collins Startup list [HondaHelper] Number=4362 Confirmed=U Filename=HondaHelper.exe Description=Part of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod? in you car Source=Paul Collins Startup list [Honor] Number=4363 Confirmed=? Filename=honor.exe Description=?? Source=Paul Collins Startup list [Hook99startup] Number=4364 Confirmed=U Filename=hk2re.exe Description="Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent" Source=Paul Collins Startup list [HookSys] Number=4365 Confirmed=U Filename=HookSys.exe Description=SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java Source=Paul Collins Startup list [HornetMonitor] Number=4366 Confirmed=U Filename=MntrHrnt.exe Description=Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network Source=Paul Collins Startup list [HorngTech4D] Number=4367 Confirmed=Y Filename=bally4d.exe Description=HorngTech 4D mouse driver Source=Paul Collins Startup list [Host] Number=4368 Confirmed=X Filename=N/A Description=Added by the POPDIS or STARTPAGE.F TROJANS! Source=Paul Collins Startup list [host] Number=4369 Confirmed=X Filename=help.exe Description=Identified as the DELF.LF by Ewido Security Suite Source=Paul Collins Startup list [Host Process] Number=4370 Confirmed=X Filename=mame.exe Description=Added by the RBOT-APO WORM! Source=Paul Collins Startup list [Host Process] Number=4371 Confirmed=X Filename=svchost.exe Description=Detected by Kaspersky as the AGENT.DGO TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in the Fonts directory Source=Paul Collins Startup list [hostdll.exe] Number=4372 Confirmed=X Filename=hostdll.exe Description=Added by the BANKER-BO TROJAN! Source=Paul Collins Startup list [HostManager] Number=4373 Confirmed=U Filename=AOLHostManager.exe Description=Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching time Source=Paul Collins Startup list [HostManager] Number=4374 Confirmed=N Filename=AOLSoftware.exe Description=Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system". Source=Paul Collins Startup list [Hostname Manager Server] Number=4375 Confirmed=X Filename=host32srv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Hostren.exe] Number=4376 Confirmed=X Filename=Hostren.exe Description=Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN! Source=Paul Collins Startup list [hostserv] Number=4377 Confirmed=X Filename=hostserv.exe Description=Added by the RBOT.BPZ WORM! Source=Paul Collins Startup list [hostserv] Number=4378 Confirmed=X Filename=wiz98.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [HostsFileMgr] Number=4379 Confirmed=U Filename=winHostsEdit.exe Description=AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file Source=Paul Collins Startup list [HostsMan] Number=4380 Confirmed=U Filename=hm.exe Description="HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file Source=Paul Collins Startup list [HostSrv] Number=4381 Confirmed=X Filename=sachostx.exe Description=Added by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders Source=Paul Collins Startup list [HostSrv] Number=4382 Confirmed=X Filename=sachostx.exe Description=Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS! Source=Paul Collins Startup list [HostSrv] Number=4383 Confirmed=X Filename=sachostx.exe... Description=Added by the LOOKSKY.E WORM! Source=Paul Collins Startup list [HostSVC syse] Number=4384 Confirmed=X Filename=HostSVC.exe Description=Added by the RBOT-ANZ WORM! Source=Paul Collins Startup list [Hot Corners] Number=4385 Confirmed=U Filename=Hotc.exe Description=Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen" Source=Paul Collins Startup list [HOT FIX] Number=4386 Confirmed=X Filename=Gothic.exe Description=Detected by Kaspersky as the RBOT.ESX WORM! Source=Paul Collins Startup list [Hot Inside] Number=4387 Confirmed=X Filename=Hottest Story Ever.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [Hot Key Kbd 2690 Daemon] Number=4388 Confirmed=U Filename=SK9910DM.exe Description=Multimedia keyboard manager - required if you use any special keys Source=Paul Collins Startup list [Hot Key Keybd 9910 Daemon] Number=4389 Confirmed=U Filename=SK9910DM.exe Description=Multimedia keyboard manager - required if you use any special keys Source=Paul Collins Startup list [Hot Party 22] Number=4390 Confirmed=? Filename=hotpart22.exe Description=?? Source=Paul Collins Startup list [HotAction_hr] Number=4391 Confirmed=X Filename=hotaction_hr.exe Description=Added by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr" Source=Paul Collins Startup list [Hotbar] Number=4392 Confirmed=X Filename=Hbinst.exe Description=Hotbar adware Source=Paul Collins Startup list [Hotbar] Number=4393 Confirmed=X Filename=HbOEAddOn.exe Description=Hotbar adware Source=Paul Collins Startup list [HotbarOE] Number=4394 Confirmed=X Filename=OEAddOn.exe Description=Hotbar adware Source=Paul Collins Startup list [HotbarSA] Number=4395 Confirmed=X Filename=HotbarSA.exe Description=Hotbar adware Source=Paul Collins Startup list [hotdlll] Number=4396 Confirmed=X Filename=remote.cmd Description=Added by the BANKER-EHG TROJAN! Source=Paul Collins Startup list [hotdlll] Number=4397 Confirmed=X Filename=vmmreg32.exe Description=BANKER.DX spyware Source=Paul Collins Startup list [hotefix] Number=4398 Confirmed=X Filename=msnmanegers.exe Description=Detected by Trend Micro as the IRCBRUTE.AS TROJAN! See here Source=Paul Collins Startup list [hotfix] Number=4399 Confirmed=X Filename=msnnmaneger.exe Description=Added by the WOOTBOT.AF WORM! Source=Paul Collins Startup list [Hotfix Updat] Number=4400 Confirmed=X Filename=svdhost32.exe Description=Added by the GAOBOT.ZW WORM! Source=Paul Collins Startup list [HOTFOON2] Number=4401 Confirmed=U Filename=hotfoon4.exe Description=Related to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol) Source=Paul Collins Startup list [HotIDE] Number=4402 Confirmed=U Filename=hotide.exe Description=HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks Source=Paul Collins Startup list [HotkeyApp] Number=4403 Confirmed=U Filename=HotkeyApp.exe Description=Programmable keys on Acer, Fujitsu and other laptops Source=Paul Collins Startup list [HotKeysCmds] Number=4404 Confirmed=U Filename=hkcmd.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel Source=Paul Collins Startup list [HotKeysCmds] Number=4405 Confirmed=X Filename=[path to worm] Description=Added by the PAHATIA-A WORM! Source=Paul Collins Startup list [HotPix] Number=4406 Confirmed=X Filename=hotpix.exe Description=Adult content dialler Source=Paul Collins Startup list [hotplug] Number=4407 Confirmed=X Filename=hotplug.exe Description=Added by the SILLYDL TROJAN! Source=Paul Collins Startup list [Hotplug] Number=4408 Confirmed=U Filename=hot_plug.exe Description=Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function Source=Paul Collins Startup list [HotSync Manager] Number=4409 Confirmed=N Filename=hotsync.exe Description=Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs Source=Paul Collins Startup list [hotwetlove] Number=4410 Confirmed=X Filename=hotwetlove.exe Description=Adult content dialler. Will not uninstall - components have to be manually deleted Source=Paul Collins Startup list [Hot_Kiss] Number=4411 Confirmed=X Filename=Hot_Kiss.exe Description=Adult content dialler Source=Paul Collins Startup list [Hot_Tarts] Number=4412 Confirmed=X Filename=Hot_Tarts.exe Description=Adult content dialler Source=Paul Collins Startup list [Hot_Tarts_**] Number=4413 Confirmed=X Filename=Hot_Tarts_**.exe Description=Premium rate adult content dialer (where * is a random char) Source=Paul Collins Startup list [Hot_Tarts_Au] Number=4414 Confirmed=X Filename=Hot_Tarts_Au.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [Hot_Tarts_mc] Number=4415 Confirmed=X Filename=Hot_Tarts_mc.exe Description=HotTarts adult content dialer Source=Paul Collins Startup list [HoverDesk] Number=4416 Confirmed=U Filename=HoverDesk.exe Description=HoverDesk - desktop replacement software Source=Paul Collins Startup list [hp 1000 firmware] Number=4417 Confirmed=? Filename=fwdl.exe Description=HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? Source=Paul Collins Startup list [HP AutoIndexer] Number=4418 Confirmed=U Filename=hppautoindexer.exe Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup Source=Paul Collins Startup list [HP CD Writer] Number=4419 Confirmed=N Filename=hpcdtray.exe Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs Source=Paul Collins Startup list [HP CD-DVD] Number=4420 Confirmed=N Filename=hpcdtray.exe Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs Source=Paul Collins Startup list [HP CD-Writer] Number=4421 Confirmed=N Filename=hpcdtray.exe Description=System Tray access to a HP CD-Writer's functions. Available via Start -> Programs Source=Paul Collins Startup list [hp center] Number=4422 Confirmed=X Filename=BACKWEB-*****.exe Description=See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit Source=Paul Collins Startup list [hp center UI] Number=4423 Confirmed=N Filename=ShadowBar.exe Description=User Interface for HP Center - see here Source=Paul Collins Startup list [HP Component Manager] Number=4424 Confirmed=N Filename=hpcmpmgr.exe Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" Source=Paul Collins Startup list [HP Deskjet] Number=4425 Confirmed=X Filename=HP_DeskJet_500.exe Description=Added by the FORBOT-DA WORM! Source=Paul Collins Startup list [HP Digital Imaging Monitor] Number=4426 Confirmed=U Filename=hpqtra08.exe Description=System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example Source=Paul Collins Startup list [HP Display Settings] Number=4427 Confirmed=U Filename=hpdisply.exe Description=Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message Source=Paul Collins Startup list [HP Health Check Schedule] Number=4428 Confirmed=U Filename=HPHC_Scheduler.exe Description=HP Health Check Scheduler from Hewlett-Packard Source=Paul Collins Startup list [HP IDScheduler] Number=4429 Confirmed=? Filename=HPIDSCHD.exe Description=HP Instant Delivery Scheduler Source=Paul Collins Startup list [HP Image Zone Fast Start] Number=4430 Confirmed=N Filename=hpqthb08.exe Description=Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time Source=Paul Collins Startup list [HP Info Express] Number=4431 Confirmed=N Filename=?? Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb Source=Paul Collins Startup list [HP Instant Support] Number=4432 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [HP Internet Center] Number=4433 Confirmed=N Filename=SURFBRD.EXE Description=Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them Source=Paul Collins Startup list [HP JetDiscovery] Number=4434 Confirmed=N Filename=HPJETDSC.EXE Description=HP JetAdmin software which monitors printing jobs on a network environment Source=Paul Collins Startup list [HP JetSpeed Autostart] Number=4435 Confirmed=N Filename=AUTOSTART.EXE Description=Autostart executable for the old multiplayer game HP Jetspeed Source=Paul Collins Startup list [HP Laser Jet Director] Number=4436 Confirmed=U Filename=hppdirector.exe Description=System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc Source=Paul Collins Startup list [HP Network Registry Agent] Number=4437 Confirmed=? Filename=hpnra.exe Description=?? Source=Paul Collins Startup list [HP OfficeJet Series xxx Startup] Number=4438 Confirmed=? Filename=HPOSTR03.EXE Description=xxx represents the series number - such as 700. What does it do and it it required? Source=Paul Collins Startup list [HP OfficeJet Series xxx Startup] Number=4439 Confirmed=? Filename=HPOstr05.exe Description=xxx represents the series number - such as 700. What does it do and it it required? Source=Paul Collins Startup list [HP Parallel Port Test] Number=4440 Confirmed=N Filename=hppt.exe Description=Associated with a HP ScanJet scanner Source=Paul Collins Startup list [HP Photo Manager] Number=4441 Confirmed=X Filename=HPPhotoManager.exe Description=Added by the SDBOT.AXU WORM! Source=Paul Collins Startup list [HP Port Resolver] Number=4442 Confirmed=? Filename=hpbpro.exe Description=?? Source=Paul Collins Startup list [HP Precision Scan] Number=4443 Confirmed=N Filename=hpmdlbwx.exe Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required Source=Paul Collins Startup list [HP Presentation Ready] Number=4444 Confirmed=N Filename=PresRdy.exe Description=HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" Source=Paul Collins Startup list [hp psc 2000 Series] Number=4445 Confirmed=U Filename=hpobnz08.exe Description=System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start Source=Paul Collins Startup list [HP RecordNow] Number=4446 Confirmed=U Filename=DockApp.exe Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [HP ScanPatch] Number=4447 Confirmed=U Filename=HPScanFix.exe Description=Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting Source=Paul Collins Startup list [HP ScanPicture] Number=4448 Confirmed=N Filename=hpsplmwa.exe Description=HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required Source=Paul Collins Startup list [HP SchedIndexer] Number=4449 Confirmed=U Filename=hppschedindexer.exe Description=Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup Source=Paul Collins Startup list [HP Service Drivers] Number=4450 Confirmed=X Filename=hdsys.exe Description=Added by the SDBOT-ZE WORM! Source=Paul Collins Startup list [hp Silent Service] Number=4451 Confirmed=? Filename=HpSrvUI.exe Description=HP related Source=Paul Collins Startup list [HP Simple Trax] Number=4452 Confirmed=N Filename=Hpcron.exe Description=Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon Source=Paul Collins Startup list [HP software update] Number=4453 Confirmed=N Filename=HPWuSchd2.exe Description=HP software updates. If a shortcut doesn't exist create your own and run it manually Source=Paul Collins Startup list [HP software update] Number=4454 Confirmed=N Filename=HPWuSchd.exe Description=HP software updates. If a shortcut doesn't exist, create your own and run it manually Source=Paul Collins Startup list [HP Status] Number=4455 Confirmed=N Filename=hpstatus.exe Description=HP Printer Status and Alerts Source=Paul Collins Startup list [HP Status Server] Number=4456 Confirmed=? Filename=hpboid.exe Description=Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required? Source=Paul Collins Startup list [HP TV Now] Number=4457 Confirmed=U Filename=HpTvNow.exe Description=Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) Source=Paul Collins Startup list [HP Update Assistant] Number=4458 Confirmed=X Filename=HPAware.exe Description=Added by the MRO TROJAN! Source=Paul Collins Startup list [HP Updates] Number=4459 Confirmed=N Filename=?? Description=On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb Source=Paul Collins Startup list [HP Visualize Init] Number=4460 Confirmed=? Filename=HpVisIni.exe Description=HP Visualize software related. What does it do and is it required? Source=Paul Collins Startup list [HP-Aio Flight] Number=4461 Confirmed=N Filename=Remind32.exe Description=HP multifunction registration Source=Paul Collins Startup list [HPADVISOR] Number=4462 Confirmed=U Filename=HPAdvisor.exe Description=HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs Source=Paul Collins Startup list [hpaiodevice] Number=4463 Confirmed=N Filename=hpodev07.exe Description=Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner Source=Paul Collins Startup list [HPAiODevice(hp officejet g series)] Number=4464 Confirmed=? Filename=hpoavn07.exe Description=HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required? Source=Paul Collins Startup list [HPAiODevice(hp psc 900 series) -1] Number=4465 Confirmed=N Filename=hpobrt07.exe Description=Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry Source=Paul Collins Startup list [HPAIO_PrintFolderMgr] Number=4466 Confirmed=N Filename=hpoopm07.exe Description=Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner Source=Paul Collins Startup list [HPBootOp] Number=4467 Confirmed=U Filename=HPBootOp.exe Description="HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance" Source=Paul Collins Startup list [hpcmd] Number=4468 Confirmed=X Filename=cmd.exe Description=Added by the ADCLICK-DS TROJAN! Source=Paul Collins Startup list [hpcmpmgr] Number=4469 Confirmed=N Filename=hpcmpmgr.exe Description=Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4470 Confirmed=U Filename=hpztsb01.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4471 Confirmed=U Filename=hpztsb02.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4472 Confirmed=U Filename=hpztsb04.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4473 Confirmed=U Filename=hpztsb05.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4474 Confirmed=U Filename=hpztsb07.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4475 Confirmed=U Filename=hpztsb09.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4476 Confirmed=U Filename=hpztsb06.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4477 Confirmed=U Filename=hpztsb08.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4478 Confirmed=U Filename=hpztsb03.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4479 Confirmed=U Filename=hpztsb10.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4480 Confirmed=U Filename=hpztsb11.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4481 Confirmed=U Filename=hpztsb12.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HPDJ Taskbar Utility] Number=4482 Confirmed=U Filename=hpztsb13.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpfsched] Number=4483 Confirmed=N Filename=hpfsched.exe Description=HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature Source=Paul Collins Startup list [HPGamesActiveMenu] Number=4484 Confirmed=U Filename=ActiveMenu.exe Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [hpgs2wnd] Number=4485 Confirmed=N Filename=hpgs2wnd.exe Description="HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites". Available via Start -> Programs Source=Paul Collins Startup list [Hpha1mon] Number=4486 Confirmed=U Filename=Hpha1mon.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [Hpha2mon] Number=4487 Confirmed=U Filename=Hpha2mon.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.1 to 3.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [Hpha3mon] Number=4488 Confirmed=U Filename=Hpha3mon.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 3.3.138 to 3.4.13 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [HPHmon03] Number=4489 Confirmed=U Filename=hphmon03.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [HPHmon04] Number=4490 Confirmed=U Filename=hphmon04.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 4.0 to 4.2 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [hphmon05] Number=4491 Confirmed=U Filename=hphmon05.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 5.0 to 5.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [HPHmon06] Number=4492 Confirmed=U Filename=hphmon06.exe Description=Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 6.0 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature Source=Paul Collins Startup list [Hphome] Number=4493 Confirmed=X Filename=hphome.js Description=Homepage hijacker Source=Paul Collins Startup list [HPHUPD04] Number=4494 Confirmed=N Filename=hphupd04.exe Description=HP software update checker and wizard launcher. Available via Start -> Programs Source=Paul Collins Startup list [HPHUPD05] Number=4495 Confirmed=N Filename=hphupd05.exe Description=HP software update checker and wizard launcher. Available via Start -> Programs Source=Paul Collins Startup list [HPHUPD06] Number=4496 Confirmed=U Filename=hphupd06.exe Description=HP software update checker and wizard launcher. Available via Start -> Programs Source=Paul Collins Startup list [HPHUPD07] Number=4497 Confirmed=N Filename=hphupd07.exe Description=HP software update checker and wizard launcher. Available via Start -> Programs Source=Paul Collins Startup list [HPHUPD08] Number=4498 Confirmed=N Filename=hphupd08.exe Description=HP software update checker and wizard launcher. Available via Start -> Programs Source=Paul Collins Startup list [hpjsiroute] Number=4499 Confirmed=? Filename=hpjsira.exe Description=Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" Source=Paul Collins Startup list [HPl Services] Number=4500 Confirmed=X Filename=hmlsvc32.exe Description=Added by the AGOBOT-SI WORM and variants! Source=Paul Collins Startup list [HpLamp] Number=4501 Confirmed=Y Filename=HPLAMP.EXE Description=HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on Source=Paul Collins Startup list [hplampc] Number=4502 Confirmed=U Filename=hplampc.exe Description=HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off Source=Paul Collins Startup list [HPLaptopGamesActiveMenu] Number=4503 Confirmed=U Filename=ActiveMenu.exe Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [HPLJ Config] Number=4504 Confirmed=Y Filename=SetConfig.exe Description=Connects system to networked HP printer. Source=Paul Collins Startup list [HPLogiFinder] Number=4505 Confirmed=U Filename=hp_finder.exe Description=HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used Source=Paul Collins Startup list [HpMmKbd] Number=4506 Confirmed=U Filename=HpMmKbd.exe Description=HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard Source=Paul Collins Startup list [HPMVTray] Number=4507 Confirmed=U Filename=HPMVTray.exe Description=HP Media Vault Networked Storage Device - System Tray management utility Source=Paul Collins Startup list [HPNT] Number=4508 Confirmed=X Filename=hpdll.exe Description=Malware downloader - detected by Kaspersky as the VB.KU TROJAN! Source=Paul Collins Startup list [hpodblia] Number=4509 Confirmed=N Filename=hpodblia.exe Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually Source=Paul Collins Startup list [hpoddt01.exe] Number=4510 Confirmed=N Filename=N/A Description=Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started Source=Paul Collins Startup list [hpoddt01.exe] Number=4511 Confirmed=U Filename=hpotdd01.exe Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products Source=Paul Collins Startup list [hpodlb08] Number=4512 Confirmed=N Filename=hpodlb08.exe Description=HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually Source=Paul Collins Startup list [hpotdd01.exe] Number=4513 Confirmed=Y Filename=hpotdd01.exe Description=Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" Source=Paul Collins Startup list [hpppt] Number=4514 Confirmed=Y Filename=hpppt.exe Description=Related to the drivers for HP ScanJet scanners Source=Paul Collins Startup list [hpppta] Number=4515 Confirmed=Y Filename=HPPPTA.exe Description=HP parallel port driver for certain hardware Source=Paul Collins Startup list [HpPrinter] Number=4516 Confirmed=X Filename=hpserver.exe Description=Added by the CMJSPY-W TROJAN! Source=Paul Collins Startup list [HPPROPTY] Number=4517 Confirmed=N Filename=HPPROPTY.EXE Description=HP LaserJet Toolbox Source=Paul Collins Startup list [HPPWRSAV] Number=4518 Confirmed=U Filename=HPPWRSAV.EXE Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch Source=Paul Collins Startup list [hpqcmon] Number=4519 Confirmed=? Filename=hpqcmon.exe Description=From HP and related to digital imaging Source=Paul Collins Startup list [HPSCANMonitor] Number=4520 Confirmed=U Filename=hpsjvxd.exe Description=HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner Source=Paul Collins Startup list [hpScannerFirstBoot] Number=4521 Confirmed=? Filename=scannerfb.exe Description=HP scanner related Source=Paul Collins Startup list [hpsjbmgr] Number=4522 Confirmed=N Filename=hpsjbmgr.exe Description=HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment Source=Paul Collins Startup list [HPStart] Number=4523 Confirmed=N Filename=hpstart.wsf Description=This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot Source=Paul Collins Startup list [hpsysconf1] Number=4524 Confirmed=X Filename=[random filename] Description=Added by a variant of the VIVIA.A TROJAN! Source=Paul Collins Startup list [hpsysdrv] Number=4525 Confirmed=U Filename=hpsysdrv.exe Description=This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working Source=Paul Collins Startup list [hptools] Number=4526 Confirmed=X Filename=hptools.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [hptools] Number=4527 Confirmed=X Filename=microsoft.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [HPU] Number=4528 Confirmed=N Filename=ProvenTactics.exe Description=Proven Internet Marketing software Source=Paul Collins Startup list [hpWirelessAssistant] Number=4529 Confirmed=U Filename=HP Wireless Assistant.exe Description=The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices Source=Paul Collins Startup list [hpWirelessAssistant] Number=4530 Confirmed=U Filename=HPWAMain.exe Description=Wireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLAN Source=Paul Collins Startup list [HPZTS04] Number=4531 Confirmed=N Filename=hpzts04.exe Description=Hewlett Packard printer toolbox shortcut that resides in the system tray Source=Paul Collins Startup list [hpztsb02] Number=4532 Confirmed=U Filename=hpztsb02.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpztsb04] Number=4533 Confirmed=U Filename=hpztsb04.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpztsb05] Number=4534 Confirmed=U Filename=hpztsb05.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpztsb07] Number=4535 Confirmed=U Filename=hpztsb07.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpztsb09] Number=4536 Confirmed=U Filename=hpztsb09.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [hpztsbol] Number=4537 Confirmed=U Filename=hpztsbol.exe Description=HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer Source=Paul Collins Startup list [HP_dla] Number=4538 Confirmed=N Filename=dlatray.exe Description=On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD Source=Paul Collins Startup list [HQI Services] Number=4539 Confirmed=X Filename=hqisvc32.exe Description=Added by the AGOBOT-RO WORM! Source=Paul Collins Startup list [HQI Services] Number=4540 Confirmed=X Filename=hqlsvc32.exe Description=Added by the AGOBOT-RP WORM! Source=Paul Collins Startup list [HR] Number=4541 Confirmed=U Filename=Hr.exe Description=HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it Source=Paul Collins Startup list [HREF.OCX] Number=4542 Confirmed=U Filename=regsvr32.exe ....HREF.OCX Description=HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller Source=Paul Collins Startup list [Hrn_qtv] Number=4543 Confirmed=X Filename=hrnsvc32.exe Description=Added by the SDBOT-AET WORM! Source=Paul Collins Startup list [hsim] Number=4544 Confirmed=X Filename=isearch.exe Description=Unidentified malware Source=Paul Collins Startup list [hsim] Number=4545 Confirmed=X Filename=sexgame.exe Description=Unidentified malware Source=Paul Collins Startup list [hsim] Number=4546 Confirmed=X Filename=toolbar.exe Description=Unidentified malware Source=Paul Collins Startup list [HSLAB Logger] Number=4547 Confirmed=U Filename=logger.exe Description=HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it Source=Paul Collins Startup list [HSON] Number=4548 Confirmed=U Filename=HSON.exe Description=Toshiba HotStart button support for instant-on entertainment on their laptops Source=Paul Collins Startup list [HSTrans] Number=4549 Confirmed=U Filename=hstrans.exe Description=Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen Source=Paul Collins Startup list [HsuGuiControl] Number=4550 Confirmed=? Filename=HsuGuiControl.exe Description=Part of the Starband Internet satellite client. What does it do and is it required? Source=Paul Collins Startup list [Hti] Number=4551 Confirmed=U Filename=npdor.exe Description=Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required Source=Paul Collins Startup list [HTML Help System] Number=4552 Confirmed=X Filename=hhs.pif Description=Added by the RBOT-ATB WORM! Source=Paul Collins Startup list [HTML32 Help System] Number=4553 Confirmed=X Filename=hhs32.pif Description=Added by the RBOT-ATE WORM! Source=Paul Collins Startup list [HTpatch] Number=4554 Confirmed=U Filename=htpatch.exe Description=HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% Source=Paul Collins Startup list [HtProtect] Number=4555 Confirmed=X Filename=AVprotect.exe Description=Added by the NETSKY.L WORM! Source=Paul Collins Startup list [htssv32.exe] Number=4556 Confirmed=X Filename=htssv32.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [HTTP Tunneling Server] Number=4557 Confirmed=X Filename=mstunnel.exe Description=Added by the RBOT.EDL WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4558 Confirmed=X Filename=LienVandeKelder.exe Description=Added by the MYTOB-AZ WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4559 Confirmed=X Filename=Lien Van de Kelder.exe Description=Added by the MYTOB-AP WORM and variants! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4560 Confirmed=X Filename=Lien Vande Kelder.exe Description=Added by the MYTOB-AQ WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4561 Confirmed=X Filename=Lien vd Kelder.exe Description=Added by the MYTOB-M WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4562 Confirmed=X Filename=Lien.exe Description=Added by the MYTOB-CZ WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4563 Confirmed=X Filename=Lientjeuh.exe Description=Added by the MYTOB-P WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4564 Confirmed=X Filename=LienVdK.exe Description=Added by the MYTOB-U WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4565 Confirmed=X Filename=Van de Kelder Lien.exe Description=Added by the MYTOB-BF WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.be] Number=4566 Confirmed=X Filename=We Love Lien Van de Kelder.exe Description=Added by the MYTOB-CV WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.com] Number=4567 Confirmed=X Filename=Lien Van de Kelder.exe Description=Added by the MYTOB-EQ WORM! Source=Paul Collins Startup list [http://www.lienvandekelder.com/] Number=4568 Confirmed=X Filename=LienVandeKelder.exe Description=Added by the MYTOB-EO WORM! Source=Paul Collins Startup list [httpd] Number=4569 Confirmed=X Filename=c_pan.exe Description=Added by a variant of the DELF-A TROJAN! Source=Paul Collins Startup list [httpd] Number=4570 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [httpd] Number=4571 Confirmed=X Filename=msgaol.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [httpd] Number=4572 Confirmed=X Filename=s_menu.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [httpd] Number=4573 Confirmed=X Filename=browse.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [httpd] Number=4574 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [https-ssl] Number=4575 Confirmed=X Filename=https.exe Description=Added by the MOEGA.D WORM! Source=Paul Collins Startup list [HughesNet Tools] Number=4576 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Tools is required to run with the Help and Support program. If you uncheck HughesNet Tools and then run Help and Support it will add another HughesNet Tools in the startup menu. If you remove the HughesNet Tools in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [huhdir] Number=4577 Confirmed=U Filename=HPPWRSAV.EXE Description=Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch Source=Paul Collins Startup list [huigezi] Number=4578 Confirmed=X Filename=HgzServer.exe Description=Added by the GRAYBIRD.C TROJAN! Source=Paul Collins Startup list [Hvewsveqmg] Number=4579 Confirmed=X Filename=ANACON.EXE Description=Added by the NACO.A WORM! Source=Paul Collins Startup list [Hvid] Number=4580 Confirmed=X Filename=Hvid.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [HWINFO*] Number=4581 Confirmed=X Filename=HWINFO* Description=Added by the PUROL WORM! where * is a random character Source=Paul Collins Startup list [HWinst] Number=4582 Confirmed=Y Filename=N/A Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out Source=Paul Collins Startup list [Hwp] Number=4583 Confirmed=X Filename=system_wc.exe Description=Eziin adware Source=Paul Collins Startup list [hws] Number=4584 Confirmed=X Filename=hws.exe Description=Added by the STARTPA-CT TROJAN! Source=Paul Collins Startup list [HWSetup] Number=4585 Confirmed=U Filename=HWSetup.exe hwSetUP Description="Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings Source=Paul Collins Startup list [hxadsec] Number=4586 Confirmed=X Filename=[path to trojan] Description=Added by the ADCLICK-AP TROJAN! Source=Paul Collins Startup list [HXDL.EXE] Number=4587 Confirmed=X Filename=HXDL.EXE Description=Attune HelpExpress - spyware. Disable and uninstall - see here Source=Paul Collins Startup list [HXIUL.EXE] Number=4588 Confirmed=X Filename=HXIUL.EXE Description=Attune HelpExpress - spyware. Disable and uninstall - see here Source=Paul Collins Startup list [HydarVisionDesktopManager] Number=4589 Confirmed=U Filename=desk95.exe Description=ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs Source=Paul Collins Startup list [HydraVisionDesktopManager] Number=4590 Confirmed=U Filename=desk98.exe Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup Source=Paul Collins Startup list [HydraVisionDesktopManager] Number=4591 Confirmed=U Filename=HydraDM.exe Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup Source=Paul Collins Startup list [HydraVisionViewport] Number=4592 Confirmed=U Filename=viewport.exe Description=ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup Source=Paul Collins Startup list [Hyper Start] Number=4593 Confirmed=X Filename=instantmsgrs.exe Description=Added by the RBOT-NH WORM! Source=Paul Collins Startup list [I am not Ranky. I am eTunnel!] Number=4594 Confirmed=X Filename=msyervice.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [I am not Ranky. I am eTunnel!] Number=4595 Confirmed=X Filename=winsys.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [I am not Ranky. I am eTunnel!] Number=4596 Confirmed=X Filename=disney.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [I just want to say I love Milko and I need a drink] Number=4597 Confirmed=X Filename=svchost.exe Description=Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Documents and Settings\Administrator\Local Settings\Application Data folder Source=Paul Collins Startup list [I-Worm.GiGu] Number=4598 Confirmed=X Filename=uGiG.eXe Description=Added by the GINK WORM! Source=Paul Collins Startup list [I/O Controllers] Number=4599 Confirmed=X Filename=svcnet.exe Description=Added by the TIBIK-B TROJAN! Source=Paul Collins Startup list [I386] Number=4600 Confirmed=X Filename=I386.exe Description=Added by the MYPOWER WORM! Source=Paul Collins Startup list [I81SHELL] Number=4601 Confirmed=? Filename=I81SHELL.exe Description=Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard Source=Paul Collins Startup list [i8kfangui] Number=4602 Confirmed=U Filename=i8kfangui.exe Description=Graphical interface for fan speed control Source=Paul Collins Startup list [IAAnotif] Number=4603 Confirmed=U Filename=iaanotif.exe Description=IAA Event Monitor User Notification Tool - part of Intel? Application Accelerator - "a performance software package for desktop PCs using select Intel? chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed Source=Paul Collins Startup list [iamapp] Number=4604 Confirmed=Y Filename=iamapp.exe Description=AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well Source=Paul Collins Startup list [Iamnacho On Irc.MusIrc.com Is a Homosexual!] Number=4605 Confirmed=X Filename=XBox64.exe Description=Added by the RANDEX.Y WORM! Source=Paul Collins Startup list [Iap] Number=4606 Confirmed=? Filename=iap.exe Description=Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? Source=Paul Collins Startup list [ias] Number=4607 Confirmed=U Filename=ias.exe Description=InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [IASHLPR] Number=4608 Confirmed=X Filename=IASHLPR.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [ibin] Number=4609 Confirmed=X Filename=[path to trojan] Description=Added by the PERDA-C TROJAN! Source=Paul Collins Startup list [ibm] Number=4610 Confirmed=X Filename=ibm.exe Description=Added by the LEGMIR-AH TROJAN! Source=Paul Collins Startup list [IBM Keyboard Driver] Number=4611 Confirmed=X Filename=ikeybdrv.exe Description=Added by the SDBOT.IC TROJAN! Source=Paul Collins Startup list [IBM Warranty Notification] Number=4612 Confirmed=? Filename=ERTS0749.exe Description=IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? Source=Paul Collins Startup list [ibmmessages] Number=4613 Confirmed=N Filename=ibmmessages.exe Description=Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport" Source=Paul Collins Startup list [Ibmmon.exe] Number=4614 Confirmed=? Filename=Ibmmon.exe Description=?? Source=Paul Collins Startup list [Ibmpmsvc] Number=4615 Confirmed=U Filename=ibmpmsvc.exe Description=Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes Source=Paul Collins Startup list [IBMPRC] Number=4616 Confirmed=? Filename=ibmprc.exe Description=IBM application - what does it do and is it required? Source=Paul Collins Startup list [IBMUltraBayHotSwapCPLLoader] Number=4617 Confirmed=U Filename=IBMBAY2N.EXE Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops Source=Paul Collins Startup list [IBMUltraBayHotSwapSound] Number=4618 Confirmed=? Filename=IBMBAYSN.EXE Description=Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? Source=Paul Collins Startup list [IBM_PWMGR] Number=4619 Confirmed=Y Filename=pwmgr.exe Description=IBM Password Manager Source=Paul Collins Startup list [Ibs] Number=4620 Confirmed=X Filename=ibs.exe Description=Added by the HIDEDIAL-B TROJAN! Source=Paul Collins Startup list [IBWin Background process] Number=4621 Confirmed=U Filename=IBackground.exe Description=IBackup for Windows Source=Paul Collins Startup list [IBWin Monitor] Number=4622 Confirmed=U Filename=IBMonitor.exe Description=IBackup for Windows Source=Paul Collins Startup list [IcaBar] Number=4623 Confirmed=Y Filename=icabar.exe Description=Related to Citrix MetaFrame Source=Paul Collins Startup list [icasServ] Number=4624 Confirmed=X Filename=icasServ.exe Description=Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN! Source=Paul Collins Startup list [icccomp] Number=4625 Confirmed=X Filename=[8 random letters].exe Description=Detected by Kaspersky as the ZHELATIN.EQ WORM! See here Source=Paul Collins Startup list [ICcontrol] Number=4626 Confirmed=X Filename=iccontrol.exe Description=Added by the ICcontrol premium rate adult content dialer Source=Paul Collins Startup list [icdd7ee6] Number=4627 Confirmed=X Filename=rundll32.exe icdd7ee6.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [icddefff] Number=4628 Confirmed=X Filename=rundll32.exe icddefff.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [ICH Synth] Number=4629 Confirmed=N Filename=eusexe.exe Description=Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices Source=Paul Collins Startup list [icifati] Number=4630 Confirmed=X Filename=yujixit.exe Description=Added by the SDBOT.ZZH WORM! Source=Paul Collins Startup list [iClean] Number=4631 Confirmed=U Filename=iClean.exe Description=IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy" Source=Paul Collins Startup list [ICM] Number=4632 Confirmed=U Filename=ICM.EXE Description=Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail Source=Paul Collins Startup list [iCn] Number=4633 Confirmed=N Filename=NAG.EXE Description=iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name Source=Paul Collins Startup list [ICO] Number=4634 Confirmed=U Filename=ICO.EXE Description=Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games Source=Paul Collins Startup list [Icon Animation] Number=4635 Confirmed=N Filename=HDE.EXE Description=Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons Source=Paul Collins Startup list [Icon Hearit 95] Number=4636 Confirmed=N Filename=hearit95.exe Description=Audio desktop customization utility from Moon Valley Software. Resource hog Source=Paul Collins Startup list [Icon Hearit 98] Number=4637 Confirmed=N Filename=hearit98.exe Description=Audio desktop customization utility from Moon Valley Software. Resource hog Source=Paul Collins Startup list [Icon lptt01] Number=4638 Confirmed=X Filename=icon.exe Description=RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Icon ml097e] Number=4639 Confirmed=X Filename=icon.exe Description=RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [iconcache] Number=4640 Confirmed=Y Filename=icon.bat Description=Related to the Vista Customization Pack Source=Paul Collins Startup list [ICONCLNT] Number=4641 Confirmed=Y Filename=iconclnt.exe Description=APC PowerChute Tray Icon. Associated with the UPS listing Source=Paul Collins Startup list [ICONDESK] Number=4642 Confirmed=U Filename=ICONDESK.EXE Description=Small utility which will allow you the option of hiding or showing your desktop icons Source=Paul Collins Startup list [Iconfig.exe] Number=4643 Confirmed=N Filename=Iconfig.exe Description=Icon for LS-120 "Superdisk" Source=Paul Collins Startup list [iConfigLoader] Number=4644 Confirmed=X Filename=DIIhost.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Iconoid] Number=4645 Confirmed=N Filename=Iconoid.exe Description=Iconoid is a desktop icon manager Source=Paul Collins Startup list [Iconsaver] Number=4646 Confirmed=N Filename=Iconsaver.exe Description=IconSaver is a desktop icon manager Source=Paul Collins Startup list [ICQ] Number=4647 Confirmed=X Filename=ICQNET.vbs Description=Added by the GORMLEZ-A WORM! Source=Paul Collins Startup list [ICQ Agent] Number=4648 Confirmed=X Filename=icq6.exe Description=Added by the AGENT-FZJ TROJAN! Source=Paul Collins Startup list [ICQ Center] Number=4649 Confirmed=X Filename=[path to worm] Description=Added by the RANDIN WORM! Source=Paul Collins Startup list [ICQ Chat Service] Number=4650 Confirmed=X Filename=icqjdhs.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [ICQ Hacking Pro] Number=4651 Confirmed=X Filename=ICQpro.exe Description=Added by a variant of the NETSPY TROJAN! Source=Paul Collins Startup list [ICQ Lite] Number=4652 Confirmed=N Filename=ICQLite.exe Description=ICQ Lite - compact version of the popular messaging program Source=Paul Collins Startup list [icq lite] Number=4653 Confirmed=X Filename=scvhost.exe Description=Added by the AGENT-DSF TROJAN! Source=Paul Collins Startup list [icq lite] Number=4654 Confirmed=X Filename=winlog.exe Description=Added by the IRCBOT-TJ TROJAN! Source=Paul Collins Startup list [ICQ Lite Messenger] Number=4655 Confirmed=X Filename=[random filename] Description=Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory Source=Paul Collins Startup list [ICQ Messenger 2002] Number=4656 Confirmed=X Filename=ICQ2002.exe Description=Added by the SDBOT-ABL WORM! Source=Paul Collins Startup list [ICQ Net] Number=4657 Confirmed=X Filename=winlogon.exe Description=Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [ICQ Plus] Number=4658 Confirmed=N Filename=vplus.exe Description=ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs Source=Paul Collins Startup list [IcqBeta] Number=4659 Confirmed=X Filename=webcamupdate.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [ICQNet] Number=4660 Confirmed=X Filename=winlogon.exe Description=Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder Source=Paul Collins Startup list [icrosof Avps32 Control] Number=4661 Confirmed=X Filename=av32.pif Description=Added by the RBOT-AVC WORM! Source=Paul Collins Startup list [icrosoft Visual] Number=4662 Confirmed=X Filename=plscx.exe Description=Added by the RBOT-AYO WORM! Source=Paul Collins Startup list [icrosoft Visual InterDevc] Number=4663 Confirmed=X Filename=zvslmqb.exe Description=Added by the RBOT-AYP WORM! Source=Paul Collins Startup list [icrosoft Windows DLL Services Configuration] Number=4664 Confirmed=X Filename=poker3.exe Description=Added by the SDBOT-AER WORM! Source=Paul Collins Startup list [icrosoftf Avpx Control] Number=4665 Confirmed=X Filename=avpx.exe Description=Added by the RBOT-AYN WORM! Source=Paul Collins Startup list [ICSDCLT] Number=4666 Confirmed=U Filename=rundll32.exe Icsdclt.dll, ICSClient Description=Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines Source=Paul Collins Startup list [ICServer] Number=4667 Confirmed=N Filename=Icserver.exe Description=Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations Source=Paul Collins Startup list [ICSMGR] Number=4668 Confirmed=Y Filename=ICSMGR.EXE Description=Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers Source=Paul Collins Startup list [ICU-Sucker] Number=4669 Confirmed=X Filename=Service32.exe Description=Added by the ILLNOTIFIER.D TROJAN! Source=Paul Collins Startup list [IC_KEY_3] Number=4670 Confirmed=N Filename=spvic.exe Description=Instant Chess related Source=Paul Collins Startup list [ID Commander] Number=4671 Confirmed=N Filename=IDCom.exe Description=Caller ID utility for identifying incoming telephone numbers Source=Paul Collins Startup list [ID8525] Number=4672 Confirmed=X Filename=ID8525.exe Description=Added by the ID8525.A TROJAN! Source=Paul Collins Startup list [ID8525] Number=4673 Confirmed=X Filename=id85255.exe Description=Added by the ID8525.A TROJAN! Source=Paul Collins Startup list [IDA] Number=4674 Confirmed=? Filename=IDA.EXE Description=HP related - in a Program FilesHewlett-PackardPC COE folder Source=Paul Collins Startup list [IDE] Number=4675 Confirmed=X Filename=ide.exe Description=Added by the ASSASIN.F TROJAN! Source=Paul Collins Startup list [IDE Loader] Number=4676 Confirmed=X Filename=IDElibr32.exe Description=Added by the XILON TROJAN! Related to the game "Diablo II" Source=Paul Collins Startup list [idecntl] Number=4677 Confirmed=X Filename=idecntl.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [iDesktop] Number=4678 Confirmed=U Filename=idesktop.exe Description=Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse Source=Paul Collins Startup list [idlesam] Number=4679 Confirmed=X Filename=[8 random letters].exe Description=Detected by Kaspersky as the ZHELATIN.EQ WORM! See here Source=Paul Collins Startup list [IDMan] Number=4680 Confirmed=N Filename=IDMan.exe Description=Internet Download Manager - download files faster, schedule and resume Source=Paul Collins Startup list [idmlssp] Number=4681 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [IDTemplates] Number=4682 Confirmed=X Filename=IDTemplate.exe Description=Added by the BRONTOK-H WORM! Source=Paul Collins Startup list [IDW Logging Tool] Number=4683 Confirmed=N Filename=idwlog.exe Description=Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems Source=Paul Collins Startup list [IE configure] Number=4684 Confirmed=X Filename=explorer.exe Description=Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! Source=Paul Collins Startup list [IE Doctor] Number=4685 Confirmed=U Filename=IEDoctor.exe Description=IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" Source=Paul Collins Startup list [IE Java Update] Number=4686 Confirmed=X Filename=iejava.exe Description=Added by the AGENT-HD TROJAN! Source=Paul Collins Startup list [IE Menu Extension toolbar] Number=4687 Confirmed=X Filename=rundll32.exe [path] tbextn.dll DllShowTB Description=Topconverting.com\180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [IE New Window Maximizer] Number=4688 Confirmed=U Filename=iemaximizer.exe Description=IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows Source=Paul Collins Startup list [IE Runtime] Number=4689 Confirmed=X Filename=wini.exe Description=Added by the PICRATE.B WORM! Source=Paul Collins Startup list [IE Runtimes] Number=4690 Confirmed=X Filename=winis.exe Description=Added by the RBOT-ADZ TROJAN! Source=Paul Collins Startup list [IE**.exe [* = random char]] Number=4691 Confirmed=X Filename=IE**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [IE**32.exe [* = random char]] Number=4692 Confirmed=X Filename=IE**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [IE-Bar] Number=4693 Confirmed=X Filename=iebar.exe Description=DesktopMedia adware Source=Paul Collins Startup list [IE6] Number=4694 Confirmed=X Filename=wkstmg.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [IE6] Number=4695 Confirmed=X Filename=ssmss.exe Description=Added by the GAOBOT.DXO WORM! Source=Paul Collins Startup list [IE6] Number=4696 Confirmed=X Filename=porn.pif Description=Added by the RBOT-ATF WORM! Source=Paul Collins Startup list [IE6] Number=4697 Confirmed=X Filename=winsnt.exe Description=Added by the RBOT-GOV WORM! Source=Paul Collins Startup list [IEACCESS] Number=4698 Confirmed=X Filename=temp532.exe Description=AsdPlug premium rate adult content dialer variant Source=Paul Collins Startup list [IEACCESS] Number=4699 Confirmed=X Filename=surfya.exe Description=IEAccess premium rate adult content dialer variant Source=Paul Collins Startup list [IEAgent update check] Number=4700 Confirmed=X Filename=iewatch.exe Description=Added by the BOMKA TROJAN! Source=Paul Collins Startup list [iecheck] Number=4701 Confirmed=N Filename=iecheck.exe Description=Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2 Source=Paul Collins Startup list [IECheck] Number=4702 Confirmed=X Filename=MSDTCs.exe Description=Added by the TIRBOT-D WORM! Source=Paul Collins Startup list [IECheck] Number=4703 Confirmed=X Filename=xpssl.exe Description=Added by the TIRBOT-E WORM! Source=Paul Collins Startup list [IECheck] Number=4704 Confirmed=X Filename=mssvp.exe Description=Added by the TIRBOT-G WORM! Source=Paul Collins Startup list [IECleanAux] Number=4705 Confirmed=U Filename=Ieboot6.exe Description=IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup Source=Paul Collins Startup list [iedll] Number=4706 Confirmed=X Filename=iedll.exe Description=Homepage hijacker, redirecting to coolwwwsearch.com Source=Paul Collins Startup list [IEDriver] Number=4707 Confirmed=X Filename=IEDriver.exe Description=Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze Source=Paul Collins Startup list [IEDriver] Number=4708 Confirmed=X Filename=xplore.exe Description=IEDriver adware variant Source=Paul Collins Startup list [IEDriver] Number=4709 Confirmed=X Filename=TD.exe Description=IEDriver adware variant Source=Paul Collins Startup list [iedwa104] Number=4710 Confirmed=X Filename=iedwa104.exe Description=Added by the DLOADR-BBW TROJAN! Source=Paul Collins Startup list [IEengine] Number=4711 Confirmed=X Filename=IEeng.exe Description=STARTPAG.AI hijacker Source=Paul Collins Startup list [IEexplorer AUpdate] Number=4712 Confirmed=X Filename=IEexplore32.exe Description=Added by the RBOT-GRE WORM! Source=Paul Collins Startup list [IEFeatures] Number=4713 Confirmed=X Filename=IEFeatures.exe Description=Added by the POPMON.A TROJAN! - also known as PopMonster adware Source=Paul Collins Startup list [IEFeatures] Number=4714 Confirmed=X Filename=Internetfeatures.exe Description=Added by the POPMON.A TROJAN! - also known as PopMonster adware Source=Paul Collins Startup list [IefxTray] Number=4715 Confirmed=X Filename=IefxTray.exe Description=Added by the RILER-H TROJAN! Source=Paul Collins Startup list [ieharv.exe] Number=4716 Confirmed=X Filename=ieharv.exe Description=Added by the BANKER-HH TROJAN! Source=Paul Collins Startup list [Iehelper] Number=4717 Confirmed=X Filename=syslaunch.exe Description=Outwar adware downloader Source=Paul Collins Startup list [iel2cde8] Number=4718 Confirmed=X Filename=rundll32.exe iel2cde8.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [ielcaabe] Number=4719 Confirmed=X Filename=rundll32.exe ielcaabe.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [IELoader32] Number=4720 Confirmed=X Filename=iexplore32.exe Description=Added by the SPEX or SPEX.B WORMS! Source=Paul Collins Startup list [Iesar] Number=4721 Confirmed=X Filename=Iesar.exe Description=Browser hijacker - redirecting to an adult web page Source=Paul Collins Startup list [Iesearch.exe] Number=4722 Confirmed=X Filename=Iesearch.exe Description=LookNSearch adware Source=Paul Collins Startup list [IESet] Number=4723 Confirmed=X Filename=IExplorer.dll Description=Added by the PWS-BLUEDIT TROJAN! Source=Paul Collins Startup list [iesetupi.exe] Number=4724 Confirmed=X Filename=iesetupi.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [iestart] Number=4725 Confirmed=X Filename=iexp1orer.exe Description=Added by the NEMOG.C TROJAN! Source=Paul Collins Startup list [ietsr] Number=4726 Confirmed=N Filename=ietsr.exe Description=IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc Source=Paul Collins Startup list [ieupdate] Number=4727 Confirmed=X Filename=MCP****.exe [**** = random char] Description=Added by the ASOXY TROJAN! Source=Paul Collins Startup list [ieupdate] Number=4728 Confirmed=X Filename=mcpdll32.exe Description=Adware downloader trojan Source=Paul Collins Startup list [ieupdates] Number=4729 Confirmed=X Filename=ieupdates.exe Description=Added by a number of TROJANS such as DWNLDR-HGI and AGENT-HGA and the Antivirus 2009 rogue security software - see here Source=Paul Collins Startup list [IEXPL0RER] Number=4730 Confirmed=X Filename=IEXPL0RER.EXE Description=Added by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o" Source=Paul Collins Startup list [iexplo] Number=4731 Confirmed=X Filename=iexplor.exe Description=Added by the SIDEA TROJAN! Source=Paul Collins Startup list [IExploer] Number=4732 Confirmed=X Filename=svshosts.exe Description=Added by the IRCBOT.BT TROJAN! Source=Paul Collins Startup list [Iexploit] Number=4733 Confirmed=X Filename=Iexploit.html Description=Added by the INKER.B WORM! Source=Paul Collins Startup list [iexplor.exe] Number=4734 Confirmed=X Filename=iexplor.exe Description=Added by an unidentified WORM or TROJAN! See here Source=Paul Collins Startup list [Iexplore] Number=4735 Confirmed=X Filename=iexplore.exe Description=Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [IEXPLORE] Number=4736 Confirmed=X Filename=iexplore.exe Description=Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [IExplore] Number=4737 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in a "Custom" subfolder Source=Paul Collins Startup list [IEXPLORE] Number=4738 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [iExplore Ini] Number=4739 Confirmed=X Filename=ie4uini.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Iexplore Services] Number=4740 Confirmed=X Filename=iexplore.exe Description=Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [IEXPLORE.EXE] Number=4741 Confirmed=X Filename=[path to trojan] Description=Added by the BANCOS-CJ TROJAN! Source=Paul Collins Startup list [IEXPLORE.EXE] Number=4742 Confirmed=X Filename=goot.exe Description=Added by the BIFROSE-C TROJAN! Source=Paul Collins Startup list [IExplorer] Number=4743 Confirmed=X Filename=Iexplor32.exe Description=Added by the BDOOR-BY TROJAN! Source=Paul Collins Startup list [IExplorer] Number=4744 Confirmed=X Filename=IExplorer.EXE Description=Added by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [IEXPLORER] Number=4745 Confirmed=X Filename=msiecfg.exe Description=Added by the JU or BANCBAN-IP TROJANS! Source=Paul Collins Startup list [Iexplorer] Number=4746 Confirmed=X Filename=explorer.exe Description=Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [iexplorer lptt01] Number=4747 Confirmed=X Filename=iexplorer.exe Description=RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [iexplorer ml097e] Number=4748 Confirmed=X Filename=iexplorer.exe Description=RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Iexplorer.exe] Number=4749 Confirmed=X Filename=Iexplorer.exe Description=Added by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [IExplorer32 Java Scripting] Number=4750 Confirmed=X Filename=IExplore32b.exe Description=Added by the RBOT.ABO WORM! Source=Paul Collins Startup list [IExplorer32c Java Scripting] Number=4751 Confirmed=X Filename=IExplore32cb.exe Description=Added by the RBOT.ABN WORM! Source=Paul Collins Startup list [IExplorer6 Java Scripting] Number=4752 Confirmed=X Filename=IExplore326.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [IExplorer7 Java Scripting] Number=4753 Confirmed=X Filename=IExplore327.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [IExplorerService] Number=4754 Confirmed=X Filename=WinSock.exe Description=Detected by Kaspersky as the AGENT.KIU TROJAN! See here Source=Paul Collins Startup list [iExpresser] Number=4755 Confirmed=X Filename=iexpresser.exe Description=Detected by Trend Micro as the SLENFBOT.AP WORM! See here Source=Paul Collins Startup list [ifp] Number=4756 Confirmed=X Filename=ipf.exe Description=Added by the CLAGGER-AG TROJAN! Source=Paul Collins Startup list [ifperx] Number=4757 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [IFSplash.exe] Number=4758 Confirmed=U Filename=IFSplash.exe Description=I-FORCE driver for force feedback steering wheel Source=Paul Collins Startup list [igamatu] Number=4759 Confirmed=X Filename=ekor.exe Description=Added by the SDBOT.AQ TROJAN! Source=Paul Collins Startup list [igamatu] Number=4760 Confirmed=X Filename=atecaca.exe Description=Added by the IRCBOT.R WORM! Source=Paul Collins Startup list [igfxtray] Number=4761 Confirmed=U Filename=igfxtray.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [Iglpbv] Number=4762 Confirmed=? Filename=Iglpbv.exe Description=?? Source=Paul Collins Startup list [igndlm.exe] Number=4763 Confirmed=N Filename=DLM.exe Description=IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser Source=Paul Collins Startup list [igsex2x] Number=4764 Confirmed=X Filename=igsex2x.exe Description=NewDial premium rate adult content dialler Source=Paul Collins Startup list [iHP-100] Number=4765 Confirmed=? Filename=iHPDetect.exe Description=Drive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time? Source=Paul Collins Startup list [iilc] Number=4766 Confirmed=X Filename=IILC.EXE Description=Homepage hijacker Source=Paul Collins Startup list [Iinl] Number=4767 Confirmed=X Filename=iptl.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [IISADMINS] Number=4768 Confirmed=X Filename=systems.exe Description=Added by the AGOBOT.U WORM! Source=Paul Collins Startup list [iisvers] Number=4769 Confirmed=X Filename=iisvers.exe Description=Added by an unidentified TROJAN or adware Source=Paul Collins Startup list [iiuyvyu] Number=4770 Confirmed=X Filename=uzcx.exe Description=Added by the AGENT-EOF TROJAN! Source=Paul Collins Startup list [iIWiper] Number=4771 Confirmed=N Filename=Systemwiper.exe Description=System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis Source=Paul Collins Startup list [IJ75P2PSERVER] Number=4772 Confirmed=Y Filename=IJ75P2PS.EXE Description=Printer utility which is required in order to make the printer work correctly Source=Paul Collins Startup list [IKE Service 95] Number=4773 Confirmed=Y Filename=IKEService.exe Description=Associated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anything Source=Paul Collins Startup list [iKeyWorks] Number=4774 Confirmed=U Filename=IKEYMAIN.EXE Description=A4Tech wireless keyboard driver and utility Source=Paul Collins Startup list [IKL] Number=4775 Confirmed=U Filename=rundll32.exe [path] IKL.dll Description=IKL surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [iLLeGaL] Number=4776 Confirmed=X Filename=Mplayer.exe Description=Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename Source=Paul Collins Startup list [iLLeGaL.exe] Number=4777 Confirmed=X Filename=Mplayer.exe Description=Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename Source=Paul Collins Startup list [ILO_Office_Manager] Number=4778 Confirmed=? Filename=IntEdReg.exe /OFFMAN Description=Intense Educational Ltd - Language Office Software. Is it required? Source=Paul Collins Startup list [iLyric] Number=4779 Confirmed=U Filename=iLyric.exe Description=iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button Source=Paul Collins Startup list [iM Start Center] Number=4780 Confirmed=N Filename=iM_Tray.exe Description=Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner Source=Paul Collins Startup list [Image] Number=4781 Confirmed=X Filename=rundll32 image.dll, Install Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [Image & Restore] Number=4782 Confirmed=Y Filename=IMAGE32.exe Description=Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run Source=Paul Collins Startup list [Image Remote Players] Number=4783 Confirmed=X Filename=sysvn.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Image Transfer] Number=4784 Confirmed=N Filename=SonyTray.exe Description=Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually Source=Paul Collins Startup list [ImageDrive-{hex numbers}] Number=4785 Confirmed=U Filename=ImageDrive.exe Description=Nero ImageDrive from Ahead - virtual CD/DVD drive software Source=Paul Collins Startup list [Imagefox] Number=4786 Confirmed=U Filename=imagefox.exe Description=ImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes Source=Paul Collins Startup list [Imagemgt32] Number=4787 Confirmed=X Filename=Imagemgt32.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [ImagePath] Number=4788 Confirmed=X Filename=taskbarmngr.exe Description=Added by the SDBOT-XB WORM! Source=Paul Collins Startup list [ImageTune] Number=4789 Confirmed=U Filename=dthtml.exe Description=Display Tune (aka Image Tune) from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP Source=Paul Collins Startup list [IMAPI] Number=4790 Confirmed=X Filename=load.exe Description=Added by the DOWNDEL-A TROJAN! Source=Paul Collins Startup list [iMarkup Client] Number=4791 Confirmed=N Filename=iUtil.exe Description=Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs Source=Paul Collins Startup list [Imatio] Number=4792 Confirmed=U Filename=imation.exe Description=Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive Source=Paul Collins Startup list [imchat] Number=4793 Confirmed=X Filename=imchat.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [IMClass] Number=4794 Confirmed=X Filename=Svhosl.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [imcssl] Number=4795 Confirmed=X Filename=xmliwvug.exe Description=Detected by Kaspersky as the SLAPER.U TROJAN! See here Source=Paul Collins Startup list [imekrig] Number=4796 Confirmed=N Filename=imekrig.exe Description=Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) Source=Paul Collins Startup list [IMEKRMIG6.1] Number=4797 Confirmed=N Filename=IMEKRMIG.EXE Description=Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean) Source=Paul Collins Startup list [Imesh] Number=4798 Confirmed=N Filename=?? Description=Imesh is a file sharing system Source=Paul Collins Startup list [Imesh Auto Update] Number=4799 Confirmed=N Filename=?? Description=Update check for the Imesh file sharing system. Turn the update off under "options" Source=Paul Collins Startup list [IMEvtMgr.exe] Number=4800 Confirmed=X Filename=IMEvtMgr.exe Description=Added by the KEYLOG-AR TROJAN! Source=Paul Collins Startup list [ImgIcon] Number=4801 Confirmed=U Filename=ImgIcon.exe Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running Source=Paul Collins Startup list [imgit] Number=4802 Confirmed=X Filename=[path to file] Description=Added by the BANKER-EM TROJAN! Source=Paul Collins Startup list [ImgStart] Number=4803 Confirmed=N Filename=ImgStart.exe Description=Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs Source=Paul Collins Startup list [ImgTask] Number=4804 Confirmed=N Filename=Imgtask.exe Description=Related to WalletPix digital photo album. "On some computers, the Wallet Pix device will leave behind a memory-resident file called ImgTask.exe. This file will be located in the operating system directory on your computer (typically C:\windows or C:\winnt). You can remove this file at any time and it will not impact your computer’s performance or functionality. The file will be restored each time you plug in the Wallet Pix though" Source=Paul Collins Startup list [Imjpmig*.*] Number=4805 Confirmed=N Filename=IMJPMIG.EXE Description=Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). *.* represents the version number Source=Paul Collins Startup list [IMJPMIG8.2] Number=4806 Confirmed=X Filename=msime82.exe Description=Added by the VB-CYG WORM! Source=Paul Collins Startup list [immcheck.exe] Number=4807 Confirmed=? Filename=immcheck.exe Description=Related to I-FORCE driver for force feedback steering wheel? Source=Paul Collins Startup list [ImMsn] Number=4808 Confirmed=X Filename=timed.exe Description=Added by the WEBDOR.AK TROJAN! Source=Paul Collins Startup list [IMOL] Number=4809 Confirmed=U Filename=IMOLApp.exe Description=IncrediMail for Office Outlook Add-On Source=Paul Collins Startup list [Imonitor] Number=4810 Confirmed=N Filename=Plguni.exe Description=McAfee QuickClean 3.0 - removes internet clutter and unwanted programs Source=Paul Collins Startup list [imonitor] Number=4811 Confirmed=X Filename=[path to trojan] Description=Added by the IMONI-A TROJAN! Source=Paul Collins Startup list [IMONTRAY] Number=4812 Confirmed=U Filename=imontray.exe Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards Source=Paul Collins Startup list [IMprocess] Number=4813 Confirmed=X Filename=IM-svr.EXE Description=IMNames adware Source=Paul Collins Startup list [IMStart] Number=4814 Confirmed=U Filename=IMStart.exe Description=InterMute security software related Source=Paul Collins Startup list [IMVU] Number=4815 Confirmed=U Filename=IMVUClient.exe Description=IMVU chat client that allows you to create "your own avatars who chat in animated 3D scenes" Source=Paul Collins Startup list [imwinsrvc] Number=4816 Confirmed=X Filename=acpmonsrv.exe Description=Added by the SLAPER.E TROJAN! Source=Paul Collins Startup list [IMwire] Number=4817 Confirmed=X Filename=imwireup.exe Description=SafeSurfing adware variant Source=Paul Collins Startup list [imxecs] Number=4818 Confirmed=X Filename=vbrun70sp4.exe Description=Added by the AGOBOT.ALA WORM! Source=Paul Collins Startup list [im_autorn] Number=4819 Confirmed=X Filename=im_1.exe Description=Added by the IMAV.A WORM! Source=Paul Collins Startup list [im_autorn] Number=4820 Confirmed=X Filename=im_2.exe Description=Added by the BAGLEDL-BO TROJAN! Source=Paul Collins Startup list [InCD] Number=4821 Confirmed=Y Filename=incd.exe Description=Ahead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows Source=Paul Collins Startup list [IncMail] Number=4822 Confirmed=N Filename=IncMail.exe Description="IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" Source=Paul Collins Startup list [InControl Desktop Manager] Number=4823 Confirmed=N Filename=DMHKEY.EXE Description=For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs Source=Paul Collins Startup list [Incredimail] Number=4824 Confirmed=N Filename=incredimail.exe Description="IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" Source=Paul Collins Startup list [Incredimail] Number=4825 Confirmed=N Filename=IncMail.exe Description="IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality" Source=Paul Collins Startup list [Index Service] Number=4826 Confirmed=X Filename=dllhost32.exe Description=Added by the AGOBOT.CH WORM! Source=Paul Collins Startup list [Index Washer] Number=4827 Confirmed=U Filename=WashIdx.exe Description=Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG Source=Paul Collins Startup list [Indexindicator] Number=4828 Confirmed=X Filename=Indexindicator.exe Description=Added by the LAZAR TROJAN! Source=Paul Collins Startup list [IndexSearch] Number=4829 Confirmed=N Filename=IndexSearch.exe Description=Associated with PaperPort scanner software from ScanSoft Source=Paul Collins Startup list [IndexTray] Number=4830 Confirmed=U Filename=IndexTray.exe Description=Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents" Source=Paul Collins Startup list [IndicatorUty] Number=4831 Confirmed=U Filename=IndicatorUty.exe Description=Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed Source=Paul Collins Startup list [ine] Number=4832 Confirmed=X Filename=svchosts.exe Description=Added by the RBOT.BNL WORM! Source=Paul Collins Startup list [INET] Number=4833 Confirmed=X Filename=inetsync.exe Description=Meplex adware Source=Paul Collins Startup list [Inet DataBase] Number=4834 Confirmed=X Filename=Inetdbs.exe Description=Added by the QEDS WORM! Source=Paul Collins Startup list [Inet Delivery] Number=4835 Confirmed=X Filename=inetdl.exe Description=Inet Delivery adware Source=Paul Collins Startup list [Inet Delivery] Number=4836 Confirmed=X Filename=inetdl_2.exe Description=Inet Delivery adware Source=Paul Collins Startup list [Inetapi] Number=4837 Confirmed=X Filename=Netapi.exe Description=Added by the NETDEVIL.14 TROJAN! Source=Paul Collins Startup list [inetcntrl] Number=4838 Confirmed=U Filename=inetcntrl.exe Description=Bsafe Online - internet filter Source=Paul Collins Startup list [InetConf] Number=4839 Confirmed=? Filename=inetconf.exe Description=?? Source=Paul Collins Startup list [Inetd] Number=4840 Confirmed=U Filename=INETD32.EXE Description=Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation Source=Paul Collins Startup list [inetinfo.exe] Number=4841 Confirmed=U Filename=inetinfo.exe Description=Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) Source=Paul Collins Startup list [inetinfomon manager] Number=4842 Confirmed=X Filename=inetinfomon.exe Description=Added by the DONBOMB.A TROJAN! Source=Paul Collins Startup list [inetmgr] Number=4843 Confirmed=X Filename=inetmgr.exe Description=Actual Names (AdvSearch) Internet Keywords parasite Source=Paul Collins Startup list [InetMSN] Number=4844 Confirmed=X Filename=msnet.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [InetServices] Number=4845 Confirmed=X Filename=wsock32.exe Description=Added by the WOCK32-A TROJAN! Source=Paul Collins Startup list [infamous.exe] Number=4846 Confirmed=X Filename=wmplayer.exe Description=Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup. Infamous.exe is identified by Panda antivirus as Trj/Briss.A Source=Paul Collins Startup list [InfeStop] Number=4847 Confirmed=X Filename=InfeStopRemover.exe Description=InfeStop spyware remover - not recommended, see here Source=Paul Collins Startup list [Info Select] Number=4848 Confirmed=U Filename=is.exe Description=Info Select from Micro Logic - personal information manager Source=Paul Collins Startup list [Info32x] Number=4849 Confirmed=X Filename=Info32x.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [InfoData] Number=4850 Confirmed=X Filename=rundll32.exe ********.dll, realset [* = random char] Description=Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [InfoPenMSN] Number=4851 Confirmed=U Filename=InfoPenIM.exe Description=InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand Source=Paul Collins Startup list [Infoplay.exe] Number=4852 Confirmed=? Filename=Infoplay.exe Description=Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? Source=Paul Collins Startup list [Information Update] Number=4853 Confirmed=X Filename=iu.exe Description=Detected by Kaspersky as the CENTIM.CH TROJAN! Source=Paul Collins Startup list [Infra-red Monitor] Number=4854 Confirmed=U Filename=IRMON.EXE Description=System Tray access to infra-red devices. Not required unless you use infra-red devices Source=Paul Collins Startup list [infus] Number=4855 Confirmed=X Filename=infus.exe Description=Adult content dialler Source=Paul Collins Startup list [Infuzer] Number=4856 Confirmed=U Filename=Infuzer.exe Description=Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities" Source=Paul Collins Startup list [infwin] Number=4857 Confirmed=X Filename=infwin.exe Description=VX2.Transponder parasite updater/installer related Source=Paul Collins Startup list [Init32] Number=4858 Confirmed=X Filename=Init32.exe Description=Added by the WINEX.A TROJAN! Source=Paul Collins Startup list [Initial Page] Number=4859 Confirmed=X Filename=install.exe Description=EasySearch browser hijack installer Source=Paul Collins Startup list [Initialize8x8] Number=4860 Confirmed=Y Filename=8x8_init.exe Description=Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay Source=Paul Collins Startup list [injob] Number=4861 Confirmed=X Filename=injobs.exe Description=Added by the BINJO TROJAN! Source=Paul Collins Startup list [Ink Monitor] Number=4862 Confirmed=N Filename=InkMonitor.exe Description=Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line Source=Paul Collins Startup list [InkWatch] Number=4863 Confirmed=N Filename=InkWatch.exe Description=Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line Source=Paul Collins Startup list [InoRPC] Number=4864 Confirmed=Y Filename=InoRpc.exe Description=Associated with eTrust Antivirus/InoculateIT Source=Paul Collins Startup list [InoRT] Number=4865 Confirmed=Y Filename=InoRT9x.exe Description=Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage Source=Paul Collins Startup list [InoTask] Number=4866 Confirmed=U Filename=InoTask.exe Description=Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates Source=Paul Collins Startup list [iNotice] Number=4867 Confirmed=X Filename=iservice.exe Description=Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos Source=Paul Collins Startup list [insCOA5] Number=4868 Confirmed=? Filename=insCOA5.exe Description=?? Source=Paul Collins Startup list [Insider] Number=4869 Confirmed=X Filename=Insider.exe Description=Detected by PCTools as the AGENT.KMC TROJAN! See here Source=Paul Collins Startup list [InstaAlert] Number=4870 Confirmed=U Filename=InstaAlert.exe Description="Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly" Source=Paul Collins Startup list [Instafinder] Number=4871 Confirmed=X Filename=instafinder.exe Description=TopSearch.D adware Source=Paul Collins Startup list [InstaFinderK] Number=4872 Confirmed=X Filename=InstaFinderK inst.exe Description=InstaFinder adware Source=Paul Collins Startup list [Install] Number=4873 Confirmed=X Filename=Install.exe Description=Added by the BANCBAN-HG TROJAN! Source=Paul Collins Startup list [Install part II] Number=4874 Confirmed=X Filename=updates.exe Description=Added by the RELFEERWORM! Source=Paul Collins Startup list [Install Pending Files] Number=4875 Confirmed=? Filename=sifxinst.exe Description=Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required? Source=Paul Collins Startup list [InstallAurealDemos] Number=4876 Confirmed=N Filename=InstallAurealDemos.js Description=Used to initialize the Aureal A3D demos InstallShield wizard Source=Paul Collins Startup list [InstallBuddy] Number=4877 Confirmed=U Filename=Ibtna.exe Description=InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync Source=Paul Collins Startup list [InstallCleaner] Number=4878 Confirmed=X Filename=InstallCleaner.exe Description=Added by the ANYHOMB.F TROJAN! Source=Paul Collins Startup list [Installed shell32.dll] Number=4879 Confirmed=X Filename=Office.exe... Description=Added by the LOVGATE.AO WORM! Source=Paul Collins Startup list [Installed shell32.dll] Number=4880 Confirmed=X Filename=Office.exe Description=Added by the LOVGATE.E WORM! Source=Paul Collins Startup list [Installer] Number=4881 Confirmed=X Filename=dial.exe Description=Malware - detected by Kaspersky as the AGENT.MM TROJAN! Source=Paul Collins Startup list [InstallNAIProduct] Number=4882 Confirmed=? Filename=SETUP.EXE Description=Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? Source=Paul Collins Startup list [InstallProvider] Number=4883 Confirmed=X Filename=newsoftware2007install.exe Description=WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here Source=Paul Collins Startup list [Installs SP2] Number=4884 Confirmed=X Filename=[path] repcale.exe [path] palsp.exe Description=Added by a variant of the RANDON.AN WORM! Source=Paul Collins Startup list [Installstub] Number=4885 Confirmed=U Filename=installstub.exe Description=Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone Source=Paul Collins Startup list [Instance 001] Number=4886 Confirmed=X Filename=[path to worm] Description=Added by the ALASROU-A WORM! Source=Paul Collins Startup list [Instant Access] Number=4887 Confirmed=X Filename=rundll32.exe EGDHTML_1023.dll, InstantAccess Description=InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Instant Access] Number=4888 Confirmed=X Filename=rundll32.exe eg_auth_****.dll, InstantAccess [**** = digits] Description=InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Instant Access] Number=4889 Confirmed=X Filename=rundll32.exe EGCOMLIB_****.dll, InstantAccess [**** = digits] Description=InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Instant Access] Number=4890 Confirmed=X Filename=rundll32.exe EGCOMSERVICE_****.dll, InstantAccess [**** = digits] Description=InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Instant Access] Number=4891 Confirmed=X Filename=rundll32.exe p2esocks_****.dll, InstantAccess [**** = digits] Description=InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Instant Access] Number=4892 Confirmed=X Filename=mwsrvacc.exe Description=InstantAccess premium rate adult content dialer Source=Paul Collins Startup list [Instant Access] Number=4893 Confirmed=X Filename=linewsrv.exe Description=InstantAccess premium rate adult content dialer variant Source=Paul Collins Startup list [Instant Buzz Daemon] Number=4894 Confirmed=X Filename=IBDaemon.exe Description=Instant Buzz adware Source=Paul Collins Startup list [Instant Messenger Service] Number=4895 Confirmed=X Filename=imservice.exe Description=Detected by Kaspersky as the HEUR TROJAN! Source=Paul Collins Startup list [Instant Update Center] Number=4896 Confirmed=N Filename=reminder.exe Description=From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner Source=Paul Collins Startup list [Instant Wireless Configuration Utility] Number=4897 Confirmed=U Filename=WUSB11cfg.exe Description=Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration Source=Paul Collins Startup list [Instant Wireless Configuration Utility] Number=4898 Confirmed=U Filename=WPC11Cfg.exe Description=Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration Source=Paul Collins Startup list [InstantAccess] Number=4899 Confirmed=N Filename=INSTAN~1.EXE Description=From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs Source=Paul Collins Startup list [InstantDrive] Number=4900 Confirmed=U Filename=InstantDrive.exe Description=Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software Source=Paul Collins Startup list [InstantPleasure] Number=4901 Confirmed=X Filename=instantpleasure.exe Description=Adult content dialler Source=Paul Collins Startup list [InstantPleasureXXX] Number=4902 Confirmed=X Filename=instantpleasurexxx.exe Description=Adult content dialler Source=Paul Collins Startup list [InstantTray] Number=4903 Confirmed=N Filename=PCLETray.exe Description=Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually Source=Paul Collins Startup list [instit] Number=4904 Confirmed=X Filename=instit.bat Description=Added by the OPASERV.H WORM! Source=Paul Collins Startup list [instit] Number=4905 Confirmed=X Filename=INSTIT.BAT Description=Added by the OPASERV.K WORM! Source=Paul Collins Startup list [InstUtlR.exe] Number=4906 Confirmed=? Filename=InstUtlR.exe Description=?? Source=Paul Collins Startup list [intdctrr] Number=4907 Confirmed=X Filename=idctup20.exe Description=SafeSurfing adware variant Source=Paul Collins Startup list [Intec Service Drivers] Number=4908 Confirmed=X Filename=msmsgrs.exe Description=Added by the SDBOT-ADN WORM! Source=Paul Collins Startup list [Intec Service Drivers] Number=4909 Confirmed=X Filename=[path to worm] Description=Added by the RBOT-GLU WORM! Source=Paul Collins Startup list [Intec Service Drivers] Number=4910 Confirmed=X Filename=wing32.exe Description=Added by the RBOT.HAZ WORM! Source=Paul Collins Startup list [Intec Services Driverrs] Number=4911 Confirmed=X Filename=winrvc.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [IntegardTray] Number=4912 Confirmed=U Filename=IntegardTray.exe Description=System Tray access to Integardparental control software from Race River Corp Source=Paul Collins Startup list [Intel Active Monitor] Number=4913 Confirmed=U Filename=imontray.exe Description=System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards Source=Paul Collins Startup list [Intel Audio Studio V2.0] Number=4914 Confirmed=X Filename=fmideploy.exe Description=Detected by VBA32 as the BIFROSE.ADR TROJAN! Source=Paul Collins Startup list [Intel Driver] Number=4915 Confirmed=X Filename=csrs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Intel File Transfer] Number=4916 Confirmed=U Filename=xfr.exe Description=Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients Source=Paul Collins Startup list [Intel PDS] Number=4917 Confirmed=U Filename=pds.exe Description=Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled Source=Paul Collins Startup list [Intel Product Number Utility] Number=4918 Confirmed=U Filename=IntelProcNumUtility.exe Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here Source=Paul Collins Startup list [Intel PROSet Tray Icon] Number=4919 Confirmed=N Filename=promon.exe Description=System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features Source=Paul Collins Startup list [Intel Service Drivers] Number=4920 Confirmed=X Filename=msconfig16.exe Description=Added by the MSCONFIG16 TROJAN! Source=Paul Collins Startup list [Intel system tool] Number=4921 Confirmed=X Filename=hookdump.exe Description=Added by the SPYRE-H TROJAN! Source=Paul Collins Startup list [Intel system tool] Number=4922 Confirmed=X Filename=winnook.exe Description=Added by the SPYRE-C TROJAN! Source=Paul Collins Startup list [Intel system tool] Number=4923 Confirmed=X Filename=svehost.exe Description=Added by the AGENT-EBT TROJAN! Source=Paul Collins Startup list [Intel system works] Number=4924 Confirmed=X Filename=iis.exe Description=Added by the RBOT.QGA WORM! Source=Paul Collins Startup list [Intel(R) Common User Interface] Number=4925 Confirmed=U Filename=igfxtray.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel Source=Paul Collins Startup list [Intel(R) Common User Interface] Number=4926 Confirmed=U Filename=hkcmd.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel Source=Paul Collins Startup list [Intel(R) Common User Interface] Number=4927 Confirmed=N Filename=igfxpers.exe Description=Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required Source=Paul Collins Startup list [intel32.exe] Number=4928 Confirmed=U Filename=itLoad.exe Description=Praize IM Christian chat instant messenger Source=Paul Collins Startup list [IntelAPMClient] Number=4929 Confirmed=U Filename=amclient.exe Description=LANDesk Management Suite software component Source=Paul Collins Startup list [IntelAudioStudio] Number=4930 Confirmed=N Filename=IntelAudioStudio.exe Description="Intel Audio Studio combines Intel? High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with Intel motherboards Source=Paul Collins Startup list [InteliSys] Number=4931 Confirmed=X Filename=smss.exe Description=Advertisingvision adware! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [intell32.exe] Number=4932 Confirmed=X Filename=intell32.exe Description=Added by the SmitFraud alias Desktophijack.C TROJAN! Source=Paul Collins Startup list [intell321.exe] Number=4933 Confirmed=X Filename=intell321.exe Description=Added by the SPYJACK-B TROJAN! Source=Paul Collins Startup list [Intelliflag_be.exe] Number=4934 Confirmed=X Filename=Intelliflag_be.exe Description=Added by the Intelliflag SPYWARE! Source=Paul Collins Startup list [IntelliPoint] Number=4935 Confirmed=N Filename=misitray.exe Description=Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions Source=Paul Collins Startup list [IntelliPoint] Number=4936 Confirmed=U Filename=ipoint.exe Description=Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features Source=Paul Collins Startup list [Intellitype] Number=4937 Confirmed=U Filename=type32.exe Description=For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them Source=Paul Collins Startup list [IntelMEM] Number=4938 Confirmed=U Filename=IntelMEM.exe Description=Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line Source=Paul Collins Startup list [IntelProcNumUtility] Number=4939 Confirmed=U Filename=cpunumber.exe Description=Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here Source=Paul Collins Startup list [IntelWireless] Number=4940 Confirmed=Y Filename=ifrmewrk.exe Description=Associated with the Intel PRO/Set Wireless software Source=Paul Collins Startup list [IntelZeroConfig] Number=4941 Confirmed=U Filename=ZCfgSvc.exe Description=Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled Source=Paul Collins Startup list [Intense Registry Service] Number=4942 Confirmed=? Filename=IntEdReg.exe /CHECK Description=Intense Educational Ltd - Language Office Software. Is it required? Source=Paul Collins Startup list [InterceptedSystem] Number=4943 Confirmed=X Filename=[path to worm] Description=Added by the ANACON-B WORM! Source=Paul Collins Startup list [InterCheck Monitor] Number=4944 Confirmed=Y Filename=Icmon.exe Description=Part of Sophos ant-virus sofware Source=Paul Collins Startup list [InterCheckMonitor] Number=4945 Confirmed=Y Filename=ICMON.EXE Description=Part of Sophos anti-virus sofware Source=Paul Collins Startup list [Interdll] Number=4946 Confirmed=X Filename=Interdll.exe Description=Added by the DELF family of TROJANS! Source=Paul Collins Startup list [Internal] Number=4947 Confirmed=X Filename=[trojan filename] Description=Added by the SMOTHER and TRANSLAT TROJANS! Source=Paul Collins Startup list [Internal] Number=4948 Confirmed=X Filename=regedit.exe /s %windir%c:\[month number] Description=Added by the FORTNIGHT.D TROJAN! Source=Paul Collins Startup list [Internal Memory File] Number=4949 Confirmed=X Filename=sysintmemory.exe Description=Added by the RBOT-GKT WORM! Source=Paul Collins Startup list [InternalSystray] Number=4950 Confirmed=X Filename=Kazza.exe Description=Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) Source=Paul Collins Startup list [internat] Number=4951 Confirmed=X Filename=internat.exe Description=Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir% Source=Paul Collins Startup list [Internat] Number=4952 Confirmed=X Filename=systray.exe Description=Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file Source=Paul Collins Startup list [Internat] Number=4953 Confirmed=X Filename=msgsrv32.exe Description=Added by the NYRUBOT-A WORM! Source=Paul Collins Startup list [Internat] Number=4954 Confirmed=X Filename=[trojan filename] Description=Added by the CMJSPY-Y TROJAN! Source=Paul Collins Startup list [Internat Conf] Number=4955 Confirmed=X Filename=bootconf.exe Description=Homepage hijacker, redirecting to coolwwwsearch.com; see for example here Source=Paul Collins Startup list [internat.exe] Number=4956 Confirmed=N Filename=internat.exe Description=Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder Source=Paul Collins Startup list [Internat.exe] Number=4957 Confirmed=X Filename=internat.exe Description=Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon Source=Paul Collins Startup list [internct] Number=4958 Confirmed=X Filename=WinSocks5.exe Description=Added by the GRAYBIRD.F TROJAN! Source=Paul Collins Startup list [internet] Number=4959 Confirmed=X Filename=smss.exe Description=Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [Internet] Number=4960 Confirmed=X Filename=Internet.exe Description=Added by the PWS-CS TROJAN! Source=Paul Collins Startup list [Internet] Number=4961 Confirmed=X Filename=recruit.exe Description=Added by the RBOT-AJG WORM! Source=Paul Collins Startup list [internet] Number=4962 Confirmed=X Filename=[trojan filename].exe Description=Added by the MIFENG-D TROJAN! Source=Paul Collins Startup list [Internet] Number=4963 Confirmed=X Filename=winlogom.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Internet] Number=4964 Confirmed=X Filename=nteusodp.exe Description=Added by the RBOT-GFJ WORM! Source=Paul Collins Startup list [internet] Number=4965 Confirmed=X Filename=winsas32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [internet] Number=4966 Confirmed=X Filename=lsass.exe Description=Added by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Internet] Number=4967 Confirmed=X Filename=alm7tas.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Internet] Number=4968 Confirmed=X Filename=wins.exe Description=Detected by PCTools as the RBOT.AAYF WORM! See here Source=Paul Collins Startup list [Internet Answering Machine] Number=4969 Confirmed=U Filename=IAMNET~1.EXE Description=From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access Source=Paul Collins Startup list [Internet Answering Machine] Number=4970 Confirmed=U Filename=IAM.exe Description=From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access Source=Paul Collins Startup list [Internet Application Driver] Number=4971 Confirmed=X Filename=expIorer.exe Description=Added by the IRCBOT-WK TROJAN! Source=Paul Collins Startup list [Internet Call Director] Number=4972 Confirmed=U Filename=ICD.EXE Description=TELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the Internet Source=Paul Collins Startup list [Internet Call Manager] Number=4973 Confirmed=U Filename=ICM.EXE Description=Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail Source=Paul Collins Startup list [Internet Config] Number=4974 Confirmed=X Filename=svchosts.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [Internet Connection Wizard] Number=4975 Confirmed=X Filename=stisvsq.exe Description=EasySearch adware Source=Paul Collins Startup list [Internet Connection Wizard] Number=4976 Confirmed=X Filename=[path to trojan] Description=Added by the SMUTSRCH-A TROJAN! Source=Paul Collins Startup list [Internet Connection Wizard] Number=4977 Confirmed=X Filename=stisvsq1.exe Description=Added by the DLOADR-AWD TROJAN! Source=Paul Collins Startup list [Internet Content Publisher] Number=4978 Confirmed=X Filename=ICP.EXE Description=Added by the RBOT-UD WORM! Source=Paul Collins Startup list [Internet Disk Cleaner] Number=4979 Confirmed=U Filename=CLEARH~1.EXE Description="Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities" Source=Paul Collins Startup list [Internet Download Accelerator] Number=4980 Confirmed=U Filename=ida.exe Description=Internet Download Accelerator download manager Source=Paul Collins Startup list [Internet download manager service] Number=4981 Confirmed=X Filename=idman.exe Description=Added by the RBOT-BMS WORM! Source=Paul Collins Startup list [Internet Exploere Services] Number=4982 Confirmed=X Filename=urlmon32.dll.exe Description=Added by the EVIAN.C WORM! Source=Paul Collins Startup list [Internet Explore Microsoft] Number=4983 Confirmed=X Filename=lEXPLORE.EXE Description=Added by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [Internet Explorer] Number=4984 Confirmed=X Filename=iexplorer.exe Description=Added by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Internet Explorer] Number=4985 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Internet Explorer] Number=4986 Confirmed=X Filename=IExplorer.exe Description=Added by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Internet Explorer] Number=4987 Confirmed=X Filename=http.exe Description=Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed Source=Paul Collins Startup list [Internet Explorer] Number=4988 Confirmed=X Filename=iexpiore.exe Description=Added by the RBOT-AZC WORM! Source=Paul Collins Startup list [Internet Explorer Configuration] Number=4989 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Internet Explorer Security] Number=4990 Confirmed=X Filename=iexplore.pif Description=Added by the RBOT-ALQ WORM! Source=Paul Collins Startup list [Internet Explorer Updater] Number=4991 Confirmed=X Filename=lexbac.exe Description=Added by the DOWNLOAD TROJAN! Source=Paul Collins Startup list [Internet Explorer Updater] Number=4992 Confirmed=X Filename=iexplorer.exe Description=Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Internet Explorer6] Number=4993 Confirmed=X Filename=IEexplore.exe Description=Added by the RBOT.AGC WORM. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Internet Firewall Layer] Number=4994 Confirmed=X Filename=tsqla.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Internet History Eraser] Number=4995 Confirmed=U Filename=HERASER.exe Description=Internet History Eraser - deletes your browsing tracks Source=Paul Collins Startup list [Internet Loader1] Number=4996 Confirmed=X Filename=MSInstall61.exe Description=Added by the KWBOT.B WORM! Source=Paul Collins Startup list [Internet Mail and News] Number=4997 Confirmed=X Filename=msqdevl.exe Description=EasySearch adware Source=Paul Collins Startup list [Internet Mail and News] Number=4998 Confirmed=X Filename=[path to trojan] Description=Added by the SMUTSRCH-A TROJAN! Source=Paul Collins Startup list [Internet Mail and News] Number=4999 Confirmed=X Filename=msqdevl1.exe Description=Added by the DLOADR-AWD TROJAN! Source=Paul Collins Startup list [Internet Optimizer] Number=5000 Confirmed=X Filename=optimize.exe Description=Internet Optimizer parasite - detected by Sophos as the DLUCA-G TROJAN and variants Source=Paul Collins Startup list [Internet Protocol Configuration Loader] Number=5001 Confirmed=X Filename=ipcl32.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [Internet Security Service] Number=5002 Confirmed=X Filename=msq32.exe Description=Added by the RBOT-GFP WORM! Source=Paul Collins Startup list [Internet Security Service] Number=5003 Confirmed=X Filename=msq23.exe Description=Added by the RBOT-GQL WORM! Source=Paul Collins Startup list [Internet Security Service] Number=5004 Confirmed=X Filename=msql23.exe Description=Added by the RBOT-GML WORM! Source=Paul Collins Startup list [Internet Security Service] Number=5005 Confirmed=X Filename=mysqlwin32.exe Description=Detected by Trend Micro as the RBOT.UX TROJAN! See here Source=Paul Collins Startup list [Internet Send] Number=5006 Confirmed=X Filename=More log.exe Description=Unidentfied adware Source=Paul Collins Startup list [Internet Server] Number=5007 Confirmed=X Filename=inetsrv.exe Description=Added by the STARTPA-EM TROJAN! Source=Paul Collins Startup list [Internet Service] Number=5008 Confirmed=X Filename=intersvc.exe Description=Added by the SPYBOT-DE WORM! Source=Paul Collins Startup list [internet service] Number=5009 Confirmed=X Filename=syscfg32.exe Description=Added by the RBOT-QS WORM! Source=Paul Collins Startup list [internet service] Number=5010 Confirmed=X Filename=ssvhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [internet service] Number=5011 Confirmed=X Filename=svho0st98.exe Description=Added by the RBOT.EAT WORM! Source=Paul Collins Startup list [Internet Services] Number=5012 Confirmed=X Filename=systemdev.exe Description=Added by the SDBOT-PW WORM! Source=Paul Collins Startup list [Internet Services] Number=5013 Confirmed=X Filename=internet.exe Description=Added by the MYTOB.BT WORM! Source=Paul Collins Startup list [Internet Services] Number=5014 Confirmed=X Filename=interserv.exe Description=Added by the RBOT.BNT WORM! Source=Paul Collins Startup list [Internet Services] Number=5015 Confirmed=X Filename=Netsvc.exe Description=Added by the MYTOB.MN WORM! Source=Paul Collins Startup list [INTERNET SERVISES] Number=5016 Confirmed=X Filename=winz32.exe Description=Added by the KWBOT.Z WORM! Source=Paul Collins Startup list [Internet Sharing Server] Number=5017 Confirmed=Y Filename=iss_srvr.exe Description=Intel AnyPoint internet sharing software. Now discontinued Source=Paul Collins Startup list [Internet Suspention] Number=5018 Confirmed=X Filename=story.exe Description=Added by the WOOTBOT.HV WORM! Source=Paul Collins Startup list [Internet Sweeper] Number=5019 Confirmed=N Filename=Sweeper.exe Description=Internet Sweeper - removes unnecessart left over files after browsing the internet Source=Paul Collins Startup list [Internet Timer] Number=5020 Confirmed=U Filename=ITIMER.exe Description=Shareware dial-up connection call cost calculator from Ratsoft Source=Paul Collins Startup list [Internet Washer Pro] Number=5021 Confirmed=X Filename=iw.exe Description=Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 Source=Paul Collins Startup list [Internet.exe] Number=5022 Confirmed=X Filename=Internet.exe Description=Added by the MAGICCALL VIRUS! Source=Paul Collins Startup list [internet.exe] Number=5023 Confirmed=X Filename=yinyin3345.vbs Description=Added by the YINI MACRO! Source=Paul Collins Startup list [Internet2 Optimizer] Number=5024 Confirmed=X Filename=wkfix.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [InternetCalls] Number=5025 Confirmed=N Filename=InternetCalls.exe Description=InternetCalls - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [InternetExplorer2] Number=5026 Confirmed=X Filename=windows.exe Description=Added by the SDBOT-CZP WORM! Source=Paul Collins Startup list [InternetExplorer32] Number=5027 Confirmed=X Filename=iexplore32.exe Description=Added by the RBOT-GRA WORM! Source=Paul Collins Startup list [InternetShield] Number=5028 Confirmed=X Filename=INTERN~1.EXE Description=InternetShield misleading security software - not recommended, see here Source=Paul Collins Startup list [InternetSpy] Number=5029 Confirmed=U Filename=InternetSpy.exe Description=Internet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself! Source=Paul Collins Startup list [InternetWasherPro] Number=5030 Confirmed=X Filename=iw.exe Description=Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003 Source=Paul Collins Startup list [INTERNET_SERVISES] Number=5031 Confirmed=X Filename=winz32.exe Description=Added by the SDBOT.Q TROJAN! Source=Paul Collins Startup list [InternodeUsage] Number=5032 Confirmed=U Filename=mum.exe Description=Australian ISP's free monthly download meter Source=Paul Collins Startup list [Internt] Number=5033 Confirmed=X Filename=Internt.exe Description=Added by the PEEPER or CARUFAX.A TROJANS! Source=Paul Collins Startup list [Intersoft Msngr] Number=5034 Confirmed=X Filename=intersoftmsngr.exe Description=Added by the AGOBOT-NW WORM! Source=Paul Collins Startup list [InterTrust Quick Start] Number=5035 Confirmed=N Filename=it_cpq~1.exe Description=InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business Source=Paul Collins Startup list [InterU] Number=5036 Confirmed=X Filename=WINDRV.EXE Description=Added by the IRCINTER.A TROJAN! Source=Paul Collins Startup list [Intervideo Win Cinema Manager] Number=5037 Confirmed=N Filename=WinCinemaMgr.exe Description=WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs Source=Paul Collins Startup list [Intervideo Win Cinema Manager] Number=5038 Confirmed=N Filename=WINCIN~1.EXE Description=WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs Source=Paul Collins Startup list [Intervideo WinCinema Manager] Number=5039 Confirmed=N Filename=WinCinemaMgr.exe Description=WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs Source=Paul Collins Startup list [Intervideo WinCinema Manager] Number=5040 Confirmed=N Filename=WINCIN~1.EXE Description=WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs Source=Paul Collins Startup list [Intervideo WinScheduler] Number=5041 Confirmed=N Filename=WinScheduler.exe Description=WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs Source=Paul Collins Startup list [Intervideo WinScheduler] Number=5042 Confirmed=N Filename=SchSvr.exe Description=WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs Source=Paul Collins Startup list [InterVoip] Number=5043 Confirmed=N Filename=InterVoip.exe Description=InterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [InterWARN] Number=5044 Confirmed=U Filename=interwarn.exe Description=InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs Source=Paul Collins Startup list [Intespention] Number=5045 Confirmed=X Filename=IEXPLORE.exe Description=Added by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Intmgr] Number=5046 Confirmed=X Filename=Intmgr.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [intranet] Number=5047 Confirmed=X Filename=SYS32CFG.EXE Description=Added by the SPYBOT-DW WORM! Source=Paul Collins Startup list [Intranet] Number=5048 Confirmed=X Filename=intranet.exe Description=Added by the CHIMOZ.AC TROJAN! Source=Paul Collins Startup list [Intranet] Number=5049 Confirmed=X Filename=schost.exe Description=Detected by Kaspersky as the RBOT.SV BACKDOOR! See here Source=Paul Collins Startup list [Intranet Explorer] Number=5050 Confirmed=X Filename=[random filename] Description=Detected by Trend Micro as the POEBOT.DK BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Intrenat] Number=5051 Confirmed=X Filename=Intrenat.exe Description=Added by the LEMIR.E TROJAN! Source=Paul Collins Startup list [Introducing Media Manager] Number=5052 Confirmed=N Filename=SPLASHA.EXE Description=MS Media Manager tour. Not required Source=Paul Collins Startup list [Introduction-Registration] Number=5053 Confirmed=N Filename=?? Description=For Compaq PC's. Should only run first time, PC Introduction & Compaq registration Source=Paul Collins Startup list [IntruderAlert] Number=5054 Confirmed=X Filename=ia99.exe Description=Intruder Alert '99 from Bonzi - spyware Source=Paul Collins Startup list [IntSys1] Number=5055 Confirmed=X Filename=[path to trojan] Description=Added by the BANLOA-ASE TROJAN! Source=Paul Collins Startup list [Inventory Scan] Number=5056 Confirmed=U Filename=LDISCN32.EXE Description=LANDesk Management_Suite software component Source=Paul Collins Startup list [Ioadqm] Number=5057 Confirmed=X Filename=Media Player.exe Description=Added by the HAWAWI WORM! Source=Paul Collins Startup list [iobi] Number=5058 Confirmed=N Filename=iobiClient.exe Description=iobi Home - a mail/voice service by Verizon Source=Paul Collins Startup list [iolo AntiVirus] Number=5059 Confirmed=Y Filename=ioloAV.exe Description=iolo AntiVirus Source=Paul Collins Startup list [iolo Personal Firewall] Number=5060 Confirmed=Y Filename=ioloFW.exe Description=iolo Personal Firewall Source=Paul Collins Startup list [Iolo Task Agent] Number=5061 Confirmed=U Filename=Task_Agent.exe Description=Iolo System Mechanic Task Agent. Scheduled maintenance Source=Paul Collins Startup list [iolo Utility Bar] Number=5062 Confirmed=N Filename=SMUtilityBar.exe Description=Iolo System Mechanic Utility Bar - can be launched manually Source=Paul Collins Startup list [ioloDelayModule] Number=5063 Confirmed=U Filename=delay.exe Description=Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads Source=Paul Collins Startup list [Iomega Automatic Backup] Number=5064 Confirmed=U Filename=ibackup.exe Description=Iomega Automatic Backup - automatic backups for use with Iomega portable HDD Source=Paul Collins Startup list [Iomega Automatic Backup 1.0.1] Number=5065 Confirmed=U Filename=ibackup.exe Description=Iomega Automatic Backup - automatic backups for use with Iomega portable HDD Source=Paul Collins Startup list [Iomega Backup Scheduler] Number=5066 Confirmed=N Filename=dtiom98.exe Description=Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs Source=Paul Collins Startup list [Iomega Disk Icons] Number=5067 Confirmed=U Filename=IMGICON.EXE Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running Source=Paul Collins Startup list [Iomega Drive Icons] Number=5068 Confirmed=U Filename=IMGICON.EXE Description=Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running Source=Paul Collins Startup list [Iomega ImIconXP] Number=5069 Confirmed=U Filename=imiconxp.exe Description=Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks Source=Paul Collins Startup list [Iomega QuickSync] Number=5070 Confirmed=? Filename=Quicksync.exe Description=?? Source=Paul Collins Startup list [Iomega Startup Options] Number=5071 Confirmed=N Filename=IMGSTART.EXE Description=Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs Source=Paul Collins Startup list [Iomega Watch] Number=5072 Confirmed=N Filename=IOWATCH.EXE Description=Used by Iomega drives. Available via Start -> Programs Source=Paul Collins Startup list [IomegaWare] Number=5073 Confirmed=N Filename=COMMANDER.EXE Description=Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs Source=Paul Collins Startup list [Iomon98.exe] Number=5074 Confirmed=U Filename=Iomon98.exe Description=PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang Source=Paul Collins Startup list [ioroxxo microsoft sux] Number=5075 Confirmed=X Filename=system32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [IP Packet Redirect Service ] Number=5076 Confirmed=X Filename=ipredirect.exe Description=Added by the FORBOT.SM WORM! Source=Paul Collins Startup list [IP Stack] Number=5077 Confirmed=X Filename=ipstack.exe Description=Added by the AGOBOT.CW WORM! Source=Paul Collins Startup list [IP**.exe [* = random char]] Number=5078 Confirmed=X Filename=IP**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [IP**32.exe [* = random char]] Number=5079 Confirmed=X Filename=IP**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [iPalm] Number=5080 Confirmed=N Filename=mon.exe Description=Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded Source=Paul Collins Startup list [IPC Connection] Number=5081 Confirmed=X Filename=ipcconn.exe Description=Added by the RBOT-AEG WORM! Source=Paul Collins Startup list [IPC Spool Manager] Number=5082 Confirmed=X Filename=wnmgre.exe Description=Added by the SDBOT-ZC WORM! Source=Paul Collins Startup list [IPC Spool Manager] Number=5083 Confirmed=X Filename=winspec.exe Description=Added by the SDBOT-BLU WORM! Source=Paul Collins Startup list [ipcfg.exe] Number=5084 Confirmed=X Filename=ipcfg.exe Description=Adware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN! Source=Paul Collins Startup list [IPConfig] Number=5085 Confirmed=X Filename=svcxnv32.exe Description=Added by the HACARMY.E TROJAN! Source=Paul Collins Startup list [IPConfig] Number=5086 Confirmed=X Filename=svcxnw32.exe Description=Added by a variant of the HACARMY.E TROJAN! Source=Paul Collins Startup list [IpCtrl] Number=5087 Confirmed=X Filename=ipcon32.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [IPFW] Number=5088 Confirmed=X Filename=ipwf.exe Description=Added by the DLOADER-YF TROJAN! Source=Paul Collins Startup list [IPHSend] Number=5089 Confirmed=? Filename=IPHSend.exe Description=AOL related. What does it do and is it required? Source=Paul Collins Startup list [IPInSightLAN 0*] Number=5090 Confirmed=X Filename=ipclient.exe Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resources. * represents 1 or 2 Source=Paul Collins Startup list [IPInSightMonitor 0*] Number=5091 Confirmed=N Filename=ipmon32.exe Description=Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. * represents 1 or 2 Source=Paul Collins Startup list [IPinst] Number=5092 Confirmed=Y Filename=N/A Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out Source=Paul Collins Startup list [IPLog Security] Number=5093 Confirmed=X Filename=iplogsec.exe Description=Detected by Trend Micro as the IRCBOT.GP BACKDOOR! See here Source=Paul Collins Startup list [iPlusAgent2] Number=5094 Confirmed=? Filename=iAgent2.exe Description=Related to iriver portable media products. What does it do and is it required? Source=Paul Collins Startup list [ipmon.exe] Number=5095 Confirmed=X Filename=ipmon.exe Description=Added by the RECERV or R3C.B TROJANS! Source=Paul Collins Startup list [IpNetwork] Number=5096 Confirmed=X Filename=ipnetwork.exe Description=Maxifiles adware Source=Paul Collins Startup list [Ipnuker] Number=5097 Confirmed=X Filename=Ipnuker.vbs Description=Added by the INKER.B WORM! Source=Paul Collins Startup list [IPO3] Number=5098 Confirmed=N Filename=IP Operator 2005.exe Description=IP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single button Source=Paul Collins Startup list [Ipod Help] Number=5099 Confirmed=X Filename=[9 random letters].exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [iPOD USB Driver] Number=5100 Confirmed=X Filename=IPODUSB.EXE Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [iPod USB Service] Number=5101 Confirmed=X Filename=iPODService.exe Description=Added by a variant of the RBOT WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program Files\iPod\bin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup! Source=Paul Collins Startup list [iPodManager] Number=5102 Confirmed=U Filename=iPodManager.exe Description=Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods Source=Paul Collins Startup list [iPodWatcher] Number=5103 Confirmed=? Filename=iPodWatcher.exe Description=Associated with Apple's iPod MP3 player. Detects when the iPod is connected? Source=Paul Collins Startup list [IPOT Service Drivers] Number=5104 Confirmed=X Filename=compaq.exe Description=Added by a variant of the FUROOTKIT TROJAN! Source=Paul Collins Startup list [IPOT USB Service DRIVER] Number=5105 Confirmed=X Filename=hpsebc087.exe Description=Added by the SDBOT-WA WORM! Source=Paul Collins Startup list [IPOT USB Service DRV32] Number=5106 Confirmed=X Filename=hpsebc08.exe Description=Added by the SDBOT-WH WORM! Source=Paul Collins Startup list [IPPDetect] Number=5107 Confirmed=N Filename=IPP4Detect.exe Description=Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos" Source=Paul Collins Startup list [ipreg] Number=5108 Confirmed=X Filename=ipreg.exe Description=Added by the ZAGABAN-H TROJAN! Source=Paul Collins Startup list [iPrint LPT Redirector] Number=5109 Confirmed=? Filename=nipplpte.exe Description=Related to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required? Source=Paul Collins Startup list [iPrint Tray] Number=5110 Confirmed=N Filename=iprntctl.exe Description=Novell? iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net Source=Paul Collins Startup list [iProtectYou] Number=5111 Confirmed=U Filename=ip.exe Description=iProtectYou - internet filtering/parental control and network monitoring software Source=Paul Collins Startup list [iprun] Number=5112 Confirmed=X Filename=iPY.exe Description=iProtectYou spyware Source=Paul Collins Startup list [iPSec7] Number=5113 Confirmed=X Filename=ipsec7.exe Description=Detected by Trend Micro as the AGENT.AHVR TROJAN! See here Source=Paul Collins Startup list [ipsecdialer] Number=5114 Confirmed=U Filename=IPSECD~1.EXE Description=Cisco VPN Client - lets local users gain Administrator privileges on the operating system Source=Paul Collins Startup list [ipsecdialer] Number=5115 Confirmed=U Filename=ipsecdialer.exe Description=Cisco VPN Client - lets local users gain Administrator privileges on the operating system Source=Paul Collins Startup list [IPSecMon] Number=5116 Confirmed=Y Filename=IPSecMon.exe Description=Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet Source=Paul Collins Startup list [IPTable Configuration] Number=5117 Confirmed=X Filename=Winipcfgs.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [iptray] Number=5118 Confirmed=N Filename=iptray.exe Description=System Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors" Source=Paul Collins Startup list [IPv6 Helper Driver] Number=5119 Confirmed=X Filename=csass.exe Description=Added by the AGOBOT.TC WORM! Source=Paul Collins Startup list [IPv6 STUN Service] Number=5120 Confirmed=X Filename=netstun.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [IPW] Number=5121 Confirmed=N Filename=IPW.exe Description=Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" Source=Paul Collins Startup list [ipw] Number=5122 Confirmed=N Filename=usbipw.exe Description=Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone" Source=Paul Collins Startup list [ipwf] Number=5123 Confirmed=X Filename=ipwf.exe Description=Added by the SCHOEBERL TROJAN! Source=Paul Collins Startup list [IpWins] Number=5124 Confirmed=X Filename=ipwins.exe Description=IPWins adware Source=Paul Collins Startup list [ipxwshel] Number=5125 Confirmed=X Filename=ipxwshel.exe Description=Added by the WAREZOV.DG WORM! Source=Paul Collins Startup list [IQES.exe] Number=5126 Confirmed=? Filename=iqes.exe Description=?? Source=Paul Collins Startup list [Ir41_32.ax] Number=5127 Confirmed=U Filename=regsvr32.exe Ir41_32.ax Description=Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [irassync] Number=5128 Confirmed=X Filename=irasyncd.exe Description=IRASSync adware Source=Paul Collins Startup list [irc session] Number=5129 Confirmed=X Filename=sessionmgr.exe Description=Added by the SDBOT-ACE WORM! Source=Paul Collins Startup list [IREIKE] Number=5130 Confirmed=Y Filename=IreIKE.exe Description=Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet Source=Paul Collins Startup list [iRis Active Monitor] Number=5131 Confirmed=N Filename=winmon32.exe Description=Iris Antivirus - discontinued, replace with good alternative Source=Paul Collins Startup list [iRiS AntiVirus Active Monitor] Number=5132 Confirmed=N Filename=WIMMUN32.exe Description=Iris Antivirus - discontinued, replace with good alternative Source=Paul Collins Startup list [iRiver AutoDB] Number=5133 Confirmed=U Filename=MLService.exe Description=Associated with the iRiver Music Manager Source=Paul Collins Startup list [iRiver Updater] Number=5134 Confirmed=N Filename=Updater.exe Description=Updates for the iRiver Music Manager - used with their digital music players Source=Paul Collins Startup list [IrMon] Number=5135 Confirmed=U Filename=IRMON.EXE Description=System Tray access to infra-red devices. Not required unless you use infra-red devices Source=Paul Collins Startup list [IRPMonitor] Number=5136 Confirmed=? Filename=itcnmon.exe Description=?? Source=Paul Collins Startup list [irssyncd] Number=5137 Confirmed=X Filename=irssyncd.exe Description=SafeSurfing adware variant Source=Paul Collins Startup list [Irwftp] Number=5138 Confirmed=X Filename=[path to trojan] Description=Added by the BANCOS-AP TROJAN! Source=Paul Collins Startup list [irwftp] Number=5139 Confirmed=X Filename=iexplorer.exe Description=Added by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [irwftp] Number=5140 Confirmed=X Filename=ftpmon.exe Description=Added by the BANCBAN-BO TROJAN! Source=Paul Collins Startup list [IrXfer] Number=5141 Confirmed=U Filename=IrXfer.exe Description=Microsoft Infrared Transfer application Source=Paul Collins Startup list [ir_ftp] Number=5142 Confirmed=X Filename=ir_ftp.exe Description=Added by the IRFTP TROJAN! Source=Paul Collins Startup list [ir_ftp] Number=5143 Confirmed=X Filename=irwftp.exe Description=Added by the BANCOS.H TROJAN! Source=Paul Collins Startup list [IS CfgWiz] Number=5144 Confirmed=N Filename=cfgwiz.exe Description=Norton Internet Security configuration wizard Source=Paul Collins Startup list [Isass] Number=5145 Confirmed=X Filename=Isass.exe Description=Added by the FUTRO TROJAN! Source=Paul Collins Startup list [IsassRenascimento] Number=5146 Confirmed=X Filename=Issas.exe Description=Detected by Kaspersky as the BANKER.GAX TROJAN! See here Source=Paul Collins Startup list [ISBMgr.exe] Number=5147 Confirmed=U Filename=ISBMgr.exe Description=Related to Sony ISB Utility. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [iscch] Number=5148 Confirmed=X Filename=iscch.exe Description=Added by the LCPRANK-A WORM! Source=Paul Collins Startup list [isdbdc] Number=5149 Confirmed=U Filename=BOOTST~1.EXE Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources Source=Paul Collins Startup list [isDeleteMe] Number=5150 Confirmed=U Filename=isDel.bat Description=Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product Source=Paul Collins Startup list [ISDN Monitor] Number=5151 Confirmed=N Filename=Linksts.exe Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon Source=Paul Collins Startup list [ISDNwatch] Number=5152 Confirmed=U Filename=IWatch.exe Description=FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks" Source=Paul Collins Startup list [iSecurity applet] Number=5153 Confirmed=X Filename=rundll32.exe iSecurity.cpl, SecurityMonitor Description=Detected by Trend Micro as the DLOADER.UZO TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [ISHelp] Number=5154 Confirmed=U Filename=help.exe Description=ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it Source=Paul Collins Startup list [iShield] Number=5155 Confirmed=U Filename=iShield.exe Description="GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser" Source=Paul Collins Startup list [ishost.exe] Number=5156 Confirmed=X Filename=ishost.exe Description=Added by the XJ TROJAN! Source=Paul Collins Startup list [ISLP2STA] Number=5157 Confirmed=Y Filename=ISLP2STA.EXE Description=A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers Source=Paul Collins Startup list [ISMModule] Number=5158 Confirmed=X Filename=ISMModule.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMModule2] Number=5159 Confirmed=X Filename=ISMModule2.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMModule3] Number=5160 Confirmed=X Filename=ISMModule3.exe Description=Internet Speed Monitor C adware Source=Paul Collins Startup list [ISMModule4] Number=5161 Confirmed=X Filename=ISMModule4.exe Description=Internet Speed Monitor A adware related Source=Paul Collins Startup list [ISMModule6] Number=5162 Confirmed=X Filename=ISMModule6.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMModule7] Number=5163 Confirmed=X Filename=ISMModule7.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMModule8] Number=5164 Confirmed=X Filename=ISMModule8.exe Description=Internet Speed Monitor C adware related Source=Paul Collins Startup list [ISMPack5] Number=5165 Confirmed=X Filename=ISMPack5.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMPack6] Number=5166 Confirmed=X Filename=ISMPack6.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISMPack7] Number=5167 Confirmed=X Filename=ISMPack7.exe Description=Internet Speed Monitor C adware Source=Paul Collins Startup list [ISMPack8] Number=5168 Confirmed=X Filename=ISMPack8.exe Description=Internet Speed Monitor C adware related - see example here Source=Paul Collins Startup list [ISP.COM High Speed] Number=5169 Confirmed=Y Filename=slipgui.exe Description=User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server Source=Paul Collins Startup list [ISPSERVICE] Number=5170 Confirmed=X Filename=psycho.exe Description=Added by the IRCFLOOD-O TROJAN! Source=Paul Collins Startup list [ISPSERVICE] Number=5171 Confirmed=X Filename=wintmp.exe Description=Detected by Trend Micro as the FLOOD.BC BACKDOOR! See here Source=Paul Collins Startup list [iSpyNOW] Number=5172 Confirmed=U Filename=ispynow.exe Description=iSpyNOW - remote monitoring and surveillance software Source=Paul Collins Startup list [Israfel] Number=5173 Confirmed=X Filename=Israfel.vbs Description=Added by the GAGGLE.D or GAGGLE.E WORMS! Source=Paul Collins Startup list [IsReminder] Number=5174 Confirmed=N Filename=ISPopup.exe Description=Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup Source=Paul Collins Startup list [ISS] Number=5175 Confirmed=X Filename=inet.exe Description=Meplex adware Source=Paul Collins Startup list [issearch.exe] Number=5176 Confirmed=X Filename=issearch.exe Description=Added by the ZLOB-QF TROJAN! Source=Paul Collins Startup list [issEnc32Svr] Number=5177 Confirmed=X Filename=issEnc32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [ISSI EZUpdate Service] Number=5178 Confirmed=N Filename=issimsvc.exe Description=Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching Source=Paul Collins Startup list [ISStart] Number=5179 Confirmed=U Filename=ISStart.exe Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation Source=Paul Collins Startup list [ISSVC] Number=5180 Confirmed=Y Filename=ISSVC.exe Description=Part of Norton Internet Security Suite Source=Paul Collins Startup list [ISS_Certtool] Number=5181 Confirmed=Y Filename=certtool.exe Description=IBM Client Security Certification Tool Source=Paul Collins Startup list [IST Service] Number=5182 Confirmed=X Filename=istsvc.exe Description=ISTBar adware Source=Paul Collins Startup list [ist service uninstall] Number=5183 Confirmed=X Filename=[random filename] Description=ISTBar adware related Source=Paul Collins Startup list [istinstall zazzer.exe] Number=5184 Confirmed=X Filename=istinstall zazzer.exe Description=Unidentified adware downloader/installer Source=Paul Collins Startup list [ISTray] Number=5185 Confirmed=U Filename=pctsTray.exe Description=Part of Spyware Doctor anti-spyware from PC Tools Source=Paul Collins Startup list [ISUSPM Startup] Number=5186 Confirmed=N Filename=ISUSPM.exe Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version Source=Paul Collins Startup list [ISUSScheduler] Number=5187 Confirmed=N Filename=issch.exe Description=InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version Source=Paul Collins Startup list [ISW.exe] Number=5188 Confirmed=U Filename=ISW.exe Description=Related to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security Suite Source=Paul Collins Startup list [isxa] Number=5189 Confirmed=X Filename=isxa.exe Description=Added by the SMALL-EIV TROJAN! Source=Paul Collins Startup list [iSysCleaner] Number=5190 Confirmed=N Filename=iSysCleaner.exe Description=iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user Source=Paul Collins Startup list [isystem] Number=5191 Confirmed=X Filename=isystem.exe Description=Added by the CHORUS-A TROJAN! Searchforfree browser hijacker Source=Paul Collins Startup list [ItalU] Number=5192 Confirmed=X Filename=italfds.exe Description=Added by a TROJAN! See here TROJAN! Source=Paul Collins Startup list [Itk] Number=5193 Confirmed=U Filename=Itk.exe Description=In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it Source=Paul Collins Startup list [itk.exe] Number=5194 Confirmed=U Filename=itk.exe Description=Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert Source=Paul Collins Startup list [iTouch] Number=5195 Confirmed=U Filename=iTouch.exe Description=iTouch loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock Source=Paul Collins Startup list [ItsDeductiblePopUp] Number=5196 Confirmed=N Filename=ItsDeductible.exe Description=ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip Source=Paul Collins Startup list [ITUNES] Number=5197 Confirmed=X Filename=itune.exe Description=Added by the RBOT-ZU WORM! Source=Paul Collins Startup list [ITUNES] Number=5198 Confirmed=X Filename=itunes.exe Description=Added by the OSCABOT-L WORM! Note - this file will be placed in the Windows\System32 or Winnt\System32 folder, and should not be confused with the (legitimate) Apple iTunes process, always located in the Program Files\iTunes folder Source=Paul Collins Startup list [Itunes] Number=5199 Confirmed=X Filename=dials.exe Description=Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus Source=Paul Collins Startup list [iTunes Helper] Number=5200 Confirmed=Y Filename=iTunesHelper.exe Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation Source=Paul Collins Startup list [iTunes Music] Number=5201 Confirmed=X Filename=iTunesHelper32.exe Description=Added by the SDBOT.CHK WORM! Source=Paul Collins Startup list [iTunesAgent] Number=5202 Confirmed=X Filename=ita.exe Description=Added by the TACTSLAY.U TROJAN! Source=Paul Collins Startup list [itunesff] Number=5203 Confirmed=X Filename=itunesff.exe Description=Added by the EB adult premium dialer Source=Paul Collins Startup list [iTunesHelper] Number=5204 Confirmed=Y Filename=iTunesHelper.exe Description=Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation Source=Paul Collins Startup list [itype] Number=5205 Confirmed=U Filename=itype.exe Description=Microsoft IntelliType Pro related. Allows you to map the extra function keys to any program you like. The extra keys are set to defaults such as Messenger, Mail, My Document, etc. Not required unless you want to use the extra keys Source=Paul Collins Startup list [Iusage] Number=5206 Confirmed=N Filename=netdet.exe Description=Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up Source=Paul Collins Startup list [iut75] Number=5207 Confirmed=X Filename=uzcx.exe Description=Added by the DLOADER-AXV TROJAN! Source=Paul Collins Startup list [ivHost] Number=5208 Confirmed=X Filename=taskManager.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [IVPServiceMgr] Number=5209 Confirmed=N Filename=ivpsvmgr.exe Description=Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates Source=Paul Collins Startup list [ivy.exe] Number=5210 Confirmed=X Filename=ivy.exe Description=Added by the AGENT-ENZ TROJAN! Source=Paul Collins Startup list [IW ControlCenter] Number=5211 Confirmed=N Filename=iwctrl.exe Description=Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis Source=Paul Collins Startup list [iwctrl] Number=5212 Confirmed=U Filename=iwctrl.exe Description=Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis Source=Paul Collins Startup list [ixplore] Number=5213 Confirmed=X Filename=ixplore.exe Description=Added by the SDBOT-CY TROJAN! Source=Paul Collins Startup list [ixproxy] Number=5214 Confirmed=X Filename=[path to trojan] Description=Added by the XORPIX-A TROJAN! Source=Paul Collins Startup list [ixsso] Number=5215 Confirmed=X Filename=ixsso.exe Description=Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" Source=Paul Collins Startup list [iyelejiv] Number=5216 Confirmed=U Filename=SKDAEMON.EXE Description=Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys Source=Paul Collins Startup list [IZE] Number=5217 Confirmed=? Filename=N/A Description=?? Source=Paul Collins Startup list [j2 Tray Menu] Number=5218 Confirmed=N Filename=HotTray.exe Description=eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here Source=Paul Collins Startup list [JA Cfg Util v2] Number=5219 Confirmed=X Filename=jacfg2.exe Description=Added by the RBOT-AL WORM! Source=Paul Collins Startup list [JA Config 32] Number=5220 Confirmed=X Filename=Awesome32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Jammer] Number=5221 Confirmed=U Filename=jammer.exe Description=Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web" Source=Paul Collins Startup list [Jammer2nd] Number=5222 Confirmed=X Filename=Jammer2nd.exe Description=Added by the NETSKY.Z WORM! Source=Paul Collins Startup list [java] Number=5223 Confirmed=X Filename=remote.cmd Description=Added by the BANKER-EHG TROJAN! Source=Paul Collins Startup list [java] Number=5224 Confirmed=X Filename=system.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Java applet] Number=5225 Confirmed=X Filename=javaup.exe Description=Added by the SDBOT-ACF WORM! Source=Paul Collins Startup list [Java Auto Update] Number=5226 Confirmed=X Filename=ujm.exe Description=Added by the SDBOT-ADH WORM! Source=Paul Collins Startup list [Java Runtime Environment] Number=5227 Confirmed=X Filename=jbuild.exe Description=Added by the DELBOT-J WORM! Source=Paul Collins Startup list [Java Runtime Value] Number=5228 Confirmed=X Filename=runjava.exe Description=Added by the RBOT-DDJ WORM! Source=Paul Collins Startup list [Java Runtimes] Number=5229 Confirmed=X Filename=iexplore.exe Description=Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder Source=Paul Collins Startup list [Java Softe] Number=5230 Confirmed=X Filename=Java32.com Description=Detected by Kaspersky as the RBOT.ECN WORM! See here Source=Paul Collins Startup list [Java Update] Number=5231 Confirmed=X Filename=keeper.exe Description=Added by the AGENT-DIS TROJAN! Source=Paul Collins Startup list [Java Virtual Machine] Number=5232 Confirmed=X Filename=javaw.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Java**.exe [* = random char]] Number=5233 Confirmed=X Filename=Java**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Java**32.exe [* = random char]] Number=5234 Confirmed=X Filename=Java**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [java-plugin] Number=5235 Confirmed=X Filename=javasctp.exe Description=Added by the VB.AMX TROJAN! Source=Paul Collins Startup list [Java32 Configuration Loader] Number=5236 Confirmed=X Filename=msnmesgr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [JavaCore] Number=5237 Confirmed=X Filename=JavaCore.exe Description=Detected by Trend Micro as the DROPPER.AIO TROJAN! See here Source=Paul Collins Startup list [Javascript] Number=5238 Confirmed=X Filename=jscript.exe Description=Added by the DELBOT-AD WORM! Source=Paul Collins Startup list [JavaScript Debugging Service] Number=5239 Confirmed=X Filename=JsDbgMan.exe Description=Added by the DERDEO.E WORM! Source=Paul Collins Startup list [JavaScriptMsxrs] Number=5240 Confirmed=X Filename=Msxrs.exe Description=Detected by Kaspersky as the BANLOAD.ERP TROJAN! See here Source=Paul Collins Startup list [JavaUpdate0.07] Number=5241 Confirmed=X Filename=[filename] Description=Added by the JUPDATE TROJAN! Source=Paul Collins Startup list [JavaUpdateSched] Number=5242 Confirmed=X Filename=jusched32.exe Description=Added by the CKB TROJAN! Source=Paul Collins Startup list [JavaVM] Number=5243 Confirmed=X Filename=java.exe Description=Added by the MYDOOM.M or MYDOOM.N or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt Source=Paul Collins Startup list [jawa32] Number=5244 Confirmed=X Filename=jawa32.exe Description=Added by the AGENT.BG WORM! Source=Paul Collins Startup list [Jawa322] Number=5245 Confirmed=X Filename=jawa32.exe Description=Added by a variant of the AGENT.BG trojan Source=Paul Collins Startup list [JB] Number=5246 Confirmed=N Filename=Jiffybar.exe Description="Get Paid As You surf" application Source=Paul Collins Startup list [jcidls] Number=5247 Confirmed=X Filename=[random filename] Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [Jessops Insert Detect] Number=5248 Confirmed=U Filename=InsDetect.exe Description=Jessops Insert Detect from Jessops Picture Suite Source=Paul Collins Startup list [Jet Detection] Number=5249 Confirmed=N Filename=ADGJDet.exe Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection Source=Paul Collins Startup list [JetAdmin Discovery Indicator] Number=5250 Confirmed=Y Filename=HPJETDSC.EXE Description=HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator Source=Paul Collins Startup list [jete] Number=5251 Confirmed=X Filename=yujixit.exe Description=Added by the SDBOT.BRT WORM! Source=Paul Collins Startup list [jiahus] Number=5252 Confirmed=X Filename=svchqs.exe Description=Added by the WOWPWS-AL TROJAN! Source=Paul Collins Startup list [jijbl] Number=5253 Confirmed=X Filename=ezlwy.bat Description=Added by the REDDW WORM! Source=Paul Collins Startup list [jkdfj94kgdftdf] Number=5254 Confirmed=X Filename=winlogan.exe Description=Added by the ZLOB.BZ TROJAN! Source=Paul Collins Startup list [JMB36X Configure] Number=5255 Confirmed=U Filename=JMRaidTool.exe Description=JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers Source=Paul Collins Startup list [JMB36X Configure] Number=5256 Confirmed=Y Filename=JMRaidSetup.exe Description=JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers Source=Paul Collins Startup list [JMB36X IDE Setup] Number=5257 Confirmed=U Filename=JMInsIDE.exe Description=JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers Source=Paul Collins Startup list [Job-oversigt] Number=5258 Confirmed=U Filename=taskmon.exe Description=Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase) Source=Paul Collins Startup list [JobHisInit] Number=5259 Confirmed=U Filename=JobHisInit.exe Description=Used by Ricoh network printers to enable network printing from the client Source=Paul Collins Startup list [Jog Serve] Number=5260 Confirmed=U Filename=JogServ2.exe Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features Source=Paul Collins Startup list [JogServ2] Number=5261 Confirmed=U Filename=JogServ2.exe Description="Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features Source=Paul Collins Startup list [johkjh] Number=5262 Confirmed=X Filename=srvd.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [john315] Number=5263 Confirmed=X Filename=srrvc.exe Description=Added by a variant of the MAILBOT-BI TROJAN! Source=Paul Collins Startup list [johnj315] Number=5264 Confirmed=X Filename=srvc.exe Description=Added by variant of the MAILBOT-BI TROJAN! Source=Paul Collins Startup list [johnj3155] Number=5265 Confirmed=X Filename=srvcc.exe Description=Added by variant of the MAILBOT-BI TROJAN! Source=Paul Collins Startup list [johnj3cd] Number=5266 Confirmed=X Filename=srvdc.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [jon315] Number=5267 Confirmed=X Filename=[path to trojan] Description=Added by the MAILBOT-BI TROJAN! Source=Paul Collins Startup list [jotl] Number=5268 Confirmed=? Filename=millenzje.exe Description=?? Source=Paul Collins Startup list [JOYTECH USB Neo S Controller] Number=5269 Confirmed=U Filename=JoytechNeoSTrayIcon.exe Description=System Tray access to Joytech Neo S PC gamepad controller software Source=Paul Collins Startup list [jpgdiag] Number=5270 Confirmed=X Filename=[path to worm] Description=Added by the STRATION-AN WORM! Source=Paul Collins Startup list [jpupd] Number=5271 Confirmed=X Filename=jpupd.exe Description=Added by the DIALER.CM TROJAN! Source=Paul Collins Startup list [Jreg] Number=5272 Confirmed=X Filename=Jreg2b.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [jucheck] Number=5273 Confirmed=X Filename=jucheck.exe Description=Added by the SCRIMGE.O WORM! Source=Paul Collins Startup list [Jufualt] Number=5274 Confirmed=X Filename=winxp2.exe Description=Added by the SDBOT-AAB WORM! Source=Paul Collins Startup list [Jufualt] Number=5275 Confirmed=X Filename=svhost.exe Description=Added by the SDBOT-ADJ WORM! Source=Paul Collins Startup list [Juno_uoltray] Number=5276 Confirmed=N Filename=exec.exe Description=Juno ISP software - not required Source=Paul Collins Startup list [jusched] Number=5277 Confirmed=N Filename=jusched.exe Description=Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now Source=Paul Collins Startup list [jusched] Number=5278 Confirmed=X Filename=[path to trojan] Description=Added by the BANKER-BWR TROJAN! Source=Paul Collins Startup list [jusched] Number=5279 Confirmed=X Filename=jusched.exe Description=Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System% Source=Paul Collins Startup list [jushed32.exe] Number=5280 Confirmed=X Filename=jushed32.exe Description=CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN! Source=Paul Collins Startup list [jusodl] Number=5281 Confirmed=X Filename=severe.exe Description=Added by the QQPASS.48436 TROJAN! Source=Paul Collins Startup list [JussDropUtility] Number=5282 Confirmed=U Filename=JussDrop.exe Description=Related to DropShots Inc. A subscription based service for family to connect, converse and share photos and videos Source=Paul Collins Startup list [JustVoip] Number=5283 Confirmed=N Filename=JustVoip.exe Description=JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [jutsu] Number=5284 Confirmed=X Filename=jutsu.exe Description=Added by the RBOT-LS WORM! Source=Paul Collins Startup list [jv16 PT TempFileTool] Number=5285 Confirmed=U Filename=TempTool.exe Description=jv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files" Source=Paul Collins Startup list [jv16PT - Privacy Protector] Number=5286 Confirmed=U Filename=Task.jvb Description=jv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer" Source=Paul Collins Startup list [Jv16pt Network Resident] Number=5287 Confirmed=U Filename=jv16pt_network.exe Description=jv16 PowerTools network resident program. Only needed if you are using the program's network features Source=Paul Collins Startup list [JvcHost] Number=5288 Confirmed=X Filename=jvcsvc32.exe Description=Added by the AGOBOT-AIU WORM! Source=Paul Collins Startup list [jvdnlssn] Number=5289 Confirmed=X Filename=fljzsshc.exe Description=Flingstone.com adware - and its Golden Palace Casino program Source=Paul Collins Startup list [JVM0] Number=5290 Confirmed=X Filename=JVM0.exe Description=Added by the BANLOA-AX TROJAN! Source=Paul Collins Startup list [JVM0.12] Number=5291 Confirmed=X Filename=[random filename] Description=Added by the TEADOOR-A TROJAN! Source=Paul Collins Startup list [JVM0.14] Number=5292 Confirmed=X Filename=[random filename] Description=Added by the TEADOOR-B TROJAN! Source=Paul Collins Startup list [jvms.exe] Number=5293 Confirmed=X Filename=jvms.exe Description=Added by the ORCU.B TROJAN! Source=Paul Collins Startup list [JW Manager] Number=5294 Confirmed=X Filename=jwmngr.exe Description=Added by the DELBOT-G WORM! Source=Paul Collins Startup list [jxef1104] Number=5295 Confirmed=X Filename=jxef1104.exe Description=Added by the XIPI-A WORM! Source=Paul Collins Startup list [JXL Radio] Number=5296 Confirmed=X Filename=jxl.exe Description=Added by the RBOT-EBE WORM! Source=Paul Collins Startup list [jysyqm] Number=5297 Confirmed=X Filename=[random filename] Description=ZenoSearch adware Source=Paul Collins Startup list [Jzi16] Number=5298 Confirmed=? Filename=jzi16.exe Description=?? Source=Paul Collins Startup list [K2ps_full.task] Number=5299 Confirmed=X Filename=K2ps_full.exe Description=Added by the JUNTADOR.K TROJAN! Source=Paul Collins Startup list [K6CPU.EXE] Number=5300 Confirmed=N Filename=K6CPU.EXE Description=Authenticates CPU as K6 in system properties Source=Paul Collins Startup list [Kadoc] Number=5301 Confirmed=X Filename=[random filename].exe Description=Added by the STAPREW TROJAN! Source=Paul Collins Startup list [KADxMain] Number=5302 Confirmed=U Filename=KADxMain.exe Description=System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops Source=Paul Collins Startup list [kak] Number=5303 Confirmed=X Filename=kak.hta Description=Added by the KAKWORM WORM! Source=Paul Collins Startup list [Kalender] Number=5304 Confirmed=U Filename=Kalender.exe Description=UK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events" Source=Paul Collins Startup list [Kalibump] Number=5305 Confirmed=U Filename=Kalibump.exe Description=Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy Source=Paul Collins Startup list [kalvsys] Number=5306 Confirmed=X Filename=kalv****.exe [* = random char] Description=EliteBar adware Source=Paul Collins Startup list [kalvsys] Number=5307 Confirmed=X Filename=kalv***32.exe [* = random char] Description=EliteBar adware Source=Paul Collins Startup list [Kana Reminder] Number=5308 Confirmed=N Filename=Reminder.exe Description=Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time Source=Paul Collins Startup list [Karen's Once-A-Day II] Number=5309 Confirmed=U Filename=PTOAD.exe Description="Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time Source=Paul Collins Startup list [KASP] Number=5310 Confirmed=U Filename=OESpamTest.exe Description=Kaspersky Anti-Spam Source=Paul Collins Startup list [Kasper Antivirus] Number=5311 Confirmed=X Filename=KASPERANTIVIRUS.EXE Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Kaspersky Anti-Hacker] Number=5312 Confirmed=Y Filename=KAVPF.exe Description=Kaspersky Anti-Hacker firewall Source=Paul Collins Startup list [Kaspersky Antivirus] Number=5313 Confirmed=X Filename=KasperskyAV.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [kaspersky32] Number=5314 Confirmed=X Filename=kasperskyLabs32.exe Description=Added by the RBOT-GOT WORM! Source=Paul Collins Startup list [KasperskyAv] Number=5315 Confirmed=X Filename=kaspersky.exe Description=Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky AntiVirus Source=Paul Collins Startup list [KasperskyAVEng] Number=5316 Confirmed=X Filename=Kasperskyaveng.exe Description=Added by the NETSKY.V WORM! Source=Paul Collins Startup list [KAT] Number=5317 Confirmed=X Filename=KAT.vbs Description=Added by the SOAD-D WORM! Source=Paul Collins Startup list [KatMouse] Number=5318 Confirmed=U Filename=KatMouse.exe Description=KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc Source=Paul Collins Startup list [kav] Number=5319 Confirmed=Y Filename=avp.exe Description=Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory Source=Paul Collins Startup list [kava] Number=5320 Confirmed=X Filename=kavo.exe Description=Added by the LINEAG-GLG TROJAN! Source=Paul Collins Startup list [KAVFOX] Number=5321 Confirmed=X Filename=win1ogoin.exe Description=Added by the GWGHOST-M TROJAN! Source=Paul Collins Startup list [kavir] Number=5322 Confirmed=X Filename=kavir.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [KAVPersonal] Number=5323 Confirmed=X Filename=svchost.exe Description=Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [KAVPersonal50] Number=5324 Confirmed=Y Filename=Kav.exe Description=Kaspersky Anti-Virus Personal 5.0 Source=Paul Collins Startup list [KAVPersonal90] Number=5325 Confirmed=X Filename=wscntfy.exe Description=Added by the BANKER-FZ TROJAN! Source=Paul Collins Startup list [KavPFW] Number=5326 Confirmed=Y Filename=KavPFW.exe Description=KingSoft Personal Firewall Source=Paul Collins Startup list [KavRuns] Number=5327 Confirmed=X Filename=Windll.exe Description=Added by the TRYNOMA TROJAN! Source=Paul Collins Startup list [KavStart] Number=5328 Confirmed=Y Filename=KAVStart.exe Description=KingSoft Personal Firewall Source=Paul Collins Startup list [kavsvc] Number=5329 Confirmed=Y Filename=kavsvc.exe Description=Kaspersky antivirus Source=Paul Collins Startup list [KavSvc] Number=5330 Confirmed=X Filename=******.exe reg_run [* = random char] Description=Added by the QOOLOGIC TROJAN! Source=Paul Collins Startup list [kavsvc] Number=5331 Confirmed=X Filename=[random 6 char filename] Description=Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) Source=Paul Collins Startup list [KAVutil] Number=5332 Confirmed=X Filename=[worm filename] Description=Added by the WINTOO.B WORM! Source=Paul Collins Startup list [KAZAA] Number=5333 Confirmed=N Filename=kazaa.exe Description=KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it Source=Paul Collins Startup list [Kazaa Download Accelerator Updater (required)] Number=5334 Confirmed=X Filename=regsvr32 kdp****.dll [* = random char] Description=SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Kazaa lptt01] Number=5335 Confirmed=X Filename=kazaa.exe Description=RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name Source=Paul Collins Startup list [Kazaa ml097e] Number=5336 Confirmed=X Filename=kazaa.exe Description=RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name Source=Paul Collins Startup list [KAZAACuf] Number=5337 Confirmed=X Filename=9 Description=Added by the KITRO.D (or ARGEN.A) WORM! Source=Paul Collins Startup list [kazaalite] Number=5338 Confirmed=N Filename=kazaalite.exe Description=Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms Source=Paul Collins Startup list [KaZooM] Number=5339 Confirmed=N Filename=KaZooM.Exe Description=KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches" Source=Paul Collins Startup list [kb] Number=5340 Confirmed=X Filename=AUTO.txt Description=Added by the BRONTK-CV WORM! Source=Paul Collins Startup list [KB891711] Number=5341 Confirmed=Y Filename=KB891711.exe Description=Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup Source=Paul Collins Startup list [KB918547] Number=5342 Confirmed=Y Filename=KB918547.EXE Description=Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only Source=Paul Collins Startup list [KB926239] Number=5343 Confirmed=Y Filename=rundll32.exe apphelp.dll, ShimFlushCache Description=Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer Source=Paul Collins Startup list [KBD] Number=5344 Confirmed=U Filename=KBD.EXE Description=Multimedia keyboard manager. Required if you use the multimedia keys Source=Paul Collins Startup list [KBD] Number=5345 Confirmed=U Filename=KbdStub.EXE Description=Key Watcher from HP - watches for Multimedia Keys on HP keyboards Source=Paul Collins Startup list [KBD MediaCenter] Number=5346 Confirmed=U Filename=MEDIACTR.EXE Description=Multimedia keyboard manager. Required if you use the multimedia keys Source=Paul Collins Startup list [kbddrv32] Number=5347 Confirmed=X Filename=kbddrv32.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [kbddrvinf] Number=5348 Confirmed=X Filename=kbddrvinf.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [KCeasy] Number=5349 Confirmed=N Filename=KCeasy.exe Description=KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella Source=Paul Collins Startup list [KClient] Number=5350 Confirmed=U Filename=kstatus.exe Description=KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet Source=Paul Collins Startup list [kdmsx] Number=5351 Confirmed=X Filename=[8 random letters].exe Description=Detected by Kaspersky as the SDBOT.AIJ BACKDOOR! See here Source=Paul Collins Startup list [kdx] Number=5352 Confirmed=N Filename=KHost.exe Description=Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [KE9801] Number=5353 Confirmed=U Filename=DriBat32.exe Description=KE9801 multimedia keyboard driver - required if you use the multimedia keys Source=Paul Collins Startup list [Keenvalue] Number=5354 Confirmed=X Filename=Keenvalue.exe Description=eUniverse/KeenValue adware Source=Paul Collins Startup list [KEMailKb] Number=5355 Confirmed=U Filename=KEMailKb.EXE Description=Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down Source=Paul Collins Startup list [Kemet] Number=5356 Confirmed=? Filename=kemet.exe Description=?? Source=Paul Collins Startup list [KeNotify] Number=5357 Confirmed=U Filename=KeNotify.exe Description=Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc Source=Paul Collins Startup list [Kerio VPN Client] Number=5358 Confirmed=U Filename=kvpnclient.exe Description=Kerio VPN Client Source=Paul Collins Startup list [kern64dll] Number=5359 Confirmed=X Filename=[random filename] Description=Added by the TARNO.J TROJAN! Source=Paul Collins Startup list [Kernal Fault Check] Number=5360 Confirmed=X Filename=ntosrkl.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [kernctl32] Number=5361 Confirmed=X Filename=rundll32 kctl32.dll, initialize Description=Added by the AGENT.AT TROJAN! Source=Paul Collins Startup list [Kerne0223] Number=5362 Confirmed=X Filename=Kerne0223.exe Description=Added by the LEGMIR-ZA TROJAN! Source=Paul Collins Startup list [Kernel] Number=5363 Confirmed=X Filename=bboy.exe Description=Added by the MUMU.B WORM! Source=Paul Collins Startup list [Kernel] Number=5364 Confirmed=X Filename=services.exe Description=Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder Source=Paul Collins Startup list [kernel] Number=5365 Confirmed=X Filename=kernel.exe Description=Added by the MATCASH.CF TROJAN! Source=Paul Collins Startup list [KERNEL 32] Number=5366 Confirmed=X Filename=SKERNEL32.com Description=Added by the SEMAPI-A WORM Source=Paul Collins Startup list [Kernel and Hardware Abstraction Layer] Number=5367 Confirmed=U Filename=KHALMNPR.EXE Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint Source=Paul Collins Startup list [Kernel Faults] Number=5368 Confirmed=X Filename=ftphost.exe Description=Added by the RBOT.BHU WORM! Source=Paul Collins Startup list [Kernel Loader] Number=5369 Confirmed=X Filename=ntkrnl.exe Description=Added by the CERVIVEC.A WORM! Source=Paul Collins Startup list [Kernel Manager] Number=5370 Confirmed=X Filename=krnlmgr.exe Description=Added by the JUNY.A TROJAN! Source=Paul Collins Startup list [Kernel Safe Mode] Number=5371 Confirmed=X Filename=smss.exe Description=Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Kernel Services] Number=5372 Confirmed=X Filename=service32.exe Description=Added by the PRX-B TROJAN! Source=Paul Collins Startup list [kernel system daemon] Number=5373 Confirmed=X Filename=ACTIVAT0R.exe Description=Added by the RANDEX.AW WORM! Source=Paul Collins Startup list [kernel12.exe] Number=5374 Confirmed=X Filename=kernel12.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [kernel32] Number=5375 Confirmed=X Filename=kern32.exe Description=Added by the BADTRANS.A WORM! Source=Paul Collins Startup list [Kernel32] Number=5376 Confirmed=X Filename=Kernel32.exe Description=Added by a number of VIRUSES, WORMS and TROJANS! Source=Paul Collins Startup list [kernel32] Number=5377 Confirmed=X Filename=kernel.dli Description=Added by the NETDEVIL.B TROJAN! Source=Paul Collins Startup list [Kernel32] Number=5378 Confirmed=X Filename=Kernel.dll Description=Added by the REDLOF.M VIRUS! Source=Paul Collins Startup list [kernel32] Number=5379 Confirmed=X Filename=kernel32.dlI Description=Added by the NETDEVIL.15 TROJAN! Source=Paul Collins Startup list [Kernel32] Number=5380 Confirmed=X Filename=krnl32.exe Description=Added by the EPON WORM! Source=Paul Collins Startup list [Kernel32] Number=5381 Confirmed=X Filename=Kernel32.win Description=Added by the GAGGLE.D or GAGGLE.E WORMS! Source=Paul Collins Startup list [Kernel32] Number=5382 Confirmed=X Filename=kernel32s.exe Description=Added by the SDBOT-PU TROJAN! Source=Paul Collins Startup list [kernel32] Number=5383 Confirmed=X Filename=kernel32.dll.vbs Description=Added by the WEKODE-A WORM! Source=Paul Collins Startup list [Kernel32] Number=5384 Confirmed=X Filename=svchosts.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [kernel32dll] Number=5385 Confirmed=X Filename=guardpc.exe Description=Added by the FORBOT-CU WORM! Source=Paul Collins Startup list [kernel44.dll] Number=5386 Confirmed=X Filename=taskkill /f /fi "PID ge 0" /im * Description=Added by the VBS.LIDO WORM! Source=Paul Collins Startup list [KernelCheck] Number=5387 Confirmed=X Filename=sys****.exe [* = digit] Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [KernelCheck] Number=5388 Confirmed=X Filename=winser.exe Description=Added by the TSPY_LMIR.SL TROJAN! Source=Paul Collins Startup list [KernelConfig] Number=5389 Confirmed=X Filename=destiny32.exe Description=Added by the AGOBOT.AMB WORM! Source=Paul Collins Startup list [kernelfaultcheck] Number=5390 Confirmed=N Filename=dumprep 0 -k Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out Source=Paul Collins Startup list [kernelfaultcheck] Number=5391 Confirmed=N Filename=dumprep 0 -u Description=Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out Source=Paul Collins Startup list [KernelFaultCheck] Number=5392 Confirmed=X Filename=ptool32.exe Description=Added by the LEGMIR-BN TROJAN! Source=Paul Collins Startup list [KernelFaultChk] Number=5393 Confirmed=X Filename=sms.exe Description=Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u" Source=Paul Collins Startup list [Kernell] Number=5394 Confirmed=X Filename=systems.exe Description=Added by the TARNO.C TROJAN! Source=Paul Collins Startup list [Kernell32] Number=5395 Confirmed=X Filename=Kernell.dll Description=Added by the DESTINY.A TROJAN! Source=Paul Collins Startup list [KernellApps] Number=5396 Confirmed=X Filename=csrss.exe Description=Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolder Source=Paul Collins Startup list [KernellApps] Number=5397 Confirmed=X Filename=lexplore.exe Description=Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [KernellApps32] Number=5398 Confirmed=X Filename=smss.exe Description=Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [KernelRuntime] Number=5399 Confirmed=X Filename=[path to worm] Description=Added by the MYTOB-JO WORM! Source=Paul Collins Startup list [Kernelw] Number=5400 Confirmed=X Filename=Kernelw32.exe Description=Added by the INDOR.E WORM! Source=Paul Collins Startup list [Kernel_check] Number=5401 Confirmed=X Filename=wmiprvse.exe Description=Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the System32\wbem folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [key] Number=5402 Confirmed=X Filename=sysxp.exe Description=Added by the BEAGLE.AB WORM! Source=Paul Collins Startup list [key] Number=5403 Confirmed=X Filename=sys_xp.exe Description=Added by the BEAGLE.AC WORM! Source=Paul Collins Startup list [key] Number=5404 Confirmed=X Filename=winxp.exe Description=Added by the BEAGLE.AG WORM! Source=Paul Collins Startup list [Key Logger] Number=5405 Confirmed=X Filename=csrss.exe Description=Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\) Source=Paul Collins Startup list [Key Text] Number=5406 Confirmed=N Filename=KeyText.exe Description=Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs Source=Paul Collins Startup list [Key1] Number=5407 Confirmed=X Filename=Rlid.exe Description=Added by the LIXY TROJAN! Source=Paul Collins Startup list [Key2] Number=5408 Confirmed=? Filename=serve.exe Description=?? Source=Paul Collins Startup list [key2] Number=5409 Confirmed=X Filename=winlog.exe Description=Added by the BAGLEDI-AL TROJAN! Source=Paul Collins Startup list [KeyAccess] Number=5410 Confirmed=Y Filename=keyacc32.exe Description=KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" Source=Paul Collins Startup list [Keybdcntl] Number=5411 Confirmed=X Filename=keybdcntl.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [KeyBoard] Number=5412 Confirmed=U Filename=Keyboard.exe Description=Labtec keyboard utility Source=Paul Collins Startup list [keyboard] Number=5413 Confirmed=X Filename=keyboard*.exe [* = number] Description=Detected by Kaspersky as the VB.ZG TROJAN! Source=Paul Collins Startup list [keyboard] Number=5414 Confirmed=X Filename=kybrdef_7.exe Description=DollarRevenue adware Source=Paul Collins Startup list [keyboard] Number=5415 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADR-AOZ TROJAN! Source=Paul Collins Startup list [Keyboard Manager] Number=5416 Confirmed=U Filename=MMKeybd.exe Description=Multimedia keyboard manager. Required if you use the additional keys Source=Paul Collins Startup list [Keyboard Preload Check] Number=5417 Confirmed=Y Filename=Preload.exe Description=Millenium Multi-Function Keyboard driver Source=Paul Collins Startup list [keyboard_enum] Number=5418 Confirmed=X Filename=keyboard_enum.exe Description=Added by the GP TROJAN! Source=Paul Collins Startup list [KeyMaestro] Number=5419 Confirmed=U Filename=kmaestro.exe Description=Multimedia keyboard manager. Required if you use the multimedia keys Source=Paul Collins Startup list [keymap] Number=5420 Confirmed=U Filename=keymap.exe Description=System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game Source=Paul Collins Startup list [keymgrldr] Number=5421 Confirmed=X Filename=rundll32 setupapi, InstallHinfSection... keymgr3.inf Description=CoolWebSearch Oemsyspnp parasite variant Source=Paul Collins Startup list [KeyPatrol] Number=5422 Confirmed=U Filename=KeyPatrol.exe Description=KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition Source=Paul Collins Startup list [keyserv] Number=5423 Confirmed=X Filename=keyserv.exe Description=KeyThief spyware Source=Paul Collins Startup list [Keyspan Digital Media Remote] Number=5424 Confirmed=U Filename=KDMRdmn.exe Description=Remote control driver for Keyspan Digital Media Remote devices Source=Paul Collins Startup list [keystroke] Number=5425 Confirmed=U Filename=keystroke.exe Description=QuickLaunch surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [KeyWallet] Number=5426 Confirmed=U Filename=KWallet.exe Description="KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually" Source=Paul Collins Startup list [kfienq] Number=5427 Confirmed=X Filename=masbl.bat Description=Added by the KIFER TROJAN! Source=Paul Collins Startup list [Kgjg] Number=5428 Confirmed=X Filename=rnnypbw.exe Description=Added by the QuickLinks/Forethought adware Source=Paul Collins Startup list [KHATARNAK Loader] Number=5429 Confirmed=X Filename=KHATARNAK.exe Description=Added by the AUTORUN.ACO WORM! Source=Paul Collins Startup list [khooker] Number=5430 Confirmed=N Filename=khooker.exe Description=SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required Source=Paul Collins Startup list [Kiamat Sudah Dekat_16_04] Number=5431 Confirmed=X Filename=ISASS.exe Description=Added by the PAHATIA.B WORM! Source=Paul Collins Startup list [KICKMON.EXE] Number=5432 Confirmed=U Filename=KICKMON.EXE Description=KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required Source=Paul Collins Startup list [Kill Popup] Number=5433 Confirmed=U Filename=KillPopup.exe Description=KillPopup - pop-up stopper Source=Paul Collins Startup list [KillAndClean] Number=5434 Confirmed=X Filename=KillAndClean.exe Description=KillAndClean spyware remover - not recommended, see here Source=Paul Collins Startup list [kimochiz.exe] Number=5435 Confirmed=X Filename=kimochiz.exe Description=Added by the MDROP-BB TROJAN! Source=Paul Collins Startup list [Kinberlink] Number=5436 Confirmed=N Filename=Kinberlink.exe Description=Kinberlink network messaging. Available via Start -> Programs Source=Paul Collins Startup list [kiss] Number=5437 Confirmed=X Filename=pingy.exe Description=Added by a variant of the IRCBOT BACKDOOR! The file is located in a random subfolder of %ProgramFiles% Source=Paul Collins Startup list [KIT3] Number=5438 Confirmed=X Filename=hpprintqueue.exe Description=Added by the ADCLICK-DS TROJAN! Source=Paul Collins Startup list [KK Loader] Number=5439 Confirmed=U Filename=loadkk.exe Description=KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user." Source=Paul Collins Startup list [KKM Service] Number=5440 Confirmed=X Filename=kkm.exe Description=Added by the NANPY-I WORM! Source=Paul Collins Startup list [KL AntiFunLove] Number=5441 Confirmed=X Filename=flcss.exe Description=Added by the FUNLOVE.4099 WORM! Source=Paul Collins Startup list [KLog] Number=5442 Confirmed=U Filename=Keyspy.exe Description=KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [klop] Number=5443 Confirmed=X Filename=[path to file] Description=Added by the AGENT-WQ TROJAN! Source=Paul Collins Startup list [klop] Number=5444 Confirmed=X Filename=[random].tmp Description=Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! Source=Paul Collins Startup list [klp] Number=5445 Confirmed=U Filename=run32dll.exe Description=PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online Source=Paul Collins Startup list [klp] Number=5446 Confirmed=U Filename=explorer.exe Description=ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [KM9801U] Number=5447 Confirmed=U Filename=MMHotKey.exe Description=Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen Source=Paul Collins Startup list [kmw_run.exe] Number=5448 Confirmed=U Filename=kmw_run.exe Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features Source=Paul Collins Startup list [kmw_show.exe] Number=5449 Confirmed=U Filename=kmw_show.exe Description=Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features Source=Paul Collins Startup list [KnowledgeBase GUI] Number=5450 Confirmed=X Filename=wppewafaj.exe Description=Added by the RBOT-GRZ WORM! Source=Paul Collins Startup list [KN_PanelApp] Number=5451 Confirmed=U Filename=PanelApp.exe Description=KnowledgePanel online survey software Source=Paul Collins Startup list [Kodak Batch Transfer] Number=5452 Confirmed=N Filename=pezdow1.exe Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC Source=Paul Collins Startup list [Kodak EasyShare software] Number=5453 Confirmed=U Filename=EasyShare.exe Description=Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually Source=Paul Collins Startup list [Kodak Picture Easy *.* Batch Transfer] Number=5454 Confirmed=N Filename=PezDownload.exe Description=Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version Source=Paul Collins Startup list [Kodak Picture Transfer Software] Number=5455 Confirmed=N Filename=pts.exe Description=Looks for Kodak camera connection and media insertion. Available via Start -> Programs Source=Paul Collins Startup list [Kodak Software Updater] Number=5456 Confirmed=N Filename=backweb*****.exe Description=Software updater for Kodak Easyshare digital cameras Source=Paul Collins Startup list [KODAK Software Updater] Number=5457 Confirmed=N Filename=Kodak Software Updater.exe Description=Software updater for Kodak Easyshare digital cameras Source=Paul Collins Startup list [KodakCCS] Number=5458 Confirmed=Y Filename=KodakCCS.exe Description=Kodak DC File System Driver Source=Paul Collins Startup list [Komunikator] Number=5459 Confirmed=U Filename=tlen.exe Description=Tlen - a Polish language instant messaging client Source=Paul Collins Startup list [KONICA MINOLTA magicolor 2400W STD] Number=5460 Confirmed=U Filename=MSTMON_S.EXE Description=Konica Minolta Magicolor 2400W colour printer monitor Source=Paul Collins Startup list [Konni Symbol Autostart] Number=5461 Confirmed=N Filename=KonniSymbol.exe Description=Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5 Source=Paul Collins Startup list [kontiki] Number=5462 Confirmed=N Filename=kontiki.exe Description=Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [KPDrv4XP] Number=5463 Confirmed=Y Filename=KPDrv4XP.exe Description=MediaKey USB Keypad Driver Source=Paul Collins Startup list [KPFW32.EXE] Number=5464 Confirmed=Y Filename=KPFW32.EXE Description=KingSoft Personal Firewall Source=Paul Collins Startup list [KPFWSvc.EXE] Number=5465 Confirmed=Y Filename=KPFWSvc.EXE Description=KingSoft Personal Firewall Source=Paul Collins Startup list [krag] Number=5466 Confirmed=X Filename=krag.exe Description=Added by the AGENT-FOW WORM! Source=Paul Collins Startup list [Kraidman] Number=5467 Confirmed=U Filename=Kraidman.exe Description="Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops Source=Paul Collins Startup list [Krait] Number=5468 Confirmed=Y Filename=razerhid.exe Description=Razer Krait mouse driver Source=Paul Collins Startup list [KREC32] Number=5469 Confirmed=U Filename=krec32.exe Description=StarrCommander Pro Keystroke logging software Source=Paul Collins Startup list [KRNL] Number=5470 Confirmed=X Filename=Kernl32.exe Description=Added by the ZOMBY.B TROJAN! Source=Paul Collins Startup list [Krnlcheck] Number=5471 Confirmed=X Filename=csrss.exe Description=Added by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [Krnlmod] Number=5472 Confirmed=U Filename=Krnlmod.exe Description=Keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [Kryptel Component Start] Number=5473 Confirmed=U Filename=Kicker.exe Description=Kryptel encryption software Source=Paul Collins Startup list [ksrlnhm] Number=5474 Confirmed=X Filename=zxatgso.exe Description=Added by the DLOADER-LI TROJAN! Source=Paul Collins Startup list [Ksrv32] Number=5475 Confirmed=X Filename=Ksrv32.exe Description=Added by the AGOBOT-PI WORM! Source=Paul Collins Startup list [KTAX Auto Loader] Number=5476 Confirmed=X Filename=ktax.exe Description=Added by the SDBOT-MZ WORM! Source=Paul Collins Startup list [ktchnsnk] Number=5477 Confirmed=U Filename=ktchnsnk.exe Description=HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted Source=Paul Collins Startup list [KTPWare] Number=5478 Confirmed=Y Filename=ktp.exe Description=Related to KTP Ware TSR Enhancements from ELANTECH Source=Paul Collins Startup list [KV2005] Number=5479 Confirmed=X Filename=word.EXE Description=Added by the IW TROJAN! Source=Paul Collins Startup list [kv3000] Number=5480 Confirmed=X Filename=lover.vbe Description=Added by the ZSYANG.B WORM! Source=Paul Collins Startup list [kvern16.dll] Number=5481 Confirmed=X Filename=regsvr32.exe kvern16.dll Description=DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Kvsc3] Number=5482 Confirmed=X Filename=Kvsc3.exe Description=Added by the PWS-ANM TROJAN! Source=Paul Collins Startup list [KV_HOST] Number=5483 Confirmed=X Filename=cxjx.exe Description=Added by the LEGMIR-BB TROJAN! Source=Paul Collins Startup list [kw3eef76] Number=5484 Confirmed=X Filename=rundll32.exe kw3eef76.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [kX Mixer] Number=5485 Confirmed=N Filename=kxmixer.exe Description=Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards Source=Paul Collins Startup list [KX509] Number=5486 Confirmed=U Filename=kx509_kfwk5.exe Description=Kerberos Secure Authentication for Windows Source=Paul Collins Startup list [KYE_Showicon] Number=5487 Confirmed=? Filename=shwicon.exe Description=Card reader for memory cards from digital cameras. Is it required? Source=Paul Collins Startup list [KYK Control Settings] Number=5488 Confirmed=X Filename=KYSVCXD.EXE Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [KYM Control Settings] Number=5489 Confirmed=X Filename=phqghum.exe Description=Added by the RBOT.BQD WORM! Source=Paul Collins Startup list [L0aders] Number=5490 Confirmed=X Filename=faxneti.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [l44sys**] Number=5491 Confirmed=X Filename=freecell Description=Added by the VBS.LIDO WORM - where ** is a number between 1 and 12 Source=Paul Collins Startup list [l44sys**] Number=5492 Confirmed=X Filename=iexplore Description=Added by the VBS.LIDO WORM - where ** is a number between 65 and 76 Source=Paul Collins Startup list [l44sys**] Number=5493 Confirmed=X Filename=winmine Description=Added by the VBS.LIDO WORM - where ** is a number between 33 and 44 Source=Paul Collins Startup list [L4r1$$a] Number=5494 Confirmed=X Filename=L4r1$$a.pif Description=Added by the ASSIRAL-C WORM! Source=Paul Collins Startup list [Lachesis] Number=5495 Confirmed=Y Filename=razerhid.exe Description=Razer Lachesis mouse driver Source=Paul Collins Startup list [LaCie Backup] Number=5496 Confirmed=U Filename=LaCieBackup.exe Description=LaCie '1-Click' backup software for their range of mobile hard drives Source=Paul Collins Startup list [laim] Number=5497 Confirmed=U Filename=aimlite.exe Description="AIM Lite is a reference application for testing some new client technology developed here at AOL?, with the goal of being a simple, fun, light IM client" Source=Paul Collins Startup list [laltin] Number=5498 Confirmed=X Filename=L90112201.Stub.exe Description=Delfin Media Viewer adware related Source=Paul Collins Startup list [LAN Driver] Number=5499 Confirmed=X Filename=landriver32.exe Description=Added by the RBOT.BT WORM! Source=Paul Collins Startup list [lanbrup] Number=5500 Confirmed=X Filename=lanbrup.exe Description=SafeSurfing adware Source=Paul Collins Startup list [LANDeskInventoryClient] Number=5501 Confirmed=U Filename=LDIScn32.exe Description=LANDesk? Management Suite software component Source=Paul Collins Startup list [LanguageMonitor] Number=5502 Confirmed=U Filename=Oplmsb01.exe Description=OKI Printer language support monitor Source=Paul Collins Startup list [LanguageShortcut] Number=5503 Confirmed=? Filename=Language.exe Description=Part of Cyberlink's PowerDVD prior to version 8. Language settings? Source=Paul Collins Startup list [LanGuard] Number=5504 Confirmed=X Filename=languard.exe Description=Adware downloader - also detected as the SECONDT-C TROJAN! Source=Paul Collins Startup list [LanGuard] Number=5505 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADER-VO TROJAN! Source=Paul Collins Startup list [lanmanwrk.exe] Number=5506 Confirmed=X Filename=lanmanwrk.exe Description=Added by the AGENT.AIA TROJAN! Source=Paul Collins Startup list [LANMessage Pro] Number=5507 Confirmed=U Filename=LANMES~1.exe Description=LANMessage Pro - "a powerful tool for communicating with other people on your office/home network" Source=Paul Collins Startup list [LanSpeed2] Number=5508 Confirmed=U Filename=LanSpeed2.exe Description=Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) Source=Paul Collins Startup list [LanzarL2007] Number=5509 Confirmed=? Filename=[path] setup.exe Description=?? Source=Paul Collins Startup list [LaoKey] Number=5510 Confirmed=U Filename=LaoKey.exe Description=Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications Source=Paul Collins Startup list [LapLink scheduler] Number=5511 Confirmed=U Filename=Llsched.exe Description=Utility that automatically performs file transfers as unattended background operations Source=Paul Collins Startup list [Lar] Number=5512 Confirmed=X Filename=Llass.exe Description=Added by the INOR-A TROJAN! Source=Paul Collins Startup list [lar] Number=5513 Confirmed=X Filename=[trojan filename] Description=Added by the ROXY.C TROJAN! Source=Paul Collins Startup list [LARISSA ANTI VIRUS] Number=5514 Confirmed=X Filename=LARISSA_ANTI_VIRUS.exe Description=Added by the KLASSIR TROJAN! Source=Paul Collins Startup list [Lasb] Number=5515 Confirmed=? Filename=ewat.exe Description=?? Source=Paul Collins Startup list [LasErma] Number=5516 Confirmed=X Filename=Ermasys32.exe Description=Added by the LERMA-A WORM! Source=Paul Collins Startup list [LAsIAf32] Number=5517 Confirmed=X Filename=RePEAtLD.exe Description=Added by the REPEATLD WORM! Source=Paul Collins Startup list [lasse] Number=5518 Confirmed=X Filename=lasse.exe Description=Added by the NTOS TROJAN! Source=Paul Collins Startup list [LASTinst] Number=5519 Confirmed=Y Filename=N/A Description=For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out Source=Paul Collins Startup list [Later] Number=5520 Confirmed=? Filename=later.exe Description=?? Source=Paul Collins Startup list [LaunApp] Number=5521 Confirmed=U Filename=LaunApp.exe Description=Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 Source=Paul Collins Startup list [Launcg] Number=5522 Confirmed=? Filename=launcg.exe Description=?? Source=Paul Collins Startup list [Launch Ai Booster] Number=5523 Confirmed=U Filename=OverClk.exe Description=ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup Source=Paul Collins Startup list [Launch Context 5.0] Number=5524 Confirmed=N Filename=Launch.exe Description=Context - electronic dictionary Source=Paul Collins Startup list [Launch K9] Number=5525 Confirmed=U Filename=K9.exe Description=K9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time" Source=Paul Collins Startup list [Launch LCDMon] Number=5526 Confirmed=N Filename=LCDMon.exe Description=Driver/utility for Logitech G-Series gaming keyboards and mice Source=Paul Collins Startup list [Launch LGDCore] Number=5527 Confirmed=U Filename=LGDCore.exe Description=Driver/utility for Logitech G-Series gaming keyboards and mice Source=Paul Collins Startup list [Launch Norton AntiVirus 2000] Number=5528 Confirmed=X Filename=jorgf.exe Description=Added by the RBOT-AUI WORM! Source=Paul Collins Startup list [Launch YahooPOPs! at Windows startup] Number=5529 Confirmed=N Filename=YAHOOPOPS.EXE Description=YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs Source=Paul Collins Startup list [LaunchAp] Number=5530 Confirmed=U Filename=LaunchAp.exe Description=Programmable keys on Acer, Fujitsu and other laptops Source=Paul Collins Startup list [LaunchApp] Number=5531 Confirmed=U Filename=Alaunch.exe Description=Acer Launch tool utility on laptops Source=Paul Collins Startup list [Launchboard] Number=5532 Confirmed=U Filename=lnchbrd.exe Description="LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" Source=Paul Collins Startup list [Launcher] Number=5533 Confirmed=X Filename=launcher.exe Description=Spyware component related to DownloadWare and found in %ProgramFiles%\KFH Source=Paul Collins Startup list [Launcher] Number=5534 Confirmed=N Filename=relaunch.exe Description=Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs Source=Paul Collins Startup list [Launcher] Number=5535 Confirmed=U Filename=launcher.exe Description=PC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directory Source=Paul Collins Startup list [Launcher] Number=5536 Confirmed=U Filename=Launcher.exe Description=SpeedUpMyPC 2009 from Uniblue - which "lets you monitor and control all your PC resources with easy, one click instructions. System settings, internet usage, disk clutter, RAM and CPU are all automatically scanned, cleaned and optimized for peak performance." Located in %ProgramFiles%\Uniblue\SpeedUpMyPC Source=Paul Collins Startup list [LaunchList] Number=5537 Confirmed=? Filename=LaunchList2.exe Description=Part of Pinnacle Studio video editing suite. What does it do and is it required? Source=Paul Collins Startup list [Lavasoft Ad-Aware] Number=5538 Confirmed=X Filename=Ad-Aware.exe Description=Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool Source=Paul Collins Startup list [Lavasoft Adwatch] Number=5539 Confirmed=U Filename=Ad-watch.exe Description=Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Source=Paul Collins Startup list [layersldm] Number=5540 Confirmed=X Filename=hostplsrvc.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Laz] Number=5541 Confirmed=X Filename=Kernn.exe Description=Added by the BANCOS-LN WORM! Source=Paul Collins Startup list [LBTWiz.exe] Number=5542 Confirmed=X Filename=LBTWiz.exe Description=Added by the SDBOT-DHY WORM! Source=Paul Collins Startup list [Lcass] Number=5543 Confirmed=X Filename=Lcass.exe Description=Added by the SILLYFDC-W WORM! Source=Paul Collins Startup list [LCD Smartie] Number=5544 Confirmed=U Filename=LCDSmartie.exe Description="LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD display Source=Paul Collins Startup list [LCDC] Number=5545 Confirmed=U Filename=LCDC.exe Description=LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins Source=Paul Collins Startup list [LCDMon] Number=5546 Confirmed=Y Filename=LCDMon.exe Description=Driver/utility for Logitech G-Series gaming keyboards and mice Source=Paul Collins Startup list [LCDPlayer] Number=5547 Confirmed=Y Filename=LCDPlyer.exe Description=Related to SuperAdBlocker Source=Paul Collins Startup list [lcfep] Number=5548 Confirmed=N Filename=lcfep.exe Description=Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" Source=Paul Collins Startup list [LCIDConfig] Number=5549 Confirmed=? Filename=lcidchng.exe Description=?? Source=Paul Collins Startup list [LClock] Number=5550 Confirmed=U Filename=lclock.exe Description=LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock Source=Paul Collins Startup list [lcvga] Number=5551 Confirmed=X Filename=lcvga.exe Description=Added by the HOSTOL-A TROJAN! Source=Paul Collins Startup list [ld] Number=5552 Confirmed=X Filename=ld.exe Description=CoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.com Source=Paul Collins Startup list [LDM] Number=5553 Confirmed=N Filename=backweb-8876480.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [LDM] Number=5554 Confirmed=N Filename=ldmconf.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [LDM] Number=5555 Confirmed=N Filename=LogitechDesktopMessenger.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [ldriver] Number=5556 Confirmed=X Filename=ldriver.exe Description=Added by the CHORUS-A TROJAN! Searchforfree browser hijacker Source=Paul Collins Startup list [LED TRAY] Number=5557 Confirmed=U Filename=LEDTRAY.EXE Description=Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work Source=Paul Collins Startup list [ledpointer] Number=5558 Confirmed=U Filename=CNYHKey.exe Description=Chicony Electronics Multimedia Keyboard Hotkey Driver Source=Paul Collins Startup list [LeechGet] Number=5559 Confirmed=N Filename=LeechGet.exe Description=LeechGet download manager Source=Paul Collins Startup list [leeman] Number=5560 Confirmed=X Filename=leeman.exe Description=Added by the COSIAM-D TROJAN! Source=Paul Collins Startup list [LEMSRV] Number=5561 Confirmed=X Filename=lemsrv.exe Description=Added by the IRCBOT-TC TROJAN! Source=Paul Collins Startup list [LetsSearch] Number=5562 Confirmed=X Filename=LetsSearch.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [Letum] Number=5563 Confirmed=X Filename=[path to worm] Description=Added by the LETUM.A WORM! Source=Paul Collins Startup list [Lexmark 1200 Series] Number=5564 Confirmed=U Filename=lxczbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark 2200 Series] Number=5565 Confirmed=U Filename=lxbvbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark 3100 Series] Number=5566 Confirmed=U Filename=lxbrbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark 4200 Series] Number=5567 Confirmed=U Filename=lxbmbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark 5200 series] Number=5568 Confirmed=U Filename=lxbtbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark 5400 Series Fax Server] Number=5569 Confirmed=U Filename=fm3032.exe Description=FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software Source=Paul Collins Startup list [Lexmark 7600 Series Fax Server] Number=5570 Confirmed=U Filename=fm3032.exe Description=FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software Source=Paul Collins Startup list [Lexmark Print] Number=5571 Confirmed=X Filename=lexmark.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Lexmark X1100 Series] Number=5572 Confirmed=U Filename=lxbkbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X5100 Series] Number=5573 Confirmed=U Filename=lxbabmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X6100 Series] Number=5574 Confirmed=U Filename=lxbfbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X63 Button Manager] Number=5575 Confirmed=U Filename=AcBtnMgr_X63.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X63 Button Monitor] Number=5576 Confirmed=U Filename=ACMonitor_X63.exe Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Source=Paul Collins Startup list [Lexmark X73 Button Manager] Number=5577 Confirmed=U Filename=AcBtnMgr_X73.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X73 Button Monitor] Number=5578 Confirmed=U Filename=ACMonitor_X73.exe Description=Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" Source=Paul Collins Startup list [Lexmark X74-X75] Number=5579 Confirmed=U Filename=lxbbbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X83 Button Manager] Number=5580 Confirmed=U Filename=AcBtnMgr_X83.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X83 Button Monitor] Number=5581 Confirmed=U Filename=ACMonitor_X83.exe Description=Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" Source=Paul Collins Startup list [Lexmark X84-X85 Button Manager] Number=5582 Confirmed=U Filename=AcBtnMgr_X84-X85.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [Lexmark X84-X85 Button Monitor] Number=5583 Confirmed=U Filename=ACMonitor_X84-X85.exe Description=Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" Source=Paul Collins Startup list [LexmarkPrinTray] Number=5584 Confirmed=N Filename=printray.exe Description=Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray Source=Paul Collins Startup list [Lexmark_X79-55] Number=5585 Confirmed=X Filename=lsasss.exe Description=Added by the ZONEBAC TROJAN! Source=Paul Collins Startup list [lexplore] Number=5586 Confirmed=X Filename=lexplore.exe Description=Added by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [lexpps] Number=5587 Confirmed=N Filename=lexpps.exe Description=For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges Source=Paul Collins Startup list [LexStart] Number=5588 Confirmed=U Filename=lexstart.exe Description=Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance Source=Paul Collins Startup list [Lfh] Number=5589 Confirmed=X Filename=Lfh.exe Description=Added by the ZAURGA-A TROJAN! Source=Paul Collins Startup list [Lfsndmng] Number=5590 Confirmed=U Filename=lfsndmng.exe Description=LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents" Source=Paul Collins Startup list [LG Direct Media Button Service] Number=5591 Confirmed=U Filename=LGDMEBTN.exe Description=Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music Source=Paul Collins Startup list [LG Intelligent Update] Number=5592 Confirmed=N Filename=autoupdate.exe Description=Automatic update utility for LG Notebooks Source=Paul Collins Startup list [LG Magnifier] Number=5593 Confirmed=N Filename=MagnifyingGlass.exe Description=Screen area magnifying utility for LG Notebooks Source=Paul Collins Startup list [LGDCore] Number=5594 Confirmed=U Filename=LGDCore.exe Description=Driver/utility for Logitech G-Series gaming keyboards and mice Source=Paul Collins Startup list [lgfxTray] Number=5595 Confirmed=X Filename=lgfxTray.exe Description=Added by the TAKEOBEL WORM! Note - the filename has a lower case "L" rather than an upper case "i" at the beginning and should not be confused with the valid Intel graphics file "igfxtray.exe" Source=Paul Collins Startup list [lgm] Number=5596 Confirmed=X Filename=lgm.exe Description=Added by the ACID-F WORM! Source=Paul Collins Startup list [LGODDFU] Number=5597 Confirmed=U Filename=fwupdate.exe Description=Auto firmware update program for LG Electronics CD-ROM/DVD writer Source=Paul Collins Startup list [LgWDskTp] Number=5598 Confirmed=U Filename=LgWDskTp.exe Description=Logitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clock Source=Paul Collins Startup list [lhttseng] Number=5599 Confirmed=N Filename=rundll32.exe ..lhttseng.inf, RemoveCabinet Description=Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine Source=Paul Collins Startup list [li-multi****] Number=5600 Confirmed=X Filename=li-multi****.exe Description=Adult web-dialler - **** is random Source=Paul Collins Startup list [li-rcash00001] Number=5601 Confirmed=X Filename=vldial.exe Description=Added by the Vl TROJAN! Source=Paul Collins Startup list [li-speed****] Number=5602 Confirmed=X Filename=dlres.exe Description=Adult web-dialler - **** is random Source=Paul Collins Startup list [li-thund****] Number=5603 Confirmed=X Filename=li-thund****.exe Description=Adult web-dialler - **** is random Source=Paul Collins Startup list [li-vita****] Number=5604 Confirmed=X Filename=li-vita****.exe Description=Adult web-dialler - **** is random Source=Paul Collins Startup list [li01f948] Number=5605 Confirmed=X Filename=rundll32.exe li01f948.dll, EnableRunDLL32 Description=LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [libtec] Number=5606 Confirmed=X Filename=rundll32.exe libtec.dll,start Description=Added by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System% Source=Paul Collins Startup list [LicCrtl] Number=5607 Confirmed=N Filename=runservice.exe Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program Source=Paul Collins Startup list [LicCtrl] Number=5608 Confirmed=U Filename=rundll32.exe MMFS.DLL, Service Description=Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [License Manager] Number=5609 Confirmed=X Filename=license_manager.exe Description=MediaPipe peer-to-peer file swapping program also reported as a hijacker Source=Paul Collins Startup list [lich] Number=5610 Confirmed=X Filename=lich.exe Description=Added by the QLOWZON-BN TROJAN! Source=Paul Collins Startup list [LidPolicy] Number=5611 Confirmed=U Filename=pwrschem.exe Description=A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery Source=Paul Collins Startup list [Life FireWall Update1] Number=5612 Confirmed=X Filename=FireWall-Update1.exe Description=Added by the RBOT-ARS WORM! Source=Paul Collins Startup list [LifeCam] Number=5613 Confirmed=? Filename=LifeExp.exe Description=Related to Microsoft's LifeCam series of webcams. What does it do and is it required? Source=Paul Collins Startup list [LifeChat] Number=5614 Confirmed=U Filename=LifeChat.exe Description=Support software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live Messenger Source=Paul Collins Startup list [LifeDrive Manager] Number=5615 Confirmed=N Filename=LifeDriveMgr.exe Description=Keeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> Programs Source=Paul Collins Startup list [LifeDrive? Manager] Number=5616 Confirmed=U Filename=LifeDriveMgrTray.exe Description=System Tray utility for the Palm LifeDrive Mobile Manager Source=Paul Collins Startup list [LifeScape Media Detector] Number=5617 Confirmed=N Filename=PicasaMediaDetector.exe Description=Media detector for Picasa's automatic photo organizer Source=Paul Collins Startup list [lify] Number=5618 Confirmed=X Filename=yujixit.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Lightning Download] Number=5619 Confirmed=U Filename=Lightning.exe Description=Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer Source=Paul Collins Startup list [liibr] Number=5620 Confirmed=X Filename=liibr.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! Source=Paul Collins Startup list [Limewire] Number=5621 Confirmed=X Filename=LimeWire.exe Description=Added by the RBOT-AGH WORM! Source=Paul Collins Startup list [LimeWire On Startup] Number=5622 Confirmed=N Filename=LimeWire.exe Description=LimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware Source=Paul Collins Startup list [LimeWire x.x] Number=5623 Confirmed=N Filename=LimeWire.exe Description=LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware Source=Paul Collins Startup list [limewirepro.exe] Number=5624 Confirmed=X Filename=limewirepro.exe Description=Added by the IRCBOT-WA WORM! Source=Paul Collins Startup list [Limpet] Number=5625 Confirmed=X Filename=explorer16.exe Description=Added by the RBOT-AJD WORM! Source=Paul Collins Startup list [Line Speed Meter V3.0] Number=5626 Confirmed=N Filename=LineSpeedMeter.exe Description=LineSpeedMeter - detect the download and upload speed of your internet connection Source=Paul Collins Startup list [Lingvo Launcher] Number=5627 Confirmed=U Filename=Lvagent.exe Description=ABBYY Lingvo Electronic Dictionaries Source=Paul Collins Startup list [LingvoTraining] Number=5628 Confirmed=U Filename=Tutor.exe Description=ABBYY Lingvo Electronic Dictionaries Source=Paul Collins Startup list [Linker] Number=5629 Confirmed=X Filename=LinkMaker.exe Description=Links adware Source=Paul Collins Startup list [links] Number=5630 Confirmed=X Filename=links.exe Description=Added by the LOWZONE-BI TROJAN! Source=Paul Collins Startup list [Linksts] Number=5631 Confirmed=N Filename=linksts.exe Description=Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon Source=Paul Collins Startup list [Linksys Modem Drivers] Number=5632 Confirmed=X Filename=linksys.exe Description=Added by the IRCBOT.VD WORM! Source=Paul Collins Startup list [linkyuu] Number=5633 Confirmed=X Filename=linkuyy.exe Description=Added by the DLOADER.MC TROJAN! Source=Paul Collins Startup list [Linux] Number=5634 Confirmed=X Filename=Linux.vbs Description=Added by the LOVELETTER.AS VIRUS! Source=Paul Collins Startup list [LiquidView] Number=5635 Confirmed=U Filename=lviewj.exe Description="Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor" Source=Paul Collins Startup list [Lisa] Number=5636 Confirmed=X Filename=Lisa.exe Description=Added by the SCOM-D premium rate adult content dialler Source=Paul Collins Startup list [List checker 32 BIT] Number=5637 Confirmed=X Filename=list32.exe Description=Added by the RBOT-AHO WORM! Source=Paul Collins Startup list [Litebot] Number=5638 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-A TROJAN! Source=Paul Collins Startup list [LIU] Number=5639 Confirmed=N Filename=LIU.exe Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway Source=Paul Collins Startup list [LIU] Number=5640 Confirmed=N Filename=Rubicon.exe Description=Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway Source=Paul Collins Startup list [Live Menu] Number=5641 Confirmed=N Filename=Dllcmd32.exe Description=eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here Source=Paul Collins Startup list [Live Messanger] Number=5642 Confirmed=X Filename=livemsgr.exe Description=Detected by Kaspersky as the RBOT.BXX WORM! See here Source=Paul Collins Startup list [Live Messanger] Number=5643 Confirmed=X Filename=wllmsngr.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Live update monitor] Number=5644 Confirmed=X Filename=srvany32.exe Description=Added by the AGOBOT.AFM WORM! Source=Paul Collins Startup list [Live Windows Messenger Version] Number=5645 Confirmed=X Filename=msnmessage7.7.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Live Windows Messenger Version] Number=5646 Confirmed=X Filename=msnmsngrlive.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Live-Help] Number=5647 Confirmed=X Filename=lmns.exe Description=Added by the RBOT-GHE WORM! Source=Paul Collins Startup list [Live-Messenger.exe] Number=5648 Confirmed=X Filename=Live-Messenger.exe Description=Detected by Symantec as the SILLYP2P WORM! See here Source=Paul Collins Startup list [LiveMonitor] Number=5649 Confirmed=N Filename=LMonitor.exe Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information Source=Paul Collins Startup list [LiveNote] Number=5650 Confirmed=N Filename=Livenote.exe Description=Asus graphics card driver live update feature Source=Paul Collins Startup list [LiveSexCams] Number=5651 Confirmed=X Filename=LiveSexCams.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [LiveUpdate] Number=5652 Confirmed=U Filename=LiveUpdate.exe Description=Web-update utility as used by various types of software - see here Source=Paul Collins Startup list [LiveUpdate] Number=5653 Confirmed=X Filename=[Windows username]05.exe Description=Added by the LINEAGE TROJAN! Source=Paul Collins Startup list [LiveUpdate] Number=5654 Confirmed=X Filename=smss.exe Description=Added by the VB.BAU TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [LiveUpdate] Number=5655 Confirmed=N Filename=Copyer.exe Description=Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example Source=Paul Collins Startup list [LiveUpdate32] Number=5656 Confirmed=X Filename=services.exe Description=Added by the VB.BAU TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Livre] Number=5657 Confirmed=X Filename=Dibane.bat Description=Added by the BANEDI VIRUS! Source=Paul Collins Startup list [Ljx] Number=5658 Confirmed=X Filename=rundll32.exe Description=Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the "inf" sub-folder Source=Paul Collins Startup list [lk3h1] Number=5659 Confirmed=X Filename=[path to file] Description=Added by the MOSUCK-G TROJAN! Source=Paul Collins Startup list [LLMODCL2] Number=5660 Confirmed=? Filename=rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF Description=?? Source=Paul Collins Startup list [LM Status] Number=5661 Confirmed=N Filename=LMSTATUS.EXE Description=Xerox WorkCenter XE - language monitor status application Source=Paul Collins Startup list [LMA Manager] Number=5662 Confirmed=X Filename=lmamanager.exe Description=Added by the TILEBOT-AD WORM! Source=Paul Collins Startup list [LManager] Number=5663 Confirmed=U Filename=QtZgAcer.EXE Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio Source=Paul Collins Startup list [LManager] Number=5664 Confirmed=U Filename=QtZpAcer.exe Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio Source=Paul Collins Startup list [LManager] Number=5665 Confirmed=U Filename=HotkeyApp.exe Description=Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio Source=Paul Collins Startup list [LManager] Number=5666 Confirmed=U Filename=QtaET2S.EXE Description=Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards Source=Paul Collins Startup list [LManager] Number=5667 Confirmed=U Filename=CPLBCL53.EXE Description=System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations Source=Paul Collins Startup list [lMAPl] Number=5668 Confirmed=X Filename=lMAPl.exe Description=Added by the AGOBOT-RE WORM! Source=Paul Collins Startup list [LMgrOSD] Number=5669 Confirmed=U Filename=OSDCtrl.exe Description=OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language Source=Paul Collins Startup list [LMonitor] Number=5670 Confirmed=N Filename=LMonitor.exe Description=MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information Source=Paul Collins Startup list [lmpdpsrv] Number=5671 Confirmed=? Filename=lmpdpsrv.exe Description=Related to a Lexmark printer/scanner. Printer sharing server? Is it required? Source=Paul Collins Startup list [lmrt] Number=5672 Confirmed=X Filename=lmrt.exe Description=Unidentified adware Source=Paul Collins Startup list [LMSTATUS] Number=5673 Confirmed=N Filename=LMSTATUS.EXE Description=Xerox WorkCenter XE - language monitor status application Source=Paul Collins Startup list [LMSXXD] Number=5674 Confirmed=Y Filename=LMSXXD.exe Description=Driver for Xerox XD series printer/copiers Source=Paul Collins Startup list [lmu] Number=5675 Confirmed=X Filename=LMU.exe Description=Detected by Kaspersky as the AGENT.BG TROJAN! Source=Paul Collins Startup list [lnternet Explorer] Number=5676 Confirmed=X Filename=AMSNDMGR.EXE Description=Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I" Source=Paul Collins Startup list [lnternet Update] Number=5677 Confirmed=X Filename=lExplore.exe Description=Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [lnwin.exe] Number=5678 Confirmed=X Filename=lnwin.exe Description=Added by the DLOADR-ATC TROJAN! Source=Paul Collins Startup list [load] Number=5679 Confirmed=X Filename=mdm.exe Description=Added by the BINGHE TROJAN! Source=Paul Collins Startup list [load] Number=5680 Confirmed=X Filename=msgsr32.exe Description=Added by the SDBOT-QR WORM! Source=Paul Collins Startup list [load] Number=5681 Confirmed=X Filename=[path to worm] Description=Added by the KELVIR.AI WORM! Source=Paul Collins Startup list [Load] Number=5682 Confirmed=X Filename=MyGame.exe Description=Added by the LAMEYEAR-A WORM! Source=Paul Collins Startup list [load] Number=5683 Confirmed=X Filename=_Kerne1.exe Description=Added by the LINEAGE-AN TROJAN! Source=Paul Collins Startup list [load] Number=5684 Confirmed=X Filename=Internat.exe Description=Added by the WOWCRAFT TROJAN! Source=Paul Collins Startup list [load] Number=5685 Confirmed=X Filename=rundll32.exe Description=Added by the WOWCRAFT TROJAN! Source=Paul Collins Startup list [load] Number=5686 Confirmed=X Filename=svhost32.exe Description=Added by the WOWCRAFT TROJAN! Source=Paul Collins Startup list [load] Number=5687 Confirmed=X Filename=svchsot.exe Description=Added by the GWGHOST-O TROJAN! Source=Paul Collins Startup list [load] Number=5688 Confirmed=X Filename=explorer.exe Description=Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [load] Number=5689 Confirmed=X Filename=Kerne121.exe Description=Added by the LINEAGE-ON TROJAN! Source=Paul Collins Startup list [load] Number=5690 Confirmed=X Filename=Kerne1211.exe Description=Added by the LINEAGE-DY TROJAN! Source=Paul Collins Startup list [load] Number=5691 Confirmed=X Filename=rundl132.exe Description=Added by the LOOKED-CK WORM! Source=Paul Collins Startup list [load] Number=5692 Confirmed=X Filename=ctftpscr32.exe Description=Added by the AGENT-FPN TROJAN! Source=Paul Collins Startup list [Load] Number=5693 Confirmed=X Filename=win32.exe Description=Added by the RUBBLE-A WORM! Source=Paul Collins Startup list [load] Number=5694 Confirmed=X Filename=QQ.exe Description=Added by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir% Source=Paul Collins Startup list [Load Service] Number=5695 Confirmed=X Filename=SvHost.exe Description=Added by the PESIN-D WORM! Source=Paul Collins Startup list [LOAD WB] Number=5696 Confirmed=U Filename=LOADWB.EXE Description=Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it Source=Paul Collins Startup list [Load-Guard] Number=5697 Confirmed=X Filename=Wscript.exe LGuarg.exe.vbs Description=Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [LOAD32] Number=5698 Confirmed=X Filename=Lorena.exe Description=Added by the MAPSON.C WORM! Source=Paul Collins Startup list [load32] Number=5699 Confirmed=X Filename=load32.exe Description=Added by the NIBU, BAMBO TROJANS and DUMARU WORM! Source=Paul Collins Startup list [load32] Number=5700 Confirmed=X Filename=l32x.exe Description=Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM! Source=Paul Collins Startup list [load32] Number=5701 Confirmed=X Filename=1111a.exe Description=Added by the DUMARU.AH WORM! Source=Paul Collins Startup list [load32] Number=5702 Confirmed=X Filename=swchost.exe Description=Added by the TURTA.A WORM! Source=Paul Collins Startup list [load32] Number=5703 Confirmed=X Filename=netda.exe Description=Added by the NIBU.E TROJAN! Source=Paul Collins Startup list [load32] Number=5704 Confirmed=X Filename=winldra.exe Description=Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger Source=Paul Collins Startup list [load=] Number=5705 Confirmed=N Filename=adw30.exe Description=After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 Source=Paul Collins Startup list [load=] Number=5706 Confirmed=U Filename=asistat.exe Description=Status monitor for an NEC SuperScript printer Source=Paul Collins Startup list [load=] Number=5707 Confirmed=? Filename=cfgsys32.exe Description=?? Source=Paul Collins Startup list [load=] Number=5708 Confirmed=U Filename=esspk.exe Description=Speakerphone capability through a soundcard for an ESS modem Source=Paul Collins Startup list [load=] Number=5709 Confirmed=Y Filename=hotkey.exe Description=Solo 5300 display driver for Win2K on some Gateway laptops Source=Paul Collins Startup list [load=] Number=5710 Confirmed=N Filename=HPWHRC.EXE Description=Loads the Status Window software for the HP Laserjet printers Source=Paul Collins Startup list [load=] Number=5711 Confirmed=? Filename=WPSLOAD.EXE Description=Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk Source=Paul Collins Startup list [load=] Number=5712 Confirmed=N Filename=vi_grm.exe Description=Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings Source=Paul Collins Startup list [load=] Number=5713 Confirmed=? Filename=WINOSCFG.EXE Description=Could it be something to do with configuring Windows on a new PC from an OEM supplier? Source=Paul Collins Startup list [load=] Number=5714 Confirmed=Y Filename=wpshrc.exe Description=Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others) Source=Paul Collins Startup list [load=] Number=5715 Confirmed=Y Filename=Bfrecv.exe Description=Bitware modem driver Source=Paul Collins Startup list [load=] Number=5716 Confirmed=X Filename=msater.exe Description=Added by the RETSAM TROJAN! Source=Paul Collins Startup list [load=] Number=5717 Confirmed=X Filename=shambl3r.exe Description=Added by the REMABL WORM! Source=Paul Collins Startup list [load=] Number=5718 Confirmed=X Filename=Spoolsv.exe Description=Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir% Source=Paul Collins Startup list [Load=] Number=5719 Confirmed=? Filename=wtfeat.exe Description=Associated with the Wintab Digitizer Source=Paul Collins Startup list [load=] Number=5720 Confirmed=Y Filename=AICLIENT.EXE Description=Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system Source=Paul Collins Startup list [load=] Number=5721 Confirmed=X Filename=hint.exe Description=Added by the ATAK WORM! Source=Paul Collins Startup list [load=] Number=5722 Confirmed=X Filename=win32exec.exe Description=Added by the BITTER WORM! Source=Paul Collins Startup list [load=] Number=5723 Confirmed=X Filename=a1g.exe Description=Added by the ATAK.B WORM! Source=Paul Collins Startup list [load=] Number=5724 Confirmed=X Filename=dapdll.exe Description=Added by the ATAK.E WORM! Source=Paul Collins Startup list [load=] Number=5725 Confirmed=X Filename=svhost32.exe Description=Added by the LINEAGE-AB TROJAN! Source=Paul Collins Startup list [load=] Number=5726 Confirmed=Y Filename=01comm32.exe Description=Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those Source=Paul Collins Startup list [load=] Number=5727 Confirmed=X Filename=inetinfo.exe Description=Added by the PROXY-GG TROJAN! Source=Paul Collins Startup list [load=] Number=5728 Confirmed=X Filename=Kerne14.exe Description=Added by the LINEAGE-BA TROJAN! Source=Paul Collins Startup list [Loadab1] Number=5729 Confirmed=X Filename=explorer.exe Description=Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% Source=Paul Collins Startup list [LoadBlackD] Number=5730 Confirmed=Y Filename=blackd.exe Description=This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility) Source=Paul Collins Startup list [LoadBtnHnd] Number=5731 Confirmed=U Filename=BtnHnd.exe Description=Fujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock input Source=Paul Collins Startup list [LoadDBackUp] Number=5732 Confirmed=X Filename=BcTool.exe Description=Added by the GIBE WORM! Source=Paul Collins Startup list [loaddll] Number=5733 Confirmed=X Filename=loaddll.exe Description=Winvest spyware Source=Paul Collins Startup list [LoadDvpApi9x] Number=5734 Confirmed=? Filename=DVPAPI9X.exe Description=Part of Command AntiVirus for Windows 95/98/Me. Is it needed? Source=Paul Collins Startup list [loader] Number=5735 Confirmed=X Filename=loader.exe Description=Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe Source=Paul Collins Startup list [loader] Number=5736 Confirmed=X Filename=WMPLAYER.EXE Description=Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup Source=Paul Collins Startup list [loader32 ] Number=5737 Confirmed=X Filename=sys*****.exe [***** = random digit] Description=Added by the DOMCOM TROJAN! Source=Paul Collins Startup list [loader32] Number=5738 Confirmed=X Filename=Loader32.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Loaders] Number=5739 Confirmed=X Filename=HeIp.exe Description=Added by the SDBOT-ADB WORM! Source=Paul Collins Startup list [loadfax] Number=5740 Confirmed=X Filename=loadfax.exe Description=Added by the WINFLUX-C TROJAN! Source=Paul Collins Startup list [LoadFonts] Number=5741 Confirmed=X Filename=LoadFonts.vbs Description=Homepage hijacker that changes your homepage to an adult content site Source=Paul Collins Startup list [LoadFonts] Number=5742 Confirmed=X Filename=Tahoma.vbs Description=Homepage hijacker that changes your homepage to an adult content site Source=Paul Collins Startup list [LoadFujitsuQuickTouch] Number=5743 Confirmed=U Filename=QuickTouch.exe Description=Maps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions Source=Paul Collins Startup list [LoadGolfCourses] Number=5744 Confirmed=X Filename=LoadGolfCourses.exe Description=PlayMiniGolf.com foistware - stealth installed! Source=Paul Collins Startup list [LoadHTML] Number=5745 Confirmed=X Filename=rundll32.exe mshtmpre.dll, MShtmpre Description=Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [LoadingAgent] Number=5746 Confirmed=X Filename=ZipLoader32.exe Description=Added by the OBLIVION TROJAN! This executable is one of the most common but there are more Source=Paul Collins Startup list [LoadingAgent] Number=5747 Confirmed=X Filename=msload32.exe Description=Added by the OBLIVION TROJAN! This executable is one of the most common but there are more Source=Paul Collins Startup list [LoadManager] Number=5748 Confirmed=X Filename=msload.exe Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [loadMecq0] Number=5749 Confirmed=X Filename=explorer.exe Description=Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% Source=Paul Collins Startup list [loadMecq3] Number=5750 Confirmed=X Filename=rundll32.exe Description=Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the Root folder (C:\), (D:\), etc Source=Paul Collins Startup list [loadMect1] Number=5751 Confirmed=X Filename=explorer.exe Description=Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% Source=Paul Collins Startup list [loadMefs] Number=5752 Confirmed=X Filename=rundll32.exe Description=Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in the Windows\inf or Winnt\inf folder Source=Paul Collins Startup list [loadMefs] Number=5753 Confirmed=X Filename=smss32.exe Description=Added by the FLOOD-EL TROJAN! Source=Paul Collins Startup list [LoadMSvcmm] Number=5754 Confirmed=N Filename=msvcmm32.exe Description=Auto-update for Movielink - internet movie rental System Tray access Source=Paul Collins Startup list [LoadOrderVerification] Number=5755 Confirmed=X Filename=[random filename] Description=Added by the TRON.A TROJAN! Source=Paul Collins Startup list [Loadout Manager] Number=5756 Confirmed=U Filename=nost_LM.exe Description=Manager for the Belkin Nostromo n50 SpeedPad game controller - see here Source=Paul Collins Startup list [LoadPFW] Number=5757 Confirmed=X Filename=wmimgr.exe Description=Added by the QEDS-B WORM! Source=Paul Collins Startup list [LoadPowerProfile] Number=5758 Confirmed=X Filename=ASDAPI.EXE Description=Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll Source=Paul Collins Startup list [LoadPowerProfile] Number=5759 Confirmed=U Filename=Rundll32.exe powrprof.dll Description=Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings Source=Paul Collins Startup list [LoadPowerProfile] Number=5760 Confirmed=X Filename=Rundll.exe powerprof.dll Description=Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe" Source=Paul Collins Startup list [LoadPowerProfile] Number=5761 Confirmed=X Filename=rundl.exe Description=Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll Source=Paul Collins Startup list [LoadPowerProfile] Number=5762 Confirmed=X Filename=Rundll32.exe Description=Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line Source=Paul Collins Startup list [LoadPowerScheme] Number=5763 Confirmed=X Filename=rundll32.exe powerprof.dll CheckPowerProfile Description=Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [LoadQM] Number=5764 Confirmed=U Filename=loadqm.exe Description=Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it Source=Paul Collins Startup list [loads.exe] Number=5765 Confirmed=X Filename=loads.exe Description=MediaMotor adware Source=Paul Collins Startup list [loads.exe] Number=5766 Confirmed=X Filename=medload.exe Description=Medload adware Source=Paul Collins Startup list [loads.exe] Number=5767 Confirmed=X Filename=suploads.exe Description=Added by the AGENT-BZ TROJAN! Source=Paul Collins Startup list [LoadService] Number=5768 Confirmed=X Filename=Rest In Peace Description=Added by the KANGAROO-A WORM! Source=Paul Collins Startup list [LoadService] Number=5769 Confirmed=X Filename=Maaf, tempatmu bukan di sin Description=Added by the KAGEN-A TROJAN! Source=Paul Collins Startup list [LoadService] Number=5770 Confirmed=X Filename=Virus Description=Added by the CAGER.A WORM! Source=Paul Collins Startup list [LoadSIPS] Number=5771 Confirmed=X Filename=rundll32.exe SIPSPI32.dll, SIPSPI32 Description=123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folder Source=Paul Collins Startup list [LoadWatcher] Number=5772 Confirmed=? Filename=Test.exe Description=Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct? Source=Paul Collins Startup list [LoadWatcher] Number=5773 Confirmed=X Filename=watcher.exe Description=Watcher spyware Source=Paul Collins Startup list [loadwin] Number=5774 Confirmed=X Filename=winset.exe Description=Added by the QQPASS-I TROJAN! Source=Paul Collins Startup list [loadwin] Number=5775 Confirmed=X Filename=winsys.exe Description=Added by the QQPASS-J TROJAN! Source=Paul Collins Startup list [LoadWindowsFile] Number=5776 Confirmed=X Filename=[filename] Description=Added by the DELF.B TROJAN! where [filename] is the infected file Source=Paul Collins Startup list [Local Area Network] Number=5777 Confirmed=X Filename=OpenGL.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Local Authority Service] Number=5778 Confirmed=X Filename=lsass.exe Description=Added by the AMRKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Local Internet Connection] Number=5779 Confirmed=X Filename=LIC.exe Description=Added by the SDBOT-YA WORM! Source=Paul Collins Startup list [LOCAL INTERNET WEB DRIVERS FOR WIN32] Number=5780 Confirmed=X Filename=phqghume.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Local Page] Number=5781 Confirmed=X Filename=http://find.naupoint.com Description=Naupoint browser hijacker Source=Paul Collins Startup list [Local runole service] Number=5782 Confirmed=X Filename=srvc32.exe Description=Added by the SMALL-DP TROJAN! Source=Paul Collins Startup list [Local Security Authority Servce] Number=5783 Confirmed=X Filename=lssas.exe Description=Added by the POEBOT-T WORM! Source=Paul Collins Startup list [Local Security Authority Service] Number=5784 Confirmed=X Filename=lssas.exe Description=Added by the POEBOT-J WORM! Source=Paul Collins Startup list [Local Security Authority Service] Number=5785 Confirmed=X Filename=Isass.exe Description=Added by the LINKBOT.M WORM! Source=Paul Collins Startup list [Local Service] Number=5786 Confirmed=X Filename=Intenat.exe Description=Added by the NUCLEAR-J TROJAN! Source=Paul Collins Startup list [Local Service] Number=5787 Confirmed=X Filename=services.exe Description=Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Cursors" subfolder of the Windows or Winnt folder Source=Paul Collins Startup list [Local-Settings-of-[User Name]] Number=5788 Confirmed=X Filename=[User Name].exe Description=Added by the GAVGENT.A WORM! Source=Paul Collins Startup list [LocalProxy] Number=5789 Confirmed=U Filename=proxy4free.exe Description="ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules" Source=Paul Collins Startup list [LocalSystem] Number=5790 Confirmed=X Filename=svchost.exe Description=EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [Locator Service] Number=5791 Confirmed=X Filename=[filename] Description=Added by the AGOBOT-KY TROJAN! Source=Paul Collins Startup list [Lock My PC] Number=5792 Confirmed=U Filename=lockpc.exe Description=Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse Source=Paul Collins Startup list [logg] Number=5793 Confirmed=X Filename=logo_1.exe Description=Added by the PWFUZZ-A WORM! Source=Paul Collins Startup list [Logical Disk Detection] Number=5794 Confirmed=X Filename=mrisvc.exe Description=Detected by Kaspersky as the IRCBOT.AOW TROJAN! See here Source=Paul Collins Startup list [Logiciel de transfert d'images KODAK] Number=5795 Confirmed=N Filename=pts.exe Description=Looks for Kodak camera connection and media insertion. Available via Start -> Programs Source=Paul Collins Startup list [Login] Number=5796 Confirmed=U Filename=winlog.exe Description=Salfeld Child Control - parental control software Source=Paul Collins Startup list [login] Number=5797 Confirmed=X Filename=[path to trojan] Description=Added by the HOTWORD-A TROJAN! Source=Paul Collins Startup list [Login] Number=5798 Confirmed=X Filename=Login.exe Description=Added by the BANCBAN-AH TROJAN! Source=Paul Collins Startup list [Login] Number=5799 Confirmed=X Filename=lala.exe Description=Added by the BUGSPR-A TROJAN! Source=Paul Collins Startup list [Login Screen Saver] Number=5800 Confirmed=X Filename=login.scr Description=Added by the RBOT-AVN WORM! Source=Paul Collins Startup list [Login Service] Number=5801 Confirmed=X Filename=[path to file] Description=Added by the MIGMAF TROJAN! Source=Paul Collins Startup list [LoginPassport] Number=5802 Confirmed=X Filename=Lgnpsp32.exe Description=Added by the REDIST.C WORM! Source=Paul Collins Startup list [loginui32] Number=5803 Confirmed=X Filename=loginui32.exe Description=Added by the LONGNU.A TROJAN! Source=Paul Collins Startup list [Logitech] Number=5804 Confirmed=X Filename=Logitech.exe Description=Added by the RBOT.BJH WORM! Source=Paul Collins Startup list [Logitech BT Wizard] Number=5805 Confirmed=U Filename=LBTWiz.exe Description=Bluetooth connection manager for Logitech based bluetooth wireless products Source=Paul Collins Startup list [Logitech Camera] Number=5806 Confirmed=X Filename=Soundcane.exe Description=Added by the SDBOT.MUC WORM! Source=Paul Collins Startup list [Logitech Desktop] Number=5807 Confirmed=X Filename=ApPache.exe Description=Added by the RBOT-YP WORM! Source=Paul Collins Startup list [Logitech Desktop] Number=5808 Confirmed=X Filename=IPCONN.EXE Description=Added by the SDBOT-WE WORM! Source=Paul Collins Startup list [Logitech Desktop Controller] Number=5809 Confirmed=X Filename=wrcam.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Logitech Desktop Messenger] Number=5810 Confirmed=N Filename=backweb-8876480.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [Logitech Desktop Messenger] Number=5811 Confirmed=N Filename=ldmconf.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [Logitech Desktop Messenger] Number=5812 Confirmed=N Filename=LogitechDesktopMessenger.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [Logitech Hardware Abstraction Layer] Number=5813 Confirmed=U Filename=Khalmnpr.exe Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint Source=Paul Collins Startup list [Logitech Harmony Remote] Number=5814 Confirmed=U Filename=HarmonyClient.exe Description=Logitech Harmony advanced universal remote Source=Paul Collins Startup list [Logitech Harmony Remote Software 7] Number=5815 Confirmed=U Filename=HARMON~1.EXE Description=Logitech Harmony Advanced Universal Remote controller software Source=Paul Collins Startup list [Logitech SetPoint] Number=5816 Confirmed=U Filename=KEM.exe Description=Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys Source=Paul Collins Startup list [Logitech SetPoint] Number=5817 Confirmed=U Filename=KHALMNPR.EXE Description=Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint Source=Paul Collins Startup list [Logitech SetPoint] Number=5818 Confirmed=U Filename=Setpoint.exe Description=Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the Logitech\Setpoint sub-folder of Program Files Source=Paul Collins Startup list [Logitech Utility] Number=5819 Confirmed=U Filename=Logi_MwX.exe Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled Source=Paul Collins Startup list [Logitech Wakeup] Number=5820 Confirmed=N Filename=lgwakeup.exe Description=Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images Source=Paul Collins Startup list [Logitech Wireless] Number=5821 Confirmed=X Filename=logitechwls.exe Description=Added by the MYTOB-BS WORM! Source=Paul Collins Startup list [LogitechCameraAssistant] Number=5822 Confirmed=U Filename=CameraAssistant.exe Description=Related to Logitech QuickCams and provides additional configuration options for these devices Source=Paul Collins Startup list [LogitechCameraService(E)] Number=5823 Confirmed=U Filename=ElkCtrl.exe Description=Related to Logitech Camera Service and provides additional configuration options for these devices Source=Paul Collins Startup list [LogitechCommunicationsManager] Number=5824 Confirmed=Y Filename=communications_helper.exe Description=Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode Source=Paul Collins Startup list [LogitechDesktopMessenger] Number=5825 Confirmed=N Filename=LogitechDesktopMessenger.exe Description=Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech Source=Paul Collins Startup list [LogitechGalleryRepair] Number=5826 Confirmed=U Filename=ISStart.exe Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation Source=Paul Collins Startup list [LogitechImageStudioTray] Number=5827 Confirmed=N Filename=LogiTray.exe Description=Logitech Image Studio - installed with Logitech QuickCams Source=Paul Collins Startup list [LogitechQuickCamRibbon] Number=5828 Confirmed=N Filename=quickcam10.exe Description=Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc Source=Paul Collins Startup list [Logitechs] Number=5829 Confirmed=X Filename=Logitechs.exe Description=Added by the SDBOT.BWE WORM! Source=Paul Collins Startup list [LogitechSoftwareUpdate] Number=5830 Confirmed=N Filename=ManifestEngine.exe Description=Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras Source=Paul Collins Startup list [LogitechVideoRepair] Number=5831 Confirmed=U Filename=ISStart.exe Description=LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation Source=Paul Collins Startup list [LogitechVideoTray] Number=5832 Confirmed=N Filename=LogiTray.exe Description=Logitech Image Studio - installed with Logitech QuickCams Source=Paul Collins Startup list [LogitechVideo[inspector]] Number=5833 Confirmed=N Filename=InstallHelper.exe Description=Logitech QuickCam software installation helper Source=Paul Collins Startup list [LogiTray] Number=5834 Confirmed=N Filename=LogiTray.exe Description=Logitech Image Studio - installed with Logitech QuickCams Source=Paul Collins Startup list [Logi_Mwx] Number=5835 Confirmed=U Filename=Logi_MwX.exe Description=Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled Source=Paul Collins Startup list [LogMeIn GUI] Number=5836 Confirmed=U Filename=LogMeInSystray.exe Description=RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone Source=Paul Collins Startup list [LogMeIn GUI] Number=5837 Confirmed=U Filename=ragui.exe Description=RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone Source=Paul Collins Startup list [Logo] Number=5838 Confirmed=X Filename=[path to trojan] Description=Added by the DLOADER-RH TROJAN! Source=Paul Collins Startup list [Logon Loader] Number=5839 Confirmed=U Filename=LogonLoader.exe Description=Logon Loader - customize boot & login screens Source=Paul Collins Startup list [Logon Loader Random] Number=5840 Confirmed=U Filename=LogonLoader.exe Description=Logon Loader - customize boot & login screens Source=Paul Collins Startup list [Logon.exe] Number=5841 Confirmed=X Filename=logon.exe Description=Added by the ZINS.A TROJAN! Source=Paul Collins Startup list [LogonAdministrator] Number=5842 Confirmed=X Filename=imoet.exe Description=Added by the RAHIWI.A WORM! Source=Paul Collins Startup list [LogonStudio] Number=5843 Confirmed=U Filename=logonstudio.exe Description=WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users" Source=Paul Collins Startup list [logonUiInit] Number=5844 Confirmed=X Filename=Rundll32.exe rgtndz.dll Description=Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System% Source=Paul Collins Startup list [LogService] Number=5845 Confirmed=X Filename=wincalc.exe Description=Added by the PAPROXY TROJAN! Source=Paul Collins Startup list [LogService] Number=5846 Confirmed=X Filename=lsass.exe Description=Added by the IU TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [LogService] Number=5847 Confirmed=X Filename=lsrss.exe Description=Added by the PAPROXY-D TROJAN! Source=Paul Collins Startup list [LogWatch] Number=5848 Confirmed=U Filename=logwat95.exe Description=Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied Source=Paul Collins Startup list [lololol] Number=5849 Confirmed=X Filename=_hideme_imhiddenlololol.exe Description=Added by the HIDEME-A TROJAN! Source=Paul Collins Startup list [longos] Number=5850 Confirmed=X Filename=WIWT.EXE Description=Added by the BANKER-CD TROJAN! Source=Paul Collins Startup list [Look 'n' Stop] Number=5851 Confirmed=Y Filename=looknstop.exe Description=Look 'n' Stop personal firewall Source=Paul Collins Startup list [LookNMeet] Number=5852 Confirmed=N Filename=Agent.exe Description=LooknMeet dating service Source=Paul Collins Startup list [Lookup_Sys] Number=5853 Confirmed=X Filename=lookupsys.exe Description=P04n trojan Source=Paul Collins Startup list [Lotus Organizer EasyClip] Number=5854 Confirmed=N Filename=easyclip.exe Description="The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs Source=Paul Collins Startup list [Lotus QuickStart] Number=5855 Confirmed=N Filename=smartctr.exe Description=Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs Source=Paul Collins Startup list [Lotus SuiteStart] Number=5856 Confirmed=U Filename=suitest.exe Description=Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs Source=Paul Collins Startup list [LotusHlp] Number=5857 Confirmed=X Filename=LotusHlp.exe Description=Added by the WINKO.AO WORM! Source=Paul Collins Startup list [LowRateVoip] Number=5858 Confirmed=N Filename=LowRateVoip.exe Description=LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [LowVersionSupport] Number=5859 Confirmed=X Filename=[filename] Description=Added by the LASTRAS TROJAN! Source=Paul Collins Startup list [LPManager] Number=5860 Confirmed=U Filename=LPMGR.exe Description=Part of Lenovo's IBM ThinkVantage Productivity Center for - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad? notebook or ThinkCentre? desktop" Source=Paul Collins Startup list [Lpr] Number=5861 Confirmed=X Filename=Lpr123.exe Description=Added by the REMPSTEAL password stealer TROJAN! Source=Paul Collins Startup list [Lpr123] Number=5862 Confirmed=X Filename=Lpr123.exe Description=Added by the REMPSTEAL password stealer TROJAN! Source=Paul Collins Startup list [LPS] Number=5863 Confirmed=U Filename=Lps.exe Description=Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" Source=Paul Collins Startup list [LPtask] Number=5864 Confirmed=U Filename=lptask.exe Description=Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted Source=Paul Collins Startup list [LRBZ Utility 32] Number=5865 Confirmed=X Filename=lrbz32.exe Description=Added by the AGOBOT-JQ WORM! Source=Paul Collins Startup list [LS120 Superdisk] Number=5866 Confirmed=N Filename=?? Description=Supposed to accelerate transfer rate on LS-120, contributes to system lockups Source=Paul Collins Startup list [LSA] Number=5867 Confirmed=X Filename=wfdmgr.exe Description=Added by the MYTOB.C WORM! Source=Paul Collins Startup list [LSA] Number=5868 Confirmed=X Filename=lsa.exe Description=Added by the SDBOT-YV WORM! Source=Paul Collins Startup list [LSA] Number=5869 Confirmed=X Filename=msdn.exe Description=Added by an unidentified malware Source=Paul Collins Startup list [LSA Service] Number=5870 Confirmed=X Filename=LSASS.exe Description=Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [lsa Services] Number=5871 Confirmed=X Filename=lsa2srv.exe Description=Added by the TAME-C WORM! Source=Paul Collins Startup list [LSA Shell (Export Version)] Number=5872 Confirmed=X Filename=LSASS.exe Description=Added by several variants of the AHKER WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [LSA Shellu] Number=5873 Confirmed=X Filename=lsass.exe Description=Detected by Symantec as the SILLYFDC WORM! See here. Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [LsaManager] Number=5874 Confirmed=X Filename=lsamgr.exe Description=Added by the BEAGLE.DR WORM! Source=Paul Collins Startup list [lsas] Number=5875 Confirmed=X Filename=lsas.exe Description=Added by the BIGFAIRY-C WORM! Source=Paul Collins Startup list [lsass] Number=5876 Confirmed=X Filename=lsass.exe Description=Added by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Debug\UserMode subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [lsass] Number=5877 Confirmed=X Filename=start.bat Description=Added by the ZCREW TROJAN! Source=Paul Collins Startup list [lsass] Number=5878 Confirmed=X Filename=[path to lsass.exe] Description=Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [lsass] Number=5879 Confirmed=X Filename=lsasrv.exe Description=Added by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS! Source=Paul Collins Startup list [Lsass] Number=5880 Confirmed=X Filename=woekd.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [lsass] Number=5881 Confirmed=X Filename=elite***32.exe Description=EliteBar adware Source=Paul Collins Startup list [Lsass] Number=5882 Confirmed=X Filename=Lsass.exe Description=Added by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Lsass] Number=5883 Confirmed=X Filename=Lsass.exe Description=Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder Source=Paul Collins Startup list [LsasS] Number=5884 Confirmed=X Filename=Sygate.exe Description=Added by the SDBOT.BCA WORM! Source=Paul Collins Startup list [Lsass] Number=5885 Confirmed=X Filename=kavmm.exe Description=Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files Source=Paul Collins Startup list [Lsass] Number=5886 Confirmed=X Filename=LSASS.EXE Description=Added by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [LSASS 32] Number=5887 Confirmed=X Filename=ISASS32.pif Description=Added by the ASSIRAL-C WORM! Source=Paul Collins Startup list [LSASS Authority] Number=5888 Confirmed=X Filename=lshosts32.exe Description=Added by the SDBOT-UY TROJAN! Source=Paul Collins Startup list [LSASS Authority] Number=5889 Confirmed=X Filename=lsvhosts.exe Description=Added by the SDBOT.BCE WORM! Source=Paul Collins Startup list [LSASS Daemon] Number=5890 Confirmed=X Filename=LSASSd.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [lsass service] Number=5891 Confirmed=X Filename=lsass2.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [lsass16] Number=5892 Confirmed=X Filename=lsass16.exe Description=Added by the BANKER-BXX TROJAN! Source=Paul Collins Startup list [lsass2k Update] Number=5893 Confirmed=X Filename=lsass2k.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [LSASS32] Number=5894 Confirmed=X Filename=Isass32.exe Description=Added by the KELVIR.M WORM! Source=Paul Collins Startup list [lsass32] Number=5895 Confirmed=X Filename=lsass32.exe Description=Added by the LYDRA-B TROJAN! Source=Paul Collins Startup list [lsass64BiT.exe] Number=5896 Confirmed=X Filename=lsass64BiT.exe Description=Added by the FORBOT-CK WORM! Source=Paul Collins Startup list [lsassig] Number=5897 Confirmed=X Filename=lsassig.exe Description=Added by the BANCOS-EC TROJAN! Source=Paul Collins Startup list [lsasss] Number=5898 Confirmed=X Filename=lsasss.exe Description=Added by the GEEKMY-A TROJAN! Source=Paul Collins Startup list [lsasss.exe] Number=5899 Confirmed=X Filename=lsasss.exe Description=Added by the SASSER.E WORM! Source=Paul Collins Startup list [lsburnwatcher] Number=5900 Confirmed=Y Filename=lsburnwatcher.exe Description=HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting Source=Paul Collins Startup list [LSBWatcher] Number=5901 Confirmed=Y Filename=lsburnwatcher.exe Description=HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting Source=Paul Collins Startup list [lsess] Number=5902 Confirmed=X Filename=lsess.exe Description=Added by the SINNAKA.A WORM! Source=Paul Collins Startup list [lsmass] Number=5903 Confirmed=X Filename=lsmass.exe Description=Added by the WALLOP-B TROJAN! Source=Paul Collins Startup list [lsmss.exe] Number=5904 Confirmed=X Filename=lsmss.exe Description=Added by the PROXY-GG TROJAN! Source=Paul Collins Startup list [LSPFix] Number=5905 Confirmed=U Filename=LSPmonitor.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [lspins] Number=5906 Confirmed=X Filename=igps.exe Description=Reported as the VB.KC TROJAN by Kapersky Anti-Virus Source=Paul Collins Startup list [LSPmonitor] Number=5907 Confirmed=U Filename=LSPmonitor.exe Description=eAcceleration Stop-Sign security software related. Previously not recommended, see here Source=Paul Collins Startup list [lssass] Number=5908 Confirmed=X Filename=lssas.exe Description=Added by the AGOBOT.RL WORM! Source=Paul Collins Startup list [LSvr] Number=5909 Confirmed=X Filename=LSvr.exe Description=PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here Source=Paul Collins Startup list [LT DAEMON] Number=5910 Confirmed=Y Filename=ltdaemon.exe Description=Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used Source=Paul Collins Startup list [LTCISI] Number=5911 Confirmed=X Filename=ltcisi.exe Description=Added by the DELBOT-AP WORM! Source=Paul Collins Startup list [LtcyCfgApply] Number=5912 Confirmed=U Filename=LtcyCfg.exe Description=PCI Latency Tool - "Utility to set PCI Latency and possibly prevent game stutter or improve FPS" for older AGP/PCI graphics cards Source=Paul Collins Startup list [LTDMgr] Number=5913 Confirmed=X Filename=LTDMgr.exe Description=PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here Source=Paul Collins Startup list [LTM2] Number=5914 Confirmed=X Filename=MSGSRV32.EXE Description=Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System Source=Paul Collins Startup list [LTM2] Number=5915 Confirmed=X Filename=MPGSRV32.EXE Description=Added by the LITMUS.201 TROJAN! Source=Paul Collins Startup list [LTM2] Number=5916 Confirmed=X Filename=MSGSRV320.EXE Description=Added by the LITMUS.C TROJAN! Source=Paul Collins Startup list [LTM2] Number=5917 Confirmed=X Filename=winupdate.exe Description=Added by the LITMUS.203 TROJAN! Source=Paul Collins Startup list [LTM2] Number=5918 Confirmed=X Filename=bible.exe Description=Added by the LITMUS.203 TROJAN! Source=Paul Collins Startup list [LTM2] Number=5919 Confirmed=X Filename=winscan.exe Description=Added by the LITMUS-B TROJAN! Source=Paul Collins Startup list [LTM2] Number=5920 Confirmed=X Filename=lssas.exe Description=Added by a variant of the LITMUS TROJAN! Source=Paul Collins Startup list [LTM2] Number=5921 Confirmed=X Filename=MSGSSV32.EXE Description=Added by the FC.C TROJAN! Source=Paul Collins Startup list [LTM2] Number=5922 Confirmed=X Filename=msns6 Description=Added by the LITMUS.C TROJAN! Source=Paul Collins Startup list [LTM2] Number=5923 Confirmed=X Filename=RundlI.exe Description=Added by the MULTIDRP.BG TROJAN! Source=Paul Collins Startup list [LTM2] Number=5924 Confirmed=X Filename=SVCHOST32.exe Description=Added by the LITMUS.203B TROJAN! Source=Paul Collins Startup list [LTM2] Number=5925 Confirmed=X Filename=SVCHOST?.exe Description=Added by the DROPPERFL.A TROJAN! Source=Paul Collins Startup list [LTM2] Number=5926 Confirmed=X Filename=winvers16.exe Description=Added by the SMALL.ND TROJAN! Source=Paul Collins Startup list [LtMoh] Number=5927 Confirmed=U Filename=Ltmoh.exe Description=Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet Source=Paul Collins Startup list [LTMSG] Number=5928 Confirmed=Y Filename=ltmsg.exe Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information Source=Paul Collins Startup list [Lto Manager] Number=5929 Confirmed=Y Filename=DesktopLtoManager.exe Description=Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others Source=Paul Collins Startup list [LTSMMSG] Number=5930 Confirmed=N Filename=LTSMMSG.exe Description=Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too Source=Paul Collins Startup list [LTSMSG] Number=5931 Confirmed=X Filename=Shell32.exe Description=Added by the LEMIR.B TROJAN! Source=Paul Collins Startup list [ltssvc] Number=5932 Confirmed=X Filename=rundll32.exe ltssvc.dll,start Description=Added by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System% Source=Paul Collins Startup list [LTT2] Number=5933 Confirmed=X Filename=rundll32.exe Description=Added by the LINEAGE-BI TROJAN! Source=Paul Collins Startup list [LTWinModem1] Number=5934 Confirmed=Y Filename=ltmsg.exe Description=One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information Source=Paul Collins Startup list [ltwob] Number=5935 Confirmed=X Filename=formatsys.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [ltwob] Number=5936 Confirmed=X Filename=msmbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [ltwob] Number=5937 Confirmed=X Filename=serbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [LUGuard] Number=5938 Confirmed=U Filename=LUGuard.exe Description=PC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet Source=Paul Collins Startup list [lup] Number=5939 Confirmed=X Filename=lup.exe Description=Added by the IRCBOT_GEN WORM! Source=Paul Collins Startup list [Lusetup] Number=5940 Confirmed=Y Filename=LUSetup.exe Description=Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot Source=Paul Collins Startup list [LVComs] Number=5941 Confirmed=U Filename=lvcoms.exe Description=Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera Source=Paul Collins Startup list [LVCOMSX] Number=5942 Confirmed=N Filename=LVCOMSX.EXE Description=It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky Source=Paul Collins Startup list [LWBKEYBOARD] Number=5943 Confirmed=U Filename=KbdAp32A.exe Description=Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard Source=Paul Collins Startup list [LWBMOUSE] Number=5944 Confirmed=U Filename=lwbwheel.exe Description=Mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [LWBMOUSE] Number=5945 Confirmed=U Filename=MOUSE32A.EXE Description=Mouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse Source=Paul Collins Startup list [Lwinst Run Profiler] Number=5946 Confirmed=N Filename=lwtest.exe Description=Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs Source=Paul Collins Startup list [lwjcjuti.exe] Number=5947 Confirmed=X Filename=lwjcjuti.exe Description=Added by the DWNLDR-GTQ TROJAN! Source=Paul Collins Startup list [lxamsp32] Number=5948 Confirmed=Y Filename=lxamsp32.exe Description=Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work Source=Paul Collins Startup list [LXbbmgr] Number=5949 Confirmed=? Filename=LXbbmgr.exe Description=Lexmark printer button manager? Is it required? Source=Paul Collins Startup list [LXBLKsk] Number=5950 Confirmed=? Filename=LXBLKsk.exe Description=Lexmark related. What does it do, and is it required? Source=Paul Collins Startup list [lxbrbmgr] Number=5951 Confirmed=U Filename=lxbrbmgr.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [LXBRKsk] Number=5952 Confirmed=? Filename=LXBRKsk.exe Description=Lexmark printer related. What does it do and is it required? Source=Paul Collins Startup list [LXBSCATS] Number=5953 Confirmed=Y Filename=rundll32 [path] LXBStime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXBTCATS] Number=5954 Confirmed=Y Filename=rundll32 [path] LXBTtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXBUCATS] Number=5955 Confirmed=Y Filename=rundll32 [path] LXBUtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxbumon.exe] Number=5956 Confirmed=U Filename=lxbumon.exe Description=Lexmark 6200 Series printer device monitor Source=Paul Collins Startup list [LXBXCATS] Number=5957 Confirmed=Y Filename=rundll32 [path] LXBXtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxbxmon.exe] Number=5958 Confirmed=U Filename=lxbxmon.exe Description=Lexmark 7100 Series printer device monitor Source=Paul Collins Startup list [LXBYCATS] Number=5959 Confirmed=Y Filename=rundll32 [path] LXBYtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxbymon.exe] Number=5960 Confirmed=U Filename=lxbymon.exe Description=Lexmark P910 Series printer device monitor Source=Paul Collins Startup list [LXCCCATS] Number=5961 Confirmed=Y Filename=rundll32 [path] LXCCtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxccmon.exe] Number=5962 Confirmed=U Filename=lxccmon.exe Description=Lexmark 3300 Series printer device monitor Source=Paul Collins Startup list [LXCDCATS] Number=5963 Confirmed=U Filename=rundll32 [path] LXCDtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXCECATS] Number=5964 Confirmed=Y Filename=rundll32 [path] LXCEtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXCFCATS] Number=5965 Confirmed=Y Filename=rundll32 [path] LXCFtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXCGCATS] Number=5966 Confirmed=Y Filename=rundll32 [path] LXCGtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxcgmon.exe] Number=5967 Confirmed=U Filename=lxcgmon.exe Description=Lexmark 2300 Series printer device monitor Source=Paul Collins Startup list [LXCJCATS] Number=5968 Confirmed=Y Filename=rundll32 [path] LXCJtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [LXCQCATS] Number=5969 Confirmed=Y Filename=rundll32 [path] LXCQtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxcqmon.exe] Number=5970 Confirmed=U Filename=lxcqmon.exe Description=Lexmark 9300 Series printer device monitor Source=Paul Collins Startup list [LXCRCATS] Number=5971 Confirmed=Y Filename=rundll32 [path] LXCRtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxcrmon.exe] Number=5972 Confirmed=U Filename=lxcrmon.exe Description=Lexmark 2400 Series printer device monitor Source=Paul Collins Startup list [LXCTCATS] Number=5973 Confirmed=Y Filename=rundll32 [path] LXCTtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxctmon.exe] Number=5974 Confirmed=U Filename=lxctmon.exe Description=Lexmark 5400 Series printer device monitor Source=Paul Collins Startup list [LXCYCATS] Number=5975 Confirmed=Y Filename=rundll32 [path] LXCYtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxcymon.exe] Number=5976 Confirmed=U Filename=lxcymon.exe Description=Lexmark 3400 Series printer device monitor Source=Paul Collins Startup list [lxdcamon] Number=5977 Confirmed=U Filename=lxdcamon.exe Description=Lexmark 1300 Series printer device monitor Source=Paul Collins Startup list [LXDCCATS] Number=5978 Confirmed=Y Filename=rundll32 [path] LXDCtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details Source=Paul Collins Startup list [lxdcmon.exe] Number=5979 Confirmed=U Filename=lxdcmon.exe Description=Lexmark 1300 Series printer device monitor Source=Paul Collins Startup list [lxddamon] Number=5980 Confirmed=U Filename=lxddamon.exe Description=Lexmark 2500 Series printer device monitor Source=Paul Collins Startup list [lxddmon.exe] Number=5981 Confirmed=U Filename=lxddmon.exe Description=Lexmark 2500 Series printer device monitor Source=Paul Collins Startup list [lxdiamon] Number=5982 Confirmed=U Filename=lxdiamon.exe Description=Lexmark 3500-4500 Series printer device monitor Source=Paul Collins Startup list [LXDICATS] Number=5983 Confirmed=Y Filename=rundll32 [path] LXDItime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxdimon.exe] Number=5984 Confirmed=U Filename=lxdimon.exe Description=Lexmark 3500-4500 Series printer device monitor Source=Paul Collins Startup list [lxdjamon] Number=5985 Confirmed=U Filename=lxdjamon.exe Description=Lexmark 1400 Series printer device monitor Source=Paul Collins Startup list [LXDJCATS] Number=5986 Confirmed=U Filename=rundll32 [path] LXDJtime.dll, _RunDLLEntry@16 Description=Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll) Source=Paul Collins Startup list [lxdjmon.exe] Number=5987 Confirmed=U Filename=lxdjmon.exe Description=Lexmark 1400 Series printer device monitor Source=Paul Collins Startup list [lxdwamon] Number=5988 Confirmed=U Filename=lxdwamon.exe Description=Lexmark 7600 Series printer device monitor Source=Paul Collins Startup list [lxdwmon.exe] Number=5989 Confirmed=U Filename=lxdwmon.exe Description=Lexmark 7600 Series printer device monitor Source=Paul Collins Startup list [LXSUPMON] Number=5990 Confirmed=N Filename=LXSUPMON.EXE Description=Lexmark printer related. The printer should work fine without it but what does it do? Source=Paul Collins Startup list [lycosInside] Number=5991 Confirmed=? Filename=Lyc_SysTray.exe Description=Lycos eMail related - what does it do and is it required? Source=Paul Collins Startup list [LyraHD2TrayApp] Number=5992 Confirmed=U Filename=LYRAHD2TrayApp.exe Description=Related to RCA Lyra MP3 Player Source=Paul Collins Startup list [LzioMediaUpdater] Number=5993 Confirmed=X Filename=LzioMediaUpdater.exe Description=LZIO.com adware downloader Source=Paul Collins Startup list [M Player Post Installer] Number=5994 Confirmed=? Filename=postinstallm.exe Description=?? Source=Paul Collins Startup list [M S DVD DirectX Dll Drivers] Number=5995 Confirmed=X Filename=msxdl.exe Description=Added by the SDBOT-BJN WORM! Source=Paul Collins Startup list [M-Audio Delta Taskbar Icon] Number=5996 Confirmed=N Filename=DeltTray.exe Description=M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel Source=Paul Collins Startup list [M-Audio MobilePre Control Panel Launcher] Number=5997 Confirmed=U Filename=MPTask.exe Description=Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio Source=Paul Collins Startup list [M-Audio Taskbar Icon] Number=5998 Confirmed=U Filename=DeltaIITray.exe Description=System Tray access to the Delta Control Panel for the M-Audio Delta series of PCI audio cards Source=Paul Collins Startup list [M-soft Office] Number=5999 Confirmed=X Filename=M-soft Office.hta Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Source=Paul Collins Startup list [M1cr0s0ft S3rcurity] Number=6000 Confirmed=X Filename=systemconfig.exe Description=Added by the RBOT.BKB WORM! Source=Paul Collins Startup list [M1cr0s0ft Upd4t4zS] Number=6001 Confirmed=X Filename=update32.exe Description=Added by the RBOT-MI WORM! Source=Paul Collins Startup list [m32info] Number=6002 Confirmed=X Filename=m32info.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [M3Development_WhenUSave_Installer] Number=6003 Confirmed=X Filename=M3Development_WhenUSave_Installer.exe Description=WhenU.Save adware Source=Paul Collins Startup list [M3Tray] Number=6004 Confirmed=N Filename=m3tray.exe Description=Movielink - internet movie rental System Tray access Source=Paul Collins Startup list [MAAgent] Number=6005 Confirmed=U Filename=MAAgent.exe Description=Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc Source=Paul Collins Startup list [MacDrive] Number=6006 Confirmed=U Filename=MacDrive.exe Description=MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [MacDrive application] Number=6007 Confirmed=U Filename=MacDrive.exe Description=MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Source=Paul Collins Startup list [MacDrive7.0.4TimeOutPatch] Number=6008 Confirmed=? Filename=TimeOutPatch.EXE Description=Part of MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Interim patch for an older version? Is it no longer required? Source=Paul Collins Startup list [Macfee Security Patch] Number=6009 Confirmed=X Filename=Mpfsheild.exe Description=Added by the RBOT-NP WORM! Source=Paul Collins Startup list [Machine Debug Manager] Number=6010 Confirmed=U Filename=mdm.exe Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See here to disable Source=Paul Collins Startup list [Machine Debug Manager] Number=6011 Confirmed=X Filename=msdn.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Machine Update Soft] Number=6012 Confirmed=X Filename=wusas.exe Description=Added by an unidfentified WORM! Source=Paul Collins Startup list [machine-debugger] Number=6013 Confirmed=X Filename=WMIPRVSW.exe Description=Added by the AGOBOT.U WORM! Source=Paul Collins Startup list [MachineTest] Number=6014 Confirmed=X Filename=CMagesta.exe Description=Added by the SDBOT TROJAN! Source=Paul Collins Startup list [mackfy.exe] Number=6015 Confirmed=X Filename=msms.exe Description=Added by the SDBOT-DID WORM! Source=Paul Collins Startup list [MacLic] Number=6016 Confirmed=N Filename=MacLic.exe Description=Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks Source=Paul Collins Startup list [MacLicense] Number=6017 Confirmed=N Filename=MacLic.exe Description=Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks Source=Paul Collins Startup list [MacName] Number=6018 Confirmed=N Filename=MacName.exe Description=Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks Source=Paul Collins Startup list [Macromedia 8] Number=6019 Confirmed=X Filename=Flash Player.exe Description=Added by the JAMBU-A WORM! Source=Paul Collins Startup list [Macromedia Critical Updater] Number=6020 Confirmed=X Filename=rarww.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Macromedia Dreamweaver XM] Number=6021 Confirmed=X Filename=macdwXM.exe Description=Added by the AGOBOT-RI WORM! Source=Paul Collins Startup list [Macromedia Drive] Number=6022 Confirmed=X Filename=Iexplor32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Macromedia Flash Update] Number=6023 Confirmed=X Filename=scvhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [MACVNTFY] Number=6024 Confirmed=U Filename=MACVNTFY.EXE Description=Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [MAD.EXE] Number=6025 Confirmed=Y Filename=MAD.EXE Description=MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? Source=Paul Collins Startup list [MadExe] Number=6026 Confirmed=N Filename=LaunchRA.exe Description=Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail" Source=Paul Collins Startup list [MAFWTaskbarApp] Number=6027 Confirmed=U Filename=MAFWTray.exe Description=Drivers for the M-Audio Firewire Audiophile - Interface Source=Paul Collins Startup list [Magentic] Number=6028 Confirmed=U Filename=Magentic.exe Description=Magentic by Incredimail - wallpaper/screensaver manager Source=Paul Collins Startup list [MagicDisc] Number=6029 Confirmed=U Filename=MagicDisc.exe Description=MagicISO - "very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs" Source=Paul Collins Startup list [MagicDsk] Number=6030 Confirmed=U Filename=MAGICDSK.EXE Description=Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons Source=Paul Collins Startup list [MagicKeyboard] Number=6031 Confirmed=U Filename=PreMKBD.exe Description=Related to Samsung laptops. Provides ability to program keys to perform specific functions Source=Paul Collins Startup list [MagicLinker3] Number=6032 Confirmed=U Filename=Tppaldr.exe Description=Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed Source=Paul Collins Startup list [Magitime] Number=6033 Confirmed=N Filename=Magitime.exe Description=Magitime - connection tracking utility which monitors online time, expense, data transfer Source=Paul Collins Startup list [mahmud] Number=6034 Confirmed=X Filename=mahmud.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [Mail.com] Number=6035 Confirmed=? Filename=mcalert.exe Description=Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived? Source=Paul Collins Startup list [MailBell] Number=6036 Confirmed=U Filename=mailbell.exe Description=MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) Source=Paul Collins Startup list [Mailbox Verifier] Number=6037 Confirmed=U Filename=mboxvrfy.exe Description=Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) Source=Paul Collins Startup list [MailCleaner] Number=6038 Confirmed=U Filename=MAILCLEANER.EXE Description=MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [mailman.exe] Number=6039 Confirmed=X Filename=mailman.exe Description=Added by the CERTIF-E TROJAN! Source=Paul Collins Startup list [MailScan Dispatcher] Number=6040 Confirmed=Y Filename=Launch.exe Description=MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned Source=Paul Collins Startup list [Mail_Check] Number=6041 Confirmed=X Filename=Mail_Check.exe Description=Added by the PANOIL.C WORM! Source=Paul Collins Startup list [MAIN] Number=6042 Confirmed=U Filename=main.exe Description=SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan Source=Paul Collins Startup list [Main Executable (HP)] Number=6043 Confirmed=? Filename=HP05T0R5.exe Description=HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? Source=Paul Collins Startup list [main16] Number=6044 Confirmed=X Filename=main16.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [main32] Number=6045 Confirmed=X Filename=main32.exe Description=Added by the CRYPTER.A TROJAN! Source=Paul Collins Startup list [MainStart] Number=6046 Confirmed=X Filename=svcmfte32.exe Description=Added by the STINX-A TROJAN! Source=Paul Collins Startup list [mainviewex] Number=6047 Confirmed=X Filename=mainviewex.exe Description=Added by the GEMA.D TROJAN! Source=Paul Collins Startup list [main_module] Number=6048 Confirmed=X Filename=drvmmx32.exe Description=Added by the DILA TROJAN! Source=Paul Collins Startup list [Major Microsoft Windows Driver Boot loader] Number=6049 Confirmed=X Filename=bpool.exe Description=Added by the MYTOB.AJ WORM! Source=Paul Collins Startup list [Malware Sweeper] Number=6050 Confirmed=U Filename=MalSwep.exe Description=Malware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs" Source=Paul Collins Startup list [Malware-Wipe] Number=6051 Confirmed=X Filename=Malware-Wipe.exe Description=Malware remover - not recommended, see here Source=Paul Collins Startup list [Malware-Wiped] Number=6052 Confirmed=X Filename=Malware-Wiped.exe Description=Malware remover - not recommended, see here Source=Paul Collins Startup list [MalwareAlarm] Number=6053 Confirmed=X Filename=MalwareAlarm.exe Description=MalwareAlarm malware remover - not recommended, see here Source=Paul Collins Startup list [MalwareBot] Number=6054 Confirmed=X Filename=MalwareBot.exe Description=MalwareBot spyware remover - not recommended, see here Source=Paul Collins Startup list [MalwareCrush] Number=6055 Confirmed=X Filename=MalwareCrush.exe Description=MalwareCrush spyware remover - not recommended, see here Source=Paul Collins Startup list [MalwareStopper] Number=6056 Confirmed=X Filename=MalwareStopper.exe Description=MalwareStopper malware remover - not recommended, see here Source=Paul Collins Startup list [MalwareWipe] Number=6057 Confirmed=X Filename=MalwareWipe.exe Description=MalwareWipe malware remover - not recommended, see here Source=Paul Collins Startup list [MalwareWiped] Number=6058 Confirmed=X Filename=MalwareWiped.exe Description=MalwareWiped malware remover - not recommended, see here Source=Paul Collins Startup list [MalwareWiper] Number=6059 Confirmed=X Filename=MalwareWiper.exe Description=MalwareWiper malware remover - not recommended, see here Source=Paul Collins Startup list [Mamutu Guard] Number=6060 Confirmed=Y Filename=mamutu.exe Description=Manatu from Emsi Software - behaviour based protection that "recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates" Source=Paul Collins Startup list [ManageDesk Lite] Number=6061 Confirmed=U Filename=ManageDesk Lite.exe Description=ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use Source=Paul Collins Startup list [ManageProtocolCtrl] Number=6062 Confirmed=X Filename=csmsv.exe Description=Added by the LOOKSKY.B TROJAN! Source=Paul Collins Startup list [manager] Number=6063 Confirmed=X Filename=manager.exe Description=Detected by Kaspersky as the SMALL.CVT TROJAN! Source=Paul Collins Startup list [Manager Monitor] Number=6064 Confirmed=U Filename=monitor.exe Description=MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices" Source=Paul Collins Startup list [Managment Service] Number=6065 Confirmed=X Filename=[random filename] Description=Added by the RBOT.BIS TROJAN! Source=Paul Collins Startup list [Mania Win Restore] Number=6066 Confirmed=N Filename=RESWIN.EXE Description=Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs Source=Paul Collins Startup list [manrotce] Number=6067 Confirmed=X Filename=manrotce.exe Description=Added by unidentified malware Source=Paul Collins Startup list [Mantis] Number=6068 Confirmed=X Filename=[filename] Description=Added by the MANTIBE VIRUS! Source=Paul Collins Startup list [MapEDC] Number=6069 Confirmed=X Filename=MapEDC.exe Description=Added by the WaveRevenue-McBoo TROJAN! Source=Paul Collins Startup list [MapiDrv] Number=6070 Confirmed=X Filename=mpisvc.exe Description=Added by the MIPSIV TROJAN! Source=Paul Collins Startup list [mapisvc32] Number=6071 Confirmed=X Filename=mapisvc32.exe Description=Added by the KX VIRUS and also recognised by Symantec as FPAI adware Source=Paul Collins Startup list [mark the service] Number=6072 Confirmed=X Filename=xxtra32.exe Description=Added by the SDBOT.APP WORM! Source=Paul Collins Startup list [Martini] Number=6073 Confirmed=X Filename=pinmart.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Mascro soft SDK updates2] Number=6074 Confirmed=X Filename=SDKrepair2.exe Description=Added by the SDBOT.BXM WORM! Source=Paul Collins Startup list [maskrider] Number=6075 Confirmed=X Filename=maskrider2001.vbs Description=Added by the SOLOW-G WORM! Source=Paul Collins Startup list [masqform.exe] Number=6076 Confirmed=U Filename=masqform.exe Description=PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms Source=Paul Collins Startup list [Mass storage check registry] Number=6077 Confirmed=N Filename=rundll32.exe MSDServ.dll, check registry Description=Used with a USB based smartmedia card reader Source=Paul Collins Startup list [Master] Number=6078 Confirmed=X Filename=svcghost.exe Description=Added by the IRCBOT.RB TROJAN! Source=Paul Collins Startup list [Master Card Updaate 32] Number=6079 Confirmed=X Filename=Mastercard32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Master Volume Spy] Number=6080 Confirmed=U Filename=MASTERVOLUMESPY.EXE Description=Volume control for the Gateway Destination "DestiVu" media interface Source=Paul Collins Startup list [MasterBoot Switch] Number=6081 Confirmed=X Filename=popupkill.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Matador] Number=6082 Confirmed=U Filename=mlfbuddy.exe Description=MailFrontier - anti-spam application Source=Paul Collins Startup list [Matador] Number=6083 Confirmed=U Filename=mantispm.exe Description=MailFrontier Desktop (Matador) email spam blocker software Source=Paul Collins Startup list [Matrix Screen Locker] Number=6084 Confirmed=U Filename=matrix.exe Description=Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running Source=Paul Collins Startup list [MatrixScreen] Number=6085 Confirmed=X Filename=[filename] Description=Added by the MATRIXSCREEN TROJAN! Source=Paul Collins Startup list [MatrixScreenSaver] Number=6086 Confirmed=X Filename=mss.exe Description=Unidentified malware Source=Paul Collins Startup list [Matrox Color Control] Number=6087 Confirmed=N Filename=hgcctl95.exe Description=For Matrox video cards. Quick access to changing colors Source=Paul Collins Startup list [Matrox Control Center] Number=6088 Confirmed=N Filename=mgactrl.exe Description=For Matrox video cards. Quick access to settings Source=Paul Collins Startup list [Matrox Diagnostic] Number=6089 Confirmed=N Filename=mgadiag.exe Description=For Matrox video cards. Quick access to diagnostics Source=Paul Collins Startup list [Matrox Powerdesk] Number=6090 Confirmed=N Filename=PDesk.exe Description=For Matrox video cards. Quick access to tweak your card to your liking Source=Paul Collins Startup list [Matrox PowerDesk 8] Number=6091 Confirmed=N Filename=matrox.powerdesk.exe Description="Matrox PowerDesk software provides extra multi-display desktop management controls" Source=Paul Collins Startup list [Matrox QuickDesk] Number=6092 Confirmed=N Filename=mgaqdesk.exe Description=For Matrox video cards. Quick access to tweak your card to your liking Source=Paul Collins Startup list [MAV_check] Number=6093 Confirmed=X Filename=mav_startupmon.exe Description=WinAntiVirus Pro 2007 misleading virus software - not recommended, see here Source=Paul Collins Startup list [MaxAlerts] Number=6094 Confirmed=X Filename=max.exe Description=Bonzi MaxALERT - spyware Source=Paul Collins Startup list [MaxBackSchedule] Number=6095 Confirmed=U Filename=maxbackservice.exe Description=Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start Source=Paul Collins Startup list [MaxBlastMonitor] Number=6096 Confirmed=U Filename=MaxBlastMonitor.exe Description=Maxblast hard drive utility for Maxtor (Seagate) drives Source=Paul Collins Startup list [MaxtorCombo] Number=6097 Confirmed=Y Filename=ComboButton.exe Description=Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) Source=Paul Collins Startup list [MaxtorOneTouch] Number=6098 Confirmed=U Filename=OneTouch.exe Description=Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software Source=Paul Collins Startup list [MaxtorReg] Number=6099 Confirmed=U Filename=AUTOREG.EXE Description=Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of Source=Paul Collins Startup list [MayaPan] Number=6100 Confirmed=Y Filename=MayaPan.Exe Description=Audiotrak Maya soundcard driver Source=Paul Collins Startup list [mb2np] Number=6101 Confirmed=X Filename=[random filename] Description=Added by the IRCBOT.TJ WORM! Source=Paul Collins Startup list [MbarInstall] Number=6102 Confirmed=X Filename=[random filename] Description=Detected by PCTools as Mirar adware. See here Source=Paul Collins Startup list [MBkLogOnHook] Number=6103 Confirmed=U Filename=LogOnHook.exe Description=Related to McAfee Backup from Network Associates Source=Paul Collins Startup list [MBM 4] Number=6104 Confirmed=U Filename=MBM4.exe Description=Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs Source=Paul Collins Startup list [MBM 5] Number=6105 Confirmed=U Filename=MBM5.exe Description=Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs Source=Paul Collins Startup list [MBMon] Number=6106 Confirmed=? Filename=Rundll32 CTMBHA.DLL, MBMon Description=Creative Filter AudioControlMB Module - related to the Creative Audigy line of sound cards. What does it do and is it required? Source=Paul Collins Startup list [MBNet] Number=6107 Confirmed=U Filename=mbnet.exe Description=MBNet (Portugal) Credit Card Processing software Source=Paul Collins Startup list [MBProbe] Number=6108 Confirmed=U Filename=mbrpobe.exe Description=MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs Source=Paul Collins Startup list [mbssm32] Number=6109 Confirmed=U Filename=mbssm32.exe Description=Reported as Micro Bill Systems foistware - but not according to the company themselves, see here Source=Paul Collins Startup list [mbssm32] Number=6110 Confirmed=X Filename=monstu.exe Description=Detected by AVG Antispyware as the AGENT.CNM TROJAN! Source=Paul Collins Startup list [MC] Number=6111 Confirmed=X Filename=wintrims.exe Description=Added by the WINTRIM TROJAN! Source=Paul Collins Startup list [MC] Number=6112 Confirmed=X Filename=MAGICON.EXE Description=Added by the MAGICON.A TROJAN! Source=Paul Collins Startup list [MC] Number=6113 Confirmed=X Filename=N/A Description=Added by the SIMCSS TROJAN! Source=Paul Collins Startup list [MC] Number=6114 Confirmed=X Filename=WINTRIM.EXE Description=Added by the WINTRIM_A TROJAN! Source=Paul Collins Startup list [McAfee] Number=6115 Confirmed=X Filename=McAffeAv.exe Description=Added by the NETSKY.AL WORM! Source=Paul Collins Startup list [mcafee] Number=6116 Confirmed=X Filename=Win32.dll.vbs Description=Added by the CATCHER-B WORM! Source=Paul Collins Startup list [Mcafee Anti Scan] Number=6117 Confirmed=X Filename=NortonScn.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [McAfee Antivirus] Number=6118 Confirmed=X Filename=McAfeeAV.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Mcafee Antivirus Monitoring System326] Number=6119 Confirmed=X Filename=VSStatmn326.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Mcafee Antivirus Monitoring System32mn] Number=6120 Confirmed=X Filename=VSStatmn32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [McAfee Antivirus Protection] Number=6121 Confirmed=X Filename=mcafeeAV.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Mcafee Auto Protect] Number=6122 Confirmed=X Filename=mcafeshield.exe Description=Added by the RBOT-UH WORM! Source=Paul Collins Startup list [McAfee Backup] Number=6123 Confirmed=U Filename=McAfeeDataBackup.exe Description=McAfee Backup from Networks Associates Source=Paul Collins Startup list [McAfee Desktop Firewall Tray] Number=6124 Confirmed=Y Filename=FireTray.exe Description=McAfee Desktop Firewall Source=Paul Collins Startup list [McAfee Firewall] Number=6125 Confirmed=Y Filename=CPD.EXE Description=Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE Source=Paul Collins Startup list [McAfee Guardian] Number=6126 Confirmed=N Filename=CMGRDIAN.EXE Description=McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic Source=Paul Collins Startup list [McAfee Online virus Scanner] Number=6127 Confirmed=X Filename=avp.exe Description=Added by the RBOT-GCV WORM! Not to be confused with AOL's Active Virus Shield (by Kaspersky) Source=Paul Collins Startup list [McAfee Online Virus Scanner] Number=6128 Confirmed=X Filename=nzm.exe Description=Detected by Trend Micro as the IRCBOT.XV TROJAN! See here Source=Paul Collins Startup list [McAfee QuickClean Imonitor] Number=6129 Confirmed=N Filename=Plguni.exe Description=McAfee QuickClean 3.0 - removes internet clutter and unwanted programs Source=Paul Collins Startup list [mcafee Software Intrenet] Number=6130 Confirmed=X Filename=mcafee.exe Description=Added by the RBOT-ATR WORM! Note - this is not a valid McAfee program Source=Paul Collins Startup list [McAfee Windows Protection] Number=6131 Confirmed=X Filename=mcafee32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [McAfee Winguage] Number=6132 Confirmed=N Filename=?? Description=Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs Source=Paul Collins Startup list [McAfee.InstantUpdate.Monitor] Number=6133 Confirmed=U Filename=RuLaunch.exe Description=Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis Source=Paul Collins Startup list [McAfeeFireTray] Number=6134 Confirmed=Y Filename=Firetray.exe Description=McAfee Desktop Firewall Source=Paul Collins Startup list [McAfeeScanPlus] Number=6135 Confirmed=X Filename=McAfeeScanPlus.exe Description=Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder Source=Paul Collins Startup list [McAfeeUpdaterUI] Number=6136 Confirmed=Y Filename=UpdaterUI.exe Description=Associated with McAfee Enterprise 7.0.0. - background process Source=Paul Collins Startup list [McAfeeUpdaterUI] Number=6137 Confirmed=Y Filename=UpdaterUI.exe Description=McAfee common updater user interface Source=Paul Collins Startup list [McAfeeVirusScanService] Number=6138 Confirmed=Y Filename=Avsynmgr.exe Description=From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application Source=Paul Collins Startup list [McAfeeWebscanX] Number=6139 Confirmed=Y Filename=WebScanX.exe Description=From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc Source=Paul Collins Startup list [Mcaffe Antivirus] Number=6140 Confirmed=X Filename=Mcafeescn.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Mcaffee] Number=6141 Confirmed=X Filename=mcsheild.exe Description=Added by the RBOT-FDP WORM! Source=Paul Collins Startup list [McAgentExe] Number=6142 Confirmed=U Filename=mcagent.exe Description=From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed Source=Paul Collins Startup list [Mcappins.exe] Number=6143 Confirmed=Y Filename=mcappins.exe Description=Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled Source=Paul Collins Startup list [mceipww] Number=6144 Confirmed=X Filename=[8 random letters].exe Description=Detected by Kaspersky as the ZHELATIN.EQ WORM! See here Source=Paul Collins Startup list [MChanger] Number=6145 Confirmed=N Filename=MChanger.exe Description=Media Changer - utility that allows you to change wallpapers, sounds, themes, etc Source=Paul Collins Startup list [MCI USB Icon] Number=6146 Confirmed=U Filename=USBIcon.exe Description=MCI USB software used for managing a USB card reader Source=Paul Collins Startup list [McLogLch_exe] Number=6147 Confirmed=N Filename=McLogLch.exe Description=Related to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems Source=Paul Collins Startup list [MCM3] Number=6148 Confirmed=X Filename=mcm3.exe Description=ShopAtHome/SAHagent adware variant Source=Paul Collins Startup list [McRegWiz] Number=6149 Confirmed=? Filename=mcregwiz.exe Description=McAfee antivirus related. What does it do and is it required? Source=Paul Collins Startup list [Mcrosoftr Update] Number=6150 Confirmed=X Filename=Mcrosoftr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [McShld9x] Number=6151 Confirmed=Y Filename=mcshld9x.exe Description=Part of McAfee's Virusscan Online. Must be enabled for scanning to work Source=Paul Collins Startup list [MCTskShd] Number=6152 Confirmed=Y Filename=mctskshd.exe Description=Part of McAfee SecurityCenter. Runs in the background controlling critcal updates and control antivirus related actions. This program is important for the stable and secure running of your computer Source=Paul Collins Startup list [McUpdateExe] Number=6153 Confirmed=U Filename=mcupdate.exe Description=From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions Source=Paul Collins Startup list [McVsRte] Number=6154 Confirmed=Y Filename=mcvsrte.exe Description=Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why Source=Paul Collins Startup list [mcvsshld] Number=6155 Confirmed=Y Filename=mcvsshld.exe Description=McAfee VirusScan On-line. See also the McAgentExe entry Source=Paul Collins Startup list [MCX Update] Number=6156 Confirmed=X Filename=wisp.exe Description=Added by the RBOT-AQH WORM! Source=Paul Collins Startup list [MCX Updte] Number=6157 Confirmed=X Filename=scorti.exe Description=Added by the RBOT-ARP WORM! Source=Paul Collins Startup list [MD IE Plugin] Number=6158 Confirmed=X Filename=md.exe Description=Marketdart spyware Source=Paul Collins Startup list [MD IE Plugin] Number=6159 Confirmed=X Filename=winy.exe Description=Adware Source=Paul Collins Startup list [mdac_runonce] Number=6160 Confirmed=N Filename=runonce.exe Description=Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe". Source=Paul Collins Startup list [MDDiskProtect] Number=6161 Confirmed=U Filename=MDDiskProtect.exe Description=Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [MDDiskProtect.exe] Number=6162 Confirmed=U Filename=MDDiskProtect.exe Description=Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [mdetect] Number=6163 Confirmed=X Filename=[path to trojan] Description=Added by the SPABOT TROJAN! Source=Paul Collins Startup list [MDGetStarted] Number=6164 Confirmed=U Filename=MDGetStarted.exe Description=MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Source=Paul Collins Startup list [MDGetStarted.exe] Number=6165 Confirmed=U Filename=MDGetStarted.exe Description=MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Source=Paul Collins Startup list [Mdm] Number=6166 Confirmed=X Filename=Mdm.vbs Description=Added by the WHITEHO VIRUS or TRAPPY WORM! Source=Paul Collins Startup list [mdm] Number=6167 Confirmed=X Filename=mdm.exe Description=Added by the LYDRA-F TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename Source=Paul Collins Startup list [MDM7] Number=6168 Confirmed=U Filename=mdm.exe Description=Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See here to disable Source=Paul Collins Startup list [Mdmdll] Number=6169 Confirmed=X Filename=mdmdll.exe Description=Added by the CRYPTER TROJAN! Source=Paul Collins Startup list [Mdmdll32] Number=6170 Confirmed=X Filename=mdmdll32.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [MDN] Number=6171 Confirmed=X Filename=MDNS.exe Description=Added by the SPYBOT.JPB WORM! Source=Paul Collins Startup list [MDN] Number=6172 Confirmed=X Filename=MDNZ.exe Description=Added by the RBOT.AQD WORM! Source=Paul Collins Startup list [MDN] Number=6173 Confirmed=X Filename=MDN.exe Description=Added by the RBOT.AOA WORM! Source=Paul Collins Startup list [MDNS] Number=6174 Confirmed=X Filename=service.exe Description=Detected by Symantec as a variant of the Mirar adware Source=Paul Collins Startup list [mds.exe] Number=6175 Confirmed=X Filename=mds.exe Description=Added by the MADS-A TROJAN! Source=Paul Collins Startup list [MDSA Sentinel X] Number=6176 Confirmed=X Filename=smss.exe Description=SentinelX spyware. Note - SentinelX is spyware that logs keystrokes. It also monitors and records Web sites visited and applications used. The risk can capture periodic screen shots and may be configured so as to block access to specific Web sites and chat rooms, must be manually installed. Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "MDSA Software" subfolder of the Program Files folder Source=Paul Collins Startup list [mdwmdmsp] Number=6177 Confirmed=X Filename=mdwmdmsp.exe Description=Adware - detected by Kaspersky as the AGENT.AM TROJAN! Source=Paul Collins Startup list [MECA] Number=6178 Confirmed=N Filename=Meca.exe Description=Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users Source=Paul Collins Startup list [MedGS] Number=6179 Confirmed=X Filename=MEDGS1.exe Description=PacerD_Media/Pacimedia.com adware Source=Paul Collins Startup list [Media Access] Number=6180 Confirmed=X Filename=MediaAccK.exe Description=WindUpdates MediaPass adware Source=Paul Collins Startup list [Media Adapter] Number=6181 Confirmed=X Filename=bitblt.exe Description=Added by the HANSAH-A WORM! Source=Paul Collins Startup list [Media Card Companion Monitor] Number=6182 Confirmed=U Filename=MCC Monitor.exe Description=Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media" Source=Paul Collins Startup list [Media Codec Update Service] Number=6183 Confirmed=U Filename=update.exe Description=Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated Source=Paul Collins Startup list [Media Gateway] Number=6184 Confirmed=X Filename=MediaGateway.exe Description=WindUpdates MediaPass adware Source=Paul Collins Startup list [Media Load] Number=6185 Confirmed=X Filename=msn32.exe Description=Added by a unidentified WORM or TROJAN! Source=Paul Collins Startup list [Media Manager Indexer] Number=6186 Confirmed=U Filename=AIRSVCU.EXE Description=Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database Source=Paul Collins Startup list [Media Pass] Number=6187 Confirmed=X Filename=MediaPassK.exe Description=WindUpdates MediaPass adware Source=Paul Collins Startup list [Media Pass] Number=6188 Confirmed=X Filename=MediaPass.exe Description=WindUpdates MediaPass adware Source=Paul Collins Startup list [Media Player] Number=6189 Confirmed=X Filename=media.exe Description=Added by the FLDMEDIA-A TROJAN! Source=Paul Collins Startup list [Media Player] Number=6190 Confirmed=X Filename=wmplayer.exe Description=Added by the AGOBOT-BM WORM! Source=Paul Collins Startup list [Media Player] Number=6191 Confirmed=X Filename=Sysdll.exe Description=Added by the BANKER-BR TROJAN! Source=Paul Collins Startup list [Media Player] Number=6192 Confirmed=X Filename=Sysnet.exe Description=Added by the BANKER.MW WORM! Source=Paul Collins Startup list [Media Player Update] Number=6193 Confirmed=X Filename=xpsp1mfh.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Media Plug x.1.2] Number=6194 Confirmed=X Filename=msdm.exe Description=Added by the MULDROP.352 VIRUS! Source=Paul Collins Startup list [Media Server] Number=6195 Confirmed=X Filename=msdts.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Media Service] Number=6196 Confirmed=X Filename=msn64.exe Description=Added by the SPYBOT.EV WORM! Source=Paul Collins Startup list [Media service] Number=6197 Confirmed=X Filename=msnmsgxr.exe Description=Added by the SDBOT.TF WORM! Source=Paul Collins Startup list [Media service] Number=6198 Confirmed=X Filename=SYSTEM64.EXE Description=Added by the RBOT.QV WORM! Source=Paul Collins Startup list [Media service] Number=6199 Confirmed=X Filename=notpad.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Media Software UPdater] Number=6200 Confirmed=X Filename=sscs.exe Description=Added by the RBOT-ABE WORM! Source=Paul Collins Startup list [Media Transfer Protocals] Number=6201 Confirmed=X Filename=msstc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Media X Services] Number=6202 Confirmed=X Filename=MSNGRx.exe Description=Added by the RBOT.AUL WORM! Source=Paul Collins Startup list [Media-XP-Service-Pack3] Number=6203 Confirmed=X Filename=msnzx.exe Description=Added by the SDBOT-ACW WORM! Source=Paul Collins Startup list [MEDIA32] Number=6204 Confirmed=X Filename=[path to trojan] Description=Added by the PURSCAN-Z TROJAN! Source=Paul Collins Startup list [MediaButtons] Number=6205 Confirmed=U Filename=MediaButtons.exe Description=Supports the eject button on the front on the Dell Studio Hybrid desktop. If disabled, the user will have to eject the CD/DVD by opening My Computer, right-clicking on the drive and selecting "Eject" from the available options Source=Paul Collins Startup list [MediaFace Integration] Number=6206 Confirmed=N Filename=Sethook.exe Description=Fellowes Neato? cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" Source=Paul Collins Startup list [Mediafour Mac Volume Notifications] Number=6207 Confirmed=U Filename=MACVNTFY.EXE Description=Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [Mediafour MacDrive] Number=6208 Confirmed=U Filename=MacDrive.exe Description=MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Version 6 is not Vista compatible but doesn "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [Mediafour MacDrive] Number=6209 Confirmed=U Filename=MDDiskProtect.exe Description=Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [Mediafour MacDrive] Number=6210 Confirmed=U Filename=MDGetStarted.exe Description=MacDrive 7 from Mediafour Corporation - "enables anyone using Windows Vista, XP, and 2003 Server to seamlessly access Mac disks (HFS/HFS+) of all types, including CDs, DVDs, hard drives, floppy, Zip, Jaz, and more!" Source=Paul Collins Startup list [Mediafour XPlay Tray Notification Icon] Number=6211 Confirmed=U Filename=Xptryicn.exe Description=Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod Source=Paul Collins Startup list [Mediafour XPlay Tray Notification Icon] Number=6212 Confirmed=U Filename=Xptryicn.exe Description=Xplay 2 from Mediafour Corporation - "expands what you can do with any iPod, including the iPhone and touch, and a Windows computer." No longer supported Source=Paul Collins Startup list [MediafourGettingStartedWithMacDrive6] Number=6213 Confirmed=U Filename=MacDrive.exe Description=MacDrive 6 CrossStripe Edition from Mediafour Corporation - "a perfect way to share files between Mac OS and Windows." Unlike the standard version of MacDrive 7, this version is not Vista compatible but does "include support for striped Mac arrays created with ATTO ExpressStripe software." Source=Paul Collins Startup list [MediaKey] Number=6214 Confirmed=U Filename=MediaKey.exe Description=Multimedia keyboard manager. Required if you use the multimedia keys Source=Paul Collins Startup list [MediaLifeService] Number=6215 Confirmed=U Filename=MediaLifeService.exe Description=Related to MediaPlay Cordless Mouse from Logitech Source=Paul Collins Startup list [MediaLoads] Number=6216 Confirmed=X Filename=dw.exe Description=Medialoads adware Source=Paul Collins Startup list [MediaLoads Installer] Number=6217 Confirmed=X Filename=dw.exe Description=Medialoads adware Source=Paul Collins Startup list [MediaMonitor] Number=6218 Confirmed=N Filename=Mediam~1.exe Description=Installed by Smartdisk MVP CD burning software. Software will work fine without it Source=Paul Collins Startup list [mediamotor.exe] Number=6219 Confirmed=X Filename=mmups.exe Description=Added by the AGENT-BY TROJAN! Source=Paul Collins Startup list [MediaPath] Number=6220 Confirmed=X Filename=Proyecto1.exe Description=Added by the GRUEL WORM! Source=Paul Collins Startup list [MediaPath] Number=6221 Confirmed=X Filename=Root.exe Description=Added by the GRUEL WORM! Source=Paul Collins Startup list [MediaPipe P2P Loader] Number=6222 Confirmed=X Filename=mpp2pl.exe Description=MediaPipe peer-to-peer file swapping program also reported as a hijacker Source=Paul Collins Startup list [mediapluscash.exe] Number=6223 Confirmed=X Filename=mediapluscash.exe Description=MediaGateway adware Source=Paul Collins Startup list [MediaRing Talk] Number=6224 Confirmed=N Filename=mrtalk.exe Description=Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs Source=Paul Collins Startup list [MediaXPServicePack] Number=6225 Confirmed=X Filename=mxpsp.exe Description=Added by the SDBOT.CDT WORM! Source=Paul Collins Startup list [media_manager] Number=6226 Confirmed=X Filename=mediaman.exe Description=Mini-Player, IMESH related foistware Source=Paul Collins Startup list [media_stub] Number=6227 Confirmed=X Filename=stub.exe Description=Mini-Player, IMESH related foistware Source=Paul Collins Startup list [MEDIC] Number=6228 Confirmed=U Filename=sprtcmd.exe /P MEDIC Description=Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service Source=Paul Collins Startup list [Medichi] Number=6229 Confirmed=X Filename=medichi.exe Description=Added by the VIRANTIX.B TROJAN! Source=Paul Collins Startup list [Medichi2] Number=6230 Confirmed=X Filename=medichi2.exe Description=Added by the VIRANTIX.B TROJAN! Source=Paul Collins Startup list [MedionVFD] Number=6231 Confirmed=? Filename=MdionLCM.exe Description=Related to Medion Display Information. What does it do and is it required? Source=Paul Collins Startup list [Meeting Connection] Number=6232 Confirmed=X Filename=comsutil.exe Description=Added by the PPDOOR-E TROJAN! Source=Paul Collins Startup list [Meeting Connection] Number=6233 Confirmed=X Filename=wowdache.exe Description=Added by the PPDOOR-D TROJAN! Source=Paul Collins Startup list [Meeting Connection] Number=6234 Confirmed=X Filename=hgakdl32.exe Description=Looks like a variant of the PPDOOR-E TROJAN! Source=Paul Collins Startup list [MegaPanel] Number=6235 Confirmed=U Filename=HSTrans.exe Description=Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen Source=Paul Collins Startup list [meidntpa] Number=6236 Confirmed=? Filename=vqgdpfrs.exe Description=?? Source=Paul Collins Startup list [melg34] Number=6237 Confirmed=X Filename=mdmd.exe Description=Added by an unidentified WORM or TROJAN - see here Source=Paul Collins Startup list [melg3445] Number=6238 Confirmed=X Filename=mdmdd.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [mem32] Number=6239 Confirmed=X Filename=mem32.exe Description=Added by the AGENT-FWF WORM! Source=Paul Collins Startup list [Members area] Number=6240 Confirmed=X Filename=******.exe [* = random digit] Description=Premium rate adult content dialer Source=Paul Collins Startup list [MemConfig] Number=6241 Confirmed=X Filename=SetupIE.com Description=Added by the TAPLAK WORM! Source=Paul Collins Startup list [Memento] Number=6242 Confirmed=N Filename=Memento.exe Description=Memento - simple app to keep text notes on your desktop Source=Paul Collins Startup list [MemMonster] Number=6243 Confirmed=U Filename=memmnstr.exe Description=MemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [MemoKit] Number=6244 Confirmed=U Filename=MK.EXE Description=Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [memory] Number=6245 Confirmed=X Filename=outlookrem.exe Description=Added by the NOPIR.C WORM! Source=Paul Collins Startup list [Memory Allocation Host] Number=6246 Confirmed=X Filename=cihost.exe Description=Detected by Avast as a variant of the IRCBOT-CHZ WORM! Source=Paul Collins Startup list [Memory Allocation Server] Number=6247 Confirmed=Y Filename=wswpd.exe Description=Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work Source=Paul Collins Startup list [Memory Allocation Services] Number=6248 Confirmed=X Filename=cisrv.exe Description=Detected by Trend Micro as the IRCBOT.FC TROJAN! See here Source=Paul Collins Startup list [Memory Check] Number=6249 Confirmed=X Filename=memore.exe Description=Added by the KILLAV.C TROJAN! Source=Paul Collins Startup list [Memory manager] Number=6250 Confirmed=X Filename=himem32.exe Description=Added by the MANCSYN TROJAN! Source=Paul Collins Startup list [Memory Manager] Number=6251 Confirmed=X Filename=memorymanager.pif Description=Added by the DELF-JJ TROJAN! Source=Paul Collins Startup list [Memory relocation service] Number=6252 Confirmed=X Filename=reloc32.exe Description=Added by the RELFEERWORM! Source=Paul Collins Startup list [Memory Service] Number=6253 Confirmed=X Filename=freememory.exe Description=Added by the RBOT.GEN WORM! Source=Paul Collins Startup list [Memory Stick Monitor] Number=6254 Confirmed=N Filename=MSTAT.exe Description=Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer Source=Paul Collins Startup list [Memory Stick Monitor] Number=6255 Confirmed=U Filename=MSstat.exe Description=Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive Source=Paul Collins Startup list [Memory Watcher] Number=6256 Confirmed=X Filename=MemoryWatcher.exe Description=MemoryWatcher spyware Source=Paul Collins Startup list [Memory+] Number=6257 Confirmed=U Filename=tfimemsr.exe Description=Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [MemoryBoost] Number=6258 Confirmed=U Filename=MemoryBoost.exe Description=MemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind Source=Paul Collins Startup list [MemoryCardManager] Number=6259 Confirmed=U Filename=MemCard.exe Description=Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers Source=Paul Collins Startup list [MemoryManager] Number=6260 Confirmed=X Filename=[random name].dll Description=Virtumondo adware related Source=Paul Collins Startup list [MemoryMeter] Number=6261 Confirmed=X Filename=MemoryMeter.exe Description=Autoinstalling spyware by Total Velocity Source=Paul Collins Startup list [MemoryZipperPlus] Number=6262 Confirmed=U Filename=memzip.exe Description=Memory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!" Source=Paul Collins Startup list [memreader.exe] Number=6263 Confirmed=X Filename=memreader.exe Description=Added by the AGOBOT-TY WORM! Source=Paul Collins Startup list [MEMreaload] Number=6264 Confirmed=X Filename=MEMreaload.exe Description=Added by the LAZAR TROJAN! Source=Paul Collins Startup list [MemScanner] Number=6265 Confirmed=X Filename=MemScanner.exe Description=Part of Enigma SpyHunter - not recommended, see note Source=Paul Collins Startup list [MemTurbo] Number=6266 Confirmed=U Filename=memturbo.exe Description=MemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [MenuSnap] Number=6267 Confirmed=N Filename=MenuSnap.exe Description=MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe Source=Paul Collins Startup list [Mercora] Number=6268 Confirmed=N Filename=MercoraClient.exe Description=Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy Policy Source=Paul Collins Startup list [Message Queuing] Number=6269 Confirmed=X Filename=msmqs.exe Description=Added by the FREEFORS TROJAN! Source=Paul Collins Startup list [MessagerStarter Freeserve] Number=6270 Confirmed=N Filename=StartMessager.exe Description=Freeserve Messenger Source=Paul Collins Startup list [Message_Blocker] Number=6271 Confirmed=U Filename=messageblock.exe Description=Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message" Source=Paul Collins Startup list [Messanger] Number=6272 Confirmed=X Filename=trillian.exe Description=Added by the RBOT.CKI WORM! Source=Paul Collins Startup list [Messanger] Number=6273 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [Messanger] Number=6274 Confirmed=X Filename=msgaol.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [Messanger] Number=6275 Confirmed=Y Filename=s_menu.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [Messanger] Number=6276 Confirmed=X Filename=browse.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [Messenger] Number=6277 Confirmed=X Filename=messenger.exe Description=Added by the KUTEX TROJAN! Source=Paul Collins Startup list [Messenger] Number=6278 Confirmed=X Filename=ntsubsys.exe Description=Added by the SDBOT.BGE WORM! Source=Paul Collins Startup list [Messenger] Number=6279 Confirmed=X Filename=Wmsngr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Messenger] Number=6280 Confirmed=Y Filename=SCANMSG.EXE Description=AntiVirus Quick Heal - virus protection Source=Paul Collins Startup list [Messenger Block] Number=6281 Confirmed=X Filename=msngrblock.exe Description=Added by the PATOO WORM! Source=Paul Collins Startup list [Messenger Journel] Number=6282 Confirmed=X Filename=usnsvc.exe Description=Detected by Trend Micro as the RBOT.FKT WORM! See here Source=Paul Collins Startup list [Messenger Protocol] Number=6283 Confirmed=X Filename=netsender.exe Description=Added by the SDBOT-ACC WORM! Source=Paul Collins Startup list [Messenger Service] Number=6284 Confirmed=X Filename=msmsgs.exe Description=Added by the SDBOT-ZB WORM! Source=Paul Collins Startup list [Messenger Service] Number=6285 Confirmed=X Filename=nvhost.exe Description=Added by the JLOK-A WORM! Source=Paul Collins Startup list [Messenger Service Updater] Number=6286 Confirmed=X Filename=svshost.exe Description=Added by the MYTOB.GC WORM! Source=Paul Collins Startup list [Messenger Sharing Control] Number=6287 Confirmed=X Filename=mnwsvc.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Messenger start-up] Number=6288 Confirmed=X Filename=Msgran.exe Description=Added by the GRAMOS WORM! Source=Paul Collins Startup list [Messenger6] Number=6289 Confirmed=X Filename=command.pif Description=Added by the INZAE.B WORM! Source=Paul Collins Startup list [MessengerDiscovery] Number=6290 Confirmed=U Filename=MessengerDiscovery.exe Description=MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseeded by MessengerDiscovery Live - with support added for Windows Live Source=Paul Collins Startup list [MessengerPlus] Number=6291 Confirmed=N Filename=MsgPlus.exe Description=MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! Source=Paul Collins Startup list [MessengerPlus2] Number=6292 Confirmed=N Filename=MsgPlus.exe Description=MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! Source=Paul Collins Startup list [MessengerPlus3] Number=6293 Confirmed=N Filename=MsgPlus.exe Description=MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! Source=Paul Collins Startup list [messengerskinner] Number=6294 Confirmed=X Filename=MessengerSkinner.exe Description=Messenger Skinner malware - uses a rootkit to hide executable files Source=Paul Collins Startup list [messnger] Number=6295 Confirmed=X Filename=[worm filename] Description=Added by the DELODER WORM! Source=Paul Collins Startup list [messnger] Number=6296 Confirmed=X Filename=Dvldr32.exe Description=Added by the DELODER.A WORM! Source=Paul Collins Startup list [Metacafe] Number=6297 Confirmed=N Filename=MetacafeAgent.exe Description=Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy Source=Paul Collins Startup list [MeTaLRoCk (irc.musirc.com) has sex with printers] Number=6298 Confirmed=X Filename=metalrock-is-gay.exe Description=Added by the RANDEX.Q WORM! Source=Paul Collins Startup list [MeuPrograma] Number=6299 Confirmed=X Filename=accwizz.exe Description=Added by the RULAND.A WORM! Source=Paul Collins Startup list [Mfc**.exe [* = random char]] Number=6300 Confirmed=X Filename=Mfc**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Mfc**32.exe [* = random char]] Number=6301 Confirmed=X Filename=Mfc**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [mfgboot] Number=6302 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [mFilter] Number=6303 Confirmed=X Filename=MNeck.exe Description=Added by the CLICKER-AG TROJAN! Source=Paul Collins Startup list [mfin32] Number=6304 Confirmed=X Filename=mfin32.exe Description=MyFreeInternetUpdate - adware downloader Source=Paul Collins Startup list [MFP Server Agent] Number=6305 Confirmed=Y Filename=MFPAgent.exe Description=Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520 Source=Paul Collins Startup list [MGA Hook] Number=6306 Confirmed=? Filename=Mgahook.exe Description=MATROX Graphics card related. What does it do and is it required? Source=Paul Collins Startup list [MGA Quickdesk] Number=6307 Confirmed=N Filename=MGAQDESK.EXE Description=For Matrox video cards. Quick access to tweak your card to your liking Source=Paul Collins Startup list [Mgabg] Number=6308 Confirmed=U Filename=Mgabg.exe Description=Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed Source=Paul Collins Startup list [mgavctrl] Number=6309 Confirmed=Y Filename=mgavrtcl.exe Description=McAfee's Virus Scan Online Source=Paul Collins Startup list [mgavctrl] Number=6310 Confirmed=Y Filename=mgavrte.exe Description=McAfee's Virus Scan Online Source=Paul Collins Startup list [mgavrtclexe] Number=6311 Confirmed=Y Filename=mgavrtcl.exe Description=McAfee's Virus Scan Online Source=Paul Collins Startup list [mgavrtclexe] Number=6312 Confirmed=Y Filename=mgavrte.exe Description=McAfee's Virus Scan Online Source=Paul Collins Startup list [MGA_CD_Install] Number=6313 Confirmed=N Filename=mgasetup.exe Description=Matrox Millennium video driver. Not required once drivers installed Source=Paul Collins Startup list [mgmtapi] Number=6314 Confirmed=X Filename=mgmtapi.exe Description=Unidentified malware Source=Paul Collins Startup list [MHDOGStart] Number=6315 Confirmed=X Filename=mhdogst.EXE Description=Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS Source=Paul Collins Startup list [MHINIT] Number=6316 Confirmed=N Filename=MHINIT.EXE Description=Part of the Cybermedia Clean Sweep package Source=Paul Collins Startup list [mhs3] Number=6317 Confirmed=X Filename=mhs3.exe Description=Added by the PWS-ALZ TROJAN! Source=Paul Collins Startup list [Mi7sft sdce] Number=6318 Confirmed=X Filename=b0yz.exe Description=Added by the RBOT.CWG WORM! Source=Paul Collins Startup list [Mi7sft sdce] Number=6319 Confirmed=X Filename=MNSQ.exe Description=Added by the RBOT.DMU WORM! Source=Paul Collins Startup list [Mi7sft sdce] Number=6320 Confirmed=X Filename=scorti.exe Description=Added by the RBOT.ELC WORM! Source=Paul Collins Startup list [Mickey Mouse Cereal] Number=6321 Confirmed=X Filename=[random filename].exe Description=Added by the RANKY.Q TROJAN! Source=Paul Collins Startup list [Micosoft Data Core] Number=6322 Confirmed=X Filename=runservice.exe Description=Added by the IRCBOT.BK WORM! Source=Paul Collins Startup list [Micosoft Data Core stuff] Number=6323 Confirmed=X Filename=svshosts.exe Description=Added by the RBOT.FZA WORM! Source=Paul Collins Startup list [Micr Update] Number=6324 Confirmed=X Filename=soundblaster.exe Description=Added by the SDBOT.NP WORM! Source=Paul Collins Startup list [Micr Update System] Number=6325 Confirmed=X Filename=upwin.exe Description=Added by the SDBOT.YS WORM! Source=Paul Collins Startup list [Micr0s0ft Ms D0s] Number=6326 Confirmed=X Filename=msdx.exe Description=Added by the RBOT-AON WORM! Source=Paul Collins Startup list [Micr0s0ft Upd4t4z] Number=6327 Confirmed=X Filename=svchost32.exe Description=Added by the RBOT.ALF WORM! Source=Paul Collins Startup list [Micrcoft Exploerer] Number=6328 Confirmed=X Filename=spoolsal.exe Description=Added by the RBOT-AKK WORM! Source=Paul Collins Startup list [Micrcoft Exploerer] Number=6329 Confirmed=X Filename=svchose.exe Description=Added by the RBOT-ASL WORM! Source=Paul Collins Startup list [Micrcoft Updat] Number=6330 Confirmed=X Filename=spoolsae.exe Description=Added by the RBOT-AIB WORM! Source=Paul Collins Startup list [Micrcoft Updat] Number=6331 Confirmed=X Filename=spoolsaex.exe Description=Added by the RBOT-AJM WORM! Source=Paul Collins Startup list [Micrcoft Updat] Number=6332 Confirmed=X Filename=Internet.exe Description=Added by the RBOT-ANA WORM! Source=Paul Collins Startup list [Micrcsoft Certificate Services] Number=6333 Confirmed=X Filename=cflmon.exe Description=Added by the RBOT-FWV WORM! Source=Paul Collins Startup list [Micro CRC Protocol] Number=6334 Confirmed=X Filename=scrc32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Micro Office] Number=6335 Confirmed=X Filename=[path to trojan] Description=Added by the BANCBAN-QC TROJAN! Source=Paul Collins Startup list [Micro Process] Number=6336 Confirmed=X Filename=appconf.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Micro Update] Number=6337 Confirmed=X Filename=dailin.exe Description=Added by the RBOT-ER WORM! Source=Paul Collins Startup list [Microangelo Desktop] Number=6338 Confirmed=N Filename=Muamgr.exe Description=Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system Source=Paul Collins Startup list [microAttuneDownload] Number=6339 Confirmed=N Filename=atmdlusr.exe Description=Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune Source=Paul Collins Startup list [MicroBrew] Number=6340 Confirmed=U Filename=MicroBrew2.exe Description=Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's Source=Paul Collins Startup list [MicroCQ0] Number=6341 Confirmed=X Filename=explorer.exe Description=Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles% Source=Paul Collins Startup list [MicroDialler] Number=6342 Confirmed=U Filename=atdialler1.exe Description=Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered Source=Paul Collins Startup list [MicroedSoft Toolbar] Number=6343 Confirmed=X Filename=Smoked.exe Description=Added by the RBOT-ALN WORM! Source=Paul Collins Startup list [Microfinder lptt01] Number=6344 Confirmed=X Filename=mcf.exe Description=RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Microfinder ml097e] Number=6345 Confirmed=X Filename=mcf.exe Description=RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [Microfot Update] Number=6346 Confirmed=X Filename=winldx32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microft Exploerer] Number=6347 Confirmed=X Filename=spoolsac.exe Description=Added by the RBOT-AMD WORM! Source=Paul Collins Startup list [Microft Update 32] Number=6348 Confirmed=X Filename=winssx.exe Description=Added by the RBOT-AQS WORM! Source=Paul Collins Startup list [MicroLoad] Number=6349 Confirmed=X Filename=[random filename] Description=Added by the DARBY WORM! Source=Paul Collins Startup list [Micromedia Flash Update] Number=6350 Confirmed=X Filename=wdfmrg.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Micromedia Flash Update] Number=6351 Confirmed=X Filename=xptxt.exe Description=Added by the RBOT-GAB WORM! Source=Paul Collins Startup list [Microoft Timing] Number=6352 Confirmed=X Filename=pupdate.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [MICROSFT ANTIVIRUS UPDATE SUPPORT] Number=6353 Confirmed=X Filename=[random 10-letter filename].EXE Description=Added by the RBOT-AQA WORM! Source=Paul Collins Startup list [MICROSFT ANTIVIRUS UPDATE SUPPORT] Number=6354 Confirmed=X Filename=MSGUPDATED.EXE Description=Added by the RBOT-APZ WORM! Source=Paul Collins Startup list [Microsft Conf 32] Number=6355 Confirmed=X Filename=msaconf.exe Description=Added by the RBOT.EYA WORM! Source=Paul Collins Startup list [Microsft Confige 32] Number=6356 Confirmed=X Filename=msaconfigurez.exe Description=Added by the RBOT.CLC WORM! Source=Paul Collins Startup list [Microsft Corporation Version 2001.12.4414] Number=6357 Confirmed=X Filename=comrel.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Microsft Corporation Version 2002.12.2414] Number=6358 Confirmed=X Filename=comserv.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [MICROSFT MX UPDATE SUPPORT] Number=6359 Confirmed=X Filename=taskmngrs.exe Description=Added by the RBOT-AUZ WORM! Source=Paul Collins Startup list [MICROSFT MX UPDATE SUPPORT] Number=6360 Confirmed=N Filename=Timeup.exe Description=TimeUp - internet online timer Source=Paul Collins Startup list [MICROSFT RAMA UPDATE SUPPORT] Number=6361 Confirmed=X Filename=[random filename] Description=Added by the RBOT-ASM or RBOT-AUW WORMS! Source=Paul Collins Startup list [MICROSFT RAMA UPDATE SUPPORT] Number=6362 Confirmed=X Filename=MSN32.EXE Description=Added by the RBOT-AWJ WORM! Source=Paul Collins Startup list [MICROSFT RAMA UPDATE SUPPORT] Number=6363 Confirmed=X Filename=mtakthmyn.EXE Description=Added by the RBOT-AUJ WORM! Source=Paul Collins Startup list [Microsft Remote Procedure Daemon] Number=6364 Confirmed=X Filename=msrpcd.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsft Security Monitor Process] Number=6365 Confirmed=X Filename=cmh.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsft Security Monitor Process] Number=6366 Confirmed=X Filename=mssmppp.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsft Security Monitor Process] Number=6367 Confirmed=X Filename=mssmpp.exe Description=Added by a variant of the RBOT-FUB WORM! Source=Paul Collins Startup list [Microsft Updtes] Number=6368 Confirmed=X Filename=sarvice.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsft Upgraed] Number=6369 Confirmed=X Filename=[random filename].exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsft Windows Adapter 5.1.3013] Number=6370 Confirmed=X Filename=[random filename] Description=Detected by Kaspersky as the SMALL.HIT TROJAN! See here Source=Paul Collins Startup list [microsft windows updates] Number=6371 Confirmed=X Filename=mwupdate32.exe Description=Added by a variant of the TOXBOT/CODBOT WORM! Source=Paul Collins Startup list [Microsof Value] Number=6372 Confirmed=X Filename=nmatt.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsof Windows Host] Number=6373 Confirmed=X Filename=svhost32.exe Description=Added by the RBOT.ADY WORM! Source=Paul Collins Startup list [Microsof Winlog Host] Number=6374 Confirmed=X Filename=wilogon32.exe Description=Added by the RBOT.XC WORM! Source=Paul Collins Startup list [Microsofot x386 System Monitor] Number=6375 Confirmed=X Filename=system32.exe Description=Added by the WOOTBOT.M WORM! Source=Paul Collins Startup list [microsoft] Number=6376 Confirmed=X Filename=svchost.exe Description=Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [microsoft] Number=6377 Confirmed=X Filename=microsoft.hta Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Source=Paul Collins Startup list [Microsoft] Number=6378 Confirmed=X Filename=win32.exe Description=Added by the DARKMOON TROJAN! Source=Paul Collins Startup list [Microsoft] Number=6379 Confirmed=X Filename=iexplore.exe Description=Added by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Microsoft] Number=6380 Confirmed=X Filename=svchost.exe Description=Added by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft] Number=6381 Confirmed=X Filename=wuauclt.exe Description=Added by the QQROB-AQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft] Number=6382 Confirmed=X Filename=guard.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft] Number=6383 Confirmed=X Filename=wcsntfy.exe Description=Added by the AGOBOT-AHT WORM! Source=Paul Collins Startup list [Microsoft] Number=6384 Confirmed=X Filename=ssmss.exe Description=Added by the RBOT-FZF WORM! Source=Paul Collins Startup list [Microsoft] Number=6385 Confirmed=X Filename=lsass.ppf Description=Added by the RBOT-GAA WORM! Source=Paul Collins Startup list [Microsoft] Number=6386 Confirmed=X Filename=msvchost.exe Description=Added by the RBOT-GAW WORM! Source=Paul Collins Startup list [Microsoft] Number=6387 Confirmed=X Filename=mixers.exe Description=Added by the AGOBOT-AHU WORM! Source=Paul Collins Startup list [Microsoft] Number=6388 Confirmed=X Filename=msmsger.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft] Number=6389 Confirmed=X Filename=MSUPDATE.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Microsoft] Number=6390 Confirmed=X Filename=radnom.exe Description=Added by the RBOT-GHO WORM! Source=Paul Collins Startup list [Microsoft] Number=6391 Confirmed=X Filename=rtvcscan.exe Description=Added by the RBOT-GGU WORM! Source=Paul Collins Startup list [Microsoft] Number=6392 Confirmed=X Filename=taskbar.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft] Number=6393 Confirmed=X Filename=updater.exe Description=Added by the RBOT-GHP WORM! Source=Paul Collins Startup list [Microsoft] Number=6394 Confirmed=X Filename=windl32.exe Description=Added by the SDBOT-DCZ WORM! Source=Paul Collins Startup list [Microsoft] Number=6395 Confirmed=X Filename=aim.exe Description=Added by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utility Source=Paul Collins Startup list [Microsoft] Number=6396 Confirmed=X Filename=Explorerr.exe Description=Added by the IRCBOT-WG TROJAN! Source=Paul Collins Startup list [Microsoft] Number=6397 Confirmed=X Filename=kasperskyLive32.exe Description=Added by the RBOT-GRT WORM! Source=Paul Collins Startup list [Microsoft] Number=6398 Confirmed=X Filename=msngerf.exe Description=Added by the RBOT-GLW WORM! Source=Paul Collins Startup list [Microsoft] Number=6399 Confirmed=X Filename=netsrv.exe Description=Added by the RBOT-GOS WORM! Source=Paul Collins Startup list [Microsoft] Number=6400 Confirmed=X Filename=rundll.exe Description=Added by the RBOT-GSJ WORM! Source=Paul Collins Startup list [Microsoft] Number=6401 Confirmed=X Filename=WinSecUp.exe Description=Added by the RBOT-GPL WORM! Source=Paul Collins Startup list [Microsoft] Number=6402 Confirmed=X Filename=wsim32.exe Description=Added by the RBOT-GTL WORM! Source=Paul Collins Startup list [Microsoft] Number=6403 Confirmed=X Filename=wplayer.exe Description=Detected by Kaspersky as the RBOT.DYU TROJAN! See here Source=Paul Collins Startup list [Microsoft] Number=6404 Confirmed=X Filename=Explorer.exe Description=Added by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft] Number=6405 Confirmed=X Filename=install.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft] Number=6406 Confirmed=X Filename=internetdat.exe Description=Detected by Kaspersky as the RBOT.ETY BACKDOOR! See here Source=Paul Collins Startup list [Microsoft] Number=6407 Confirmed=X Filename=ntsvr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft] Number=6408 Confirmed=X Filename=schost.exe Description=Detected by Kaspersky as the RBOT.FEH BACKDOOR! See here Source=Paul Collins Startup list [Microsoft] Number=6409 Confirmed=X Filename=soundvol32.exe Description=Detected by Kaspersky as the RBOT.CIJ BACKDOOR! See here Source=Paul Collins Startup list [Microsoft] Number=6410 Confirmed=X Filename=sqlservice.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft] Number=6411 Confirmed=X Filename=svhost.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft] Number=6412 Confirmed=X Filename=winampaa.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft] Number=6413 Confirmed=X Filename=winline.exe Description=Detected by Kaspersky as the AGENT.KT TROJAN! See here Source=Paul Collins Startup list [Microsoft] Number=6414 Confirmed=X Filename=wplayer.exe Description=Detected by Kaspersky as the RBOT.GHZ BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Associates, Inc.] Number=6415 Confirmed=X Filename=iexplorer.exe Description=Added by the LOVGATE.Z WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Microsoft (C) HTML Application host] Number=6416 Confirmed=X Filename=[random filename] Description=Added by the RBOT-YB WORM! Source=Paul Collins Startup list [Microsoft (R) Windows Configuration Backup Service] Number=6417 Confirmed=X Filename=svchost.exe Description=Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft (R) Windows DLL Loader] Number=6418 Confirmed=X Filename=rundll32.exe Description=Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98\ME) or the System32 folder(NT\2000\XP). This file is located in a "dll" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft (R) Windows Network Latency Controller] Number=6419 Confirmed=X Filename=1.tmp Description=Added by a generic password stealer TROJAN - see here Source=Paul Collins Startup list [Microsoft (R) Windows Network Latency Controller] Number=6420 Confirmed=X Filename=nlc.exe Description=Added by a generic password stealer TROJAN - see here Source=Paul Collins Startup list [Microsoft (R) Windows Network Latency Controller] Number=6421 Confirmed=X Filename=sp2vc.exe Description=Added by a generic password stealer TROJAN - see here Source=Paul Collins Startup list [Microsoft (R) Windows Network Security Management Service] Number=6422 Confirmed=X Filename=nsms.exe Description=Added by the RANKY.LC TROJAN! Source=Paul Collins Startup list [Microsoft (R) Windows Protected Content Restoration Service] Number=6423 Confirmed=X Filename=services.exe Description=Added by the AGENT.AGV TROJAN! Source=Paul Collins Startup list [Microsoft (R) Windows Protocol Deployment Manager] Number=6424 Confirmed=X Filename=[random].tmp Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Microsoft (R) Windows TCP/IP Socket Driver] Number=6425 Confirmed=X Filename=[path to trojan] Description=Added by the PROXY-DD TROJAN! Source=Paul Collins Startup list [Microsoft (R) Windows TCP/IP Socket Layer] Number=6426 Confirmed=X Filename=services.exe Description=Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock Source=Paul Collins Startup list [Microsoft (R) Windows Update Service] Number=6427 Confirmed=X Filename=wuauclt.exe Description=Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] Number=6428 Confirmed=X Filename=nrcs.exe Description=Added by the RANKY.X TROJAN! Source=Paul Collins Startup list [Microsoft .NET Confingurator] Number=6429 Confirmed=X Filename=msnconf.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft 16Bit Update] Number=6430 Confirmed=X Filename=wuapdate16.exe Description=Added by the RBOT.CZ WORM! Source=Paul Collins Startup list [Microsoft 64 Bit Runtime Updater] Number=6431 Confirmed=X Filename=wupdt64.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft ActiveX Debugger NT] Number=6432 Confirmed=X Filename=[path to trojan] Description=Added by the BANCOS-DO TROJAN! Source=Paul Collins Startup list [Microsoft Admin Protocal] Number=6433 Confirmed=X Filename=MSADNIN.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft ADservice] Number=6434 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Agent] Number=6435 Confirmed=X Filename=mdss32.exe Description=Added by the KEYLOG-AG TROJAN! Source=Paul Collins Startup list [Microsoft Agent] Number=6436 Confirmed=X Filename=svch0st.exe Description=Added by the VB-DRO WORM! Source=Paul Collins Startup list [Microsoft ALG32 Protocol] Number=6437 Confirmed=X Filename=alg32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft ALGXP Protocol] Number=6438 Confirmed=X Filename=alg32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft all] Number=6439 Confirmed=X Filename=mmall.exe Description=Wopla.ac malware variant Source=Paul Collins Startup list [Microsoft Announcement Listener] Number=6440 Confirmed=N Filename=Annclist.exe Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it Source=Paul Collins Startup list [Microsoft Ansti Update] Number=6441 Confirmed=X Filename=msie.exe Description=Added by the RBOT-LE WORM! Source=Paul Collins Startup list [Microsoft Anti Virus Controller] Number=6442 Confirmed=X Filename=msavc.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Anti Virus Controller] Number=6443 Confirmed=X Filename=msavc32.exe Description=Detected by Kaspersky as the SDBOT.EPW BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Anti-Spy] Number=6444 Confirmed=X Filename=[random filename] Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft AntiSpyware] Number=6445 Confirmed=X Filename=Bazzi.exe Description=Added by the AHKER.J WORM! Source=Paul Collins Startup list [Microsoft AntiSpyware] Number=6446 Confirmed=X Filename=KT06.pif Description=Added by the IRCBOT.GEN WORM! Source=Paul Collins Startup list [Microsoft AOL Instant Messenger] Number=6447 Confirmed=X Filename=MSAOL32.exe Description=Added by the RBOT-AAI WORM! Source=Paul Collins Startup list [Microsoft AOL32 Protocol] Number=6448 Confirmed=X Filename=aol32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Application Center] Number=6449 Confirmed=X Filename=mappc.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Application Manager] Number=6450 Confirmed=X Filename=msapl32.exe Description=Added by the BROPIA-AE TROJAN! Source=Paul Collins Startup list [Microsoft AUT Update] Number=6451 Confirmed=X Filename=MSlti32.exe Description=Added by the RBOT-X WORM! Source=Paul Collins Startup list [Microsoft AUT Update] Number=6452 Confirmed=X Filename=MSlti16.exe Description=Added by the RBOT.EB WORM! Source=Paul Collins Startup list [Microsoft Authority Service] Number=6453 Confirmed=X Filename=lsass.exe Description=Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft auto update] Number=6454 Confirmed=X Filename=winupdate.exe Description=Added by the BMBOT TROJAN! Source=Paul Collins Startup list [Microsoft Auto Update] Number=6455 Confirmed=X Filename=WINHLP16.EXE Description=Added by the RBOT.GY WORM! Source=Paul Collins Startup list [Microsoft auto update] Number=6456 Confirmed=Y Filename=wuauclt.exe Description=Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Automatic Update Serivce] Number=6457 Confirmed=X Filename=msautou.exe Description=Added by the RBOT-AOB WORM! Source=Paul Collins Startup list [Microsoft Automatic Updater] Number=6458 Confirmed=X Filename=Explorer.exe Description=Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft AutoUpdater] Number=6459 Confirmed=X Filename=svhost.exe Description=Added by the RBOT.QG WORM! Source=Paul Collins Startup list [Microsoft Bool Value] Number=6460 Confirmed=X Filename=MV2.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft boot system cfg32] Number=6461 Confirmed=X Filename=actboost.exe Description=Added by the BROPIA.R WORM! Source=Paul Collins Startup list [Microsoft Broadband Networking] Number=6462 Confirmed=? Filename=sppbridge.exe Description=Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually? Source=Paul Collins Startup list [Microsoft Browser Services] Number=6463 Confirmed=X Filename=Brwsr32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Browser Services] Number=6464 Confirmed=X Filename=Brwsr64.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Cab Manager] Number=6465 Confirmed=X Filename=exec.exe Description=Affilred adware Source=Paul Collins Startup list [Microsoft Cab Manager] Number=6466 Confirmed=X Filename=cab.exe Description=Added by the DELF-JJ TROJAN! Source=Paul Collins Startup list [Microsoft Calculator] Number=6467 Confirmed=X Filename=calc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft checker] Number=6468 Confirmed=X Filename=MsPMSPTv.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Client] Number=6469 Confirmed=X Filename=mshost.exe Description=Added by the RBOT-AND WORM! Source=Paul Collins Startup list [Microsoft Client] Number=6470 Confirmed=X Filename=msclient.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Client Pc] Number=6471 Confirmed=X Filename=spoolsrv.exe Description=Added by the RBOT-AQM WORM! Source=Paul Collins Startup list [Microsoft Client/Server Runtime Server Subsystem] Number=6472 Confirmed=X Filename=csrs.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Client/Server Runtime Server Subsystem] Number=6473 Confirmed=X Filename=csrssa.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Command Line] Number=6474 Confirmed=X Filename=wincmd.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Conf Ldr] Number=6475 Confirmed=X Filename=sysconf.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Microsoft ConfgKeys] Number=6476 Confirmed=X Filename=wurmgrd32.exe Description=Added by the RBOT-ARX WORM! Source=Paul Collins Startup list [Microsoft Config] Number=6477 Confirmed=X Filename=msconf.exe Description=Added by the RBOT.PV WORM! Source=Paul Collins Startup list [Microsoft Config] Number=6478 Confirmed=X Filename=MSCONF.EXE Description=Added by the RBOT-LG WORM! Source=Paul Collins Startup list [Microsoft Config 32] Number=6479 Confirmed=X Filename=msconfigx32.exe Description=Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant Source=Paul Collins Startup list [Microsoft Config 32bit] Number=6480 Confirmed=X Filename=mscnfg32.exe Description=Added by the RBOT-Z WORM! Source=Paul Collins Startup list [Microsoft Config File] Number=6481 Confirmed=X Filename=config.exe Description=Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! Source=Paul Collins Startup list [Microsoft Config Loader] Number=6482 Confirmed=X Filename=msconfig32.exe Description=Added by the AGOBOT.XX WORM! Source=Paul Collins Startup list [Microsoft Config Loader] Number=6483 Confirmed=X Filename=msconf32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Configoration Service] Number=6484 Confirmed=X Filename=msconfigs.exe Description=Added by the RBOT-ETT WORM! Source=Paul Collins Startup list [Microsoft Configs 32] Number=6485 Confirmed=U Filename=Hndsync.exe Description=Pocket Real Estate - mobile synchronization manager Source=Paul Collins Startup list [Microsoft Configuration 35] Number=6486 Confirmed=X Filename=microsot1.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Microsoft Configure 32] Number=6487 Confirmed=X Filename=msgconfigre.exe Description=Added by a variant of the GAOBOT/AGOBOT WORM! Source=Paul Collins Startup list [Microsoft Connection Manager Monitor] Number=6488 Confirmed=X Filename=cmmon.pif Description=Added by the RBOT-AKV WORM! Source=Paul Collins Startup list [Microsoft Control Center] Number=6489 Confirmed=X Filename=crtl.exe Description=Added by the RBOT-VX WORM! Source=Paul Collins Startup list [Microsoft Core Support] Number=6490 Confirmed=X Filename=MSxUP32.exe Description=Added by the RBOT-ANR WORM! Source=Paul Collins Startup list [Microsoft Core Support] Number=6491 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT TROJAN! Source=Paul Collins Startup list [Microsoft Corp SQL Certificates] Number=6492 Confirmed=X Filename=sqlcer.exe Description=Added by the ZYBOT-C WORM! Source=Paul Collins Startup list [Microsoft Corp SSL Certificates] Number=6493 Confirmed=X Filename=windowz.exe Description=Added by the RBOT-GCZ WORM! Source=Paul Collins Startup list [Microsoft Corp TLS Certificates] Number=6494 Confirmed=X Filename=msauth.exe Description=Added by the RBOT-GAC WORM! Source=Paul Collins Startup list [Microsoft Corp Updates] Number=6495 Confirmed=X Filename=wupdates.exe Description=Added by the RBOT-AUU WORM! Source=Paul Collins Startup list [Microsoft Corporaticn SQL Handler] Number=6496 Confirmed=X Filename=sqlhandler.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Corporation] Number=6497 Confirmed=X Filename=[random filename] Description=Added by various VIRUSES, WORMS & TROJANS! Source=Paul Collins Startup list [Microsoft Corporation] Number=6498 Confirmed=X Filename=jview.exe Description=Added by the RBOT-AOD WORM! Source=Paul Collins Startup list [Microsoft Corporation Svchost Service] Number=6499 Confirmed=X Filename=mssvc.exe Description=Added by a variant of the SDBOT WORM! See here Source=Paul Collins Startup list [Microsoft Corporation Svchost Service] Number=6500 Confirmed=X Filename=mswsc.exe Description=Added by the AGENT.MAB TROJAN! Source=Paul Collins Startup list [Microsoft Corporation SYM monitor] Number=6501 Confirmed=X Filename=mssym.exe Description=Added by the RBOT-GDB WORM! Source=Paul Collins Startup list [Microsoft CP Web Manager] Number=6502 Confirmed=X Filename=webcp.exe Description=Added by the IRCBOT.HP TROJAN! Source=Paul Collins Startup list [Microsoft CPU Over Heat Manager] Number=6503 Confirmed=X Filename=CPU.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft CPXP Protocol] Number=6504 Confirmed=X Filename=cpxp.exe Description=Added by the RBOT.ATP WORM! Source=Paul Collins Startup list [Microsoft Critical Services] Number=6505 Confirmed=X Filename=svhhost.exe Description=Added by the AGOBOT-AJA WORM! Source=Paul Collins Startup list [Microsoft Crs Fix Serv] Number=6506 Confirmed=X Filename=wincrs.exe Description=Added by the SDBOT.BWF WORM! Source=Paul Collins Startup list [Microsoft CRT Monitor Manager] Number=6507 Confirmed=X Filename=crtmon.exe Description=Detected by Trend Micro as the ROBOTON.A WORM! See here Source=Paul Collins Startup list [Microsoft CSRSS Service] Number=6508 Confirmed=X Filename=nsmscrs.exe Description=Added by the RBOT-BPT WORM! Source=Paul Collins Startup list [Microsoft CSRSS32 Protocol] Number=6509 Confirmed=X Filename=csrss32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft CSRSS386 Protocol] Number=6510 Confirmed=X Filename=csrss386.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Cvrt] Number=6511 Confirmed=X Filename=mscvrt32.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Data Helper] Number=6512 Confirmed=X Filename=cihost.exe Description=Malware, possibly a variant of the LINST TROJAN Source=Paul Collins Startup list [Microsoft Data Machine] Number=6513 Confirmed=X Filename=csdata32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Database Handler] Number=6514 Confirmed=X Filename=mssql32.exe Description=Added by the RANDEX.AX WORM! Source=Paul Collins Startup list [Microsoft Datalog Application] Number=6515 Confirmed=X Filename=msdata.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft DDE Control] Number=6516 Confirmed=X Filename=wupades.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft DDEs Control] Number=6517 Confirmed=X Filename=Erun.pif Description=Added by the RBOT-AMU WORM! Source=Paul Collins Startup list [Microsoft Debug Service] Number=6518 Confirmed=X Filename=dbgbgr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Decryption Technology] Number=6519 Confirmed=X Filename=Msfenoe.exe Description=Added by the SPYBOT-DG WORM! Source=Paul Collins Startup list [Microsoft Desktop Manager] Number=6520 Confirmed=X Filename=msdesk32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Dev] Number=6521 Confirmed=X Filename=iexplorer32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Development Debugger] Number=6522 Confirmed=X Filename=msdev.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Development Services] Number=6523 Confirmed=X Filename=msdevelop.exe Description=Added by the RBOT-FWS WORM! Source=Paul Collins Startup list [Microsoft Device Manager] Number=6524 Confirmed=X Filename=msdevmgr32.exe Description=Added by the LATEDA.B TROJAN! Source=Paul Collins Startup list [Microsoft Device Manager] Number=6525 Confirmed=X Filename=mscmtl32.exe Description=Detected by Kaspersky as the AGENT.BMQ TROJAN! See here Source=Paul Collins Startup list [Microsoft Device Manager] Number=6526 Confirmed=X Filename=svcswin.exe Description=Added by the IRCBOT-YH TROJAN! Source=Paul Collins Startup list [Microsoft Diagnostic] Number=6527 Confirmed=X Filename=[random filename] Description=Added by the ACEBOT TROJAN! Source=Paul Collins Startup list [Microsoft Diagnostic] Number=6528 Confirmed=X Filename=msdiag32.exe Description=Added by the RBOT-UC WORM! Source=Paul Collins Startup list [Microsoft Digital Clock] Number=6529 Confirmed=X Filename=msclock.exe Description=Added by the NACKBOT-D WORM! Source=Paul Collins Startup list [Microsoft Digital Cryptors] Number=6530 Confirmed=X Filename=mdigits.exe Description=Added by the SDBOT.LM WORM! Source=Paul Collins Startup list [Microsoft DirectX] Number=6531 Confirmed=X Filename=Spoolserv.exe Description=Added by the DINFOR WORM! Source=Paul Collins Startup list [Microsoft DirectX] Number=6532 Confirmed=X Filename=rasmngr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft DirectX] Number=6533 Confirmed=X Filename=PDSched.exe Description=Added by the SDBOT.CN WORM! Source=Paul Collins Startup list [Microsoft DirectX] Number=6534 Confirmed=X Filename=wuamgrd.exe Description=Added by the SDBOT.MY WORM! Source=Paul Collins Startup list [Microsoft DirectX] Number=6535 Confirmed=X Filename=time123.exe Description=Added by the SDBOT.MD WORM! Source=Paul Collins Startup list [Microsoft Directx] Number=6536 Confirmed=X Filename=directxat.exe Description=Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF) Source=Paul Collins Startup list [Microsoft Directx click] Number=6537 Confirmed=X Filename=directxclick.exe Description=Added by a variant of the RBOT-GHT WORM! Source=Paul Collins Startup list [Microsoft Directx clicks] Number=6538 Confirmed=X Filename=directxclickers.exe Description=Added by the RBOT-GHT WORM! Source=Paul Collins Startup list [Microsoft Directx push] Number=6539 Confirmed=X Filename=directxpushup.exe Description=Added by a variant of the RBOT-GHT WORM! Source=Paul Collins Startup list [Microsoft Directxsp] Number=6540 Confirmed=X Filename=directxbt.exe Description=Added by a variant of the RBOT-GHT WORM! Source=Paul Collins Startup list [Microsoft Directxspnew] Number=6541 Confirmed=X Filename=directxnew.exe Description=Added by a variant of the RBOT-GHT WORM! Source=Paul Collins Startup list [Microsoft DirktorWin] Number=6542 Confirmed=X Filename=[random filename] Description=Added by the SPYBOT.GEN3 TROJAN! Source=Paul Collins Startup list [Microsoft Disk Scanner] Number=6543 Confirmed=X Filename=scansdisk.exe Description=Added by the WOOTBOT.DT WORM! Source=Paul Collins Startup list [Microsoft DLL] Number=6544 Confirmed=X Filename=fumeta.exe Description=Added by the RBOT-AUG WORM! Source=Paul Collins Startup list [Microsoft Dll] Number=6545 Confirmed=X Filename=runapidll.exe Description=Added by the RBOT-GRG WORM! Source=Paul Collins Startup list [Microsoft DLL Authentification] Number=6546 Confirmed=X Filename=dllsecure.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft DLL Extensions] Number=6547 Confirmed=X Filename=SystemDll.exe Description=Added by the RBOT-ADV WORM! Source=Paul Collins Startup list [Microsoft dll Host Service] Number=6548 Confirmed=X Filename=wkssr.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft DLL Host Service] Number=6549 Confirmed=X Filename=dllmemhost.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft DLL Host Service] Number=6550 Confirmed=X Filename=svcdllhst.exe Description=Added by the AGENT.EAK TROJAN! Source=Paul Collins Startup list [Microsoft dll Host Service] Number=6551 Confirmed=X Filename=svchost.exe Description=Detected by Kaspersky as the RBOT.BMS WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft DLL Library] Number=6552 Confirmed=X Filename=winlib32.exe Description=Added by the ATNAS.A WORM! Source=Paul Collins Startup list [Microsoft Dll Management] Number=6553 Confirmed=X Filename=windll.exe Description=Added by the RBOT-MT WORM! Source=Paul Collins Startup list [Microsoft Dll Manager] Number=6554 Confirmed=X Filename=microsoft32dll.exe Description=Detected by Trend Micro as the SHEUR.LH TROJAN! See here Source=Paul Collins Startup list [Microsoft DLL Monitor] Number=6555 Confirmed=X Filename=dllmon32.exe Description=Detected by Trend Micro as the AGENT.WP WORM! See here Source=Paul Collins Startup list [Microsoft DLL Monitor] Number=6556 Confirmed=X Filename=dllmon64.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft DLL Monitor] Number=6557 Confirmed=X Filename=dllmonitor.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Dll Printer Manager] Number=6558 Confirmed=X Filename=dllpt.exe Description=Added by the SDBOT.BIH WORM! Source=Paul Collins Startup list [Microsoft DLL Service] Number=6559 Confirmed=X Filename=servicedll.exe Description=Detected by Trend Micro as the RCBOT.OX TROJAN! See here Source=Paul Collins Startup list [Microsoft DLL Service] Number=6560 Confirmed=X Filename=svcdll.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft DLL Source] Number=6561 Confirmed=X Filename=dllsrc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft DLL Verifier] Number=6562 Confirmed=X Filename=file.exe Description=Added by the RBOT-AED WORM! Source=Paul Collins Startup list [Microsoft DLL Verifier] Number=6563 Confirmed=X Filename=chkfile.exe Description=Added by the RBOT-AOC WORM! Source=Paul Collins Startup list [Microsoft DLL Verifier] Number=6564 Confirmed=X Filename=csrssv.exe Description=Added by the RBOT-ATK WORM! Source=Paul Collins Startup list [Microsoft DLL Verifier] Number=6565 Confirmed=X Filename=mscon.exe Description=Added by the SDBOT.EAH WORM! Source=Paul Collins Startup list [Microsoft DLL Verifier] Number=6566 Confirmed=X Filename=winavguard.exe Description=Added by the SDBOT.AAD WORM! Source=Paul Collins Startup list [Microsoft DLLSet32] Number=6567 Confirmed=X Filename=dllset32.exe Description=Added by the RBOT.OZ WORM! Source=Paul Collins Startup list [Microsoft DNS Query] Number=6568 Confirmed=X Filename=msdns.exe Description=Added by a variant of the WOOTBOT WORM! Source=Paul Collins Startup list [Microsoft DNSx] Number=6569 Confirmed=X Filename=mdnex.exe Description=Added by the DELBOT-AI WORM! Source=Paul Collins Startup list [Microsoft Document] Number=6570 Confirmed=X Filename=krisp.exe Description=Added by the SDBOT-RQ WORM! Source=Paul Collins Startup list [Microsoft Domain Controller] Number=6571 Confirmed=X Filename=mstc.exe Description=Added by the NUGACHE.A WORM! Source=Paul Collins Startup list [Microsoft Driver] Number=6572 Confirmed=X Filename=faet.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Driver Control] Number=6573 Confirmed=X Filename=windrv.exe Description=Added by the SDBOT.FW WORM! Source=Paul Collins Startup list [Microsoft Driver Manager] Number=6574 Confirmed=X Filename=mswindrv.exe Description=Added by the FORBOT-EZ WORM! Source=Paul Collins Startup list [Microsoft driver update] Number=6575 Confirmed=X Filename=Mshome.exe Description=Added by the SDBOT.BL WORM! Source=Paul Collins Startup list [Microsoft Drivers] Number=6576 Confirmed=X Filename=WSconf.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft ErgoPack] Number=6577 Confirmed=X Filename=wserb32.exe Description=Added by the RBOT-RI WORM! Source=Paul Collins Startup list [Microsoft EV32 Service] Number=6578 Confirmed=X Filename=MSev32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Event Engine] Number=6579 Confirmed=X Filename=EvtEngn.exe Description=Added by the RBOT-XV WORM! Source=Paul Collins Startup list [Microsoft Excel] Number=6580 Confirmed=X Filename=msexcel.exe Description=Added by the RBOT-TQ WORM! Source=Paul Collins Startup list [Microsoft Excele] Number=6581 Confirmed=X Filename=msmsgs.exe Description=Detected by Kaspersky as the AGENT.XFO TROJAN! See here Source=Paul Collins Startup list [Microsoft Excell] Number=6582 Confirmed=X Filename=wuamngr32.exe Description=Added by the RBOT-QH WORM! Source=Paul Collins Startup list [Microsoft Executing] Number=6583 Confirmed=X Filename=microsoft.exe Description=Added by the AGOBOT.UV WORM! Source=Paul Collins Startup list [Microsoft Explorer] Number=6584 Confirmed=X Filename=svapache.exe Description=Added by the RBOT-VR WORM! Source=Paul Collins Startup list [Microsoft Explorer] Number=6585 Confirmed=X Filename=explorer.scr Description=Added by the RBOT-ADH WORM! Source=Paul Collins Startup list [Microsoft Explorer] Number=6586 Confirmed=X Filename=explorer.pif Description=Added by the SDBOT-ACX WORM! Source=Paul Collins Startup list [Microsoft Explorer] Number=6587 Confirmed=X Filename=explorer.exe Description=Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft Explorer Service] Number=6588 Confirmed=X Filename=msexplore.exe Description=Detected by Kaspersky as the IRCBOT.AYB TROJAN! See here Source=Paul Collins Startup list [Microsoft explorer Update] Number=6589 Confirmed=X Filename=internal.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Explorer2] Number=6590 Confirmed=X Filename=system.exe Description=Added by the IRCBOT.BS TROJAN! Source=Paul Collins Startup list [Microsoft Explorer2] Number=6591 Confirmed=X Filename=nome.exe Description=Added by the RANDEX.AA WORM! Source=Paul Collins Startup list [Microsoft Explorer2] Number=6592 Confirmed=X Filename=bitchbot.exe Description=Added by the SDBOT.EV WORM! Source=Paul Collins Startup list [Microsoft EXPLOREXP Protocol] Number=6593 Confirmed=X Filename=explorexp.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Features] Number=6594 Confirmed=X Filename=ms32cfg.exe Description=Added by the RBOT.HO WORM! Source=Paul Collins Startup list [Microsoft Features] Number=6595 Confirmed=X Filename=msie.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft File Demand Manager] Number=6596 Confirmed=X Filename=wmgrdf.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Find Fast] Number=6597 Confirmed=X Filename=Findfast.exe Description=Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier Source=Paul Collins Startup list [Microsoft Firewall] Number=6598 Confirmed=X Filename=firewallsp2.exe Description=Added by the RBOT-MC WORM! Source=Paul Collins Startup list [MICROSOFT FIREWALL CLIENT] Number=6599 Confirmed=Y Filename=ISATRAY.EXE Description=MS Internet Security and Acceleration Server - see here Source=Paul Collins Startup list [Microsoft FixUp] Number=6600 Confirmed=X Filename=pevblbvr.exe Description=Added by the RBOT.DWK WORM! Source=Paul Collins Startup list [Microsoft FixUp] Number=6601 Confirmed=X Filename=wnpzjpuw.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Games] Number=6602 Confirmed=X Filename=gamemanager.exe Description=Added by the SPYBOT.AHQ WORM! Source=Paul Collins Startup list [Microsoft Generic Update Manager] Number=6603 Confirmed=X Filename=wupdate.exe Description=Added by the RBOT-AWC TROJAN! Source=Paul Collins Startup list [Microsoft Genetic Procress] Number=6604 Confirmed=X Filename=svchost.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Genuine Logon] Number=6605 Confirmed=X Filename=msnmsg.exe Description=Added by the IRCBOT-XH WORM! Source=Paul Collins Startup list [Microsoft Genuine Logon] Number=6606 Confirmed=X Filename=svchost.exe Description=Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [MicroSoft Getway Dire] Number=6607 Confirmed=X Filename=[random filename] Description=Detected by Trend Micro as the IRCBRUTE.AM WORM! See here Source=Paul Collins Startup list [MicroSoft Getway mqbol] Number=6608 Confirmed=X Filename=[12 random letters].exe Description=Detected by Trend Micro as the RBOT.GBA WORM! See here Source=Paul Collins Startup list [Microsoft Gina V Encryption] Number=6609 Confirmed=X Filename=MSGINAV.EXE Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Greetings Reminders] Number=6610 Confirmed=N Filename=MHPRMIND.EXE Description=Microsoft Home Publishing greetings reminder Source=Paul Collins Startup list [Microsoft Greetings Workshop Reminder] Number=6611 Confirmed=N Filename=Gwremind.exe Description=You really want to be reminded about somebody's birthday at the expense of resources? Source=Paul Collins Startup list [Microsoft Greetings Reminder] Number=6612 Confirmed=N Filename=MHPRMINF.EXE Description=You really want to be reminded about somebody's birthday at the expense of resources? Source=Paul Collins Startup list [Microsoft HDCP for NT] Number=6613 Confirmed=X Filename=msdhcp.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft HDCP for NT and Win9x] Number=6614 Confirmed=X Filename=msdhcprs.exe Description=Added by a variant of the PEERBOT WORM! Source=Paul Collins Startup list [Microsoft Help] Number=6615 Confirmed=X Filename=svh0st.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Help Support] Number=6616 Confirmed=X Filename=mshelp32.exe Description=Addded by the KELVIR-BF WORM! Source=Paul Collins Startup list [Microsoft Help SVC] Number=6617 Confirmed=X Filename=msnmngr.exe Description=Added by the SDBOT-PQ WORM! Source=Paul Collins Startup list [Microsoft Help System] Number=6618 Confirmed=X Filename=mshelp32.exe Description=CoolWebSearch parasite variant Source=Paul Collins Startup list [Microsoft Host Protocol] Number=6619 Confirmed=X Filename=svhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Hosting Service] Number=6620 Confirmed=X Filename=WINHOSTING.EXE Description=Added by the RBOT.AEV WORM! Source=Paul Collins Startup list [Microsoft Hosts Service] Number=6621 Confirmed=X Filename=Isass.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [microsoft hotmail monitor] Number=6622 Confirmed=U Filename=mshotmon.exe Description=Added by the MYTOB-FL WORM! Source=Paul Collins Startup list [Microsoft hren1] Number=6623 Confirmed=X Filename=mmhren1.exe Description=Added by a variant of the AGENT.IWW TROJAN! Source=Paul Collins Startup list [Microsoft Hyptertext Helper] Number=6624 Confirmed=X Filename=mshtha.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft IDCN] Number=6625 Confirmed=X Filename=mshe1p.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Microsoft IE] Number=6626 Confirmed=X Filename=Iexplore.exe Description=Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Microsoft IE Execute shell] Number=6627 Confirmed=X Filename=IEExec.exe Description=Added by the ALADINZ.N TROJAN! Source=Paul Collins Startup list [MicroSoft IE Sasser] Number=6628 Confirmed=X Filename=ISASS.EXE Description=Added by the SDBOT.MX WORM! Source=Paul Collins Startup list [Microsoft IIS] Number=6629 Confirmed=X Filename=syshost.exe Description=Added by the FRANCETTE WORM! Source=Paul Collins Startup list [Microsoft IIS] Number=6630 Confirmed=X Filename=[filename] Description=Added by the FRANCETTE-S WORM! Source=Paul Collins Startup list [Microsoft Inc.] Number=6631 Confirmed=X Filename=iexplorer.exe Description=Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Microsoft Inc.] Number=6632 Confirmed=X Filename=iexplorer.exe… Description=Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Microsoft Incroporate] Number=6633 Confirmed=X Filename=mfs.exe Description=Added by the RBOT-ANF WORM! Source=Paul Collins Startup list [Microsoft Inet Xp..] Number=6634 Confirmed=X Filename=teekids.exe Description=Added by the BLASTER.C WORM! Source=Paul Collins Startup list [Microsoft Information Check] Number=6635 Confirmed=X Filename=microsoft.exe Description=Added by the IRCBOT.AUH TROJAN! Source=Paul Collins Startup list [Microsoft Initialization Service] Number=6636 Confirmed=X Filename=initsvc.exe Description=Detected by Trend Micro as the IRCBOT.AXK BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Initialization Services] Number=6637 Confirmed=X Filename=initserv.exe Description=Added by the IRCBOT-ABO TROJAN! Source=Paul Collins Startup list [Microsoft Install Shield Services] Number=6638 Confirmed=X Filename=rundll64 Description=Added by the RBOT-FSH WORM! Source=Paul Collins Startup list [Microsoft Installshield] Number=6639 Confirmed=X Filename=nundll32.exe Description=Added by the AGOBOT-AHZ WORM! Source=Paul Collins Startup list [Microsoft Instant Messenger] Number=6640 Confirmed=X Filename=msngmsngr32.exe Description=Added by the SPYBOTER.GEN TROJAN! Source=Paul Collins Startup list [Microsoft Int Service] Number=6641 Confirmed=X Filename=MsIntSrv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Intellitype Pro] Number=6642 Confirmed=U Filename=speedkey.exe Description=Additional keyboard shortcuts on MS programmable keyboard Source=Paul Collins Startup list [Microsoft Internal AntiVirus Systems] Number=6643 Confirmed=X Filename=dIlhost.exe Description=Added by the RBOT-AEV WORM! Source=Paul Collins Startup list [Microsoft Internel Corporat] Number=6644 Confirmed=X Filename=netvhost.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Internel Corporat] Number=6645 Confirmed=X Filename=smbvhost.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Internet] Number=6646 Confirmed=X Filename=expl0rer.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Internet] Number=6647 Confirmed=X Filename=windows32.exe Description=Added by the SDBOT-F WORM! Source=Paul Collins Startup list [Microsoft Internet] Number=6648 Confirmed=X Filename=wincfg16.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Internet Acceleration Utility] Number=6649 Confirmed=X Filename=iau.exe Description=EasySearch adware Source=Paul Collins Startup list [Microsoft Internet Acceleration Utility] Number=6650 Confirmed=X Filename=[path to file] Description=Added by the AGENT-CX TROJAN! Source=Paul Collins Startup list [Microsoft Internet Acceleration Utility] Number=6651 Confirmed=X Filename=[path to trojan] Description=Added by the SMUTSRCH-A TROJAN! Source=Paul Collins Startup list [Microsoft Internet Antivirus Protection] Number=6652 Confirmed=X Filename=antivirus.exe Description=Detected by Kaspersky as the IRCBOT.BSK TROJAN! Source=Paul Collins Startup list [Microsoft Internet Dumping Protocol] Number=6653 Confirmed=X Filename=inetdump.exe Description=Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here Source=Paul Collins Startup list [Microsoft Internet Exp] Number=6654 Confirmed=X Filename=iiexplorer.exe Description=Added by the RBOT-KX WORM! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6655 Confirmed=X Filename=iexplore.exe Description=Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6656 Confirmed=X Filename=iexplorer.exe Description=Added by the SDBOT-XNRBOT.UZ WORM! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6658 Confirmed=X Filename=movies.exe Description=Added by the BANCOS-DZ TROJAN! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6659 Confirmed=X Filename=svzhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6660 Confirmed=X Filename=mccagent.exe Description=Added by the DLOADER-UD TROJAN! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6661 Confirmed=X Filename=sysini.exe Description=Added by the DELF-LN TROJAN! Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6662 Confirmed=X Filename=svchost.exe Description=Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder Source=Paul Collins Startup list [Microsoft Internet Explorer] Number=6663 Confirmed=X Filename=lEXPLORE.EXE Description=Added by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer Source=Paul Collins Startup list [Microsoft Internet Explorer Manager] Number=6664 Confirmed=X Filename=ie.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Internet Explorer Update] Number=6665 Confirmed=N Filename=sswizard.exe Description=ScreenShot Wizard Source=Paul Collins Startup list [Microsoft Internet Firewall] Number=6666 Confirmed=X Filename=firewall.exe Description=Detected by PCTools as the IRCBOT.BMD TROJAN! See here Source=Paul Collins Startup list [Microsoft Internet Firewall Manager] Number=6667 Confirmed=X Filename=GMT16.exe Description=Added by the RANDEX.AT WORM! Source=Paul Collins Startup list [Microsoft Internet Firewall Update] Number=6668 Confirmed=X Filename=updater.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Internet Services] Number=6669 Confirmed=X Filename=Smss32.exe Description=Added by the RBOT.MS WORM! Source=Paul Collins Startup list [Microsoft Internet Syncing] Number=6670 Confirmed=X Filename=inetsync.exe Description=Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here Source=Paul Collins Startup list [Microsoft Intrenet Explorer] Number=6671 Confirmed=X Filename=goaw.pif Description=Added by the RBOT-API WORM! Source=Paul Collins Startup list [Microsoft Intrenet Explorer] Number=6672 Confirmed=X Filename=Soundsyst.exe Description=Added by the RBOT-AQU WORM! Source=Paul Collins Startup list [Microsoft Intrenet Explorer] Number=6673 Confirmed=X Filename=cnsg.pif Description=Added by the RBOT-ARO WORM! Source=Paul Collins Startup list [Microsoft Intrenet Explorer] Number=6674 Confirmed=X Filename=wcumrg.exe Description=Added by the SDBOT-AFD WORM! Source=Paul Collins Startup list [Microsoft IPC] Number=6675 Confirmed=X Filename=system.exe Description=Added by the NULLBOT TROJAN! Source=Paul Collins Startup list [Microsoft IPC] Number=6676 Confirmed=X Filename=svshost.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft IT Update] Number=6677 Confirmed=X Filename=win64.exe Description=Added by the RBOT.GA WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6678 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6679 Confirmed=X Filename=IEserv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6680 Confirmed=X Filename=msupdate.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6681 Confirmed=X Filename=winn43.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6682 Confirmed=X Filename=svchsst.exe Description=Added by the RBOT-DH WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6683 Confirmed=X Filename=win43.exe Description=Added by the RBOT-SA WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6684 Confirmed=X Filename=windows.exe Description=Added by the RBOT-GL WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6685 Confirmed=X Filename=winsyst32.exe Description=Added by the RBOT-FC WORM! Source=Paul Collins Startup list [Microsoft IT Update] Number=6686 Confirmed=X Filename=Rhost32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Java Virtual Machine] Number=6687 Confirmed=X Filename=winscr32.exe Description=Added by a variant of the WOOTBOT WORM! Source=Paul Collins Startup list [Microsoft Java Virtual Machine] Number=6688 Confirmed=X Filename=MsConfiG.exe Description=Added by the FORBOT-DV WORM! Source=Paul Collins Startup list [Microsoft Java Virtual Machine] Number=6689 Confirmed=X Filename=msjvm.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Java Virtual Machine] Number=6690 Confirmed=X Filename=javavm.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Java Windows Update] Number=6691 Confirmed=X Filename=[filename] Description=Added by the RBOT-DZ WORM! Source=Paul Collins Startup list [Microsoft JavaVM] Number=6692 Confirmed=X Filename=msjarun.exe Description=Added by the RBOT-JW WORM! Source=Paul Collins Startup list [Microsoft Kernel] Number=6693 Confirmed=X Filename=Windows_kernel32.exe Description=Added by the NETSKY.AE WORM! Source=Paul Collins Startup list [Microsoft Keyboard Enhance 2.0.] Number=6694 Confirmed=X Filename=iasrecst.exe Description=Added by the BCKDR-QIL TROJAN! Source=Paul Collins Startup list [Microsoft Keyboard Enhance V2.0] Number=6695 Confirmed=X Filename=iasrecst.exe Description=Detected by F-Prot as the DOWNLOADER2.AILI TROJAN! Source=Paul Collins Startup list [Microsoft Kinetik Svc] Number=6696 Confirmed=X Filename=msftksvc.exe Description=Detected by Trend Micro as the AGENT.AGDO TROJAN! See here Source=Paul Collins Startup list [Microsoft LAN32 Protocol] Number=6697 Confirmed=X Filename=lanXp.exe Description=Added by the RBOT-SS WORM! Source=Paul Collins Startup list [MicroSoft Legal Syst3m32] Number=6698 Confirmed=X Filename=Syst3m32.exe Description=Detected by PCTools as the RBOT.UYL WORM! See here Source=Paul Collins Startup list [Microsoft Lmhosting Service] Number=6699 Confirmed=X Filename=lmhosts.exe Description=Added by the RBOT-RC WORM! Source=Paul Collins Startup list [Microsoft Locals 332] Number=6700 Confirmed=X Filename=[random filename] Description=Added by the RBOT-KU WORM! Source=Paul Collins Startup list [Microsoft Location Finder] Number=6701 Confirmed=U Filename=LocationFinder.exe Description=Microsoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware" Source=Paul Collins Startup list [Microsoft Login] Number=6702 Confirmed=X Filename=winlogin.exe Description=Added by the RBOT-AJP WORM! Source=Paul Collins Startup list [Microsoft LSA layer] Number=6703 Confirmed=X Filename=MSLSA32.exe Description=Added by the RBOT-AKZ WORM! Source=Paul Collins Startup list [Microsoft Lsass Center] Number=6704 Confirmed=X Filename=Isass.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Lsass Center] Number=6705 Confirmed=X Filename=telecomes.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Lsass Manager] Number=6706 Confirmed=X Filename=lsass.exe Description=Added by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Lsass Service] Number=6707 Confirmed=X Filename=wintcp32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft LSASS386 Protocol] Number=6708 Confirmed=X Filename=scvhost32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft LV] Number=6709 Confirmed=X Filename=[path to file] Description=Added by the BDL TROJAN! Source=Paul Collins Startup list [Microsoft Machine] Number=6710 Confirmed=X Filename=winjava.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft machine] Number=6711 Confirmed=X Filename=blah.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft machine] Number=6712 Confirmed=X Filename=svchost.exe Description=Detected by Kaspersky as the RBOT.AEU TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Machine Script] Number=6713 Confirmed=X Filename=iexplorersis.exe Description=Added by the RBOT-CMH WORM! Source=Paul Collins Startup list [Microsoft Macro Protection SubSsy] Number=6714 Confirmed=X Filename=msacroprots386.exe Description=Added by the RBOT-KE WORM! Source=Paul Collins Startup list [Microsoft Macro Protection Subsystems] Number=6715 Confirmed=X Filename=msmacroprotxz.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Macro Protection Subsystems] Number=6716 Confirmed=X Filename=Msmacroprot32.exe Description=Added by the RBOT.KN WORM! Source=Paul Collins Startup list [Microsoft Manage Services] Number=6717 Confirmed=X Filename=sychost.exe Description=Detected by Trend Micro as the SLENFBOT.AD WORM! See here Source=Paul Collins Startup list [Microsoft Manage Services] Number=6718 Confirmed=X Filename=schost.exe Description=Detected by PCTools as the SLENFBOT.B WORM! See here Source=Paul Collins Startup list [Microsoft Management] Number=6719 Confirmed=X Filename=lmas.exe Description=Added by the FORBOT-CZ WORM! Source=Paul Collins Startup list [Microsoft Management Console] Number=6720 Confirmed=X Filename=lssas.exe Description=EasySearch adware Source=Paul Collins Startup list [Microsoft Management Console] Number=6721 Confirmed=X Filename=[path to trojan] Description=Added by the SMUTSRCH-A TROJAN! Source=Paul Collins Startup list [Microsoft Management Console] Number=6722 Confirmed=X Filename=lssas1.exe Description=Added by the DLOADR-AWD TROJAN! Source=Paul Collins Startup list [Microsoft Manager] Number=6723 Confirmed=X Filename=msmanager.exe Description=Added by the MYTOB.LF WORM! Source=Paul Collins Startup list [Microsoft Map PC] Number=6724 Confirmed=X Filename=mappc.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Mapped PC] Number=6725 Confirmed=X Filename=mappedpc.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft media] Number=6726 Confirmed=X Filename=winmplayers.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Media Manager] Number=6727 Confirmed=X Filename=medman.exe Description=Added by the RBOT.EUZ WORM! Source=Paul Collins Startup list [Microsoft Media player 9] Number=6728 Confirmed=X Filename=msmedia32.exe Description=Added by the RBOT-ADO WORM! Source=Paul Collins Startup list [Microsoft media services] Number=6729 Confirmed=X Filename=Iassd.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft media services] Number=6730 Confirmed=X Filename=winmplayer.exe Description=Added by the RBOT.ZO WORM! Source=Paul Collins Startup list [Microsoft MediaScope] Number=6731 Confirmed=X Filename=winmes.exe Description=Added by the RBOT-XU WORM! Source=Paul Collins Startup list [Microsoft Memory Dumping Protocol] Number=6732 Confirmed=X Filename=memdump.exe Description=Detected by Kaspersky as the IRCBOT.BJK TROJAN! See here Source=Paul Collins Startup list [Microsoft Memory Flow Cycle] Number=6733 Confirmed=X Filename=flowcycle.exe Description=Detected by PCTools as the IRCBOT.WAD TROJAN! See here Source=Paul Collins Startup list [Microsoft Memory Flow Cycle] Number=6734 Confirmed=X Filename=flowcycles.exe Description=Detected by Kaspersky as the WAREZOV.AAK WORM! See here Source=Paul Collins Startup list [Microsoft Message Machine] Number=6735 Confirmed=X Filename=msmesg32.exe Description=Added by the SPYBOT.BI WORM! Source=Paul Collins Startup list [Microsoft Messenger Management Controls] Number=6736 Confirmed=X Filename=msmgmctl.exe Description=Added by the RBOT-APA WORM! Source=Paul Collins Startup list [Microsoft messenger sd] Number=6737 Confirmed=X Filename=msngersd.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Microsoft Messenger Service] Number=6738 Confirmed=X Filename=msmsg32.exe Description=Added by the RBOT.BOK WORM! Source=Paul Collins Startup list [Microsoft Messenger XP] Number=6739 Confirmed=X Filename=MSMSN32.exe Description=Added by the RBOT-ZP WORM! Source=Paul Collins Startup list [Microsoft MicroP Protocol] Number=6740 Confirmed=X Filename=wdgmr32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Movie Maker] Number=6741 Confirmed=X Filename=Mmaker.exe Description=Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program Source=Paul Collins Startup list [Microsoft MSGPLUS32 Protocol] Number=6742 Confirmed=X Filename=msgplus32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft MSN 7 Services] Number=6743 Confirmed=X Filename=msnmsg.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft MSN 7 Services] Number=6744 Confirmed=X Filename=msnmsger.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft MSN Messenger] Number=6745 Confirmed=X Filename=msnmnsgr.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft MSNGR32 Protocol] Number=6746 Confirmed=X Filename=msngr32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft msnseru] Number=6747 Confirmed=U Filename=pcaccel.exe Description=Smartalec PC Accelerator - system optimization utility Source=Paul Collins Startup list [Microsoft MsnST] Number=6748 Confirmed=X Filename=msnst32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft MSUPDATE] Number=6749 Confirmed=X Filename=SpoolSvc.exe Description=Added by the SXTB-A TROJAN! Source=Paul Collins Startup list [Microsoft Neser Experience] Number=6750 Confirmed=X Filename=nese.exe Description=Added by the RBOT-YH WORM! Source=Paul Collins Startup list [Microsoft NetMeeting Associates, Inc.] Number=6751 Confirmed=X Filename=NetMeeting.exe Description=Added by the LOVGATE.AB WORM! Source=Paul Collins Startup list [Microsoft Netview] Number=6752 Confirmed=X Filename=gesfm32.exe Description=Added by the RANDEX.C WORM! Source=Paul Collins Startup list [Microsoft Netview] Number=6753 Confirmed=X Filename=mssvc32.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Netview Component v5.1] Number=6754 Confirmed=X Filename=msnv32.exe Description=Added by the RANDEX.F WORM! Source=Paul Collins Startup list [Microsoft Network] Number=6755 Confirmed=X Filename=msnet.exe Description=Added by the MOCKBOT.A WORM! Source=Paul Collins Startup list [Microsoft Network] Number=6756 Confirmed=X Filename=Networksystem.exe Description=Added by the SDBOT-AAI WORM! Source=Paul Collins Startup list [Microsoft Network Daemon for Win32] Number=6757 Confirmed=X Filename=Netd32.exe Description=Added by the SDBOT.R TROJAN! Source=Paul Collins Startup list [Microsoft Network Host] Number=6758 Confirmed=X Filename=svc0host.exe Description=Added by the SDBOT-AEN WORM! Source=Paul Collins Startup list [Microsoft Network Neighbourhood] Number=6759 Confirmed=X Filename=networknbh.exe Description=Added by the RBOT.DMN WORM! Source=Paul Collins Startup list [Microsoft Network Services Controller] Number=6760 Confirmed=X Filename=mmsvc32.exe Description=Added by the NANPY-A WORM! Source=Paul Collins Startup list [Microsoft Networking Agent For SP2] Number=6761 Confirmed=X Filename=msnac32.exe Description=Added by the SPYBOT.PEN WORM! Source=Paul Collins Startup list [Microsoft Nod32 Service] Number=6762 Confirmed=X Filename=nood32.exe Description=Added by the RBOT.EJP WORM! Source=Paul Collins Startup list [Microsoft Norotn Anti Virus] Number=6763 Confirmed=X Filename=mnhpot.exe Description=Added by the RBOT-GRO WORM! Source=Paul Collins Startup list [Microsoft Norton Antivirus] Number=6764 Confirmed=X Filename=norton.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft NotePad] Number=6765 Confirmed=X Filename=notepad.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft NT Drivers] Number=6766 Confirmed=X Filename=ntdrv.exe Description=Added by the SDBOT.AJN TROJAN! Source=Paul Collins Startup list [Microsoft NT Update] Number=6767 Confirmed=X Filename=winexec32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Nvidia Video] Number=6768 Confirmed=X Filename=nvidia.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6769 Confirmed=N Filename=Osa.exe Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show Source=Paul Collins Startup list [Microsoft Office] Number=6770 Confirmed=N Filename=Msoffice.exe Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly Source=Paul Collins Startup list [Microsoft Office] Number=6771 Confirmed=X Filename=MSMSGR.exe Description=Added by the GAOBOT.BB WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6772 Confirmed=N Filename=Osa9.exe Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show Source=Paul Collins Startup list [Microsoft Office] Number=6773 Confirmed=X Filename=lserv.exe Description=Added by the SDBOT.MH WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6774 Confirmed=X Filename=Microsoft Office.hta Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Source=Paul Collins Startup list [Microsoft Office] Number=6775 Confirmed=X Filename=msoicons.exe Description=Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups! Source=Paul Collins Startup list [Microsoft Office] Number=6776 Confirmed=X Filename=Nxcao.exe Description=Added by the RBOT-ZE WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6777 Confirmed=X Filename=nxcxtpr.exe Description=Added by the RBOT-YG WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6778 Confirmed=X Filename=svxhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6779 Confirmed=X Filename=msoffice32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6780 Confirmed=X Filename=msoff.exe Description=Added by the RAKER-C TROJAN! Source=Paul Collins Startup list [Microsoft Office] Number=6781 Confirmed=X Filename=microsoft.exe Description=Added by the BANKER-VF TROJAN! Source=Paul Collins Startup list [Microsoft Office] Number=6782 Confirmed=X Filename=msvcp.exe Description=Added by the AGENT-XK TROJAN! Source=Paul Collins Startup list [Microsoft Office] Number=6783 Confirmed=X Filename=msmsgr.exe Description=Added by the GAOBOT.BB WORM! Source=Paul Collins Startup list [Microsoft Office] Number=6784 Confirmed=X Filename=mdm.exe Description=Added by the IBOT-A TROJAN! Note - this is not the Machine Debug Manager (also known as MDM7) which shares the same filename Source=Paul Collins Startup list [Microsoft Office Fast Cache] Number=6785 Confirmed=N Filename=Fastboot.exe Description=Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled Source=Paul Collins Startup list [Microsoft Office Monitor] Number=6786 Confirmed=X Filename=alg2k.exe Description=Added by the SDBOT-CZO WORM! Source=Paul Collins Startup list [Microsoft Office Monitor] Number=6787 Confirmed=X Filename=aql32.exe Description=Added by the RBOT-GCY TROJAN! Source=Paul Collins Startup list [Microsoft Office OneNote 2003 Quick Launch] Number=6788 Confirmed=U Filename=ONENOTEM.EXE Description=ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work Source=Paul Collins Startup list [Microsoft Office Quick Launcher] Number=6789 Confirmed=X Filename=iau1.exe Description=Added by the DLOADR-AWD TROJAN! Source=Paul Collins Startup list [Microsoft Office Shortcut Bar] Number=6790 Confirmed=N Filename=Msoffice.exe Description=Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly Source=Paul Collins Startup list [Microsoft Office Start] Number=6791 Confirmed=X Filename=winupdates.exe Description=Added by the GAOBOT.BC WORM! Source=Paul Collins Startup list [Microsoft Office Startup] Number=6792 Confirmed=N Filename=Osa.exe Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show Source=Paul Collins Startup list [Microsoft Office Startup] Number=6793 Confirmed=N Filename=Osa9.exe Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show Source=Paul Collins Startup list [Microsoft Office Studio] Number=6794 Confirmed=X Filename=scvhvst.exe Description=Added by the RANDEX.CST WORM! Source=Paul Collins Startup list [Microsoft OfficeXP] Number=6795 Confirmed=X Filename=officeXP.exe Description=Added by the KILLAV.MA WORM! Source=Paul Collins Startup list [Microsoft Oftice] Number=6796 Confirmed=X Filename=msmsgs.exe Description=Added by the IRCBOT.ALT WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application! Source=Paul Collins Startup list [Microsoft Opeions] Number=6797 Confirmed=X Filename=IEXwe.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Outlook Express Protocol] Number=6798 Confirmed=X Filename=svchst.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Patch Update] Number=6799 Confirmed=X Filename=bootini.exe Description=Added by the RBOT-FMN WORM! Source=Paul Collins Startup list [Microsoft PC Health Remote Assistance File Open & Save controls] Number=6800 Confirmed=X Filename=sfrcdlg32.exe Description=Added by the RBOT-AVY WORM! Source=Paul Collins Startup list [Microsoft PCHealth32] Number=6801 Confirmed=X Filename=[path to file] Description=Added by the NICE-A TROJAN! Source=Paul Collins Startup list [Microsoft PCHealth32] Number=6802 Confirmed=X Filename=NDDENB.exe Description=Added by the PWSYAHOO-A TROJAN! Source=Paul Collins Startup list [Microsoft PCI Manager] Number=6803 Confirmed=X Filename=mspci.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Personal Firewalls] Number=6804 Confirmed=X Filename=bakw.exe Description=Added by the RBOT-KS WORM! Source=Paul Collins Startup list [Microsoft Problem Doctor] Number=6805 Confirmed=X Filename=windr128.exe Description=Added by the SMALLTRO.EF TROJAN! Source=Paul Collins Startup list [Microsoft Problem Doctor] Number=6806 Confirmed=X Filename=windr32.exe Description=Added by a variant of the SMALLTRO.EF TROJAN! Source=Paul Collins Startup list [Microsoft Problem Doctor] Number=6807 Confirmed=X Filename=windr64.exe Description=Added by a variant of the SMALLTRO.EF TROJAN! Source=Paul Collins Startup list [Microsoft Proc Driver32] Number=6808 Confirmed=X Filename=msprc.exe Description=Added by a variant of the WOOTBOT WORM! Source=Paul Collins Startup list [Microsoft Procedure Call] Number=6809 Confirmed=X Filename=MSPCALL.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Process Manager] Number=6810 Confirmed=X Filename=process32.exe Description=Added by the CHECKOUT WORM! See here Source=Paul Collins Startup list [Microsoft Profile Manager] Number=6811 Confirmed=X Filename=profile.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft PSTCP32 Data] Number=6812 Confirmed=X Filename=pstcp32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft QMGR] Number=6813 Confirmed=X Filename=msnqmgr.exe Description=Added by the IRCBOT-S TROJAN! Source=Paul Collins Startup list [Microsoft RDLL] Number=6814 Confirmed=X Filename=sysconf32.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Microsoft Redirect] Number=6815 Confirmed=X Filename=[path to file] Description=Added by the BANKER-FW TROJAN! Source=Paul Collins Startup list [Microsoft Redirect] Number=6816 Confirmed=X Filename=systen.exe Description=Added by the BANCOS-FO TROJAN! Source=Paul Collins Startup list [Microsoft Regestry Edit Manager] Number=6817 Confirmed=X Filename=regedit.exe Description=Detected by Trend Micro as the SHEUR.HC WORM! See here Source=Paul Collins Startup list [Microsoft Regestry Manager] Number=6818 Confirmed=X Filename=regedit32.exe Description=Added by a variant of the IRCBOT.ARD WORM! Source=Paul Collins Startup list [Microsoft Regestry Manager] Number=6819 Confirmed=X Filename=registry32.exe Description=Added by the IRCBOT.ARD WORM! Source=Paul Collins Startup list [Microsoft Registro] Number=6820 Confirmed=X Filename=svchostt.exe Description=Added by the BANCOS-DH TROJAN! Source=Paul Collins Startup list [Microsoft Registry] Number=6821 Confirmed=X Filename=csrse.exe Description=Added by the RBOT-PC WORM! Source=Paul Collins Startup list [MicroSoft Remote Secure Service] Number=6822 Confirmed=X Filename=MSRSS.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Restore] Number=6823 Confirmed=X Filename=scrgrd.exe Description=Added by the SPYBOT.BR WORM! Source=Paul Collins Startup list [Microsoft Router Manager] Number=6824 Confirmed=X Filename=linksys.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Router Manager] Number=6825 Confirmed=X Filename=router.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Rundll] Number=6826 Confirmed=X Filename=windos.exe Description=Added by the SDBOT-WF WORM! Source=Paul Collins Startup list [Microsoft Runtime] Number=6827 Confirmed=X Filename=CfgDll32.exe Description=Added by the RANDEX.BD WORM! Source=Paul Collins Startup list [Microsoft Safe Mode Manager] Number=6828 Confirmed=X Filename=safemode.exe Description=Detected by Trend Micro as the IRCBOT.HM TROJAN! See here Source=Paul Collins Startup list [Microsoft Scanreg] Number=6829 Confirmed=X Filename=microsoftscanreg.exe Description=Added by the FRANRIV.A WORM! Source=Paul Collins Startup list [Microsoft SCVHOST32 Protocol] Number=6830 Confirmed=X Filename=scvhost32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft sddcE Contol] Number=6831 Confirmed=X Filename=taskmnegr.exe Description=Added by the RBOT-AUM WORM! Source=Paul Collins Startup list [Microsoft sdk temp] Number=6832 Confirmed=X Filename=sdktemp.exe Description=Added by the RBOT-ANP WORM! Source=Paul Collins Startup list [Microsoft SDKP3] Number=6833 Confirmed=X Filename=mswinsdq.exe Description=Added by the RBOT-ARY WORM! Source=Paul Collins Startup list [Microsoft Secure Messenger.NET Service] Number=6834 Confirmed=X Filename=securitychk.exe Description=Added by the SDBOT.VT WORM! Source=Paul Collins Startup list [Microsoft Security] Number=6835 Confirmed=X Filename=winService.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft security adviser] Number=6836 Confirmed=X Filename=mssadv.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Security Center] Number=6837 Confirmed=X Filename=savservices.exe Description=Added by the RBOT-ANU WORM! Source=Paul Collins Startup list [Microsoft Security Center] Number=6838 Confirmed=X Filename=wcsntfy.exe Description=Added by the SDBOT.BYD WORM! Source=Paul Collins Startup list [Microsoft Security Controlers] Number=6839 Confirmed=X Filename=fxsecues.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Security GManagers] Number=6840 Confirmed=X Filename=[random filename] Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Security Hot Fix Update] Number=6841 Confirmed=X Filename=mshotfix.exe Description=Affilred adware Source=Paul Collins Startup list [Microsoft Security Management] Number=6842 Confirmed=X Filename=winnt.exe Description=Added by the RBOT-MQ WORM! Source=Paul Collins Startup list [Microsoft Security Management] Number=6843 Confirmed=X Filename=winserv.exe Description=Added by the RBOT-MJ WORM! Source=Paul Collins Startup list [Microsoft Security Management] Number=6844 Confirmed=X Filename=winamp.exe Description=Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory Source=Paul Collins Startup list [Microsoft Security Management] Number=6845 Confirmed=X Filename=wuauct1.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Security Management] Number=6846 Confirmed=X Filename=bling.exe Description=Added by the RBOT.XL WORM! Source=Paul Collins Startup list [Microsoft Security Management] Number=6847 Confirmed=X Filename=sp2fix.exe Description=Added by the RBOT.UB WORM! Source=Paul Collins Startup list [Microsoft Security Manager] Number=6848 Confirmed=X Filename=winamp.exe Description=Added by the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6849 Confirmed=X Filename=mssmp.exe Description=Added by the RBOT-FUB WORM! Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6850 Confirmed=X Filename=mnsmp.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6851 Confirmed=X Filename=msmp.exe Description=Detected by Trend Micro as the RBOT.GKQ WORM! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6852 Confirmed=X Filename=mssm32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6853 Confirmed=X Filename=lsas.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6854 Confirmed=X Filename=msword.exe Description=Detected by Kaspersky as the VIRUT.P VIRUS! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6855 Confirmed=X Filename=service.exe Description=Detected by PCTools as the DELF.BERW BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6856 Confirmed=X Filename=svcchost.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6857 Confirmed=X Filename=windowsupdate.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Security Monitor Process] Number=6858 Confirmed=X Filename=windowsupdate.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Security Panager] Number=6859 Confirmed=X Filename=[filename] Description=Added by the RBOT-ANL WORM! Source=Paul Collins Startup list [Microsoft Security Panagers] Number=6860 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AIG WORM! Source=Paul Collins Startup list [Microsoft Security Panagers] Number=6861 Confirmed=X Filename=zzoboony.exe Description=Added by the RBOT-AOI WORM! Source=Paul Collins Startup list [Microsoft Security Process] Number=6862 Confirmed=X Filename=wininit.exe Description=Added by the RBOT-FKM WORM! Source=Paul Collins Startup list [Microsoft Security System] Number=6863 Confirmed=X Filename=mssecsys.exe Description=Added by the IRCBOT-WJ TROJAN! Source=Paul Collins Startup list [Microsoft Security Update] Number=6864 Confirmed=X Filename=security32.exe Description=Added by the DELF-JJ TROJAN! Source=Paul Collins Startup list [Microsoft Server] Number=6865 Confirmed=X Filename=rserv.exe Description=Added by the AGOBOT.AVS WORM! Source=Paul Collins Startup list [Microsoft Server Applacations] Number=6866 Confirmed=X Filename=msnmsg.exe Description=Added by the AGOBOT.BBM WORM! Source=Paul Collins Startup list [Microsoft Server Applacations] Number=6867 Confirmed=X Filename=wuauct1.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Server Applacations] Number=6868 Confirmed=N Filename=lwtest.exe Description=Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked Source=Paul Collins Startup list [Microsoft Server Applacations] Number=6869 Confirmed=X Filename=Q8See.exe Description=Added by the SPYBOT.GEN3 TROJAN! Source=Paul Collins Startup list [Microsoft Server Applacations] Number=6870 Confirmed=X Filename=cli.exe Description=Added by the RBOT-GAQ WORM! Source=Paul Collins Startup list [Microsoft Server Application] Number=6871 Confirmed=X Filename=Sound.exe Description=Added by the RBOT-NE WORM! Source=Paul Collins Startup list [microsoft server base] Number=6872 Confirmed=X Filename=lass.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Server Process] Number=6873 Confirmed=X Filename=svhst32.exe Description=Added by the BCKDR-QHR TROJAN! Source=Paul Collins Startup list [Microsoft Service] Number=6874 Confirmed=X Filename=microhost.exe Description=Added by the RBOT-LC WORM! Source=Paul Collins Startup list [Microsoft Service] Number=6875 Confirmed=X Filename=winsvc.exe Description=Added by the SPYBOT-DB WORM! Source=Paul Collins Startup list [Microsoft Service] Number=6876 Confirmed=X Filename=rundll.exe Description=Added by the POPO-A WORM! Note - this is NOT the Windows system file of the same name as described here Source=Paul Collins Startup list [Microsoft Service 32] Number=6877 Confirmed=X Filename=mssvc32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Service 32] Number=6878 Confirmed=X Filename=sysddm32.exe Description=Detected by Kaspersky as the SDBOT.AKC TROJAN! See here Source=Paul Collins Startup list [Microsoft Service Access Manager] Number=6879 Confirmed=X Filename=Access.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Microsoft Service Boot] Number=6880 Confirmed=X Filename=sboot.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Service Controller] Number=6881 Confirmed=X Filename=services.exe Description=Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Service Disk Cycle] Number=6882 Confirmed=X Filename=disksave.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Service Drivers] Number=6883 Confirmed=X Filename=System.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Service Drivers] Number=6884 Confirmed=U Filename=pcaccel.exe Description=Smartalec PC Accelerator - system optimization utility Source=Paul Collins Startup list [Microsoft Service Execution Manager] Number=6885 Confirmed=X Filename=execute.exe Description=Added by a variant of the IRCBOT TROJAN! See here Source=Paul Collins Startup list [Microsoft Service firewall Manager] Number=6886 Confirmed=X Filename=firewall.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Service Host Manager] Number=6887 Confirmed=X Filename=32svchost.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Service Host Process] Number=6888 Confirmed=X Filename=svchost.exe Description=Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft Service Information] Number=6889 Confirmed=X Filename=msnservices.exe Description=Added by the RBOT.ID WORM! Source=Paul Collins Startup list [Microsoft Service Login Manager] Number=6890 Confirmed=X Filename=winlogin.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Service Manager] Number=6891 Confirmed=X Filename=service32.exe Description=Added by a variant of the RBOT WORM! See here Source=Paul Collins Startup list [Microsoft Service Manager] Number=6892 Confirmed=X Filename=winsvc.exe Description=Added by a variant of the RBOT WORM! See here Source=Paul Collins Startup list [Microsoft Service Pack] Number=6893 Confirmed=X Filename=WindowsSP.exe Description=Added by the RBOT-RF WORM! Source=Paul Collins Startup list [Microsoft Service Pack2.1] Number=6894 Confirmed=X Filename=svchost2.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6895 Confirmed=X Filename=lsserv.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Services] Number=6896 Confirmed=X Filename=lssrv.exe Description=Added by the RBOT.CW WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6897 Confirmed=X Filename=services.exe Description=Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder Source=Paul Collins Startup list [Microsoft Services] Number=6898 Confirmed=X Filename=lsrv.exe Description=Added by the RBOT-BK WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6899 Confirmed=X Filename=svshost.exe Description=Added by the ALETS.B TROJAN! Source=Paul Collins Startup list [Microsoft Services] Number=6900 Confirmed=X Filename=bsc32.exe Description=Added by the BDOOR-AW TROJAN! Source=Paul Collins Startup list [Microsoft Services] Number=6901 Confirmed=X Filename=Smss32.exe Description=Added by the RBOT-AD WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6902 Confirmed=X Filename=svssshost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6903 Confirmed=X Filename=module.exe Description=Added by the LAVITS WORM! Source=Paul Collins Startup list [Microsoft Services] Number=6904 Confirmed=X Filename=msmpserv.exe Description=Detected by Trend Micro as the IRCBOT.BKA TROJAN! See here Source=Paul Collins Startup list [Microsoft Services Unitd] Number=6905 Confirmed=X Filename=MSU32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Servicez Manager] Number=6906 Confirmed=X Filename=servicemgrz.exe Description=Added by the RBOT-ASN WORM! Source=Paul Collins Startup list [Microsoft Session Manager Subsystem] Number=6907 Confirmed=X Filename=smss.exe Description=Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Setup Initializazion] Number=6908 Confirmed=X Filename=localhost.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Sidewinder Game Controller Software] Number=6909 Confirmed=N Filename=SWTRAY.EXE Description=MS SideWinder game controller system tray icon. Available via Start -> Programs Source=Paul Collins Startup list [Microsoft Sinsup] Number=6910 Confirmed=X Filename=odjiwjf.exe Description=Added by the RBOT-DN WORM! Source=Paul Collins Startup list [Microsoft Software] Number=6911 Confirmed=X Filename=sysinfo33.exe Description=Added by the RBOT.LS WORM! Source=Paul Collins Startup list [microsoft software] Number=6912 Confirmed=X Filename=****.exe E255 [* = random char] Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Microsoft software] Number=6913 Confirmed=X Filename=cdaccess.exe Description=Added by the RBOT.ABK WORM! Source=Paul Collins Startup list [Microsoft Software Update] Number=6914 Confirmed=X Filename=nmon.exe Description=Added by the RBOT.HZ WORM! Source=Paul Collins Startup list [Microsoft Sound Driver] Number=6915 Confirmed=X Filename=sound32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Sound Technology] Number=6916 Confirmed=X Filename=winsound.exe Description=Added by the RBOT-AGG WORM! Source=Paul Collins Startup list [Microsoft Sound Volume Tool] Number=6917 Confirmed=N Filename=mssvol.exe Description=This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel Source=Paul Collins Startup list [Microsoft Sounds] Number=6918 Confirmed=X Filename=soundman.exe Description=Added by the RBOT-GCI WORM! Source=Paul Collins Startup list [Microsoft SourceSafe] Number=6919 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft SpA Service] Number=6920 Confirmed=X Filename=msapps.exe Description=Added by the RBOT-VI WORM! Source=Paul Collins Startup list [Microsoft SpA Service] Number=6921 Confirmed=X Filename=win32.exe Description=Added by the RBOT.ATS WORM! Source=Paul Collins Startup list [Microsoft SpA Service] Number=6922 Confirmed=X Filename=Winupd32.exe Description=Added by the RBOT.LT WORM! Source=Paul Collins Startup list [Microsoft Special offer] Number=6923 Confirmed=X Filename=infoebay.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Spool ** Service] Number=6924 Confirmed=X Filename=spool**.exe Description=Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number Source=Paul Collins Startup list [Microsoft Spool Server for Win32] Number=6925 Confirmed=X Filename=spoolsrv.exe Description=Added by the RANDEX.H WORM! Source=Paul Collins Startup list [Microsoft Spool Svc] Number=6926 Confirmed=X Filename=spoolsvc32.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Spooler Services] Number=6927 Confirmed=X Filename=Spoolsv.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [MicroSoft ssas3s1] Number=6928 Confirmed=X Filename=SADASDA.exe Description=Detected by PCTools as the RBOT.URF WORM! See here Source=Paul Collins Startup list [Microsoft SSISVRI32 Protocol] Number=6929 Confirmed=X Filename=ssisvri.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Standard Executions Library] Number=6930 Confirmed=X Filename=win32lib.exe Description=Added by the RBOT-AUK WORM! Source=Paul Collins Startup list [Microsoft standard protector] Number=6931 Confirmed=X Filename=winsocks5.exe Description=Added by the SMALL.CF TROJAN! Source=Paul Collins Startup list [Microsoft standard protector] Number=6932 Confirmed=X Filename=[path to trojan] Description=Added by the STOX-C TROJAN! Source=Paul Collins Startup list [Microsoft startup] Number=6933 Confirmed=X Filename=wmpIayer.exe Description=Added by the IRCBOT.ACI TROJAN! Source=Paul Collins Startup list [Microsoft Stuff you know] Number=6934 Confirmed=X Filename=winslogin.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Sum32] Number=6935 Confirmed=X Filename=sum32.exe Description=Added by the RBOT-YW WORM! Source=Paul Collins Startup list [Microsoft Support] Number=6936 Confirmed=X Filename=sys32ms.exe Description=Added by the RBOT-AHI WORM! Source=Paul Collins Startup list [microsoft support] Number=6937 Confirmed=X Filename=svchostt.exe Description=Added by the AGOBOT.AWN WORM! Source=Paul Collins Startup list [Microsoft SVC] Number=6938 Confirmed=X Filename=mssvc.exe Description=Added by the BIFROSE-UQ TROJAN! Source=Paul Collins Startup list [Microsoft Svchost local services] Number=6939 Confirmed=X Filename=winoem.exe Description=Added by the RBOT-FPE WORM! Source=Paul Collins Startup list [Microsoft Svchost local services] Number=6940 Confirmed=X Filename=nzm23.exe Description=Added by the RBOT-GMC WORM! Source=Paul Collins Startup list [Microsoft Svchost local services] Number=6941 Confirmed=X Filename=msnserver.exe Description=Added by the RBOT-GPM WORM! Source=Paul Collins Startup list [Microsoft Syn Manager] Number=6942 Confirmed=X Filename=Manager.exe Description=Added by the SDBOT.BEF WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6943 Confirmed=X Filename=asgard.exe Description=Added by the SDBOT-AEA WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6944 Confirmed=X Filename=bot.exe Description=Added by the SDBOT.IH WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6945 Confirmed=X Filename=netscape.exe Description=Added by the RANDEX.AE WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6946 Confirmed=X Filename=slhost.exe Description=Added by the SDBOT.YH WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6947 Confirmed=X Filename=svhost.exe Description=Added by the SDBOT-PY WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6948 Confirmed=X Filename=WinLoginnn.exe Description=Added by the SPYBOT.FO WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6949 Confirmed=X Filename=winupdate.exe Description=Added by the SDBOT.ER WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6950 Confirmed=X Filename=xXx.exe Description=Added by the SDBOT-KZ WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6951 Confirmed=X Filename=___synmgr.exe Description=Added by the MASLAN.A or MASLAN.C WORMS! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6952 Confirmed=X Filename=al.exe Description=Added by the OPTXPRO.132 TROJAN! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6953 Confirmed=X Filename=win.exe Description=Added by the SDBOT.AK WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6954 Confirmed=X Filename=java.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6955 Confirmed=X Filename=svchosts.exe Description=Added by the SDBOT-LM WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6956 Confirmed=X Filename=winlogon32.exe Description=Added by the SDBOT.AEU WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6957 Confirmed=X Filename=svxhost.exe Description=Added by the SDBOT-ZU WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6958 Confirmed=X Filename=wincfg32.exe Description=Added by the SDBOT.DO WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6959 Confirmed=X Filename=screen.exe Description=Added by the SDBOT-ACO WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6960 Confirmed=X Filename=devldr32.exe Description=Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6961 Confirmed=X Filename=explorer.exe Description=Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6962 Confirmed=X Filename=firewire.exe Description=Added by the SDBOT-AFC WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6963 Confirmed=X Filename=wmedia.exe Description=Added by the SDBOT.BFC WORM! Source=Paul Collins Startup list [Microsoft Synchronization Manager] Number=6964 Confirmed=X Filename=win932.exe Description=Added by the SDBOT.AH WORM! Source=Paul Collins Startup list [MicroSoft sys32] Number=6965 Confirmed=X Filename=sysmsgr32.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [MicroSoft sys3s1] Number=6966 Confirmed=X Filename=h4ckn3t.exe Description=Detected by PCTools as the RBOT.QTY WORM! See here Source=Paul Collins Startup list [Microsoft System] Number=6967 Confirmed=X Filename=msupdtm.exe Description=Added by the SPYBOT.PKC WORM! Source=Paul Collins Startup list [Microsoft System] Number=6968 Confirmed=X Filename=mssys32.exe Description=Added by the PETTICK.A WORM! Source=Paul Collins Startup list [Microsoft System] Number=6969 Confirmed=X Filename=sys.exe Description=Added by the RBOT.AKI WORM! Source=Paul Collins Startup list [Microsoft System Administration] Number=6970 Confirmed=X Filename=system.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft System Backup] Number=6971 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AGM WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6972 Confirmed=X Filename=Cool.exe Description=Added by the DONK.B WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6973 Confirmed=X Filename=Wnetlib.exe Description=Added by the DONK.C WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6974 Confirmed=X Filename=dbnetlib.exe Description=Added by the DONK.L WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6975 Confirmed=X Filename=Keymgr.exe Description=Added by the DONK.M WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6976 Confirmed=X Filename=inetman.exe Description=Added by the DONK.O WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6977 Confirmed=X Filename=ntsysmgr.exe Description=Added by the DONK.S WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6978 Confirmed=X Filename=ntsysman.exe Description=Added by the SDBOT-QW WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6979 Confirmed=X Filename=libsysmgr.exe Description=Added by the SDBOT-CAF WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6980 Confirmed=X Filename=sysmgr.exe Description=Added by the SDBOT-OO TROJAN! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6981 Confirmed=X Filename=netapi32.exe Description=Added by the DONK-E WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6982 Confirmed=X Filename=wnetmgr.exe Description=Added by the DONK.Q WORM! Source=Paul Collins Startup list [Microsoft System Checkup] Number=6983 Confirmed=X Filename=libsys32.exe Description=Added by the SDBOT-ACK WORM! Source=Paul Collins Startup list [Microsoft System Debug] Number=6984 Confirmed=X Filename=services32.exe Description=Added by the RBOT.AKH WORM! Source=Paul Collins Startup list [Microsoft System DLL Services Configuration] Number=6985 Confirmed=X Filename=windir32.exe Description=Added by the SDBOT-ACY TROJAN! Source=Paul Collins Startup list [Microsoft System File] Number=6986 Confirmed=X Filename=svchots.exe Description=Added by the RBOT.BYU WORM! Source=Paul Collins Startup list [Microsoft System Firewall 2006.2] Number=6987 Confirmed=X Filename=msmsgr.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft System Firewall 2006.2] Number=6988 Confirmed=X Filename=msnmsgr.exe Description=Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility Source=Paul Collins Startup list [Microsoft System Firewall 2006.2] Number=6989 Confirmed=X Filename=reg32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft System Init] Number=6990 Confirmed=X Filename=mtmnr0.exe Description=Added by the SDBOT.BR TROJAN! Source=Paul Collins Startup list [Microsoft System Monitor] Number=6991 Confirmed=X Filename=monsys.exe Description=Added by the IRCBOT-YV TROJAN! Source=Paul Collins Startup list [Microsoft System Monitor] Number=6992 Confirmed=X Filename=system.exe Description=Detected by PCTools as the IRCBOT.AUT TROJAN! See here Source=Paul Collins Startup list [Microsoft System NT] Number=6993 Confirmed=X Filename=svhost.exe Description=Added by the SDBOT.COU WORM! Source=Paul Collins Startup list [Microsoft System Restore Configuration] Number=6994 Confirmed=X Filename=CBRSS.EXE Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft System Saver] Number=6995 Confirmed=X Filename=[path to worm] Description=Added by the RBOT.BSK WORM! Source=Paul Collins Startup list [Microsoft System Security Agent] Number=6996 Confirmed=X Filename=MSTSA.EXE Description=Added by the RBOT.CCM WORM! Source=Paul Collins Startup list [Microsoft System Service] Number=6997 Confirmed=X Filename=dnservice.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft System Service] Number=6998 Confirmed=X Filename=taskmgr1.exe Description=Detected by Kaspersky as the SDBOT.CSX TROJAN! See here Source=Paul Collins Startup list [Microsoft System Service] Number=6999 Confirmed=X Filename=winIogon2.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft System Service Device] Number=7000 Confirmed=X Filename=mssdh.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft System Services] Number=7001 Confirmed=X Filename=msnmgsr.exe Description=Added by the KELVIR.K WORM! Source=Paul Collins Startup list [Microsoft System Services] Number=7002 Confirmed=X Filename=msmsgr.exe Description=Added by the RBOT-ZH WORM! Source=Paul Collins Startup list [Microsoft System Update] Number=7003 Confirmed=X Filename=sysupdate.exe Description=Added by the SDBOT.DG WORM! Source=Paul Collins Startup list [Microsoft system Value] Number=7004 Confirmed=X Filename=sys57.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft System32 Update] Number=7005 Confirmed=X Filename=cmsrg.exe Description=Added by the RBOT-GN WORM! Source=Paul Collins Startup list [Microsoft task tray monitor] Number=7006 Confirmed=X Filename=ctray.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Task32 Protocol] Number=7007 Confirmed=X Filename=taskmgr32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Taskmanager Updater] Number=7008 Confirmed=X Filename=keyboard.exe Description=Added by the RBOT-ALU WORM! Source=Paul Collins Startup list [Microsoft TCP Protocol] Number=7009 Confirmed=X Filename=wintcp32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft TCP/IP Connection Monitor] Number=7010 Confirmed=X Filename=svchost32.exe Description=Added by the RBOT.KS WORM! Source=Paul Collins Startup list [Microsoft Telecom Center] Number=7011 Confirmed=X Filename=tellecom.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Telecoma Center] Number=7012 Confirmed=X Filename=tellcoma.exe Description=Added by the RBOT-AWX WORM! Source=Paul Collins Startup list [Microsoft Telecoms Center] Number=7013 Confirmed=X Filename=telcoms.exe Description=Added by the IRCBOT.GEN WORM! Source=Paul Collins Startup list [Microsoft Telecoms Center] Number=7014 Confirmed=X Filename=xpfilesys.exe Description=Added by the RBOT.BCJ TROJAN! Source=Paul Collins Startup list [Microsoft Telecoms Center] Number=7015 Confirmed=X Filename=winupn.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Telecoms Center] Number=7016 Confirmed=X Filename=svcchost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Time Manager] Number=7017 Confirmed=X Filename=dveldr.exe Description=Added by the RBOT-HQ WORM! Source=Paul Collins Startup list [MicroSoft Toolbar] Number=7018 Confirmed=X Filename=key.exe Description=Added by the RBOT-AEW WORM! Source=Paul Collins Startup list [Microsoft Transfer File Server] Number=7019 Confirmed=X Filename=mtfs.exe Description=Added by the RBOT.AFE WORM! Source=Paul Collins Startup list [Microsoft Tray] Number=7020 Confirmed=X Filename=[random filename] Description=Added by the DELF.BZ TROJAN! Source=Paul Collins Startup list [Microsoft TTL Verifier] Number=7021 Confirmed=X Filename=msttl.exe Description=Added by the RBOT-GAP WORM! Source=Paul Collins Startup list [Microsoft U] Number=7022 Confirmed=X Filename=wuamkopxp.exe Description=Added by the RBOT-AHC WORM! Source=Paul Collins Startup list [Microsoft UMA Update] Number=7023 Confirmed=X Filename=MSuma32.exe Description=Added by the RBOT.FS WORM! Source=Paul Collins Startup list [MICROSOFT UNPACCKER SYSTEM] Number=7024 Confirmed=X Filename=unpak32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [MICROSOFT UNPACK SYSTEM] Number=7025 Confirmed=X Filename=winrarx.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updat3] Number=7026 Confirmed=X Filename=mswkst32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7027 Confirmed=X Filename=Microsoft.exe Description=Added by the GAOBOT.AFJ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7028 Confirmed=X Filename=mssmgrd.exe Description=Added by the SDBOT.JT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7029 Confirmed=X Filename=mvsc.exe Description=Added by the SPYBOT.DAZ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7030 Confirmed=X Filename=ascdl.exe Description=Added by the GAOBOT.SY WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7031 Confirmed=X Filename=Isac.exe Description=Added by the RBOT-AU WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7032 Confirmed=X Filename=automgr32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7033 Confirmed=X Filename=mediap.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7034 Confirmed=X Filename=Microsoftx.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7035 Confirmed=X Filename=msconfg.exe Description=Added by the RBOT.H WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7036 Confirmed=X Filename=Mslti32.exe Description=Added by the RBOT-LX WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7037 Confirmed=X Filename=muamgrd.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7038 Confirmed=X Filename=navmgrd.exe Description=Added by the SDBOT.DP TROJAN! Source=Paul Collins Startup list [Microsoft Update] Number=7039 Confirmed=X Filename=Smss32.exe Description=Added by the RBOT.CB WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7040 Confirmed=X Filename=sys32cfg.exe Description=Added by the RBOT.DR WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7041 Confirmed=X Filename=VPC32.EXE Description=Added by the AGOBOT.XM WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7042 Confirmed=X Filename=winsys32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7043 Confirmed=X Filename=wuamgrd.exe Description=Added by the RBOT-LK WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7044 Confirmed=X Filename=wuammgr32.exe Description=Added by the RBOT-AW WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7045 Confirmed=X Filename=wudmate.exe Description=Added by the RBOT.AP WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7046 Confirmed=X Filename=msawindows.exe Description=Added by the GAOBOT.AFJ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7047 Confirmed=X Filename=msiwin84.exe Description=Added by the GAOBOT.AFJ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7048 Confirmed=X Filename=wuamgrd32.exe Description=Added by the RBOT.ZB WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7049 Confirmed=X Filename=NAV.exe Description=Added by the RBOT-IV WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7050 Confirmed=X Filename=systemi32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7051 Confirmed=X Filename=xpupdate.exe Description=Added by the RBOT-QE WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7052 Confirmed=X Filename=webm.exe Description=Added by the SDBOT.WK WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7053 Confirmed=X Filename=wuagrd.exe Description=Added by the RBOT-FK WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7054 Confirmed=X Filename=aaupdt.exe Description=Added by the RBOT-RQ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7055 Confirmed=X Filename=lsac.exe Description=Added by the GAOBOT.XW WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7056 Confirmed=X Filename=Mupdate.exe Description=Added by the RBOT-AG WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7057 Confirmed=X Filename=prowind32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7058 Confirmed=X Filename=snlogsvc.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7059 Confirmed=X Filename=svhost.exe Description=Added by the RBOT-PI WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7060 Confirmed=X Filename=wauguard.exe Description=Added by the RBOT.AEE WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7061 Confirmed=X Filename=winscv.exe Description=Added by the RBOT-BH WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7062 Confirmed=X Filename=winsys.exe Description=Added by the RBOT-GV WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7063 Confirmed=X Filename=wserv32.exe Description=Added by the RBOT.AF WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7064 Confirmed=X Filename=wtm32.exe Description=Added by the RBOT-AQ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7065 Confirmed=X Filename=wumgrd.exe Description=Added by the SDBOT-KY WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7066 Confirmed=X Filename=wuampd.exe Description=Added by the RBOT-UT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7067 Confirmed=X Filename=msupdate32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7068 Confirmed=X Filename=Botnet.exe Description=Added by the RBOT.AFL WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7069 Confirmed=X Filename=sghost.exe Description=Added by the SDBOT.AKV WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7070 Confirmed=X Filename=update_w.exe Description=Added by the RBOT-EW WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7071 Confirmed=X Filename=windows24.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7072 Confirmed=X Filename=wingrd32.exe Description=Added by the RBOT-DW WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7073 Confirmed=X Filename=wssvr.exe Description=Added by the RBOT-OD WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7074 Confirmed=X Filename=wuamagr32.exe Description=Added by the SPYBOT.CG WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7075 Confirmed=X Filename=WinUpdate32.exe Description=Added by the RBOT-TI WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7076 Confirmed=X Filename=wkfix.exe Description=Added by the RBOT-ABZ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7077 Confirmed=X Filename=Kkk.exe Description=Added by the RBOT-AHL WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7078 Confirmed=X Filename=mcupdate.exe Description=Added by the RBOT.XT WORM! Note - this file is located in the Windows\System32 or Winnt\System32 folder, and should not be confused with the McAfee antivirus executable as described here Source=Paul Collins Startup list [Microsoft Update] Number=7079 Confirmed=X Filename=Micr0s0ft.exe Description=Added by the AGOBOT.AAR WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7080 Confirmed=X Filename=Msnmsngr.exe Description=Added by the RBOT.BQS WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7081 Confirmed=X Filename=msupdate32.exe Description=Added by the SPYBOT.LZ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7082 Confirmed=X Filename=scvhost.exe Description=Added by the RBOT-AEM WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7083 Confirmed=X Filename=svghost.exe Description=Added by the RBOT.BUJ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7084 Confirmed=X Filename=sys.exe Description=Added by the RBOT-AJ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7085 Confirmed=X Filename=up2dat5.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7086 Confirmed=X Filename=winamp.exe Description=Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player Source=Paul Collins Startup list [Microsoft Update] Number=7087 Confirmed=X Filename=win-mang.exe Description=Added by the RBOT-AFK WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7088 Confirmed=X Filename=winupdater.exe Description=Added by the RBOT.BIN WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7089 Confirmed=X Filename=wuamk0032.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7090 Confirmed=X Filename=wuamk032.exe Description=Added by the RBOT-AHD WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7091 Confirmed=X Filename=wuamk0p32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7092 Confirmed=X Filename=wuamkop.exe Description=Added by the RBOT-AFI WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7093 Confirmed=X Filename=wuamkop32.exe Description=Added by the RBOT.BGU WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7094 Confirmed=X Filename=wuampkd.exe Description=Added by the SDBOT.BBX WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7095 Confirmed=X Filename=svzhost.exe Description=Added by the RBOT.OX WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7096 Confirmed=X Filename=win32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7097 Confirmed=X Filename=wininit.exe Description=Added by the RBOT-AKR WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7098 Confirmed=X Filename=wuamgrd3.exe Description=Added by the RBOT-AMC WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7099 Confirmed=X Filename=Wudates.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7100 Confirmed=X Filename=ms.exe Description=Added by the SDBOT.CC WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7101 Confirmed=X Filename=wuagmsd.exe Description=Added by the RBOT-AX WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7102 Confirmed=X Filename=cmss.exe Description=Added by the RBOT-ATQ WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7103 Confirmed=X Filename=wuamgrb.exe Description=Added by the RBOT-AZE WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7104 Confirmed=X Filename=WINDOC.EXE Description=Added by the SDBOT.PF WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7105 Confirmed=X Filename=phqghumea.exe Description=Added by the SDBOT.AFO WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7106 Confirmed=X Filename=system32.exe Description=Added by the RBOT.IS WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7107 Confirmed=X Filename=bling.exe Description=Added by the RBOT-AVK WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7108 Confirmed=X Filename=Sygate.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7109 Confirmed=X Filename=update.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7110 Confirmed=X Filename=WinDrv32.exe Description=Added by the RBOT.EGW WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7111 Confirmed=X Filename=devmks32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft update] Number=7112 Confirmed=X Filename=winupdate.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7113 Confirmed=X Filename=msupdate.exe Description=Added by the BOROBOT-I TROJAN! Source=Paul Collins Startup list [Microsoft Update] Number=7114 Confirmed=X Filename=mixer.exe Description=Added by the RBOT-AIR WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7115 Confirmed=X Filename=taskmgr32.exe Description=Added by the RBOT-CV WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7116 Confirmed=X Filename=drive.exe Description=Added by the BIFROSE-PN WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7117 Confirmed=X Filename=wangard.exe Description=Added by the RBOT-LH WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7118 Confirmed=X Filename=spool.exe Description=Added by the AGENT-GJC TROJAN! Source=Paul Collins Startup list [Microsoft Update] Number=7119 Confirmed=X Filename=bnmveqfts.exe Description=Detected by Kaspersky as the BANLOAD.KWQ TROJAN! See here Source=Paul Collins Startup list [Microsoft Update] Number=7120 Confirmed=X Filename=dqbxhupdt Description=Added by a variant of the SDBOT WORM! See here Source=Paul Collins Startup list [Microsoft Update] Number=7121 Confirmed=X Filename=enule.exe Description=Detected by Kaspersky as the IRCBOT.DU BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update] Number=7122 Confirmed=X Filename=explorer.exe Description=Detected by Kaspersky as the RBOT.AEU BACKDOOR! See here. Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft Update] Number=7123 Confirmed=X Filename=imchemaoa.exe Description=Detected by Kaspersky as the BANLOAD.KWQ TROJAN! See here Source=Paul Collins Startup list [Microsoft Update] Number=7124 Confirmed=X Filename=livemessenger.com Description=Added by the ADLOAD-LN TROJAN! Source=Paul Collins Startup list [Microsoft Update] Number=7125 Confirmed=X Filename=msnmsgl.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Update] Number=7126 Confirmed=X Filename=nnwyaupdt Description=Detected by Kaspersky as the RBOT.RHK BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update] Number=7127 Confirmed=X Filename=ntservice.exe Description=Added by the AGENT-DIS TROJAN! Source=Paul Collins Startup list [Microsoft Update] Number=7128 Confirmed=X Filename=rundll32.dll Description=Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update] Number=7129 Confirmed=X Filename=wuamgrdx.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Update] Number=7130 Confirmed=X Filename=wutr.exe Description=Added by the SPYBOT.AAR WORM! Source=Paul Collins Startup list [Microsoft Update] Number=7131 Confirmed=X Filename=SetPoints.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Update] Number=7132 Confirmed=X Filename=system.exe Description=Detected by Kaspersky as a variant of the RBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update] Number=7133 Confirmed=X Filename=service.exe Description=Added by a variant of the RBOT WORM! See here Source=Paul Collins Startup list [Microsoft Update 23] Number=7134 Confirmed=X Filename=NtKernelSystem.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update 23] Number=7135 Confirmed=X Filename=spoolvs.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7136 Confirmed=X Filename=explore32.exe Description=Added by the SPYBOT.CYM WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7137 Confirmed=X Filename=MSupdate32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7138 Confirmed=X Filename=wininit.exe Description=Added by the RBOT-ANY WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7139 Confirmed=X Filename=wininit32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7140 Confirmed=X Filename=[path to file] Description=Added by the RBOT-AJJ WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7141 Confirmed=X Filename=mscnfg.exe Description=Added by the RBOT-ALM WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7142 Confirmed=X Filename=servic.exe Description=Added by the RBOT-AXN WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7143 Confirmed=X Filename=winitXP32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7144 Confirmed=X Filename=mssetup32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7145 Confirmed=X Filename=wiit.exe Description=Added by the RBOT-AMS WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7146 Confirmed=X Filename=explorer.exe Description=Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [Microsoft Update 32] Number=7147 Confirmed=X Filename=network.exe Description=Added by the RBOT-ARZ WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7148 Confirmed=X Filename=om4r.exe Description=Added by the RBOT-AQP WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7149 Confirmed=X Filename=winin.exe Description=Added by the RBOT-ARR WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7150 Confirmed=X Filename=wuinit.exe Description=Added by the AGOBOT-UE WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7151 Confirmed=X Filename=neta.exe Description=Added by the RBOT-AMI WORM! Source=Paul Collins Startup list [Microsoft Update 32] Number=7152 Confirmed=X Filename=rundll32.exe Description=Detected by Kaspersky as the RBOT.AIE BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Microsoft Update 32] Number=7153 Confirmed=X Filename=taskMangr.exe Description=Detected by Kaspersky as the RBOT.AIE BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update 33] Number=7154 Confirmed=X Filename=init.exe Description=Added by the RBOT-ATT WORM! Source=Paul Collins Startup list [Microsoft Update 64 BIT] Number=7155 Confirmed=X Filename=wininit32.exe Description=Added by the RBOT-AHE WORM! Source=Paul Collins Startup list [Microsoft Update 64 BIT] Number=7156 Confirmed=X Filename=winman32.exe Description=Added by the RBOT-AKI WORM! Source=Paul Collins Startup list [Microsoft Update 64 BIT] Number=7157 Confirmed=X Filename=schvost.exe Description=Added by the RBOT.CAU WORM! Source=Paul Collins Startup list [Microsoft Update 64 BIT] Number=7158 Confirmed=X Filename=winl32xe.exe Description=Added by the RBOT-AQO WORM! Source=Paul Collins Startup list [MICROSOFT UPDATE CONFIGURATION] Number=7159 Confirmed=X Filename=WIN32SNC.EXE Description=Added by the RBOT-AI WORM! Source=Paul Collins Startup list [Microsoft Update Control] Number=7160 Confirmed=X Filename=Ms64.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Debugger] Number=7161 Confirmed=X Filename=wincfg32.exe Description=Added by the SPYBOT.ZC WORM! Source=Paul Collins Startup list [Microsoft Update Device] Number=7162 Confirmed=X Filename=flolo.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Update Device Drivers] Number=7163 Confirmed=X Filename=wuauclt.exe Description=Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Update DLL] Number=7164 Confirmed=X Filename=rxxhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Drivers] Number=7165 Confirmed=X Filename=explorers.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update Emulator] Number=7166 Confirmed=X Filename=kern-mxe.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Loader] Number=7167 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Loaders 2005] Number=7168 Confirmed=X Filename=winusers.exe Description=Added by the RBOT-AIQ WORM! Source=Paul Collins Startup list [Microsoft Update Loaders 2006] Number=7169 Confirmed=X Filename=winusersystem32.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7170 Confirmed=X Filename=expl0rer.exe Description=Added by the SDBOT.OK WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7171 Confirmed=X Filename=rxhost.exe Description=Added by the RBOT.FC WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7172 Confirmed=X Filename=servicz.exe Description=Added by the RBOT-HU WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7173 Confirmed=X Filename=SP2.exe Description=Added by the SPYBOT.FP WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7174 Confirmed=X Filename=winini.exe Description=Added by the RBOT-KV WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7175 Confirmed=X Filename=xvshost.exe Description=Added by the RBOT.QP WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7176 Confirmed=X Filename=memstat.exe Description=Added by the RBOT-OM WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7177 Confirmed=X Filename=ntce.exe Description=Added by the RBOT-FA WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7178 Confirmed=X Filename=system03.exe Description=Added by the RBOT-NM WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7179 Confirmed=X Filename=wuawx.exe Description=Added by the RBOT-CE WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7180 Confirmed=X Filename=zonealarm.exe Description=Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7181 Confirmed=X Filename=systemll.exe Description=Added by the RBOT-JT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7182 Confirmed=X Filename=winupdt.exe Description=Added by the RBOT-FP WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7183 Confirmed=X Filename=svshost.exe Description=Added by the RBOT.AK WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7184 Confirmed=X Filename=wuamgd.exe Description=Added by the SDBOT.HQ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7185 Confirmed=X Filename=wupdt32x.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7186 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7187 Confirmed=X Filename=linux.exe Description=Added by the RBOT-IM WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7188 Confirmed=X Filename=lmrss.exe Description=Added by the RBOT-DY WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7189 Confirmed=X Filename=windowsu.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7190 Confirmed=X Filename=wininigo.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7191 Confirmed=X Filename=winmgr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7192 Confirmed=X Filename=Winmsixp32.exe Description=Added by the RBOT.DN WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7193 Confirmed=X Filename=Winregs32.exe Description=Added by the RBOT.DN WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7194 Confirmed=X Filename=winxpini.exe Description=Added by the RBOT-OB WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7195 Confirmed=X Filename=wuamgrd.exe Description=Added by the RBOT-HE WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7196 Confirmed=X Filename=wuagrd.exe Description=Added by the RBOT-GF WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7197 Confirmed=X Filename=LANWAKE.EXE Description=Added by the RBOT-QZ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7198 Confirmed=X Filename=scvhost.exe Description=Added by the RBOT-GS WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7199 Confirmed=X Filename=winhost.exe Description=Added by the RBOT-GK WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7200 Confirmed=X Filename=winss.exe Description=Added by the RBOT.JU WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7201 Confirmed=X Filename=WUAMGRDXS.EXE Description=Added by the RBOT-GL WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7202 Confirmed=X Filename=crss32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7203 Confirmed=X Filename=lsasse.exe Description=Added by the RBOT-DI WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7204 Confirmed=X Filename=qwerty.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7205 Confirmed=X Filename=rxxhost.exe Description=Added by the RBOT.EP WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7206 Confirmed=X Filename=servicez.exe Description=Added by the SPYBOT.BI WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7207 Confirmed=X Filename=spoolserv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7208 Confirmed=X Filename=Systemnt.exe Description=Added by the RBOT.DA WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7209 Confirmed=X Filename=systemse.exe Description=Added by the RBOT-BD WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7210 Confirmed=X Filename=taskmngrs.exe Description=Added by the RBOT-CR WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7211 Confirmed=X Filename=windowsup.exe Description=Added by the RBOT-FV WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7212 Confirmed=X Filename=wuamgard.exe Description=Added by the SPYBOT.CS WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7213 Confirmed=X Filename=wupdate32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7214 Confirmed=X Filename=system.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7215 Confirmed=X Filename=TMEMSER.EXE Description=Added by the RBOT-NQ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7216 Confirmed=X Filename=winnie.exe Description=Added by the RBOT-ACD WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7217 Confirmed=X Filename=winortho.exe Description=Added by the RBOT-NW WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7218 Confirmed=X Filename=wins32.exe Description=Added by the RBOT.EZ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7219 Confirmed=X Filename=serviz.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7220 Confirmed=X Filename=TASKMAN4.EXE Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7221 Confirmed=X Filename=wftestb.exe Description=Added by the RBOT-AFZ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7222 Confirmed=X Filename=Win32.exe Description=Added by the SDBOT.UV WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7223 Confirmed=X Filename=windns.exe Description=Added by the RBOT.EF WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7224 Confirmed=X Filename=MSOICONS.EXE Description=Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7225 Confirmed=X Filename=WINSVC32.EXE Description=Added by the RBOT.CU WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7226 Confirmed=X Filename=ntsystem.exe Description=Added by the RBOT.GF WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7227 Confirmed=X Filename=winupdte.exe Description=Added by the RBOT-GKL WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7228 Confirmed=X Filename=jkfrnz.exe Description=Added by the RBOT-GOZ WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7229 Confirmed=X Filename=wlimyc.exe Description=Added by the RBOT-GQN WORM! Source=Paul Collins Startup list [Microsoft Update Machine] Number=7230 Confirmed=X Filename=jkydxg.exe Description=Detected by Kaspersky as the RBOT.AEA BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7231 Confirmed=X Filename=opmmve.exe Description=Detected by Kaspersky as the KOLABC.DES WORM! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7232 Confirmed=X Filename=paxrxo.exe Description=Detected by McAfee as the PUSHBOT.A WORM! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7233 Confirmed=X Filename=psmszw.exe Description=Detected by Trend Micro as the KOLABC.CC WORM! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7234 Confirmed=X Filename=syadpo.exe Description=Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7235 Confirmed=X Filename=systemi.exe Description=Detected by McAfee as the PUSHBOT.A WORM! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7236 Confirmed=X Filename=thvfyq.exe Description=Detected by Kaspersky as the RBOT.AEA BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Update Machine] Number=7237 Confirmed=X Filename=ubthec.exe Description=Detected by Kaspersky as the AGENT.AWZ TROJAN! See here Source=Paul Collins Startup list [Microsoft Update Manager] Number=7238 Confirmed=X Filename=WINRLS.EXE Description=Added by the RBOT-AF WORM! Source=Paul Collins Startup list [Microsoft Update Manager] Number=7239 Confirmed=X Filename=svshost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Manager] Number=7240 Confirmed=X Filename=scvhost.exe Description=Added by the AGOBOT.AXJ WORM! Source=Paul Collins Startup list [Microsoft Update Manager] Number=7241 Confirmed=X Filename=scvideo.exe Description=Added by the SDBOT-CVP TROJAN! Source=Paul Collins Startup list [Microsoft Update Mechene] Number=7242 Confirmed=X Filename=Updatez.exe Description=Added by the RBOT-GI WORM! Source=Paul Collins Startup list [Microsoft Update Module] Number=7243 Confirmed=X Filename=rundll24.exe Description=Added by the RBOT-PS WORM! Source=Paul Collins Startup list [Microsoft Update Process] Number=7244 Confirmed=X Filename=wmipcvse.exe Description=Added by the AGOBOT-JF TROJAN! Source=Paul Collins Startup list [Microsoft Update Security Patch] Number=7245 Confirmed=X Filename=mssecurityupdatepatch.exe Description=Added by the AGENT.EF TROJAN! Source=Paul Collins Startup list [Microsoft Update Server] Number=7246 Confirmed=X Filename=mssrv.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Update Service] Number=7247 Confirmed=X Filename=csrss32.exe Description=Added by the AGOBOT-HC WORM! Source=Paul Collins Startup list [Microsoft Update Service] Number=7248 Confirmed=X Filename=mswin32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft update service] Number=7249 Confirmed=X Filename=systemm.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Update SERVICE] Number=7250 Confirmed=X Filename=phqghum.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Service] Number=7251 Confirmed=X Filename=msupdate.pif Description=Added by the RBOT-AQB WORM! Source=Paul Collins Startup list [Microsoft Update Services] Number=7252 Confirmed=X Filename=wcsnfty.exe Description=Added by the RBOT-AGK WORM! Source=Paul Collins Startup list [Microsoft Update Services] Number=7253 Confirmed=X Filename=wsnfty.exe Description=Added by the RBOT-AFU WORM! Source=Paul Collins Startup list [Microsoft Update Time] Number=7254 Confirmed=X Filename=wuam.exe Description=Added by the RBOT-M WORM! Source=Paul Collins Startup list [Microsoft Update USB2] Number=7255 Confirmed=X Filename=wuammgrd32.exe Description=Added by the RBOT-ADT WORM! Source=Paul Collins Startup list [Microsoft Update v2.6] Number=7256 Confirmed=X Filename=lxxex.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Update Win32a] Number=7257 Confirmed=X Filename=winupdate32a.exe Description=Added by the RBOT-LO WORM! Source=Paul Collins Startup list [Microsoft Update Win32x] Number=7258 Confirmed=X Filename=winupdate32x.exe Description=Added by the RBOT-AJN WORM! Source=Paul Collins Startup list [Microsoft Updater] Number=7259 Confirmed=X Filename=Winsys32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updater] Number=7260 Confirmed=X Filename=msconsole.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Updater] Number=7261 Confirmed=X Filename=svhost.exe Description=Detected by Kaspersky as the AGENT.CDF TROJAN! See here Source=Paul Collins Startup list [Microsoft Updater] Number=7262 Confirmed=X Filename=vbcjlg.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Updater] Number=7263 Confirmed=X Filename=wuamgrds.exe Description=Added by the RBOT.A WORM! Source=Paul Collins Startup list [Microsoft Updater Resources] Number=7264 Confirmed=X Filename=WinFixd32.exe Description=Added by the SPYBOT.CA WORM! Source=Paul Collins Startup list [Microsoft UPDATER32] Number=7265 Confirmed=X Filename=lsass.exe Description=Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Updaters] Number=7266 Confirmed=X Filename=tskmgr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updaters] Number=7267 Confirmed=X Filename=sysconfigs.exe Description=Added by the RBOT-DF TROJAN! Source=Paul Collins Startup list [Microsoft Updaters Pros] Number=7268 Confirmed=X Filename=WINDLL32XP.EXE Description=Added by the SPYBOTTER.GEN VIRUS! Source=Paul Collins Startup list [Microsoft Updates] Number=7269 Confirmed=X Filename=systemc32.exe Description=Added by the RBOT-GR WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7270 Confirmed=X Filename=wkssvr.exe Description=Added by the RBOT.R WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7271 Confirmed=X Filename=wkssvrs.exe Description=Added by the RBOT-EB WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7272 Confirmed=X Filename=wuamgrd.exe Description=Added by the RBOT-CO WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7273 Confirmed=X Filename=wtemp32.exe Description=Added by the RBOT-AHQ WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7274 Confirmed=X Filename=svehost.exe Description=Added by the RBOT-GRW WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7275 Confirmed=X Filename=svshost.exe Description=Added by the AGOBOT-AIW WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7276 Confirmed=X Filename=svdhost.exe Description=Added by the RBOT-GVH WORM! Source=Paul Collins Startup list [Microsoft Updates] Number=7277 Confirmed=X Filename=service.exe Description=Detected by Kaspersky as the POISON.HPT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Updates 2 USB] Number=7278 Confirmed=X Filename=wgafixer.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updates 5 USB] Number=7279 Confirmed=X Filename=sp3fixer.exe Description=Added by the RBOT-ADS WORM! Source=Paul Collins Startup list [Microsoft Updates Resources] Number=7280 Confirmed=X Filename=WinFixIDs.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updating] Number=7281 Confirmed=X Filename=navguard.exe Description=Added by the RBOT.HW WORM! Source=Paul Collins Startup list [Microsoft Updating] Number=7282 Confirmed=X Filename=syswr.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updating] Number=7283 Confirmed=X Filename=wuamguards.exe Description=Added by the RBOT-BY WORM! Source=Paul Collins Startup list [Microsoft Updating Client] Number=7284 Confirmed=X Filename=websvc.exe Description=Added by the RBOT.AQ WORM! Source=Paul Collins Startup list [Microsoft Updating Machine] Number=7285 Confirmed=X Filename=sysc0de.exe Description=Added by the RBOT.RB WORM! Source=Paul Collins Startup list [Microsoft Updatting] Number=7286 Confirmed=X Filename=miroupdate.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Updote] Number=7287 Confirmed=X Filename=[random filename] Description=Added by the RBOT-ARC WORM! Source=Paul Collins Startup list [Microsoft UpMachine] Number=7288 Confirmed=X Filename=doezs.exe Description=Added by the RBOT.BCT WORM! Source=Paul Collins Startup list [Microsoft upnp Update] Number=7289 Confirmed=X Filename=msie.exe Description=Added by the RBOT-LQ WORM! Source=Paul Collins Startup list [Microsoft uptime Service] Number=7290 Confirmed=X Filename=sysuptime.exe Description=Added by the RBOT-ACG WORM! Source=Paul Collins Startup list [Microsoft uptime Service] Number=7291 Confirmed=X Filename=sycuptime.exe Description=Added by the RBOT-AHY WORM! Source=Paul Collins Startup list [Microsoft UpToDate Driver (32-bits)] Number=7292 Confirmed=X Filename=[random filename].exe Description=Added by the SPYBOT.LXJ WORM! Source=Paul Collins Startup list [Microsoft Urlmon] Number=7293 Confirmed=X Filename=urlmon.exe Description=Added by the AGENT-GOO TROJAN! Source=Paul Collins Startup list [Microsoft USB2 Driver] Number=7294 Confirmed=X Filename=crmss.exe Description=Added by the RBOT-VK WORM! Source=Paul Collins Startup list [Microsoft usnsvc Service] Number=7295 Confirmed=X Filename=usnsvc.exe Description=Added by a variant of the KOBOT-C WORM! Source=Paul Collins Startup list [Microsoft Utility Startup] Number=7296 Confirmed=N Filename=OSA9.exe Description=Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show Source=Paul Collins Startup list [Microsoft Values] Number=7297 Confirmed=X Filename=igfkishc.exe Description=Added by the RBOT-GLO WORM! Source=Paul Collins Startup list [Microsoft Vertupdate] Number=7298 Confirmed=X Filename=MSvert32.exe Description=Added by the MYTOB-CY WORM! Source=Paul Collins Startup list [Microsoft Video Capture Controls] Number=7299 Confirmed=X Filename=MSsrvs32.exe Description=Added by the SDBOT-AAK WORM! Source=Paul Collins Startup list [Microsoft Video Controls] Number=7300 Confirmed=X Filename=tskmsgr.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Viewer Monitor Manager] Number=7301 Confirmed=X Filename=viewmon.exe Description=Detected by Trend Micro as the XPAK.A TROJAN! See here Source=Paul Collins Startup list [Microsoft Virtual Service Manager] Number=7302 Confirmed=X Filename=vservice32.exe Description=Detected by Trend Micro as the MSNWORM.T WORM! See here Source=Paul Collins Startup list [Microsoft Virual Machine] Number=7303 Confirmed=X Filename=sms.exe Description=Added by the RBOT-SP WORM! Source=Paul Collins Startup list [Microsoft Vista Upgrade Validation Service] Number=7304 Confirmed=X Filename=cfmon.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [Microsoft Visual Application] Number=7305 Confirmed=X Filename=vpcrtf.exe Description=Added by the IRCBOT-XJ TROJAN! Source=Paul Collins Startup list [Microsoft Visual SourceSafe] Number=7306 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Visual SourceSafe] Number=7307 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [MicroSoft Visual SP2] Number=7308 Confirmed=X Filename=igfxsrvc32.exe Description=Detected by Trend Micro as the SDBOT.GAV WORM! See here Source=Paul Collins Startup list [Microsoft Visual Studio] Number=7309 Confirmed=X Filename=plscdksxg.exe Description=Added by the RBOT-AWV WORM! Source=Paul Collins Startup list [Microsoft Visual Studio VSA] Number=7310 Confirmed=X Filename=varpc32.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Web CP Manager] Number=7311 Confirmed=X Filename=webcp32.exe Description=Added by a variant of the SDBOT WORM! See here Source=Paul Collins Startup list [Microsoft Web Device] Number=7312 Confirmed=X Filename=wdevice.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft web update] Number=7313 Confirmed=X Filename=webmsn.exe Description=Added by the RBOT-EMQ WORM! Source=Paul Collins Startup list [Microsoft Webserver] Number=7314 Confirmed=U Filename=svctrl.exe Description=Personal web server program which enables you to create and host a web server from your computer. Not required for most people Source=Paul Collins Startup list [Microsoft Win Corp TLS Verification] Number=7315 Confirmed=X Filename=mswintls.exe Description=Added by the RBOT-GCT WORM! Source=Paul Collins Startup list [Microsoft WIN32 DOS] Number=7316 Confirmed=X Filename=MSdos32.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft WIN32 Security] Number=7317 Confirmed=X Filename=MSsec32.exe Description=Added by the RBOT-DOQ TROJAN! Source=Paul Collins Startup list [MicroSoft Wind0ws Updater] Number=7318 Confirmed=X Filename=winsupdater.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows] Number=7319 Confirmed=X Filename=mstask0.exe Description=Added by the SDBOT.FQ WORM! Source=Paul Collins Startup list [Microsoft Windows] Number=7320 Confirmed=X Filename=atup Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows] Number=7321 Confirmed=X Filename=Microsoft Windows.hta Description=HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! Source=Paul Collins Startup list [Microsoft Windows] Number=7322 Confirmed=X Filename=explorar.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows] Number=7323 Confirmed=X Filename=[path to file] Description=Added by the LI TROJAN! Source=Paul Collins Startup list [Microsoft Windows] Number=7324 Confirmed=X Filename=bootini.exe Description=Added by the VANEBOT-K WORM! Source=Paul Collins Startup list [Microsoft Windows] Number=7325 Confirmed=X Filename=Kernel.exe Description=Added by the EDIBARA-A VIRUS! Source=Paul Collins Startup list [Microsoft Windows] Number=7326 Confirmed=X Filename=Kernel.vbs Description=Added by the EDIBARA-A VIRUS! Source=Paul Collins Startup list [Microsoft Windows] Number=7327 Confirmed=X Filename=pwjbvphi.exe Description=Added by the RBOT-GQK WORM! Source=Paul Collins Startup list [Microsoft Windows (D)] Number=7328 Confirmed=X Filename=iexplore.exe Description=Identified as a variant of the TrojanSpy.Agent malware Source=Paul Collins Startup list [Microsoft Windows 128bit Subsystem] Number=7329 Confirmed=X Filename=system12.exe Description=Added by the RANCK-CZ TROJAN! Source=Paul Collins Startup list [Microsoft Windows 16Bit] Number=7330 Confirmed=X Filename=mswinn16.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Microsoft Windows 2000] Number=7331 Confirmed=X Filename=Winupdsdgm.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Microsoft Windows 32 Update] Number=7332 Confirmed=X Filename=win32update.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Windows 32Bit] Number=7333 Confirmed=X Filename=mswinn32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows 64 Bit] Number=7334 Confirmed=X Filename=mswin32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Adapter 5.1.3214] Number=7335 Confirmed=X Filename=[worm filename].exe Description=Detected by Trend Micro as the STRAT.GEN-3 WORM! See here Source=Paul Collins Startup list [Microsoft Windows Client Firewall] Number=7336 Confirmed=X Filename=msclt.exe Description=Added by the VANEBOT-F WORM! Source=Paul Collins Startup list [Microsoft Windows Communicator for NT/XP] Number=7337 Confirmed=X Filename=wincomm.exe Description=Added by the RBOT.ATH WORM! Source=Paul Collins Startup list [Microsoft Windows Config 32] Number=7338 Confirmed=X Filename=win32conf.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Control] Number=7339 Confirmed=X Filename=mswctl32.exe Description=Added by the RBOT.JP WORM! Source=Paul Collins Startup list [Microsoft Windows CSRSS] Number=7340 Confirmed=X Filename=csrss.exe Description=Added by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Microsoft Windows DHCP] Number=7341 Confirmed=X Filename=___r.exe Description=Added by the MASLAN.A or MASLAN.C WORMS! Source=Paul Collins Startup list [Microsoft Windows DLL 32-BIT] Number=7342 Confirmed=X Filename=msncheck32.exe Description=Added by the SDBOT-XX WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services] Number=7343 Confirmed=X Filename=mwindll.exe Description=Added by the SDBOT-VX WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7344 Confirmed=X Filename=newdll.exe Description=Added by the SDBOT-ZR WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7345 Confirmed=X Filename=newdll2.exe Description=Added by the SDBOT-ABD WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7346 Confirmed=X Filename=poker.exe Description=Added by the SDBOT-ZY WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7347 Confirmed=X Filename=poker3.exe Description=Added by the SDBOT-AAH WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7348 Confirmed=X Filename=proxy.exe Description=Added by the SDBOT-ZL WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7349 Confirmed=X Filename=windir32.exe Description=Added by the SDBOT.BHF WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7350 Confirmed=X Filename=windir32a.exe Description=Added by a variant of the SDBOT.BHF WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7351 Confirmed=X Filename=windll32.exe Description=Added by the SDBOT.BHD WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7352 Confirmed=X Filename=winDSL.exe Description=Added by the SDBOT-ZG WORM! Source=Paul Collins Startup list [Microsoft Windows DLL Services Configuration] Number=7353 Confirmed=X Filename=dllmanager32.exe Description=Added by the SDBOT-BTU WORM! Source=Paul Collins Startup list [Microsoft Windows DLLHandler] Number=7354 Confirmed=X Filename=bitpaint.exe Description=Added by the SDBOT.AHG WORM! Source=Paul Collins Startup list [Microsoft Windows Drivers] Number=7355 Confirmed=X Filename=windrv.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows DVR] Number=7356 Confirmed=X Filename=windvr.exe Description=Added by the RBOT-AXD WORM! Source=Paul Collins Startup list [Microsoft Windows Expl0rer] Number=7357 Confirmed=X Filename=expl0rer.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Windows Explorer] Number=7358 Confirmed=X Filename=iexplorer.exe Description=Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) Source=Paul Collins Startup list [Microsoft Windows Explorer] Number=7359 Confirmed=X Filename=explorewin.exe Description=Added by the IRCBOT.WORM.212480.H WORM! Source=Paul Collins Startup list [Microsoft Windows Express] Number=7360 Confirmed=X Filename=Microsoft Update Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Windows Express] Number=7361 Confirmed=X Filename=websploit.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Windows Express] Number=7362 Confirmed=X Filename=windowslogonb.exe Description=Detected by PCTools as the SDBOT.ABOO WORM! See here Source=Paul Collins Startup list [Microsoft Windows Files Loader] Number=7363 Confirmed=X Filename=cgy32win.exe Description=Added by the RBOT-AXR WORM! Source=Paul Collins Startup list [Microsoft Windows Game Updater] Number=7364 Confirmed=X Filename=msgame32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows GUI] Number=7365 Confirmed=X Filename=Windowz.exe Description=Added by the RANDEX.AEV WORM! Source=Paul Collins Startup list [Microsoft Windows GUI] Number=7366 Confirmed=X Filename=msmonk32.exe Description=Added by the SDBOT-PE WORM! Source=Paul Collins Startup list [Microsoft Windows Kernel Services] Number=7367 Confirmed=X Filename=winkrnl386.exe Description=Added by the ZEBROXY TROJAN! Source=Paul Collins Startup list [Microsoft Windows Loader] Number=7368 Confirmed=X Filename=wloader.exe Description=Added by a variant of the AGOBOT/GAOBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Logon Process] Number=7369 Confirmed=X Filename=winlogon.exe Description=Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft Windows Media Player] Number=7370 Confirmed=X Filename=mediaplayer.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Media Player] Number=7371 Confirmed=X Filename=wimp.exe Description=Added by the RBOT-FN WORM! Source=Paul Collins Startup list [Microsoft Windows Registry Service] Number=7372 Confirmed=X Filename=wregistry.exe Description=Added by the AGOBOT.AKG WORM! Source=Paul Collins Startup list [Microsoft Windows Secure] Number=7373 Confirmed=X Filename=windocs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Secure] Number=7374 Confirmed=X Filename=windocs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Secure Server] Number=7375 Confirmed=X Filename=rpcxWindows.exe Description=Added by the RBOT-LL WORM! Source=Paul Collins Startup list [Microsoft Windows Secure Update] Number=7376 Confirmed=X Filename=rpcxwinupdt.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Microsoft Windows Securety] Number=7377 Confirmed=X Filename=wurguar.exe Description=Added by the RBOT-KY WORM! Source=Paul Collins Startup list [Microsoft Windows Security] Number=7378 Confirmed=X Filename=spvsper.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Security] Number=7379 Confirmed=X Filename=wscndrives.exe Description=Added by the RBOT-AJK WORM! Source=Paul Collins Startup list [Microsoft Windows Service] Number=7380 Confirmed=X Filename=winsys.exe Description=Added by the RBOT-ADP WORM! Source=Paul Collins Startup list [Microsoft Windows Service Pack] Number=7381 Confirmed=X Filename=winspkn.exe Description=Added by the RBOT-AYD WORM! Source=Paul Collins Startup list [Microsoft Windows Services] Number=7382 Confirmed=X Filename=msw32.exe Description=Added by the RBOT-FWQ WORM! Source=Paul Collins Startup list [Microsoft Windows Services Edt] Number=7383 Confirmed=X Filename=ssvvcchhoosst.exe Description=Added by the RBOT-FYF TROJAN! Source=Paul Collins Startup list [Microsoft Windows Services Edt] Number=7384 Confirmed=X Filename=dllrun32.exe Description=Added by the RBOT-GAF WORM! Source=Paul Collins Startup list [Microsoft Windows Session Manager Subsystem] Number=7385 Confirmed=X Filename=smss.exe Description=Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Microsoft Windows Socketx32 Services] Number=7386 Confirmed=X Filename=winsockx32.exe Description=Added by the RBOT-FWT WORM! Source=Paul Collins Startup list [Microsoft Windows Sound] Number=7387 Confirmed=X Filename=svghost.exe Description=Added by a variant of the SPYBOT WORM! See here Source=Paul Collins Startup list [Microsoft Windows Sound] Number=7388 Confirmed=X Filename=svshost.exe Description=Detected by Kaspersky as the RBOT.ME BACKDOOR! See here Source=Paul Collins Startup list [Microsoft Windows Sound] Number=7389 Confirmed=X Filename=svuhost.exe Description=Detected by PCTools as the KOLAB.XC WORM! See here Source=Paul Collins Startup list [Microsoft Windows Storage Machine Service] Number=7390 Confirmed=X Filename=winms.exe Description=Added by the RBOT-AHK WORM! Source=Paul Collins Startup list [Microsoft Windows System] Number=7391 Confirmed=X Filename=srwhost.exe Description=Added by a variant of the RBOT-ASW WORM! Source=Paul Collins Startup list [Microsoft Windows System] Number=7392 Confirmed=X Filename=syshost.exe Description=Added by the RBOT-ASW WORM! Source=Paul Collins Startup list [Microsoft Windows System Kernel] Number=7393 Confirmed=X Filename=kernel32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Windows System Service Manager] Number=7394 Confirmed=X Filename=winsvc.exe Description=Added by the SPYBOT.LR WORM! Source=Paul Collins Startup list [Microsoft Windows Task Management] Number=7395 Confirmed=X Filename=mstasks.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Task Manger] Number=7396 Confirmed=X Filename=Mstosk.exe Description=Added by the SDBOT-WW WORM! Source=Paul Collins Startup list [Microsoft Windows Tasks Management] Number=7397 Confirmed=X Filename=taskmng.exe Description=Added by the RBOT-FXK WORM! Source=Paul Collins Startup list [Microsoft Windows Updata] Number=7398 Confirmed=X Filename=scvhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Updata] Number=7399 Confirmed=X Filename=windows.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7400 Confirmed=X Filename=rundlls.exe Description=Added by the HABRACK WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7401 Confirmed=X Filename=msoffice2.exe Description=Added by the RBOT-GB WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7402 Confirmed=X Filename=spools.exe Description=Added by the SDBOT.TD WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7403 Confirmed=X Filename=svchos.exe Description=Added by the SDBOT.AC WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7404 Confirmed=X Filename=svcshost.exe Description=Added by the FORBOT-CF WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7405 Confirmed=X Filename=svmhost.exe Description=Added by the FORBOT-CH WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7406 Confirmed=X Filename=svshost.exe Description=Added by the WOOTBOT.CJ WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7407 Confirmed=X Filename=msnmessenger.exe Description=Added by the SDBOT.AJ WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7408 Confirmed=X Filename=msnwun.exe Description=Added by the SDBOT-RM WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7409 Confirmed=X Filename=scvvhost.exe Description=Added by the FORBOT-DH WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7410 Confirmed=X Filename=swwhost.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7411 Confirmed=X Filename=MSNMSGR.EXE Description=Added by the SDBOT-WM WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7412 Confirmed=X Filename=svzhost.exe Description=Added by the FORBOT-EV WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7413 Confirmed=X Filename=sccvhost.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7414 Confirmed=X Filename=scrhost.exe Description=Added by the RBOT-AOW WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7415 Confirmed=X Filename=mnswinsx.exe Description=Added by the RBOT-AWH WORM! Source=Paul Collins Startup list [MICROSOFT Windows update] Number=7416 Confirmed=X Filename=pdate.exe Description=Added by the RBOT.BZT WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7417 Confirmed=X Filename=srshost.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7418 Confirmed=X Filename=rhost32.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Microsoft Windows Update] Number=7419 Confirmed=X Filename=windowsupdate.exe Description=Added by the AGOBOT.ON WORM! Source=Paul Collins Startup list [Microsoft Windows Update Application] Number=7420 Confirmed=X Filename=wuap.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update Client] Number=7421 Confirmed=X Filename=csrss.exe Description=Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32 Source=Paul Collins Startup list [Microsoft Windows Update Logon] Number=7422 Confirmed=X Filename=win-logon.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Microsoft Windows Update Service] Number=7423 Confirmed=X Filen