[]
Number=1
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotku.html" target="_blank">AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=2
Confirmed=X
Filename=pathex.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmkmoosea.html" target="_blank">MKMOOSE-A</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=3
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelfux.html" target="_blank">DELF-UX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=4
Confirmed=X
Filename=MSPF.EXE
Description=Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=5
Confirmed=X
Filename=dllvirtual.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=6
Confirmed=X
Filename=dllvirtual.dll
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=7
Confirmed=X
Filename=dllvirtual.js
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=8
Confirmed=X
Filename=ajsha5.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32spybotnx.html" target="_blank">SPYBOT-NX</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list

[]
Number=9
Confirmed=X
Filename=ne.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotzl.html" target="_blank">IRCBOT-ZL</a> TROJAN!
Source=Paul Collins Startup list

[ SystemBoot]
Number=10
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsoberq.html" target="_blank">SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ WinCheck]
Number=11
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sobers.html" target="_blank">SOBER-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ Windows]
Number=12
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target="_blank">SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ WinStart]
Number=13
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder
Source=Paul Collins Startup list

[ winsystem.sys]
Number=14
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target="_blank">SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder
Source=Paul Collins Startup list

[!1_pgaccount]
Number=15
Confirmed=Y
Filename=pgaccount.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target="_blank">ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Source=Paul Collins Startup list

[!1_ProcessGuard_Startup]
Number=16
Confirmed=Y
Filename=procguard.exe
Description=DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target="_blank">ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
Source=Paul Collins Startup list

[!AVG Anti-Spyware]
Number=17
Confirmed=U
Filename=avgas.exe
Description=Part of <a href="http://www3.grisoft.com/doc/products-avg-anti-spyware/us/crp/0" target="_blank">AVG Anti-Spyware</a> from Grisoft
Source=Paul Collins Startup list

[!ewido]
Number=18
Confirmed=U
Filename=ewido.exe
Description=Part of <a href="http://www.ewido.net/en/" target="_blank">Ewido</a> anti-spyware
Source=Paul Collins Startup list

[!NoLoad]
Number=19
Confirmed=N
Filename=winrecon.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winrecon/" target="_blank">WinRecon</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[$EnterNet]
Number=20
Confirmed=?
Filename=Enternet.exe
Description=Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a>
Source=Paul Collins Startup list

[$sys$cmp]
Number=21
Confirmed=X
Filename=$sys$xp.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111015-0804-99" target="_blank">RYKNOS.B</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list

[$sys$crash]
Number=22
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$crash]
Number=23
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$crash]
Number=24
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$drv]
Number=25
Confirmed=X
Filename=$sys$drv.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111012-2048-99" target="_blank">RYKNOS</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=26
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=27
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$momomomochin]
Number=28
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=29
Confirmed=X
Filename=$sys$sonyTimer.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=30
Confirmed=X
Filename=$sys$sos$sys$.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$sys$umaiyo]
Number=31
Confirmed=X
Filename=$sys$WeLoveMcCOL.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN!
Source=Paul Collins Startup list

[$Volumouse$]
Number=32
Confirmed=U
Filename=volumouse.exe
Description=<a href="http://www.nirsoft.net/utils/volumouse.html" target="_blank">Volumouse</a> from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
Source=Paul Collins Startup list

[$WindowsRegKey%update]
Number=33
Confirmed=X
Filename=IEXPLORE.EXE
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotez.html" target="_blank">RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
Source=Paul Collins Startup list

[%cmpmixtitle%]
Number=34
Confirmed=N
Filename=%cmpmixstr%
Description=<font color="#FF0000">Possibly related to C-Media Mixer Control panel?</font>
Source=Paul Collins Startup list

[%FP%012-L2TP fts.exe]
Number=35
Confirmed=N
Filename=fts.exe
Description=012.Net.il Israeli ISP software front-end
Source=Paul Collins Startup list

[%FP%012-L2TP FWPortal.exe]
Number=36
Confirmed=U
Filename=FWPortal.exe
Description=012.Net.il Israeli ISP dial-up software
Source=Paul Collins Startup list

[%FP%1776 Internet fts.exe]
Number=37
Confirmed=N
Filename=fts.exe
Description=1776 Internet US ISP software ISP software front-end
Source=Paul Collins Startup list

[%FP%1776 Internet FWPortal.exe]
Number=38
Confirmed=U
Filename=FWPortal.exe
Description=1776 Internet US ISP dial-up software
Source=Paul Collins Startup list

[%FP%AIRTEL fts.exe]
Number=39
Confirmed=N
Filename=fts.exe
Description=Bharti <a href="http://www.airtel.in/level2_t12.aspx?path=1/9" target="_blank">Airtel</a> Broadband - Indian ISP software front-end
Source=Paul Collins Startup list

[%FP%Barak013 fts.exe]
Number=40
Confirmed=N
Filename=fts.exe
Description=Barak013 Israeli ISP software front-end
Source=Paul Collins Startup list

[%FP%Barak013 FWPortal.exe]
Number=41
Confirmed=U
Filename=FWPortal.exe
Description=Barak013 Israeli ISP dial-up software
Source=Paul Collins Startup list

[%FP%Friendly fts.exe]
Number=42
Confirmed=N
Filename=fts.exe
Description=Friendly ISP software front-end
Source=Paul Collins Startup list

[&micro;Torrent]
Number=43
Confirmed=U
Filename=utorrent.exe
Description=<a href="http://www.utorrent.com/" target="_blank">&micro;Torrent</a> - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
Source=Paul Collins Startup list

[(*)API Machine]
Number=44
Confirmed=X
Filename=winSOCKS.exe
Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winsocks/" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list

[(*)Run]
Number=45
Confirmed=X
Filename=win32API.exe
Description=Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/win32api/" target="_blank">here</a> (* = any digit)
Source=Paul Collins Startup list

[(default)]
Number=46
Confirmed=X
Filename=[random filename].exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032319-2209-99" target="_blank">BLACKMAL</a> WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
Source=Paul Collins Startup list

[(default)]
Number=47
Confirmed=X
Filename=rundll32.exe [path to DLL file], Do98Work
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022116-5404-99" target="_blank">HESIVE.B</a> TROJAN! Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Source=Paul Collins Startup list

[(Default)]
Number=48
Confirmed=X
Filename=5640.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdownldabf.html" target="_blank">DOWNLD-ABF</a> TROJAN!
Source=Paul Collins Startup list

[(L4r1$$4) (4nt1) (V1ruz)]
Number=49
Confirmed=X
Filename=SP00Lsv32.pif
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target="_blank">ASSIRAL.B</a> WORM!
Source=Paul Collins Startup list

[*Bandook]
Number=50
Confirmed=X
Filename=msdll.exe
Description=Added by an unidentified TROJAN - see <a href="http://www.greatis.com/appdata/d/m/msdll.exe.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[*JanisRuckenbrodII]
Number=51
Confirmed=X
Filename=janis.com
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012114-5256-99" target="_blank">POPS</a> WORM!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=52
Confirmed=X
Filename=ctxma.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=53
Confirmed=X
Filename=cxma.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=54
Confirmed=X
Filename=wstcl.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=55
Confirmed=X
Filename=wucxt.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*Microsoft Update]
Number=56
Confirmed=X
Filename=wuytc.exe
Description=Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN!
Source=Paul Collins Startup list

[*MS Setup]
Number=57
Confirmed=X
Filename=[random filename]
Description=Virtumondo adware, also known as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target="_blank">VUNDO</a> TROJAN!
Source=Paul Collins Startup list

[*MSConfig32]
Number=58
Confirmed=X
Filename=aecache.exe
Description=Detected by F-secure as the OBFUSCATED.GP TROJAN!
Source=Paul Collins Startup list

[*Security Center]
Number=59
Confirmed=X
Filename=secctr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRO" target="_blank">SDBOT.BRO</a> WORM!
Source=Paul Collins Startup list

[*StateMgr]
Number=60
Confirmed=Y
Filename=statemgr.exe
Description=Windows ME default for System Restore. Do NOT disable!
Source=Paul Collins Startup list

[*windows update]
Number=61
Confirmed=X
Filename=wrauclt.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotqu.html" target="_blank">RBOT-QU</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=62
Confirmed=X
Filename=wuanclt.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotpg.html" target="_blank">RBOT-PG</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=63
Confirmed=X
Filename=wuaucrlt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010714-2915-99" target="_blank">SPYBOT.HUR</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=64
Confirmed=X
Filename=wuraclt.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotpo.html" target="_blank">RBOT-PO</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=65
Confirmed=X
Filename=wurauclt.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotsy.html" target="_blank">RBOT-SY</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=66
Confirmed=X
Filename=wsctl.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.PR" target="_blank">SPYBOT.PR</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=67
Confirmed=X
Filename=wkmst.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AVD" target="_blank">SDBOT.AVD</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=68
Confirmed=X
Filename=wscxt.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOS" target="_blank">RBOT.AOS</a> WORM!
Source=Paul Collins Startup list

[*windows update]
Number=69
Confirmed=X
Filename=waurclt.exe
Description=Added by a variant of the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[*Windows [filename] Checker]
Number=70
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32kedebeb.html" target="_blank">KEDEBE-B</a> WORM!
Source=Paul Collins Startup list

[*WindowsAudio]
Number=71
Confirmed=X
Filename=systemupd.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentth.html" target="_blank">AGENT-TH</a> WORM!
Source=Paul Collins Startup list

[*WinLogon]
Number=72
Confirmed=X
Filename=[trojan path] ren time:[random number]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target="_blank">VUNDO</a> TROJAN!
Source=Paul Collins Startup list

[*winstats]
Number=73
Confirmed=X
Filename=winstats.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target="_blank">GARGAFX</a> TROJAN!
Source=Paul Collins Startup list

[*wuauclt.exe]
Number=74
Confirmed=X
Filename=w****.exe [* = random char]
Description=Added by a variant of the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotug.html" target="_blank">RBOT-UG</a> WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
Source=Paul Collins Startup list

[,main drive Loader]
Number=75
Confirmed=X
Filename=wininfo.exe
Description=Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a>
Source=Paul Collins Startup list

[-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+]
Number=76
Confirmed=X
Filename=ISASS.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ASSIRAL.B" target="_blank">ASSIRAL.B</a> WORM!
Source=Paul Collins Startup list

[-FreedomNeedsReboot]
Number=77
Confirmed=Y
Filename=ZkRunOnceR.exe
Description=Internet Security Suite used by ISPs to protect customers against many attacks
Source=Paul Collins Startup list

[..]
Number=78
Confirmed=X
Filename=ABC2007.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrash.html" target="_blank">DLOADR-ASH</a> TROJAN!
Source=Paul Collins Startup list

[.mscdr]
Number=79
Confirmed=X
Filename=lassa.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101212-0903-99" target="_blank">WEBUS.C</a> TROJAN!

Source=Paul Collins Startup list

[.mscdr]
Number=80
Confirmed=X
Filename=lsvchost.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111216-2213-99" target="_blank">WEBUS.D</a> TROJAN!
Source=Paul Collins Startup list

[.mscdsr]
Number=81
Confirmed=X
Filename=lsvchost.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdoorcr.html" target="_blank">CR</a> TROJAN!
Source=Paul Collins Startup list

[.mscsbl]
Number=82
Confirmed=X
Filename=svhost.exe
Description=Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_130850.htm" target="_blank">CMQ</a> TROJAN!
Source=Paul Collins Startup list

[.msfupdate]
Number=83
Confirmed=X
Filename=msveup.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040411-1529-99" target="_blank">ALLOCUP.A</a> WORM!
Source=Paul Collins Startup list

[.mssecure]
Number=84
Confirmed=X
Filename=mssecure.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DDOS_BOXED.X" target="_blank">DDOS_BOXED.X</a> TROJAN!
Source=Paul Collins Startup list

[.NET config]
Number=85
Confirmed=?
Filename=sysmon32.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[.NET.]
Number=86
Confirmed=X
Filename=msnmgnr.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELF.AYF" target="_blank">DELF.AYF</a> WORM!
Source=Paul Collins Startup list

[.norton]
Number=87
Confirmed=X
Filename=rchost.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojboxedh.html" target="_blank">BOXED-H</a> TROJAN!
Source=Paul Collins Startup list

[.nvsvc]
Number=88
Confirmed=X
Filename=smss.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotfp.html" target="_blank">IRCBOT-FP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should not normally figure in Msconfig/Startup!

Source=Paul Collins Startup list

[.nvsvcb]
Number=89
Confirmed=X
Filename=smssb.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=57167" target="_blank">BOXED.CG</a> TROJAN!
Source=Paul Collins Startup list

[.Prog]
Number=90
Confirmed=X
Filename=services.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.Prog]
Number=91
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.protected]
Number=92
Confirmed=X
Filename=N/A
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant
Source=Paul Collins Startup list

[.svchost]
Number=93
Confirmed=X
Filename=CSRSS.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051709-5609-99" target="_blank">WEBUS.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[.TEXTCONV]
Number=94
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.TEXTCONV]
Number=95
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[.WMAudio]
Number=96
Confirmed=X
Filename=csrss.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[.WMAudio]
Number=97
Confirmed=X
Filename=lsass.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
Source=Paul Collins Startup list

[/l:eng]
Number=98
Confirmed=N
Filename=N/A
Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
Source=Paul Collins Startup list

[000]
Number=99
Confirmed=U
Filename=pit.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061617-2707-99" target="_blank">PrivateEye</a> surveillance software. Uninstall this software unless you put it there yourself
Source=Paul Collins Startup list

[000hpdllhos]
Number=100
Confirmed=X
Filename=hpdllhost.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader
Source=Paul Collins Startup list

[000StTHK]
Number=101
Confirmed=U
Filename=000StTHK.exe
Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
Source=Paul Collins Startup list

[0050726-007-i32-1]
Number=102
Confirmed=X
Filename=0050726-007-i32-1.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancbanec.html" target="_blank">BANCBAN-EC</a> TROJAN!
Source=Paul Collins Startup list

[00DSKSVR00]
Number=103
Confirmed=?
Filename=desksaver.exe
Description=Related to <a href="http://www.softstack.com/deskshield.html" target="_blank">Advanced Desktop Shield</a>
Source=Paul Collins Startup list

[00DSKSVR01]
Number=104
Confirmed=?
Filename=desksaver.exe
Description=Related to <a href="http://www.softstack.com/deskshield.html" target="_blank">Advanced Desktop Shield</a>
Source=Paul Collins Startup list

[00PCTFW]
Number=105
Confirmed=Y
Filename=FirewallGUI.exe
Description=<a href="http://www.pctools.com/firewall/" target="_blank">PC Tools Firewall Plus</a> - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"
Source=Paul Collins Startup list

[00TCrdMain]
Number=106
Confirmed=Y
Filename=TCrdMain.exe
Description=Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
Source=Paul Collins Startup list

[00THotkey]
Number=107
Confirmed=U
Filename=00THotKey.exe
Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
Source=Paul Collins Startup list

[00THotkey]
Number=108
Confirmed=U
Filename=system32THotkey.exe
Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
Source=Paul Collins Startup list

[0190 Warner]
Number=109
Confirmed=U
Filename=WARN0190.EXE
Description=Anti-dialer <a href="http://www.wt-rate.com/" target="_blank">program</a> (Germany)
Source=Paul Collins Startup list

[0900 Warner]
Number=110
Confirmed=U
Filename=WARN0900.EXE
Description=Anti-dialer <a href="http://www.wt-rate.com/" target="_blank">program</a> (Germany)
Source=Paul Collins Startup list

[0mcamcap]
Number=111
Confirmed=X
Filename=0mcamcap.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojcosiamh.html" target="_blank">COSIAM-H</a> TROJAN!

Source=Paul Collins Startup list

[0utlook Express]
Number=112
Confirmed=X
Filename=*****.exe [* = random char]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotcc.html" target="_blank">RBOT-CC</a> WORM! Note the first letter is actually the digit "0" and not a capital "o"
Source=Paul Collins Startup list

[1]
Number=113
Confirmed=X
Filename=1.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041515-1002-99" target="_blank">ESTEEMS</a> TROJAN!
Source=Paul Collins Startup list

[1]
Number=114
Confirmed=X
Filename=lsass.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052411-0618-99" target="_blank">BANCOS.V</a> TROJAN!

Source=Paul Collins Startup list

[1]
Number=115
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052515-4611-99" target="_blank">BANCOS.X</a> TROJAN!
Source=Paul Collins Startup list

[1&1 EasyLogin]
Number=116
Confirmed=N
Filename=EasyLogin.exe
Description=<a href="http://order.1and1.co.uk/xml/order/FeatureEasyLogin" target="_blank">1&1 EasyLogin</a> - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray
Source=Paul Collins Startup list

[1029BB4B-16A9-4E77-AA3D-96930BD68EEC]
Number=117
Confirmed=X
Filename=sysockeu.exe
Description=Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a>
Source=Paul Collins Startup list

[1111swapmgr.exe]
Number=118
Confirmed=X
Filename=1111swapmgr.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdooric.html" target="_blank">IC</a> TROJAN!
Source=Paul Collins Startup list

[123456]
Number=119
Confirmed=X
Filename=rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070209-4033-99" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number
Source=Paul Collins Startup list

[12Ghosts Backup]
Number=120
Confirmed=U
Filename=12backup.exe
Description=<a href="http://12ghosts.com/ghosts/backup.htm" target="_blank">12Ghosts Backup</a> - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
Source=Paul Collins Startup list

[12Ghosts Clip]
Number=121
Confirmed=U
Filename=12clip.exe
Description=<a href="http://12ghosts.com/ghosts/clip.htm" target="_blank">12Ghosts Clip</a> - "Screen shots made easy"
Source=Paul Collins Startup list

[12Ghosts JustAWindow]
Number=122
Confirmed=U
Filename=12window.exe
Description=<a href="http://12ghosts.com/ghosts/window.htm" target="_blank">12Ghosts JustAWindow</a> - "Cover annoying ads, animated gifs, things you don't want to see"
Source=Paul Collins Startup list

[12Ghosts Popup-Killer]
Number=123
Confirmed=U
Filename=12popup.exe
Description=<a href="http://12ghosts.com/ghosts/popup.htm" target="_blank">12Ghosts Popup-Killer</a>
Source=Paul Collins Startup list

[12Ghosts SaveLayout]
Number=124
Confirmed=U
Filename=12autosl.exe
Description=<a href="http://12ghosts.com/ghosts/sl.htm" target="_blank">12Ghosts SaveLayout</a> - "Always (always!) keep the layout of your desktop icons"
Source=Paul Collins Startup list

[12Ghosts SetColor]
Number=125
Confirmed=U
Filename=12color.exe
Description=<a href="http://12ghosts.com/ghosts/setcolor.htm" target="_blank">12Ghosts SetColor</a> - "Change your desktop icon text colors, also to transparent"
Source=Paul Collins Startup list

[12Ghosts ShowTime]
Number=126
Confirmed=U
Filename=12showtime.exe
Description=<a href="http://12ghosts.com/ghosts/showtime.htm" target="_blank">12Ghosts Showtime</a> - "Enhance the clock in your tray with font formatting, colors, date, time zones"
Source=Paul Collins Startup list

[12Ghosts Synchronize]
Number=127
Confirmed=U
Filename=12sync.exe
Description=<a href="http://12ghosts.com/ghosts/sync.htm" target="_blank">12Ghosts Synchronize</a> - "Sync PC clock with an atomic clock over the Internet"
Source=Paul Collins Startup list

[12Ghosts Tower]
Number=128
Confirmed=U
Filename=12tower.exe
Description=<a href="http://12ghosts.com/support/basics.htm#tower" target="_blank">12Ghosts Tower</a> - "Quickly access and manage all Ghosts (included in all packages)"
Source=Paul Collins Startup list

[12Ghosts TrayProtect]
Number=129
Confirmed=U
Filename=12srvc.exe
Description=<a href="http://12ghosts.com/ghosts/tray.htm" target="_blank">12Ghosts TrayProtect</a> - "Hide tray icons, restore after a crash"
Source=Paul Collins Startup list

[12Ghosts Wash]
Number=130
Confirmed=U
Filename=12wash.exe
Description=<a href="http://12ghosts.com/ghosts/wash.htm" target="_blank">12Ghosts Wash</a> - "Protect your privacy, clear browser history, delete and overwrite cache files"
Source=Paul Collins Startup list

[17779Proj2002]
Number=131
Confirmed=?
Filename=N/A
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[180adsolution]
Number=132
Confirmed=X
Filename=180adsolution.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[180ax]
Number=133
Confirmed=X
Filename=180ax.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=134
Confirmed=X
Filename=stubinstaller****.exe [* = digit]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=135
Confirmed=X
Filename=[path to trojan]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[180ClientStubInstall]
Number=136
Confirmed=X
Filename=******.tmp [* = random digit/char]
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related
Source=Paul Collins Startup list

[1916435341.exe]
Number=137
Confirmed=X
Filename=1916435341.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadraxu.html" target="_blank">DLOADR-AXU</a> TROJAN!
Source=Paul Collins Startup list

[196_150_ni]
Number=138
Confirmed=X
Filename=196_150_ni.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
Source=Paul Collins Startup list

[197_150_ni_3]
Number=139
Confirmed=X
Filename=197_150_ni_3.exe
Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a>
Source=Paul Collins Startup list

[1:]
Number=140
Confirmed=N
Filename=hpdrv.exe
Description=HP utility for monitoring when and how many recoveries have been done
Source=Paul Collins Startup list

[1A:MacVisionTrayMonitor]
Number=141
Confirmed=N
Filename=TrayMonitor.exe
Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Source=Paul Collins Startup list

[1A:Stardock MCP]
Number=142
Confirmed=Y
Filename=mcpserver.exe
Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Source=Paul Collins Startup list

[1A:Stardock TrayMonitor]
Number=143
Confirmed=Y
Filename=TrayServer.exe
Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
Source=Paul Collins Startup list

[1CmailS]
Number=144
Confirmed=?
Filename=NETMAIL.EXE
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[1on1]
Number=145
Confirmed=X
Filename=1on1.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[1Srv32]
Number=146
Confirmed=U
Filename=SpyAgent4.exe
Description=SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. &quot;Spy software that allows you to monitor EVERYTHING users do on your PC.&quot;
Source=Paul Collins Startup list

[1u7]
Number=147
Confirmed=X
Filename=1u7.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmurbaca.html" target="_blank">MURBAC-A</a> TROJAN!
Source=Paul Collins Startup list

[1Win32Cfg]
Number=148
Confirmed=U
Filename=SpyBuddy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99" target="_blank">SpyBuddy</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[1Win32Cfg]
Number=149
Confirmed=U
Filename=Keyloggerpro.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120711-4013-99" target="_blank">Keyloggerpro</a> keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[1WinCfg32]
Number=150
Confirmed=X
Filename=WebMailSpy.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062918-0745-99" target="_blank">WebMailSpy</a> spyware
Source=Paul Collins Startup list

[2020Downloader]
Number=151
Confirmed=X
Filename=mssvr.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=2020Search&threatid=13811" target="_blank">2020Search</a> Toolbar
Source=Paul Collins Startup list

[2177F056-0AA6-4D6C-A944-13F71F341C29]
Number=152
Confirmed=X
Filename=sysokuaw.exe
Description=Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a>
Source=Paul Collins Startup list

[24Online Client]
Number=153
Confirmed=U
Filename=CyberoamClient.exe
Description=Related to <a href="http://www.elitecore.com/" target="_blank">Cyberroam</a> from Elitecore Technologies Ltd
Source=Paul Collins Startup list

[252]
Number=154
Confirmed=X
Filename=winmgr.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlegmirat.html" target="_blank">LEGMIR-AT</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=155
Confirmed=X
Filename=slsorve.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorvea.html" target="_blank">SLSORVE-A</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=156
Confirmed=X
Filename=csrss32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorved.html" target="_blank">SLSORVE-D</a> TROJAN!
Source=Paul Collins Startup list

[27]
Number=157
Confirmed=X
Filename=msm32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorvee.html" target="_blank">SLSORVE-E</a> TROJAN!
Source=Paul Collins Startup list

[2Search]
Number=158
Confirmed=X
Filename=main.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080302-3232-99" target="_blank">2Search</a> adware
Source=Paul Collins Startup list

[2thousandbuck]
Number=159
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110410-0039-99" target="_blank">RANKY.L</a> TROJAN!
Source=Paul Collins Startup list

[2wSysTray]
Number=160
Confirmed=U
Filename=2portalmon.exe
Description=<a target="_blank" href="http://www.2wire.com/">2Wire</a> Homeportal user interface
Source=Paul Collins Startup list

[32-bit Thunking service]
Number=161
Confirmed=X
Filename=thunk32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021712-1032-99" target="_blank">DERDERO.A</a> WORM!
Source=Paul Collins Startup list

[333]
Number=162
Confirmed=X
Filename=svchost.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojjda.html" target="_blank">JD-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
Source=Paul Collins Startup list

[388529725448]
Number=163
Confirmed=X
Filename=AutomaticUpdates.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotden.html" target="_blank">SDBOT-DEN</a> WORM!
Source=Paul Collins Startup list

[39ELTFH25Z8SKF]
Number=164
Confirmed=?
Filename=Ezg1q5.exe
Description=<font color="#FF0000">Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ?</font>
Source=Paul Collins Startup list

[3c1807pd]
Number=165
Confirmed=Y
Filename=3cmlink.exe 3cpipe-3c1807pd
Description=3Com WinModem driver. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[3capplnk]
Number=166
Confirmed=Y
Filename=3capplnk.exe
Description=US Robotics Modem driver
Source=Paul Collins Startup list

[3cdminic]
Number=167
Confirmed=N
Filename=3CDMINIC.EXE
Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
Source=Paul Collins Startup list

[3CM Link]
Number=168
Confirmed=Y
Filename=3cmcnkw.exe
Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it
Source=Paul Collins Startup list

[3Cmlink]
Number=169
Confirmed=Y
Filename=3CmlinkW.exe
Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information
Source=Paul Collins Startup list

[3ComDMIAgent]
Number=170
Confirmed=N
Filename=3CDMINIC.EXE
Description=3Com DMI (DynamicAccess <u>D</u>esktop <u>M</u>anagement <u>I</u>nterface) Agent associated with 3Com network cards
Source=Paul Collins Startup list

[3cpipe-USRpdA]
Number=171
Confirmed=Y
Filename=USRmlnkA.exe
Description=Modem driver files from US Robotics
Source=Paul Collins Startup list

[3D Text]
Number=172
Confirmed=X
Filename=3D Text.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-2855-99" target="_blank"> JERMY.A</a> WORM!
Source=Paul Collins Startup list

[3Deep Control Panel]
Number=173
Confirmed=U
Filename=3DeepCTL.EXE
Description=Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games
Source=Paul Collins Startup list

[3Dfx Acc]
Number=174
Confirmed=X
Filename=GFXACC.EXE
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM!

Source=Paul Collins Startup list

[3dfx Task Manager]
Number=175
Confirmed=N
Filename=3dfxMan.exe
Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[3dfx Tools]
Number=176
Confirmed=Y
Filename=3dfxCmn.dll
Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Source=Paul Collins Startup list

[3dfxv2ps.dll]
Number=177
Confirmed=Y
Filename=3dfxv2ps.dll
Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
Source=Paul Collins Startup list

[3Dlabs Taskbar Display Manager]
Number=178
Confirmed=?
Filename=3DLman.exe
Description=3DLabs graphics driver related. <font color="#FF0000"> System Tray access to display settings?</font>
Source=Paul Collins Startup list

[3DLabsHelperDemon]
Number=179
Confirmed=U
Filename=3dldemon.exe
Description=Directly from the programs author &quot;It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive.&quot; In most cases it can be safely disabled
Source=Paul Collins Startup list

[3DMouse.EXE]
Number=180
Confirmed=Y
Filename=3DMouse.EXE
Description=Dritek System Inc. 3D Mouse driver
Source=Paul Collins Startup list

[3d_sound]
Number=181
Confirmed=X
Filename=3d_sound.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojriadosa.html" target="_blank">RIADOS-A</a> TROJAN!
Source=Paul Collins Startup list

[3qdctl.exe]
Number=182
Confirmed=U
Filename=3qdctl.exe
Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Source=Paul Collins Startup list

[3ware 3DM]
Number=183
Confirmed=Y
Filename=3dm.exe
Description=Monitors status of the disk array on 3ware IDE RAID controllers
Source=Paul Collins Startup list

[456655]
Number=184
Confirmed=X
Filename=explorer.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbifrosede.html" target="_blank">BIFROSE-DE</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
Source=Paul Collins Startup list

[4684735485910]
Number=185
Confirmed=X
Filename=netdll32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdev.html" target="_blank">SDBOT-DEV</a> WORM!
Source=Paul Collins Startup list

[4da92ad5.exe]
Number=186
Confirmed=X
Filename=4da92ad5.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrwz.html" target="_blank">DLOADR-WZ</a> TROJAN!
Source=Paul Collins Startup list

[4oD]
Number=187
Confirmed=U
Filename=KHost.exe
Description=Verisign <a href="http://www.verisign.com/products-services/content-messaging/broadband-delivery/kontiki-delivery-management/index.html" target="_blank">Kontiki Delivery Management System</a> - Windows-based client software that enables secure delivery of content to users' desktops
Source=Paul Collins Startup list

[4wd!!!]
Number=188
Confirmed=X
Filename=Natal!.pif
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM!
Source=Paul Collins Startup list

[5-1-61-96]
Number=189
Confirmed=X
Filename=members-area.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[5-2-46-112]
Number=190
Confirmed=X
Filename=5-2-46-112.exe
Description=Adult content pop-up dialler. Removal instructions <a href="http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/eb788b5ae71219be/b143744d5a592352?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&rnum=9&prev=/groups%3Fq%3D5-2-46-112.exe%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF8%26safe%3Doff%26selm%3D1e10cd61.0203201743.78f51cfa%40posting.google.com%26rnum%3D9#b143744d5a592352" target="_blank">here</a>
Source=Paul Collins Startup list

[55278]
Number=191
Confirmed=X
Filename=grepclient1.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlineages.html" target="_blank">LINEAGE-S</a> TROJAN!
Source=Paul Collins Startup list

[5p4m]
Number=192
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlitebotc.html" target="_blank">LITEBOT-C</a> TROJAN!
Source=Paul Collins Startup list

[5whgue21]
Number=193
Confirmed=X
Filename=5whgue21.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target="_blank">ClearSearch</a> adware
Source=Paul Collins Startup list

[666]
Number=194
Confirmed=X
Filename=Ska.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojpipes.html" target="_blank">PIPES</a> TROJAN!
Source=Paul Collins Startup list

[678]
Number=195
Confirmed=X
Filename=lsas32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorveb.html" target="_blank">SLSORVE-B</a> TROJAN!
Source=Paul Collins Startup list

[756349DC-6D9E-4F2A-9B24-269661F073C3]
Number=196
Confirmed=X
Filename=sysoghcx.exe
Description=Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a>
Source=Paul Collins Startup list

[7f8e]
Number=197
Confirmed=X
Filename=z****.exe 9idf
Description=Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder
Source=Paul Collins Startup list

[802.11b+g USB Wireless LAN Utility]
Number=198
Confirmed=U
Filename=ZDWlan.exe
Description=802.11b+g USB Wireless LAN Utility
Source=Paul Collins Startup list

[802.11g Wireless Adatper]
Number=199
Confirmed=U
Filename=Monitor.exe
Description=Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
Source=Paul Collins Startup list

[852EBF20-A95D-4F1F-B9C2-B2CD24350F3E]
Number=200
Confirmed=X
Filename=sysodkcs.exe
Description=Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a>
Source=Paul Collins Startup list

[98D0CE0C16B1]
Number=201
Confirmed=X
Filename=rundll32.exe D0CE0C16B1, D0CE0C16B1
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware. Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Source=Paul Collins Startup list

[9m]
Number=202
Confirmed=X
Filename=winlog0n.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlegmiraqk.html" target="_blank">LEGMIR-AQK</a> TROJAN!
Source=Paul Collins Startup list

[9xadiras]
Number=203
Confirmed=Y
Filename=9xadiras.exe
Description=<a href="http://www.alliedtelesyn.co.uk/en-gb/" target="_blank">Allied Telesyn</a> AT series router/modem related - apparently required
Source=Paul Collins Startup list

[9xHtProtect]
Number=204
Confirmed=X
Filename=AVprotect9x.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-0018-99" target="_blank">NETSKY.M</a> WORM!
Source=Paul Collins Startup list

[;Rundll]
Number=205
Confirmed=X
Filename=[filename]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN!
Source=Paul Collins Startup list

[?ekio Startups]
Number=206
Confirmed=X
Filename=?nksvc32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotov.html" target="_blank">AGOBOT-OV</a> WORM where ? is a random character

Source=Paul Collins Startup list

[@]
Number=207
Confirmed=X
Filename=regedit -s ..win.dll
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN!
Source=Paul Collins Startup list

[@Hoc Toolbar]
Number=208
Confirmed=N
Filename=AtHoc.exe
Description=One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info
Source=Paul Collins Startup list

[@loha]
Number=209
Confirmed=N
Filename=reminder.exe
Description=Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility
Source=Paul Collins Startup list

[@tour_ww]
Number=210
Confirmed=X
Filename=@tour_ww[1].exe
Description=Adult content dialler
Source=Paul Collins Startup list

[a]
Number=211
Confirmed=X
Filename=a.exe
Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
Source=Paul Collins Startup list

[a]
Number=212
Confirmed=X
Filename=jesse.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32meloa.html" target="_blank">MELO-A</a> WORM!
Source=Paul Collins Startup list

[A New Windows Updater]
Number=213
Confirmed=X
Filename=w32NTupdt.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042420-4303-99" target="_blank">MYTOB.BM</a> WORM!
Source=Paul Collins Startup list

[A Note]
Number=214
Confirmed=N
Filename=A Note.exe
Description="<a href="http://a-note.sourceforge.net/" target="_blank">A Note</a> is a program that lets you create post-it like notes on your Microsoft Windows desktop"
Source=Paul Collins Startup list

[A Verizon App]
Number=215
Confirmed=U
Filename=VERIZO~1.EXE
Description=Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager
Source=Paul Collins Startup list

[a-squared]
Number=216
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target="_blank">a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
Source=Paul Collins Startup list

[a-squared Anti-Dialer]
Number=217
Confirmed=Y
Filename=a2adguard.exe
Description=a-sqaured <a href="http://www.emsisoft.com/en/software/antidialer/" target="_blank">Anti-Dialer</a>
Source=Paul Collins Startup list

[a-winpoet-service]
Number=218
Confirmed=Y
Filename=winpppoverethernet.exe
Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
Source=Paul Collins Startup list

[A1000 Settings Utility]
Number=219
Confirmed=U
Filename=cpqa1000.exe
Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
Source=Paul Collins Startup list

[A4Proxy]
Number=220
Confirmed=U
Filename=A4Proxy.exe
Description=<a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites
Source=Paul Collins Startup list

[A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
Number=221
Confirmed=X
Filename=rundll32.exe E6F1873B.DLL, D9EBC318C
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware. Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Source=Paul Collins Startup list

[a?]
Number=222
Confirmed=U
Filename=a2guard.exe
Description=<a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
Source=Paul Collins Startup list

[AAACLEAN]
Number=223
Confirmed=?
Filename=AAACLEAN.INF
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AAAKeyboard]
Number=224
Confirmed=?
Filename=??
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AAATraySaver]
Number=225
Confirmed=N
Filename=TraySaver.exe
Description=System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
Source=Paul Collins Startup list

[AAK]
Number=226
Confirmed=U
Filename=aak.exe
Description=<a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
Source=Paul Collins Startup list

[aaLDISCN32]
Number=227
Confirmed=U
Filename=LDISCN32.EXE
Description=LANDesk? <a href="http://www.landesk.com/" target="_blank">Management Suite</a> software component
Source=Paul Collins Startup list

[aaLDTaskCompletion]
Number=228
Confirmed=U
Filename=amclient.EXE
Description=LANDesk? <a href="http://www.landesk.com/" target="_blank">Management Suite</a> software component
Source=Paul Collins Startup list

[AAMSFree702]
Number=229
Confirmed=X
Filename=Avengine.com
Description=Added by the <a href="http://smartdefense.zonealarm.com/tmpl/SpywareArticle?action=detail&sid=2567" target="_blank">DELF.LJ</a> TROJAN!
Source=Paul Collins Startup list

[AAMSFree702]
Number=230
Confirmed=X
Filename=sys.exe
Description=Added by the BACKDOOR-CPC TROJAN!
Source=Paul Collins Startup list

[Aaou]
Number=231
Confirmed=X
Filename=amee.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[Aapp]
Number=232
Confirmed=X
Filename=adprot.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target="_blank">AdBlaster</a> adware
Source=Paul Collins Startup list

[aauclient]
Number=233
Confirmed=?
Filename=ACNUpdater.exe
Description=Appears to be related to software from <a href="http://www.accenture.com/home/default.htm?viewType=Flash" target="_blank">Accenture.com</a>
Source=Paul Collins Startup list

[AAW]
Number=234
Confirmed=U
Filename=Ad-Aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> anti-spyware tool from Lavasoft
Source=Paul Collins Startup list

[AAWTray]
Number=235
Confirmed=U
Filename=AAWTray.exe
Description=System Tray access to <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool
Source=Paul Collins Startup list

[ab EazyScheduler]
Number=236
Confirmed=?
Filename=ezsched.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[ABBYY Community Agent]
Number=237
Confirmed=N
Filename=CAGENT.EXE
Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the&nbsp;5.0 version of the software
Source=Paul Collins Startup list

[ABC]
Number=238
Confirmed=U
Filename=keylogger.exe
Description=Keystroke logger/monitoring program - remove unless you installed it yourself!

Source=Paul Collins Startup list

[abcdefgh]
Number=239
Confirmed=X
Filename=abcdefgh.exe
Description=<a href="http://www.securitystronghold.com/gates/spyware-adware-solutions/abcdefgh_abcdefgh.exe_solution.htm" target="_blank">EPJ</a> TROJAN! 

Source=Paul Collins Startup list

[ABIT uGuru]
Number=240
Confirmed=U
Filename=uGuru.exe
Description=<a href="http://www2.abit.com.tw/page/en/news/newspop.php?pDOCNO=en_0309184" target="_blank">ABIT ?Guru</a> - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
Source=Paul Collins Startup list

[ABITEQ]
Number=241
Confirmed=N
Filename=abiteq.exe
Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
Source=Paul Collins Startup list

[Abrada WIN32]
Number=242
Confirmed=X
Filename=abrada.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdermong.html" target="_blank">DERMON-G</a> TROJAN!

Source=Paul Collins Startup list

[Absolute Shield]
Number=243
Confirmed=U
Filename=dseraser.exe
Description=<a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dseraser/" target="_blank">Absolute Shield Evidence Eliminator</a> - internet history eraser

Source=Paul Collins Startup list

[Absolute StartUp monitor]
Number=244
Confirmed=U
Filename=ASMon.exe
Description=<a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software
Source=Paul Collins Startup list

[AbsoluteShield Internet Eraser]
Number=245
Confirmed=U
Filename=cseraser.exe
Description=<a href="http://www.internet-track-eraser.com/" target="_blank">AbsoluteShield Internet Eraser</a> - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"

Source=Paul Collins Startup list

[ABsr]
Number=246
Confirmed=X
Filename=absr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN!
Source=Paul Collins Startup list

[absr]
Number=247
Confirmed=X
Filename=mwsvm.exe
Description=SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A" target="_blank">here</a>

Source=Paul Collins Startup list

[abtu]
Number=248
Confirmed=X
Filename=mp3serch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. mp3serch.exe is the final version
Source=Paul Collins Startup list

[abtu]
Number=249
Confirmed=X
Filename=lopsearch.exe
Description=Loads the executable for <a href="http://www.spywareinfo.com/articles/lop/" target="_blank">Lop.com</a>. lopsearch.exe is the beta version
Source=Paul Collins Startup list

[AbyssWebServer]
Number=250
Confirmed=U
Filename=abyssws.exe
Description=<a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server
Source=Paul Collins Startup list

[Ac97Sound]
Number=251
Confirmed=X
Filename=snddrv.exe
Description=Detected by Sophos as the SILLYFDC-A TROJAN!
Source=Paul Collins Startup list

[AcBtnMgr_X63]
Number=252
Confirmed=U
Filename=AcBtnMgr_X63.exe
Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Source=Paul Collins Startup list

[AcBtnMgr_X73]
Number=253
Confirmed=U
Filename=AcBtnMgr_X73.exe
Description="Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Source=Paul Collins Startup list

[AcBtnMgr_X83]
Number=254
Confirmed=U
Filename=AcBtnMgr_X83.exe
Description="Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Source=Paul Collins Startup list

[AcBtnMgr_X84-X85]
Number=255
Confirmed=U
Filename=AcBtnMgr_X84-X85.exe
Description="Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
Source=Paul Collins Startup list

[acc]
Number=256
Confirmed=U
Filename=acc.exe
Description=<a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem"
Source=Paul Collins Startup list

[ACCDEFRAGINFO]
Number=257
Confirmed=X
Filename=[path to worm]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32darbyo.html" target="_blank">DARBY-O</a> WORM!
Source=Paul Collins Startup list

[Accelerate]
Number=258
Confirmed=U
Filename=accelerate.exe
Description=Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
Source=Paul Collins Startup list

[Access Control App]
Number=259
Confirmed=X
Filename=winsto.exe
Description=Detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> as the AGENT.DGO TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=4a7a58b4-53f0-4318-836a-7d0217319807" target="_blank">here</a>
Source=Paul Collins Startup list

[Access Ramp Monitor]
Number=260
Confirmed=N
Filename=armon32.exe
Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
Source=Paul Collins Startup list

[Access WebControl]
Number=261
Confirmed=X
Filename=[path to file]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojppdoorm.html" target="_blank">PPDOOR-M</a> TROJAN!
Source=Paul Collins Startup list

[AccessManager]
Number=262
Confirmed=U
Filename=AccessMgr.exe
Description=Part of SmartPipes <a href="http://www.smartpipes.com/SecureSite.htm" target="_blank">SecureSite</a> software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
Source=Paul Collins Startup list

[AccessMedia P2P Loader]
Number=263
Confirmed=X
Filename=amp2pl.exe
Description=My AccessMedia toolbar related, stealth installed!
Source=Paul Collins Startup list

[AccessoriesPlus]
Number=264
Confirmed=U
Filename=clockplus.exe
Description=Clock Plus, part of <a href="http://simplypowerful.com/software/accessoriesplus.html" target="_blank">Accessories Plus</a> allows you to select from dozens of alternatives for the Windows clock
Source=Paul Collins Startup list

[AccessRamp Monitor01]
Number=265
Confirmed=N
Filename=ARMon32a.exe
Description=From a visitor &quot;Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service.&quot;
Source=Paul Collins Startup list

[AccessRampLAN01]
Number=266
Confirmed=N
Filename=ARUpld32.exe
Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
Source=Paul Collins Startup list

[AcctMgr]
Number=267
Confirmed=U
Filename=AcctMgr.exe
Description=Norton? Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
Source=Paul Collins Startup list

[AccuWeather.com? Desktop]
Number=268
Confirmed=N
Filename=AccuWeatherDesktop.exe
Description=Desktop weather from <a href="http://www.accuweather.com/index.asp?partner=accuweather" target="_blank">AccuWeather</a>
Source=Paul Collins Startup list

[accwizz.exe]
Number=269
Confirmed=X
Filename=accwizz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target="_blank">RULAND.A</a> WORM!
Source=Paul Collins Startup list

[accwizzz.exe]
Number=270
Confirmed=X
Filename=accwizzz.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target="_blank">RULAND.A</a> WORM!
Source=Paul Collins Startup list

[acdllib3]
Number=271
Confirmed=X
Filename=bcdlmem.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmailbotba.html" target="_blank">MAILBOT-BA</a> TROJAN!
Source=Paul Collins Startup list

[ACDSee]
Number=272
Confirmed=N
Filename=ACDSee8Pro.exe
Description=<a href="http://www.acdsee.com/" target="_blank">ACDSee</a> 8 photo software. Organize, manage, enhance, and share all your valued photo memories
Source=Paul Collins Startup list

[Ace bows]
Number=273
Confirmed=?
Filename=Ace bows.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[AceGain LiveUpdate]
Number=274
Confirmed=N
Filename=LiveUpdate.exe
Description="<a href="http://www.acegain.com/products_lu.htm" target="_blank">AceGain LiveUpdate</a> can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
Source=Paul Collins Startup list

[Acer ePower Management]
Number=275
Confirmed=U
Filename=Acer ePower Management.exe
Description=Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
Source=Paul Collins Startup list

[Acer ePresentation HPD]
Number=276
Confirmed=N
Filename=ePresentation.exe
Description=Allows you to connect your Acer laptop to a projector
Source=Paul Collins Startup list

[Acer Product Registration]
Number=277
Confirmed=N
Filename=ACE1.exe
Description=Acer Product Registration - remove when registration is completed
Source=Paul Collins Startup list

[Acer Tour Reminder]
Number=278
Confirmed=N
Filename=Reminder.exe
Description=Popup reminder to take the tour of your new Acer laptop
Source=Paul Collins Startup list

[AcerGoto]
Number=279
Confirmed=U
Filename=AcerGoto.exe
Description=Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
Source=Paul Collins Startup list

[AcerNotebookManager]
Number=280
Confirmed=U
Filename=almxptray.exe
Description=System Tray access on some Acer Notebooks to give faster access to system settings
Source=Paul Collins Startup list

[AcerPowerkey]
Number=281
Confirmed=U
Filename=Powerkey.exe
Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
Source=Paul Collins Startup list

[Acess2007a]
Number=282
Confirmed=X
Filename=access2007a.exe
Description=Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Win32.Worm.Gaobot.PQA&threatid=153252" target="_blank">GAOBOT.PQA</a> WORM!
Source=Paul Collins Startup list

[Aceu]
Number=283
Confirmed=X
Filename=[random filename]
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware
Source=Paul Collins Startup list

[acEventServ]
Number=284
Confirmed=Y
Filename=acevtsrv.exe
Description=<a href="http://www.actividentity.com/" target="_blank">ActivCard Gold</a> from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
Source=Paul Collins Startup list

[AClntUsr]
Number=285
Confirmed=U
Filename=AClntUsr.exe
Description=Altiris <a href="http://www.cdg-group.com/go.exe?prodid=299" target="_blank">AClient</a> Service Windows Tray Icon
Source=Paul Collins Startup list

[Acme.PCHButton]
Number=286
Confirmed=N
Filename=pchbutton.exe
Description=Used by HP Instant Support
Source=Paul Collins Startup list

[ACMonitor_X63]
Number=287
Confirmed=U
Filename=ACMonitor_X63.exe
Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
Source=Paul Collins Startup list

[ACMonitor_X73]
Number=288
Confirmed=U
Filename=ACMonitor_X73.exe
Description=Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
Source=Paul Collins Startup list

[ACMonitor_X83]
Number=289
Confirmed=U
Filename=ACMonitor_X83.exe
Description=Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
Source=Paul Collins Startup list

[ACMonitor_X84-X85]
Number=290
Confirmed=U
Filename=ACMonitor_X84-X85.exe
Description=Button monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe"
Source=Paul Collins Startup list

[acocash]
Number=291
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[acocash]
Number=292
Confirmed=X
Filename=fastdown.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Acombo3dmouse]
Number=293
Confirmed=U
Filename=Acombo3d.exe
Description=Mouse driver - required if you use non-standard Windows driver features
Source=Paul Collins Startup list

[Aconti]
Number=294
Confirmed=X
Filename=aconti.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[acoustic]
Number=295
Confirmed=U
Filename=acoustic.exe
Description=Control panel program for Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained
Source=Paul Collins Startup list

[acpart]
Number=296
Confirmed=N
Filename=agpart11.exe
Description=Program for finding trucks on-line
Source=Paul Collins Startup list

[Acrobat]
Number=297
Confirmed=X
Filename=acrmon32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallect.html" target="_blank">SMALL-ECT</a> TROJAN!
Source=Paul Collins Startup list

[Acrobat Assistant *.*]
Number=298
Confirmed=U
Filename=ACROTRAY.EXE
Description=Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
Source=Paul Collins Startup list

[Acrobat Read]
Number=299
Confirmed=X
Filename=acroup32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojvanbotbq.html" target="_blank">VANBOT-BQ</a> TROJAN!
Source=Paul Collins Startup list

[Acrobat Speed Launch]
Number=300
Confirmed=N
Filename=acrobat_sl.exe
Description=Speeds up the time it takes to load Adobe's <a href="http://www.adobe.com/products/acrobat/?ogn=EN_US-gntray_prod_acrobat_family_home" target="_blank">Acrobat</a> PDF creation and management tool. From version 7.0 onwards
Source=Paul Collins Startup list

[ACROMOUSE]
Number=301
Confirmed=U
Filename=ACROMAPP.exe
Description=Related to <a href="http://www.acroxusa.com/" target="_blank">ACROMOUSE</a> Laser mouse control
Source=Paul Collins Startup list

[Acronis Popup Blocker]
Number=302
Confirmed=U
Filename=RunDll32.exe [path] Blocker.dll, Run
Description=Part of <a href="http://www.acronis.com/homecomputing/products/privacyexpert/" target="_blank">Acronis Privacy Expert</a> - anti-spyware and security suite

Source=Paul Collins Startup list

[Acronis Scheduler Helper]
Number=303
Confirmed=U
Filename=schedhlp.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
Source=Paul Collins Startup list

[Acronis Scheduler2 Service]
Number=304
Confirmed=U
Filename=schedhlp.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
Source=Paul Collins Startup list

[Acronis True Image]
Number=305
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list

[Acronis True Image Monitor]
Number=306
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[Acronis TrueImage Monitor]
Number=307
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[AcronisTimounterMonitor]
Number=308
Confirmed=U
Filename=TimounterMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
Source=Paul Collins Startup list

[AcronisTrueImage Monitor]
Number=309
Confirmed=N
Filename=TrueImageMonitor.exe
Description=Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage
Source=Paul Collins Startup list

[Act! Preloader]
Number=310
Confirmed=U
Filename=Act8.exe
Description=Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
Source=Paul Collins Startup list

[Action Manager 32]
Number=311
Confirmed=N
Filename=am32.exe
Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ActionAgent]
Number=312
Confirmed=?
Filename=actionagent.exe
Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". <font color="#FF0000">Is it required?</font>
Source=Paul Collins Startup list

[Activation]
Number=313
Confirmed=N
Filename=Activation.exe
Description=Part of Microsoft Money
Source=Paul Collins Startup list

[Activboard]
Number=314
Confirmed=U
Filename=MMKeybd.exe
Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
Source=Paul Collins Startup list

[Active Bit Station]
Number=315
Confirmed=X
Filename=abs.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-3728-99" target="_blank">MYTOB.BZ</a> WORM!
Source=Paul Collins Startup list

[Active CPU]
Number=316
Confirmed=N
Filename=acpu.exe
Description=<a href="http://www.devicelock.com/freeware.html" target="_blank">Active CPU</a> - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"
Source=Paul Collins Startup list

[Active Desktop Calendar]
Number=317
Confirmed=U
Filename=ADC.EXE
Description=XemiComputers <a href="http://www.xemico.com/adc/index.html" target="_blank">Active Desktop Calendar</a>
Source=Paul Collins Startup list

[Active Email Monitor]
Number=318
Confirmed=U
Filename=aem25.exe
Description=<a href="http://www.vicman.net/emailmon/" target="_blank">Active Email Monitor</a> checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
Source=Paul Collins Startup list

[Active shield]
Number=319
Confirmed=U
Filename=Activeshield.exe
Description=<a href="http://www.securitystronghold.com/" target="_blank">Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
Source=Paul Collins Startup list

[ActiveDesktop]
Number=320
Confirmed=X
Filename=systray32.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030717-0234-99" target="_blank">DABOOM</a> WORM!
Source=Paul Collins Startup list

[ACTIVEDS]
Number=321
Confirmed=X
Filename=ACTIVEDS.EXE
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM!
Source=Paul Collins Startup list

[ActiveEyes]
Number=322
Confirmed=N
Filename=ActiveEyes.exe
Description=ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
Source=Paul Collins Startup list

[ActiveKeys.AAB635BD7D054a37A576]
Number=323
Confirmed=U
Filename=akeys.exe
Description="<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
Source=Paul Collins Startup list

[ActiveMenu]
Number=324
Confirmed=U
Filename=ActiveMenu.exe
Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Source=Paul Collins Startup list

[ActivePlus]
Number=325
Confirmed=U
Filename=activeplus.exe
Description=Interactive Agents Plugin for <a href="http://www.patchou.com/msgplus/" target="_blank">Messenger Plus!</a> (MSN Messenger add-on)
Source=Paul Collins Startup list

[ActiveScan Antivirus]
Number=326
Confirmed=X
Filename=ActiveScan.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotfkq.html" target="_blank">RBOT-FKQ</a> WORM!
Source=Paul Collins Startup list

[ActiveScript32]
Number=327
Confirmed=X
Filename=nod.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sohanaaj.html" target="_blank">SOHANA-AJ</a> WORM!
Source=Paul Collins Startup list

[ActiveShield]
Number=328
Confirmed=Y
Filename=MCVSSHLD.EXE
Description=McAfee VirusScan On-line. See also the McAgentExe entry
Source=Paul Collins Startup list

[ActiveSpeed]
Number=329
Confirmed=U
Filename=AS.exe
Description=Ascentive <a href="http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html" target="_blank">ActiveSpeed</a> Internet Optimizer
Source=Paul Collins Startup list

[ActiveSync]
Number=330
Confirmed=X
Filename=wcescom32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmancsyne.html" target="_blank">MANCSYN-E</a> TROJAN!
Source=Paul Collins Startup list

[ActiveWords]
Number=331
Confirmed=N
Filename=AWMonitor.exe
Description=<a href="http://www.activewords.com" target="_blank">ActiveWords</a> from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined
Source=Paul Collins Startup list

[ActiveX File Registration Service]
Number=332
Confirmed=X
Filename=filereg.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotdvd.html" target="_blank">RBOT-DVD</a> WORM!
Source=Paul Collins Startup list

[ActiveX Streamer]
Number=333
Confirmed=X
Filename=msgfix.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NQ" target="_blank">SDBOT.NQ</a> WORM!
Source=Paul Collins Startup list

[ActiveXUpdate]
Number=334
Confirmed=X
Filename=svcss.exe
Description=Added by a variant of the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdedlerc.html" target="_blank">DEDLER.C</a> TROJAN!
Source=Paul Collins Startup list

[Activity]
Number=335
Confirmed=U
Filename=actik.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032917-5224-99" target="_blank">ActivityKey</a> Keystroke logger/monitoring program - remove unless you installed it yourself!
Source=Paul Collins Startup list

[ActivSurf]
Number=336
Confirmed=N
Filename=backweb*****.exe
Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
Source=Paul Collins Startup list

[ActMaker]
Number=337
Confirmed=U
Filename=ActMak25.exe
Description="<a href="http://www.789987.com/products.htm" target="_blank">ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
Source=Paul Collins Startup list

[ActMaker]
Number=338
Confirmed=U
Filename=ActMaker25.exe
Description=<a href="http://www.789987.com/products.htm" target="_blank">ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload

Source=Paul Collins Startup list

[ACTray]
Number=339
Confirmed=U
Filename=ACTray.exe
Description=System Tray icon for <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/accessconnections.html" target="_blank">ThinkVantage Access Connections</a> - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
Source=Paul Collins Startup list

[Actual Window Minimizer]
Number=340
Confirmed=U
Filename=ActualWindowMinimizerCenter.exe
Description=<a href="http://www.actualtools.com/windowminimizer/" target="_blank">Actual Window Minimizer</a> - "allows minimizing any window to task tray notification area or to the edge of the screen"

Source=Paul Collins Startup list

[ACTX1]
Number=341
Confirmed=X
Filename=v1201.exe
Description=Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097395" target="_blank">VB.IS</a> TROJAN!
Source=Paul Collins Startup list

[ACU]
Number=342
Confirmed=U
Filename=ACU.exe
Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
Source=Paul Collins Startup list

[ACU_QSB]
Number=343
Confirmed=U
Filename=ACU.exe
Description=<a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility
Source=Paul Collins Startup list

[ACWLIcon]
Number=344
Confirmed=U
Filename=ACWLIcon.exe
Description=Related to IBM ThinkVantage Connectivity Solution

Source=Paul Collins Startup list

[Ad Blocker]
Number=345
Confirmed=U
Filename=blocker.exe
Description=<a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads
Source=Paul Collins Startup list

[Ad Blocker Pro]
Number=346
Confirmed=U
Filename=Ad Blocker Pro.exe
Description=Ad Away popup and banner remover
Source=Paul Collins Startup list

[Ad Muncher]
Number=347
Confirmed=U
Filename=AdMunch.exe
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Source=Paul Collins Startup list

[Ad Online Guide]
Number=348
Confirmed=?
Filename=adonlineguide.exe
Description=<font color="#FF0000">??</font>
Source=Paul Collins Startup list

[Ad-aware]
Number=349
Confirmed=U
Filename=Ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool
Source=Paul Collins Startup list

[Ad-Aware]
Number=350
Confirmed=X
Filename=Ad-Aware.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotadj.html" target="_blank">RBOT-ADJ</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool and is located in the Winnt\System32 or Windows\System32 directory
Source=Paul Collins Startup list

[Ad-Eliminator]
Number=351
Confirmed=X
Filename=ad-eliminator.exe
Description=Ad-Eliminator spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[Ad-Muncher]
Number=352
Confirmed=U
Filename=ADMUNCH.EXE
Description=<a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Source=Paul Collins Startup list

[Ad-Protect]
Number=353
Confirmed=U
Filename=ad-protect.exe
Description=<a href="http://www.adprotectplus.com/" target="_blank">Ad-Protect</a> spyware and spam monitoring tool

Source=Paul Collins Startup list

[Ad-watch]
Number=354
Confirmed=U
Filename=Ad-watch.exe
Description=Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
Source=Paul Collins Startup list

[AD2KClient]
Number=355
Confirmed=U
Filename=AD2KClient.exe
Description=Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[Adaptec DirectCD]
Number=356
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later

Source=Paul Collins Startup list

[AdaptecDirectCD]
Number=357
Confirmed=N
Filename=Directcd.exe
Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -&gt; Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Source=Paul Collins Startup list

[AdAware]
Number=358
Confirmed=X
Filename=wini.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotxn.html" target="_blank">RBOT-XN</a> WORM!
Source=Paul Collins Startup list

[Adaware Bootup]
Number=359
Confirmed=U
Filename=ad-aware.exe
Description=<a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool
Source=Paul Collins Startup list

[Adaware lptt01]
Number=360
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
Source=Paul Collins Startup list

[Adaware ml097e]
Number=361
Confirmed=X
Filename=adaware.exe
Description=<a href="http://www.wilderssecurity.net/specialinfo/rapidblaster.html" target="_blank">RapidBlaster</a> variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see <a href="http://www.castlecops.com/downloads-file-333-details-RapidBlaster_Killer.html" target="_blank">here</a>. Note - this is not the valid Lavasoft Adaware
Source=Paul Collins Startup list

[AdBin]
Number=362
Confirmed=U
Filename=AdBin.exe
Description=<a href="http://www.jgilmore.com/AdBin/" target="_blank">AdBin</a> - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
Source=Paul Collins Startup list

[Add**.exe [* = random char]]
Number=363
Confirmed=X
Filename=Add**.exe [* = random char]
Description=<a href="http://ftp.officefive.org.uk/sites/cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[Add**32.exe [* = random char]]
Number=364
Confirmed=X
Filename=Add**32.exe [* = random char]
Description=<a href="http://ftp.officefive.org.uk/sites/cwshredder.net/cwshredder/cwschronicles.html#homesearch" target="_blank">CoolWebSearch/HomeSearch</a> adware - for examples, see <a href="http://www.castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html" target="_blank">this</a> log
Source=Paul Collins Startup list

[AddClass]
Number=365
Confirmed=X
Filename=AddClass.exe
Description=CoolWebSearch <a href="http://ftp.officefive.org.uk/sites/cwshredder.net/cwshredder/cwschronicles.html#addclass" target="_blank">Addclass</a> parasite variant
Source=Paul Collins Startup list

[AddClass]
Number=366
Confirmed=X
Filename=[Installation_Path]
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080815-4711-99" target="_blank">STARTPAGE.F</a> hijacker
Source=Paul Collins Startup list

[AddClass]
Number=367
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsecdla.html" target="_blank">SECDL-A</a> TROJAN!
Source=Paul Collins Startup list

[AdDelete]
Number=368
Confirmed=U
Filename=AdDelete.exe
Description=Banner advertisment blocker
Source=Paul Collins Startup list

[AdDestroyer]
Number=369
Confirmed=X
Filename=AdDestroyer.exe
Description=<a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Virtual%20Bouncer&threatid=12432" target="_blank">Virtual Bouncer</a> - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see <a href="http://groups.google.com/group/alt.sports.hockey.nhl.vanc-canucks/msg/dec91d1aa1e0d9dd?hl=en&lr=&ie=UTF-8&oe=UTF-8" target="_blank">here</a>
Source=Paul Collins Startup list

[ADDITIONAL Services]
Number=370
Confirmed=X
Filename=pkgadd.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102711-3533-99" target="_blank">IRCBOT</a> TROJAN!
Source=Paul Collins Startup list

[addproxy]
Number=371
Confirmed=?
Filename=addproxy.exe
Description=Related to Adobe Photoshop
Source=Paul Collins Startup list

[ADG]
Number=372
Confirmed=?
Filename=ADG.exe
Description=<font color="#FF0000"> SoundBlaster Audigy related?</font>
Source=Paul Collins Startup list

[ADGJdet]
Number=373
Confirmed=N
Filename=ADGJDet.exe
Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Source=Paul Collins Startup list

[aDir]
Number=374
Confirmed=X
Filename=adirss.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojspamsrve.html" target="_blank">SPAMSRV-E</a> TROJAN!
Source=Paul Collins Startup list

[Adiras]
Number=375
Confirmed=Y
Filename=Adiras.exe
Description=ADSL USB modem related
Source=Paul Collins Startup list

[adirka]
Number=376
Confirmed=X
Filename=adirka.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojtibsqt.html" target="_blank">TIBS-QT</a> TROJAN!
Source=Paul Collins Startup list

[AdKiller]
Number=377
Confirmed=U
Filename=AD Defender.exe
Description=Part of <a href="http://www.evonsoft.com/Advanced-Spyware-Remover.htm" target="_blank">Advanced Spyware Remover</a> anti-spyware tool
Source=Paul Collins Startup list

[adlhidp]
Number=378
Confirmed=X
Filename=psncc32.exe
Description=Detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> as the SLAPER.AI TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=086747c6-cc41-409f-9946-b9037950f3bf" target="_blank">here</a>
Source=Paul Collins Startup list

[ADM Library Loader]
Number=379
Confirmed=X
Filename=admlib32.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99" target="_blank">SDBOT</a> TROJAN!
Source=Paul Collins Startup list

[Admanager Controller]
Number=380
Confirmed=X
Filename=AdManCtl.exe
Description=Adware, probably a Windupdates variant
Source=Paul Collins Startup list

[Admilli Service]
Number=381
Confirmed=X
Filename=AdmilliServ.exe
Description=Windupdates adware variant
Source=Paul Collins Startup list

[Administrator]
Number=382
Confirmed=X
Filename=svchost.scr
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-092910-5215-99" target="_blank">NOVACAL</a> TROJAN!
Source=Paul Collins Startup list

[Administrator]
Number=383
Confirmed=X
Filename=winlogon.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rubblec.html" target="_blank">RUBBLE-C</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup!
Source=Paul Collins Startup list

[Administrator di Dago]
Number=384
Confirmed=X
Filename=Dago.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32punyab.html" target="_blank">PUNYA-B</a> WORM!
Source=Paul Collins Startup list

[AdminSoft]
Number=385
Confirmed=X
Filename=sysfile.vbs
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/vbsstargruba.html" target="_blank">STARGRUB-A</a> WORM!
Source=Paul Collins Startup list

[admtray.exe]
Number=386
Confirmed=U
Filename=admtray.exe
Description=Related to <a href="http://global.acer.com/" target="_blank">Acer</a> Inc. destop tray
Source=Paul Collins Startup list

[Adobe]
Number=387
Confirmed=X
Filename=Adobe.exe
Description=Added by an unidentified VIRUS, WORM or TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=388
Confirmed=X
Filename=sysconfig.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[adobe]
Number=389
Confirmed=X
Filename=gam.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=390
Confirmed=X
Filename=sysbat32.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.T" target="_blank">LOWZONES.T</a> TROJAN!
Source=Paul Collins Startup list

[Adobe]
Number=391
Confirmed=X
Filename=zteam.exe
Description=Added by an unidentified TROJAN!
Source=Paul Collins Startup list

[Adobe Acrobat]
Number=392
Confirmed=N
Filename=READER~1.EXE
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Acrobat Distiller Application]
Number=393
Confirmed=X
Filename=acrotray.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040512-3029-99" target="_blank">RANDEX.DFJ</a> WORM!
Source=Paul Collins Startup list

[Adobe Acrobat Reader CFG]
Number=394
Confirmed=X
Filename=[random filename]
Description=Added by a variant of the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Adobe Acrobat Speed Launcher]
Number=395
Confirmed=N
Filename=acrobat_sl.exe
Description=Speeds up the time it takes to load Adobe's <a href="http://www.adobe.com/products/acrobat/?ogn=EN_US-gntray_prod_acrobat_family_home" target="_blank">Acrobat</a> PDF creation and management tool. From version 7.0 onwards
Source=Paul Collins Startup list

[Adobe Filter Platform]
Number=396
Confirmed=X
Filename=afilterplatform.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotop.html" target="_blank">RBOT-OP</a> WORM!
Source=Paul Collins Startup list

[Adobe Gamma Loader]
Number=397
Confirmed=U
Filename=Adobe Gamma Loader.exe
Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
Source=Paul Collins Startup list

[Adobe Photo Downloader]
Number=398
Confirmed=N
Filename=apdproxy.exe
Description=Part of <a href="http://www.adobe.com/" target="_blank">Adobe's</a> Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see <a href="http://www.adobe.com/support/techdocs/332361.html" target="_blank">here</a>)
Source=Paul Collins Startup list

[Adobe Reader Speed Launch]
Number=399
Confirmed=N
Filename=Reader_sl.exe
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Reader Speed Launch]
Number=400
Confirmed=N
Filename=READER~1.EXE
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Reader Speed Launcher]
Number=401
Confirmed=N
Filename=Reader_sl.exe
Description=Speeds up the time it takes to load the <a href="http://www.adobe.com/products/acrobat/readermain.html" target="_blank">Adobe Reader</a> application. Your choice, but not required for Adobe Reader to function properly
Source=Paul Collins Startup list

[Adobe Reader Synchronizer]
Number=402
Confirmed=U
Filename=AdobeCollabSync.exe
Description=<a href="http://blogs.adobe.com/barnaby.james/2006/12/the_adobe_synch_1.html" target="_blank">Adobe Synchronizer</a> - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
Source=Paul Collins Startup list

[Adobe Version Cue CS2]
Number=403
Confirmed=U
Filename=VersionCueCS2Tray.exe
Description=File manager that's part of <a href="http://www.adobe.com/products/creativesuite/index.html?c=us" target="_blank">Adobe Creative Suite 2</a> - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
Source=Paul Collins Startup list

[AdobeA]
Number=404
Confirmed=X
Filename=adobes.exe
Description=Added by the <a href="http://vil.nai.com/vil/content/v_100373.htm" target="_blank">FLOOD.BA</a> TROJAN!
Source=Paul Collins Startup list

[AdobeFonts]
Number=405
Confirmed=X
Filename=fonts.hta
Description=Browser hijacker - redirecting to Hugesearch.net
Source=Paul Collins Startup list

[adobemgr]
Number=406
Confirmed=X
Filename=adobemgr.exe
Description=Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99" target="_blank">ADCLICKER</a> TROJAN!
Source=Paul Collins Startup list

[AdobeReader]
Number=407
Confirmed=X
Filename=msni.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.DAO" target="_blank">RBOT.DAO</a> TROJAN!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=408
Confirmed=X
Filename=msnxpsp.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotask.html" target="_blank">RBOT-ASK</a> or <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotaus.html" target="_blank">RBOT-AUS</a> WORMS!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=409
Confirmed=X
Filename=ntkernell32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotaty.html" target="_blank">RBOT-ATY</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=410
Confirmed=X
Filename=msnserve.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotakh.html" target="_blank">SDBOT-AKH</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPro]
Number=411
Confirmed=X
Filename=updt.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32ircbotvq.html" target="_blank">IRCBOT-VQ</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderProfessional]
Number=412
Confirmed=X
Filename=msx64.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotgat.html" target="_blank">RBOT-GAT</a> WORM!
Source=Paul Collins Startup list

[AdobeReaderPros]
Number=413
Confirmed=X
Filename=sysmsn.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotbgh.html" target="_blank">RBOT-BGH</a> WORM!
Source=Paul Collins Startup list

[AdobeUpdater]
Number=414
Confirmed=N
Filename=AdobeUpdater.exe
Description=Automatic updater for Adobe software - run manually
Source=Paul Collins Startup list

[AdobeVersionCue]
Number=415
Confirmed=N
Filename=VersionCueTray.exe
Description="An exclusive feature of the Adobe? Creative Suite, <a href="http://www.adobe.com/products/creativesuite/versioncue.html" target="_blank">Version Cue?</a> helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Source=Paul Collins Startup list

[adodemaster]
Number=416
Confirmed=X
Filename=adodemaster.exe
Description=Downloader of Korean origin, detected as <a href="http://kr.ahnlab.com/SecuInfoVirusEngViewIframe.ahn?SEQ_NO=7994" target="_blank">ADOD.28672</a>
Source=Paul Collins Startup list

[Adope File Manager]
Number=417
Confirmed=X
Filename=lsasv.exe
Description=Added by an unidentified WORM or TROJAN!
Source=Paul Collins Startup list

[adp]
Number=418
Confirmed=X
Filename=adp.exe
Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
Source=Paul Collins Startup list

[AdPopup]
Number=419
Confirmed=X
Filename=dcf5678.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentfz.html" target="_blank">AGENT-FZ</a> TROJAN!
Source=Paul Collins Startup list

[adprot]
Number=420
Confirmed=X
Filename=adprot.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target="_blank">AdBlaster</a> adware
Source=Paul Collins Startup list

[ADQuickAccess]
Number=421
Confirmed=N
Filename=Adtray.exe
Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
Source=Paul Collins Startup list

[ADriver]
Number=422
Confirmed=X
Filename=windrv.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DELF.WG" target="_blank">DELF.WG</a> TROJAN!
Source=Paul Collins Startup list

[AdRoarUpdate]
Number=423
Confirmed=X
Filename=ARUpdate.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120211-0649-99" target="_blank">AdRoar</a> adware updater
Source=Paul Collins Startup list

[AdRotator.Application]
Number=424
Confirmed=X
Filename=[path to csrss.exe]
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallaq.html" target="_blank">SMALL-AQ</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Source=Paul Collins Startup list

[AdRotator.Application]
Number=425
Confirmed=X
Filename=services.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-080316-2013-99&tabid=1" target="_blank">FakeMessage/AdRotator</a> adware. Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
Source=Paul Collins Startup list

[ADS Adware Remover]
Number=426
Confirmed=X
Filename=ADS Adware Remover.exe
Description=ADS Adware Remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a>
Source=Paul Collins Startup list

[AdsBlocker]
Number=427
Confirmed=X
Filename=stopAds.exe
Description=Reported as DILAER.DW by <a href="http://www.eset.com/products/index.php" target="_blank">NOD32</a>
Source=Paul Collins Startup list

[AdsCleaner]
Number=428
Confirmed=U
Filename=AdsCleaner.exe
Description="<a href="http://www.adscleaner.com/" target="_blank">AdsCleaner</a> is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"
Source=Paul Collins Startup list

[ADService]
Number=429
Confirmed=U
Filename=ADService.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[AdsGone]
Number=430
Confirmed=U
Filename=Adsgone.exe
Description=<a href="http://www.adsgone.com/" target="_blank">AdsGone</a> - pop-up stopper
Source=Paul Collins Startup list

[ADSL Diagnostic Tools]
Number=431
Confirmed=N
Filename=mapiicon.exe
Description=System tray access to ADSL modem diagnostic tools. Available via Start -&gt; Programs
Source=Paul Collins Startup list

[ADSLSYSTEMTRAY]
Number=432
Confirmed=?
Filename=SystemtrayV100B.exe
Description=Apparently Annex A ADSL modem related. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AdslTaskBar]
Number=433
Confirmed=Y
Filename=rundll32.exe stmctrl.dll, TaskBar
Description=ISP software, initializes DSL modem
Source=Paul Collins Startup list

[AdslTaskBars]
Number=434
Confirmed=X
Filename=taskmng.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotaxz.html" target="_blank">RBOT-AXZ</a> WORM!
Source=Paul Collins Startup list

[ADSL_A2]
Number=435
Confirmed=?
Filename=A2Installed
Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[ADSS]
Number=436
Confirmed=Y
Filename=ADSS.exe
Description=ADSS is part of <a href="http://www.johnru.com/" target="_blank">Access Denied</a> security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
Source=Paul Collins Startup list

[adstartup]
Number=437
Confirmed=X
Filename=automove.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target="_blank">Adlogix</a> adware variant
Source=Paul Collins Startup list

[adstartup]
Number=438
Confirmed=X
Filename=Adstartup.exe
Description=<a href="http://www.spywareguide.com/product_show.php?id=791" target="_blank">Adlogix</a> adware variant
Source=Paul Collins Startup list

[AdStatus Service]
Number=439
Confirmed=X
Filename=AdStatServ.exe
Description=WindUpdates <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094113" target="_blank">AdStatus Service</a> adware
Source=Paul Collins Startup list

[AdSubtract]
Number=440
Confirmed=U
Filename=adsub.exe
Description=AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by <a href="http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm" target="_blank">Trend Micro AntiSpyware</a>
Source=Paul Collins Startup list

[adtech2005]
Number=441
Confirmed=X
Filename=adtech2005.exe
Description=Detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> as the STARTPAGE.AW TROJAN!
Source=Paul Collins Startup list

[adtech2006]
Number=442
Confirmed=X
Filename=adtech2006.exe
Description=Detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> as the VB.KC WORM!
Source=Paul Collins Startup list

[Adtools Service]
Number=443
Confirmed=X
Filename=AdTools.exe
Description=<a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082798" target="_blank">Windupdates</a> Adware
Source=Paul Collins Startup list

[ADU]
Number=444
Confirmed=?
Filename=adu.exe
Description=Related to <a href="http://www.cisco.com/" target="_blank">Cisco</a> Aironet wireless products. <font color="#FF0000">What does it do and is it required?</font>
Source=Paul Collins Startup list

[AdultX]
Number=445
Confirmed=X
Filename=AdultX.exe
Description=Adult content dialler and hijacker
Source=Paul Collins Startup list

[Adult_Chat]
Number=446
Confirmed=X
Filename=Adult_Chat.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[Adult_Chat1]
Number=447
Confirmed=X
Filename=Adult_Chat1.exe
Description=Adult content dialler
Source=Paul Collins Startup list

[AdUpdater]
Number=448
Confirmed=X
Filename=sysupudt.exe
Description=Unidentified adware downloader/updater
Source=Paul Collins Startup list

[ADUserMon]
Number=449
Confirmed=U
Filename=ADUserMon.exe
Description=Part of Iomega's <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
Source=Paul Collins Startup list

[Advanced DHTML Enable]
Number=450
Confirmed=X
Filename=exo32.exe
Description=Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojranckfi.html" target="_blank">RANCK-FI</a> TROJAN!
Source=Paul Collins Startup list

[Advanced DHTML Enable]
Number=451
Confirmed=X
Filename=[path to trojan]
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.GLQ" target="_blank">AGENT.GLQ</a> TROJAN!
Source=Paul Collins Startup list

[Advanced Internet Protocol]
Number=452
Confirmed=X
Filename=cerf.exe
Description=Added by a variant of the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99" target="_blank">SPYBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Protection System]
Number=453
Confirmed=X
Filename=advpsys.exe
Description=Added by a variant of the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Spyware Remover]
Number=454
Confirmed=U
Filename=Asr.exe
Description=<a href="http://www.evonsoft.com/" target="_blank">Advanced Spyware Remover</a> anti spyware tool

Source=Paul Collins Startup list

[Advanced Tool Checks]
Number=455
Confirmed=X
Filename=advchks.exe
Description=Added by a variant of the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM!
Source=Paul Collins Startup list

[Advanced Tools Check]
Number=456
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Source=Paul Collins Startup list

[Advanced Uninstaller PRO Installation Monitor]
Number=457
Confirmed=U
Filename=monitor.exe
Description=Innovative Solutions <a href="http://www.innovative-sol.com/products.htm#uninstaller" target="_blank">Advanced Uninstaller PRO</a> - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
Source=Paul Collins Startup list

[AdvancedCleaner Free]
Number=458
Confirmed=X
Filename=UADC.exe
Description=AdvancedCleaner misleading security software - not recommended, see <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-073111-4727-99" target="_blank">here</a>
Source=Paul Collins Startup list

[AdVantage]
Number=459
Confirmed=X
Filename=AdVantage.exe
Description=<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-090320-4002-99" target="_blank">MediaAdVantage</a> adware
Source=Paul Collins Startup list

[advap32]
Number=460
Confirmed=X
Filename=[path to trojan]
Description=Detected by <a href="http://www.trendmicro.com/vinfo/virusencyclo/" target="_blank">Trend Micro</a> as the MUTANT.AT TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=2abc5844-c2f1-4ca0-a0a9-fa89e640b0de" target="_blank">here</a>
Source=Paul Collins Startup list

[Advapi]
Number=461
Confirmed=X
Filename=Advapi.exe
Description=Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.12" target="_blank">NETDEVIL.12</a> WORM!
Source=Paul Collins Startup list

[ADVCHK]
Number=462
Confirmed=N
Filename=ADVCHK.EXE
Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Source=Paul Collins Startup list

[Advertising Killer]
Number=463
Confirmed=U
Filename=Akiller.exe
Description=<a href="http://sourceforge.net/projects/akiller/" target="_blank">Advertising Killer</a> - popup stopper
Source=Paul Collins Startup list

[advmon32]
Number=464
Confirmed=X
Filename=advmon32.exe
Description=Added by a variant of the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojcrypterc.html" target="_blank">CRYPTER.C</a> TROJAN!
Source=Paul Collins Startup list

[Adware Agent]
Number=465
Confirmed=U
Filename=adware agent.exe
Description=<a href="http://www.topshareware.com/Adware-Agent-download-4866.htm" target="_blank">Adware Agent</a> popup blocker
Source=Paul Collins Startup list

[Adware Spy]
Number=466
Confirmed=X
Filename=AdwareSpy.exe