[] Number=1 Confirmed=X Filename=system32.exe Description=Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=2 Confirmed=X Filename=pathex.exe Description=Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=3 Confirmed=X Filename=svchost.exe Description=Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=4 Confirmed=X Filename=MSPF.EXE Description=Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=5 Confirmed=X Filename=dllvirtual.exe Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=6 Confirmed=X Filename=dllvirtual.dll Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=7 Confirmed=X Filename=dllvirtual.js Description=Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=8 Confirmed=X Filename=ajsha5.exe Description=Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field Source=Paul Collins Startup list [] Number=9 Confirmed=X Filename=ne.exe Description=Added by the IRCBOT-ZL TROJAN! Source=Paul Collins Startup list [!1_pgaccount] Number=10 Confirmed=Y Filename=pgaccount.exe Description=DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly Source=Paul Collins Startup list [!1_ProcessGuard_Startup] Number=11 Confirmed=Y Filename=procguard.exe Description=DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks Source=Paul Collins Startup list [!AVG Anti-Spyware] Number=12 Confirmed=Y Filename=avgas.exe Description=Main application of AVG Anti-Spyware 7.5 from AVG Technologies (was Grisoft). Now superseeded by AVG Anti-Virus which includes Anti-Spyware Source=Paul Collins Startup list [!ewido] Number=13 Confirmed=Y Filename=ewido.exe Description=Part of Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseeded by AVG Anti-Virus which includes Anti-Spyware Source=Paul Collins Startup list [!NoLoad] Number=14 Confirmed=N Filename=winrecon.exe Description=WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [$EnterNet] Number=15 Confirmed=U Filename=Enternet.exe Description=Connection manager for the EnterNet ISP. You can also use RASPPOE Source=Paul Collins Startup list [$sys$cmp] Number=16 Confirmed=X Filename=$sys$xp.exe Description=Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Source=Paul Collins Startup list [$sys$crash] Number=17 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$crash] Number=18 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$crash] Number=19 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$drv] Number=20 Confirmed=X Filename=$sys$drv.exe Description=Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Source=Paul Collins Startup list [$sys$momomomochin] Number=21 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$momomomochin] Number=22 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$momomomochin] Number=23 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=24 Confirmed=X Filename=$sys$sonyTimer.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=25 Confirmed=X Filename=$sys$sos$sys$.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$sys$umaiyo] Number=26 Confirmed=X Filename=$sys$WeLoveMcCOL.exe Description=Added by the WELOMOCH TROJAN! Source=Paul Collins Startup list [$Volumouse$] Number=27 Confirmed=U Filename=volumouse.exe Description=Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" Source=Paul Collins Startup list [$WindowsRegKey%update] Number=28 Confirmed=X Filename=IEXPLORE.EXE Description=Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% Source=Paul Collins Startup list [%cmpmixtitle%] Number=29 Confirmed=? Filename=%cmpmixstr% Description=Possibly related to C-Media Mixer Control panel? Source=Paul Collins Startup list [%FP%012-L2TP fts.exe] Number=30 Confirmed=N Filename=fts.exe Description=012.Net.il Israeli ISP software front-end Source=Paul Collins Startup list [%FP%012-L2TP FWPortal.exe] Number=31 Confirmed=U Filename=FWPortal.exe Description=012.Net.il Israeli ISP dial-up software Source=Paul Collins Startup list [%FP%1776 Internet fts.exe] Number=32 Confirmed=N Filename=fts.exe Description=1776 Internet US ISP software ISP software front-end Source=Paul Collins Startup list [%FP%1776 Internet FWPortal.exe] Number=33 Confirmed=U Filename=FWPortal.exe Description=1776 Internet US ISP dial-up software Source=Paul Collins Startup list [%FP%AIRTEL fts.exe] Number=34 Confirmed=N Filename=fts.exe Description=Bharti Airtel Broadband - Indian ISP software front-end Source=Paul Collins Startup list [%FP%Barak013 fts.exe] Number=35 Confirmed=N Filename=fts.exe Description=Barak013 Israeli ISP software front-end Source=Paul Collins Startup list [%FP%Barak013 FWPortal.exe] Number=36 Confirmed=U Filename=FWPortal.exe Description=Barak013 Israeli ISP dial-up software Source=Paul Collins Startup list [%FP%Friendly fts.exe] Number=37 Confirmed=N Filename=fts.exe Description=Friendly ISP software front-end Source=Paul Collins Startup list [\NvCpTDaemon] Number=38 Confirmed=X Filename=wuauqmr.exe Description=Added by the CULT-B WORM! Source=Paul Collins Startup list [ÏµÍ³×˘ïż½ï½ïż½ïż½] Number=39 Confirmed=X Filename=zhuruqi.exe Description=Added by the QHOST.V TROJAN! Source=Paul Collins Startup list [µTorrent] Number=40 Confirmed=U Filename=utorrent.exe Description=µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients Source=Paul Collins Startup list [ WinCheck] Number=41 Confirmed=X Filename=services.exe Description=Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field Source=Paul Collins Startup list [ Windows] Number=42 Confirmed=X Filename=services.exe Description=Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field Source=Paul Collins Startup list [ WinStart] Number=43 Confirmed=X Filename=services.exe Description=Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field Source=Paul Collins Startup list [ winsystem.sys] Number=44 Confirmed=X Filename=smss.exe Description=Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field Source=Paul Collins Startup list ['Ashampoo AntiSpyWare 2 Guard'] Number=45 Confirmed=Y Filename=AntiSpyWare2Guard.exe Description=Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc Source=Paul Collins Startup list [(*)API Machine] Number=46 Confirmed=X Filename=winSOCKS.exe Description=Homepage hijacker, see here (* = any digit) Source=Paul Collins Startup list [(*)Run] Number=47 Confirmed=X Filename=win32API.exe Description=Homepage hijacker, see here (* = any digit) Source=Paul Collins Startup list [(Default)] Number=48 Confirmed=X Filename=media_driver.exe Description=Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=49 Confirmed=X Filename=Shania.vbs Description=Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=50 Confirmed=X Filename=NOTEPAD.exe Description=Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=51 Confirmed=X Filename=[random filename].exe Description=Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=52 Confirmed=X Filename=twunk_32.exe Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=53 Confirmed=X Filename=winhelp.exe Description=Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=54 Confirmed=X Filename=spolsvr2.exe Description=Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=55 Confirmed=X Filename=winbas12.exe Description=Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=56 Confirmed=X Filename=Systrsy.exe Description=Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=57 Confirmed=X Filename=llsass.exe Description=Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=58 Confirmed=X Filename=syspol.exe Description=Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=59 Confirmed=X Filename=winlog.exe Description=Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(default)] Number=60 Confirmed=X Filename=rundll32.exe [path to DLL file],Do98Work Description=Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=61 Confirmed=X Filename=winligom.exe Description=Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=62 Confirmed=X Filename=5640.exe Description=Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=63 Confirmed=X Filename=QQUpdate.exe Description=Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=64 Confirmed=X Filename=Mcafee.exe Description=Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=65 Confirmed=X Filename=fada.exe Description=Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=66 Confirmed=X Filename=Default.exe Description=Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=67 Confirmed=X Filename=KEYBOARD.exe Description=Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(Default)] Number=68 Confirmed=X Filename=msarti.com Description=Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank Source=Paul Collins Startup list [(L4r1$$4) (4nt1) (V1ruz)] Number=69 Confirmed=X Filename=SP00Lsv32.pif Description=Added by the ASSIRAL.B WORM! Source=Paul Collins Startup list [*Bandook] Number=70 Confirmed=X Filename=msdll.exe Description=Added by an unidentified TROJAN - see here Source=Paul Collins Startup list [*JanisRuckenbrodII] Number=71 Confirmed=X Filename=janis.com Description=Added by the POPS WORM! Source=Paul Collins Startup list [*Microsoft Update] Number=72 Confirmed=X Filename=ctxma.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=73 Confirmed=X Filename=cxma.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=74 Confirmed=X Filename=wstcl.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=75 Confirmed=X Filename=wucxt.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*Microsoft Update] Number=76 Confirmed=X Filename=wuytc.exe Description=Added by the STMU TROJAN! Source=Paul Collins Startup list [*MS Setup] Number=77 Confirmed=X Filename=[random filename] Description=Virtumondo adware, also known as the VUNDO TROJAN! Source=Paul Collins Startup list [*MSConfig32] Number=78 Confirmed=X Filename=aecache.exe Description=Detected by F-Secure as the OBFUSCATED.GP TROJAN! Source=Paul Collins Startup list [*Restore] Number=79 Confirmed=Y Filename=rstrui.exe Description=Part of Windows System Restore and added as a RunOnce registry entry. Leave alone Source=Paul Collins Startup list [*Security Center] Number=80 Confirmed=X Filename=secctr.exe Description=Added by the SDBOT.BRO WORM! Source=Paul Collins Startup list [*StateMgr] Number=81 Confirmed=Y Filename=statemgr.exe Description=Windows ME default for System Restore. Do NOT disable! Source=Paul Collins Startup list [*WerKernelReporting] Number=82 Confirmed=N Filename=WerFault.exe Description=Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here Source=Paul Collins Startup list [*windows update] Number=83 Confirmed=X Filename=wrauclt.exe Description=Added by the RBOT-QU WORM! Source=Paul Collins Startup list [*windows update] Number=84 Confirmed=X Filename=wuanclt.exe Description=Added by the RBOT-PG WORM! Source=Paul Collins Startup list [*windows update] Number=85 Confirmed=X Filename=wuaucrlt.exe Description=Added by the SPYBOT.HUR WORM! Source=Paul Collins Startup list [*windows update] Number=86 Confirmed=X Filename=wuraclt.exe Description=Added by the RBOT-PO WORM! Source=Paul Collins Startup list [*windows update] Number=87 Confirmed=X Filename=wurauclt.exe Description=Added by the RBOT-SY WORM! Source=Paul Collins Startup list [*windows update] Number=88 Confirmed=X Filename=wsctl.exe Description=Added by the SPYBOT.PR WORM! Source=Paul Collins Startup list [*windows update] Number=89 Confirmed=X Filename=wkmst.exe Description=Added by the SDBOT.AVD WORM! Source=Paul Collins Startup list [*windows update] Number=90 Confirmed=X Filename=wscxt.exe Description=Added by the RBOT.AOS WORM! Source=Paul Collins Startup list [*windows update] Number=91 Confirmed=X Filename=waurclt.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [*Windows [filename] Checker] Number=92 Confirmed=X Filename=[filename] Description=Added by the KEDEBE-B WORM! Source=Paul Collins Startup list [*WindowsAudio] Number=93 Confirmed=X Filename=systemupd.exe Description=Added by the AGENT-TH WORM! Source=Paul Collins Startup list [*WinLogon] Number=94 Confirmed=X Filename=[trojan path] ren time:[random number] Description=Added by the VUNDO TROJAN! Source=Paul Collins Startup list [*winstats] Number=95 Confirmed=X Filename=winstats.exe Description=Added by the GARGAFX TROJAN! Source=Paul Collins Startup list [*wuauclt.exe] Number=96 Confirmed=X Filename=w****.exe [* = random char] Description=Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... Source=Paul Collins Startup list [,main drive Loader] Number=97 Confirmed=X Filename=wininfo.exe Description=Suspected malware as it appears in 3 different registry locations - see here Source=Paul Collins Startup list [-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+] Number=98 Confirmed=X Filename=ISASS.exe Description=Added by the ASSIRAL.B WORM! Source=Paul Collins Startup list [-FreedomNeedsReboot] Number=99 Confirmed=Y Filename=ZkRunOnceR.exe Description=Internet Security Suite used by ISPs to protect customers against many attacks Source=Paul Collins Startup list [..] Number=100 Confirmed=X Filename=ABC2007.exe Description=Added by the DLOADR-ASH TROJAN! Source=Paul Collins Startup list [.mscdr] Number=101 Confirmed=X Filename=lassa.exe Description=Added by the WEBUS.C TROJAN! Source=Paul Collins Startup list [.mscdr] Number=102 Confirmed=X Filename=lsvchost.exe Description=Added by the WEBUS.D TROJAN! Source=Paul Collins Startup list [.mscdsr] Number=103 Confirmed=X Filename=lsvchost.exe Description=Added by the BDOOR-CR BACKDOOR! Source=Paul Collins Startup list [.mscsbl] Number=104 Confirmed=X Filename=svhost.exe Description=Added by the CMQ TROJAN! Source=Paul Collins Startup list [.msfupdate] Number=105 Confirmed=X Filename=msveup.exe Description=Added by the ALLOCUP.A WORM! Source=Paul Collins Startup list [.mssecure] Number=106 Confirmed=X Filename=mssecure.exe Description=Added by the DDOS_BOXED.X TROJAN! Source=Paul Collins Startup list [.NET config] Number=107 Confirmed=? Filename=sysmon32.exe Description=?? Source=Paul Collins Startup list [.NET.] Number=108 Confirmed=X Filename=msnmgnr.exe Description=Added by the DELF.AYF WORM! Source=Paul Collins Startup list [.norton] Number=109 Confirmed=X Filename=rchost.exe Description=Added by the BOXED-H TROJAN! Source=Paul Collins Startup list [.nvsvc] Number=110 Confirmed=X Filename=smss.exe Description=Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.nvsvcb] Number=111 Confirmed=X Filename=smssb.exe Description=Added by the BOXED.CG TROJAN! Source=Paul Collins Startup list [.Prog] Number=112 Confirmed=X Filename=services.exe Description=Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [.Prog] Number=113 Confirmed=X Filename=winlogon.exe Description=Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [.protected] Number=114 Confirmed=X Filename=N/A Description=Smitfraud variant Source=Paul Collins Startup list [.svchost] Number=115 Confirmed=X Filename=CSRSS.EXE Description=Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.TEXTCONV] Number=116 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.TEXTCONV] Number=117 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [.WMAudio] Number=118 Confirmed=X Filename=csrss.exe Description=Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [.WMAudio] Number=119 Confirmed=X Filename=lsass.exe Description=Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Source=Paul Collins Startup list [/l:eng] Number=120 Confirmed=N Filename=N/A Description=Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function Source=Paul Collins Startup list [000] Number=121 Confirmed=U Filename=pit.exe Description=PrivateEye surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [000hpdllhos] Number=122 Confirmed=X Filename=hpdllhost.exe Description=LZIO.com adware downloader Source=Paul Collins Startup list [000StTHK] Number=123 Confirmed=U Filename=000StTHK.exe Description=Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) Source=Paul Collins Startup list [0050726-007-i32-1] Number=124 Confirmed=X Filename=0050726-007-i32-1.exe Description=Added by the BANCBAN-EC TROJAN! Source=Paul Collins Startup list [00DSKSVR00] Number=125 Confirmed=? Filename=desksaver.exe Description=Related to Advanced Desktop Shield Source=Paul Collins Startup list [00DSKSVR01] Number=126 Confirmed=? Filename=desksaver.exe Description=Related to Advanced Desktop Shield Source=Paul Collins Startup list [00PCTFW] Number=127 Confirmed=Y Filename=FirewallGUI.exe Description=System Tray access to PC Tools Firewall Plus from PC Tools - which "is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC" Source=Paul Collins Startup list [00TCrdMain] Number=128 Confirmed=Y Filename=TCrdMain.exe Description=Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards Source=Paul Collins Startup list [00THotkey] Number=129 Confirmed=U Filename=00THotKey.exe Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. Source=Paul Collins Startup list [00THotkey] Number=130 Confirmed=U Filename=system32THotkey.exe Description=For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev Source=Paul Collins Startup list [0190 Warner] Number=131 Confirmed=U Filename=WARN0190.EXE Description=Anti-dialer program (Germany) Source=Paul Collins Startup list [0900 Warner] Number=132 Confirmed=U Filename=WARN0900.EXE Description=Anti-dialer program (Germany) Source=Paul Collins Startup list [0mcamcap] Number=133 Confirmed=X Filename=0mcamcap.exe Description=Added by the COSIAM-H TROJAN! Source=Paul Collins Startup list [0utlook Express] Number=134 Confirmed=X Filename=*****.exe [* = random char] Description=Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" Source=Paul Collins Startup list [1] Number=135 Confirmed=X Filename=1.exe Description=Added by the ESTEEMS TROJAN! Source=Paul Collins Startup list [1] Number=136 Confirmed=X Filename=lsass.scr Description=Added by the BANCOS.V TROJAN! Source=Paul Collins Startup list [1] Number=137 Confirmed=X Filename=svchost.scr Description=Added by the BANCOS.X TROJAN! Source=Paul Collins Startup list [1] Number=138 Confirmed=X Filename=mrcmgr.exe Description=Added by the BANKER.RQK TROJAN! Source=Paul Collins Startup list [1] Number=139 Confirmed=X Filename=KHATRA.exe Description=Added by the AUTOIT-BP WORM! Source=Paul Collins Startup list [1&1 EasyLogin] Number=140 Confirmed=N Filename=EasyLogin.exe Description=1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray Source=Paul Collins Startup list [1-sukarno] Number=141 Confirmed=X Filename=sukarno.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [101Clips] Number=142 Confirmed=U Filename=101Clips.exe Description=101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" Source=Paul Collins Startup list [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] Number=143 Confirmed=X Filename=sysockeu.exe Description=Added by the FAKEALERT-AH TROJAN! Source=Paul Collins Startup list [10Base-T] Number=144 Confirmed=X Filename=explore.exe Description=Added by the AGOBOT-IJ WORM! Source=Paul Collins Startup list [1111swapmgr.exe] Number=145 Confirmed=X Filename=1111swapmgr.exe Description=Added by the BDOOR-IC BACKDOOR! Source=Paul Collins Startup list [123456] Number=146 Confirmed=X Filename=rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl Description=Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number Source=Paul Collins Startup list [1234klsjdc uiar924c af] Number=147 Confirmed=X Filename=sxgnsvuxct.exe Description=Added by the FAKEALERT-AM TROJAN! Source=Paul Collins Startup list [1234klsjdc uiar924c af] Number=148 Confirmed=X Filename=sysvtypkbjx.exe Description=Added by the FAKEALERT-AM TROJAN! Source=Paul Collins Startup list [123Monitor] Number=149 Confirmed=X Filename=SpywareFreeMonitor.exe Description=1-2-3 Spyware Free rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [12Ghosts Backup] Number=150 Confirmed=U Filename=12backup.exe Description=12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" Source=Paul Collins Startup list [12Ghosts Clip] Number=151 Confirmed=U Filename=12clip.exe Description=12Ghosts Clip - "Screen shots made easy" Source=Paul Collins Startup list [12Ghosts JustAWindow] Number=152 Confirmed=U Filename=12window.exe Description=12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" Source=Paul Collins Startup list [12Ghosts Popup-Killer] Number=153 Confirmed=U Filename=12popup.exe Description=12Ghosts Popup-Killer Source=Paul Collins Startup list [12Ghosts SaveLayout] Number=154 Confirmed=U Filename=12autosl.exe Description=12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" Source=Paul Collins Startup list [12Ghosts SetColor] Number=155 Confirmed=U Filename=12color.exe Description=12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" Source=Paul Collins Startup list [12Ghosts ShowTime] Number=156 Confirmed=U Filename=12showtime.exe Description=12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" Source=Paul Collins Startup list [12Ghosts Synchronize] Number=157 Confirmed=U Filename=12sync.exe Description=12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" Source=Paul Collins Startup list [12Ghosts Tower] Number=158 Confirmed=U Filename=12tower.exe Description=12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" Source=Paul Collins Startup list [12Ghosts TrayProtect] Number=159 Confirmed=U Filename=12srvc.exe Description=12Ghosts TrayProtect - "Hide tray icons, restore after a crash" Source=Paul Collins Startup list [12Ghosts Wash] Number=160 Confirmed=U Filename=12wash.exe Description=12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" Source=Paul Collins Startup list [12Voip] Number=161 Confirmed=N Filename=12Voip.exe Description=12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype Source=Paul Collins Startup list [17779Proj2002] Number=162 Confirmed=? Filename=N/A Description=?? Source=Paul Collins Startup list [180adsolution] Number=163 Confirmed=X Filename=180adsolution.exe Description=180solutions adware Source=Paul Collins Startup list [180ax] Number=164 Confirmed=X Filename=180ax.exe Description=180Search adware Source=Paul Collins Startup list [180ClientStubInstall] Number=165 Confirmed=X Filename=stubinstaller****.exe [* = digit] Description=180Solutions adware related Source=Paul Collins Startup list [180ClientStubInstall] Number=166 Confirmed=X Filename=[path to trojan] Description=180Solutions adware related Source=Paul Collins Startup list [180ClientStubInstall] Number=167 Confirmed=X Filename=******.tmp [* = random digit/char] Description=180Solutions adware related Source=Paul Collins Startup list [180sa] Number=168 Confirmed=X Filename=180sa.exe Description=180Search adware Source=Paul Collins Startup list [1916435341.exe] Number=169 Confirmed=X Filename=1916435341.exe Description=Added by the DLOADR-AXU TROJAN! Source=Paul Collins Startup list [196_150_ni] Number=170 Confirmed=X Filename=196_150_ni.exe Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here Source=Paul Collins Startup list [197_150_ni_3] Number=171 Confirmed=X Filename=197_150_ni_3.exe Description=WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here Source=Paul Collins Startup list [1:] Number=172 Confirmed=N Filename=hpdrv.exe Description=HP utility for monitoring when and how many recoveries have been done Source=Paul Collins Startup list [1A:MacVisionTrayMonitor] Number=173 Confirmed=N Filename=TrayMonitor.exe Description=Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) Source=Paul Collins Startup list [1A:Stardock MCP] Number=174 Confirmed=Y Filename=mcpserver.exe Description=Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications Source=Paul Collins Startup list [1A:Stardock TrayMonitor] Number=175 Confirmed=Y Filename=TrayServer.exe Description=For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX Source=Paul Collins Startup list [1CmailS] Number=176 Confirmed=? Filename=NETMAIL.EXE Description=?? Source=Paul Collins Startup list [1on1] Number=177 Confirmed=X Filename=1on1.exe Description=Adult content dialler Source=Paul Collins Startup list [1Srv32] Number=178 Confirmed=U Filename=SpyAgent4.exe Description=SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." Source=Paul Collins Startup list [1u7] Number=179 Confirmed=X Filename=1u7.exe Description=Added by the MURBAC-A TROJAN! Source=Paul Collins Startup list [1Win32Cfg] Number=180 Confirmed=U Filename=SpyBuddy.exe Description=SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [1Win32Cfg] Number=181 Confirmed=U Filename=Keyloggerpro.exe Description=Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [1WinCfg32] Number=182 Confirmed=X Filename=WebMailSpy.exe Description=WebMailSpy spyware Source=Paul Collins Startup list [2-suharto] Number=183 Confirmed=X Filename=suharto.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [2020Downloader] Number=184 Confirmed=X Filename=mssvr.exe Description=2020Search Toolbar Source=Paul Collins Startup list [2177F056-0AA6-4D6C-A944-13F71F341C29] Number=185 Confirmed=X Filename=sysokuaw.exe Description=Added by the FAKEALERT-AH TROJAN! Source=Paul Collins Startup list [24Online Client] Number=186 Confirmed=U Filename=CyberoamClient.exe Description=Related to Cyberroam from Elitecore Technologies Ltd Source=Paul Collins Startup list [250kg] Number=187 Confirmed=X Filename=250kg.exe Description=Added by the AUTORUN-TI WORM! Source=Paul Collins Startup list [252] Number=188 Confirmed=X Filename=winmgr.exe Description=Added by the LEGMIR-AT TROJAN! Source=Paul Collins Startup list [27] Number=189 Confirmed=X Filename=slsorve.exe Description=Added by the SLSORVE-A TROJAN! Source=Paul Collins Startup list [27] Number=190 Confirmed=X Filename=csrss32.exe Description=Added by the SLSORVE-D TROJAN! Source=Paul Collins Startup list [27] Number=191 Confirmed=X Filename=msm32.exe Description=Added by the SLSORVE-E TROJAN! Source=Paul Collins Startup list [2Search] Number=192 Confirmed=X Filename=main.exe Description=2Search adware Source=Paul Collins Startup list [2thousandbuck] Number=193 Confirmed=X Filename=[path to file] Description=Added by the RANKY.L TROJAN! Source=Paul Collins Startup list [2wSysTray] Number=194 Confirmed=U Filename=2portalmon.exe Description=2Wire Homeportal user interface Source=Paul Collins Startup list [3-habibie] Number=195 Confirmed=X Filename=habibie.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [32-bit Thunking service] Number=196 Confirmed=X Filename=thunk32.exe Description=Added by the DERDERO.A WORM! Source=Paul Collins Startup list [333] Number=197 Confirmed=X Filename=svchost.exe Description=Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory Source=Paul Collins Startup list [36X Raid Configurer] Number=198 Confirmed=Y Filename=JMRaidSetup.exe Description=JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers Source=Paul Collins Startup list [388529725448] Number=199 Confirmed=X Filename=AutomaticUpdates.exe Description=Added by the SDBOT-DEN WORM! Source=Paul Collins Startup list [39ELTFH25Z8SKF] Number=200 Confirmed=? Filename=Ezg1q5.exe Description=Seems to be associated with software by Resplendence SP ? Source=Paul Collins Startup list [3c1807pd] Number=201 Confirmed=Y Filename=3cmlink.exe 3cpipe-3c1807pd Description=3Com WinModem driver. See here for more WinModem information Source=Paul Collins Startup list [3capplnk] Number=202 Confirmed=Y Filename=3capplnk.exe Description=US Robotics Modem driver Source=Paul Collins Startup list [3cdminic] Number=203 Confirmed=N Filename=3CDMINIC.EXE Description=3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Source=Paul Collins Startup list [3CM Link] Number=204 Confirmed=Y Filename=3cmcnkw.exe Description=Required for a US Robotics WinModem as it provides the link to Windows - won't work without it Source=Paul Collins Startup list [3Cmlink] Number=205 Confirmed=Y Filename=3CmlinkW.exe Description=For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information Source=Paul Collins Startup list [3Com Launcher] Number=206 Confirmed=? Filename=Launcher.exe Description=Related to networking products from 3Com Corporation. What does it do and is it required? Source=Paul Collins Startup list [3ComDMIAgent] Number=207 Confirmed=N Filename=3CDMINIC.EXE Description=3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Source=Paul Collins Startup list [3cpipe-USRpdA] Number=208 Confirmed=Y Filename=USRmlnkA.exe Description=Modem driver files from US Robotics Source=Paul Collins Startup list [3D Text] Number=209 Confirmed=X Filename=3D Text.scr Description=Added by the JERMY.A WORM! Source=Paul Collins Startup list [3Deep Control Panel] Number=210 Confirmed=U Filename=3DeepCTL.EXE Description=3Deep® from E-Color corrects lighting, shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™ Source=Paul Collins Startup list [3Dfx Acc] Number=211 Confirmed=X Filename=GFXACC.EXE Description=Added by the GIBE WORM! Source=Paul Collins Startup list [3dfx Task Manager] Number=212 Confirmed=N Filename=3dfxMan.exe Description=System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs Source=Paul Collins Startup list [3dfx Tools] Number=213 Confirmed=Y Filename=3dfxCmn.dll Description=Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards Source=Paul Collins Startup list [3dfxv2ps.dll] Number=214 Confirmed=Y Filename=3dfxv2ps.dll Description=Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards Source=Paul Collins Startup list [3Dlabs Taskbar Display Manager] Number=215 Confirmed=? Filename=3DLman.exe Description=3DLabs graphics driver related. System Tray access to display settings? Source=Paul Collins Startup list [3DLabsHelperDemon] Number=216 Confirmed=U Filename=3dldemon.exe Description=Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled Source=Paul Collins Startup list [3DMouse.EXE] Number=217 Confirmed=Y Filename=3DMouse.EXE Description=Dritek System Inc. 3D Mouse driver Source=Paul Collins Startup list [3d_sound] Number=218 Confirmed=X Filename=3d_sound.exe Description=Added by the RIADOS-A TROJAN! Source=Paul Collins Startup list [3qdctl.exe] Number=219 Confirmed=U Filename=3qdctl.exe Description=Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ Source=Paul Collins Startup list [3ware 3DM] Number=220 Confirmed=Y Filename=3dm.exe Description=Monitors status of the disk array on 3ware IDE RAID controllers Source=Paul Collins Startup list [4-gusdur] Number=221 Confirmed=X Filename=gusdur.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [456655] Number=222 Confirmed=X Filename=explorer.exe Description=Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System% Source=Paul Collins Startup list [4684735485910] Number=223 Confirmed=X Filename=netdll32.exe Description=Added by the SDBOT-DEV WORM! Source=Paul Collins Startup list [4da92ad5.exe] Number=224 Confirmed=X Filename=4da92ad5.exe Description=Added by the DLOADR-WZ TROJAN! Source=Paul Collins Startup list [4k51k4] Number=225 Confirmed=X Filename=4k51k4.exe Description=Added by the BRONTOK-BH WORM! Source=Paul Collins Startup list [4oD] Number=226 Confirmed=U Filename=KHost.exe Description=Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops Source=Paul Collins Startup list [4wd!!!] Number=227 Confirmed=X Filename=Natal!.pif Description=Added by the OPASERV.AI WORM! Source=Paul Collins Startup list [5-1-61-96] Number=228 Confirmed=X Filename=members-area.exe Description=Adult content dialler Source=Paul Collins Startup list [5-2-46-112] Number=229 Confirmed=X Filename=5-2-46-112.exe Description=Adult content pop-up dialler. Removal instructions here Source=Paul Collins Startup list [5-megawati] Number=230 Confirmed=X Filename=megawati.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [55278] Number=231 Confirmed=X Filename=grepclient1.exe Description=Added by the LINEAGE-S TROJAN! Source=Paul Collins Startup list [5p4m] Number=232 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-C TROJAN! Source=Paul Collins Startup list [5whgue21] Number=233 Confirmed=X Filename=5whgue21.exe Description=ClearSearch adware Source=Paul Collins Startup list [6-susilo b] Number=234 Confirmed=X Filename=sby.exe Description=Added by the BRONTOK-CR WORM! Source=Paul Collins Startup list [65438761234587528] Number=235 Confirmed=X Filename=rkgnd.exe Description=ANG AntiVirus 09 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [666] Number=236 Confirmed=X Filename=Ska.exe Description=Added by the PIPES TROJAN! Source=Paul Collins Startup list [678] Number=237 Confirmed=X Filename=lsas32.exe Description=Added by the SLSORVE-B TROJAN! Source=Paul Collins Startup list [756349DC-6D9E-4F2A-9B24-269661F073C3] Number=238 Confirmed=X Filename=sysoghcx.exe Description=Added by the FAKEALERT-AH TROJAN! Source=Paul Collins Startup list [76112549345328287] Number=239 Confirmed=X Filename=angpd.exe Description=ANG AntiVirus 09 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [7f8e] Number=240 Confirmed=X Filename=z****.exe 9idf Description=Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the %System% folder Source=Paul Collins Startup list [802.11b+g USB Wireless LAN Utility] Number=241 Confirmed=U Filename=ZDWlan.exe Description=802.11b+g USB Wireless LAN Utility Source=Paul Collins Startup list [802.11g MIMO Wireless Utility] Number=242 Confirmed=U Filename=RaUI.exe Description=Wireless configuration utility for Railink 802.11g MIMO based products Source=Paul Collins Startup list [802.11g Wireless Adatper] Number=243 Confirmed=U Filename=Monitor.exe Description=Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled Source=Paul Collins Startup list [852EBF20-A95D-4F1F-B9C2-B2CD24350F3E] Number=244 Confirmed=X Filename=sysodkcs.exe Description=Added by the FAKEALERT-AH TROJAN! Source=Paul Collins Startup list [98D0CE0C16B1] Number=245 Confirmed=X Filename=rundll32.exe D0CE0C16B1, D0CE0C16B1 Description=BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [9m] Number=246 Confirmed=X Filename=winlog0n.exe Description=Added by the LEGMIR-AQK TROJAN! Source=Paul Collins Startup list [9xadiras] Number=247 Confirmed=Y Filename=9xadiras.exe Description=Allied Telesyn AT series router/modem related - apparently required Source=Paul Collins Startup list [9xHtProtect] Number=248 Confirmed=X Filename=AVprotect9x.exe Description=Added by the NETSKY.M WORM! Source=Paul Collins Startup list [;Rundll] Number=249 Confirmed=X Filename=[filename] Description=Added by the PWSLEGMIR.E TROJAN! Source=Paul Collins Startup list [?ekio Startups] Number=250 Confirmed=X Filename=?nksvc32.exe Description=Added by the AGOBOT-OV WORM where ? is a random character Source=Paul Collins Startup list [@] Number=251 Confirmed=X Filename=regedit -s win.dll Description=Added by the SEEKER.K TROJAN! Note that regedit is the the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir% Source=Paul Collins Startup list [@] Number=252 Confirmed=X Filename=iexpl0res.exe Description=Added by the RBOT.AEX WORM! Source=Paul Collins Startup list [@] Number=253 Confirmed=X Filename=wincms.exe Description=Added by the RBOT.CBR WORM! Source=Paul Collins Startup list [@] Number=254 Confirmed=X Filename=winsys32.exe Description=Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank Source=Paul Collins Startup list [@Hoc Toolbar] Number=255 Confirmed=N Filename=AtHoc.exe Description=One-click activated browsing toolbar used by various web-sites. See here for more info Source=Paul Collins Startup list [@loha] Number=256 Confirmed=N Filename=reminder.exe Description=Registration reminder for @loha@home E-mail utility Source=Paul Collins Startup list [@tour_ww] Number=257 Confirmed=X Filename=@tour_ww[1].exe Description=Adult content dialler Source=Paul Collins Startup list [a] Number=258 Confirmed=X Filename=a.exe Description=Commercials file that registers itself in the system registry and redirects IE to a certain commercial website Source=Paul Collins Startup list [a] Number=259 Confirmed=X Filename=jesse.exe Description=Added by the MELO-A WORM! Source=Paul Collins Startup list [A New Windows Updater] Number=260 Confirmed=X Filename=w32NTupdt.exe Description=Added by the MYTOB.BM WORM! Source=Paul Collins Startup list [A Note] Number=261 Confirmed=N Filename=A Note.exe Description="A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop" Source=Paul Collins Startup list [A Verizon App] Number=262 Confirmed=U Filename=VERIZO~1.EXE Description=Part of Verizon Online Support Manager Source=Paul Collins Startup list [a²] Number=263 Confirmed=U Filename=a2guard.exe Description=a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature Source=Paul Collins Startup list [a-squared] Number=264 Confirmed=U Filename=a2guard.exe Description=a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature Source=Paul Collins Startup list [a-squared Anti-Dialer] Number=265 Confirmed=Y Filename=a2adguard.exe Description=a-sqaured Anti-Dialer Source=Paul Collins Startup list [a-winpoet-service] Number=266 Confirmed=Y Filename=winpppoverethernet.exe Description=WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking Source=Paul Collins Startup list [A1000 Settings Utility] Number=267 Confirmed=U Filename=cpqa1000.exe Description=Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features Source=Paul Collins Startup list [A4Proxy] Number=268 Confirmed=U Filename=A4Proxy.exe Description=Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites Source=Paul Collins Startup list [A5118r] Number=269 Confirmed=X Filename=_default32142.pif Description=Added by the BRONTOK-AK WORM and variants! Source=Paul Collins Startup list [A5118r] Number=270 Confirmed=X Filename=j6321422.exe Description=Added by the BRONTOK-AK WORM and variants! Source=Paul Collins Startup list [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] Number=271 Confirmed=X Filename=rundll32.exe E6F1873B.DLL, D9EBC318C Description=BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [aa bbcc dde effgghh jj] Number=272 Confirmed=X Filename=update.exe Description=Added by a variant of the IRCBOT BACKDOOR! Source=Paul Collins Startup list [AAACLEAN] Number=273 Confirmed=? Filename=AAACLEAN.INF Description=?? Source=Paul Collins Startup list [AAAKeyboard] Number=274 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [AAATraySaver] Number=275 Confirmed=N Filename=TraySaver.exe Description=System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray Source=Paul Collins Startup list [AAK] Number=276 Confirmed=U Filename=aak.exe Description=Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" Source=Paul Collins Startup list [aaLDISCN32] Number=277 Confirmed=U Filename=LDISCN32.EXE Description=LANDesk® Management Suite software component Source=Paul Collins Startup list [aaLDTaskCompletion] Number=278 Confirmed=U Filename=amclient.EXE Description=LANDesk® Management Suite software component Source=Paul Collins Startup list [AAMSFree702] Number=279 Confirmed=X Filename=Avengine.com Description=Added by the DELF.LJ TROJAN! Source=Paul Collins Startup list [AAMSFree702] Number=280 Confirmed=X Filename=sys.exe Description=Added by the BACKDOOR-CPC TROJAN! Source=Paul Collins Startup list [Aaou] Number=281 Confirmed=X Filename=amee.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aapp] Number=282 Confirmed=X Filename=adprot.exe Description=AdBlaster adware Source=Paul Collins Startup list [aaprotect] Number=283 Confirmed=X Filename=[path to trojan] Description=Added by the BANCBAN-MJ TROJAN! Source=Paul Collins Startup list [aauclient] Number=284 Confirmed=? Filename=ACNUpdater.exe Description=Appears to be related to software from Accenture.com Source=Paul Collins Startup list [AAW] Number=285 Confirmed=U Filename=Ad-Aware.exe Description=Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free Source=Paul Collins Startup list [AAWTray] Number=286 Confirmed=U Filename=AAWTray.exe Description=System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [ab EazyScheduler] Number=287 Confirmed=? Filename=ezsched.exe Description=?? Source=Paul Collins Startup list [abass] Number=288 Confirmed=X Filename=abass.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [ABBYY Community Agent] Number=289 Confirmed=N Filename=CAGENT.EXE Description=Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software Source=Paul Collins Startup list [ABC] Number=290 Confirmed=U Filename=keylogger.exe Description=Keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [abcdefgh] Number=291 Confirmed=X Filename=abcdefgh.exe Description=EPJ TROJAN! Source=Paul Collins Startup list [ABIT uGuru] Number=292 Confirmed=U Filename=uGuru.exe Description=ABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweaking Source=Paul Collins Startup list [ABITEQ] Number=293 Confirmed=N Filename=abiteq.exe Description=Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds Source=Paul Collins Startup list [Abrada WIN32] Number=294 Confirmed=X Filename=abrada.exe Description=Added by the DERMON-G TROJAN! Source=Paul Collins Startup list [ABRegmon] Number=295 Confirmed=Y Filename=ABregmon.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? Source=Paul Collins Startup list [Absolute Shield] Number=296 Confirmed=U Filename=dseraser.exe Description=Absolute Shield Evidence Eliminator - internet history eraser Source=Paul Collins Startup list [Absolute StartUp monitor] Number=297 Confirmed=U Filename=ASMon.exe Description=Absolute Startup - startup monitor from F-Group Software Source=Paul Collins Startup list [AbsoluteShield Internet Eraser] Number=298 Confirmed=U Filename=cseraser.exe Description=AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" Source=Paul Collins Startup list [ABsr] Number=299 Confirmed=X Filename=absr.exe Description=Added by the AUTOUPDER TROJAN! Source=Paul Collins Startup list [absr] Number=300 Confirmed=X Filename=mwsvm.exe Description=SeekSeek search hijacker related - see here Source=Paul Collins Startup list [abtu] Number=301 Confirmed=X Filename=mp3serch.exe Description=Loads the executable for Lop.com - final version Source=Paul Collins Startup list [abtu] Number=302 Confirmed=X Filename=lopsearch.exe Description=Loads the executable for Lop.com - beta version Source=Paul Collins Startup list [AbyssWebServer] Number=303 Confirmed=U Filename=abyssws.exe Description=Abyss web server Source=Paul Collins Startup list [Ac97Sound] Number=304 Confirmed=X Filename=snddrv.exe Description=Added by the VB.AXG TROJAN! Source=Paul Collins Startup list [AcBtnMgr_X63] Number=305 Confirmed=U Filename=AcBtnMgr_X63.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X63.exe] Number=306 Confirmed=U Filename=AcBtnMgr_X63.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X73] Number=307 Confirmed=U Filename=AcBtnMgr_X73.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X83] Number=308 Confirmed=U Filename=AcBtnMgr_X83.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [AcBtnMgr_X84-X85] Number=309 Confirmed=U Filename=AcBtnMgr_X84-X85.exe Description="Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Source=Paul Collins Startup list [acc] Number=310 Confirmed=U Filename=acc.exe Description=Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" Source=Paul Collins Startup list [ACCDEFRAGINFO] Number=311 Confirmed=X Filename=[path to worm] Description=Added by the DARBY-O WORM! Source=Paul Collins Startup list [Accelerate] Number=312 Confirmed=U Filename=accelerate.exe Description=Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection Source=Paul Collins Startup list [Access Control App] Number=313 Confirmed=X Filename=winsto.exe Description=Added by the AGENT.DGO TROJAN! Source=Paul Collins Startup list [Access IBM Message Center] Number=314 Confirmed=N Filename=ibmmessages.exe Description="The Access IBM Message Center displays messages to inform you about helpful software that may be pre-installed on your PC. The Message Center can also provide messages about new updates available from the IBM Support Center to keep your computer current" Source=Paul Collins Startup list [Access Ramp Monitor] Number=315 Confirmed=N Filename=armon32.exe Description=Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again Source=Paul Collins Startup list [Access WebControl] Number=316 Confirmed=X Filename=[path to file] Description=Added by the PPDOOR-M TROJAN! Source=Paul Collins Startup list [AccessManager] Number=317 Confirmed=U Filename=AccessMgr.exe Description=Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" Source=Paul Collins Startup list [AccessMedia P2P Loader] Number=318 Confirmed=X Filename=amp2pl.exe Description=My AccessMedia toolbar related, stealth installed! Source=Paul Collins Startup list [AccessoriesPlus] Number=319 Confirmed=U Filename=clockplus.exe Description=Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock Source=Paul Collins Startup list [AccessRamp Monitor01] Number=320 Confirmed=N Filename=ARMon32a.exe Description=From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." Source=Paul Collins Startup list [AccessRampLAN01] Number=321 Confirmed=N Filename=ARUpld32.exe Description=Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 Source=Paul Collins Startup list [AcctMgr] Number=322 Confirmed=U Filename=AcctMgr.exe Description=Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC Source=Paul Collins Startup list [AccuWeather.com® Desktop] Number=323 Confirmed=N Filename=AccuWeatherDesktop.exe Description=Desktop weather from AccuWeather Source=Paul Collins Startup list [AccuWeatherDesktopAlerts] Number=324 Confirmed=N Filename=AccuWeatherDesktopAlerts.exe Description=Weather alerts for AccuWeather.com Desktop which "provides you with the most accurate, late-breaking weather conditions for the United States" Source=Paul Collins Startup list [accwizz.exe] Number=325 Confirmed=X Filename=accwizz.exe Description=Added by the RULAND.A WORM! Source=Paul Collins Startup list [accwizzz.exe] Number=326 Confirmed=X Filename=accwizzz.exe Description=Added by the RULAND.A WORM! Source=Paul Collins Startup list [ACDaemon] Number=327 Confirmed=N Filename=ACDaemon.exe Description=Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia Source=Paul Collins Startup list [acdllib3] Number=328 Confirmed=X Filename=bcdlmem.exe Description=Added by the MAILBOT-BA TROJAN! Source=Paul Collins Startup list [ACDSee] Number=329 Confirmed=N Filename=ACDSee8Pro.exe Description=ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories Source=Paul Collins Startup list [Ace bows] Number=330 Confirmed=? Filename=Ace bows.exe Description=?? Source=Paul Collins Startup list [AceGain LiveUpdate] Number=331 Confirmed=N Filename=LiveUpdate.exe Description="AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" Source=Paul Collins Startup list [Acer ePower Management] Number=332 Confirmed=U Filename=Acer ePower Management.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Source=Paul Collins Startup list [Acer ePresentation HPD] Number=333 Confirmed=N Filename=ePresentation.exe Description=Allows you to connect your Acer laptop to a projector Source=Paul Collins Startup list [Acer Product Registration] Number=334 Confirmed=N Filename=ACE1.exe Description=Acer Product Registration - remove when registration is completed Source=Paul Collins Startup list [Acer Tour Reminder] Number=335 Confirmed=N Filename=Reminder.exe Description=Popup reminder to take the tour of your new Acer laptop Source=Paul Collins Startup list [AcerGoto] Number=336 Confirmed=U Filename=AcerGoto.exe Description=Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer Source=Paul Collins Startup list [AcerNotebookManager] Number=337 Confirmed=U Filename=almxptray.exe Description=System Tray access on some Acer Notebooks to give faster access to system settings Source=Paul Collins Startup list [AcerPowerkey] Number=338 Confirmed=U Filename=Powerkey.exe Description=PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 Source=Paul Collins Startup list [Acess2007a] Number=339 Confirmed=X Filename=access2007a.exe Description=Added by the GAOBOT.PQA WORM! Source=Paul Collins Startup list [Aceu] Number=340 Confirmed=X Filename=[random filename] Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [acEventServ] Number=341 Confirmed=Y Filename=acevtsrv.exe Description=ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication Source=Paul Collins Startup list [AClntUsr] Number=342 Confirmed=U Filename=AClntUsr.exe Description=Altiris AClient Service Windows Tray Icon Source=Paul Collins Startup list [Acme.PCHButton] Number=343 Confirmed=N Filename=pchbutton.exe Description=Used by HP Instant Support Source=Paul Collins Startup list [ACMonitor_X63] Number=344 Confirmed=U Filename=ACMonitor_X63.exe Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Source=Paul Collins Startup list [ACMonitor_X63.exe] Number=345 Confirmed=U Filename=ACMonitor_X63.exe Description=Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Source=Paul Collins Startup list [ACMonitor_X73] Number=346 Confirmed=U Filename=ACMonitor_X73.exe Description=Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" Source=Paul Collins Startup list [ACMonitor_X83] Number=347 Confirmed=U Filename=ACMonitor_X83.exe Description=Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" Source=Paul Collins Startup list [ACMonitor_X84-X85] Number=348 Confirmed=U Filename=ACMonitor_X84-X85.exe Description=Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X84-X85.exe" Source=Paul Collins Startup list [acocash] Number=349 Confirmed=X Filename=fastdown.exe Description=Adult content dialler Source=Paul Collins Startup list [acocash] Number=350 Confirmed=X Filename=FASTFOWN.EXE Description=Adult content dialler Source=Paul Collins Startup list [Acombo3dmouse] Number=351 Confirmed=U Filename=Acombo3d.exe Description=Mouse driver - required if you use non-standard Windows driver features Source=Paul Collins Startup list [Aconti] Number=352 Confirmed=X Filename=aconti.exe Description=Adult content dialler Source=Paul Collins Startup list [acoustic] Number=353 Confirmed=U Filename=acoustic.exe Description=Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained Source=Paul Collins Startup list [acpart] Number=354 Confirmed=N Filename=agpart11.exe Description=Program for finding trucks on-line Source=Paul Collins Startup list [Acrobat] Number=355 Confirmed=X Filename=acrmon32.exe Description=Added by the SMALL-ECT TROJAN! Source=Paul Collins Startup list [Acrobat Assistant] Number=356 Confirmed=U Filename=AcroTray.exe Description=Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation Source=Paul Collins Startup list [Acrobat Assistant 7.0] Number=357 Confirmed=U Filename=Acrotray.exe Description=Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation Source=Paul Collins Startup list [Acrobat Assistant 8.0] Number=358 Confirmed=U Filename=Acrotray.exe Description=Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation Source=Paul Collins Startup list [Acrobat Read] Number=359 Confirmed=X Filename=acroup32.exe Description=Added by the VANBOT-BQ TROJAN! Source=Paul Collins Startup list [Acrobat Speed Launch] Number=360 Confirmed=N Filename=acrobat_sl.exe Description=Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards Source=Paul Collins Startup list [ACROMOUSE] Number=361 Confirmed=U Filename=ACROMAPP.exe Description=Related to ACROMOUSE Laser mouse control Source=Paul Collins Startup list [Acronis Popup Blocker] Number=362 Confirmed=U Filename=RunDll32.exe [path] Blocker.dll, Run Description=Part of Acronis Privacy Expert - anti-spyware and security suite Source=Paul Collins Startup list [Acronis Scheduler Helper] Number=363 Confirmed=U Filename=schedhlp.exe Description=Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Source=Paul Collins Startup list [Acronis Scheduler2 Service] Number=364 Confirmed=U Filename=schedhlp.exe Description=Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Source=Paul Collins Startup list [Acronis True Image] Number=365 Confirmed=U Filename=TimounterMonitor.exe Description=Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Source=Paul Collins Startup list [Acronis True Image Monitor] Number=366 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [Acronis TrueImage Monitor] Number=367 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [Acronis*True*Image Monitor] Number=368 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [AcronisTimounterMonitor] Number=369 Confirmed=U Filename=TimounterMonitor.exe Description=Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Source=Paul Collins Startup list [AcronisTrueImage Monitor] Number=370 Confirmed=N Filename=TrueImageMonitor.exe Description=Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage Source=Paul Collins Startup list [Act! Preloader] Number=371 Confirmed=U Filename=Act8.exe Description=Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" Source=Paul Collins Startup list [Action Manager 32] Number=372 Confirmed=N Filename=am32.exe Description=Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs Source=Paul Collins Startup list [ActionAgent] Number=373 Confirmed=? Filename=actionagent.exe Description="A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? Source=Paul Collins Startup list [Activation] Number=374 Confirmed=N Filename=Activation.exe Description=Part of Microsoft Money Source=Paul Collins Startup list [Activboard] Number=375 Confirmed=U Filename=MMKeybd.exe Description=Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys Source=Paul Collins Startup list [Active Bit Station] Number=376 Confirmed=X Filename=abs.exe Description=Added by the MYTOB.BZ WORM! Source=Paul Collins Startup list [Active CPU] Number=377 Confirmed=N Filename=acpu.exe Description=Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" Source=Paul Collins Startup list [Active Desktop Calendar] Number=378 Confirmed=U Filename=ADC.EXE Description=XemiComputers Active Desktop Calendar Source=Paul Collins Startup list [Active Email Monitor] Number=379 Confirmed=U Filename=aem25.exe Description=Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email Source=Paul Collins Startup list [Active shield] Number=380 Confirmed=U Filename=Activeshield.exe Description=Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" Source=Paul Collins Startup list [ActiveDesktop] Number=381 Confirmed=X Filename=systray32.exe Description=Added by the DABOOM WORM! Source=Paul Collins Startup list [ACTIVEDS] Number=382 Confirmed=X Filename=ACTIVEDS.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [ActiveEyes] Number=383 Confirmed=N Filename=ActiveEyes.exe Description=ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut Source=Paul Collins Startup list [ActiveKeys.AAB635BD7D054a37A576] Number=384 Confirmed=U Filename=akeys.exe Description="Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" Source=Paul Collins Startup list [ActiveMenu] Number=385 Confirmed=U Filename=ActiveMenu.exe Description=Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [ActivePlus] Number=386 Confirmed=U Filename=activeplus.exe Description=Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) Source=Paul Collins Startup list [ActiveScan Antivirus] Number=387 Confirmed=X Filename=ActiveScan.exe Description=Added by the RBOT-FKQ WORM! Source=Paul Collins Startup list [ActiveScript32] Number=388 Confirmed=X Filename=nod.exe Description=Added by the SOHANA-AJ WORM! Source=Paul Collins Startup list [ActiveShield] Number=389 Confirmed=Y Filename=MCVSSHLD.EXE Description=McAfee VirusScan On-line. See also the McAgentExe entry Source=Paul Collins Startup list [ActiveSpeed] Number=390 Confirmed=N Filename=AS.exe Description=Ascentive ActiveSpeed internet optimizer - not recommended, see here and here Source=Paul Collins Startup list [ActiveSync] Number=391 Confirmed=X Filename=wcescom32.exe Description=Added by the MANCSYN-E TROJAN! Source=Paul Collins Startup list [ActiveWords] Number=392 Confirmed=N Filename=AWMonitor.exe Description=ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you've typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you've defined Source=Paul Collins Startup list [ActiveX File Registration Service] Number=393 Confirmed=X Filename=filereg.exe Description=Added by the RBOT-DVD WORM! Source=Paul Collins Startup list [ActiveX Streamer] Number=394 Confirmed=X Filename=msgfix.exe Description=Added by the SDBOT.NQ WORM! Source=Paul Collins Startup list [ActiveXUpdate] Number=395 Confirmed=X Filename=svcss.exe Description=Added by a variant of the DEDLER.C TROJAN! Source=Paul Collins Startup list [Activity] Number=396 Confirmed=U Filename=actik.exe Description=ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ActivSurf] Number=397 Confirmed=N Filename=backweb*****.exe Description=Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates Source=Paul Collins Startup list [ActMaker] Number=398 Confirmed=U Filename=ActMak25.exe Description="ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" Source=Paul Collins Startup list [ActMaker] Number=399 Confirmed=U Filename=ActMaker25.exe Description=ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload Source=Paul Collins Startup list [ACTray] Number=400 Confirmed=U Filename=ACTray.exe Description=System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" Source=Paul Collins Startup list [Actual Window Manager] Number=401 Confirmed=U Filename=ActualWindowManagerCenter.exe Description=Actual Window Manager from Actual Tools - "an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive, convenient and enjoyable" Source=Paul Collins Startup list [Actual Window Minimizer] Number=402 Confirmed=U Filename=ActualWindowMinimizerCenter.exe Description=Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen" Source=Paul Collins Startup list [ACTX1] Number=403 Confirmed=X Filename=v1201.exe Description=Added by the VB.IS TROJAN! Source=Paul Collins Startup list [ACU] Number=404 Confirmed=U Filename=ACU.exe Description=Atheros wireless Client Utility Source=Paul Collins Startup list [ACU_QSB] Number=405 Confirmed=U Filename=ACU.exe Description=Atheros wireless Client Utility Source=Paul Collins Startup list [ACWLIcon] Number=406 Confirmed=U Filename=ACWLIcon.exe Description=Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically." This is the System Tray icon giving notifications of and access to the Wireless Connection Status Source=Paul Collins Startup list [Ad Arrest] Number=407 Confirmed=U Filename=adarrest.exe Description=Ad Arrest IE popup killer from GameFools Source=Paul Collins Startup list [Ad Blocker] Number=408 Confirmed=U Filename=blocker.exe Description=Ad Blocker - blocks popups, and also removes banners, image ads and flash ads Source=Paul Collins Startup list [Ad Blocker Pro] Number=409 Confirmed=U Filename=Ad Blocker Pro.exe Description=Ad Away popup and banner remover Source=Paul Collins Startup list [Ad Muncher] Number=410 Confirmed=U Filename=AdMunch.exe Description=Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Source=Paul Collins Startup list [Ad Online Guide] Number=411 Confirmed=? Filename=adonlineguide.exe Description=?? Source=Paul Collins Startup list [Ad-Aware] Number=412 Confirmed=U Filename=Ad-Aware.exe Description=Ad-Aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [Ad-Aware] Number=413 Confirmed=X Filename=Ad-Aware.exe Description=Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System% Source=Paul Collins Startup list [Ad-Eliminator] Number=414 Confirmed=X Filename=ad-eliminator.exe Description=Ad-Eliminator spyware remover - not recommended, see here Source=Paul Collins Startup list [Ad-Muncher] Number=415 Confirmed=U Filename=ADMUNCH.EXE Description=Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Source=Paul Collins Startup list [Ad-Protect] Number=416 Confirmed=U Filename=ad-protect.exe Description=Ad-Protect spyware and spam monitoring tool Source=Paul Collins Startup list [Ad-watch] Number=417 Confirmed=U Filename=Ad-watch.exe Description=Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Source=Paul Collins Startup list [AD2KClient] Number=418 Confirmed=U Filename=AD2KClient.exe Description=Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk Source=Paul Collins Startup list [Adaptec DirectCD] Number=419 Confirmed=N Filename=Directcd.exe Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Source=Paul Collins Startup list [AdaptecDirectCD] Number=420 Confirmed=N Filename=Directcd.exe Description=DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Source=Paul Collins Startup list [AdAware] Number=421 Confirmed=X Filename=wini.exe Description=Added by the RBOT-XN WORM! Source=Paul Collins Startup list [Adaware Bootup] Number=422 Confirmed=U Filename=Ad-aware.exe Description=Ad-Aware from Lavasoft - popular spyware/adware removal tool Source=Paul Collins Startup list [Adaware lptt01] Number=423 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware Source=Paul Collins Startup list [Adaware ml097e] Number=424 Confirmed=X Filename=adaware.exe Description=RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware Source=Paul Collins Startup list [AdBin] Number=425 Confirmed=U Filename=AdBin.exe Description=AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads" Source=Paul Collins Startup list [Add**.exe [* = random char]] Number=426 Confirmed=X Filename=Add**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Add**32.exe [* = random char]] Number=427 Confirmed=X Filename=Add**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [AddClass] Number=428 Confirmed=X Filename=AddClass.exe Description=CoolWebSearch Addclass parasite variant Source=Paul Collins Startup list [AddClass] Number=429 Confirmed=X Filename=[Installation_Path] Description=Added by the STARTPAGE.F hijacker Source=Paul Collins Startup list [AddClass] Number=430 Confirmed=X Filename=[path to trojan] Description=Added by the SECDL-A TROJAN! Source=Paul Collins Startup list [AdDelete] Number=431 Confirmed=U Filename=AdDelete.exe Description=Banner advertisment blocker Source=Paul Collins Startup list [AdDestroyer] Number=432 Confirmed=X Filename=AdDestroyer.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [ADDITIONAL Services] Number=433 Confirmed=X Filename=pkgadd.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [addproxy] Number=434 Confirmed=? Filename=addproxy.exe Description=Related to Adobe Photoshop Source=Paul Collins Startup list [ADG] Number=435 Confirmed=? Filename=ADG.exe Description= SoundBlaster Audigy related? Source=Paul Collins Startup list [ADGJdet] Number=436 Confirmed=N Filename=ADGJDet.exe Description=Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection Source=Paul Collins Startup list [adi CleanUp] Number=437 Confirmed=Y Filename=CleanUp.exe Description=Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key Source=Paul Collins Startup list [adi DSndUp] Number=438 Confirmed=Y Filename=DSndUp.exe Description=Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on Source=Paul Collins Startup list [aDir] Number=439 Confirmed=X Filename=adirss.exe Description=Added by the SPAMSRV-E TROJAN! Source=Paul Collins Startup list [Adiras] Number=440 Confirmed=Y Filename=Adiras.exe Description=ADSL USB modem related Source=Paul Collins Startup list [adirka] Number=441 Confirmed=X Filename=adirka.exe Description=Added by the TIBS-QT TROJAN! Source=Paul Collins Startup list [AdKiller] Number=442 Confirmed=U Filename=AD Defender.exe Description=Part of Advanced Spyware Remover anti-spyware tool Source=Paul Collins Startup list [adlhidp] Number=443 Confirmed=X Filename=psncc32.exe Description=Added by the SLAPER.AI TROJAN! Source=Paul Collins Startup list [ADM Library Loader] Number=444 Confirmed=X Filename=admlib32.exe Description=Added by a variant of the SDBOT TROJAN! Source=Paul Collins Startup list [Admanager Controller] Number=445 Confirmed=X Filename=AdManCtl.exe Description=Adware, probably a Windupdates variant Source=Paul Collins Startup list [Admilli Service] Number=446 Confirmed=X Filename=AdmilliServ.exe Description=Windupdates adware variant Source=Paul Collins Startup list [Administrator] Number=447 Confirmed=X Filename=svchost.scr Description=Added by the NOVACAL TROJAN! Source=Paul Collins Startup list [Administrator] Number=448 Confirmed=X Filename=winlogon.exe Description=Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! Source=Paul Collins Startup list [Administrator di Dago] Number=449 Confirmed=X Filename=Dago.exe Description=Added by the PUNYA-B WORM! Source=Paul Collins Startup list [AdminSoft] Number=450 Confirmed=X Filename=sysfile.vbs Description=Added by the STARGRUB-A WORM! Source=Paul Collins Startup list [admtray.exe] Number=451 Confirmed=U Filename=admtray.exe Description=Related to Acer Inc. destop tray Source=Paul Collins Startup list [Adobe] Number=452 Confirmed=X Filename=Adobe.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Adobe] Number=453 Confirmed=X Filename=sysconfig.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [adobe] Number=454 Confirmed=X Filename=gam.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [Adobe] Number=455 Confirmed=X Filename=sysbat32.exe Description=Added by the LOWZONES.T TROJAN! Source=Paul Collins Startup list [Adobe] Number=456 Confirmed=X Filename=zteam.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [Adobe Acrobat] Number=457 Confirmed=N Filename=READER~1.EXE Description=Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Acrobat] Number=458 Confirmed=N Filename=Reader_sl.exe Description=Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Acrobat Distiller Application] Number=459 Confirmed=X Filename=acrotray.exe Description=Added by the RANDEX.DFJ WORM! Source=Paul Collins Startup list [Adobe Acrobat Reader CFG] Number=460 Confirmed=X Filename=[random filename] Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Adobe Acrobat Speed Launcher] Number=461 Confirmed=N Filename=acrobat_sl.exe Description=Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards Source=Paul Collins Startup list [Adobe Filter Platform] Number=462 Confirmed=X Filename=afilterplatform.exe Description=Added by the RBOT-OP WORM! Source=Paul Collins Startup list [Adobe Gamma Loader] Number=463 Confirmed=U Filename=Adobe Gamma Loader.exe Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine Source=Paul Collins Startup list [Adobe Gamma Loader.exe] Number=464 Confirmed=U Filename=Adobe Gamma Loader.exe Description=Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine Source=Paul Collins Startup list [Adobe Photo Downloader] Number=465 Confirmed=N Filename=apdproxy.exe Description=Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here) Source=Paul Collins Startup list [Adobe Reader Speed Launch] Number=466 Confirmed=N Filename=Reader_sl.exe Description=Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Speed Launch] Number=467 Confirmed=N Filename=READER~1.EXE Description=Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Speed Launcher] Number=468 Confirmed=N Filename=Reader_sl.exe Description=Speeds up the time it takes to load the Adobe Reader PDF document reader. "The Speed Launcher quickly opens and closes all of the files that Acrobat or Adobe Reader will use when the application starts. Opening and closing the files allows your virus protection software to check these programs and add them to its list of safe files" - see here. Not required for Adobe Reader to function properly Source=Paul Collins Startup list [Adobe Reader Synchronizer] Number=469 Confirmed=U Filename=AdobeCollabSync.exe Description=Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information Source=Paul Collins Startup list [Adobe Version Cue CS2] Number=470 Confirmed=U Filename=VersionCueCS2Tray.exe Description=File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work" Source=Paul Collins Startup list [AdobeA] Number=471 Confirmed=X Filename=adobes.exe Description=Added by the FLOOD.BA TROJAN! Source=Paul Collins Startup list [AdobeFonts] Number=472 Confirmed=X Filename=fonts.hta Description=Browser hijacker - redirecting to Hugesearch.net Source=Paul Collins Startup list [AdobeManager] Number=473 Confirmed=X Filename=rundtl.exe Description=Added by the INJECT.IB TROJAN! Source=Paul Collins Startup list [adobemgr] Number=474 Confirmed=X Filename=adobemgr.exe Description=Added by the ADCLICKER TROJAN! Source=Paul Collins Startup list [AdobeReader] Number=475 Confirmed=X Filename=msni.exe Description=Added by the RBOT.DAO TROJAN! Source=Paul Collins Startup list [AdobeReaderPro] Number=476 Confirmed=X Filename=msnxpsp.exe Description=Added by the RBOT-ASK or RBOT-AUS WORMS! Source=Paul Collins Startup list [AdobeReaderPro] Number=477 Confirmed=X Filename=ntkernell32.exe Description=Added by the RBOT-ATY WORM! Source=Paul Collins Startup list [AdobeReaderPro] Number=478 Confirmed=X Filename=msnserve.exe Description=Added by the SDBOT-AKH WORM! Source=Paul Collins Startup list [AdobeReaderPro] Number=479 Confirmed=X Filename=updt.exe Description=Added by the IRCBOT-VQ WORM! Source=Paul Collins Startup list [AdobeReaderProfessional] Number=480 Confirmed=X Filename=msx64.exe Description=Added by the RBOT-GAT WORM! Source=Paul Collins Startup list [AdobeReaderPros] Number=481 Confirmed=X Filename=sysmsn.exe Description=Added by the RBOT-BGH WORM! Source=Paul Collins Startup list [AdobeUpdater] Number=482 Confirmed=N Filename=AdobeUpdater.exe Description=Automatic updater for Adobe software - run manually Source=Paul Collins Startup list [AdobeVersionCue] Number=483 Confirmed=N Filename=VersionCueTray.exe Description="An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration" Source=Paul Collins Startup list [Adobe_ID0EYTHM] Number=484 Confirmed=? Filename=VERSIO~2.EXE Description=Part of an Adobe product. What does it do and is it required? Source=Paul Collins Startup list [adodemaster] Number=485 Confirmed=X Filename=adodemaster.exe Description=Downloader of Korean origin, detected as ADOD.28672 Source=Paul Collins Startup list [Adope File Manager] Number=486 Confirmed=X Filename=lsasv.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [adp] Number=487 Confirmed=X Filename=adp.exe Description=Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc Source=Paul Collins Startup list [AdPopup] Number=488 Confirmed=X Filename=dcf5678.exe Description=Added by the AGENT-FZ TROJAN! Source=Paul Collins Startup list [adprot] Number=489 Confirmed=X Filename=adprot.exe Description=AdBlaster adware Source=Paul Collins Startup list [ADQuickAccess] Number=490 Confirmed=N Filename=Adtray.exe Description=After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 Source=Paul Collins Startup list [ADriver] Number=491 Confirmed=X Filename=windrv.exe Description=Added by the DELF.WG TROJAN! Source=Paul Collins Startup list [AdRoarUpdate] Number=492 Confirmed=X Filename=ARUpdate.exe Description=AdRoar adware updater Source=Paul Collins Startup list [AdRotator.Application] Number=493 Confirmed=X Filename=[path to csrss.exe] Description=Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [AdRotator.Application] Number=494 Confirmed=X Filename=services.exe Description=FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "Inetsrv" subfolder Source=Paul Collins Startup list [ADS Adware Remover] Number=495 Confirmed=X Filename=ADS Adware Remover.exe Description=ADS Adware Remover - not recommended, see here Source=Paul Collins Startup list [AdsBlocker] Number=496 Confirmed=X Filename=stopAds.exe Description=AdsBlocker - detected by NOD32 as DIALER.DW! Source=Paul Collins Startup list [AdsCleaner] Number=497 Confirmed=U Filename=AdsCleaner.exe Description="AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy" Source=Paul Collins Startup list [ADService] Number=498 Confirmed=U Filename=ADService.exe Description=Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the "RunServices" registry key in Win98/ME Source=Paul Collins Startup list [AdsGone] Number=499 Confirmed=U Filename=Adsgone.exe Description=AdsGone - pop-up stopper Source=Paul Collins Startup list [ADSL Diagnostic Tools] Number=500 Confirmed=N Filename=mapiicon.exe Description=System tray access to ADSL modem diagnostic tools. Available via Start -> Programs Source=Paul Collins Startup list [ADSLSYSTEMTRAY] Number=501 Confirmed=? Filename=SystemtrayV100B.exe Description=Apparently Annex A ADSL modem related. What does it do and is it required? Source=Paul Collins Startup list [AdslTaskBar] Number=502 Confirmed=Y Filename=rundll32.exe stmctrl.dll, TaskBar Description=ISP software, initializes DSL modem Source=Paul Collins Startup list [AdslTaskBars] Number=503 Confirmed=X Filename=taskmng.exe Description=Added by the RBOT-AXZ WORM! Source=Paul Collins Startup list [ADSL_A2] Number=504 Confirmed=? Filename=A2Installed Description=Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required? Source=Paul Collins Startup list [adsnwk] Number=505 Confirmed=U Filename=adsnwk.exe Description=Keylogger Spy Monitor keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [aDSProcMngr] Number=506 Confirmed=U Filename=aDSProcMngr.exe Description=Part of PC Tools Disk Suite from PC Tools - which "is an all-in-one hard-disk management utility that integrates disk optimization, defragmentation and backup tools in one easy to use package". Proxy (or agent) for the Disk Suite Service. Based upon my experience, if this is disabled it does not appear to adversely affect on-demand or scheduled tasks but has a "U" recommendation as it's function isn't fully known Source=Paul Collins Startup list [ADSS] Number=507 Confirmed=Y Filename=ADSS.exe Description=ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied Source=Paul Collins Startup list [adstartup] Number=508 Confirmed=X Filename=automove.exe Description=Adlogix adware variant Source=Paul Collins Startup list [Adstartup] Number=509 Confirmed=X Filename=Adstartup.exe Description=Adlogix adware Source=Paul Collins Startup list [AdStatus Service] Number=510 Confirmed=X Filename=AdStatServ.exe Description=WindUpdates AdStatus Service adware Source=Paul Collins Startup list [AdSubtract] Number=511 Confirmed=U Filename=adsub.exe Description=AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via the Start menu. Superseded by Trend Micro AntiSpyware which was subsequently discontinued Source=Paul Collins Startup list [adtech2005] Number=512 Confirmed=X Filename=adtech2005.exe Description=Detected by Kaspersky as the STARTPAGE.AW TROJAN! Source=Paul Collins Startup list [adtech2006] Number=513 Confirmed=X Filename=adtech2006.exe Description=Detected by Kaspersky as the VB.KC WORM! Source=Paul Collins Startup list [Adtools Service] Number=514 Confirmed=X Filename=AdTools.exe Description=Windupdates Adware Source=Paul Collins Startup list [ADU] Number=515 Confirmed=? Filename=adu.exe Description=Related to Cisco Aironet wireless products. What does it do and is it required? Source=Paul Collins Startup list [AdultX] Number=516 Confirmed=X Filename=AdultX.exe Description=Adult content dialler and hijacker Source=Paul Collins Startup list [Adult_Chat] Number=517 Confirmed=X Filename=Adult_Chat.exe Description=Adult content dialler Source=Paul Collins Startup list [Adult_Chat1] Number=518 Confirmed=X Filename=Adult_Chat1.exe Description=Adult content dialler Source=Paul Collins Startup list [AdUpdater] Number=519 Confirmed=X Filename=sysupudt.exe Description=Unidentified adware downloader/updater Source=Paul Collins Startup list [ADUserMon] Number=520 Confirmed=U Filename=ADUserMon.exe Description=Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk Source=Paul Collins Startup list [Advanced DHTML Enable] Number=521 Confirmed=X Filename=exo32.exe Description=Added by the RANCK-FI TROJAN! Source=Paul Collins Startup list [Advanced DHTML Enable] Number=522 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT.GLQ TROJAN! Source=Paul Collins Startup list [Advanced Internet Protocol] Number=523 Confirmed=X Filename=cerf.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Advanced Protection System] Number=524 Confirmed=X Filename=advpsys.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Advanced Spyware Remover] Number=525 Confirmed=X Filename=Asr.exe Description=Advanced Spyware Remover rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [Advanced Spyware Remover Pro] Number=526 Confirmed=X Filename=Asr.exe Description=Advanced Spyware Remover rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [Advanced SystemCare 3] Number=527 Confirmed=U Filename=AWC.exe Description=Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups Source=Paul Collins Startup list [Advanced Tool Checks] Number=528 Confirmed=X Filename=advchks.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [Advanced Tools Check] Number=529 Confirmed=N Filename=ADVCHK.EXE Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget Source=Paul Collins Startup list [Advanced Uninstaller PRO Installation Monitor] Number=530 Confirmed=U Filename=monitor.exe Description=Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape" Source=Paul Collins Startup list [AdvancedCleaner Free] Number=531 Confirmed=X Filename=UADC.exe Description=AdvancedCleaner misleading security software - not recommended, see here Source=Paul Collins Startup list [AdVantage] Number=532 Confirmed=X Filename=AdVantage.exe Description=MediaAdVantage adware Source=Paul Collins Startup list [advap32] Number=533 Confirmed=X Filename=[path to trojan] Description=Added by the MUTANT.AT TROJAN! Source=Paul Collins Startup list [Advapi] Number=534 Confirmed=X Filename=Advapi.exe Description=Added by the NETDEVIL.12 WORM! Source=Paul Collins Startup list [ADVCHK] Number=535 Confirmed=N Filename=ADVCHK.EXE Description=Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget Source=Paul Collins Startup list [Advertising Killer] Number=536 Confirmed=U Filename=Akiller.exe Description=Advertising Killer - popup stopper Source=Paul Collins Startup list [advmon32] Number=537 Confirmed=X Filename=advmon32.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [Adware Agent] Number=538 Confirmed=U Filename=adware agent.exe Description=Adware Agent popup blocker Source=Paul Collins Startup list [Adware Spy] Number=539 Confirmed=X Filename=AdwareSpy.exe Description=Adware Spy adware remover - not recommended, see here Source=Paul Collins Startup list [AdwareAlert] Number=540 Confirmed=U Filename=AdwareAlert.Exe Description=Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version Source=Paul Collins Startup list [AdwareDelete] Number=541 Confirmed=X Filename=adwaredelete.exe Description=AdwareDelete adware remover - not recommended, see here Source=Paul Collins Startup list [AdwareKiller_schedules] Number=542 Confirmed=X Filename=schedules.exe Description=EAdwareKiller spyware remover - not recommended, see here Source=Paul Collins Startup list [AdwareKiller_tray] Number=543 Confirmed=X Filename=tray.exe Description=EAdwareKiller spyware remover - not recommended, see here Source=Paul Collins Startup list [AdwareProMFC] Number=544 Confirmed=X Filename=Ad-Ware Pro.exe Description=Ad-Ware Pro rogue security software - not recommended, see here Source=Paul Collins Startup list [AdwareProMFC] Number=545 Confirmed=X Filename=AntiTrojan Pro.exe Description=AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro Source=Paul Collins Startup list [AdwareRemover2007] Number=546 Confirmed=X Filename=AdwareRemover2007.exe Description=AdwareRemover2007 spyware remover - not recommended, see here Source=Paul Collins Startup list [Aeiwlsta.exe] Number=547 Confirmed=? Filename=Aeiwlsta.exe Description=IBM High Rate Wireless LAN Adapter driver. Is it required? Source=Paul Collins Startup list [AELaunch] Number=548 Confirmed=N Filename=AELaunch.exe Description=Audio Applications Launcher for the Philips Acoustic Edge soundcard Source=Paul Collins Startup list [AERVICESN] Number=549 Confirmed=X Filename=AERVICESN.exe Description=Added by the RANDON-AO WORM! Source=Paul Collins Startup list [AeXAgentLogon] Number=550 Confirmed=N Filename=AeXAgentActivate.exe Description=Altiris Agent transmits information about your machine for the purpose of asset management and deployment Source=Paul Collins Startup list [AeXSWDUsr] Number=551 Confirmed=? Filename=AeXSWDUsr.exe Description=Altiris Express NS Client Manager software. Is it required? Source=Paul Collins Startup list [AEZBProc] Number=552 Confirmed=U Filename=aptezbp.exe Description=IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions Source=Paul Collins Startup list [AFAFilter] Number=553 Confirmed=U Filename=windefault.exe Description=AFAFilter - internet filter software Source=Paul Collins Startup list [afskfask8] Number=554 Confirmed=X Filename=fsfjasj8.exe Description=Added by the ONLINEG-L TROJAN! Source=Paul Collins Startup list [AGEIA PhysX SysTray] Number=555 Confirmed=N Filename=TrayIcon.exe Description=System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop Source=Paul Collins Startup list [Agent] Number=556 Confirmed=N Filename=Agent.exe Description=Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs Source=Paul Collins Startup list [Agent] Number=557 Confirmed=X Filename=alsys.exe Description=Added by the DREF-V VIRUS! Source=Paul Collins Startup list [agent] Number=558 Confirmed=X Filename=ppl.exe Description=Added by the DREF-U VIRUS! Source=Paul Collins Startup list [Agent Browser] Number=559 Confirmed=X Filename=[random filename] Description=Added by the PPdoor.M-bdr backdoor TROJAN! Source=Paul Collins Startup list [Agent Explorer] Number=560 Confirmed=X Filename=[random filename] Description=Unidentified adware Source=Paul Collins Startup list [agent.exe] Number=561 Confirmed=X Filename=agent.exe Description=Privacy Components rogue security suite - not recommended, removal instructions here Source=Paul Collins Startup list [Agente] Number=562 Confirmed=? Filename=Remupd.exe Description=Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name), virus definition update reminder or something similar? Source=Paul Collins Startup list [agentsvr] Number=563 Confirmed=X Filename=agentsvr.exe Description=Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder Source=Paul Collins Startup list [Agere SoftModem Messaging Applet] Number=564 Confirmed=U Filename=AGRSMMSG.exe Description=Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem Source=Paul Collins Startup list [AgfaCLnk] Number=565 Confirmed=U Filename=AgfaCLnk.exe Description=For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive Source=Paul Collins Startup list [agp] Number=566 Confirmed=X Filename=agp32.exe Description=Added by the GAOBOT.SY WORM! Source=Paul Collins Startup list [AGRSMMSG] Number=567 Confirmed=U Filename=AGRSMMSG.exe Description=Installed with the drivers for internal software modems based upon Lucent/Agere Systems chipsets - required if you use the SoftModem Assistant to configure the modem Source=Paul Collins Startup list [AGSatellite] Number=568 Confirmed=N Filename=AGSatellite.exe Description=Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs Source=Paul Collins Startup list [ahfp] Number=569 Confirmed=U Filename=ahfp.exe Description=Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" Source=Paul Collins Startup list [ahfprog] Number=570 Confirmed=U Filename=ahfp.exe Description=Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either" Source=Paul Collins Startup list [AHNSD] Number=571 Confirmed=Y Filename=AhnSD.exe Description=AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis Source=Paul Collins Startup list [AHNUE] Number=572 Confirmed=? Filename=AHNUE.exe Description=?? Source=Paul Collins Startup list [AhorreMemoria] Number=573 Confirmed=X Filename=SysRep.exe Description=AhorreMemoria rogue system error and cleaning utility - not recommended. A member of the ErrClean family Source=Paul Collins Startup list [ahost] Number=574 Confirmed=X Filename=ahost.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [AHQInit] Number=575 Confirmed=N Filename=ahqinit.exe Description=Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required Source=Paul Collins Startup list [Ahst] Number=576 Confirmed=X Filename=iebs.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [AHU] Number=577 Confirmed=X Filename=[path to worm] Description=Added by the ANACON-B WORM! Source=Paul Collins Startup list [AHU] Number=578 Confirmed=X Filename=ANACON.EXE Description=Added by the NACO.A WORM! Source=Paul Collins Startup list [ahui32.exe] Number=579 Confirmed=X Filename=ahui32.exe Description=Added by the CERTIF-M TROJAN! Source=Paul Collins Startup list [Ai Nap] Number=580 Confirmed=U Filename=AiNap.exe Description=Part of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away" Source=Paul Collins Startup list [Ai Quicker Help] Number=581 Confirmed=U Filename=AsRc.exe Description=ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches" Source=Paul Collins Startup list [Aica] Number=582 Confirmed=X Filename=tuaa.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aida] Number=583 Confirmed=X Filename=ttuh.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [Aida] Number=584 Confirmed=X Filename=eetu.exe Description=PurityScan/Clickspring adware Source=Paul Collins Startup list [AidemHotKey] Number=585 Confirmed=? Filename=DVMAIN.EXE Description=Keyboard related Source=Paul Collins Startup list [AidemHotKey] Number=586 Confirmed=? Filename=KEYAPP.EXE Description=Keyboard related Source=Paul Collins Startup list [aiepk] Number=587 Confirmed=U Filename=aiepk2.exe Description=Another IE Popup Killer - pop-up stopper Source=Paul Collins Startup list [AIM] Number=588 Confirmed=N Filename=aim.exe Description=AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs Source=Paul Collins Startup list [AIM] Number=589 Confirmed=U Filename=AIM+.exe Description=AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software Source=Paul Collins Startup list [AIM Instant Message Cookies] Number=590 Confirmed=X Filename=[random filename] Description=Added by the RBOT-AFV WORM! Source=Paul Collins Startup list [AIM Logger] Number=591 Confirmed=N Filename=AIMLogger.exe Description=AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM Source=Paul Collins Startup list [Aim Plugin] Number=592 Confirmed=X Filename=aimplugin.exe Description=Added by the GUAP-F WORM! Source=Paul Collins Startup list [AIM reminder] Number=593 Confirmed=X Filename=AIM reminder.exe Description=Added by the BUDDY.E TROJAN! Source=Paul Collins Startup list [Aim6] Number=594 Confirmed=N Filename=AOLLaunch.exe Description=AOL Instant Messenger - start it when you want to use it Source=Paul Collins Startup list [Aim6] Number=595 Confirmed=N Filename=aim6.exe Description=AOL Instant Messenger - start it when you want to use it Source=Paul Collins Startup list [AIM95 Startup] Number=596 Confirmed=X Filename=aim95.exe Description=Added by the AGOBOT.AEE WORM! Source=Paul Collins Startup list [aimaol lptt01] Number=597 Confirmed=X Filename=aimaol.exe Description=RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [aimaol ml097e] Number=598 Confirmed=X Filename=aimaol.exe Description=RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [aimb.exe" -h] Number=599 Confirmed=U Filename=aimb.exe Description=IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it Source=Paul Collins Startup list [AimingClick] Number=600 Confirmed=N Filename=AimingClick.exe Description=AimingClick from AimingTech. Web searching tool. Available via Start -> Programs Source=Paul Collins Startup list [AIMPro] Number=601 Confirmed=U Filename=aimpro.exe Description=AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing Source=Paul Collins Startup list [AIMster] Number=602 Confirmed=N Filename=?? Description=Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs Source=Paul Collins Startup list [AIMWDInstall] Number=603 Confirmed=N Filename=AIMWDInstall.exe Description=Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Source=Paul Collins Startup list [Aiptek Graphics Tablet (USB)] Number=604 Confirmed=Y Filename=atwtusb.exe Description=USB interface for Aiptek Graphics Tablet (USB) Source=Paul Collins Startup list [aircity] Number=605 Confirmed=X Filename=aircity.exe Description=Related to "Prutect" malware from e2Give Source=Paul Collins Startup list [AirPort Base Station Agent] Number=606 Confirmed=U Filename=APAgent.exe Description=Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more" Source=Paul Collins Startup list [AJC Active Backup] Number=607 Confirmed=U Filename=AJCActBk.exe Description=AJC Active Backup from AJC Software - "Instantly backup files you change on your PC and keep multiple versions to undo" Source=Paul Collins Startup list [AKEYNAME] Number=608 Confirmed=X Filename=WinServ.exe Description=Added by the EVILBOT.C TROJAN! Source=Paul Collins Startup list [akeys] Number=609 Confirmed=U Filename=akeys.exe Description="Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" Source=Paul Collins Startup list [akgkagaksad9] Number=610 Confirmed=X Filename=fsakfask9.exe Description=Added by the ONLINEG-M TROJAN! Source=Paul Collins Startup list [AKiller] Number=611 Confirmed=U Filename=akiller.exe Description=Advertising Killer - popup stopper Source=Paul Collins Startup list [ala.exe] Number=612 Confirmed=U Filename=ala.exe Description=Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer Source=Paul Collins Startup list [Alarm Manager] Number=613 Confirmed=U Filename=Alarmapp.exe Description=Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop Source=Paul Collins Startup list [AlarmWatcher] Number=614 Confirmed=? Filename=AlarmWatcher.exe Description=Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required? Source=Paul Collins Startup list [Album Fast Start] Number=615 Confirmed=N Filename=ABMTSR.EXE Description=Scanner software, not required for scanner to work Source=Paul Collins Startup list [AlcFDMonitor] Number=616 Confirmed=? Filename=ALCFDRTM.EXE Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? Source=Paul Collins Startup list [ALCFDRTM16] Number=617 Confirmed=? Filename=ALCFDRTM16.com Description=RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? Source=Paul Collins Startup list [Alchem] Number=618 Confirmed=X Filename=Alchem.exe Description=ClickAlchemy adware Source=Paul Collins Startup list [Alcmtr] Number=619 Confirmed=U Filename=Alcmtr.exe Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation Source=Paul Collins Startup list [Alcmtr] Number=620 Confirmed=X Filename=Malware Doctor.exe Description=MalwareDoc rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Alcohol] Number=621 Confirmed=U Filename=Alcohol.exe Description=Alcohol 120% - CD/DVD emulation/writing/copying software Source=Paul Collins Startup list [Alcohol Autorun] Number=622 Confirmed=U Filename=Alcohol.exe Description=Alcohol 120% - CD/DVD emulation/writing/copying software Source=Paul Collins Startup list [AlcoholAutomount] Number=623 Confirmed=U Filename=axcmd.exe Description=Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images Source=Paul Collins Startup list [Alcom PCL Capture] Number=624 Confirmed=? Filename=FMW_PCAP.EXE Description=?? Source=Paul Collins Startup list [AlcWzrd] Number=625 Confirmed=N Filename=ALCWZRD.EXE Description=RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one Source=Paul Collins Startup list [AlcxMonitor] Number=626 Confirmed=U Filename=Alcxmntr.exe Description=Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation Source=Paul Collins Startup list [aldefr ere service] Number=627 Confirmed=X Filename=tay0x.exe Description=Added by the RBOT-XS WORM! Source=Paul Collins Startup list [alerter] Number=628 Confirmed=X Filename=alerter.exe Description=MAHA.F spyware Source=Paul Collins Startup list [Alevir] Number=629 Confirmed=X Filename=Alevir.exe Description=Added by the OPASERV-A WORM! Source=Paul Collins Startup list [AlevirOld] Number=630 Confirmed=X Filename=[worm filename] Description=Added by the OPASERV WORM! Source=Paul Collins Startup list [Alexa] Number=631 Confirmed=N Filename=alexa.exe Description=Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended Source=Paul Collins Startup list [AlexaToolbar] Number=632 Confirmed=X Filename=alt.exe Description=Detected by Ewido Security Suite as the DELF.EB hijacker! Source=Paul Collins Startup list [AlfaCleaner] Number=633 Confirmed=X Filename=AlfaCleaner.exe Description=AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware Source=Paul Collins Startup list [AlfaClock Classic] Number=634 Confirmed=U Filename=AlfaClock.exe Description=AlfaClock Free Edition from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more" Source=Paul Collins Startup list [AlfaClock2] Number=635 Confirmed=U Filename=AlfaClock2.exe Description=AlfaClock2 from AlfaSoft Research Labs -"enhances your tray clock functionality. Of course, you can customize the look, adjusting fonts, colors, backgrounds and more. But, the main goal of this program is to extend your tray clock functionality" Source=Paul Collins Startup list [ALFY Accellerator] Number=636 Confirmed=? Filename=AlfyAC~1.exe Description=?? Source=Paul Collins Startup list [ALG.EXE] Number=637 Confirmed=X Filename=iexplorer .exe Description=Added by the DEMOTRY-B WORM! Source=Paul Collins Startup list [ALG32] Number=638 Confirmed=X Filename=ALG32.EXE Description=Added by the STARTPAGE.K hijacker Source=Paul Collins Startup list [algchk.exe] Number=639 Confirmed=X Filename=algchk.exe Description=Detected by Kaspersky as the VB.ATE TROJAN! Source=Paul Collins Startup list [ALGU] Number=640 Confirmed=X Filename=ALGU.EXE Description=Added by the CWS-I TROJAN! Source=Paul Collins Startup list [ALGU.exe] Number=641 Confirmed=X Filename=ALGU.exe Description=Added by the STARTPAGE.O TROJAN! Source=Paul Collins Startup list [ALi5289] Number=642 Confirmed=U Filename=ALi5289.exe Description=Related to Uli Integrated Drivers from Uli Electronics Inc Source=Paul Collins Startup list [Alias SketchBook Snapshot] Number=643 Confirmed=N Filename=ALIASS~2.EXE Description=Screen-capture utility for Alias Sketchbook Source=Paul Collins Startup list [AlienAutopsy] Number=644 Confirmed=N Filename=Test_BS.exe Description=Alienware computer technical support software Source=Paul Collins Startup list [ALiSndMgr] Number=645 Confirmed=Y Filename=ALiSndMg.exe Description=ALi AC97 Sound driver Source=Paul Collins Startup list [AliUSBfix] Number=646 Confirmed=? Filename=GREENMK.exe Description=May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? Source=Paul Collins Startup list [Alive SYstem] Number=647 Confirmed=X Filename=scchost.exe Description=Added by the TOFDROP-B TROJAN! Source=Paul Collins Startup list [Alive SYstem] Number=648 Confirmed=X Filename=scchostc.exe Description=Added by the TOFDROP-B TROJAN! Source=Paul Collins Startup list [alkasr] Number=649 Confirmed=X Filename=?????.exe Description=Added by the BALKART TROJAN! Source=Paul Collins Startup list [All Aboard Status] Number=650 Confirmed=U Filename=stswin.exe Description=All Aboard! Internet Connection Sharing status icon Source=Paul Collins Startup list [All Sea screen saver] Number=651 Confirmed=X Filename=TaskTray.exe Description=Free screensaver, installs lots of foistware - remove it Source=Paul Collins Startup list [All Sea web link] Number=652 Confirmed=X Filename=FWLink.exe Description=Free screensaver, installs lots of foistware - remove it Source=Paul Collins Startup list [AllerCalc] Number=653 Confirmed=N Filename=AllerCalc.exe Description=AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually Source=Paul Collins Startup list [Allopassw] Number=654 Confirmed=X Filename=[path to trojan] Description=Added by the RANKY.CU TROJAN! Source=Paul Collins Startup list [AllSeeingEye] Number=655 Confirmed=U Filename=ase.exe Description=All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions" Source=Paul Collins Startup list [allSnap] Number=656 Confirmed=U Filename=allSnap.exe Description="allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop" Source=Paul Collins Startup list [ALLTEL DSL Check-up Center] Number=657 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ALLTEL DSL Check-up Center is required to run with the Help and Support program. If you uncheck ALLTEL DSL Check-up Center and then run Help and Support it will add another ALLTEL DSL Check-up Center in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [AllToTray] Number=658 Confirmed=U Filename=ALLTOTRAY.EXE Description=AlltoTray from DNTSoft - minimize any program to your System Tray Source=Paul Collins Startup list [Alogrithm Link Queue] Number=659 Confirmed=X Filename=alq.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Alogserv] Number=660 Confirmed=U Filename=Alogserv.exe Description=From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up Source=Paul Collins Startup list [ALPass] Number=661 Confirmed=U Filename=ALPass.exe Description=ALPass password manager Source=Paul Collins Startup list [alpha] Number=662 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Alps Electric USB Server] Number=663 Confirmed=Y Filename=Monserv.exe Description=Alps Electric USB Server - required according to this article Source=Paul Collins Startup list [AlpsPoint] Number=664 Confirmed=U Filename=Apoint.exe Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work Source=Paul Collins Startup list [ALServ] Number=665 Confirmed=? Filename=ALServ.exe Description=Altec Lansing AMS speaker related. What does it do and is it required? Source=Paul Collins Startup list [ALTER DATA] Number=666 Confirmed=X Filename=[path] repcale.exe [path] beird.exe Description=Added by the IRCFLOOD.CD TROJAN! Both files are located in %System%\ccdew Source=Paul Collins Startup list [Altnet] Number=667 Confirmed=X Filename=points manager.exe Description=Altnet TopSearch adware Source=Paul Collins Startup list [AltnetPointsManager] Number=668 Confirmed=X Filename=points manager.exe Description=Altnet TopSearch adware Source=Paul Collins Startup list [AltoMB_service] Number=669 Confirmed=U Filename=AltoMBsrv.exe Description=Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind Source=Paul Collins Startup list [ALTOOLS] Number=670 Confirmed=U Filename=AccessL.exe Description=ALTools family of PC utilities Source=Paul Collins Startup list [AltPayments] Number=671 Confirmed=X Filename=AltPayments.exe Description=WeirdOnTheWeb adware Source=Paul Collins Startup list [ALU Scheduler Service] Number=672 Confirmed=N Filename=ALUSchedulerSvc.exe Description=Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security Source=Paul Collins Startup list [ALUAlert] Number=673 Confirmed=U Filename=ALUNotify.exe Description=Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis Source=Paul Collins Startup list [Aluria Security Center] Number=674 Confirmed=N Filename=SecurityCenter.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here Source=Paul Collins Startup list [Aluria's Pop-Up Stopper] Number=675 Confirmed=U Filename=eps.exe Description=Aluria Pop-Stopper Source=Paul Collins Startup list [Aluria's Spyware Eliminator] Number=676 Confirmed=N Filename=ASE.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here Source=Paul Collins Startup list [AlwaysOnTopMaker] Number=677 Confirmed=U Filename=AlwaysOnTopMaker.exe Description=Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop Source=Paul Collins Startup list [AlwaysReady Power Message APP] Number=678 Confirmed=N Filename=ARPWRMSG.EXE Description=Related to HP and Compaq Desktop PCs. Read this article Source=Paul Collins Startup list [AmazingTens] Number=679 Confirmed=X Filename=AmazingTens.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [AMD PowerNow!] Number=680 Confirmed=U Filename=GemBack.exe Description=AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand" Source=Paul Collins Startup list [amd_dc_opt] Number=681 Confirmed=Y Filename=amd_dc_opt.exe Description=AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction" Source=Paul Collins Startup list [America Online *.* Tray Icon] Number=682 Confirmed=N Filename=aoltray.exe Description=Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs Source=Paul Collins Startup list [AME_CSA] Number=683 Confirmed=N Filename=rundll32 amecsa.cpl, RUN_DLL Description=Loads ADSL modem Control Panel applet Source=Paul Collins Startup list [AModemLockDown] Number=684 Confirmed=U Filename=ModemLockDown.exe Description=ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc Source=Paul Collins Startup list [Amon] Number=685 Confirmed=Y Filename=AMON.EXE Description=Monitoring part of Eset's NOD32 virus-scanner Source=Paul Collins Startup list [Amonitor] Number=686 Confirmed=Y Filename=amon.exe Description=Tiny Personal Firewall Source=Paul Collins Startup list [AMP WinOFF] Number=687 Confirmed=U Filename=winoff.exe Description=WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way" Source=Paul Collins Startup list [AMSG] Number=688 Confirmed=U Filename=Amsg.exe Description=Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online" Source=Paul Collins Startup list [amsgupdate] Number=689 Confirmed=X Filename=ams.exe Description=Added by a variant of the MAILBOT TROJAN! Source=Paul Collins Startup list [AMSN] Number=690 Confirmed=N Filename=amsn.exe Description=aMSN Messenger is a multiplatform MSN messenger clone Source=Paul Collins Startup list [amsn] Number=691 Confirmed=X Filename=amsn.exe Description=Added by the BANKER-BNZ TROJAN! Source=Paul Collins Startup list [amva] Number=692 Confirmed=X Filename=amvo.exe Description=Added by the SILLYFDC-BR WORM! Source=Paul Collins Startup list [Anapod Manager] Number=693 Confirmed=N Filename=anamgr.exe Description=Anapod Explorer from Red Chair Software "is the most advanced Windows iPod® software available, offering iPod® management through full Windows Explorer integration under My Computer" Source=Paul Collins Startup list [anbv32] Number=694 Confirmed=X Filename=nabv32.exe Description=Added by the TITOG.C WORM! Source=Paul Collins Startup list [angeleyes] Number=695 Confirmed=X Filename=msdll.exe Description=Added by the VB.PI TROJAN! Source=Paul Collins Startup list [ANIWZCS2Service] Number=696 Confirmed=Y Filename=WZCSLDR2.exe Description=ALPHA Networks wireless driver Source=Paul Collins Startup list [ANIWZCSService] Number=697 Confirmed=? Filename=WZCSLDR.exe Description=D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity Source=Paul Collins Startup list [AnnotateCheck] Number=698 Confirmed=? Filename=AnnCheck.exe Description=Genius Wizard Pen Tablet driver related. Is it required? Source=Paul Collins Startup list [Announcements] Number=699 Confirmed=N Filename=Annclist.exe Description=MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it Source=Paul Collins Startup list [Anntext] Number=700 Confirmed=N Filename=Anntext.exe Description=Caere Pagekeeper text annotation server Source=Paul Collins Startup list [AnonymityGateway] Number=701 Confirmed=U Filename=Anonymity Gateway.exe Description=Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers Source=Paul Collins Startup list [Anonymizer Total Net Shield] Number=702 Confirmed=U Filename=AnonTns.exe Description=Anonymizer Total Net Shield - ID protection and privacy software Source=Paul Collins Startup list [ANONYMIZER_SPYWAREKILLER] Number=703 Confirmed=Y Filename=SpyWareKiller.exe Description=Anonymizer Spyware Killer, which was superseeded by Anti-Spyware but is now discontinued Source=Paul Collins Startup list [ANONYMIZER_SPYWAREKILLER] Number=704 Confirmed=Y Filename=AnonAntiSpyware.exe Description=Anonymizer Anti-Spyware - now discontinued Source=Paul Collins Startup list [Another Internet Explorer Popup Killer] Number=705 Confirmed=U Filename=aiepk2.exe Description=Another IE Popup Killer - pop-up stopper Source=Paul Collins Startup list [ansjava] Number=706 Confirmed=X Filename=[path to worm] Description=Added by the RANDON-AN WORM! Source=Paul Collins Startup list [Anskya] Number=707 Confirmed=X Filename=PYSKY.NET.exe Description=Added by the DLOADER-MW TROJAN! Source=Paul Collins Startup list [Answer Problem] Number=708 Confirmed=X Filename=dSAFsqs.exe Description=Added by the SDBOT-SC WORM! Source=Paul Collins Startup list [AnswerTool] Number=709 Confirmed=U Filename=AnswerTool.exe Description=AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again Source=Paul Collins Startup list [Anti] Number=710 Confirmed=X Filename=Isass.exe Description=Added by the BROPIA.K WORM! Source=Paul Collins Startup list [Anti Spam Service] Number=711 Confirmed=X Filename=spamsvc.exe Description=Added by the MYTOB-BK WORM! Source=Paul Collins Startup list [Anti-Blaxx Manager] Number=712 Confirmed=N Filename=Anti-Blaxx.exe Description=Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives Source=Paul Collins Startup list [Anti-keylogger check] Number=713 Confirmed=U Filename=antikey.exe Description=Anti-keylogger - protects against keylogger programs monitoring your keystrokes Source=Paul Collins Startup list [Anti-Trojan-Watch] Number=714 Confirmed=U Filename=ATWatch.exe Description=Anti-Trojan Watch - trojan detector Source=Paul Collins Startup list [Anti-Virus] Number=715 Confirmed=X Filename=vpms.exe Description=Added by a variant of the SLAPER TROJAN! Source=Paul Collins Startup list [Anti-Virus] Number=716 Confirmed=X Filename=[random filename].exe Description=Added by the CAPROBAD-A TROJAN! Source=Paul Collins Startup list [Anti-Virus Product Sync] Number=717 Confirmed=X Filename=[unprintable character][3 characters]log.exe Description=Added by the KEDEBE.D WORM! Source=Paul Collins Startup list [Anti-Virus Update Scheduler] Number=718 Confirmed=X Filename=[path to trojan] Description=Added by the SPAMMIT-A TROJAN! Source=Paul Collins Startup list [Anti-Virus Update Scheduler] Number=719 Confirmed=X Filename=winsp3.exe Description=Malware - detected by Kaspersky as the AGENT.FP TROJAN! Source=Paul Collins Startup list [Anti-Virus Update Scheduler V1.39.12R] Number=720 Confirmed=X Filename=[path to trojan] Description=Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... Source=Paul Collins Startup list [AntiClicker] Number=721 Confirmed=X Filename=SVCHST32.EXE Description=Added by the CBH TROJAN! Source=Paul Collins Startup list [antidialer.co.uk] Number=722 Confirmed=U Filename=Dialer_Watcher.exe Description=Dialer_Watcher is an application that allows you to detect dialers on your computer Source=Paul Collins Startup list [AntiFreeze] Number=723 Confirmed=Y Filename=AntiFreeze.exe Description=AntiFreeze from Resplendence Software Projects - "offers a last recourse when you find your computer in a hung state". If your system has hung and AntiFreeze is running, a hotkey combination will suspend all but critical processes and allow you to save or recover your work Source=Paul Collins Startup list [antihost] Number=724 Confirmed=X Filename=ahr.exe Description=Added by the BANCBAN-QJ TROJAN! Source=Paul Collins Startup list [AntiMalwareGuard] Number=725 Confirmed=X Filename=amg.exe Description=AntiMalwareGuard rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiMalwareSuite] Number=726 Confirmed=X Filename=AMS.exe Description=AntiMalwareSuite rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiPopUp] Number=727 Confirmed=U Filename=AntiPopUp.exe Description=AntiPopUp for IE - pop-up stopper Source=Paul Collins Startup list [AntiSpionage] Number=728 Confirmed=X Filename=pgs.exe Description=AntiSpionage, German rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntiSpionagePro] Number=729 Confirmed=X Filename=pgs.exe Description=AntiSpionagePro, German rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [antispy] Number=730 Confirmed=X Filename=ANTIVIR.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=731 Confirmed=X Filename=ANTIVIRUS.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=732 Confirmed=X Filename=ieav.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [antispy] Number=733 Confirmed=X Filename=scan.exe Description=IE AntiVirus rogue security software - not recommended, see here Source=Paul Collins Startup list [AntiSpy2008] Number=734 Confirmed=X Filename=AntiSpy2008.exe Description=Antispy 2008 rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpyCheck] Number=735 Confirmed=X Filename=AntiSpyCheck.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpyCheck 2.1] Number=736 Confirmed=X Filename=AntiSpyCheck 2.1.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpyCheck 2.1.0] Number=737 Confirmed=X Filename=AntiSpyCheck.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpyKit *.*] Number=738 Confirmed=X Filename=AntiSpyKit *.*.exe Description=EAdwareKiller spyware remover, where *.* represents the version number - not recommended, see here Source=Paul Collins Startup list [AntiSpyMon] Number=739 Confirmed=X Filename=AntiSpyMon.exe Description=Antispyware Protector rogue security software - not recommended Source=Paul Collins Startup list [AntispyStorm] Number=740 Confirmed=X Filename=AntispyStorm.exe Description=AntiSpyStorm misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiSpyware] Number=741 Confirmed=X Filename=Antispyware.exe Description=AntiSpywareApp spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpyware Pro] Number=742 Confirmed=X Filename=AntiSpyware Pro.exe Description=AntiSpyware Pro 2009 rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [Antispyware PRO XP] Number=743 Confirmed=X Filename=asproxp.exe Description=AntiSpyware Pro XP rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpyWare2Guard] Number=744 Confirmed=Y Filename=AntiSpyWare2Guard.exe Description=Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc Source=Paul Collins Startup list [AntiSpyware3000.exe] Number=745 Confirmed=X Filename=antispyware.exe Description=AntiSpyware 3000 rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpywareBot] Number=746 Confirmed=X Filename=AntiSpywareBot.exe Description=AntiSpywareBot spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareControl] Number=747 Confirmed=X Filename=pgs.exe Description=AntiSpywareControl rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntiSpywareExpert] Number=748 Confirmed=X Filename=ase.exe Description=AntiSpywareExpert rogue spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareGuard] Number=749 Confirmed=X Filename=asg.exe Description=AntiSpywareGuard rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiSpywareMaster] Number=750 Confirmed=X Filename=asm.exe Description=AntiSpywareMaster spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareShield] Number=751 Confirmed=X Filename=AntiSpywareShield.exe Description=AntiSpywareShield spyware remover - not recommended, see here Source=Paul Collins Startup list [AntiSpywareSuite] Number=752 Confirmed=X Filename=pgs.exe Description=AntiSpywareSuite rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntiSpywareXP 2009] Number=753 Confirmed=X Filename=AntiSpywareXP2009.exe Description=AntiSpywareXP 2009 rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVer2008] Number=754 Confirmed=X Filename=pgs.exe Description=AntiVer2008, French rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntiVermeans] Number=755 Confirmed=X Filename=AntiVermeans.exe Description=Variant of the Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVermins] Number=756 Confirmed=X Filename=AntiVermins.exe Description=Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVermins 3.0] Number=757 Confirmed=X Filename=AntiVermins 3.0.exe Description=Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVermins 3.3] Number=758 Confirmed=X Filename=AntiVermins 3.3.exe Description=Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVerminser] Number=759 Confirmed=X Filename=AntiVerminser.exe Description=Variant of the Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVerminsPro] Number=760 Confirmed=X Filename=AntiVerminspro.exe Description=Antivermins rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [antiviirus] Number=761 Confirmed=X Filename=antiviirus.exe Description=Added by a variant of the AGENT.KEU TROJAN! Source=Paul Collins Startup list [Antivir] Number=762 Confirmed=X Filename=svchst.exe Description=Added by the RAGRUK-A TROJAN! Source=Paul Collins Startup list [AntiVir] Number=763 Confirmed=X Filename=scvhost.exe Description=Added by the AGENT-DSF TROJAN! Source=Paul Collins Startup list [AntiVir] Number=764 Confirmed=X Filename=winlog.exe Description=Added by the IRCBOT-TJ TROJAN! Source=Paul Collins Startup list [AntiVir] Number=765 Confirmed=X Filename=smss.exe Description=Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles% Source=Paul Collins Startup list [AntiVir XP] Number=766 Confirmed=Y Filename=AVwin.exe Description=AntiVir® PersonalEdition Classic - antivirus Source=Paul Collins Startup list [Antivir64] Number=767 Confirmed=X Filename=Antivir64.exe Description=Antivir64 rogue security software - not recommended, see here Source=Paul Collins Startup list [AntiVirGear *.*] Number=768 Confirmed=X Filename=AntiVirGear *.*.exe Description=AntiVirGear misleading security software, where *.* represents the version number - not recommended, see here Source=Paul Collins Startup list [Antivirus] Number=769 Confirmed=X Filename=av.exe Description=Added by the SINKIN TROJAN! Resets IE start page to realphx.com Source=Paul Collins Startup list [Antivirus] Number=770 Confirmed=X Filename=maja.exe Description=Added by the NETSKY.H WORM! Source=Paul Collins Startup list [Antivirus] Number=771 Confirmed=X Filename=iexpl0res.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AntiVirus] Number=772 Confirmed=X Filename=kaspery.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [AntiVirus] Number=773 Confirmed=X Filename=AntiVirus.exe Description=Added by the BANKER-EHB TROJAN! Source=Paul Collins Startup list [Antivirus] Number=774 Confirmed=X Filename=antvrs.exe Description=Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [Antivirus] Number=775 Confirmed=X Filename=avm.exe Description=Antivirus Master rogue security software - not recommended, see Source=Paul Collins Startup list [Antivirus] Number=776 Confirmed=X Filename=vav.exe Description=Vista Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [Antivirus] Number=777 Confirmed=X Filename=aav.exe Description=Advanced Antivirus rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [ANTIVIRUS] Number=778 Confirmed=X Filename=AVS.exe Description=Antivirus Sentry rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [ANTIVIRUS] Number=779 Confirmed=X Filename=microAV.exe Description=Micro Antivirus 2009 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Antivirus] Number=780 Confirmed=X Filename=MSA.exe Description=MS Antivirus rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [ANTIVIRUS] Number=781 Confirmed=X Filename=UltraAV.exe Description=Ultra Antivirus 2009 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Antivirus] Number=782 Confirmed=X Filename=xpa.exe Description=Xpert Antivirus Enterprise rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Antivirus 2009 plus] Number=783 Confirmed=X Filename=Antivirus 2009 plus.exe Description=AntiVirus Plus rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Antivirus Installer] Number=784 Confirmed=X Filename=[path to trojan] Description=Added by the BADGENT-A TROJAN! Source=Paul Collins Startup list [Antivirus Pro 2009] Number=785 Confirmed=X Filename=AntivirusPro2009.exe Description=AntiVirus Plus rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVirus Process] Number=786 Confirmed=X Filename=virprot.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Antivirus Protection Services] Number=787 Confirmed=X Filename=ccapp2.exe Description=Added by the RBOT.EXI WORM! Source=Paul Collins Startup list [AntiVirus Update] Number=788 Confirmed=X Filename=updates.exe Description=Added by the RBOT-JF WORM! Source=Paul Collins Startup list [AntiVirus Update] Number=789 Confirmed=X Filename=antivirus.exe Description=Added by the RBOT-IF WORM! Source=Paul Collins Startup list [Antivirus-2008.exe] Number=790 Confirmed=X Filename=Antivirus-2008.exe Description=Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN! Source=Paul Collins Startup list [antivirus-2008pro.exe] Number=791 Confirmed=X Filename=antivirus-2008pro.exe Description=Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN! Source=Paul Collins Startup list [Antivirus-Golden] Number=792 Confirmed=X Filename=Antivirus-Golden.exe Description=Antivirus-Golden misleading security software - not recommended, see here Source=Paul Collins Startup list [Antivirus2008y] Number=793 Confirmed=X Filename=antvrs.exe Description=Antivirus 2008 rogue security software - not recommended, see here Source=Paul Collins Startup list [antivirus32] Number=794 Confirmed=X Filename=antivirus.exe Description=Added by the SPYBOT.KAI WORM! Source=Paul Collins Startup list [AntivirusFiable] Number=795 Confirmed=X Filename=pgs.exe Description=AntivirusFiable, French rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntivirusForAll] Number=796 Confirmed=X Filename=pgs.exe Description=AntivirusForAll rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntivirusGold] Number=797 Confirmed=X Filename=AntivirusGold.exe Description=AntivirusGold malware Source=Paul Collins Startup list [AntiVirusLab2009] Number=798 Confirmed=X Filename=AntiVirusLab2009.exe Description=WinDefender 2009 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntivirusOrdi] Number=799 Confirmed=X Filename=pgs.exe Description=AntivirusOrdi, French rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntivirusPCPakke] Number=800 Confirmed=X Filename=pgs.exe Description=AntivirusPCPakke, Danish rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntivirusPCSuite] Number=801 Confirmed=X Filename=pgs.exe Description=AntivirusPCSuite rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [Antiviruspertutti] Number=802 Confirmed=X Filename=pgs.exe Description=Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntiVirusPro] Number=803 Confirmed=X Filename=AntiVirusPro.exe Description=AntiVirusPro misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiVirusProMFC] Number=804 Confirmed=X Filename=Antivirus Pro.exe Description=AntiVirusPro misleading security software - not recommended, see here Source=Paul Collins Startup list [AntiVirusProtection] Number=805 Confirmed=? Filename=qumk.exe Description=?? Source=Paul Collins Startup list [Antivirusscherm] Number=806 Confirmed=X Filename=pgs.exe Description=Antivirusscherm, Dutch rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AntivirusXP.exe] Number=807 Confirmed=X Filename=AntivirusXP.exe Description=Antivirus XP Pro rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AntiVituS] Number=808 Confirmed=X Filename=Base.exe Description=Added by the BAS.A WORM! Source=Paul Collins Startup list [antiware] Number=809 Confirmed=X Filename=elite***32.exe [*** = random char] Description=Added by the DLOADER-HW TROJAN! Source=Paul Collins Startup list [AntiWindowsMessenger] Number=810 Confirmed=U Filename=AntiMsMsg.exe Description=Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory Source=Paul Collins Startup list [AntiWorm2008] Number=811 Confirmed=X Filename=pgs.exe Description=AntiWorm2008 rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [anti_troj] Number=812 Confirmed=X Filename=anti_troj.exe Description=Added by the LODEAR.D TROJAN! Source=Paul Collins Startup list [AnVir] Number=813 Confirmed=U Filename=AnVir.exe Description=AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities Source=Paul Collins Startup list [AnVir Security Suite] Number=814 Confirmed=U Filename=AnVir.exe Description=AnVir Security Suite - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities. This version includes an antivirus scanner and anti-rootkit tool Source=Paul Collins Startup list [AnVir Task Manager] Number=815 Confirmed=U Filename=AnVir.exe Description=AnVir Task Manager - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities Source=Paul Collins Startup list [AnVir Task Manager Free] Number=816 Confirmed=U Filename=AnVir.exe Description=AnVir Task Manager Free - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/HDD and other utilities Source=Paul Collins Startup list [AnVir Task Manager Pro] Number=817 Confirmed=U Filename=AnVir.exe Description=AnVir Task Manager Pro - "is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work". Monitors and manages startup programs, processes and services. Also includes system tweaks, security risks, tray icons for monitoring CPU/memory/HDD and other utilities Source=Paul Collins Startup list [anvshell] Number=818 Confirmed=U Filename=anvshell.exe Description=System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar Source=Paul Collins Startup list [AnvTrgr] Number=819 Confirmed=X Filename=AnvTrgr.exe Description=AntivirusTrigger rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [Any To-Do List] Number=820 Confirmed=U Filename=anytodo.exe Description=Any To-Do List "the ultimate software solution to keep yourself organized and reminded" Source=Paul Collins Startup list [anycom bluetooth] Number=821 Confirmed=? Filename=ftflauncher.exe Description=Associated with an Anycom bluetooth wireless card. What does it do and is it required? Source=Paul Collins Startup list [AnyDVD] Number=822 Confirmed=U Filename=AnyDVD.exe Description=AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation Source=Paul Collins Startup list [AnyDVD] Number=823 Confirmed=U Filename=AnyDVDtray.exe Description=System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts Source=Paul Collins Startup list [AnyTime] Number=824 Confirmed=U Filename=Atw.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AnyTime Organizer] Number=825 Confirmed=U Filename=AtDem.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AnyTime Organizer] Number=826 Confirmed=U Filename=Atw.exe Description=AnyTime Organizer Deluxe from Individual Software Inc - "all the tools you need to organize your calendar, to-do list, and address book are combined in a familiar interface with hundreds of printable calendars, detailed expense reports, and a full range of programmable alarms" Source=Paul Collins Startup list [AO Tray] Number=827 Confirmed=N Filename=AOTray.Exe Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [aol] Number=828 Confirmed=Y Filename=avp.exe Description=AOL's Active Virus Shield (by Kaspersky) - found in an AOL\Active Virus Shield sub-directory Source=Paul Collins Startup list [AOL 9.0 Optimized] Number=829 Confirmed=X Filename=AOLClient.exe Description=Added by the SPYBOTER.A TROJAN! Source=Paul Collins Startup list [AOL Broadband Check-Up] Number=830 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [AOL Companion] Number=831 Confirmed=N Filename=companion.exe Description=Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use Source=Paul Collins Startup list [Aol Configuration Loader] Number=832 Confirmed=X Filename=aimsng.exe Description=Added by the SDBOT-XE WORM! Source=Paul Collins Startup list [AOL Fast Start] Number=833 Confirmed=? Filename=AOL.exe Description=AOL ISP software related. What does it do and is it required? Source=Paul Collins Startup list [AOL Instant Messanger] Number=834 Confirmed=X Filename=aim.exe Description=Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility Source=Paul Collins Startup list [AOL Instant Messengar] Number=835 Confirmed=X Filename=aol.exe Description=Added by the AGOBOT-FN WORM! Source=Paul Collins Startup list [AOL Instant Messenger] Number=836 Confirmed=X Filename=AlM.EXE Description=Added by unidentified malware. Note - there ia a lower case "L" between the A and M in the filename Source=Paul Collins Startup list [Aol Instant Messenger] Number=837 Confirmed=X Filename=aolmsg.exe Description=Added by the KELVIR.AL WORM! Source=Paul Collins Startup list [AOL Instant Messenger] Number=838 Confirmed=X Filename=aimsgr.exe Description=Added by the IRCBOT.N TROJAN! Source=Paul Collins Startup list [AOL Instant Messenger 7.213] Number=839 Confirmed=X Filename=aim9283.exe Description=Added by the SDBOT-ZF WORM! Source=Paul Collins Startup list [AOL Instant Messenger dll runtime] Number=840 Confirmed=X Filename=MSAOL32dll.exe Description=Added by the RBOT-ATA WORM! Source=Paul Collins Startup list [Aol Instant Messenger Fix] Number=841 Confirmed=X Filename=aolfix.exe Description=Added by the SDBOT-ABJ WORM! Source=Paul Collins Startup list [AOL Messenger] Number=842 Confirmed=X Filename=[random filename] Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [AOL Messenger] Number=843 Confirmed=X Filename=aolmsngr.exe Description=Added by the SDBOT-JF WORM! Source=Paul Collins Startup list [AOL Messenger Optimized] Number=844 Confirmed=X Filename=AOLOpt.exe Description=Added by the AOLOPT TROJAN! Source=Paul Collins Startup list [AOL Services Hosts] Number=845 Confirmed=X Filename=aolserviceshosts.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AOL Spyware Protection] Number=846 Confirmed=U Filename=AOLSP Scheduler.exe Description=AOL's spyware protection program Source=Paul Collins Startup list [AOL TopSpeedMonitor] Number=847 Confirmed=U Filename=aoltsmon.exe Description=AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up Source=Paul Collins Startup list [AolAcsDaemon1] Number=848 Confirmed=Y Filename=Acsd.exe Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually Source=Paul Collins Startup list [AolAcsDaemon1] Number=849 Confirmed=Y Filename=AOLACSD.EXE Description=AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually Source=Paul Collins Startup list [AOLCC] Number=850 Confirmed=? Filename=ACCAgnt.exe Description=AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required? Source=Paul Collins Startup list [AolCon] Number=851 Confirmed=X Filename=config.com Description=Added by the TAPLAK WORM! Source=Paul Collins Startup list [AOLDialer] Number=852 Confirmed=N Filename=AOLDial.exe Description=AOL ISP software dialer - can be activated through a desktop shortcut Source=Paul Collins Startup list [AolFix] Number=853 Confirmed=N Filename=AolFix.exe Description=Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once Source=Paul Collins Startup list [AOLRegKey32] Number=854 Confirmed=X Filename=AOREGSVR512.EXE Description=Unidentified malware - see here Source=Paul Collins Startup list [AOLSAV] Number=855 Confirmed=? Filename=AOLAgent.exe Description=AOL ISP related. What does it do and is it required? Source=Paul Collins Startup list [AOLStart] Number=856 Confirmed=X Filename=AOLStart.exe Description=Added by the KRAIMER.12 TROJAN! Source=Paul Collins Startup list [aolupdater.exe] Number=857 Confirmed=X Filename=aolupdater.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Aornum] Number=858 Confirmed=X Filename=aornum.exe Description=Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware Source=Paul Collins Startup list [AOTray] Number=859 Confirmed=N Filename=AOTray.Exe Description=System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [aouei] Number=860 Confirmed=X Filename=sysrtmvs.exe Description=Chivio dialer Source=Paul Collins Startup list [APC UPS Status] Number=861 Confirmed=Y Filename=Display.exe Description=APC PowerChute® Personal Edition status icon Source=Paul Collins Startup list [APC_SERVICE] Number=862 Confirmed=U Filename=mainserv.exe Description=APC PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions." Appears as a service in XP/Vista and under the "RunServices" registry key in Win98 Source=Paul Collins Startup list [apc_tray] Number=863 Confirmed=Y Filename=apc_tray.exe Description=Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure Source=Paul Collins Startup list [APD123] Number=864 Confirmed=X Filename=APD123.exe Description=PacerD Media/Pacimedia.com adware Source=Paul Collins Startup list [Api**.exe [* = random char]] Number=865 Confirmed=X Filename=Api**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Api**32.exe [* = random char]] Number=866 Confirmed=X Filename=Api**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [API32] Number=867 Confirmed=X Filename=api32.exe Description=Added by the IRCBOT-B TROJAN! Source=Paul Collins Startup list [APIClass] Number=868 Confirmed=X Filename=lexplore_.exe Description=Added by the MSNOPT-A TROJAN! Source=Paul Collins Startup list [APIMon] Number=869 Confirmed=X Filename=apimonx.exe Description=Added by the TIBSER.A downloader TROJAN! Source=Paul Collins Startup list [APIMon] Number=870 Confirmed=X Filename=winapix.exe Description=Added by a variant of the TIBSER.A downloader TROJAN! Source=Paul Collins Startup list [APIMon] Number=871 Confirmed=X Filename=msreg.exe Description=Added by the DROPPER.Z TROJAN! Source=Paul Collins Startup list [apisvc.exe] Number=872 Confirmed=X Filename=apisvc.exe Description=Added by a variant of the LAMEBOT TROJAN! Source=Paul Collins Startup list [APL] Number=873 Confirmed=U Filename=APL.exe Description=Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application Source=Paul Collins Startup list [Apmsrv9x] Number=874 Confirmed=? Filename=APMSRV9X.EXE Description=Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required? Source=Paul Collins Startup list [Apoint] Number=875 Confirmed=U Filename=Apoint.exe Description=Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work Source=Paul Collins Startup list [App**32.exe [* = random char]] Number=876 Confirmed=X Filename=App**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [App.EXEName] Number=877 Confirmed=X Filename=[path to worm]\.exe Description=Added by the BODIRU WORM! Source=Paul Collins Startup list [Appcon] Number=878 Confirmed=U Filename=vAppCon.exe Description=Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established Source=Paul Collins Startup list [appconn] Number=879 Confirmed=X Filename=appconn.exe Description=Added by the CARGAO WORM! Source=Paul Collins Startup list [AppExtender] Number=880 Confirmed=U Filename=AppExtCB.exe Description=Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received Source=Paul Collins Startup list [appis.exe] Number=881 Confirmed=X Filename=appis.exe Description=Added by the AGENT-BC TROJAN! Source=Paul Collins Startup list [AppleSyncNotifier] Number=882 Confirmed=N Filename=AppleSyncNotifier.exe Description=From WinPatrol PLUS by BillP Studios - "This file installs with iTunes and is used when syncing your iPhone, iTouch, iPod, etc." See here for more information Source=Paul Collins Startup list [AppletINIT] Number=883 Confirmed=X Filename=INITIATE.EXE Description=Added by the AGOBOT.XV TROJAN! Source=Paul Collins Startup list [Application] Number=884 Confirmed=Y Filename=mdmsetsp.exe Description=Aztech Labs modem driver Source=Paul Collins Startup list [Application Adapter] Number=885 Confirmed=X Filename=abvsvc.exe Description=Added by the CHECKOUT WORM! Source=Paul Collins Startup list [Application Explorer] Number=886 Confirmed=U Filename=Naldesk.exe Description=Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." Source=Paul Collins Startup list [Application Explorer] Number=887 Confirmed=U Filename=NalView.exe Description=Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications Source=Paul Collins Startup list [Application Launcher] Number=888 Confirmed=N Filename=Application Launcher.exe Description=System Tray accesss to Sony Ericsson PC Suite which "connects your phone to your computer and expands the capabilities of your phone". Start manually via the Start Menu (or optional desktop shortcut) before connecting the phone Source=Paul Collins Startup list [Application Layer Browser] Number=889 Confirmed=X Filename=abgsvc.exe Description=Added by the ULPM.FX TROJAN! Source=Paul Collins Startup list [Application Layer Gateway Service] Number=890 Confirmed=X Filename=algs.exe Description=Added by the LINKBOT.M WORM! Source=Paul Collins Startup list [Application Layer Scheduler] Number=891 Confirmed=X Filename=agtsvc.exe Description=Added by the IRCBOT.BJJ BACKDOOR! Source=Paul Collins Startup list [Application Layer Services] Number=892 Confirmed=X Filename=avrsvc.exe Description=Added by the IRCBOT.BJM BACKDOOR! Source=Paul Collins Startup list [Application Manager] Number=893 Confirmed=X Filename=acnsvc.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [Application Manager] Number=894 Confirmed=X Filename=apnsvc.exe Description=Added by the SMALLTRO.FN TROJAN! Source=Paul Collins Startup list [ApplicationProtocolRun] Number=895 Confirmed=X Filename=smsbvl32.exe Description=Added by the IRCBOT-CX TROJAN! Source=Paul Collins Startup list [AppPlus] Number=896 Confirmed=U Filename=AppPlus.exe Description=AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" Source=Paul Collins Startup list [Apvxd] Number=897 Confirmed=Y Filename=APVXDWIN.EXE Description=Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection Source=Paul Collins Startup list [Apvxdwin] Number=898 Confirmed=Y Filename=APVXDWIN.EXE Description=Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection Source=Paul Collins Startup list [APVXDWIN] Number=899 Confirmed=Y Filename=ClShield.exe Description="Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders" Source=Paul Collins Startup list [Apwheel] Number=900 Confirmed=Y Filename=Apwheel.exe Description=Wheel support for an Alps mouse Source=Paul Collins Startup list [apyginapygin] Number=901 Confirmed=X Filename=simenu.exe Description=Added by the SDBOT.BTR WORM! Source=Paul Collins Startup list [AQ3HelperStartUp] Number=902 Confirmed=U Filename=AQ3HEL~1.EXE Description=ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [aqadcup.exe] Number=903 Confirmed=X Filename=aqadcup.exe Description=Added by the AGENT.BG WORM! Source=Paul Collins Startup list [Aqua Dock] Number=904 Confirmed=Y Filename=Aqua Dock.exe Description=Aqua Dock - 'free program that allows you to have an "OS X" style, nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure' Source=Paul Collins Startup list [Aqujyjax] Number=905 Confirmed=X Filename=[path to file] Description=Added by the RANCK-CQ TROJAN! Source=Paul Collins Startup list [Aqujyjax] Number=906 Confirmed=X Filename=aqujyjax.exe Description=Added by the SDBOT-YC WORM! Source=Paul Collins Startup list [ara-key] Number=907 Confirmed=X Filename=[random filename] Description=Added by the ANTINNY WORM! Source=Paul Collins Startup list [ArabLionZ Drive] Number=908 Confirmed=? Filename=ArabLionZ.Drive.exe Description=ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required? Source=Paul Collins Startup list [ArcaCheck] Number=909 Confirmed=Y Filename=ArcaCheck.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do? Source=Paul Collins Startup list [arcaderockstar] Number=910 Confirmed=X Filename=arcaderockstar32.exe Description=Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer Source=Paul Collins Startup list [Archive] Number=911 Confirmed=X Filename=archive.exe Description=Adware - detected by Kaspersky as the CENTIM.A TROJAN! Source=Paul Collins Startup list [ARCHIVE CONTROL] Number=912 Confirmed=X Filename=fixupdattr.exe Description=Added by the MYTOB.GU WORM! Source=Paul Collins Startup list [ArcSoft Connect] Number=913 Confirmed=N Filename=ACDaemon.exe Description=Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia Source=Paul Collins Startup list [ArcSoft Connection Service] Number=914 Confirmed=N Filename=ACDaemon.exe Description=Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia Source=Paul Collins Startup list [ARCSolo Recovery] Number=915 Confirmed=N Filename=N/A Description=Backup software by Computer Associates - no longer supported Source=Paul Collins Startup list [Ardamax Keylogger] Number=916 Confirmed=U Filename=akl.exe Description=Ardakey keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ares] Number=917 Confirmed=N Filename=ares.exe Description="Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" Source=Paul Collins Startup list [areslite] Number=918 Confirmed=N Filename=AresLite.exe Description="Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc" Source=Paul Collins Startup list [Argentum Backup] Number=919 Confirmed=U Filename=ab.exe Description=Argentum Backup - a small backup program that lets you easily back up your documents and folders Source=Paul Collins Startup list [Aritima] Number=920 Confirmed=X Filename=aritima.exe Description=Added by the ARITIM WORM! Source=Paul Collins Startup list [Arman] Number=921 Confirmed=X Filename=[path to worm] Description=Added by the IRCBOT-TG WORM! Source=Paul Collins Startup list [ARMOR2NET] Number=922 Confirmed=U Filename=Armor2net.exe Description=Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue, see here - hence the "U" recommendation) Source=Paul Collins Startup list [aromis] Number=923 Confirmed=X Filename=aromis.exe Description=Added by the NUWAR.JQ WORM! Source=Paul Collins Startup list [AROReminder] Number=924 Confirmed=N Filename=aro.exe Description=Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode Source=Paul Collins Startup list [Arovax AntiSpyware] Number=925 Confirmed=U Filename=arovaxantispyware.exe Description=Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon Source=Paul Collins Startup list [Arovax Shield] Number=926 Confirmed=Y Filename=ArovaxShield.exe Description=Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon Source=Paul Collins Startup list [arovaxantispyware] Number=927 Confirmed=U Filename=arovaxantispyware.exe Description=Part of Arovax AntiSpyware from Arovax, LLC - that offers an "innovating, powerful, speedy and extremely easy to use Spyware protection program". Runs a system scan when Windows starts and adds a System Tray icon Source=Paul Collins Startup list [ArovaxShield] Number=928 Confirmed=Y Filename=ArovaxShield.exe Description=Part of Arovax Shield from Arovax, LLC - that "detects and notifies you about all major online threats trying to penetrate your system, isolates & blocks them". Runs the main program in the background and adds a System Tray icon Source=Paul Collins Startup list [ARPWRMSG] Number=929 Confirmed=N Filename=ARPWRMSG.EXE Description=Related to HP and Compaq Desktop PCs. Read this article Source=Paul Collins Startup list [Artera] Number=930 Confirmed=U Filename=arteraui.exe Description=Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance Source=Paul Collins Startup list [AS00 Gear511] Number=931 Confirmed=? Filename=Gear511.exe Description=Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required? Source=Paul Collins Startup list [AS00_Gear511] Number=932 Confirmed=N Filename=Gear511.exe Description=Netgear wireless LAN configuration utility Source=Paul Collins Startup list [AS00_WN511B] Number=933 Confirmed=U Filename=WN511B.exe Description=Netgear RangeMax NEXT wireless adapter configuration utility Source=Paul Collins Startup list [AS00_WPN511] Number=934 Confirmed=? Filename=WPN511.exe Description=NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup? Source=Paul Collins Startup list [ASC-AntiSpyware] Number=935 Confirmed=X Filename=WinCleaner.exe Description=WinCleaner 2009 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [ASC-AntiSpyware] Number=936 Confirmed=X Filename=WinAntivirus.exe Description=Win Antivirus Vista/XP rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [asc32] Number=937 Confirmed=X Filename=asc 2.1.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [ASDPLUGIN] Number=938 Confirmed=X Filename=dsldbaccess.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=939 Confirmed=X Filename=canada.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=940 Confirmed=X Filename=france.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=941 Confirmed=X Filename=fullgames.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=942 Confirmed=X Filename=100171be.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=943 Confirmed=X Filename=100176br.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=944 Confirmed=X Filename=adult1.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=945 Confirmed=X Filename=Austria.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=946 Confirmed=X Filename=belgium_nm.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=947 Confirmed=X Filename=czech.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=948 Confirmed=X Filename=dbaccess.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=949 Confirmed=X Filename=dslgeaccess.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=950 Confirmed=X Filename=Finland.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=951 Confirmed=X Filename=geaccess.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=952 Confirmed=X Filename=mexico.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=953 Confirmed=X Filename=netherlands.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=954 Confirmed=X Filename=turkey.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=955 Confirmed=X Filename=uk_nm.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=956 Confirmed=X Filename=Xadult1.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [ASDPLUGIN] Number=957 Confirmed=X Filename=temp532.exe Description=AsdPlug premium rate adult content dialer Source=Paul Collins Startup list [asdsaxcxz13] Number=958 Confirmed=X Filename=dasxcsx13.exe Description=Added by the LEGMIR-ARF TROJAN! Source=Paul Collins Startup list [asdx] Number=959 Confirmed=X Filename=xwinrpc32.exe Description=Added by the AGOBOT.VO WORM! Source=Paul Collins Startup list [ASE Scheduler] Number=960 Confirmed=N Filename=ASE Scheduler.exe Description=Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here Source=Paul Collins Startup list [Ashampoo AntiSpyWare 2] Number=961 Confirmed=Y Filename=AntiSpyWare2Guard.exe Description=Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc Source=Paul Collins Startup list [Ashampoo AntiSpyWare 2 Guard] Number=962 Confirmed=Y Filename=AntiSpyWare2Guard.exe Description=Part of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc Source=Paul Collins Startup list [Ashampoo FireWall] Number=963 Confirmed=Y Filename=FireWall.exe Description=Ashampoo FireWall Free version Source=Paul Collins Startup list [Ashampoo FireWall PRO] Number=964 Confirmed=Y Filename=FireWall.exe Description=Ashampoo FireWall PRO version Source=Paul Collins Startup list [Ashampoo PopUpBlocker] Number=965 Confirmed=U Filename=PopUpKiller.exe Description=Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus) Source=Paul Collins Startup list [ashAvast] Number=966 Confirmed=Y Filename=ashAvast.exe Description=Part of Avast antivirus Source=Paul Collins Startup list [ashcap] Number=967 Confirmed=X Filename=servirsess.exe Description=SpySure spyware Source=Paul Collins Startup list [ashDisp] Number=968 Confirmed=Y Filename=ashDisp.exe Description=System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications Source=Paul Collins Startup list [ashDsp.exe] Number=969 Confirmed=X Filename=ashDsp.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [ASHLT] Number=970 Confirmed=X Filename=Ashlt.exe Description=Ashlt adware Source=Paul Collins Startup list [ashMaiSv] Number=971 Confirmed=Y Filename=ashmaisv.exe Description=Part of Avast! anti-virus software - E-mail scanner Source=Paul Collins Startup list [Asicfc] Number=972 Confirmed=X Filename=icfca.exe Description=Added by the AGENT.AAJE WORM! Source=Paul Collins Startup list [AsioReg] Number=973 Confirmed=U Filename=regsvr32.exe ctasio.dll Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality Source=Paul Collins Startup list [AsioThk32Reg] Number=974 Confirmed=U Filename=rregsvr32.exe ctasio.dll Description=ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality Source=Paul Collins Startup list [ASK] Number=975 Confirmed=U Filename=rundll32.exe [path] ASK.dll rdl Description=Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [asl] Number=976 Confirmed=X Filename=Aslru.exe Description=Added by the BANCOS-CU TROJAN! Source=Paul Collins Startup list [ASM] Number=977 Confirmed=U Filename=ASMonitor.exe Description=Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection Source=Paul Collins Startup list [Asmw Soft Popups Burner] Number=978 Confirmed=U Filename=popups burner.exe Description=Popup blocker, part of Asmw Soft PC Optimizer Source=Paul Collins Startup list [asnconsole] Number=979 Confirmed=X Filename=msasn.exe Description=Added by the RBOT.EVU TROJAN! Source=Paul Collins Startup list [ASocksrv] Number=980 Confirmed=X Filename=SocksA.exe Description=Added by the VB.CBW WORM! Source=Paul Collins Startup list [asp-srvc] Number=981 Confirmed=X Filename=asp-srvc.exe Description=Added by the AGOBOT-KG WORM! Source=Paul Collins Startup list [ASP.NET State Service] Number=982 Confirmed=X Filename=csrss.exe Description=Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [ASP.NET State Service] Number=983 Confirmed=X Filename=crsass.exe Description=Added by the BANLOAD-M TROJAN! Source=Paul Collins Startup list [ASP.NET State Service] Number=984 Confirmed=X Filename=servicos..exe Description=Added by the DADOBRA-I TROJAN! Source=Paul Collins Startup list [asp4tray] Number=985 Confirmed=N Filename=asp4tray.exe Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [AspireTimeMachine] Number=986 Confirmed=Y Filename=acertmb.exe Description=System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry Source=Paul Collins Startup list [ASpyC] Number=987 Confirmed=X Filename=ASpyC.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [asrupdate.exe] Number=988 Confirmed=X Filename=asrupdate.exe Description=Added by the VB.ATZ TROJAN! Source=Paul Collins Startup list [assistse] Number=989 Confirmed=X Filename=ASSISTSE.EXE Description=CnsMin (Chinese Keywords) hijacker related Source=Paul Collins Startup list [AST] Number=990 Confirmed=X Filename=AST Description=Added by the VB.AH TROJAN! Source=Paul Collins Startup list [AST] Number=991 Confirmed=X Filename=AST.exe Description=AutoStarter parasite Source=Paul Collins Startup list [ASTART] Number=992 Confirmed=U Filename=astart.exe Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings Source=Paul Collins Startup list [AStart] Number=993 Confirmed=X Filename=AStart Description=Added by the VB.AH TROJAN! Source=Paul Collins Startup list [asTray] Number=994 Confirmed=N Filename=Astray.exe Description=Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer Source=Paul Collins Startup list [Astro] Number=995 Confirmed=N Filename=Astro.exe Description=Checks for updates to Quicken on a system reboot Source=Paul Collins Startup list [Astrum] Number=996 Confirmed=X Filename=Astrum.exe Description=Astrum Antivirus Pro rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [ASUS Camera ScreenSaver] Number=997 Confirmed=? Filename=ASScrProlog.exe Description=Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% Source=Paul Collins Startup list [ASUS Live Update] Number=998 Confirmed=N Filename=ALU.exe Description=ASUS Live Update utility for their motherboards Source=Paul Collins Startup list [ASUS Probe] Number=999 Confirmed=N Filename=AsusProb.exe Description=ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area Source=Paul Collins Startup list [ASUS Screen Saver Protector] Number=1000 Confirmed=? Filename=ASScrPro.exe Description=Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe, according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir% Source=Paul Collins Startup list [ASUS SmartDoctor] Number=1001 Confirmed=U Filename=VGAProbe.exe Description=ASUS video card fan/thermal monitor Source=Paul Collins Startup list [ASUS TweakEnable] Number=1002 Confirmed=U Filename=astart.exe Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings Source=Paul Collins Startup list [ASUSGamerOSD] Number=1003 Confirmed=N Filename=GamerOSD.exe Description=GamerOSD by ASUSTek - for "real-time overclocking, benchmarking and video capturing in any PC game." Free for ASUS graphics cards, 30-day trial for non-ASUS graphics cards Source=Paul Collins Startup list [ASUSKey] Number=1004 Confirmed=N Filename=V38SHELL.EXE Description=System tray Icon for quickly changing video modes Source=Paul Collins Startup list [asussvc] Number=1005 Confirmed=X Filename=asussvc.exe Description=Added by the AGENT-FPB TROJAN! Source=Paul Collins Startup list [asustweakenable] Number=1006 Confirmed=U Filename=ATweak.exe Description=ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings Source=Paul Collins Startup list [ASWDP] Number=1007 Confirmed=N Filename=ASWDP.exe Description=MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market Source=Paul Collins Startup list [ASWnk] Number=1008 Confirmed=X Filename=aswnk.exe Description=Adult content dialler Source=Paul Collins Startup list [AT&T Self Support Tool] Number=1009 Confirmed=U Filename=matcli.exe Description=AT&T Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [AT-Watch] Number=1010 Confirmed=U Filename=ATWatch.exe Description=Anti-Trojan Watch - trojan detector Source=Paul Collins Startup list [atapidrv] Number=1011 Confirmed=X Filename=atapidrv.exe Description=Added by the AGOBOT-SL WORM! Source=Paul Collins Startup list [atchk] Number=1012 Confirmed=U Filename=atchk.exe Description=AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT Source=Paul Collins Startup list [atf.exe] Number=1013 Confirmed=X Filename=pgs.exe Description=Part of the PCSecureSystem rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [atf_reinstall] Number=1014 Confirmed=X Filename=atf.exe Description=Part of the AVSystemCare rogue security software - not recommended. See here Source=Paul Collins Startup list [Athan] Number=1015 Confirmed=U Filename=Athan.exe Description=Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world Source=Paul Collins Startup list [ATI 2D Component] Number=1016 Confirmed=U Filename=Ati2mdxx.exe Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation Source=Paul Collins Startup list [ATI Active Graphics Card Monitor] Number=1017 Confirmed=X Filename=atievx.exe Description=Added by the IRCBOT-TL WORM! Source=Paul Collins Startup list [ATI AS Filter] Number=1018 Confirmed=X Filename=msnse.exe Description=Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites Source=Paul Collins Startup list [ATI Catalyst™ System Tray] Number=1019 Confirmed=N Filename=CLI.exe SystemTray Description=System Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop Source=Paul Collins Startup list [ATI Desktop Component] Number=1020 Confirmed=U Filename=ATIPTAXX.EXE Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" Source=Paul Collins Startup list [ATI DeviceDetect] Number=1021 Confirmed=N Filename=ATIDtct.EXE Description=Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled Source=Paul Collins Startup list [ATI Display] Number=1022 Confirmed=X Filename=ATIDisplay.exe Description=Added by the BDOOR-AFH BACKDOOR! Source=Paul Collins Startup list [ATI Display Driver] Number=1023 Confirmed=X Filename=atixd.exe Description=Added by the RBOT-FOV WORM! Source=Paul Collins Startup list [Ati Display Settings] Number=1024 Confirmed=X Filename=atividx.exe Description=Added by the RBOT-GAS WORM! Source=Paul Collins Startup list [ATI GART Set-up Utility] Number=1025 Confirmed=N Filename=Atigart.exe Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed Source=Paul Collins Startup list [ATI Launchpad] Number=1026 Confirmed=U Filename=launchpd.exe Description=Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu Source=Paul Collins Startup list [ATI Rage3d Pro] Number=1027 Confirmed=X Filename=AtiRage4dPro.exe Description=Added by the AGOBOT-OG WORM! Source=Paul Collins Startup list [ATI Remote Control] Number=1028 Confirmed=Y Filename=ATIRW.exe Description=Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it Source=Paul Collins Startup list [ATI Remote Control] Number=1029 Confirmed=Y Filename=ATIX10.exe Description=ATI Remote Wonder® - PC wireless remote control driver. Required if you use it Source=Paul Collins Startup list [ATI Scheduler] Number=1030 Confirmed=N Filename=Atisched.exe Description=Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see Source=Paul Collins Startup list [ATI Task Application] Number=1031 Confirmed=N Filename=Atitkad.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATI Task Application (Atikey)] Number=1032 Confirmed=N Filename=Atitask.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATI Technologies Inc. HydraVision Desktop Manager] Number=1033 Confirmed=U Filename=HydraDM.exe Description=Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop" Source=Paul Collins Startup list [ATI Technologies Inc. HydraVision Viewport] Number=1034 Confirmed=U Filename=HydraMD.exe Description=Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which "creates, organizes and arranges up to nine active multi-monitor desktop combinations and allows you to cycle between them with a mouse." There is an optional System Tray icon or a hotkey can be configured to cycle through the desktops Source=Paul Collins Startup list [ATI Technology Startup] Number=1035 Confirmed=X Filename=techstart.exe Description=Added by the RBOT-AEU WORM! Source=Paul Collins Startup list [ATI Video Driver Control] Number=1036 Confirmed=X Filename=atigfx.exe Description=Added by the RBOT-FWL WORM! Source=Paul Collins Startup list [ATI Video Driver Control] Number=1037 Confirmed=X Filename=btorrent.exe Description=Added by a variant of the IRCBOT TROJAN! Source=Paul Collins Startup list [ATI Video Driver Controls] Number=1038 Confirmed=X Filename=[path to worm] Description=Added by the SDBOT-DDS WORM! Source=Paul Collins Startup list [ATI VIDEO REGKEY] Number=1039 Confirmed=X Filename=ati2vid.exe Description=Added by the SDBOT.UR WORM! Source=Paul Collins Startup list [Ati2cwxx] Number=1040 Confirmed=? Filename=Ati2cwxx.exe Description=For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it Source=Paul Collins Startup list [Ati2evxx] Number=1041 Confirmed=X Filename=Ati2evxx.com Description=Added by the BACKDOOR-CPC TROJAN! Source=Paul Collins Startup list [ati2f104] Number=1042 Confirmed=X Filename=ati2f104.exe Description=Added by the DLOADR-BBW TROJAN! Source=Paul Collins Startup list [Ati2mdxx] Number=1043 Confirmed=U Filename=Ati2mdxx.exe Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation Source=Paul Collins Startup list [ATICCC] Number=1044 Confirmed=N Filename=cli.exe runtime Description=ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows Source=Paul Collins Startup list [ATICCC] Number=1045 Confirmed=N Filename=CLIStart.exe Description=Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs Source=Paul Collins Startup list [aticpaxx.exe] Number=1046 Confirmed=X Filename=aticpaxx.exe Description=Added by the RBOT-XP WORM! Source=Paul Collins Startup list [AtiCwd] Number=1047 Confirmed=U Filename=AtiCwd.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd] Number=1048 Confirmed=U Filename=AtiCwd32.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd] Number=1049 Confirmed=U Filename=Ati2cwad.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=1050 Confirmed=U Filename=AtiCwd.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=1051 Confirmed=U Filename=AtiCwd32.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiCwd32] Number=1052 Confirmed=U Filename=Ati2cwad.exe Description=This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card Source=Paul Collins Startup list [AtiDisplayDrv] Number=1053 Confirmed=X Filename=atidrvxx.exe Description=Added by the RBOT-VZ WORM! Source=Paul Collins Startup list [atidriver] Number=1054 Confirmed=X Filename=reaIplayer.exe Description=Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L" Source=Paul Collins Startup list [AtiGart] Number=1055 Confirmed=N Filename=Atigart.exe Description=Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed Source=Paul Collins Startup list [AtiKey] Number=1056 Confirmed=N Filename=AtiKey32.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [AtiKey] Number=1057 Confirmed=N Filename=atiptkad.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display Source=Paul Collins Startup list [Atikey] Number=1058 Confirmed=N Filename=Atitask.exe Description=System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display Source=Paul Collins Startup list [ATIMACE] Number=1059 Confirmed=U Filename=MACE.exe Description=ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component Source=Paul Collins Startup list [ATIModeChange] Number=1060 Confirmed=U Filename=Ati2mdxx.exe Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. After testing it's exact function isn't known at this time and it doesn't appear to be running even with the startup entry enabled - hence the "U" recommendation Source=Paul Collins Startup list [AtiPanel] Number=1061 Confirmed=X Filename=atip.exe Description=Added by the TACTSLAY.U TROJAN! Source=Paul Collins Startup list [atipatxx] Number=1062 Confirmed=X Filename=atipatxx.exe Description=Added by the SMALL-ED TROJAN! Source=Paul Collins Startup list [ATIPOLAB] Number=1063 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [ATIPOLAB] Number=1064 Confirmed=U Filename=ati2evae.exe Description=ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks Source=Paul Collins Startup list [ATIPOLL] Number=1065 Confirmed=U Filename=ati2evxx.exe Description=ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources Source=Paul Collins Startup list [AtiPTA] Number=1066 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [ATIPTA] Number=1067 Confirmed=U Filename=ATIPTAXX.EXE Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" Source=Paul Collins Startup list [AtiPTA] Number=1068 Confirmed=U Filename=Atiptaab.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTAAA] Number=1069 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [AtiPTAAA] Number=1070 Confirmed=U Filename=ATIPTAXX.EXE Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" Source=Paul Collins Startup list [atiptaxx] Number=1071 Confirmed=U Filename=Ati2ptxx.exe Description=Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings Source=Paul Collins Startup list [ATIPTAXX] Number=1072 Confirmed=U Filename=ATIPTAXX.EXE Description=Installed with the drivers for some ATI based discrete graphics cards and on-board/mobile chipsets. Provides System Tray access to display settings (including desktop resolution, color depth and multi-display schemes), help and troubleshooting. Unless you often change your display settings this isn't really required as all the settings are available via the system Control Panel under "Display" Source=Paul Collins Startup list [atiptext] Number=1073 Confirmed=X Filename=atiptext.exe Description=Added by the COSIAM-A TROJAN! Source=Paul Collins Startup list [AtiQiPcl] Number=1074 Confirmed=U Filename=AtiQiPcl.exe Description=Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's Source=Paul Collins Startup list [ATISmart] Number=1075 Confirmed=U Filename=ati2s9ag.exe Description=ATI's "SMARTGART", which is included with the Catalyst™ drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings Source=Paul Collins Startup list [AtiSound] Number=1076 Confirmed=U Filename=csrss.exe Description=WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder Source=Paul Collins Startup list [atisrc2] Number=1077 Confirmed=X Filename=windfind.exe Description=Added by the WINDFIND-A TROJAN! Source=Paul Collins Startup list [ATITech] Number=1078 Confirmed=X Filename=Active.exe Description=Added by the ROAMER-A TROJAN! Source=Paul Collins Startup list [atitray] Number=1079 Confirmed=U Filename=atitray.exe Description=ATI Tray Tools - allows quick access to ATI graphics card settings Source=Paul Collins Startup list [AtiTrayTools] Number=1080 Confirmed=U Filename=atitray.exe Description=ATI Tray Tools - allows quick access to ATI graphics card settings Source=Paul Collins Startup list [atiupdate] Number=1081 Confirmed=X Filename=ATIUPDATE5.EXE Description=Added by the DEBESKI.A TROJAN! Source=Paul Collins Startup list [atiupdate] Number=1082 Confirmed=X Filename=msshed32.exe Description=Added by the DELF.EP downloader TROJAN! Source=Paul Collins Startup list [ATIUpdater] Number=1083 Confirmed=X Filename=atiupdxx.exe Description=Added by the RBOT-ABX WORM! Source=Paul Collins Startup list [Atiupdpl] Number=1084 Confirmed=X Filename=atiupdpl.exe Description=Added by the SMALL.AOS TROJAN! Source=Paul Collins Startup list [ativopen] Number=1085 Confirmed=X Filename=ativopen.exe Description=Premium rate adult content dialler Source=Paul Collins Startup list [ATIX10] Number=1086 Confirmed=Y Filename=atix10.exe Description=ATI Remote Wonder® - PC wireless remote control driver. Required if you use it Source=Paul Collins Startup list [ATKMEDIA] Number=1087 Confirmed=? Filename=DMEDIA.EXE Description=ATK Media utility for ASUS laptops - what does it do and is it required? Source=Paul Collins Startup list [Atl**.exe [* = random char]] Number=1088 Confirmed=X Filename=Atl**.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [Atl**32.exe [* = random char]] Number=1089 Confirmed=X Filename=Atl**32.exe [* = random char] Description=CoolWebSearch/HomeSearch adware - for examples, see this log Source=Paul Collins Startup list [ATM Control] Number=1090 Confirmed=X Filename=adpn.exe Description=Added by the MMS.A WORM! Source=Paul Collins Startup list [ATnotes] Number=1091 Confirmed=N Filename=atnotes.exe Description=Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs Source=Paul Collins Startup list [Atomic Time Synchronizer] Number=1092 Confirmed=U Filename=TimeSync.exe Description=TimeSync - lets you synchronize your computer's clock with any internet atomic clock Source=Paul Collins Startup list [Atomic-x27] Number=1093 Confirmed=X Filename=Atomic-x27.exe Description=Added by the KATOMIK-A WORM! Source=Paul Collins Startup list [Atomic-x27C] Number=1094 Confirmed=X Filename=AtomicpartC.exe Description=Added by the KATOMIK-A WORM! Source=Paul Collins Startup list [Atomic.exe] Number=1095 Confirmed=U Filename=Atomic.exe Description=Atomic Clock Sync - synchronizes your computer's time with the NIST time server Source=Paul Collins Startup list [Atomica] Number=1096 Confirmed=N Filename=atomica.exe Description=Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key Source=Paul Collins Startup list [AtomicTime] Number=1097 Confirmed=U Filename=ATOMICTIME.EXE Description=AtomicTime - utility that synchronizes your PC clock to an atomic clock Source=Paul Collins Startup list [Atrack] Number=1098 Confirmed=U Filename=atrack.exe Description=New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert Source=Paul Collins Startup list [Atray] Number=1099 Confirmed=U Filename=Atray.exe Description=Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons Source=Paul Collins Startup list [ATSpooler] Number=1100 Confirmed=U Filename=AppsTraka.exe Description=DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [ATTBroadbandUpdate] Number=1101 Confirmed=U Filename=SAUpdate.exe Description=Big Brother from Quest Software. System and network monitor Source=Paul Collins Startup list [ATTRedUpdate] Number=1102 Confirmed=U Filename=AutoUpdate.exe Description=Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates Source=Paul Collins Startup list [AttuneClientEngine] Number=1103 Confirmed=X Filename=attune_ce.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneContentUpdater] Number=1104 Confirmed=X Filename=attune_cu.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneDiscovery] Number=1105 Confirmed=X Filename=attune_di.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [Attunel] Number=1106 Confirmed=X Filename=Attunel.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AttuneSystray] Number=1107 Confirmed=X Filename=attune_st.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [aTuner] Number=1108 Confirmed=N Filename=atuner.exe Description=aTuner - tweak tool for GeForce based graphics cards Source=Paul Collins Startup list [atwtusb] Number=1109 Confirmed=Y Filename=atwtusb.exe Description=USB interface for Aiptek Graphics Tablet (USB) Source=Paul Collins Startup list [AtxBrw] Number=1110 Confirmed=X Filename=Iexplor.exe Description="Pop Marketing" adware Source=Paul Collins Startup list [au] Number=1111 Confirmed=U Filename=DealioAu.exe Description=Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products Source=Paul Collins Startup list [AU Agent] Number=1112 Confirmed=U Filename=AUagent.exe Description=Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon Source=Paul Collins Startup list [au.exe] Number=1113 Confirmed=X Filename=au.exe Description=Added by the BEAGLE.B WORM! Source=Paul Collins Startup list [AUCBPNP] Number=1114 Confirmed=Y Filename=aucbnpn.exe Description=Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot Source=Paul Collins Startup list [Aucompat] Number=1115 Confirmed=X Filename=Aucompat.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Audcntr] Number=1116 Confirmed=X Filename=audcntr.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [AudCtrl] Number=1117 Confirmed=? Filename=RunDll32 AudCtrl.dll, RCMonitor Description=Audio control panel? Source=Paul Collins Startup list [audi32] Number=1118 Confirmed=X Filename=audi32.exe Description=Added by the RANCK-FL TROJAN! Source=Paul Collins Startup list [AUDIO] Number=1119 Confirmed=X Filename=SOUND.exe Description=Added by the PLOYB-A TROJAN! Source=Paul Collins Startup list [Audio Device Manager] Number=1120 Confirmed=X Filename=winfp.exe Description=Added by the IRCBOT-XS WORM! Source=Paul Collins Startup list [Audio Device Manager] Number=1121 Confirmed=X Filename=WinNT.exe Description=Added by the IRCBOT.USP BACKDOOR! Source=Paul Collins Startup list [Audio Device Manager] Number=1122 Confirmed=X Filename=WNDXP.exe Description=Added by the IRCBOT.AJL BACKDOOR! Source=Paul Collins Startup list [Audio Device Manager] Number=1123 Confirmed=X Filename=sfhgj.exe Description=Added by the IRCBOT-ZA BACKDOOR! Source=Paul Collins Startup list [audiocfg.exe] Number=1124 Confirmed=X Filename=audiocfg.exe Description=Added by the VB.ATE WORM! Source=Paul Collins Startup list [Audiocntl] Number=1125 Confirmed=X Filename=audiocntl.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [AudioDeck] Number=1126 Confirmed=N Filename=ADeck.exe Description=ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items Source=Paul Collins Startup list [Audiodrv] Number=1127 Confirmed=X Filename=audiodrv.exe Description=Added by the CRYPTER-C TROJAN! Source=Paul Collins Startup list [AudioDrvEmulator] Number=1128 Confirmed=U Filename=DLLML.exe AudDrvEm.dll Description=Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [AudioHQ] Number=1129 Confirmed=N Filename=Ahqtb.exe Description=For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs Source=Paul Collins Startup list [AudioHQ] Number=1130 Confirmed=X Filename=audiohq.exe Description=Added by the BANKER-EHK TROJAN! Source=Paul Collins Startup list [AudioHQU] Number=1131 Confirmed=N Filename=AHQTBU.EXE Description=System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs Source=Paul Collins Startup list [audioinf] Number=1132 Confirmed=X Filename=audioinf.exe Description=Added by a variant of the CRYPTER.C TROJAN! Source=Paul Collins Startup list [AudioMan] Number=1133 Confirmed=X Filename=Explorer.sm1 Description=Added by the HUPIGON.IFZ BACKDOOR! Source=Paul Collins Startup list [audlmne32] Number=1134 Confirmed=X Filename=dcmsxe.exe Description=Added by the MAILBOT-CF TROJAN! Source=Paul Collins Startup list [Audoi Device Loader] Number=1135 Confirmed=X Filename=smssv.exe Description=Added by the AGOBOT-ZY WORM! Source=Paul Collins Startup list [auloadplx] Number=1136 Confirmed=X Filename=mplprogsm.exe Description=Added by the SLAPER.K TROJAN! Source=Paul Collins Startup list [AUNPS2] Number=1137 Confirmed=X Filename=RUNDLL32 AUNPS2.DLL, _Run@16 Description=AUNPS adware Source=Paul Collins Startup list [aupd] Number=1138 Confirmed=X Filename=symcsvc.exe Description=Added by the ABWIZ.D TROJAN! Source=Paul Collins Startup list [aupd] Number=1139 Confirmed=X Filename=sysvcs.exe Description=Added by the ABWIZ.C TROJAN! Source=Paul Collins Startup list [aupd] Number=1140 Confirmed=X Filename=sywsvcs.exe Description=Added by the ORSE-M TROJAN! Source=Paul Collins Startup list [Aureal A3D Interactive Audio] Number=1141 Confirmed=Y Filename=sa3dsrv.exe Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled Source=Paul Collins Startup list [Aureal A3D Interactive Audio Init] Number=1142 Confirmed=Y Filename=A3dInit.exe Description=For Aureal based 3D soundcards. A3D sound features won't work with this disabled Source=Paul Collins Startup list [Auslogics BoostSpeed 4] Number=1143 Confirmed=U Filename=boostspeed.exe Description=System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" Source=Paul Collins Startup list [ausvc] Number=1144 Confirmed=X Filename=ausvc.exe Description=Added by the AUTOUPDER TROJAN! Source=Paul Collins Startup list [Auth Starter Ident] Number=1145 Confirmed=X Filename=startauth.exe Description=Added by the RBOT-WP WORM! Source=Paul Collins Startup list [Authentic-ID Toolbar] Number=1146 Confirmed=Y Filename=wintmr.exe Description=System Tray access to Child Control parental control software by Salfield Source=Paul Collins Startup list [Authentic-ID Toolbar] Number=1147 Confirmed=Y Filename=rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon Description=Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example Source=Paul Collins Startup list [authz] Number=1148 Confirmed=X Filename=authz.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [auto] Number=1149 Confirmed=X Filename=win32.exe Description=Added by the SMALL!SD5 TROJAN! Source=Paul Collins Startup list [Auto CD-ROM Startup] Number=1150 Confirmed=X Filename=cdaccess.exe Description=Added by the SPYBOT.BLA WORM! Source=Paul Collins Startup list [Auto EPSON Stylus C45 Series on X] Number=1151 Confirmed=U Filename=E_S4I3T1.EXE Description=Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C48 Series on X] Number=1152 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C48 Series on X] Number=1153 Confirmed=U Filename=E_S4I091.EXE Description=Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C60 Series on X] Number=1154 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C62 Series on X] Number=1155 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C64 Series on X] Number=1156 Confirmed=U Filename=E_S4I2C1.EXE Description=Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C82 Series on X] Number=1157 Confirmed=U Filename=E_S0HIC1.EXE Description=Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C84 Series on X] Number=1158 Confirmed=U Filename=E_S4I2D1.EXE Description=Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus C87 Series on X] Number=1159 Confirmed=U Filename=E_FATIABL.EXE Description=Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3200 on X] Number=1160 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3600 Series on X] Number=1161 Confirmed=U Filename=E_FATI9BE.EXE Description=Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3700 Series on X] Number=1162 Confirmed=U Filename=E_FATIACP.EXE Description=Epson Status Monitor 3 for the Stylus CX3700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX3800 Series on X] Number=1163 Confirmed=U Filename=E_FATIACA.EXE Description=Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4200 Series on X] Number=1164 Confirmed=U Filename=E_FATIAEA.EXE Description=Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4500 Series on X] Number=1165 Confirmed=U Filename=E_FATI9AP.EXE Description=Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4600 Series on X] Number=1166 Confirmed=U Filename=E_FATI9AA.EXE Description=Epson Status Monitor 3 for the Stylus CX4600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX4800 Series on X] Number=1167 Confirmed=U Filename=E_FATIADA.EXE Description=Epson Status Monitor 3 for the Stylus CX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX5000 Series on X] Number=1168 Confirmed=U Filename=E_FATIBVA.EXE Description=Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX5400 on X] Number=1169 Confirmed=U Filename=E_S4I2G1.EXE Description=Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX5500 Series on X] Number=1170 Confirmed=U Filename=E_FATICAP.EXE Description=Epson Status Monitor 3 for the Stylus CX5500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6000 Series on X] Number=1171 Confirmed=U Filename=E_FATIBIA.EXE Description=Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6400 on X] Number=1172 Confirmed=U Filename=E_S4I2L1.EXE Description=Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6600 Series on X] Number=1173 Confirmed=U Filename=E_FATI9EE.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX6600 Series on X] Number=1174 Confirmed=U Filename=E_FATI9EA.EXE Description=Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX7400 Series on X] Number=1175 Confirmed=U Filename=E_FATICDA.EXE Description=Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX7800 Series on X] Number=1176 Confirmed=U Filename=E_FATIAFA.EXE Description=Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus CX9400Fax Series on X] Number=1177 Confirmed=U Filename=E_FATICFA.EXE Description=Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus D78 Series on X] Number=1178 Confirmed=U Filename=E_FATIBGE.EXE Description=Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus D88 Series on X] Number=1179 Confirmed=U Filename=E_FATIABE.EXE Description=Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX3800 Series on X] Number=1180 Confirmed=U Filename=E_FATIACE.EXE Description=Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX4800 Series on X] Number=1181 Confirmed=U Filename=E_FATIADE.EXE Description=Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus DX6000 Series on X] Number=1182 Confirmed=U Filename=E_FATIBIE.EXE Description=Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo 1400 Series on X] Number=1183 Confirmed=U Filename=E_FATIBUA.EXE Description=Epson Status Monitor 3 for the Stylus Photo 1400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo 820 Series on X] Number=1184 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R1800 on X] Number=1185 Confirmed=U Filename=E_FATI9LA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R200 Series on X] Number=1186 Confirmed=U Filename=E_S4I2H1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R200 Series on X] Number=1187 Confirmed=U Filename=E_S4I0H2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R220 Series on X] Number=1188 Confirmed=U Filename=E_FATIAIE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R2400 on X] Number=1189 Confirmed=U Filename=E_FATI9SA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R2400 on X] Number=1190 Confirmed=U Filename=E_FATI9SE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R260 Series on X] Number=1191 Confirmed=U Filename=E_FATIBNA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R280 Series on X] Number=1192 Confirmed=U Filename=E_FATICKA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R280 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R300 Series on X] Number=1193 Confirmed=U Filename=E_S4I2F1.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R300 Series on X] Number=1194 Confirmed=U Filename=E_S4I0F2.EXE Description=Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R320 Series on X] Number=1195 Confirmed=U Filename=E_FATI9FA.EXE Description=Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R340 Series on X] Number=1196 Confirmed=U Filename=E_FATIAJE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R340 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo R800 on X] Number=1197 Confirmed=U Filename=E_FATI9YE.EXE Description=Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX420 Series on X] Number=1198 Confirmed=U Filename=E_FATI9CE.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX500 on X] Number=1199 Confirmed=U Filename=E_S4I2K1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX600 on X] Number=1200 Confirmed=U Filename=E_S4I2M1.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX680 Series on X] Number=1201 Confirmed=U Filename=E_FATICJA.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX680 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Photo RX700 Series on X] Number=1202 Confirmed=U Filename=E_FATI9IA.EXE Description=Epson Status Monitor 3 for the Stylus Photo RX700 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto EPSON Stylus Pro 7600 on X] Number=1203 Confirmed=U Filename=E_S10IC2.EXE Description=Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc Source=Paul Collins Startup list [Auto File System Conversion Utility] Number=1204 Confirmed=X Filename=scricon.exe Description=Added by the SDBOT.EYB WORM! Source=Paul Collins Startup list [auto repair system] Number=1205 Confirmed=X Filename=qualityx.exe Description=Added by an unidentified WORM or TROJAN - probably a SPYBOT variant Source=Paul Collins Startup list [Auto Run Software for Photo Frame] Number=1206 Confirmed=U Filename=PhotoManager.exe Description=Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device Source=Paul Collins Startup list [Auto Switch] Number=1207 Confirmed=U Filename=TASKBAR.exe Description=Related to 2-port Bitronics AutoSwitch kit from Belkin Source=Paul Collins Startup list [Auto T Bar] Number=1208 Confirmed=N Filename=autotbar.exe Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled Source=Paul Collins Startup list [Auto Updat] Number=1209 Confirmed=X Filename=WindowsSys32.exe Description=Added by a variant of the FORBOT WORM! Source=Paul Collins Startup list [Auto updat] Number=1210 Confirmed=X Filename=crcss.exe Description=Added by the SDBOT.AAG WORM! Source=Paul Collins Startup list [Auto Update] Number=1211 Confirmed=X Filename=AUP.exe Description=Added by an unididentified WORM or TROJAN! Source=Paul Collins Startup list [Auto Update] Number=1212 Confirmed=X Filename=dma.exe Description=Added by the RBOT-AVO WORM! Source=Paul Collins Startup list [Auto Update] Number=1213 Confirmed=X Filename=svchost.exe Description=Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Auto Updates] Number=1214 Confirmed=X Filename=svchost.exe Description=Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder Source=Paul Collins Startup list [Auto WinUpdate] Number=1215 Confirmed=X Filename=taskmrg.exe Description=Added by the RBOT-AFA WORM! Source=Paul Collins Startup list [AutoAdministrator] Number=1216 Confirmed=X Filename=SERVICES.EXE Description=Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [Autobar] Number=1217 Confirmed=U Filename=autobar.exe Description=Connect buttons on the keyboard for internet direct access, etc. on HP computers Source=Paul Collins Startup list [AutoCAD] Number=1218 Confirmed=N Filename=acstart17.exe Description=Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings Source=Paul Collins Startup list [AutoCAD Startup Accelerator] Number=1219 Confirmed=N Filename=acstart16.exe Description=Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings Source=Paul Collins Startup list [AutoCAD Startup Accelerator] Number=1220 Confirmed=N Filename=acstart17.exe Description=Preloads part of AutoCAD into disk cache at startup to speed up the launch of the main program when needed. Not required as most AutoCAD users tend to either open the program once and leave it open or open it occasionally to check drawings Source=Paul Collins Startup list [autoclk] Number=1221 Confirmed=U Filename=autoclk.exe Description=Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking" Source=Paul Collins Startup list [AutoDiscovery/AutoPurge (ADAP) Service] Number=1222 Confirmed=X Filename=wmiadapi.exe Description=Added by the RBOT.FLT WORM! Source=Paul Collins Startup list [AutoEA] Number=1223 Confirmed=N Filename=Ahqrun.exe Description=For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ Source=Paul Collins Startup list [AUTOEXE] Number=1224 Confirmed=X Filename=AUTOEXE.exe Description=Added by the SEMAPI-A WORM! Source=Paul Collins Startup list [autoload] Number=1225 Confirmed=X Filename=cftmon.exe Description=Added by the SOCKS-E WORM! Source=Paul Collins Startup list [autoload] Number=1226 Confirmed=X Filename=spooll.exe Description=Added by the SILLYFDC WORM! Source=Paul Collins Startup list [autoload] Number=1227 Confirmed=X Filename=windowsupdate.exe Description=Added by the POLYCRYP.DY TROJAN! Source=Paul Collins Startup list [autoload] Number=1228 Confirmed=X Filename=spool.exe Description=Added by the AGENT-GSG TROJAN! Source=Paul Collins Startup list [Autoloaderaproposclient] Number=1229 Confirmed=X Filename=Apropos_Client_Loader.exe Description=AproposMedia adware Source=Paul Collins Startup list [Autoloaderaproposclient] Number=1230 Confirmed=X Filename=cxtpls_loader.exe Description=AproposMedia adware Source=Paul Collins Startup list [AutoLoaderEnvoloAutoUpdater] Number=1231 Confirmed=X Filename=auto_update_loader.exe Description=Envolo/AproposMedia adware updater Source=Paul Collins Startup list [AutoMate Task Service ] Number=1232 Confirmed=N Filename=automate.exe Description=Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs Source=Paul Collins Startup list [AutoMate5] Number=1233 Confirmed=U Filename=Am5HkWnd.exe Description="Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity" Source=Paul Collins Startup list [AutoMate6] Number=1234 Confirmed=U Filename=AMEM.exe Description=AutoMate 6 for automating repetitive tasks Source=Paul Collins Startup list [Automated Windows Updates] Number=1235 Confirmed=X Filename=wauclt.exe Description=Added by the GAOBOT.AJD WORM! Source=Paul Collins Startup list [Automatic Defrag Manager] Number=1236 Confirmed=X Filename=defrag.exe Description=Added by the RBOT-AKE WORM! Source=Paul Collins Startup list [Automatic Media Update] Number=1237 Confirmed=X Filename=CACHE.RVD Description=Added by an unidentified WORM/TROJAN! Source=Paul Collins Startup list [Automatic Media Update] Number=1238 Confirmed=X Filename=HPLNT32.RVD Description=Added by an unidentified WORM/TROJAN! Source=Paul Collins Startup list [Automatic Microsoft Windows Updater] Number=1239 Confirmed=X Filename=suchost.exe Description=Added by the RBOT-EQ WORM! Source=Paul Collins Startup list [Automatic Updates] Number=1240 Confirmed=X Filename=algs.exe Description=Added by the IRCBOT-AAM TROJAN! Source=Paul Collins Startup list [Automatic Windows Updater] Number=1241 Confirmed=X Filename=Update.exe Description=Added by the GAOBOT.AO WORM! Source=Paul Collins Startup list [Automatically launches the United Devices Agent when you start your computer] Number=1242 Confirmed=N Filename=UD.EXE Description=The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs Source=Paul Collins Startup list [Autopdate] Number=1243 Confirmed=X Filename=Autopdate.exe Description=Added by the RBOT-AGL WORM! Source=Paul Collins Startup list [AUTOPROP] Number=1244 Confirmed=N Filename=REGPROP.EXE WMPADDIN.DLL Description=Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension Source=Paul Collins Startup list [AUTOPROTECTU] Number=1245 Confirmed=X Filename=navapq32.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [autorepair] Number=1246 Confirmed=X Filename=dexs.exe Description=Added by a variant of the SDBOT WORM! Source=Paul Collins Startup list [Autoroute SMTP] Number=1247 Confirmed=U Filename=AutoSmtp.exe Description=Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers Source=Paul Collins Startup list [autorun] Number=1248 Confirmed=X Filename=autorun.exe Description=Added by the AUTOM-B WORM! Source=Paul Collins Startup list [autorun] Number=1249 Confirmed=X Filename=sxs.exe Description=Added by the SMALLVBS-A WORM! Source=Paul Collins Startup list [autorun] Number=1250 Confirmed=X Filename=winmain.exe Description=Added by a variant of the DELF.CNS TROJAN! Source=Paul Collins Startup list [AutoRun] Number=1251 Confirmed=X Filename=allrs.exe Description=Added by the MUDROP.LJ TROJAN! Source=Paul Collins Startup list [autorundemo] Number=1252 Confirmed=X Filename=[path to trojan] Description=Added by the AGENT-FPX TROJAN! Source=Paul Collins Startup list [AUTORUN_VAL] Number=1253 Confirmed=X Filename=AntiSpyCheck 2.1.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AUTORUN_VAL] Number=1254 Confirmed=X Filename=asc 2.1.exe Description=AntiSpyCheck rogue spyware remover - not recommended, removal instructions here Source=Paul Collins Startup list [AutoShutdown] Number=1255 Confirmed=? Filename=pssvc.exe Description=Utility to fix vCard Export in MS Outlook 2000 - although why are these together? Source=Paul Collins Startup list [AutoSizer] Number=1256 Confirmed=U Filename=AUTOSIZER.EXE Description=AutoSizer - utility that automatically maximizes windows when they're opened Source=Paul Collins Startup list [AutoSpell] Number=1257 Confirmed=N Filename=autospel.exe Description=AutoSpell - spell checker (version 6.*) Source=Paul Collins Startup list [AutoSpell 5] Number=1258 Confirmed=N Filename=ASWATC32.EXE Description=AutoSpell - spell checker Source=Paul Collins Startup list [AutoSys] Number=1259 Confirmed=U Filename=autosys.exe Description=Winguardian surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [autotbar] Number=1260 Confirmed=N Filename=autotbar.exe Description=If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled Source=Paul Collins Startup list [AutoTKit] Number=1261 Confirmed=N Filename=AUTOTKIT.EXE Description=On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled Source=Paul Collins Startup list [autoupd] Number=1262 Confirmed=N Filename=autoupd.exe Description=Raxco Software Auto Update utility."Used to keep your software up-to-date" Source=Paul Collins Startup list [autoupd] Number=1263 Confirmed=X Filename=autoupd.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name Source=Paul Collins Startup list [autoupdate] Number=1264 Confirmed=X Filename=rundll32 DATADX.DLL,SHStart Description=Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System% Source=Paul Collins Startup list [autoupdate] Number=1265 Confirmed=X Filename=rundll32 SUPDATE.DLL,SHStart Description=Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System% Source=Paul Collins Startup list [AutoUpdate] Number=1266 Confirmed=X Filename=smss.exe Description=Added by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder Source=Paul Collins Startup list [Autoupdate Service] Number=1267 Confirmed=X Filename=kaka.exe Description=Added by the SYMPE-B TROJAN! Source=Paul Collins Startup list [AutoUpdater] Number=1268 Confirmed=X Filename=aupdate.exe Description=Tinybar variant Source=Paul Collins Startup list [AutoUpdater] Number=1269 Confirmed=X Filename=AutoUpdate.exe Description=PeopleonPage foistware Source=Paul Collins Startup list [autoupdatev2] Number=1270 Confirmed=X Filename=[path to file] Description=Added by the DROPPER-BM TROJAN! Source=Paul Collins Startup list [autoupdatev2] Number=1271 Confirmed=X Filename=autoupdatev2.exe Description=Detected by Kaspersky as the AGENT.FQ TROJAN! Source=Paul Collins Startup list [AutoVirusProtection] Number=1272 Confirmed=X Filename=ciscv.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [auto__antiav__key] Number=1273 Confirmed=X Filename=antiav_exe.exe Description=Added by the BAGLEDI-AA TROJAN! Source=Paul Collins Startup list [auto__hloader__key] Number=1274 Confirmed=X Filename=hloader_exe.exe Description=Added by the BAGLE.AB TROJAN! Source=Paul Collins Startup list [aux.exe] Number=1275 Confirmed=X Filename=aux.exe Description=Added by the ZINS TROJAN! Source=Paul Collins Startup list [auxAudioDevice] Number=1276 Confirmed=X Filename=aux32.exe Description=Added by the AIZU WORM! Source=Paul Collins Startup list [AUXXTRAY] Number=1277 Confirmed=N Filename=au30setp.exe Description=System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel Source=Paul Collins Startup list [AV] Number=1278 Confirmed=X Filename=UPDATE-28062004.exe[25 blank spaces].vbs Description=Added by the MIDFIN WORM! Source=Paul Collins Startup list [av] Number=1279 Confirmed=X Filename=expressav.exe Description=Express Antivirus 2009 rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AV Client] Number=1280 Confirmed=X Filename=patch31345.exe Description=Added by the MYDOOM.AD WORM! Source=Paul Collins Startup list [AV Industry] Number=1281 Confirmed=X Filename=patch31345.exe Description=Added by the MYDOOM.AD WORM! Source=Paul Collins Startup list [AV UpDate] Number=1282 Confirmed=X Filename=Update.exe Description=Added by the FUROOT-A TROJAN! Source=Paul Collins Startup list [AvaFind] Number=1283 Confirmed=N Filename=AvaFind.exe Description=AvaFind file search utility Source=Paul Collins Startup list [AVantivirus] Number=1284 Confirmed=X Filename=Avconsol.exe Description=Added by the MSNVB-D WORM! Source=Paul Collins Startup list [avast] Number=1285 Confirmed=X Filename=troyan.exe Description=Added by the SMALL.CZ TROJAN! Source=Paul Collins Startup list [Avast!] Number=1286 Confirmed=Y Filename=ashserv.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [avast!] Number=1287 Confirmed=Y Filename=ashDisp.exe Description=System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications Source=Paul Collins Startup list [avast! Antivirus] Number=1288 Confirmed=Y Filename=ashDisp.exe Description=System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner, right-click access to other options and event notifications Source=Paul Collins Startup list [avast! Web Scanner] Number=1289 Confirmed=Y Filename=Ashwebsv.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [Avast32] Number=1290 Confirmed=Y Filename=Astart32.exe Description=Part of Avast! anti-virus software Source=Paul Collins Startup list [avc] Number=1291 Confirmed=X Filename=avmon.exe Description=Added by an unidentified TROJAN! Source=Paul Collins Startup list [AvconsoleEXE] Number=1292 Confirmed=U Filename=Avconsol.exe Description=From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it Source=Paul Collins Startup list [Avengine] Number=1293 Confirmed=X Filename=Avengine.com Description=Added by the DELF.LJ TROJAN! Source=Paul Collins Startup list [AveoAttune] Number=1294 Confirmed=X Filename=atmdlusr.exe Description=Aveo Attune automated helpdesk software - adware/spyware Source=Paul Collins Startup list [AVFX Engine] Number=1295 Confirmed=U Filename=StartFX.exe Description=Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX" Source=Paul Collins Startup list [AvG] Number=1296 Confirmed=X Filename=svchost323.exe Description=Added by the RBOT-ZA WORM! Source=Paul Collins Startup list [AVG Anti-Virus system] Number=1297 Confirmed=Y Filename=avgcc.exe Description=AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates Source=Paul Collins Startup list [Avg Antivirus] Number=1298 Confirmed=X Filename=icpldrvx.exe Description=Added by the BANKER.BYU TROJAN! Source=Paul Collins Startup list [AVG AntiVirus Updater] Number=1299 Confirmed=X Filename=avgwusv.exe Description=Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry Source=Paul Collins Startup list [AVG Grisoft Updater] Number=1300 Confirmed=X Filename=updater.exe Description=Added by the AGOBOT-OT WORM! Source=Paul Collins Startup list [AVG7_AMSVR] Number=1301 Confirmed=Y Filename=Avgamsvr.exe Description=AVG antivirus related Source=Paul Collins Startup list [AVG7_CC] Number=1302 Confirmed=Y Filename=avgcc.exe Description=AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates Source=Paul Collins Startup list [AVG7_EMC] Number=1303 Confirmed=Y Filename=AVGEMC.exe Description=AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses Source=Paul Collins Startup list [AVG7_Run] Number=1304 Confirmed=Y Filename=avgw.exe Description=AVG Anti-Virus 7.0 related Source=Paul Collins Startup list [AVG8_TRAY] Number=1305 Confirmed=U Filename=avgtray.exe Description=System Tray access to AVG internet security software Source=Paul Collins Startup list [avgamsvr.exe] Number=1306 Confirmed=Y Filename=Avgamsvr.exe Description=AVG antivirus related Source=Paul Collins Startup list [avgcc32] Number=1307 Confirmed=Y Filename=avgcc32.exe Description=AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates Source=Paul Collins Startup list [AVGCtrl] Number=1308 Confirmed=Y Filename=AVGCtrl.exe Description=Part of AntiVir® PersonalEdition Classic antivirus Source=Paul Collins Startup list [avgfwsrv] Number=1309 Confirmed=Y Filename=AVGFWSRV.EXE Description=Firewall part of the AVG Plus Firewall Edition Source=Paul Collins Startup list [avgmsvr.exe] Number=1310 Confirmed=Y Filename=avgmsvr.exe Description=AVG Anti-Virus 7.0 related Source=Paul Collins Startup list [AVGnt] Number=1311 Confirmed=Y Filename=AVGnt.exe Description=AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program Source=Paul Collins Startup list [Avgserv9.exe] Number=1312 Confirmed=Y Filename=Avgserv9.exe Description=AVG antivirus background monitoring Source=Paul Collins Startup list [AVGuard] Number=1313 Confirmed=Y Filename=AVGuard.exe Description=AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently Source=Paul Collins Startup list [AVG_CC] Number=1314 Confirmed=Y Filename=avgcc32.exe Description=AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates Source=Paul Collins Startup list [AVG_EMC] Number=1315 Confirmed=Y Filename=AVGEMC.exe Description=AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses Source=Paul Collins Startup list [AVG_RegCleaner] Number=1316 Confirmed=Y Filename=AVGREGCL.exe Description=AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems Source=Paul Collins Startup list [avidrv] Number=1317 Confirmed=X Filename=drvsc.exe Description=Detected by Kaspersky as the AGENT.PH TROJAN! Source=Paul Collins Startup list [Avimgt] Number=1318 Confirmed=X Filename=Avimgt.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [Avimgt32] Number=1319 Confirmed=X Filename=Avimgt32.exe Description=Added by the GEMA TROJAN! Source=Paul Collins Startup list [avinit] Number=1320 Confirmed=Y Filename=AVINIT9X.EXE Description=Command Antivirus related Source=Paul Collins Startup list [Avira Anti-Virus Pro 2008] Number=1321 Confirmed=X Filename=explorear.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [AvirTr] Number=1322 Confirmed=X Filename=AvirTr.exe Description=AntivirusTrigger rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [AVK Mail Checker] Number=1323 Confirmed=Y Filename=AVKPop.exe Description=eXtendia AVK AntiVirus email checker Source=Paul Collins Startup list [AVKBar] Number=1324 Confirmed=Y Filename=AVKBar.exe Description=GData AntiVirusKit Anti-virus Source=Paul Collins Startup list [AVKTray] Number=1325 Confirmed=U Filename=AVKTray.exe Description=System Tray access to AntiVirenKit InternetSecurity from G DATA Software AG Source=Paul Collins Startup list [AvMaiSrv] Number=1326 Confirmed=Y Filename=Avmaisrv.exe Description=Part of Avast! anti-virus software - E-mail scanner Source=Paul Collins Startup list [AVManager] Number=1327 Confirmed=X Filename=csrss.exe Description=Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder Source=Paul Collins Startup list [AvMenu] Number=1328 Confirmed=? Filename=AVMenu.exe Description=Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required? Source=Paul Collins Startup list [AVMWlanClient] Number=1329 Confirmed=Y Filename=wlangui.exe Description=Related to broadband products from avm.de Source=Paul Collins Startup list [avnort] Number=1330 Confirmed=X Filename=formatsys.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avnort] Number=1331 Confirmed=X Filename=msmbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avnort] Number=1332 Confirmed=X Filename=serbw.exe Description=Added by the SERFLOG.A WORM! Source=Paul Collins Startup list [avp] Number=1333 Confirmed=Y Filename=avp.exe Description=Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory Source=Paul Collins Startup list [AVP] Number=1334 Confirmed=X Filename=[path to trojan] Description=Added by the MUTBO-A TROJAN! Source=Paul Collins Startup list [avp] Number=1335 Confirmed=X Filename=avp.exe Description=Detected by Kaspersky as the ALPHABET.B TROJAN! Source=Paul Collins Startup list [avp] Number=1336 Confirmed=X Filename=win*.tmp.exe [* is a number] Description=Added by a variant of the ALPHABET TROJAN! Source=Paul Collins Startup list [avp] Number=1337 Confirmed=X Filename=xar6000v7.exe Description=Detected by Kaspersky as the ALPHABET.B TROJAN! Source=Paul Collins Startup list [AVP-SE] Number=1338 Confirmed=X Filename=avp-32.exe Description=Added by the AGOBOT.FS WORM! Source=Paul Collins Startup list [avpa] Number=1339 Confirmed=X Filename=avpo.exe Description=Added by the LEGMIR-ARK TROJAN! Source=Paul Collins Startup list [avpcc] Number=1340 Confirmed=Y Filename=avpcc.exe Description=Kaspersky Labs anti-virus Source=Paul Collins Startup list [avpl] Number=1341 Confirmed=X Filename=Antivirus.exe Description=AntiVirus Plasma rogue security software - not recommended, removal instructions here Source=Paul Collins Startup list [avpm] Number=1342 Confirmed=Y Filename=avpm.exe Description=Kaspersky anti-virus Source=Paul Collins Startup list [AvpM] Number=1343 Confirmed=X Filename=AvpM.exe Description=Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWS\pchealth\UploadLB\Config directory Source=Paul Collins Startup list [avpms] Number=1344 Confirmed=X Filename=avpms.exe Description=Added by the ONLINEGAMES.CPV TROJAN! Source=Paul Collins Startup list [Avpr] Number=1345 Confirmed=X Filename=avpr.exe Description=Added by the MYDOOM.AF WORM! Source=Paul Collins Startup list [AVPSrv] Number=1346 Confirmed=X Filename=AVPSrv.exe Description=Added by the ONLINE-GEN TROJAN! Source=Paul Collins Startup list [avptask] Number=1347 Confirmed=X Filename=[path to trojan] Description=Added by the NOFERE-G TROJAN! Source=Paul Collins Startup list [avptask] Number=1348 Confirmed=X Filename=expl0rer.exe Description=Added by the AGENT.JJO TROJAN! Source=Paul Collins Startup list [Avptask] Number=1349 Confirmed=X Filename=rund1132.exe Description=Added by the AGENT.PKZ TROJAN! Source=Paul Collins Startup list [AvpWx] Number=1350 Confirmed=X Filename=WErcx.exe Description=Detected by Kaspersky as a variant of the AGENT.A TROJAN! Source=Paul Collins Startup list [Avril Lavigne - Muse] Number=1351 Confirmed=X Filename=[random filename] Description=Added by the AVRIL-A WORM! Source=Paul Collins Startup list [avrlabs] Number=1352 Confirmed=X Filename=avrlabs.exe Description=VirusResponse Lab 2009 rogue security software - not recommended Source=Paul Collins Startup list [AVSCHED32] Number=1353 Confirmed=Y Filename=AVSched32.exe Description=AntiVir® PersonalEdition Classic - antivirus Source=Paul Collins Startup list [AVSchedScan] Number=1354 Confirmed=Y Filename=SCHSC9X.EXE Description=Command Antivirus related Source=Paul Collins Startup list [AVSeguro] Number=1355 Confirmed=X Filename=pgs.exe Description=AVSeguro, Spanish rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [AvSer] Number=1356 Confirmed=X Filename=dsm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1357 Confirmed=X Filename=msmpatch.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1358 Confirmed=X Filename=svosm.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [AvSer] Number=1359 Confirmed=X Filename=sysup.exe Description=Added by the SERFLOG.B WORM! Source=Paul Collins Startup list [avserve.exe] Number=1360 Confirmed=X Filename=avserve.exe Description=Added by the SASSER WORM! Source=Paul Collins Startup list [avserve2.exe] Number=1361 Confirmed=X Filename=avserve2.exe Description=Added by the SASSER.B or SASSER.C WORMS! Source=Paul Collins Startup list [avserve3.exe] Number=1362 Confirmed=X Filename=avserve3.exe Description=Added by the SASSER.G WORM! Source=Paul Collins Startup list [AVStation premium] Number=1363 Confirmed=U Filename=AVStation agent.exe Description=Related to Samsung AV Station - instant playback of music, photos, videos Source=Paul Collins Startup list [AVSystemCare] Number=1364 Confirmed=X Filename=pgs.exe Description=AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here Source=Paul Collins Startup list [avtapi] Number=1365 Confirmed=X Filename=avtapi.exe Description=Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark" Source=Paul Collins Startup list [Avtray] Number=1366 Confirmed=N Filename=Avtray.exe Description=Command Antivirus tray icon Source=Paul Collins Startup list [AVupdate32 Update] Number=1367 Confirmed=X Filename=AVupdate32.exe Description=Added by the RBOT.CNI TROJAN! Source=Paul Collins Startup list [AVWLPSTA] Number=1368 Confirmed=? Filename=AVWLPSTA.exe Description=PRISM Status Tray Applet - but what is it for and is it required? Source=Paul Collins Startup list [AVWUpd32] Number=1369 Confirmed=Y Filename=AVWUPD32.EXE Description=AntiVir® PersonalEdition Classic - updater Source=Paul Collins Startup list [avx communicator] Number=1370 Confirmed=Y Filename=xcommsur.exe Description=Anti-virus part of BitDefender virus scanner/firewall Source=Paul Collins Startup list [Avxlive] Number=1371 Confirmed=Y Filename=avxlive.exe Description=Bullguard or BitDefender antivirus Source=Paul Collins Startup list [avxlni] Number=1372 Confirmed=Y Filename=avxinit.exe Description=Anti-virus part of BitDefender virus scanner/firewall Source=Paul Collins Startup list [Avxnews] Number=1373 Confirmed=? Filename=?? Description=?? Source=Paul Collins Startup list [Awatch] Number=1374 Confirmed=U Filename=Awatch.exe Description=Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products Source=Paul Collins Startup list [AwaySch] Number=1375 Confirmed=U Filename=AwaySch.EXE Description=Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance" Source=Paul Collins Startup list [AWC] Number=1376 Confirmed=U Filename=AWC.exe Description=Advanced SystemCare from IObit - "helps protect, optimize, clean, and repair your computer and Registry." The PRO version adds automation, anti-spyware, privacy protection and performance tune-ups Source=Paul Collins Startup list [awhost32] Number=1377 Confirmed=N Filename=awhost32.exe Description=Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended Source=Paul Collins Startup list [AWMON] Number=1378 Confirmed=U Filename=Ad-Watch.exe Description=Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Source=Paul Collins Startup list [AWMON] Number=1379 Confirmed=U Filename=Ad-Monitor.exe Description=F-Secure Anti-Spyware Source=Paul Collins Startup list [awplite] Number=1380 Confirmed=U Filename=awplite.exe Description=AllWallpapers Lite desktop wallpaper changer Source=Paul Collins Startup list [AWUSGSTA] Number=1381 Confirmed=? Filename=AWUSGSTA.exe Description=Reportedly related to a USB Wifi Adapter - is it required at startup? Source=Paul Collins Startup list [awxDTools] Number=1382 Confirmed=U Filename=awxDTools.dll, awxRegisterDll Description=AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) Source=Paul Collins Startup list [AxFilter] Number=1383 Confirmed=? Filename=Rundll32 AXFILTER.DLL, Rundll32 Description=?? Source=Paul Collins Startup list [AXIS Print System DriverScanner] Number=1384 Confirmed=U Filename=DriverScanner.exe Description=Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued Source=Paul Collins Startup list [AXIS Print System DriverServer] Number=1385 Confirmed=U Filename=DriverServer.exe Description=Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued Source=Paul Collins Startup list [AXIS Print System TrayIcon] Number=1386 Confirmed=U Filename=TrayIcon.exe Description=System Tray access to AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued Source=Paul Collins Startup list [AXPFixer] Number=1387 Confirmed=X Filename=AXPFixer.exe Description=AdvancedXPFixer rogue security software - not recommended, see here Source=Paul Collins Startup list [AXVenore] Number=1388 Confirmed=X Filename=AXVenore.exe Description=Added by an unidentified TROJAN - see here Source=Paul Collins Startup list [AzMixerSel] Number=1389 Confirmed=U Filename=AzMixerSel.exe Description=Related to Realtek_Azalia Mixer Selector Source=Paul Collins Startup list [azmodem] Number=1390 Confirmed=Y Filename=azexe.exe Description=Aztech Labs modem driver Source=Paul Collins Startup list [a_vpd] Number=1391 Confirmed=? Filename=vpd.exe Description=Located in the IBMTOOLS\VPD sub-directory. What does it do and is it required? Source=Paul Collins Startup list [B'sCLiP] Number=1392 Confirmed=N Filename=BSCLIP.exe Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required Source=Paul Collins Startup list [b.exe] Number=1393 Confirmed=X Filename=b.exe Description=Added by the SDBOT.BND WORM! Source=Paul Collins Startup list [B.Reader] Number=1394 Confirmed=N Filename=remin.exe Description=Birthday Reminder 5.0 - as the name implies Source=Paul Collins Startup list [b3d] Number=1395 Confirmed=X Filename=BDEsecureinstall.exe Description=B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents Source=Paul Collins Startup list [b3dUpdate] Number=1396 Confirmed=X Filename=Zupdate.exe Description=Associated with B3d Projector foistware - see here Source=Paul Collins Startup list [b9] Number=1397 Confirmed=U Filename=B9.exe Description=FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run" Source=Paul Collins Startup list [b99] Number=1398 Confirmed=X Filename=msmm.exe Description=ClientMan parasite variant Source=Paul Collins Startup list [bab] Number=1399 Confirmed=X Filename=svchst32.exe Description=Added by the AGENT.Q TROJAN! Source=Paul Collins Startup list [babeie] Number=1400 Confirmed=X Filename=rundll32 cnbabe.dll, dllstartup Description=CommonName Toolbar spyware. To uninstall see here Source=Paul Collins Startup list [Babylon Client] Number=1401 Confirmed=N Filename=Babylon.exe Description=Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" Source=Paul Collins Startup list [Babylon Translator] Number=1402 Confirmed=N Filename=Babylon.exe Description="Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" Source=Paul Collins Startup list [Back Updates] Number=1403 Confirmed=X Filename=Uninstall.log.vbs Description=Added by the YPSAN.D WORM! Source=Paul Collins Startup list [Back2zip] Number=1404 Confirmed=U Filename=Back2zip.exe Description=Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up Source=Paul Collins Startup list [Backdoor.NuAgent] Number=1405 Confirmed=X Filename=agent.exe Description=Added by the AGENT-DP TROJAN! Source=Paul Collins Startup list [Background Intelligent Transfer Service] Number=1406 Confirmed=X Filename=rundll32.exe Description=Added by the VB-ZD TROJAN! Note - this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate rundll32.exe file! Source=Paul Collins Startup list [BackgroundSwitcher] Number=1407 Confirmed=U Filename=bgswitch.exe Description=Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change Source=Paul Collins Startup list [BackgroundSwitcher] Number=1408 Confirmed=U Filename=BackgroundSwitcher.exe Description=John's Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting Source=Paul Collins Startup list [Backpack UDF] Number=1409 Confirmed=N Filename=bpudfmon.exe Description=Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk Source=Paul Collins Startup list [backup] Number=1410 Confirmed=X Filename=[path to worm] Description=Added by the AGOBOT-H WORM! Source=Paul Collins Startup list [Backup Service] Number=1411 Confirmed=X Filename=backup.svc Description=Unidentified adware Source=Paul Collins Startup list [Backup4all OTB Agent] Number=1412 Confirmed=U Filename=B4AOTB.exe Description="Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space" Source=Paul Collins Startup list [BackupExecScheduler] Number=1413 Confirmed=U Filename=besch.exe Description=Veritas "Back Up My PC" software Source=Paul Collins Startup list [BackupNotify] Number=1414 Confirmed=? Filename=backupnotify.exe Description=HP Digital Imaging related. What does it do and is it required? Source=Paul Collins Startup list [BackWeb] Number=1415 Confirmed=N Filename=backweb.exe Description=Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs Source=Paul Collins Startup list [Backwork] Number=1416 Confirmed=N Filename=Backwork.exe Description=Backwork trojan detector Source=Paul Collins Startup list [BACPI10] Number=1417 Confirmed=U Filename=bacpi10a.exe Description=Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray Source=Paul Collins Startup list [BacsTray] Number=1418 Confirmed=N Filename=BacsTray.exe Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems Source=Paul Collins Startup list [BADDATE] Number=1419 Confirmed=X Filename=BADDATE.EXE Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [Badx] Number=1420 Confirmed=X Filename=HELLRAIDER.EXE Description=Added by the MINDCTRL.A BACKDOOR! Source=Paul Collins Startup list [BagleAV] Number=1421 Confirmed=X Filename=csrss.exe Description=Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir% Source=Paul Collins Startup list [Bakra] Number=1422 Confirmed=X Filename=IEHost.EXE Description=Added by the MULTIDR-AH TROJAN! Source=Paul Collins Startup list [bal] Number=1423 Confirmed=X Filename=SYSMONMS.EXE Description=Added by the FAKEALERT TROJAN! Source=Paul Collins Startup list [Band-Aid] Number=1424 Confirmed=X Filename=[path to file] Description=Added by the RANKY.O TROJAN! Source=Paul Collins Startup list [bandmon] Number=1425 Confirmed=U Filename=bandmon.exe Description=Rokario Bandwidth Monitor Source=Paul Collins Startup list [Bandook] Number=1426 Confirmed=X Filename=ali.exe Description=Added by the EXEMAS-B TROJAN! Source=Paul Collins Startup list [Bandwidth Meter Pro] Number=1427 Confirmed=N Filename=BandwidthMeterPro.exe Description=System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" Source=Paul Collins Startup list [Bandwidth Monitor Pro] Number=1428 Confirmed=U Filename=Bandwidth Monitor Pro.exe Description=Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP Source=Paul Collins Startup list [BandwidthMeterPro] Number=1429 Confirmed=N Filename=BandwidthMeterPro.exe Description=System Tray access to Bandwidth Meter Pro - "an easy-to-use network software for bandwidth usage monitoring and reporting. It monitors traffic of all network connections on your computer and displays graphical and numerical download and upload speeds in real-time" Source=Paul Collins Startup list [Banpopup by Pratik] Number=1430 Confirmed=U Filename=Banpopup.exe Description=Banpopup - popup killer Source=Paul Collins Startup list [bantool] Number=1431 Confirmed=X Filename=ie_ban.exe Description=Detected as the VB.PO TROJAN! Source=Paul Collins Startup list [Bar Ding lolt] Number=1432 Confirmed=X Filename=Analiz.exe Description=Added by the RBOT-RP WORM! Source=Paul Collins Startup list [bargains] Number=1433 Confirmed=X Filename=bargains.exe Description=BargainBuddy adware Source=Paul Collins Startup list [bargains] Number=1434 Confirmed=X Filename=bargainbuddy.exe Description=BargainBuddy adware Source=Paul Collins Startup list [BaRloNdDiLhep] Number=1435 Confirmed=X Filename=services.exe Description=Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ï¿½ subfolder Source=Paul Collins Startup list [Bart Station] Number=1436 Confirmed=? Filename=station.sbrt Description=Related to PeoplePC ISP. May be a dialler for dial-up accounts? Source=Paul Collins Startup list [Bart Station] Number=1437 Confirmed=U Filename=PPCOLink.exe Description=Dialer for PeoplePC ISP Source=Paul Collins Startup list [BarTheme] Number=1438 Confirmed=X Filename=bartent32.exe Description=Added by the AGOBOT-UG WORM! Source=Paul Collins Startup list [bascstray] Number=1439 Confirmed=N Filename=BascsTray.exe Description=Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems Source=Paul Collins Startup list [Bat] Number=1440 Confirmed=X Filename=secure2.bat Description=Added by the ZCREW.C TROJAN! Source=Paul Collins Startup list [Batchreg1] Number=1441 Confirmed=N Filename=N/A Description=Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here Source=Paul Collins Startup list [BatInfEx] Number=1442 Confirmed=U Filename=rundll32.exe Description=Displays battery status information on an IBM Thinkpad Source=Paul Collins Startup list [BatInfEx] Number=1443 Confirmed=U Filename=rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard Source=Paul Collins Startup list [BatLogEx] Number=1444 Confirmed=U Filename=rundll32.exe [path] BatLogEx.DLL,StartBattLog Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc Source=Paul Collins Startup list [BatSrv] Number=1445 Confirmed=X Filename=batserv2.exe Description=Detected by Kaspersky as the LOCKSY.M WORM! Source=Paul Collins Startup list [Battery Scope] Number=1446 Confirmed=U Filename=batmgr.exe Description=Monitors battery levels on a notebook/laptop PC Source=Paul Collins Startup list [BatteryBar] Number=1447 Confirmed=U Filename=batterybar.exe Description=BatteryBar - displays battery usage, and the current percentage of battery power left Source=Paul Collins Startup list [batterymiser] Number=1448 Confirmed=Y Filename=batterymiser.exe Description=Battery Miser power management utility for LG Notebooks Source=Paul Collins Startup list [BatteryMiser 5] Number=1449 Confirmed=Y Filename=BatteryMiser5.exe Description=Battery Miser 5 power management utility for LG Notebooks Source=Paul Collins Startup list [BatzBack] Number=1450 Confirmed=X Filename=BatzBack.scr Description=Added by the BACKZAT WORM! Source=Paul Collins Startup list [BAUSB] Number=1451 Confirmed=U Filename=BAUSB.exe Description=Boston Acoustics Audio, USB driver Source=Paul Collins Startup list [bawindo] Number=1452 Confirmed=X Filename=bawindo.exe Description=Added by the BEAGLE.AR or BEAGLE.AU WORMS! Source=Paul Collins Startup list [BayMgr] Number=1453 Confirmed=U Filename=DockApp.exe Description=Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [Bayswap] Number=1454 Confirmed=U Filename=bayswap.exe Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [Bayswap2] Number=1455 Confirmed=U Filename=TbUpdate.exe Description=Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices Source=Paul Collins Startup list [BBC Alerts] Number=1456 Confirmed=N Filename=BBC_Alerts.exe Description=BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service" Source=Paul Collins Startup list [BBC News alerts] Number=1457 Confirmed=U Filename=skinkers.exe Description=BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens Source=Paul Collins Startup list [BBDial] Number=1458 Confirmed=? Filename=BT Broadband.exe Description=Part of BT Broandband - is it required? Source=Paul Collins Startup list [BBLauncher.exe] Number=1459 Confirmed=N Filename=BBLauncher.exe Description=BounceBack Professional - back-up software Source=Paul Collins Startup list [bbSysTray] Number=1460 Confirmed=N Filename=bbSysTray.exe Description=Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" Source=Paul Collins Startup list [bbui] Number=1461 Confirmed=U Filename=bbui.exe Description=AOL DSL status monitor displaying a red/green icon indicating if you have a connection Source=Paul Collins Startup list [bca] Number=1462 Confirmed=U Filename=bca.exe Description=BeClean Agent - registry, history, temp files, etc cleaner Source=Paul Collins Startup list [BCDetect] Number=1463 Confirmed=U Filename=bcdetect.exe Description=Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see Source=Paul Collins Startup list [BCMDMMSG] Number=1464 Confirmed=Y Filename=bcmdmmsg.exe Description=BCM voicemodem driver. Required for dial-up if you have one of these modems Source=Paul Collins Startup list [BCMHal] Number=1465 Confirmed=U Filename=rundll32.exe bcmhal9x.dll, bcinit Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings Source=Paul Collins Startup list [BCMSMMSG] Number=1466 Confirmed=Y Filename=BCMSMMSG.exe Description=BCM voicemodem driver. Required for dial-up if you have one of these modems Source=Paul Collins Startup list [bcmwltry] Number=1467 Confirmed=? Filename=bcmwltry.exe Description=Broadcom Corporation Wireless Network Tray Applet. Is it required? Source=Paul Collins Startup list [BCNT] Number=1468 Confirmed=N Filename=bcnt.exe Description=AWS Weatherbug related. What does it do? Source=Paul Collins Startup list [BCPC] Number=1469 Confirmed=X Filename=bcpc.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [bcpc_c] Number=1470 Confirmed=X Filename=bcpc_c.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [BCTweak] Number=1471 Confirmed=U Filename=bctweak.exe Description=BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings Source=Paul Collins Startup list [Bcvsrv32] Number=1472 Confirmed=X Filename=bcvsrv32.exe Description=Added by the GAOBOT.BQJ WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1473 Confirmed=X Filename=he3.exe Description=Added by the AGOBOT.AKB WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1474 Confirmed=X Filename=msxml22.exe Description=Added by the AGOBOT.AKH WORM! Source=Paul Collins Startup list [Bcvsrv32] Number=1475 Confirmed=X Filename=msc32.exe Description=Added by the AGOBOT.AKD WORM! Source=Paul Collins Startup list [BCWipeTM] Number=1476 Confirmed=N Filename=bcwipetm.exe Description=BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed Source=Paul Collins Startup list [BD] Number=1477 Confirmed=X Filename=dc.exe Description=Added by the RASDOOR-A TROJAN! Source=Paul Collins Startup list [BDAgent] Number=1478 Confirmed=Y Filename=bdagent.exe Description=BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" Source=Paul Collins Startup list [bdfger] Number=1479 Confirmed=X Filename=gggasw.exe Description=Added by the SDBOT-RT WORM! Source=Paul Collins Startup list [BDMCon] Number=1480 Confirmed=Y Filename=Bdmcon.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BDNewsAgent] Number=1481 Confirmed=Y Filename=bdnagent.exe Description=BitDefender antivirus - updater Source=Paul Collins Startup list [BDOESRV] Number=1482 Confirmed=Y Filename=bdoesrv.exe Description=Bitdefender 8 antivirus and firewall Source=Paul Collins Startup list [BDRegion] Number=1483 Confirmed=U Filename=brs.exe Description=Part of Cyberlink's PowerDVD version 8 - removes the Blu-ray region on a DVD Source=Paul Collins Startup list [BDSwitchAgent] Number=1484 Confirmed=Y Filename=bdswitch.exe Description=Bitdefender 8 antivirus and firewall Source=Paul Collins Startup list [BDWizReg] Number=1485 Confirmed=Y Filename=bdwizreg.exe Description=Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free Source=Paul Collins Startup list [BearFlix] Number=1486 Confirmed=U Filename=BearFlix.exe Description=BearFlix is optimized for the fast download of video files Source=Paul Collins Startup list [BearShare] Number=1487 Confirmed=N Filename=bearshare.exe Description=BearShare file sharing client. Versions known to include spyware - see here Source=Paul Collins Startup list [BeatNik Internet Clock] Number=1488 Confirmed=U Filename=BeatNik.exe Description=BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock Source=Paul Collins Startup list [Beawver] Number=1489 Confirmed=X Filename=saqevre.exe Description=Added by a variant of the RANKY TROJAN! Source=Paul Collins Startup list [BedreigingsMonitoor] Number=1490 Confirmed=X Filename=pgs.exe Description=BedreigingsMonitoor rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [Beegees Update] Number=1491 Confirmed=X Filename=beegees.exe Description=Added by the SDBOT-ADK WORM! Source=Paul Collins Startup list [BEEI] Number=1492 Confirmed=? Filename=beei.exe Description=?? Source=Paul Collins Startup list [BeFaster] Number=1493 Confirmed=U Filename=befaster3.exe Description=BeFaster internet connection optimization tool Source=Paul Collins Startup list [begins] Number=1494 Confirmed=X Filename=0.exe Description=Added by the MYTOB-HE WORM! Source=Paul Collins Startup list [BEHL] Number=1495 Confirmed=? Filename=BEHL.exe Description=?? Source=Paul Collins Startup list [BEHLO] Number=1496 Confirmed=? Filename=BEHLO.exe Description=?? Source=Paul Collins Startup list [beidsystemtray] Number=1497 Confirmed=U Filename=beidsystemtray.exe Description=Related to Belgium Identity Card card reader Source=Paul Collins Startup list [Belgacom] Number=1498 Confirmed=U Filename=sprtcmd.exe /P Belgacom Description=Self-help support tool for Belgacom broadband users (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service Source=Paul Collins Startup list [Belkin F5D8013 N Wireless Notebook Card Utility] Number=1499 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for the Belkin F5D8013 N Wireless Notebook Card Source=Paul Collins Startup list [Belkin F5D8053 N Wireless USB Adapter Utility] Number=1500 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for the Belkin F5D8053 N Wireless USB Adapter Source=Paul Collins Startup list [Belkin F5D8073 N Wireless ExpressCard Adapter Utility] Number=1501 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for the Belkin F5D8073 N Wireless ExpressCard Adapter Source=Paul Collins Startup list [Belkin PCMCIA WLAN Monitor] Number=1502 Confirmed=N Filename=monitorbk.exe Description=Belkin USB Network Adapter Management utility - can be started manually Source=Paul Collins Startup list [Belkin Wireless G Notebook Card Client Utility] Number=1503 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for the Belkin F5D701F Wireless G Notebook Card Source=Paul Collins Startup list [Belkin Wireless USB Utility] Number=1504 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter Source=Paul Collins Startup list [Belkin Wireless Utility] Number=1505 Confirmed=U Filename=Belkinwcui.exe Description=Wireless configuration utility for some Belkin cards such as the F5D7000 Wireless G Desktop Card Source=Paul Collins Startup list [BellSouthAlertManager.exe] Number=1506 Confirmed=U Filename=BellSouthAlertManager.exe Description=Related to BellSouth Alert Manager Source=Paul Collins Startup list [BelNotify] Number=1507 Confirmed=U Filename=rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify Description="BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service" Source=Paul Collins Startup list [BELORVBI] Number=1508 Confirmed=? Filename=BELORVBI.exe Description=?? Source=Paul Collins Startup list [Belsta.exe] Number=1509 Confirmed=? Filename=Belsta.exe Description=Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed? Source=Paul Collins Startup list [Belt] Number=1510 Confirmed=X Filename=Belt.exe Description=VX2.Transponder parasite updater/installer related Source=Paul Collins Startup list [Benadril Alert Tool] Number=1511 Confirmed=X Filename=benadrilalert.exe Description=Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril Source=Paul Collins Startup list [BeschermingsTool] Number=1512 Confirmed=X Filename=SysRep.exe Description=BeschermingsTool, Dutch rogue system error and cleaning utility - not recommended. A member of the ErrClean family Source=Paul Collins Startup list [BestCrypt Auto Open] Number=1513 Confirmed=U Filename=BestCrypt.exe Description=BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access" Source=Paul Collins Startup list [BestPopUpKiller] Number=1514 Confirmed=X Filename=BestPopupKiller.exe Description=Popup killer by Swanksoft - not recommended, see here Source=Paul Collins Startup list [BestsellerAntivirus] Number=1515 Confirmed=X Filename=pgs.exe Description=BestsellerAntivirus rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [BestSync 2008] Number=1516 Confirmed=U Filename=BestSyncApp.exe Description=System Tray access to BestSync® 2008 from Risefly Software - "a professional utility for synchronizing files between your local folders and Network Drives, FTP servers, Removable Media (such as an USB disk)" Source=Paul Collins Startup list [BeSys] Number=1517 Confirmed=X Filename=[path to file] Description=BeSys adware Source=Paul Collins Startup list [beta] Number=1518 Confirmed=X Filename=svchost.exe Description=Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! Source=Paul Collins Startup list [BF4P] Number=1519 Confirmed=X Filename=bf4p.exe Description=Added by the IRCBOT.GEN WORM! Source=Paul Collins Startup list [bg] Number=1520 Confirmed=Y Filename=bullguard.exe Description=Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster Source=Paul Collins Startup list [BGInfo] Number=1521 Confirmed=U Filename=Bginfo.exe Description=BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more Source=Paul Collins Startup list [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] Number=1522 Confirmed=U Filename=NMBgMonitor.exe Description=Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here Source=Paul Collins Startup list [BGNewsAgent] Number=1523 Confirmed=Y Filename=bgnewsag.exe Description=BullGuard antivirus updater Source=Paul Collins Startup list [bgsmsnd] Number=1524 Confirmed=N Filename=bgsmsnd.exe Description=Printer driver to generate PDF files from any program Source=Paul Collins Startup list [Bharatayuda] Number=1525 Confirmed=X Filename=GNB.exe Description=Added by the BHARAT.A WORM! Source=Paul Collins Startup list [BHOCop] Number=1526 Confirmed=N Filename=BHOCop.exe Description=PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware Source=Paul Collins Startup list [BHODemon 2.0] Number=1527 Confirmed=U Filename=BHODemon.exe Description=BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand Source=Paul Collins Startup list [BHR] Number=1528 Confirmed=U Filename=BHR.exe Description=Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc Source=Paul Collins Startup list [BI1HelperStartUp] Number=1529 Confirmed=U Filename=BI1HEL~1.EXE Description=ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [BIE] Number=1530 Confirmed=X Filename=Rundll32.exe [path] BDSrHook.dll, Rundll32 Description=BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [BIG] Number=1531 Confirmed=X Filename=biggy.exe Description=Added by the DELBOT-AG WORM! Source=Paul Collins Startup list [BigDog303] Number=1532 Confirmed=N Filename=VM303_STI.EXE Description=Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed Source=Paul Collins Startup list [BigDog305] Number=1533 Confirmed=N Filename=VM305_STI.EXE Description=Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed Source=Paul Collins Startup list [BigDogPath] Number=1534 Confirmed=? Filename=VM_STI.EXE Description=Bundled with some software for digital cameras that use a USB connection - what does it do and is it required? Source=Paul Collins Startup list [bigfix] Number=1535 Confirmed=N Filename=BIGFIX.EXE Description=BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog Source=Paul Collins Startup list [biglow] Number=1536 Confirmed=X Filename=biglow.exe Description=Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example Source=Paul Collins Startup list [bigoris] Number=1537 Confirmed=X Filename=bigoris.exe Description=Added by the DORF-AZ TROJAN! Source=Paul Collins Startup list [BigPond Toolbar] Number=1538 Confirmed=U Filename=bpumTray.exe Description=Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier" Source=Paul Collins Startup list [BigPondCable] Number=1539 Confirmed=N Filename=bpcable.exe Description=Telstra Bigpond Cable login software - can be started manually Source=Paul Collins Startup list [BigPondWirelessBroadbandCM] Number=1540 Confirmed=Y Filename=BigPond_CM.exe Description=Related to BigPond_Wireless_Broadband Service by Telstra Source=Paul Collins Startup list [bikini] Number=1541 Confirmed=X Filename=bikini.exe Description=Added by the LOWZONE-CX TROJAN! Source=Paul Collins Startup list [BillGatesLoh.exe] Number=1542 Confirmed=X Filename=BillGatesLoh.exe Description=Added by the AGENT-FZO TROJAN! Source=Paul Collins Startup list [Billminder] Number=1543 Confirmed=N Filename=Billmind.exe Description=Can be setup in Quicken to remind user of due payments. Available via Start -> Programs Source=Paul Collins Startup list [bin32hpu] Number=1544 Confirmed=X Filename=ppstub.exe Description=PrecisionPop adware Source=Paul Collins Startup list [bingdian] Number=1545 Confirmed=X Filename=Bingdian.vbs Description=Added by the BINGD WORM! Source=Paul Collins Startup list [Bingo Charm] Number=1546 Confirmed=? Filename=charms.exe Description=Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? Source=Paul Collins Startup list [Biomenu] Number=1547 Confirmed=U Filename=menusw.exe Description=Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor Source=Paul Collins Startup list [Bionix Wallpaper 5] Number=1548 Confirmed=U Filename=Bionix Wallpaper 5.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1549 Confirmed=U Filename=Bionix Wallpaper 5beta.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1550 Confirmed=U Filename=BioniX Wallper.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [BioniXWallpaper] Number=1551 Confirmed=U Filename=BionixWallpaper5.exe Description=BioniX Wallpaper Changer - "the most advanced wallpaper changer/wallpaper manager software in the world" Source=Paul Collins Startup list [Bios] Number=1552 Confirmed=X Filename=Bios32.exe Description=Added by an unidentified VIRUS, WORM or TROJAN! Source=Paul Collins Startup list [bios] Number=1553 Confirmed=X Filename=bios.exe Description=Added by the BANCBAN-PW TROJAN! Source=Paul Collins Startup list [BIOS XP Loader] Number=1554 Confirmed=X Filename=[random filename] Description=Added by the RBOT-IC WORM! Source=Paul Collins Startup list [BIOS1] Number=1555 Confirmed=X Filename=BIOS1.EXE Description=Added by the OPASERV.T WORM! Source=Paul Collins Startup list [BIOVCIP] Number=1556 Confirmed=? Filename=BIOVCIP.exe Description=?? Source=Paul Collins Startup list [BitComet] Number=1557 Confirmed=N Filename=BitComet.exe Description=BitComet P2P client - can be launched from Start -> Programs Source=Paul Collins Startup list [BitDefender 12] Number=1558 Confirmed=Y Filename=bdwizreg.exe Description=Configuration wizard for BitDefender internet security products. Only runs once the product has been installed. Guides you through the steps necessary to configure the BitDefender modules, applies settings to cover your requirements and security needs and takes the first actions to making your computer virus-free Source=Paul Collins Startup list [BitDefender 2009] Number=1559 Confirmed=Y Filename=IEShow.exe Description=Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources Source=Paul Collins Startup list [BitDefender 2009] Number=1560 Confirmed=Y Filename=bdagent.exe Description=BitDefender Agent - for BitDefender internet security products. Maintains settings (for all users) and provides alerts and System Tray access to the main program. Note - for the System Tray icon to be displayed the Terminal Services service must be set to either "Manual" or "Automatic" Source=Paul Collins Startup list [BitDefender Antiphishing Helper] Number=1561 Confirmed=Y Filename=IEShow.exe Description=Anti-phishing component of BitDefender internet security products. Anti-phishing prevents sensitive data such as usernames, passwords and credit card details being acquired by web-sites and E-mails masquerading as a trustworthy sources Source=Paul Collins Startup list [BitDefender Antivirus] Number=1562 Confirmed=X Filename=BITDEFENDERX.EXE Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [BitDefender Communicator] Number=1563 Confirmed=Y Filename=xcommsvr.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender for MSN Messenger] Number=1564 Confirmed=U Filename=msnmon.exe Description=Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitDefender for Yahoo! Messenger] Number=1565 Confirmed=U Filename=yahmon.exe Description=Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitDefender Live! Init] Number=1566 Confirmed=Y Filename=bdinit.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender Scan Server] Number=1567 Confirmed=Y Filename=bdss.exe Description=BitDefender antivirus Source=Paul Collins Startup list [BitDefender Virus Shield] Number=1568 Confirmed=Y Filename=vsserv.exe Description=BitDefender antivirus Source=Paul Collins Startup list [bitdefenderlive] Number=1569 Confirmed=Y Filename=avxlive.exe Description=Main program of BitDefender virus scanner/firewall Source=Paul Collins Startup list [BitDefender_P2P_Startup] Number=1570 Confirmed=U Filename=BitDefender_P2P_Startup.exe Description=Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website Source=Paul Collins Startup list [BitTorrent DNA] Number=1571 Confirmed=U Filename=btdna.exe Description="BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content" Source=Paul Collins Startup list [BitWare Print Monitor] Number=1572 Confirmed=N Filename=bwprnmon.exe Description=FaxServe network fax software Source=Paul Collins Startup list [BJ Printer Status Monitor] Number=1573 Confirmed=N Filename=Cjstsr.exe Description=Canon BJ printer status monitor Source=Paul Collins Startup list [BJ Status Monitor 5xx] Number=1574 Confirmed=N Filename=CJSTRxx.EXE Description=Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers Source=Paul Collins Startup list [bjcfd] Number=1575 Confirmed=N Filename=cdf.exe Description=BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs Source=Paul Collins Startup list [BJLaunchEXE] Number=1576 Confirmed=U Filename=BJLaunch.exe Description=Memory Card Utility for the Canon i470D, i475D and i905D photo printers - which allows "your computer to access the memory card reader feature of your printer" Source=Paul Collins Startup list [BJPD HID Control] Number=1577 Confirmed=U Filename=TVMon.exe Description=Related to Canon Photo viewer Source=Paul Collins Startup list [BlackICE PC Protection] Number=1578 Confirmed=N Filename=blackice.exe Description=Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD Source=Paul Collins Startup list [BlackIce Utility] Number=1579 Confirmed=N Filename=blackice.exe Description=Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD Source=Paul Collins Startup list [blads] Number=1580 Confirmed=U Filename=blads.exe Description=A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks Source=Paul Collins Startup list [blah service] Number=1581 Confirmed=X Filename=winupdate.exe Description=Added by the GAOBOT.BIA WORM! Source=Paul Collins Startup list [blah service] Number=1582 Confirmed=X Filename=winsysengine.exe Description=Added by the RBOT-KI WORM! Source=Paul Collins Startup list [blah service] Number=1583 Confirmed=X Filename=internet.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1584 Confirmed=X Filename=smnp.exe Description=Added by the RBOT.IZ WORM! Source=Paul Collins Startup list [blah service] Number=1585 Confirmed=X Filename=msnmsgrr.exe Description=Added by the RBOT.PZ WORM! Source=Paul Collins Startup list [blah service] Number=1586 Confirmed=X Filename=tazkmgr.exe Description=Added by the RBOT.UA WORM! Source=Paul Collins Startup list [blah service] Number=1587 Confirmed=X Filename=FaLeH.exe Description=Added by the RBOT-AES WORM! Source=Paul Collins Startup list [blah service] Number=1588 Confirmed=X Filename=microsoft.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1589 Confirmed=X Filename=evosys.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blah service] Number=1590 Confirmed=X Filename=win32.exe Description=Added by the RBOT-AXO WORM! Source=Paul Collins Startup list [Blah service] Number=1591 Confirmed=X Filename=CCAPPS32.EXE Description=Added by the RBOT.TV WORM! Source=Paul Collins Startup list [blah services] Number=1592 Confirmed=X Filename=iczw.exe Description=Added by the RBOT-GMP WORM! Source=Paul Collins Startup list [blahh service] Number=1593 Confirmed=X Filename=msengine.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [blahx service] Number=1594 Confirmed=X Filename=msnjompa.exe Description=Added by the SDBOT.AML WORM! Source=Paul Collins Startup list [Blank AntiViri] Number=1595 Confirmed=X Filename=AUT0EXEC.BAT StartUp Description=Added by the BRONTOK-CJ WORM! Source=Paul Collins Startup list [BlazeChanger] Number=1596 Confirmed=N Filename=FBZPaper.exe Description=Ember graphic file viewer, manager, and touch-up system Source=Paul Collins Startup list [BlazeServoTool] Number=1597 Confirmed=? Filename=MediaDetector.exe Description=Related to BlazeDVD from BlazeVideo - which "is leading powerful and easy-to-use DVD player software." What does it do and is it required? Source=Paul Collins Startup list [bldbubg] Number=1598 Confirmed=N Filename=bldbubg.exe Description=Part of Dell Alerts which provides customers with an update on latest updates for his/her system Source=Paul Collins Startup list [BLF] Number=1599 Confirmed=X Filename=blf.exe Description=Added by the DELBOT-M WORM! Source=Paul Collins Startup list [blinkx] Number=1600 Confirmed=U Filename=blinkx.exe Description=Blinkx Desktop "Smart Folders" software Source=Paul Collins Startup list [Blitzz BWI715] Number=1601 Confirmed=N Filename=WLANmon.exe Description=Blitzz Technology BWI715 Wireless PC modem connection monitor Source=Paul Collins Startup list [BLMessagingIntegration] Number=1602 Confirmed=X Filename=blengine.exe Description=BuddyLinks adware Source=Paul Collins Startup list [BlockAds] Number=1603 Confirmed=U Filename=blads.exe Description=A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks Source=Paul Collins Startup list [BlockChecker] Number=1604 Confirmed=X Filename=Block-checker.exe Description=BlockChecker adware Source=Paul Collins Startup list [Blocker System611 Monitoring] Number=1605 Confirmed=X Filename=PopUpBlocker611.exe Description=Added by the RBOT.BLJ WORM! Source=Paul Collins Startup list [BlockTracker] Number=1606 Confirmed=N Filename=BlockTracker.exe Description=If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file Source=Paul Collins Startup list [BLOG] Number=1607 Confirmed=U Filename=rundll32.exe [path] BatLogEx.DLL,StartBattLog Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry logs changes in battery conditions such as charging, discharging, life, etc Source=Paul Collins Startup list [blsloader] Number=1608 Confirmed=U Filename=blsloader.exe Description=BellSouth ISP Internet Tools Source=Paul Collins Startup list [blss] Number=1609 Confirmed=X Filename=blss.exe Description=Added by the BLARUL TROJAN! Source=Paul Collins Startup list [BLSTAPP] Number=1610 Confirmed=N Filename=blstapp.exe Description=Puts access to Creative's BlasterControl in the System Tray Source=Paul Collins Startup list [Blubster] Number=1611 Confirmed=N Filename=Blubster.exe Description=Related to Blubster Music sharing service Source=Paul Collins Startup list [Blue Frog] Number=1612 Confirmed=U Filename=bluefrog.exe Description=Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive Source=Paul Collins Startup list [Blue Service] Number=1613 Confirmed=X Filename=[path to trojan] Description=Added by the BANCOS-BCW TROJAN! Source=Paul Collins Startup list [BlueLight_uoltray] Number=1614 Confirmed=? Filename=exec.exe Description=Related to BlueLight Internet. What does it do and is it required? Source=Paul Collins Startup list [BlueSoleil] Number=1615 Confirmed=U Filename=BLUESO~1.EXE Description=BlueSoleil Bluetooth wireless manager from IVT Corporation Source=Paul Collins Startup list [BlueSpace NE] Number=1616 Confirmed=U Filename=BlueSpaceNE.exe Description="BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs Source=Paul Collins Startup list [Bluetooth Config] Number=1617 Confirmed=X Filename=btwindin32.exe Description=Added by the SDBOT-DFN WORM! Source=Paul Collins Startup list [Bluetooth Connection Assistant] Number=1618 Confirmed=U Filename=LBTWiz.exe Description=Bluetooth connection manager for Logitech based bluetooth wireless products Source=Paul Collins Startup list [Bluetooth HCI Monitor] Number=1619 Confirmed=? Filename=RunDll32 HCIMNTR.DLL,RunCheckHCIMode Description=Related to the Bluetooth short-range wireless communications technology. For more information on Bluetooth see here. What does it do and is it required? Source=Paul Collins Startup list [BluetoothAuthenticationAgent] Number=1620 Confirmed=U Filename=rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent Description=If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN). Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information Source=Paul Collins Startup list [BluetoothAuthenticationAgent] Number=1621 Confirmed=U Filename=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent Description=If your system has Bluetooth (either integrated or via an adapter) and use's Microsoft's support software/drivers, this entry is required in order to successfully "pair" your system with a Bluetooth device (such as a mobile phone, PDA, headset) using this wireless protocol (via a PIN) Source=Paul Collins Startup list [Blueyonder Instant Support Tool] Number=1622 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [bm] Number=1623 Confirmed=X Filename=bm.exe Description=Part of the AVSystemCare rogue security software and other members of this family. See here for more examples Source=Paul Collins Startup list [BMail Installation] Number=1624 Confirmed=N Filename=FTP_back.exe Description=Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not Source=Paul Collins Startup list [Bman] Number=1625 Confirmed=X Filename=BMan1.exe Description=Abcsearch.com/DealHelper adware variant Source=Paul Collins Startup list [BMMGAG] Number=1626 Confirmed=U Filename=RunDll32 [path] pwrmonit.dll,StartPwrMonitor Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry displays the battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to the proprietary power saving settings and to a battery information window Source=Paul Collins Startup list [BMMLREF] Number=1627 Confirmed=N Filename=BMMLREF.EXE Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status Source=Paul Collins Startup list [BMMLREF.EXE] Number=1628 Confirmed=N Filename=BMMLREF.EXE Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. The purpose of this entry is unknown at present. It doesn't normally appear to be running if left enabled at startup and it doesn't run if the Battery MaxiMiser Wizard is open - hence the "N" status Source=Paul Collins Startup list [BMMMONWND] Number=1629 Confirmed=U Filename=rundll32.exe [path] BatInfEx.dll,BMMAutonomicMonitor Description=Part of the Battery MaxiMiser and Power Management Features set for some IBM/Lenovo Thinkpad notebooks. This entry is needed for the battery information and monitoring program as well as the Battery Maximizer Wizard Source=Paul Collins Startup list [BMN] Number=1630 Confirmed=X Filename=bm.exe Description=Part of VirtualPCGuard, VirusGuardPlus and other members of the AVSystemCare family of rogue security software suites. See here for more examples Source=Paul Collins Startup list [BMN] Number=1631 Confirmed=X Filename=strpmon.exe Description=Part of CleanPCTool, CleanupTool and other members of the ErrClean rogue system error and cleaning utility and other members of this family. See here for more examples Source=Paul Collins Startup list [BMO MasterCard Wallet] Number=1632 Confirmed=U Filename=EWALLET.EXE Description=The wallet conveniently stores billing, shipping and payment information on your PC Source=Paul Collins Startup list [Bmonq] Number=1633 Confirmed=X Filename=bmonq.exe Description=Added by the CLICKER.HZ TROJAN! Source=Paul Collins Startup list [BMupdate] Number=1634 Confirmed=N Filename=BMupdate.exe Description=Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install Source=Paul Collins Startup list [bmw] Number=1635 Confirmed=X Filename=bmw.exe Description=Added by the AGOBOT.BBV BACKDOOR! Source=Paul Collins Startup list [bmz] Number=1636 Confirmed=X Filename=bmz.exe Description=180Search adware Source=Paul Collins Startup list [Bndt32] Number=1637 Confirmed=X Filename=Bndt32.exe Description=Added by the LACON WORM! Source=Paul Collins Startup list [Bnexe] Number=1638 Confirmed=X Filename=[random filename] Description=Added by the KITRO.D (or ARGEN.A) WORM! Source=Paul Collins Startup list [BO1HelperStartUp] Number=1639 Confirmed=U Filename=BO1HEL~1.EXE Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [BO1HelperStartUp] Number=1640 Confirmed=U Filename=Bo1helper.exe Description=ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here Source=Paul Collins Startup list [Boarddata] Number=1641 Confirmed=X Filename=[path] repcale.exe [path] palsp.exe Description=Added by a variant of the RANDON.AN WORM! Both files are often located in %System% Source=Paul Collins Startup list [boat32] Number=1642 Confirmed=X Filename=boat32.exe Description=Added by a variant of the RBOT WORM! Source=Paul Collins Startup list [boby] Number=1643 Confirmed=X Filename=csrs.scr Description=Added by the BANCBAN-PC TROJAN! Source=Paul Collins Startup list [boby] Number=1644 Confirmed=X Filename=netburn.scr Description=Added by the BANCBAN-OX TROJAN! Source=Paul Collins Startup list [BOC-412] Number=1645 Confirmed=Y Filename=BOC412.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.12 Source=Paul Collins Startup list [BOC-420] Number=1646 Confirmed=Y Filename=BOC420.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.20 Source=Paul Collins Startup list [BOC-421] Number=1647 Confirmed=Y Filename=BOC421.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.21 Source=Paul Collins Startup list [BOC-422] Number=1648 Confirmed=Y Filename=BOC422.exe Description=NSClean (now Comodo) BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.22 Source=Paul Collins Startup list [BOC-423] Number=1649 Confirmed=Y Filename=BOC423.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23 Source=Paul Collins Startup list [BOC-424] Number=1650 Confirmed=Y Filename=BOC424.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24 Source=Paul Collins Startup list [BOC-425] Number=1651 Confirmed=Y Filename=BOC425.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25 Source=Paul Collins Startup list [BOC-426] Number=1652 Confirmed=Y Filename=BOC426.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.26 Source=Paul Collins Startup list [BOC-427] Number=1653 Confirmed=Y Filename=BOC427.exe Description=Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.27 Source=Paul Collins Startup list [BOCleanautostart] Number=1654 Confirmed=Y Filename=Boclean.exe Description=NSClean's BOClean anti-trojan software Source=Paul Collins Startup list [BOINC Manager] Number=1655 Confirmed=U Filename=boincmgr.exe Description=BOINC manager - "controls the use of your computer's disk, network, and processor resources" Source=Paul Collins Startup list [Boingo Wireless Utility] Number=1656 Confirmed=U Filename=Icon###XXX#X#.exe Description=Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs Source=Paul Collins Startup list [bolenja] Number=1657 Confirmed=X Filename=bolenja.exe Description=Added by the WANTVI.BF TROJAN! Source=Paul Collins Startup list [bolenjx] Number=1658 Confirmed=X Filename=bolenjx.exe Description=Added by the ELDYCOW.O TROJAN! Source=Paul Collins Startup list [boler.exe] Number=1659 Confirmed=X Filename=syser.exe Description=Added by the RBOT-AYS WORM! Source=Paul Collins Startup list [bombshel] Number=1660 Confirmed=U Filename=BOMB32.EXE Description=Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems Source=Paul Collins Startup list [Bonzi Buddy] Number=1661 Confirmed=X Filename=?? Description=Bonzi Buddy adware - see here for removal instructions Source=Paul Collins Startup list [boo] Number=1662 Confirmed=X Filename=boo.exe Description=Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN! Source=Paul Collins Startup list [BookedSpace] Number=1663 Confirmed=X Filename=RunDLL32.EXE bs2.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [BookmarkCentral] Number=1664 Confirmed=N Filename=BMLauncher.exe Description=Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use" Source=Paul Collins Startup list [BookMarkSink] Number=1665 Confirmed=N Filename=syncit.exe Description=Bookmark synchronization utility Source=Paul Collins Startup list [BookMarkSync] Number=1666 Confirmed=N Filename=syncit.exe Description=Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing Source=Paul Collins Startup list [BookMarkSync2It] Number=1667 Confirmed=N Filename=sync2it.exe Description=Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing Source=Paul Collins Startup list [Boost XP Service] Number=1668 Confirmed=U Filename=bxservice.exe Description=Boost XP from Systweak - WinXP tweaking utility Source=Paul Collins Startup list [BoostSpeed] Number=1669 Confirmed=U Filename=boostspeed.exe Description=System Tray accesss to Auslogics BoostSpeed 4 system optimization utility - which "Start programs faster. Speed up computer start time. Increase Internet speed, optimize your Internet Explorer, Firefox and E-mail programs" Source=Paul Collins Startup list [boot] Number=1670 Confirmed=X Filename=boot.exe Description=Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [Boot] Number=1671 Confirmed=U Filename=Boot.exe Description=Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "Acer\Empowering Technology\ePower" directory Source=Paul Collins Startup list [Boot Check] Number=1672 Confirmed=X Filename=bootchk.exe Description=Added by the DELBOT-AB WORM! Source=Paul Collins Startup list [Boot Config] Number=1673 Confirmed=X Filename=bootconfig.exe Description=Added by the FLOOD-EV TROJAN! Source=Paul Collins Startup list [Boot K] Number=1674 Confirmed=X Filename=bootk.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Manager] Number=1675 Confirmed=X Filename=Njgal.exe Description=Added by the KILO TROJAN! Source=Paul Collins Startup list [Boot Manager] Number=1676 Confirmed=X Filename=bootmng.exe Description=Added by a variant of the SPYBOT WORM! Source=Paul Collins Startup list [Boot Server] Number=1677 Confirmed=X Filename=bootserver.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Service] Number=1678 Confirmed=X Filename=bootservice.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Service] Number=1679 Confirmed=X Filename=bootsv.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [Boot Verify] Number=1680 Confirmed=X Filename=bootvfy.exe Description=Added by a variant of the IRCBOT BACKDOOR! See here Source=Paul Collins Startup list [BootCfg] Number=1681 Confirmed=X Filename=Install.log.vbs Description=Added by the YPSAN.D WORM! Source=Paul Collins Startup list [BootCTRL] Number=1682 Confirmed=X Filename=bootctrl.exe Description=Added by an unidentified WORM or TROJAN! Source=Paul Collins Startup list [BootLoader] Number=1683 Confirmed=X Filename=BootLoader.exe.vbs Description=Added by the WATERWORKS WORM! Source=Paul Collins Startup list [bootpd.exe] Number=1684 Confirmed=X Filename=bootpd.exe Description=Added by the AGENT-DT TROJAN! Source=Paul Collins Startup list [BootsCfg] Number=1685 Confirmed=X Filename=wscript.exe [path] Date.POP.vbs Description=Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1686 Confirmed=X Filename=wscript.exe [path] All Users.vbs Description=Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1687 Confirmed=X Filename=wscript.exe [path] All Users.vbe Description=Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted Source=Paul Collins Startup list [BootsCfg] Number=1688 Confirmed=X Filename=wscript.exe Install.log.vbs Description=Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder Source=Paul Collins Startup list [BootSkin Startup Jobs] Number=1689 Confirmed=Y Filename=BootSkin.exe Description=Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens Source=Paul Collins Startup list [BootStatus] Number=1690 Confirmed=U Filename=BOOTST~1.EXE Description=Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources Source=Paul Collins Startup list [BootWarn] Number=1691 Confirmed=U Filename=BootWarn.exe Description=From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start \ Programs \ Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages" Source=Paul Collins Startup list [boot_reg] Number=1692 Confirmed=X Filename=[path to file] Description=Added by the BANCBAN-CA TROJAN! Source=Paul Collins Startup list [BortMedVirus] Number=1693 Confirmed=X Filename=pgs.exe Description=BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family Source=Paul Collins Startup list [borzoi] Number=1694 Confirmed=U Filename=blg.exe Description=Borzoi surveillance software. Uninstall this software unless you put it there yourself Source=Paul Collins Startup list [Bose Wave/PC Monitor] Number=1695 Confirmed=N Filename=wavepcmonitor.exe Description=System Tray access for this system (more info on the system here). Available via Start -> Programs Source=Paul Collins Startup list [BossIdea] Number=1696 Confirmed=X Filename=winlogin.exe Description=Added by the LINEAGE-I TROJAN! Source=Paul Collins Startup list [Boston] Number=1697 Confirmed=? Filename=Boston.exe Description=Part of the Boston Acoustics USB speaker systems. What does it do and is it required? Source=Paul Collins Startup list [Bot Loader] Number=1698 Confirmed=X Filename=svchostt.exe Description=Added by the GAOBOT.ALV WORM! Source=Paul Collins Startup list [Bouncer RunStartup] Number=1699 Confirmed=X Filename=bouncer.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [Bouncer RunStartup] Number=1700 Confirmed=X Filename=LiveUpdate.exe Description=Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here Source=Paul Collins Startup list [boy lovers of bsd] Number=1701 Confirmed=X Filename=ilikeboys.exe Description=Added by the MYTOB.LY WORM! Source=Paul Collins Startup list [bpcpost.exe] Number=1702 Confirmed=U Filename=bpcpost.exe Description=MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it Source=Paul Collins Startup list [BPCV2] Number=1703 Confirmed=X Filename=BPCV2.exe Description=BroadcastPC adware Source=Paul Collins Startup list [BPCv2 re] Number=1704 Confirmed=X Filename=bpc2 re inst.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [BPK] Number=1705 Confirmed=U Filename=bpk.exe Description=Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Source=Paul Collins Startup list [BPServer] Number=1706 Confirmed=N Filename=G6FTPSrv.exe Description=BulletProof FTP Server Source=Paul Collins Startup list [BQTray.exe] Number=1707 Confirmed=U Filename=BQTray.exe Description=System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually Source=Paul Collins Startup list [Brasil] Number=1708 Confirmed=X Filename=Brasil.exe Description=Added by the OPASERV.E WORM! Source=Paul Collins Startup list [Brasil] Number=1709 Confirmed=X Filename=BRASIL.PIF Description=Added by the OPASERV.E WORM! Source=Paul Collins Startup list [BrasilOld] Number=1710 Confirmed=X Filename=[worm filename] Description=Added by the OPASERV.P WORM! Source=Paul Collins Startup list [brastk] Number=1711 Confirmed=X Filename=brastk.exe Description=Added by the DORF-BV TROJAN! Source=Paul Collins Startup list [BraveSentry] Number=1712 Confirmed=X Filename=BraveSentry.exe Description=BraveSentry spyware remover - not recommended, see here Source=Paul Collins Startup list [braviax] Number=1713 Confirmed=X Filename=braviax.exe Description=Added by the FAKEALER.LE TROJAN! Source=Paul Collins Startup list [Brct] Number=1714 Confirmed=X Filename=trdb.exe Description=Detected by Kaspersky as the PURITYSCAN.Y TROJAN! Source=Paul Collins Startup list [Break_Reminder] Number=1715 Confirmed=U Filename=BREAK REMINDER.exe Description=Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here Source=Paul Collins Startup list [Bredbandsbolaget] Number=1716 Confirmed=Y Filename=servicecenter.exe Description=Related to the Brebband Swedish Broadband provider Source=Paul Collins Startup list [Breg] Number=1717 Confirmed=X Filename=bcre.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Breg] Number=1718 Confirmed=X Filename=bptre.exe Description=BroadcastPC adware variant Source=Paul Collins Startup list [Breg] Number=1719 Confirmed=X Filename=breg.exe Description=BroadcastPC adware Source=Paul Collins Startup list [Bridge] Number=1720 Confirmed=X Filename=rundll32.exe [path] Bridge.dll,Load Description=Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Source=Paul Collins Startup list [Brindys BriTray] Number=1721 Confirmed=Y Filename=BRITRAY.EXE Description=Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired Source=Paul Collins Startup list [BrmfRmPA] Number=1722 Confirmed=U Filename=BrmfRmPA.exe Description=Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate Source=Paul Collins Startup list [broadband medic] Number=1723 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntl\broadband Help is required to run with the Help and Support program. If you uncheck ntl\broadband Help and and then run Help and Support it will add another ntl\broadband Help in the startup menu. If you remove the ntl\broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [Broadband Wizard] Number=1724 Confirmed=N Filename=bbwiz.exe Description=Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs Source=Paul Collins Startup list [BroadCamRun] Number=1725 Confirmed=N Filename=broadCam.exe Description=BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone Source=Paul Collins Startup list [Broadcom Wireless Manager UI] Number=1726 Confirmed=U Filename=bcmntray.exe Description=Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems Source=Paul Collins Startup list [Broadcom Wireless Manager UI] Number=1727 Confirmed=N Filename=wltray.exe Description=System tray access to wireless LAN card configuration options Source=Paul Collins Startup list [Bron-Spizaetus] Number=1728 Confirmed=X Filename=CVT.exe Description=Added by the RONTOKBRO WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1729 Confirmed=X Filename=norBtok.exe Description=Added by the RONTOKBRO.B WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1730 Confirmed=X Filename=[path to file] Description=Added by the BRONTOK-F WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1731 Confirmed=X Filename=bronstab.exe Description=Added by the RONTOKBRO.C WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1732 Confirmed=X Filename=eksplorasi.exe Description=Added by the RONTOKBRO.J WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1733 Confirmed=X Filename=ElnorB.exe Description=Added by the RONTOKBRO.D WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1734 Confirmed=X Filename=sempalong.exe Description=Added by the BRONTOK-E WORM! Source=Paul Collins Startup list [Bron-Spizaetus] Number=1735 Confirmed=X Filename=RakyatKelaparan.exe Description=Added by the BRONTOK-J or BRONTOK-L WORMS! Source=Paul Collins Startup list [Bron-Spizaetus-5118REPM] Number=1736 Confirmed=X Filename=komodo-6321422.exe Description=Added by the BRONTOK-R WORM! Source=Paul Collins Startup list [Bron-Spizaetus-cfgmktoq] Number=1737 Confirmed=X Filename=bbm-qotkmgfc.exe Description=Added by the BRONTOK-M WORM! Source=Paul Collins Startup list [Bron-Spizaetus-cfgmmnru] Number=1738 Confirmed=X Filename=bbm-urnmmgfc.exe Description=Added by the BRONTOK-N WORM! Source=Paul Collins Startup list [BRoNToK] Number=1739 Confirmed=X Filename=BRoNToK.exe Description=Added by the BRONTOK-CG WORM! Source=Paul Collins Startup list [BrowseProxy] Number=1740 Confirmed=X Filename=FindService.exe Description=Actual Names (AdvSearch) Internet Keywords parasite Source=Paul Collins Startup list [browser] Number=1741 Confirmed=X Filename=msgaol.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1742 Confirmed=X Filename=s_menu.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1743 Confirmed=X Filename=browse.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser] Number=1744 Confirmed=X Filename=deamon.exe Description=Added by the TACTSLAY.C TROJAN! Source=Paul Collins Startup list [browser aid] Number=1745 Confirmed=X Filename=browseraid.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [Browser Help Svc] Number=1746 Confirmed=X Filename=BHSV.EXE Description=Added by the RBOT-AVQ WORM! Source=Paul Collins Startup list [Browser Hijack Blaster] Number=1747 Confirmed=Y Filename=bhblaster.exe Description=Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard Source=Paul Collins Startup list [Browser Launcher] Number=1748 Confirmed=U Filename=Commandr.exe Description=Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys Source=Paul Collins Startup list [Browser Pal] Number=1749 Confirmed=X Filename=adblck.exe Description=BrowserAid/BrowserPal foistware Source=Paul Collins Startup list [Browser Sentinel] Number=1750 Confirmed=U Filename=BrowserSentinel.exe Description=Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page Source=Paul Collins Startup list [BrowserUpdateSched] Number=1751 Confirmed=X Filename=[random filename] Description=ZenoSearch adware Source=Paul Collins Startup list [BrowserWebCheck] Number=1752 Confirmed=N Filename=loadwc.exe Description=Checks to make sure that IE is still your default browser Source=Paul Collins Startup list [BrO_AcT] Number=1753 Confirmed=X Filename=BrO-AcT.exe Description=Added by the SILLYFDC-D WORM! Source=Paul Collins Startup list [brwdiag] Number=1754 Confirmed=X Filename=[path to worm] Description=Added by the STRATIO-BN WORM! Source=Paul Collins Startup list [BS Player] Number=1755 Confirmed=N Filename=bsplayer.exe Description=BSplayer - A video player used to play avi, mpg, wmv and other multimedia files Source=Paul Collins Startup list [BsCLiP] Number=1756 Confirmed=N Filename=BSCLIP.exe Description=CD recording utility that comes with a lot of CDR/CDRW drives and isn't required Source=Paul Collins Startup list [Bsoft lppt01] Number=1757 Confirmed=X Filename=Bsoft.exe Description=RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here Source=Paul Collins Startup list [bsplayer] Number=1758 Confirmed=N Filename=bsplayer.exe Description=BSplayer - a video player used to play avi, mpg, wmv and other multimedia files Source=Paul Collins Startup list [BSserver] Number=1759 Confirmed=X Filename=FileKan.exe Description=Added by the VB.CBW WORM! Source=Paul Collins Startup list [BSVCHOST] Number=1760 Confirmed=X Filename=SVCH0ST.EXE Description=Added by the VOXOM TROJAN! Notice the digit "0" in the filename rather than the upper case "o" Source=Paul Collins Startup list [Bsx3] Number=1761 Confirmed=X Filename=RunDLL32.EXE bs3.dll, DllRun Description=BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder Source=Paul Collins Startup list [BT] Number=1762 Confirmed=X Filename=[path to trojan] Description=Added by the LITEBOT-B TROJAN! Source=Paul Collins Startup list [BT Broadband Basic Help] Number=1763 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BT Broadband Desktop Help] Number=1764 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BT Broadband Help] Number=1765 Confirmed=U Filename=matcli.exe Description="matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide Source=Paul Collins Startup list [BT00003*] Number=1766 Confirmed=X Filename=abcdefg23.exe Description=Added by the VB-VT TROJAN where * = 5,6 or 7! Source=Paul Collins Startup list [BT00003*] Number=1767 Confirmed=X Filename=hiklmnop27.exe Description=Added by the VB-VT TROJAN where * = 2,3 or 4! Source=Paul Collins Startup list [btbb_wcm_McciTrayApp] Number=1768 Confirmed=U Filename=McciTrayApp.exe Description=System tray access to Motive's Broadband 2.0 configuration and repair utility Source=Paul Collins Startup list [BtcMaestro] Number=1769 Confirmed=U Filename=KMaestro.exe Description=Multimedia keyboard manager. Required if you use the multimedia keys Source=Paul Collins Startup list [btinst] Number=1770 Confirmed=? Filename=btinst.exe Description=Associated with an Anycom bluetooth wireless card. What does it do and is it required? Source=Paul Collins Startup list [BTModemProtection] Number=1771 Confirmed=U Filename=BTModemProtection.exe Description=BT Privacy Online modem protection software, see here Source=Paul Collins Startup list [btmsre.exe] Number=1772 Confirmed=X Filename=btmsre.exe Description=Added by the SDBOT.AM WORM! Source=Paul Collins Startup list [BTopenworld] Number=1773 Confirmed=U Filename=DialBTYahoo.exe Description=BT Yahoo! internet connection manager Source=Paul Collins Startup list [BTSETBOOTKEY] Number=1774 Confirmed=? Filename=BTSetBootKey.exe Description=Related to a USB Bluetooth adaptor. What does it do and is it required? Source=Paul Collins Star