X system32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotku.html" target="_blank">AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X pathex.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmkmoosea.html" target="_blank">MKMOOSE-A</a> WORM! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X svchost.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelfux.html" target="_blank">DELF-UX</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X MSPF.EXE Added by a variant of the <a href="http://vil.nai.com/vil/content/v_100454.htm" target="_blank">SDBOT</a> WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X dllvirtual.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X dllvirtual.dll Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X dllvirtual.js Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdadobraiw.html" target="_blank">DADOBRA-IW</a> TROJAN! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X ajsha5.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32spybotnx.html" target="_blank">SPYBOT-NX</a> WORM! Note - has a blank entry under the Startup Item/Name field Paul Collins Startup list X ne.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotzl.html" target="_blank">IRCBOT-ZL</a> TROJAN! Paul Collins Startup list SystemBoot X services.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsoberq.html" target="_blank">SOBER-Q</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Help\Help subfolder of the Windows or Winnt folder Paul Collins Startup list WinCheck X services.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sobers.html" target="_blank">SOBER-S</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatus\Microsoft" subfolder of the Windows or Winnt folder Paul Collins Startup list Windows X services.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111915-0848-99" target="_blank">SOBER.X</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder Paul Collins Startup list WinStart X services.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050210-2339-99" target="_blank">SOBER.O</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection Wizard\Status subfolder of the Windows or Winnt folder Paul Collins Startup list winsystem.sys X smss.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-022023-0454-99" target="_blank">SOBER.K</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagent\win32 subfolder of the Winnt or Windows folder Paul Collins Startup list !1_pgaccount Y pgaccount.exe DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target="_blank">ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly Paul Collins Startup list !1_ProcessGuard_Startup Y procguard.exe DiamondCS <a href="http://www.diamondcs.com.au/processguard/" target="_blank">ProcessGuard</a> security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks Paul Collins Startup list !AVG Anti-Spyware U avgas.exe Part of <a href="http://www3.grisoft.com/doc/products-avg-anti-spyware/us/crp/0" target="_blank">AVG Anti-Spyware</a> from Grisoft Paul Collins Startup list !ewido U ewido.exe Part of <a href="http://www.ewido.net/en/" target="_blank">Ewido</a> anti-spyware Paul Collins Startup list !NoLoad N winrecon.exe <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winrecon/" target="_blank">WinRecon</a> keystroke logger/monitoring program - remove unless you installed it yourself! Paul Collins Startup list $EnterNet ? Enternet.exe Connection manager for the EnterNet ISP. You can also use <a href="http://user.cs.tu-berlin.de/~normanb/" target="_blank">RASPPOE</a> Paul Collins Startup list $sys$cmp X $sys$xp.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111015-0804-99" target="_blank">RYKNOS.B</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Paul Collins Startup list $sys$crash X $sys$sonyTimer.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$crash X $sys$sos$sys$.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$crash X $sys$WeLoveMcCOL.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$drv X $sys$drv.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-111012-2048-99" target="_blank">RYKNOS</a> TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer Paul Collins Startup list $sys$momomomochin X $sys$sonyTimer.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$momomomochin X $sys$sos$sys$.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$momomomochin X $sys$WeLoveMcCOL.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$umaiyo X $sys$sonyTimer.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$umaiyo X $sys$sos$sys$.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $sys$umaiyo X $sys$WeLoveMcCOL.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-120709-5703-99" target="_blank">WELOMOCH</a> TROJAN! Paul Collins Startup list $Volumouse$ U volumouse.exe <a href="http://www.nirsoft.net/utils/volumouse.html" target="_blank">Volumouse</a> from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" Paul Collins Startup list $WindowsRegKey%update X IEXPLORE.EXE Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotez.html" target="_blank">RBOT-EZ</a> WORM! Note - this is not the legitimate Internet Explorer <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/" target="_blank">iexplore.exe</a> process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder Paul Collins Startup list %cmpmixtitle% N %cmpmixstr% Possibly related to C-Media Mixer Control panel? Paul Collins Startup list %FP%012-L2TP fts.exe N fts.exe 012.Net.il Israeli ISP software front-end Paul Collins Startup list %FP%012-L2TP FWPortal.exe U FWPortal.exe 012.Net.il Israeli ISP dial-up software Paul Collins Startup list %FP%1776 Internet fts.exe N fts.exe 1776 Internet US ISP software ISP software front-end Paul Collins Startup list %FP%1776 Internet FWPortal.exe U FWPortal.exe 1776 Internet US ISP dial-up software Paul Collins Startup list %FP%AIRTEL fts.exe N fts.exe Bharti <a href="http://www.airtel.in/level2_t12.aspx?path=1/9" target="_blank">Airtel</a> Broadband - Indian ISP software front-end Paul Collins Startup list %FP%Barak013 fts.exe N fts.exe Barak013 Israeli ISP software front-end Paul Collins Startup list %FP%Barak013 FWPortal.exe U FWPortal.exe Barak013 Israeli ISP dial-up software Paul Collins Startup list %FP%Friendly fts.exe N fts.exe Friendly ISP software front-end Paul Collins Startup list µTorrent U utorrent.exe <a href="http://www.utorrent.com/" target="_blank">µTorrent</a> - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients Paul Collins Startup list (*)API Machine X winSOCKS.exe Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winsocks/" target="_blank">here</a> (* = any digit) Paul Collins Startup list (*)Run X win32API.exe Homepage hijacker, see <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/win32api/" target="_blank">here</a> (* = any digit) Paul Collins Startup list (default) X [random filename].exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-032319-2209-99" target="_blank">BLACKMAL</a> WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty Paul Collins Startup list (default) X rundll32.exe [path to DLL file], Do98Work Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-022116-5404-99" target="_blank">HESIVE.B</a> TROJAN! Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Paul Collins Startup list (Default) X 5640.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdownldabf.html" target="_blank">DOWNLD-ABF</a> TROJAN! Paul Collins Startup list (L4r1$$4) (4nt1) (V1ruz) X SP00Lsv32.pif Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-030222-1459-99" target="_blank">ASSIRAL.B</a> WORM! Paul Collins Startup list *Bandook X msdll.exe Added by an unidentified TROJAN - see <a href="http://www.greatis.com/appdata/d/m/msdll.exe.htm" target="_blank">here</a> Paul Collins Startup list *JanisRuckenbrodII X janis.com Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-012114-5256-99" target="_blank">POPS</a> WORM! Paul Collins Startup list *Microsoft Update X ctxma.exe Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN! Paul Collins Startup list *Microsoft Update X cxma.exe Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN! Paul Collins Startup list *Microsoft Update X wstcl.exe Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN! Paul Collins Startup list *Microsoft Update X wucxt.exe Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN! Paul Collins Startup list *Microsoft Update X wuytc.exe Added by the <a href="http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml" target="_blank">STMU</a> TROJAN! Paul Collins Startup list *MS Setup X [random filename] Virtumondo adware, also known as the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target="_blank">VUNDO</a> TROJAN! Paul Collins Startup list *MSConfig32 X aecache.exe Detected by F-secure as the OBFUSCATED.GP TROJAN! Paul Collins Startup list *Security Center X secctr.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRO" target="_blank">SDBOT.BRO</a> WORM! Paul Collins Startup list *StateMgr Y statemgr.exe Windows ME default for System Restore. Do NOT disable! Paul Collins Startup list *windows update X wrauclt.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotqu.html" target="_blank">RBOT-QU</a> WORM! Paul Collins Startup list *windows update X wuanclt.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotpg.html" target="_blank">RBOT-PG</a> WORM! Paul Collins Startup list *windows update X wuaucrlt.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-010714-2915-99" target="_blank">SPYBOT.HUR</a> WORM! Paul Collins Startup list *windows update X wuraclt.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotpo.html" target="_blank">RBOT-PO</a> WORM! Paul Collins Startup list *windows update X wurauclt.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotsy.html" target="_blank">RBOT-SY</a> WORM! Paul Collins Startup list *windows update X wsctl.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.PR" target="_blank">SPYBOT.PR</a> WORM! Paul Collins Startup list *windows update X wkmst.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AVD" target="_blank">SDBOT.AVD</a> WORM! Paul Collins Startup list *windows update X wscxt.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AOS" target="_blank">RBOT.AOS</a> WORM! Paul Collins Startup list *windows update X waurclt.exe Added by a variant of the <a href="http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437" target="_blank">RBOT</a> WORM! Paul Collins Startup list *Windows [filename] Checker X [filename] Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32kedebeb.html" target="_blank">KEDEBE-B</a> WORM! Paul Collins Startup list *WindowsAudio X systemupd.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentth.html" target="_blank">AGENT-TH</a> WORM! Paul Collins Startup list *WinLogon X [trojan path] ren time:[random number] Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99" target="_blank">VUNDO</a> TROJAN! Paul Collins Startup list *winstats X winstats.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-3057-99" target="_blank">GARGAFX</a> TROJAN! Paul Collins Startup list *wuauclt.exe X w****.exe [* = random char] Added by a variant of the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotug.html" target="_blank">RBOT-UG</a> WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... Paul Collins Startup list ,main drive Loader X wininfo.exe Suspected malware as it appears in 3 different registry locations - see <a href="http://forums.techguy.org/t151017/s.html" target="_blank"> here</a> Paul Collins Startup list -=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ X ISASS.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ASSIRAL.B" target="_blank">ASSIRAL.B</a> WORM! Paul Collins Startup list -FreedomNeedsReboot Y ZkRunOnceR.exe Internet Security Suite used by ISPs to protect customers against many attacks Paul Collins Startup list .. X ABC2007.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrash.html" target="_blank">DLOADR-ASH</a> TROJAN! Paul Collins Startup list .mscdr X lassa.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-101212-0903-99" target="_blank">WEBUS.C</a> TROJAN! Paul Collins Startup list .mscdr X lsvchost.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-111216-2213-99" target="_blank">WEBUS.D</a> TROJAN! Paul Collins Startup list .mscdsr X lsvchost.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdoorcr.html" target="_blank">CR</a> TROJAN! Paul Collins Startup list .mscsbl X svhost.exe Added by the <a href="http://vil.mcafeesecurity.com/vil/content/v_130850.htm" target="_blank">CMQ</a> TROJAN! Paul Collins Startup list .msfupdate X msveup.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-040411-1529-99" target="_blank">ALLOCUP.A</a> WORM! Paul Collins Startup list .mssecure X mssecure.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DDOS_BOXED.X" target="_blank">DDOS_BOXED.X</a> TROJAN! Paul Collins Startup list .NET config ? sysmon32.exe ?? Paul Collins Startup list .NET. X msnmgnr.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELF.AYF" target="_blank">DELF.AYF</a> WORM! Paul Collins Startup list .norton X rchost.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojboxedh.html" target="_blank">BOXED-H</a> TROJAN! Paul Collins Startup list .nvsvc X smss.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotfp.html" target="_blank">IRCBOT-FP</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/smss/" target="_blank">smss.exe</a> process which should not normally figure in Msconfig/Startup! Paul Collins Startup list .nvsvcb X smssb.exe Added by the <a href="http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=57167" target="_blank">BOXED.CG</a> TROJAN! Paul Collins Startup list .Prog X services.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081700-2526-99" target="_blank">NEVEG.B</a> or <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081614-3605-99" target="_blank">NEVEG.C</a> WORMS! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/services/" target="_blank">services.exe</a> process, which should not appear in Msconfig/Startup! Paul Collins Startup list .Prog X winlogon.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-081623-4258-99" target="_blank">NEVEG.A</a> WORM! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/" target="_blank">winlogon.exe</a> process, which should not appear in Msconfig/Startup! Paul Collins Startup list .protected X N/A <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215" target="_blank">Smitfraud</a> variant Paul Collins Startup list .svchost X CSRSS.EXE Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051709-5609-99" target="_blank">WEBUS.F</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Paul Collins Startup list .TEXTCONV X csrss.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup! Paul Collins Startup list .TEXTCONV X lsass.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Paul Collins Startup list .WMAudio X csrss.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-091409-4900-99" target="_blank">WEBUS</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/" target="_blank">csrss.exe</a> process, which should not appear in Msconfig/Startup! Paul Collins Startup list .WMAudio X lsass.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99" target="_blank">WEBUS.B</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/" target="_blank">lsass.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder Paul Collins Startup list /l:eng N N/A Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function Paul Collins Startup list 000 U pit.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-061617-2707-99" target="_blank">PrivateEye</a> surveillance software. Uninstall this software unless you put it there yourself Paul Collins Startup list 000hpdllhos X hpdllhost.exe <a href="http://www.spywareguide.com/product_show.php?id=853" target="_blank">LZIO.com</a> adware downloader Paul Collins Startup list 000StTHK U 000StTHK.exe Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) Paul Collins Startup list 0050726-007-i32-1 X 0050726-007-i32-1.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancbanec.html" target="_blank">BANCBAN-EC</a> TROJAN! Paul Collins Startup list 00DSKSVR00 ? desksaver.exe Related to <a href="http://www.softstack.com/deskshield.html" target="_blank">Advanced Desktop Shield</a> Paul Collins Startup list 00DSKSVR01 ? desksaver.exe Related to <a href="http://www.softstack.com/deskshield.html" target="_blank">Advanced Desktop Shield</a> Paul Collins Startup list 00PCTFW Y FirewallGUI.exe <a href="http://www.pctools.com/firewall/" target="_blank">PC Tools Firewall Plus</a> - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network" Paul Collins Startup list 00TCrdMain Y TCrdMain.exe Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards Paul Collins Startup list 00THotkey U 00THotKey.exe For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. Paul Collins Startup list 00THotkey U system32THotkey.exe For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev Paul Collins Startup list 0190 Warner U WARN0190.EXE Anti-dialer <a href="http://www.wt-rate.com/" target="_blank">program</a> (Germany) Paul Collins Startup list 0900 Warner U WARN0900.EXE Anti-dialer <a href="http://www.wt-rate.com/" target="_blank">program</a> (Germany) Paul Collins Startup list 0mcamcap X 0mcamcap.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojcosiamh.html" target="_blank">COSIAM-H</a> TROJAN! Paul Collins Startup list 0utlook Express X *****.exe [* = random char] Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotcc.html" target="_blank">RBOT-CC</a> WORM! Note the first letter is actually the digit "0" and not a capital "o" Paul Collins Startup list 1 X 1.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-041515-1002-99" target="_blank">ESTEEMS</a> TROJAN! Paul Collins Startup list 1 X lsass.scr Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052411-0618-99" target="_blank">BANCOS.V</a> TROJAN! Paul Collins Startup list 1 X svchost.scr Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-052515-4611-99" target="_blank">BANCOS.X</a> TROJAN! Paul Collins Startup list 1&1 EasyLogin N EasyLogin.exe <a href="http://order.1and1.co.uk/xml/order/FeatureEasyLogin" target="_blank">1&1 EasyLogin</a> - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray Paul Collins Startup list 1029BB4B-16A9-4E77-AA3D-96930BD68EEC X sysockeu.exe Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a> Paul Collins Startup list 1111swapmgr.exe X 1111swapmgr.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbdooric.html" target="_blank">IC</a> TROJAN! Paul Collins Startup list 123456 X rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-070209-4033-99" target="_blank">KITRO.C</a> (or <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANDI.A" target="_blank">DANDI.A</a>) WORM! 123456 can be any random 3 to 6 digit number Paul Collins Startup list 12Ghosts Backup U 12backup.exe <a href="http://12ghosts.com/ghosts/backup.htm" target="_blank">12Ghosts Backup</a> - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" Paul Collins Startup list 12Ghosts Clip U 12clip.exe <a href="http://12ghosts.com/ghosts/clip.htm" target="_blank">12Ghosts Clip</a> - "Screen shots made easy" Paul Collins Startup list 12Ghosts JustAWindow U 12window.exe <a href="http://12ghosts.com/ghosts/window.htm" target="_blank">12Ghosts JustAWindow</a> - "Cover annoying ads, animated gifs, things you don't want to see" Paul Collins Startup list 12Ghosts Popup-Killer U 12popup.exe <a href="http://12ghosts.com/ghosts/popup.htm" target="_blank">12Ghosts Popup-Killer</a> Paul Collins Startup list 12Ghosts SaveLayout U 12autosl.exe <a href="http://12ghosts.com/ghosts/sl.htm" target="_blank">12Ghosts SaveLayout</a> - "Always (always!) keep the layout of your desktop icons" Paul Collins Startup list 12Ghosts SetColor U 12color.exe <a href="http://12ghosts.com/ghosts/setcolor.htm" target="_blank">12Ghosts SetColor</a> - "Change your desktop icon text colors, also to transparent" Paul Collins Startup list 12Ghosts ShowTime U 12showtime.exe <a href="http://12ghosts.com/ghosts/showtime.htm" target="_blank">12Ghosts Showtime</a> - "Enhance the clock in your tray with font formatting, colors, date, time zones" Paul Collins Startup list 12Ghosts Synchronize U 12sync.exe <a href="http://12ghosts.com/ghosts/sync.htm" target="_blank">12Ghosts Synchronize</a> - "Sync PC clock with an atomic clock over the Internet" Paul Collins Startup list 12Ghosts Tower U 12tower.exe <a href="http://12ghosts.com/support/basics.htm#tower" target="_blank">12Ghosts Tower</a> - "Quickly access and manage all Ghosts (included in all packages)" Paul Collins Startup list 12Ghosts TrayProtect U 12srvc.exe <a href="http://12ghosts.com/ghosts/tray.htm" target="_blank">12Ghosts TrayProtect</a> - "Hide tray icons, restore after a crash" Paul Collins Startup list 12Ghosts Wash U 12wash.exe <a href="http://12ghosts.com/ghosts/wash.htm" target="_blank">12Ghosts Wash</a> - "Protect your privacy, clear browser history, delete and overwrite cache files" Paul Collins Startup list 17779Proj2002 ? N/A ?? Paul Collins Startup list 180adsolution X 180adsolution.exe <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware Paul Collins Startup list 180ax X 180ax.exe <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=180solutions.NCase&threatid=8869" target="_blank">NCase</a> adware Paul Collins Startup list 180ClientStubInstall X stubinstaller****.exe [* = digit] <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related Paul Collins Startup list 180ClientStubInstall X [path to trojan] <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related Paul Collins Startup list 180ClientStubInstall X ******.tmp [* = random digit/char] <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090677" target="_blank">180Solutions</a> adware related Paul Collins Startup list 1916435341.exe X 1916435341.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadraxu.html" target="_blank">DLOADR-AXU</a> TROJAN! Paul Collins Startup list 196_150_ni X 196_150_ni.exe WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a> Paul Collins Startup list 197_150_ni_3 X 197_150_ni_3.exe WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see <a href="http://www.superadblocker.com/1/196_150_NI.EXE-5442.html" target="_blank">here</a> Paul Collins Startup list 1: N hpdrv.exe HP utility for monitoring when and how many recoveries have been done Paul Collins Startup list 1A:MacVisionTrayMonitor N TrayMonitor.exe Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) Paul Collins Startup list 1A:Stardock MCP Y mcpserver.exe Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications Paul Collins Startup list 1A:Stardock TrayMonitor Y TrayServer.exe For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX Paul Collins Startup list 1CmailS ? NETMAIL.EXE ?? Paul Collins Startup list 1on1 X 1on1.exe Adult content dialler Paul Collins Startup list 1Srv32 U SpyAgent4.exe SpyTech <a href="http://www.spytech-web.com/spyagent.shtml" target="_blank">SpyAgent</a> monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." Paul Collins Startup list 1u7 X 1u7.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmurbaca.html" target="_blank">MURBAC-A</a> TROJAN! Paul Collins Startup list 1Win32Cfg U SpyBuddy.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99" target="_blank">SpyBuddy</a> keystroke logger/monitoring program - remove unless you installed it yourself! Paul Collins Startup list 1Win32Cfg U Keyloggerpro.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-120711-4013-99" target="_blank">Keyloggerpro</a> keystroke logger/monitoring program - remove unless you installed it yourself! Paul Collins Startup list 1WinCfg32 X WebMailSpy.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-062918-0745-99" target="_blank">WebMailSpy</a> spyware Paul Collins Startup list 2020Downloader X mssvr.exe <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=2020Search&threatid=13811" target="_blank">2020Search</a> Toolbar Paul Collins Startup list 2177F056-0AA6-4D6C-A944-13F71F341C29 X sysokuaw.exe Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a> Paul Collins Startup list 24Online Client U CyberoamClient.exe Related to <a href="http://www.elitecore.com/" target="_blank">Cyberroam</a> from Elitecore Technologies Ltd Paul Collins Startup list 252 X winmgr.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlegmirat.html" target="_blank">LEGMIR-AT</a> TROJAN! Paul Collins Startup list 27 X slsorve.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorvea.html" target="_blank">SLSORVE-A</a> TROJAN! Paul Collins Startup list 27 X csrss32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorved.html" target="_blank">SLSORVE-D</a> TROJAN! Paul Collins Startup list 27 X msm32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorvee.html" target="_blank">SLSORVE-E</a> TROJAN! Paul Collins Startup list 2Search X main.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-080302-3232-99" target="_blank">2Search</a> adware Paul Collins Startup list 2thousandbuck X [path to file] Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-110410-0039-99" target="_blank">RANKY.L</a> TROJAN! Paul Collins Startup list 2wSysTray U 2portalmon.exe <a target="_blank" href="http://www.2wire.com/">2Wire</a> Homeportal user interface Paul Collins Startup list 32-bit Thunking service X thunk32.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-021712-1032-99" target="_blank">DERDERO.A</a> WORM! Paul Collins Startup list 333 X svchost.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojjda.html" target="_blank">JD-A</a> TROJAN! Note - this is not the legitimate <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/" target="_blank">svchost.exe</a> process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory Paul Collins Startup list 388529725448 X AutomaticUpdates.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotden.html" target="_blank">SDBOT-DEN</a> WORM! Paul Collins Startup list 39ELTFH25Z8SKF ? Ezg1q5.exe Seems to be associated with software by <a href="http://www.resplendence.com/docs/" target="_blank">Resplendence SP</a> ? Paul Collins Startup list 3c1807pd Y 3cmlink.exe 3cpipe-3c1807pd 3Com WinModem driver. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information Paul Collins Startup list 3capplnk Y 3capplnk.exe US Robotics Modem driver Paul Collins Startup list 3cdminic N 3CDMINIC.EXE 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Paul Collins Startup list 3CM Link Y 3cmcnkw.exe Required for a US Robotics WinModem as it provides the link to Windows - won't work without it Paul Collins Startup list 3Cmlink Y 3CmlinkW.exe For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See <a href="http://modemsite.com/56k/winmodems.asp" target="_blank">here</a> for more WinModem information Paul Collins Startup list 3ComDMIAgent N 3CDMINIC.EXE 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards Paul Collins Startup list 3cpipe-USRpdA Y USRmlnkA.exe Modem driver files from US Robotics Paul Collins Startup list 3D Text X 3D Text.scr Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-102412-2855-99" target="_blank"> JERMY.A</a> WORM! Paul Collins Startup list 3Deep Control Panel U 3DeepCTL.EXE Now superseeded by <a href="http://www.colorwizzard.com/" target="_blank">ColorWizzard</a> - 3Deep corrected lighting, shading and color for all your 2D and 3D games Paul Collins Startup list 3Dfx Acc X GFXACC.EXE Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-030413-4714-99" target="_blank">GIBE</a> WORM! Paul Collins Startup list 3dfx Task Manager N 3dfxMan.exe System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs Paul Collins Startup list 3dfx Tools Y 3dfxCmn.dll Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards Paul Collins Startup list 3dfxv2ps.dll Y 3dfxv2ps.dll Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards Paul Collins Startup list 3Dlabs Taskbar Display Manager ? 3DLman.exe 3DLabs graphics driver related. System Tray access to display settings? Paul Collins Startup list 3DLabsHelperDemon U 3dldemon.exe Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled Paul Collins Startup list 3DMouse.EXE Y 3DMouse.EXE Dritek System Inc. 3D Mouse driver Paul Collins Startup list 3d_sound X 3d_sound.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojriadosa.html" target="_blank">RIADOS-A</a> TROJAN! Paul Collins Startup list 3qdctl.exe U 3qdctl.exe Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ Paul Collins Startup list 3ware 3DM Y 3dm.exe Monitors status of the disk array on 3ware IDE RAID controllers Paul Collins Startup list 456655 X explorer.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojbifrosede.html" target="_blank">BIFROSE-DE</a> TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder Paul Collins Startup list 4684735485910 X netdll32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdev.html" target="_blank">SDBOT-DEV</a> WORM! Paul Collins Startup list 4da92ad5.exe X 4da92ad5.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrwz.html" target="_blank">DLOADR-WZ</a> TROJAN! Paul Collins Startup list 4oD U KHost.exe Verisign <a href="http://www.verisign.com/products-services/content-messaging/broadband-delivery/kontiki-delivery-management/index.html" target="_blank">Kontiki Delivery Management System</a> - Windows-based client software that enables secure delivery of content to users' desktops Paul Collins Startup list 4wd!!! X Natal!.pif Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI" target="_blank">OPASERV.AI</a> WORM! Paul Collins Startup list 5-1-61-96 X members-area.exe Adult content dialler Paul Collins Startup list 5-2-46-112 X 5-2-46-112.exe Adult content pop-up dialler. Removal instructions <a href="http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/eb788b5ae71219be/b143744d5a592352?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&rnum=9&prev=/groups%3Fq%3D5-2-46-112.exe%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF8%26safe%3Doff%26selm%3D1e10cd61.0203201743.78f51cfa%40posting.google.com%26rnum%3D9#b143744d5a592352" target="_blank">here</a> Paul Collins Startup list 55278 X grepclient1.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlineages.html" target="_blank">LINEAGE-S</a> TROJAN! Paul Collins Startup list 5p4m X [path to trojan] Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlitebotc.html" target="_blank">LITEBOT-C</a> TROJAN! Paul Collins Startup list 5whgue21 X 5whgue21.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-092410-4648-99" target="_blank">ClearSearch</a> adware Paul Collins Startup list 666 X Ska.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojpipes.html" target="_blank">PIPES</a> TROJAN! Paul Collins Startup list 678 X lsas32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojslsorveb.html" target="_blank">SLSORVE-B</a> TROJAN! Paul Collins Startup list 756349DC-6D9E-4F2A-9B24-269661F073C3 X sysoghcx.exe Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a> Paul Collins Startup list 7f8e X z****.exe 9idf Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder Paul Collins Startup list 802.11b+g USB Wireless LAN Utility U ZDWlan.exe 802.11b+g USB Wireless LAN Utility Paul Collins Startup list 802.11g Wireless Adatper U Monitor.exe Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled Paul Collins Startup list 852EBF20-A95D-4F1F-B9C2-B2CD24350F3E X sysodkcs.exe Detected by <a href="http://vil.nai.com/vil/default.aspx" target="_blank">McAfee</a> as the FAKEALERT-AH TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=f350d08b-1e19-407b-ae40-f83208a6a815" target="_blank">here</a> Paul Collins Startup list 98D0CE0C16B1 X rundll32.exe D0CE0C16B1, D0CE0C16B1 <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware. Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Paul Collins Startup list 9m X winlog0n.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojlegmiraqk.html" target="_blank">LEGMIR-AQK</a> TROJAN! Paul Collins Startup list 9xadiras Y 9xadiras.exe <a href="http://www.alliedtelesyn.co.uk/en-gb/" target="_blank">Allied Telesyn</a> AT series router/modem related - apparently required Paul Collins Startup list 9xHtProtect X AVprotect9x.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-031015-0018-99" target="_blank">NETSKY.M</a> WORM! Paul Collins Startup list ;Rundll X [filename] Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E" target="_blank">PWSLEGMIR.E</a> TROJAN! Paul Collins Startup list ?ekio Startups X ?nksvc32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotov.html" target="_blank">AGOBOT-OV</a> WORM where ? is a random character Paul Collins Startup list @ X regedit -s ..win.dll Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99" target="_blank">SEEKER.K</a> TROJAN! Paul Collins Startup list @Hoc Toolbar N AtHoc.exe One-click activated browsing toolbar used by various web-sites. See <a href="http://siliconvalley.internet.com/news/article.php/3531_479951" target="_blank">here</a> for more info Paul Collins Startup list @loha N reminder.exe Registration reminder for <a href="http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp" target="_blank">@loha@home</a> E-mail utility Paul Collins Startup list @tour_ww X @tour_ww[1].exe Adult content dialler Paul Collins Startup list a X a.exe Commercials file that registers itself in the system registry and redirects IE to a certain commercial website Paul Collins Startup list a X jesse.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32meloa.html" target="_blank">MELO-A</a> WORM! Paul Collins Startup list A New Windows Updater X w32NTupdt.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-042420-4303-99" target="_blank">MYTOB.BM</a> WORM! Paul Collins Startup list A Note N A Note.exe "<a href="http://a-note.sourceforge.net/" target="_blank">A Note</a> is a program that lets you create post-it like notes on your Microsoft Windows desktop" Paul Collins Startup list A Verizon App U VERIZO~1.EXE Part of <a href="http://www22.verizon.com/" target="_blank">Verizon</a> Online Support Manager Paul Collins Startup list a-squared U a2guard.exe <a href="http://www.emsisoft.com/en/" target="_blank">a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature Paul Collins Startup list a-squared Anti-Dialer Y a2adguard.exe a-sqaured <a href="http://www.emsisoft.com/en/software/antidialer/" target="_blank">Anti-Dialer</a> Paul Collins Startup list a-winpoet-service Y winpppoverethernet.exe WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read <a href="http://www.finepoint.com/winpoet.html" target="_blank">here</a>. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking Paul Collins Startup list A1000 Settings Utility U cpqa1000.exe Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features Paul Collins Startup list A4Proxy U A4Proxy.exe <a href="http://www.findincontext.com/a4proxy/review.htm" target="_blank">Anonymity 4 Proxy</a> - local proxy server that makes you anonymous when visiting web sites Paul Collins Startup list A70F6A1D-0195-42a2-934C-D8AC0F7C08EB X rundll32.exe E6F1873B.DLL, D9EBC318C <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=BrowserAid&threatid=3342" target="_blank">BrowserAid/BrowserPal</a> foistware. Note that <a href="http://support.microsoft.com/kb/164787/en-us" target="_blank">rundll32.exe</a> is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted Paul Collins Startup list a? U a2guard.exe <a href="http://www.emsisoft.com/en/" target=_blank>a-Squared</a> antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature Paul Collins Startup list AAACLEAN ? AAACLEAN.INF ?? Paul Collins Startup list AAAKeyboard ? ?? ?? Paul Collins Startup list AAATraySaver N TraySaver.exe System Tray management utility from <a href="http://www.mlin.net/" target="_blank">Mike Lin</a> which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray Paul Collins Startup list AAK U aak.exe <a href="http://www.anti-keylogger.net/" target="_blank">Advanced Anti-Keylogger</a> - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" Paul Collins Startup list aaLDISCN32 U LDISCN32.EXE LANDesk? <a href="http://www.landesk.com/" target="_blank">Management Suite</a> software component Paul Collins Startup list aaLDTaskCompletion U amclient.EXE LANDesk? <a href="http://www.landesk.com/" target="_blank">Management Suite</a> software component Paul Collins Startup list AAMSFree702 X Avengine.com Added by the <a href="http://smartdefense.zonealarm.com/tmpl/SpywareArticle?action=detail&sid=2567" target="_blank">DELF.LJ</a> TROJAN! Paul Collins Startup list AAMSFree702 X sys.exe Added by the BACKDOOR-CPC TROJAN! Paul Collins Startup list Aaou X amee.exe <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware Paul Collins Startup list Aapp X adprot.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-051216-4630-99" target="_blank">AdBlaster</a> adware Paul Collins Startup list aauclient ? ACNUpdater.exe Appears to be related to software from <a href="http://www.accenture.com/home/default.htm?viewType=Flash" target="_blank">Accenture.com</a> Paul Collins Startup list AAW U Ad-Aware.exe <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-Aware</a> anti-spyware tool from Lavasoft Paul Collins Startup list AAWTray U AAWTray.exe System Tray access to <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool Paul Collins Startup list ab EazyScheduler ? ezsched.exe ?? Paul Collins Startup list ABBYY Community Agent N CAGENT.EXE Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software Paul Collins Startup list ABC U keylogger.exe Keystroke logger/monitoring program - remove unless you installed it yourself! Paul Collins Startup list abcdefgh X abcdefgh.exe <a href="http://www.securitystronghold.com/gates/spyware-adware-solutions/abcdefgh_abcdefgh.exe_solution.htm" target="_blank">EPJ</a> TROJAN! Paul Collins Startup list ABIT uGuru U uGuru.exe <a href="http://www2.abit.com.tw/page/en/news/newspop.php?pDOCNO=en_0309184" target="_blank">ABIT ?Guru</a> - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin Paul Collins Startup list ABITEQ N abiteq.exe Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds Paul Collins Startup list Abrada WIN32 X abrada.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdermong.html" target="_blank">DERMON-G</a> TROJAN! Paul Collins Startup list Absolute Shield U dseraser.exe <a href="http://www.liutilities.com/products/wintaskspro/processlibrary/dseraser/" target="_blank">Absolute Shield Evidence Eliminator</a> - internet history eraser Paul Collins Startup list Absolute StartUp monitor U ASMon.exe <a href="http://www.fgroupsoft.com/Absolutestartup/" target="_blank">Absolute Startup</a> - startup monitor from F-Group Software Paul Collins Startup list AbsoluteShield Internet Eraser U cseraser.exe <a href="http://www.internet-track-eraser.com/" target="_blank">AbsoluteShield Internet Eraser</a> - "protects your privacy by cleaning up all the tracks of your Internet and computer activities" Paul Collins Startup list ABsr X absr.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-042320-3206-99" target="_blank">AUTOUPDER</a> TROJAN! Paul Collins Startup list absr X mwsvm.exe SeekSeek search hijacker related - see <a href="http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_SECTHOUGHT.A" target="_blank">here</a> Paul Collins Startup list abtu X mp3serch.exe Loads the executable for <a href="http://www.spywareinfo.com/lop.html" target="_blank">Lop.com</a>. mp3serch.exe is the final version Paul Collins Startup list abtu X lopsearch.exe Loads the executable for <a href="http://www.spywareinfo.com/articles/lop/" target="_blank">Lop.com</a>. lopsearch.exe is the beta version Paul Collins Startup list AbyssWebServer U abyssws.exe <a href="http://abyss.sourceforge.net/" target="_blank">Abyss</a> web server Paul Collins Startup list Ac97Sound X snddrv.exe Detected by Sophos as the SILLYFDC-A TROJAN! Paul Collins Startup list AcBtnMgr_X63 U AcBtnMgr_X63.exe "Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Paul Collins Startup list AcBtnMgr_X73 U AcBtnMgr_X73.exe "Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Paul Collins Startup list AcBtnMgr_X83 U AcBtnMgr_X83.exe "Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Paul Collins Startup list AcBtnMgr_X84-X85 U AcBtnMgr_X84-X85.exe "Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc Paul Collins Startup list acc U acc.exe <a href="http://www.voicecallcentral.com/#advanced_call_center" target="_blank">Advanced Call Center</a> - "full-featured yet easy-to-use answering machine software for your voice modem" Paul Collins Startup list ACCDEFRAGINFO X [path to worm] Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32darbyo.html" target="_blank">DARBY-O</a> WORM! Paul Collins Startup list Accelerate U accelerate.exe Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection Paul Collins Startup list Access Control App X winsto.exe Detected by <a href="http://www.kaspersky.com/" target="_blank">Kaspersky</a> as the AGENT.DGO TROJAN! See <a href="http://www.threatexpert.com/report.aspx?uid=4a7a58b4-53f0-4318-836a-7d0217319807" target="_blank">here</a> Paul Collins Startup list Access Ramp Monitor N armon32.exe Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again Paul Collins Startup list Access WebControl X [path to file] Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojppdoorm.html" target="_blank">PPDOOR-M</a> TROJAN! Paul Collins Startup list AccessManager U AccessMgr.exe Part of SmartPipes <a href="http://www.smartpipes.com/SecureSite.htm" target="_blank">SecureSite</a> software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management" Paul Collins Startup list AccessMedia P2P Loader X amp2pl.exe My AccessMedia toolbar related, stealth installed! Paul Collins Startup list AccessoriesPlus U clockplus.exe Clock Plus, part of <a href="http://simplypowerful.com/software/accessoriesplus.html" target="_blank">Accessories Plus</a> allows you to select from dozens of alternatives for the Windows clock Paul Collins Startup list AccessRamp Monitor01 N ARMon32a.exe From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." Paul Collins Startup list AccessRampLAN01 N ARUpld32.exe Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 Paul Collins Startup list AcctMgr U AcctMgr.exe Norton? Password Manager - part of <a href="http://www.symantec.com/sabu/sysworks/basic/" target="_blank">Norton SystemWorks 2004</a> - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC Paul Collins Startup list AccuWeather.com? Desktop N AccuWeatherDesktop.exe Desktop weather from <a href="http://www.accuweather.com/index.asp?partner=accuweather" target="_blank">AccuWeather</a> Paul Collins Startup list accwizz.exe X accwizz.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target="_blank">RULAND.A</a> WORM! Paul Collins Startup list accwizzz.exe X accwizzz.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-082312-1953-99" target="_blank">RULAND.A</a> WORM! Paul Collins Startup list acdllib3 X bcdlmem.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmailbotba.html" target="_blank">MAILBOT-BA</a> TROJAN! Paul Collins Startup list ACDSee N ACDSee8Pro.exe <a href="http://www.acdsee.com/" target="_blank">ACDSee</a> 8 photo software. Organize, manage, enhance, and share all your valued photo memories Paul Collins Startup list Ace bows ? Ace bows.exe ?? Paul Collins Startup list AceGain LiveUpdate N LiveUpdate.exe "<a href="http://www.acegain.com/products_lu.htm" target="_blank">AceGain LiveUpdate</a> can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration" Paul Collins Startup list Acer ePower Management U Acer ePower Management.exe Part of Acer Empowering Technology. "<a href="http://www.acer-euro.com/et/en/notebooks01.htm#7" target="_blank">Acer ePower Management</a> is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles" Paul Collins Startup list Acer ePresentation HPD N ePresentation.exe Allows you to connect your Acer laptop to a projector Paul Collins Startup list Acer Product Registration N ACE1.exe Acer Product Registration - remove when registration is completed Paul Collins Startup list Acer Tour Reminder N Reminder.exe Popup reminder to take the tour of your new Acer laptop Paul Collins Startup list AcerGoto U AcerGoto.exe Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer Paul Collins Startup list AcerNotebookManager U almxptray.exe System Tray access on some Acer Notebooks to give faster access to system settings Paul Collins Startup list AcerPowerkey U Powerkey.exe PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 Paul Collins Startup list Acess2007a X access2007a.exe Added by the <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Win32.Worm.Gaobot.PQA&threatid=153252" target="_blank">GAOBOT.PQA</a> WORM! Paul Collins Startup list Aceu X [random filename] <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=ClickSpring.PuritySCAN&threatid=10115" target="_blank">PurityScan/Clickspring</a> adware Paul Collins Startup list acEventServ Y acevtsrv.exe <a href="http://www.actividentity.com/" target="_blank">ActivCard Gold</a> from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication Paul Collins Startup list AClntUsr U AClntUsr.exe Altiris <a href="http://www.cdg-group.com/go.exe?prodid=299" target="_blank">AClient</a> Service Windows Tray Icon Paul Collins Startup list Acme.PCHButton N pchbutton.exe Used by HP Instant Support Paul Collins Startup list ACMonitor_X63 U ACMonitor_X63.exe Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe" Paul Collins Startup list ACMonitor_X73 U ACMonitor_X73.exe Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe" Paul Collins Startup list ACMonitor_X83 U ACMonitor_X83.exe Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe" Paul Collins Startup list ACMonitor_X84-X85 U ACMonitor_X84-X85.exe Button monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe" Paul Collins Startup list acocash X fastdown.exe Adult content dialler Paul Collins Startup list acocash X fastdown.exe Adult content dialler Paul Collins Startup list Acombo3dmouse U Acombo3d.exe Mouse driver - required if you use non-standard Windows driver features Paul Collins Startup list Aconti X aconti.exe Adult content dialler Paul Collins Startup list acoustic U acoustic.exe Control panel program for Philips <a href="http://www.digit-life.com/articles/philipsae/index.html" target="_blank">Acoustic Edge</a> soundcard. Not required unless changed settings aren't retained Paul Collins Startup list acpart N agpart11.exe Program for finding trucks on-line Paul Collins Startup list Acrobat X acrmon32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallect.html" target="_blank">SMALL-ECT</a> TROJAN! Paul Collins Startup list Acrobat Assistant *.* U ACROTRAY.EXE Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version Paul Collins Startup list Acrobat Read X acroup32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojvanbotbq.html" target="_blank">VANBOT-BQ</a> TROJAN! Paul Collins Startup list Acrobat Speed Launch N acrobat_sl.exe Speeds up the time it takes to load Adobe's <a href="http://www.adobe.com/products/acrobat/?ogn=EN_US-gntray_prod_acrobat_family_home" target="_blank">Acrobat</a> PDF creation and management tool. From version 7.0 onwards Paul Collins Startup list ACROMOUSE U ACROMAPP.exe Related to <a href="http://www.acroxusa.com/" target="_blank">ACROMOUSE</a> Laser mouse control Paul Collins Startup list Acronis Popup Blocker U RunDll32.exe [path] Blocker.dll, Run Part of <a href="http://www.acronis.com/homecomputing/products/privacyexpert/" target="_blank">Acronis Privacy Expert</a> - anti-spyware and security suite Paul Collins Startup list Acronis Scheduler Helper U schedhlp.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Paul Collins Startup list Acronis Scheduler2 Service U schedhlp.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images Paul Collins Startup list Acronis True Image U TimounterMonitor.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Paul Collins Startup list Acronis True Image Monitor N TrueImageMonitor.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage Paul Collins Startup list Acronis TrueImage Monitor N TrueImageMonitor.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage Paul Collins Startup list AcronisTimounterMonitor U TimounterMonitor.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> backup software. Monitor for the backup archive explorer for moving and viewing files within an archive Paul Collins Startup list AcronisTrueImage Monitor N TrueImageMonitor.exe Part of <a href="http://www.acronis.com/homecomputing/products/trueimage/" target="_blank">Acronis True Image</a> - backup software. Can be disabled without affecting TrueImage Paul Collins Startup list Act! Preloader U Act8.exe Sage Software's <a href="http://www.act.com/products/index.cfm" target="_blank">ACT!</a> "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships" Paul Collins Startup list Action Manager 32 N am32.exe Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs Paul Collins Startup list ActionAgent ? actionagent.exe "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? Paul Collins Startup list Activation N Activation.exe Part of Microsoft Money Paul Collins Startup list Activboard U MMKeybd.exe Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys Paul Collins Startup list Active Bit Station X abs.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-050615-3728-99" target="_blank">MYTOB.BZ</a> WORM! Paul Collins Startup list Active CPU N acpu.exe <a href="http://www.devicelock.com/freeware.html" target="_blank">Active CPU</a> - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity" Paul Collins Startup list Active Desktop Calendar U ADC.EXE XemiComputers <a href="http://www.xemico.com/adc/index.html" target="_blank">Active Desktop Calendar</a> Paul Collins Startup list Active Email Monitor U aem25.exe <a href="http://www.vicman.net/emailmon/" target="_blank">Active Email Monitor</a> checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email Paul Collins Startup list Active shield U Activeshield.exe <a href="http://www.securitystronghold.com/" target="_blank">Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses" Paul Collins Startup list ActiveDesktop X systray32.exe Added by the <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-030717-0234-99" target="_blank">DABOOM</a> WORM! Paul Collins Startup list ACTIVEDS X ACTIVEDS.EXE Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T" target="_blank">OPASERV.T</a> WORM! Paul Collins Startup list ActiveEyes N ActiveEyes.exe ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut Paul Collins Startup list ActiveKeys.AAB635BD7D054a37A576 U akeys.exe "<a href="http://softarium.com/activekeys/" target="_blank">Active Keys</a> is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action" Paul Collins Startup list ActiveMenu U ActiveMenu.exe Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case Paul Collins Startup list ActivePlus U activeplus.exe Interactive Agents Plugin for <a href="http://www.patchou.com/msgplus/" target="_blank">Messenger Plus!</a> (MSN Messenger add-on) Paul Collins Startup list ActiveScan Antivirus X ActiveScan.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotfkq.html" target="_blank">RBOT-FKQ</a> WORM! Paul Collins Startup list ActiveScript32 X nod.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32sohanaaj.html" target="_blank">SOHANA-AJ</a> WORM! Paul Collins Startup list ActiveShield Y MCVSSHLD.EXE McAfee VirusScan On-line. See also the McAgentExe entry Paul Collins Startup list ActiveSpeed U AS.exe Ascentive <a href="http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html" target="_blank">ActiveSpeed</a> Internet Optimizer Paul Collins Startup list ActiveSync X wcescom32.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojmancsyne.html" target="_blank">MANCSYN-E</a> TROJAN! Paul Collins Startup list ActiveWords N AWMonitor.exe <a href="http://www.activewords.com" target="_blank">ActiveWords</a> from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined Paul Collins Startup list ActiveX File Registration Service X filereg.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotdvd.html" target="_blank">RBOT-DVD</a> WORM! Paul Collins Startup list ActiveX Streamer X msgfix.exe Added by the <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NQ" target="_blank">SDBOT.NQ</a> WORM! Paul Collins Startup list ActiveXUpdate X svcss.exe Added by a variant of the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/trojdedlerc.html" target="_blank">DEDLER.C</a> TROJAN! Paul Collins Startup list Activity U actik.exe <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2005-032917-5224-99" target="_blank">ActivityKey</a> Keystroke logger/monitoring program - remove unless you installed it yourself! Paul Collins Startup list ActivSurf N backweb*****.exe Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates Paul Collins Startup list ActMaker U ActMak25.exe "<a href="http://www.789987.com/products.htm" target="_blank">ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer" Paul Collins Startup list ActMaker U ActMaker25.exe <a href="http://www.789987.com/products.htm" target="_blank">ActMaker</a> mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload Paul Collins Startup list ACTray U ACTray.exe System Tray icon for <a href="http://www.pc.ibm.com/us/think/thinkvantagetech/accessconnections.html" target="_blank">ThinkVantage Access Connections</a> - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically" Paul Collins Startup list Actual Window Minimizer U ActualWindowMinimizerCenter.exe <a href="http://www.actualtools.com/windowminimizer/" target="_blank">Actual Window Minimizer</a> - "allows minimizing any window to task tray notification area or to the edge of the screen" Paul Collins Startup list ACTX1 X v1201.exe Added by the <a href="http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453097395" target="_blank">VB.IS</a> TROJAN! Paul Collins Startup list ACU U ACU.exe <a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility Paul Collins Startup list ACU_QSB U ACU.exe <a href="http://www.atheros.com/" target="_blank">Atheros</a> wireless Client Utility Paul Collins Startup list ACWLIcon U ACWLIcon.exe Related to IBM ThinkVantage Connectivity Solution Paul Collins Startup list Ad Blocker U blocker.exe <a href="http://www.cdkm.com/" target="_blank">Ad Blocker</a> - blocks popups, and also removes banners, image ads and flash ads Paul Collins Startup list Ad Blocker Pro U Ad Blocker Pro.exe Ad Away popup and banner remover Paul Collins Startup list Ad Muncher U AdMunch.exe <a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Paul Collins Startup list Ad Online Guide ? adonlineguide.exe ?? Paul Collins Startup list Ad-aware U Ad-aware.exe <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool Paul Collins Startup list Ad-Aware X Ad-Aware.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotadj.html" target="_blank">RBOT-ADJ</a> WORM! Note - this is not the popular <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> spware/adware removal tool and is located in the Winnt\System32 or Windows\System32 directory Paul Collins Startup list Ad-Eliminator X ad-eliminator.exe Ad-Eliminator spyware remover - not recommended, see <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">here</a> Paul Collins Startup list Ad-Muncher U ADMUNCH.EXE <a href="http://www.admuncher.com/" target="_blank">Ad Muncher</a> removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications Paul Collins Startup list Ad-Protect U ad-protect.exe <a href="http://www.adprotectplus.com/" target="_blank">Ad-Protect</a> spyware and spam monitoring tool Paul Collins Startup list Ad-watch U Ad-watch.exe Part of Lavasoft <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware Plus</a> - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system Paul Collins Startup list AD2KClient U AD2KClient.exe Executable for <a href="http://www.iomega-activedisk.com/index.jsp" target="_blank">Active Disk</a> from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk Paul Collins Startup list Adaptec DirectCD N Directcd.exe DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Paul Collins Startup list AdaptecDirectCD N Directcd.exe DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later Paul Collins Startup list AdAware X wini.exe Added by the <a href="http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotxn.html" target="_blank">RBOT-XN</a> WORM! Paul Collins Startup list Adaware Bootup U ad-aware.exe <a href="http://www.lavasoft.de/software/adaware/" target="_blank">Ad-aware</a> from Lavasoft - popular spyware/adware removal tool Paul Collins Startup list Adaware lptt0