Latest updates for the list of startup programs provided at http://www.sysinfo.org/startupinfo.html

23rd October, 2003

New items - 37

• Y - 3ware 3DM (3dm.exe)
• N - ADVCHK (ADVCHK.EXE)
• X - Ahst (iebs.exe)
• X - Antivirus (av.exe)
• U - ASTART (atart.exe)
• X - Belt (Belt.exe)
• X - c (c:\archiv~1\win.com)
• X - CFDStart (WinMuschi.exe)
• N - Copyright (mwcpyrt.exe)
• ? - Diskstart (Code.exe)
• X - Divx4 codec (devldr32.exe)
• X - DLHelperEXE.exe
• N - ESB (esb.exe)
• X - FileManager32 (Wscript.exe ..ChkMgr32.vbs)
• X - https-ssl (https.exe)
• N - jusched (jusched.exe)
• ? - LoadWatcher (Test.exe)
• X - Microsoft Internet Explorer (iexplore.exe)
• X - Microsoft Network Daemon for Win32 (netd32.exe)
• X - Microsoft System Checkup (2) (Wnetlib.exe)
• X - Msoffice (msoffice.hta)
• X - MSupdater.exe
• X - NT Logging Service (Syslog32.exe)
• X - PowerPrifile (rundl132 kenel.dll,PowerProfileEnable)
• X - Service Host (2) (<filename>.exe)
• ? - Sunkist (shwicon98.exe)
• X - SVC Service (svcinit.exe)
• X - Syscpy (Syscpy.exe)
• X - ToPicks Starter (Idhost.exe)
• X - Win2Drv (<worm filename>)
• X - Win32dll (2) (Win32dll.exe)
• X - Windows Backup Configuration (IEXPLORER.exe)
• X - Windows Update (2) (iexplorere.exe)
• N - WinDVR SchSvr (SchSvr.exe)
• X - winrarshell (winrarshell32.exe)
• X - Winsock2.dll (WINLODR.SCR)
• ? - wr (WR.EXE)

Changed items - 48

• 000StTHK - status (U) and description changed
• Adaware lptt01 - description updated
• ashMaiSv - description updated
• Avast! - description updated
• DirectX (3) - LOGPOLE added as an alternative VIRUS name
• emsw.exe - status (X) and description changed
• fsg_4104.exe - description updated
• InterVideo WinScheduler - "SchSvr.exe" added as an alternative command
• KavRuns - status (X) corrected
• mapisvc32 - status and description changed
• Microsoft Netview Component v5.1 - status (X) and description changed
• MSNSysRestore - status (X) and description changed
• rb32 lptt01 - "rb32 ml097e" added as an alternative name, description updated
• Services (2) - METEORSHELL added as an alternative VRIUS name
• UC_SMB - "ucstart.exe" added as the command, status (N) and description changed
• winlogon (2) - status (X) corrected
• winlogon (4) - status (X) corrected
• RapidBlaster - the following entries were all added as alternative names for the corresponding "<name> lptt01" entries:
  • Adaware ml097e
  • aimaol ml097e
  • Bsoft ml097e
  • Dkware ml097e
  • efaxs ml097e
  • exe ml097e
  • Explorer ml097e
  • foobin ml097e
  • general ml097e
  • Icon ml097e
  • iexplorer ml097e
  • Kazaa ml097e
  • Microfinder ml097e
  • Msconfig ml097e
  • Mslogon ml097e
  • Mssurfer ml097e
  • msys ml097e
  • Newsgroup ml097e
  • Notepad ml097e
  • nvd32 ml097e
  • realplay ml097e
  • Spool ml097e
  • Spybott ml097e
  • Spywareguard ml097e
  • Surfer ml097e
  • syscon ml097e
  • Syslog ml097e
  • taskmngr ml097e
  • win32_i ml097e
  • winsyslog ml097e
  • winwan ml097e
  • yahoo_toolbar ml097e

9th October, 2003

New items - 30

• X - *miqpazc (rundll32 miqpazc.dll,Init 1)
• X - DivX Updater (DivX.Exe)
• X - dluca (2) (dluca.exe)
• X - DM mgr (dm_mgr.exe)
• X - Explkw (expup.exe)
• X - GLSetIT32 (2) (isass.exe)
• U - Hot Key Kbd 2690 Daemon (SK2690DM.EXE)
• X - INTERNET_SERVISES (winz32.exe)
• X - Key1 (Rlid.exe)
• X - Messenger start-up (Msgran.exe)
• ? - Microsoft Netview Component v5.1 (msnv32.exe)
• X - miqpazc (rundll32 miqpazc.dll,Init 1)
• X - MOBSYNC32.EXE (mobsync32.exe)
• X - Mscsgs (MSCSGS.EXE)
• X - Mscsgs32 (MSCSGS32.EXE)
• X - mssys (mssys.exe)
• X - MusIRC (irc.music.com) client (musirc4.71.exe)
• N - OEMRESET (OEMRESET.EXE)
• X - run= (21) (msiexec16.exe)
• U - sc (2) (sc.exe)
• X - server.exe (2) (server.exe)
• ? - Smcsta.exe (Smcsta.exe)
• N - Telemeter 3.0 (telemeter3.exe)
• U - TurboMemoryCharger (turbomemorycharger.exe)
• N - UltimateZip Quick Start (uzqkst.exe)
• X - VideoDriver (3) (gspotbot.exe)
• X - windowsupdate (3) (RPCX1sQ3.exe)
• X - WinExec32 (WinExec32.exe)
• X - Winsock32driver (win32server.scr)
• X - yz.exe (yz.exe)

Changed items - 12

• %cmpmixtitle% - description updated
• BMMLREF - status (U) and description changed
• CACStarter - status (N) and description changed
• GLSetIT32 (1) - name changed from GLSetIT, command changed to "msiexec16.exe" and VIRUS name changed to OPTIX PRO series
• Gravis Xperience Driver Support - status (U) changed and description updated
• messnger - corrected error in VIRUS name and removed additional entry ("messnger (2))
• microsoft - RESPAN added as an alternative VIRUS name
• ocx32 - RESPAN added as an alternative VIRUS name
• QuickTime Task - split into two entries with the other being "qttask"
• windll (3) - RESPAN added as an alternative VIRUS name
• WindowsCriticalUpdate - RESPAN added as an alternative VIRUS name
• WindowsUpdate (2) - RESPAN added as an alternative VIRUS name

3rd October, 2003

New items - 57

• X - @ (regedit -s ..\win.dll)
• ? - Aeiwlsta.exe (Aeiwlsta.exe)
• ? - AliUSBfix (GREENMK.exe)
• ? - bcmwltry (bcmwltry.exe)
• ? - BEHL (BEHL.exe)
• ? - cFosDNT (cFosDNT.exe)
• X - COMMAND (3) (command.exe)
• ? - Configuration Loader (4) (lfass.exe)
• X - Configuration Loader (5) (sycfg34.exe)
• X - CyberWolf (CyberWolf)
• X - Data (System.dat.vbs)
• X - DialNet (mxt32.exe)
• ? - DrvListnr (DrvListnr.exe)
• N - ESFTP (esftp.exe)
• ? - fsg_4104.exe (fsg_4104.exe)
• U - hfxp (hfxp.exe)
• ? - inetcntrl (inetcntrl.exe)
• N - MECA (Meca.exe)
• X - mfin32 (mfin32.exe)
• X - Microsoft System Checkup (Cool.exe)
• N - Mixer (mixer.exe)
• X - Mspatch69 (<path to trojan>)
• X - Mspatch89 (cnqmax.exe)
• U - NBJ (NBJ.exe)
• X - nodriver (AUEKXRZ.EXE)
• ? - OEPowerPlugs (winoeinit.exe)
• X - oo4 (RunDLL32.EXE oo4.dll,DllRun)
• ? - PowerS (PowerS.exe)
• X - Power Scan (powerscan.exe)
• N - Privacy Eraser Pro (PrivacyEraser.exe)
• X - QQ (sendmess.exe)
• ? - rav_temp.exe (rav_temp.exe)
• X - Registry Loader (regloadr.exe)
• X - Removed.exe (Removed.exe)
• X - Rundll32 (6) (Windows.exe)
• U - Safeworld (Freedom.exe)
• X - SAHBundle (bundle.exe)
• X - Savenow (2) (savenow.exe)
• X - Scanreg (<filename.exe>)
• N - SecureCleanIEClean (SCIEClean.exe)
• X - Spoolsv (Spoolsv.exe)
• ? - stlbdist (rundll32exe stlbdist.DLL,DllRunMain)
• X - svchost (7) (ADMAGIC.EXE)
• X - Tapicfg (Tapicfg.exe)
• ? - tp4mon (tp4mon.exe)
• ? - UC_SMB
• X - Windows MeTaLRoCk service (metalrock.exe)
• ? - WinDSL_MTU (WinDSL_MTU.exe)
• X - Winhelp (2) (winhe1p.exe)
• X - WinMine (D4NG3.vbs)
• X - WinSetBrowse (BasicUpdate.dll.vbs)
• ? - WR Command (wr.exe)
• ? - WregBios (wregbios.exe)
• ? - wriste (wriste.exe)
• ? - xkstartup (RunDll32 InstZ82.dll,SetUsbPrinterPort)
• X - yyyyyyyy (<path to trojan>)
• X - Zupdate (Zupdate.exe)

Changed items - 14

• AltnetPointsManager - "Altnet" added as an alternative Name, description updated
• Cyberwolf - KICKIN.A added as an alternative virus name
• KM9801U - description updated
• Machine Debug Manager - status corrected (U) and description updated
• MDM7 - status corrected (U) and description updated
• MMHotKey - status (N) and description changed
• MyApp (1) - status (X), command (<Filename>) and description changed
• NPROTECT - description updated
• Srmclean - status changed (U) and description updated
• Tracks Eraser Pro - "Tracks Eraser" added as an alternative name
• uc_start - description updated
• win - description updated
• Windoes Kernel - KICKIN.A added as an alternative virus name
• wintask - LEMIR.F added as an alternative virus name

Back to Updates - 2003