Latest updates for the list of startup programs provided at http://www.sysinfo.org/startupinfo.html

16th April, 2004

New items - 77

• ? - a (a.exe)
• Y - Adiras (Adiras.exe)
• Y - BDNewsAgent (bdnagent.exe)
• Y - BitDefender Virus Shield (vsserv.exe)
• ? - Ceic (Ceic.exe)
• U - Comm Driver (commh32.exe)
• X - Compatibility Service Process (regsvs.exe)
• X - Configuration Loader (svhst.exe)
• X - Cons (consol32.exe)
• X - EasyAV (EasyAV.exe)
• ? - exgiwsl (exgiwsl.exe)
• X - Fash (Fash.exe)
• X - GOG (GOG.exe)
• X - Generic Service Process (regsvc32.exe)
• X - Hardware Profile (hxdef.exe)
• X - Host (N/A)
• N - Intel® Common User Interface (igfxtray.exe)
• X - Internat (systray.exe)
• X - ir_ftp (irwftp.exe)
• U - IrXfer (IrXfer.exe)
• X - Israfel (Israfel.vbs)
• X - KasperskyAVEng (Kasperskyaveng.exe)
• X - Kernel32 (Kernel32.win)
• U - LaunApp (LaunApp.exe)
• U - LPtask (lptask.exe)
• U - LogitechVideoRepair (ISStart.exe)
• N - LogitechVideoTray (LogiTray.exe)
• X - LTMSG (ltmsg.exe)
• X - Media Player (media.exe)
• X - messnger (Dvldr32.exe)
• X - Microsoft NetMeeting Associates, Inc. (NetMeeting.exe)
• X - Microsoft System Checkup (Keymgr.exe)
• X - MNPol (mnpol.exe)
• N - Movielink Manager Uninstall (msvcmm32.exe)
• X - MP Tcloaxs (mptcloaxs.exe)
• X - Mswavedll (mswavedll.exe)
• X - NetLink (netlink32.exe)
• X - Norton Wizzard (nwiz.exe)
• X - NTP Server (<path to trojan>)
• ? - Packard Bell EverSafe Tray Control (TrayControl.exe)
• U - PopupVanish (PopupVanish.exe)
• X - Protected Storage (RUNDLL32.EXE MSSIGN30.DLL ondll_reg)
• X - Reg32 (reg33.exe)
• X - Quickzip (Ls.exe)
• U - RDClient (RDCLIENT.EXE)
• X - Shell Extension (spollsv.exe)
• X - sounddrv (sndbdrv3104.exe)
• X - spoo1sv (spoo1sv.exe)
• X - ssgrate.exe (irun4.exe)
• X - SymAV (SymAV.exe)
• X - sys (sysdllwm.reg)
• U - sys32cmd (sys32win.exe)
• X - Syscheck (win.hta)
• X - System (Atira.exe)
• X - Systems (scchost.exe)
• X - SystemTray (SysTray.exe)
• X - SYSTEMZ Patch (SYSZ.exe)
• X - Systray driver (systray.exe)
• U - UCmore XP - The Search Accelerator (rundll32.exe UCMTSAIE.dll,DllShowTB)
• Y - UrlLstCk (UrlLstCk.exe)
• N - USRobotics 802.11g Wireless Network Utility (USRWLANG.exe)
• Y - Vrmon (vrmonnt.exe)
• Y - VrSchedule (Vrres.exe)
• X - Wast (wast.exe)
• X - Websx (Int*****.exe)
• Y - WebTrapNT.exe (WebTrapNT.exe)
• X - win32info (win32info.exe)
• X - WinDNS (windns32.exe)
• X - window.exe (window.exe)
• X - windows (<path to trojan>)
• X - Windows Automation (msdspr.exe)
• X - Windows report (swchost.exe)
• X - Windows System Restore Configuration (Sblhost.exe)
• X - WindowsUpdate (USRINIT.EXE)
• X - winhlpp32.exe (winhlpp32.exe)
• X - Winsock2 driver (ZONEALARM.EXE)
• X - WINSYS (<path to trojan>)

Changed items - 17

• CeEPOWER - status (U) and description changed
• HP Component Manager - status (N) and description changed
• ISStart - description updated
• MotiveMonitor - description updated
• MotMon - description updated
• NT Logging Service - DONK.M added as an alternative VIRUS name
• NvCplDaemon - description changed
• OLE - TARNO.D added as an alternative VIRUS name
• Program In Windows - LOVEGATE.R added as an alternative VIRUS name
• RealUpdater - MITGLIEDER.I added as an alternative VIRUS name
• run= (RAVMOND.exe) - LOVEGATE.R added as an alternative VIRUS name
• RUNDLL32 (RUNDLL32.EXE NvQtwk, NvCplDaemon) - description changed
• SystemTra - LOVEGATE.R added as an alternative VIRUS name
• VFW Encoder/Decoder Settings - LOVEGATE.R added as an alternative VIRUS name
• Video Process - GAOBOT.UM added as an alternative VIRUS name
• WebInstall or WebInstall2 - status (X) and description updated
• WinHelp - LOVEGATE.R added as an alternative VIRUS name

2nd April, 2004

New items - 115

• X - ^`d}qZxu (~`d}qzxu3zYF)
• X - (default) (<random_file_name2>.exe)
• X - 1on1 (1on1.exe)
• U - Absolute StartUp monitor (ASMon.exe)
• ? - ADSL_A2 (A2Installed)
• X - Alchem (Alchem.exe)
• U - Artera (arteraui.exe)
• X - atiupdate (ATIUPDATE5.EXE)
• U - BitDefender for Yahoo! Messenger (yahmon.exe)
• X - BMZ (bmz.exe)
• N - BPServer (G6FTPSrv.exe)
• N - BurnQuick Queue (BQTray.exe)
• X - CAZNOVAS (CAZNOVAS.exe)
• N - Chcenter (chcenter.exe)
• X - cihost.exe (cihost.exe)
• ? - CM-SmWizard (SmWizard.exe)
• X - Configuration Loader (confgldr.exe)
• X - configuration loader (winicfg32.exe)
• X - Configuration Loading (configldr.exe)
• U - Configuration Utility (wlanutil.exe)
• U - CostAware (niIPCApp.exe)
• X - Danton<number> (<filename>)
• X - DCE Manager (dcemgr.exe)
• ? - Dell AIO Printer A920 (dlbkbmgr.exe)
• N - Desktop Weather 3 (THE WEATHER CHANNEL.exe or THEWEA~1.EXE)
• X - directs.exe (directs.exe)
• U - Dpcstart (dpcstart.exe)
• ? - E_S4I2G1 (E_S4I2G1.EXE)
• N - fkSysMon (fksysmon.exe)
• U - FTMSFLT(USB) (FTMSFLTU.EXE)
• X - Generic Host Process for Win32 Services (intspvc.exe)
• X - gigabit.exe (gigabit.exe)
• U - Hardware Doctor (Hwdoctor.exe)
• X - Internet Explorer Updater (iexplorer.exe)
• X - ir_ftp (ir_ftp.exe)
• X - jijbl (ezlwy.bat)
• X - jvdnlssn (fljzsshc.exe)
• ? - Jzi16 (jzi16.exe)
• X - Kernell (systems.exe)
• N - LMonitor (LMonitor.exe)
• ? - LVCOMSX (LVCOMSX.EXE)
• X - Microsoft IE Execute shell (IEExec.exe)
• X - Microsoft System Checkup (dbnetlib.exe)
• ? - MMERefresh (MMERefresh.exe)
• X - MS Configuration (MSFramer.exe)
• X - MSCONFG32.EXE (MSCONFG32.EXE)
• X - MSInfo (AVBgle.exe)
• X - mslagent (mslagent.exe)
• X - NAV Agent (systems.exe)
• U - Net Accelerator (NetAccelerator.exe)
• X - NetAdm7 (NETADM7.EXE)
• X - NetDy (VisualGuard.exe)
• X - NetMeter (NetMeter.exe)
• X - Network Service Manager (netsvc.exe)
• X - Norton Antivirus AV (FVProtect.exe)
• X - Ntech.patchs (<worm filename>)
• ? - online cdrom (Active acid.exe)
• ? - OOLHELPT (OOLHELPT.exe)
• X - PandaAVEngine (PandaAVEngine.exe)
• U - Password Door Loader (PDMonitor.exe)
• ? - PDVDServ (PDVDServ.exe)
• U - Petit Larousse 2001 (HIPL2000Popup.exe)
• U - Pluck Tray (PluckTray.exe)
• X - pmr (pmr.exe)
• X - Program in Windows (iexplore.exe)
• N - PROXOMITRON (PROXOM~1.EXE or PROXOMITRON.EXE)
• U - ptrun32 (ptrun32.exe)
• N - RadarSync (RadarSync.exe)
• U - RadioSvr (RadioSvr.EXE)
• X - reg32 (reg32.exe)
• X - Regsv (regsv.exe)
• X - retime (retime.exe)
• X - run= (RAVMOND.exe)
• U - SATARaid (SATARaid.exe)
• X - SearchNavVersion (searchnavversion.exe)
• X - searchnav (searchnav.exe)
• ? - SetRefresh (SetRefresh.exe)
• N - Shcenter (chcenter.exe)
• X - SOS (SOS.exe)
• U - Spam Sleuth (SpamSleuth.exe)
• U - SpamSubtract (SpamSubtract.exe)
• X - sqvynikp (sqvynikp.exe)
• X - ssgrate.exe (irun.exe)
• X - svchost64 (svchost64.exe)
• X - sysinfo.exe (sysinfo.exe)
• X - Symantec Security (symantec32.exe)
• X - Symantec Security Addon (nvsvc.exe)
• X - SysMonXP (SysMonXP.exe)
• X - sysnate (sysnate.exe)
• X - system32.dll (systeminit.exe)
• X - System Handler (LSASS.EXE)
• X - System Host Service (svchost.exe)
• X - Systemtra (Systra.exe)
• X - SystrayServices (Msxpw.exe)
• X - Sysvupex (Sysvupex.exe)
• X - TIMER (TIMER.EXE)
• U - tpopservice (tpopservice.exe)
• ? - UPERVGAS (UPERVGAS.exe)
• X - UserSystem (<filename>)
• X - usrgtway.exe (syswrun4x.exe)
• X - VFW Encoder/Decoder Settings (RUNDLL32.exe MSSIGN30.DLL ondll_reg)
• X - Video (explored.exe)
• X - Video Process (sysconf.exe)
• X - Windows NNT (<path to trojan>)
• X - Windows-TCP-IP (rfkampig.exe)
• X - windows update (sychost.exe)
• X - Windows video (vide_32.exe)
• X - Winhelp (WinHelp.exe)
• U - WinService32 (ssmgr.exe)
• X - Winsock2 driver (MIRC32.exe)
• X - WinStart (WinStart.pif)
• X - winupd.exe (winupd.exe)
• X - winzip (<path to trojan>)
• U - Y!TunnelPro (YTunnelPro.exe)
• X - yeahdude.exe (hallowelt.exe)

Changed items - 13

• AlcxMonitor - status (X) changed and description updated
• BlueToothAuthentication Agent - status (U) changed and description updated
• HP SchedIndexer - status (U) and description changed
• HP AutoIndexer - status (U) and description changed
• ipmon.exe - R3C.B added as an alternative VIRUS name
• NT Logging Service - DONK.L added as an alternative VIRUS name
• olehelp - BOOKMARKER.G added as an alternative VIRUS/hijacker name
• RealTray - "SmartCenter" corrected to "StartCenter"
• rundll32 (BlueToothAuthentication Agent) - status (U) changed and description updated
• SysUpd - "WindowsUpd1.exe" and "WindowsUpd2.EXE" added as an alternative command and description updated
• WebCheck - CONE.F added as an alternative VIRUS name
• Windows Services Host - CONE.E added as an alternative VIRUS name
• Win l5oahder - description updated

Back to Updates - 2004