213ATI Launchpad0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
223iDuba Personal FireWall0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 3LDM0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
215Power2GoExpress0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
213RemoteControl0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
222Start WingMan Profiler0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5Steam0  0011HKEY_CU\Run0 25From Valve, for net games39http://www.absolutestartup.com/startup/1
212WebCamRT.exe0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5ccApp0  0011HKEY_LM\Run0  2??39http://www.absolutestartup.com/startup/1
2 3ISC0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
210ISC_UpDate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
213New Autostart0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214QD FastAndSafe0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214WMC_AutoUpdate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
212yahoo! &maps0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 8PowerBar0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310RecordNow!0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
316Sonic RecordNow!0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310SpySweeper0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 5Steam0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
316TransparentIcons0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 9TransTask0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8Tweak-XP0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8farstone0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 9pdfSaver30  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
312PestPatrolCL0  0011HKEY_LM\Run0 90PestPatrol 4.4.4, Computer Associates International, Inc.. PestPatrol command line scanner39http://www.absolutestartup.com/startup/1
312screen miner0  0011HKEY_LM\Run0 70Screen Miner, screen capture tool, capture full screen, capture window39http://www.absolutestartup.com/startup/1
3 8SiS Tray0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 6UC_SMB0  0011HKEY_LM\Run0 81Name:, UC_SMB. Filename:, ucstart.exe. Description:, Part of IBM Update connector50www.bleepingcomputer.com/startups/UC_SMB-5915.html0
3 8Driver320  0019HKEY_LM\RunServices0101This entry has information about the driver32.exe file and whether or not it should be allowed to run57www.bleepingcomputer.com/ startups/driver32.exe-9053.html0
113MISAggregator0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
119windows auto update0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
126Shortcut to LAFNSlipstream0  0025StartUp menu\Current user0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
312$sys$cor.sys0 12$sys$cor.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
328Plug and Play Device Manager0 18$sys$DRMServer.exe1 00376Added by the Sony/XCP DRM security software. This service is part of the digital rights management system utilized on certain Sony CDs.  If you remove this service, you may no longer be able to play certain CDs from Sony on your computer.br /br /If you have this service, then there is a good chance you also have the Sony XPC DRM rootkit.  Use the removal instructions below.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 8$sys$drv0 12$sys$drv.exe1 00249Added by the Backdoor.Ryknos Trojan backdoor that attempts to utilize the SecurityRisk.First4DRM security risk to hide itself on the compromised computer.  It also adds a registry key at HKEY_CURRENT_USERWkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj76http://www.sarc.com/avcenter/venc/data/backdoor.ryknos.html#technicaldetails0
110$sys$crash0 18$sys$sonyTimer.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 17$sys$sos$sys$.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 20$sys$WeLoveMcCOL.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
1 8$sys$cmp0 11$sys$xp.exe1 00156Added by the Troj/Stinx-F backdoor Trojan.  Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.56http://www.sophos.com/virusinfo/analyses/trojstinxf.html0
213%cmpmixtitle%0 11%cmpmixstr%1 00 48Possibly related to C-Media Mixer Control panel? 01
1 5Ctykd0 27%Malware path and filename%2 00 35Added by the TSPY_SMALL.SN spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FSMALL%2ESN&VSect=Td0
1 7PAV.EXE0  8%Number%1 00 67Added by the  KITRO.D (or ARGEN.A) WORM! %Number% can be any number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
214DumpFaultCheck0  8%system%1 00197Added by the W32/Scanbot-A worm and IRC backdoor.  Though this infection adds these entries, they have no effect on your computer other than open the %System% folder.  You can remove these entries.57http://www.sophos.com/virusinfo/analyses/w32scanbota.html0
129SystemWideHook for Windows NT0 14%WinHook32.exe1 00 28Added by the MYDOOM.AC WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html0
1 6alkasr0 41ÎäÒíÑ.exe1 00 28Added by the BALKART TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html0
1 9(default)0 25¡¡NOTEPAD.EXE1 00 42Added by the Troj/Vaq-A Trojan downloader.54http://www.sophos.com/virusinfo/analyses/trojvaqa.html0
116Web Event Logger0 31<8 random characters>.dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79FEACFF-FFCE-815E-A900-316290B5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
1 7newname0 30<application executable>2 00 36Added by the Troj/Drsmartl-S Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html0
1 7Proc1120 37<File name of the dropped file>2 00 31Added by the WORM_IXBOT.A worm.88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIXBOT%2EA&VSect=T0
111DllLoader320 20<filename>.exe1 00 43Added by the Troj/Bdoor-QD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorqd.html0
111GlobalSCAPE0 20<filename>.exe1 00132Added by the W32/Rbot-AYM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaym.html0
1 9DTInstall0 21<filename.>.dll1 00 35Added by the Troj/Small-ALM Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallalm.html0
115Hutley-Spieluhr0 20<filename.exe>1 00 43Added by the Troj/Shpiel-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojshpiela.html0
1 6NAVNet0 26<Name of Executable>2 00 75Added by the Troj/Small-FR Trojan.  The filenames and locations are random.57http://www.sophos.com/virusinfo/analyses/trojsmallfr.html0
1 6winabc0 24<ORIGFILENAME>.DLL1 00 82Added by the Troj/Lineage-PN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagepn.html0
113Virus Cleaner0 32<original Trojan filename>2 00 33Added by the Troj/Delta-E Trojan.56http://www.sophos.com/virusinfo/analyses/trojdeltae.html0
1 9NTupdater0 37<path to a renamed Mirc client>2 00 44Added by the Troj/Digarix-D backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojdigarixd.html0
1 4Safe0 26<path to Trojan EXE>2 00 97Added by the Troj/Banker-DT password stealing Trojan aimed primarily at users of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdt.html0
111WheelsMouse0 22<path to Trojan>2 00 48Added by the Troj/SocksPr-D proxy server Trojan.58http://www.sophos.com/virusinfo/analyses/trojsocksprd.html0
1 8Win_BooT0 22<Path to Trojan>2 00 53Added by the Troj/Banker-GI password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergi.html0
1 8WinShell0 20<path to worm>2 00 52Added by the W32/Fanbot-B mass-mailing and P2P worm.56http://www.sophos.com/virusinfo/analyses/w32fanbotb.html0
1 9Devicewin0 41<pathname of the Trojan executable>2 00 36Added by the Troj/Banker-AEV Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankeraev.html0
112kernel32.dll0 41<pathname of the Trojan executable>2 00 33Added by the Troj/Zlob-AP Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobap.html0
118Microsoft Redirect0 41<pathname of the Trojan executable>2 00 52Added by the Troj/Banker-FW Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerfw.html0
1 8msresear0 41<pathname of the Trojan executable>2 00 34Added by the Troj/Weasyw-B Trojan.57http://www.sophos.com/virusinfo/analyses/trojweasywb.html0
1 9Rapdyleys0 41<pathname of the Trojan executable>2 00 35Added by the Troj/QQPass-AD Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassad.html0
1 7MSPRO320 39<pathname of the worm executable>2 00 31Added by the W32/Hiberi-B worm.56http://www.sophos.com/virusinfo/analyses/w32hiberib.html0
113Winsocket log0 29<random characters>.exe2 00 50Added by the Troj/Sdbot-AKF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotakf.html0
112SysTray.Exys0 42<random filename with DLL extension>2 00 97Added by the Troj/Slogger-D Trojan.br /br /Uses CLSID: b{7368D5FC-6F5C-4f5b-B964-E67214F67852}/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerd.html0
1 6DER0050 23<random filename>2 00 43Added by the Troj/Hackvan-B Trojan rootkit.58http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 7Idoneus0 23<random filename>2 00 31Added by the MSIL.Idonut virus.72http://www.sarc.com/avcenter/venc/data/msil.idonut.html#technicaldetails0
118Msn Update SUPPORT0 23<random filename>2 00 48Added by the W32/Rbot-BPS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbps.html0
114Service Screan0 23<random filename>2 00132Added by the W32/Rbot-BAC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbac.html0
1 8Telnet240 23<random filename>2 00133Added by the W32/Rbot-ARD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotard.html0
113Win Prosess0r0 23<random filename>2 00 48Added by the W32/Rbot-BIT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbit.html0
1 6XRW0050 23<random filename>2 00  058http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 8DBGA0EEG0 27<random filename>.dll2 00119Added by the W32/Doxpar-D password-stealing network worm.br /br /Uses CLSID: b{6C7F7D05-2430-7FA8-28C5-2F9036BF28AF}/b.56http://www.sophos.com/virusinfo/analyses/w32doxpard.html0
1 7eTunnel0 27<random filename>.exe2 00 43Added by the Troj/Meteor-E backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmeteore.html0
124Windows Firewall Monitor0 27<random filename>.exe2 00 40Added by the Troj/Proxy-AX proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyax.html0
1 6wuauon0 27<random filename>.exe2 00 43Added by the Troj/Bdoor-MC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormc.html0
1 4st3i0 27<random filename.dll>2 00 33Added by the Troj/Hasum-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojhasuma.html0
1 6angnan0 27<random filename.exe>2 00 31Added by the W32/Bobax-DB worm.56http://www.sophos.com/virusinfo/analyses/w32bobaxdb.html0
122eMCryT Sh3ars Panagers0 27<random filename.exe>2 00132Added by the W32/Rbot-AWI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawi.html0
128MICROSFT RAMA UPDATE SUPPORT0 27<random filename.exe>2 00132Added by the W32/Rbot-ASM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
120Microsoft Anti-Virus0 27<Random Filename.exe>2 00 49Added by the W32/Kassbot-O worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32kassboto.html0
1 7Proc9920 27<random filename.exe>2 00 47Added by the W32/Ixbot-C worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbotc.html0
112Google Earth0 23<random name>.pif2 00132Added by the W32/Rbot-AXK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html0
112SysTray.Exiv0 18<random>.dll1 00106Added by the Troj/Slogger-F backdoor Trojan.br /br /Uses CLSID: b(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerf.html0
113System32Check0 18<random>.exe1 00 57Added by the Troj/Chast-A backdoor and keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojchasta.html0
1 6VSSTAT0 18<random>.exe1 00 47Added by the W32/Gobot-N worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32gobotn.html0
116Web Event Logger0 18<random>.exe1 00102Added by the Backdoor.Berbew.D backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.d.html#technicaldetails0
111nethost.exe0 26<randomfilename>.exe1 00 42Added by the Troj/Perda-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaj.html0
126Windows Overlay Components0 26<randomfilename>.exe1 00 34Added by the Troj/Agent-JK Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentjk.html0
113Apoint System0 25<Trojan Executable>2 00 35Added by the Troj/Banker-WK Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerwk.html0
1 4cppc0 25<Trojan executable>2 00 80Added by the Troj/VB-NV Trojan.  This trojan pretends to be a Half-Life 2 crack.54http://www.sophos.com/virusinfo/analyses/trojvbnv.html0
1 8FindHack0 25<Trojan executable>2 00 34Added by the W32/Kelvir-BA Trojan.57http://www.sophos.com/virusinfo/analyses/w32kelvirba.html0
1 6HATAPE0 25<Trojan executable>2 00 35Added by the Troj/Banker-QF Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerqf.html0
1 8msapps320 25<Trojan executable>2 00 35Added by the Troj/Banker-IS Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeris.html0
113office_update0 25<Trojan executable>2 00 36Added by the Troj/Dloader-ZB Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html0
114PHIME2OO2ASyst0 25<Trojan executable>2 00120Added by the Troj/DBdoor-B backdoor Trojan.  This filename for this trojan can be change to one specified by the hacker.57http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html0
112SmartTesting0 25<Trojan executable>2 00 45Added by the Troj/Ranck-DO http proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdo.html0
1 7taskbar0 25<Trojan executable>2 00 42Added by the Troj/Perda-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdai.html0
1 7zzzsoft0 25<Trojan executable>2 00 34Added by the Troj/QQRob-AD Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqrobad.html0
1 9aaprotect0 23<Trojan Filename>2 00 36Added by the Troj/Bancban-MJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanmj.html0
1 4Tspy0 23<Trojan Filename>2 00 43Added by the Troj/TSpy-B keylogging Trojan.55http://www.sophos.com/virusinfo/analyses/trojtspyb.html0
1 7MSSever0 27<Trojan Filename.exe>2 00 50Added by the Troj/PWS-CW password-stealing Trojan.55http://www.sophos.com/virusinfo/analyses/trojpwscw.html0
1 7Myfault0 18<Trojan.exe>1 00 34Added by the Troj/Ranck-DJ Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdj.html0
014CQSCP2P SERVER0 15<unknown>1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
0 8CQSCP2PS0 15<unknown>1 00  0 01
0 8V128IITV0 15<unknown>1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
228AccuWeather.com® Desktop0 15<unknown>1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0 15<unknown>1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0 15<unknown>1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0 15<unknown>1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0 15<unknown>1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0 15<unknown>1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0 15<unknown>1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0 15<unknown>1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0 15<unknown>1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0 15<unknown>1 00 26Related to an Iomega drive 01
2 5TGCMG0 15<unknown>1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0 15<unknown>1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0 15<unknown>1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
3 9EDRestore0 15<unknown>1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0 15<unknown>1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
323SMS Win9x Message Agent0 15<unknown>1 00 63This program assigns a user to a Systems Management Server site 01
111Bonzi Buddy0 15<unknown>1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0 15<unknown>1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
117Content connector0 29<various filenames.exe>2 00 34Added by the Troj/Dialer-Y dialer.57http://www.sophos.com/virusinfo/analyses/trojdialery.html0
125Microsoft Moniter Control0 21<worm filename>2 00 48Added by the W32/Rbot-BAX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbax.html0
110[not used]0 27øb.Ýoç1 00138Added by the Backdoor.Beasty.D backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{54AD0222-BB51-31EF-BBFA-06AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.d.html0
114vbs.ipnuker@mm0 29(original worm file name).vbs2 00 23Added by the  VBS.Nukip70http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7windowz0 29(original worm file name).vbs2 00  070http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7bcnswsx0 14(path to file)2 00 47Added as result of a  Ranck-AJ trojan infection57http://www.sophos.com/virusinfo/analyses/trojranckaj.html0
1 4ibin0 35(Pathname of the Trojan executable)2 00 26Added by the  Troj/Perda-C56http://www.sophos.com/virusinfo/analyses/trojperdac.html0
118virus removal tool0 35(pathname of the Trojan executable)2 00 27Added by the  Troj/Tometa-B57http://www.sophos.com/virusinfo/analyses/trojtometab.html0
1 5clock0 20(various file names)2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
1 9romahere20 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
1 9romahere30 34************.exe [* = random char]2 00  044http://doxdesk.com/parasite/SuperSpider.html0
115Control handler0 33***********.exe [* = random char]2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Network Security Guard0 32**********.exe [* = random char]2 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125WindowsRegKey upd4te2d4te0 31*********.exe [* = random char]2 00 26Added by the RBOT.XQ WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ0
1 4sr640 13********. exe2 00 27Adware, as yet unidentified 01
1 8rate.exe0 30********.exe [* = random char]2 00 19Unidentified adware 01
116ms window update0 33******.exe (* = random character)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 8Narrator0 28******.exe [* = random char]2 00 30Transponder/VX2 related adware 01
1 3web0 28******.exe [* = random char]2 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
111pnpsvc_lock0 29******.exe [* = random digit]2 00 16Browser hijacker 01
1150utlook express0 33*****.exe (where * = random char)2 00 31Added by the  W32/RBOT-CC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
122outlook express config0 33*****.exe (where * = random char)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113cyberfree.exe0 26****.dat [* = random char]2 00 19Unidentified adware 01
127Microsofts Security Manager0 29****.exe [**** = random char]2 00 28Added by the RBOT-WH TROJAN!55http://www.sophos.com/virusinfo/analyses/w32rbotwh.html0
118microsoft software0 31****.exe E255 [* = random char]2 00 40Added by an unidentified WORM or TROJAN! 01
118Win32SystemMonitor0 25***.exe [* = random char]2 00 16Browser hijacker 01
1 7Nero.ma0 29***.exe [*** = 2 to 3 digits]2 00 28Added by the JONBARR.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html0
224Description of Shortcuts0  5*.exe1 00227* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) 01
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
1 5ccapp0  4.EXE1 00 31Added by the  W32/RBOT-LJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
111Gray_Pigeon0  4.exe1 00111Added by the Troj/GrayBrd-EH backdoor Trojan.  This infection also creates the file c:\windows\temp\8e4ds4.dll.59http://www.sophos.com/virusinfo/analyses/trojgraybrdeh.html0
1 9supernova0  4.exe1 00 91Added as a result of the SURNOVA (or SUPOVA) VIRUS! <filename>.exe is the chosen name78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
111Search Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 23//find.naupoint.com</a>1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
011com servoce0  2/a1 00  0 01
211com servoce0  2/a1 00  044http://www.esafe.com/esafe/default.asp?cf=tl0
110search.vbs0  2/a1 00  8Hijacker 01
4 6vs.vsn0  2/a1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
1 8WinTools0  5/boot115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
324EPSON Stylus Photo RX5000 22/M Stylus Photo RX500"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
114WinMsgServices0  5?.exe1 00169Added by the  Troj/Kelebek-G.  This file is added to the Windows system folder.  The name of the filename is the ASCII character 255 which corresponds to an empty space.58http://www.sophos.com/virusinfo/analyses/trojkelebekg.html0
013Coupon Offers0  2??1 00  2?? 01
0 6Devlog0  2??1 00  2?? 01
0 6Dosbat0  2??1 00  0 01
0 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
0 5Vinny0  2??1 00  2?? 01
010Web Search0  2??1 00  0 01
011WRECK GUARD0  2??1 00  2?? 01
224AccuWeather.com® Desktop0  2??1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0  2??1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0  2??1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0  2??1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0  2??1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0  2??1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0  2??1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0  2??1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0  2??1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0  2??1 00 26Related to an Iomega drive 01
2 5TGCMG0  2??1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0  2??1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0  2??1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
311AAAKeyboard0  2??1 00  0 01
3 7Avxnews0  2??1 00  2?? 01
314CQSCP2P SERVER0  2??1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
3 6Devlog0  2??1 00  2?? 01
3 6Dosbat0  2??1 00  0 01
3 9EDRestore0  2??1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0  2??1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
3 7mfgboot0  2??1 00  2?? 01
3 6Qdsafe0  2??1 00  2?? 01
3 8ScanFile0  2??1 00  0 01
323SMS Win9x Message Agent0  2??1 00 63This program assigns a user to a Systems Management Server site 01
3 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
3 5Vinny0  2??1 00  2?? 01
310Web Search0  2??1 00  0 01
311WRECK GUARD0  2??1 00  2?? 01
111Bonzi Buddy0  2??1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0  2??1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
113[random name]0 12??anregw.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??chost.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
2 5Vgwxi0 12??erinit.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 12??erinit.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??ool32.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??oolsv.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 3Fek0 11??oolsv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  9??rss.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??rvices.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??xplore.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 7Seibctd0 12??xplore.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 11?hkntfs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
114?ekio Startups0 12?nksvc32.exe1 00167Added by the W32/Agobot-OV WORM/IRC backdoor. ? is a random character. It will kill processes, record keystrokes, allowing unauthorised access to enable other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
113[random name]0 10?ttrib.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116@liberamovilespt0 16@liberamovilespt1 00 46Added by the Dialer.UDIS premium adult dialer.72http://securityresponse.symantec.com/avcenter/venc/data/dialer.udis.html0
1 8@tour_ww0 15@tour_ww[1].exe1 00 21Adult content dialler 01
131Windows System Security Monitor0 22[4 random letters].exe2 00 32Added by the W32.Pinkton.A worm.74http://www.sarc.com/avcenter/venc/data/w32.pinkton.a.html#technicaldetails0
1 4Nvid0 22[8 random charachters]2 00 19Unidentified adware 01
116Web Event Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.B backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.b.html#technicaldetails0
115WebEvent Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79ECA078-17FF-726B-E811-213280E5C831}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
123anti-virus product sync0 47[AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe2 00 32Added by the  W32.Kedebe.D(AT)mm76http://securityresponse.symantec.com/avcenter/venc/data/w32.kedebe.d@mm.html0
137Remote Procedure Call (RPC) Activator0 19[Currently unknown]2 00 43Added by the Troj/Fiserv-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfiserva.html0
1 7NSystem0 17[downloaded file]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7hxadsec0 17[executable name]2 00 36Added by the Troj/AdClick-AP trojan.59http://www.sophos.com/virusinfo/analyses/trojadclickap.html0
1 6fsdsft0 11[file name]2 00 40Added by the Backdoor.Ranky.S  Backdoor!77http://www.sarc.com/avcenter/venc/data/backdoor.ranky.s.html#technicaldetails0
113winupdatefiv_0 11[file name]2 00 37Added by the W32/Combra-C email worm.56http://www.sophos.com/virusinfo/analyses/w32combrac.html0
1 6SYDNEY0 11[file path]2 00 24Added by the SYNEY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html0
1 7Systray0 14[filename.exe]1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
113Configuration0 10[filename]1 00 27Added by the SDBOT-ML WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotml.html0
114JavaUpdate0.070 10[filename]1 00 28Added by the JUPDATE TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html0
115LoadWindowsFile0 10[filename]1 00 65Added by the DELF.B TROJAN! where [filename] is the infected file76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html0
115Locator Service0 10[filename]1 00 30Added by the AGOBOT-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotky.html0
117LowVersionSupport0 10[filename]1 00 28Added by the LASTRAS TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html0
1 6Mantis0 10[filename]1 00 27Added by the MANTIBE VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html0
112MatrixScreen0 10[filename]1 00 33Added by the MATRIXSCREEN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html0
129Microsoft Java Windows Update0 10[filename]1 00 26Added by the RBOT-DZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdz.html0
1 5Myapp0 10[filename]1 00 26Added by the FATEE.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html0
1 7NavScan0 10[filename]1 00 27Added by the OBSORB TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 3OLE0 10[filename]1 00 39Added by the STAWIN or TARNO.D TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html0
1 5putil0 10[filename]1 00 28Added by the LDPINCH TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html0
1 7Scanreg0 10[filename]1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 6User320 10[filename]1 00 29Added by the NETTRASH TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html0
110UserSystem0 10[filename]1 00 49CoolWebSearch SmartSearch variant - also see here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111VideoDriver0 10[filename]1 00 30Added by the GSPOT20.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A0
114Windows Update0 10[filename]1 00 82Added by the  NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites73http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html0
1 9GustavVED0 14[filename].exe1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
112Service Host0 14[filename].exe1 00 27Added by the TORVEL.B WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html0
113System Update0 14[filename].exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
116Windows Explorer0 14[filename].exe1 00144Added by the SDBOT TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 5cAgOu0 14[filename].hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
1 6ZaCker0 14[filename].PIF1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 8AddClass0 19[Installation_Path]1 00 32Added by the STARTPAGE.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html0
1 8Internal0 18[month number]</a>2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
1 9enbrowser0 14[name of file]2 00 22WINBO adware component60http://www.symantec.com/avcenter/venc/data/adware.winbo.html0
1 2c70 14[name of worm]2 00 35Added by the  W32.MEDIAKILL.A WORM!66http://www.symantec.com/avcenter/venc/data/w32.mediakill.a@mm.html0
1 6Update0 20[original file path]2 00 26Added by the LYNDEGG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html0
1 7TSystem0 19[original filename]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7File0_00 16[path of Trojan]2 00 47Added by the Troj/Dloader-OR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
137Anti-Virus Update Scheduler V1.39.12R0 14[path to .exe]2 00 12Added by the27Troj/Fireby-A proxy TROJAN!0
1 7Caesvrn0 14[path to .exe]2 00142Added by the Troj/Ranck-CQ.  This infection sits on a randomly selected TCP port between 1025 and 9997, awaiting contact by a remote attacker.57http://www.sophos.com/virusinfo/analyses/trojranckcq.html0
1 5ccApp0 14[path to .exe]2 00 50Added by the W32/Rbot-LJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
112Client Agent0 14[path to .exe]2 00 12Added by the110Troj/PPdoo0
113DllExecutable0 14[path to .exe]2 00 12Added by the15W32/VB-SP WORM!0
1 9fasdqwdwq0 14[path to .exe]2 00 12Added by the101Troj/Ranc0
1 5imgit0 14[path to .exe]2 00 36Added by the  Troj/Banker-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankercg.html0
1 8loader320 14[path to .exe]2 00 42Added by Troj/Domcom-D downloading TROJAN.57http://www.sophos.com/virusinfo/analyses/trojdomcomd.html0
1 9msproject0 14[path to .exe]2 00 12Added by the21Troj/Sdbot-TF TROJAN!0
110OpenMstart0 14[path to .exe]2 00 34Added by the Dial/Switch-E DIALER.57http://www.sophos.com/virusinfo/analyses/dialswitche.html0
1 8PornoTop0 14[path to .exe]2 00  8Added by60Troj/Delf-RX, and will be found in the Program Files folder.0
119Srv32 spool service0 14[path to .exe]2 00  8Added by16Troj/Dloader-LB.0
118SunJavaUpdateSched0 14[path to .exe]2 00 36Added by the  Troj/Banker-AU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerau.html0
1 4GDAX0 18[path to backdoor]2 00 28Added by the RANKY.K TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html0
114winupdateconn_0 13[path to exe]2 00 31Added by the W32/Combra-A WORM.56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
111WinUpgrader0 13[path to EXE]2 00 20Added by the trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdz.html0
2 7Printer0 14[path to file]2 00 29Added by the LOWTAPER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html0
1 9_Hazafibb0 14[path to file]2 00 25Added by the ZAFI.B WORM!86http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B0
1132thousandbuck0 14[path to file]2 00 28Added by the RANKY.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html0
1 8Band-Aid0 14[path to file]2 00 28Added by the RANKY.O TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html0
110dm_service0 14[path to file]2 00 34Added by the  MITGLIEDER.P TROJAN!67http://www.symantec.com/avcenter/venc/data/trojan.mitglieder.p.html0
1 7DSAcass0 14[path to file]2 00 28Added by the RANKY.M TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html0
113Login Service0 14[path to file]2 00 27Added by the MIGMAF TROJAN!52https://www.europe.f-secure.com/v-descs/migmaf.shtml0
1 6MsgApi0 14[path to file]2 00 29Added by the DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
1 7MSSGisg0 14[path to file]2 00 28Added by the RANKY.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html0
1 7REEGRUN0 14[path to file]2 00 30Added by the SECDROP.AI TROJAN79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI0
112ShellCommand0 14[path to file]2 00 29Added by the REMCON-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremcona.html0
1 6sysser0 14[path to file]2 00 25Added by the RAHACK WORM!58http://www.symantec.com/avcenter/venc/data/w32.rahack.html0
1 7Taskmgo0 14[path to file]2 00 30Added by the BANCBAN-T TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancbant.html0
1 9tjstartup0 14[path to file]2 00 29Added by the TJSERV.C TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html0
123Windows Taskbar Manager0 14[path to file]2 00 30Added by the PROTORIDE.B WORM!63http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html0
110winupdate_0 14[path to file]2 00 32Added by the  W32.COMDOR.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.comdor.a@mm.html0
113winupdateconn0 14[path to file]2 00 32Added by the  W32/COMBRA-A WORM!56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
1 9WinXP fix0 14[path to file]2 00 28Added by the RANKY.P TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html0
1 5lsass0 19[path to lsass.exe]2 00127Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 7ansjava0 26[path to mirc application]2 00 50Added by the W32/Randon-AN worm and IRC backdoor..57http://www.sophos.com/virusinfo/analyses/w32randonan.html0
1 4smss0 18[path to smss.exe]2 00126Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
3 5PPSVC0 26[path to Spyware.PCPolice]2 00116Added by the PC Police surveillance program. This program should be uninstalled if it was not installed by yourself.60http://www.sarc.com/avcenter/venc/data/spyware.pcpolice.html0
136357aa41a-b7a8-4632-a27d-5b980b25cf430 21[path to svchost.exe]2 00 30Added by the  SMALL-AQ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaq.html0
111winlogon32_0 18[PATH TO THE WORM]2 00 36Added by the W32.Mailbancos@mm worm.78http://www.sarc.com/avcenter/venc/data/w32.mailbancos@mm.html#technicaldetails0
1 45p4m0 16[path to Trojan]2 00 35Added by the Troj/Litebot-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotc.html0
117Connectivity Tool0 16[path to trojan]2 00 48Added by the Troj/Litebot-E IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebote.html0
1 5CTime0 16[path to trojan]2 00 28Added by the HTTPDOS TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html0
113Floppy Master0 16[path to trojan]2 00 31C:\WINDOWS\helloworld.exebr //b 01
1 6Irwftp0 16[path to trojan]2 00 30Added by the BANCOS.CR TROJAN!108http://uk0
1 7mdetect0 16[path to trojan]2 00 27Added by the SPABOT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html0
1 5msbsc0 16[path to trojan]2 00 72Added by the Troj/Banker-DF password-stealing trojan of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdf.html0
1 9Mspatch690 16[path to trojan]2 00 26Added by the MPROX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html0
1 5mssvc0 16[path to trojan]2 00 24Added by the PSK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html0
123Network Host Controller0 16[path to trojan]2 00 28Added by the WHISPER TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html0
110NTP Server0 16[path to trojan]2 00 28Added by the RANKY.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html0
1 5rngmf0 16[path to trojan]2 00 28Added by the RANKY.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html0
1 8Services0 16[path to trojan]2 00 33Added by the  METEORSHELL TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html0
1 5Spool0 16[path to trojan]2 00 28Added by the RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 7svchost0 16[path to trojan]2 00126Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html0
1 9ValidData0 16[path to trojan]2 00 28Added by the RANKY.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html0
1 7windows0 16[path to trojan]2 00 27Added by the AIMWIN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html0
111Windows NNT0 16[path to trojan]2 00 28Added by the RANKY.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html0
112WindowsSetup0 16[path to trojan]2 00 26Added by the EZBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html0
111WindUpdates0 16[path to trojan]2 00 29Added by the AGENT.BF TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF0
1 6WINSYS0 16[path to trojan]2 00 29Added by the GOLDPLAY TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html0
1 6winzip0 16[path to trojan]2 00 42Added by the BANCOS.G or BANCOS.K TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html0
1 4x3yy0 16[path to trojan]2 00 28Added by the TANNICK TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.tannick.html0
1 8yyyyyyyy0 16[path to trojan]2 00 30Added by the MUMUBOY.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html0
1 5Zen.A0 16[path to trojan]2 00 29Added by the ZOOMEN-A TROJAN!57http://www.sophos.com/virusinfo/analyses/perlzoomena.html0
130[Ephemeral 2.x] by TreeHugger,0 14[path to worm]2 00 55Added by the LEMOOR.A WORM! where "x" represents 3 or 473http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html0
113ACCDEFRAGINFO0 14[path to worm]2 00 26Added by the DARBY-O WORM!55http://www.sophos.com/virusinfo/analyses/w32darbyo.html0
1 3AHU0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 7Cekirge0 14[path to worm]2 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
119DLL Service Manager0 14[path to worm]2 00 29Added by the RPCBOT.F TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html0
1 8Explorer0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
110ICQ Center0 14[path to worm]2 00 25Added by the RANDIN WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
117InterceptedSystem0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 6Msgmgr0 14[path to worm]2 00 27Added by the BABYBEAR WORM!63http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html0
115NAV Live Update0 14[path to worm]2 00102Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec66http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html0
1 6Nocana0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
1 8rundll320 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 8rundll640 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
115svcwinprocess320 14[path to worm]2 00 26Added by the UPERING WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html0
1 6Systry0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 7Systryt0 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 9WinKernel0 14[path to worm]2 00105Added by the a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.htmlPLEA VIRUS!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href=0
111Winres32vis0 14[path to worm]2 00 26Added by the THRAX.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A0
112ControlPanel0 50[path] cmd32.exe internat.dll, LoadKeyboardProfile2 00 21Awmcash.biz foistware 01
113print sharing0 39[path] hidden32.exe [path] explorer.exe2 00 89Added by the ZCREW.B TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html0
254[System Mechanic Professional Update [Incinerator.dll]0 26[path] Incinerator.dll</a>2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
3 9BelNotify0 39[path] NPBelv32.dll, RunDll32_BelNotify2 00320BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service34http://www.belarc.com/BelTech.html0
114DATABASE MySql0 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
116NBT System alias0 35[path] repcale.exe [path] beird.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
119System Restore Data0 35[path] repcale.exe [path] beird.exe2 00 28Added by the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
1 9boarddata0 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
113element furth0 35[path] repcale.exe [path] palsp.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112installs sp20 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112PrinterSpool0 35[path] RESTORE.EXE [path] SPOOL.EXE2 00 30Added by the ALADINZ.K TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html0
110Protection0 40[path] runtask.exe [path] protection.exe2 00 44Added by a variant of the AGENT.3.AU TROJAN! 01
1 7svchost0 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
1 7MEDIA320 28[pathname of the executable]2 00 35Added by the Troj/PurScan-Z trojan.58http://www.sophos.com/virusinfo/analyses/trojpurscanz.html0
112Root_Machine0 35[pathname of the Trojan executable]2 00 87Added by the Troj/Bancban-DP password-stealing trojan for customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandp.html0
1 7spoolax0 35[pathname of the Trojan executable]2 00 33Added by the Troj/Perda-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdad.html0
1 6stdlib0 35[pathname of the Trojan executable]2 00 51Added by the Troj/Perda-E password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdae.html0
124Windows Standard Securty0 26[random 3 letter filename]2 00 31Added by the W32/Rbot-ALF worm.56http://www.sophos.com/virusinfo/analyses/w32rbotalf.html0
1 6KavSvc0 24[random 6 char filename]2 00 81Qoologic downloader trojan variant using random file names (examples: nzkklz.exe) 01
121Startup Configuration0 26[random 6 letter filename]2 00145Added by the W32/Rbot-ARV worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarv.html0
112SysTray.Excn0 24[random 8 character dll)2 00 97Added by the Troj/Cozdoor-C Trojan.br /br /Uses CLSID: b{1722ECFF-4356-4f5b-B534-E67294FE75E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoorc.html0
112SysTray.Exsh0 24[random 8 character dll]2 00105Added by the Troj/Cozdoor-D bacdoor Trojan.br /br /Uses CLSID: b{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoord.html0
1 6Legacy0 19[RANDOM CHARACTERS]2 00 46Added by the Backdoor.Eparssa backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.eparssa.html#technicaldetails0
1 9WinNetDDE0 23[random characters].exe2 00 24_blankNETDEPIX.B TROJAN! 01
114Internet Agent0 14[random CLSID]2 00 12Added by the116Troj/PPdoo0
1 9*ms setup0 18[random file name]2 00 52Virtumondo adware,  also known as the  VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
113agent browser0 18[random file name]2 00 42Added by the PPdoor.M-bdr backdoor TROJAN! 01
128microsoft security gmanagers0 18[random file name]2 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
127microsoft security panagers0 18[random file name]2 00  043http://vil.nai.com/vil/content/v_100454.htm0
115voltage manager0 18[random file name]2 00 32Added by the  W32.DREFFORT WORM!60http://www.symantec.com/avcenter/venc/data/w32.dreffort.html0
1 9NetDDEipx0 22[Random file name].exe2 00 36Added by the Trojan.Netdepix Trojan.93http://securityresponse.symantec.com/avcenter/venc/data/trojan.netdepix.html#technicaldetails0
113AOL Messenger0 17[random filename]2 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7ara-key0 17[random filename]2 00 26Added by the ANTINNY WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html0
120Avril Lavigne - Muse0 17[random filename]2 00 26Added by the AVRIL-A WORM!55http://www.sophos.com/virusinfo/analyses/w32avrila.html0
1 9bbdjmrxcX0 17[random filename]2 00135Added by the Troj/Ranck-AX proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckax.html0
111bdffefqes320 17[random filename]2 00134Added by the Troj/Ranck-Z proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckz.html0
1 7Bmsnwss0 17[random filename]2 00135Added by the Troj/Ranck-BK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbk.html0
1 5Bnexe0 17[random filename]2 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 5ccApp0 17[random filename]2 00 91Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 7ctfmonn0 17[random filename]2 00134Added by the Troj/Ranck-O proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancko.html0
1 7Danton*0 17[random filename]2 00 51Added by the DANTON TROJAN! where * = random number76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html0
1 7dfasack0 17[random filename]2 00135Added by the Troj/Ranck-BE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbe.html0
1 4down0 17[random filename]2 00 52OADER.BG" target=_blankDLOADER.BG trojan downloader! 01
118educational writer0 17[random filename]2 00 26Added by the RBOT-LZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlz.html0
1 7ffeqOME0 17[random filename]2 00135Added by the Troj/Ranck-AR proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckar.html0
1 6fqxsbk0 17[random filename]2 00135Added by the Troj/Ranck-BS proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbs.html0
116halloween stream0 17[random filename]2 00135Added by the Troj/Ranck-AY proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckay.html0
110hpsysconf10 17[random filename]2 00 41Added by a variant of the VIVIA.A TROJAN!106http://de0
118ICQ Lite Messenger0 17[random filename]2 00231Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory 01
115IO System Debug0 17[random filename]2 00 21Added by Backdoor.Bla63http://www.sarc.com/avcenter/venc/data/backdoor.bla.trojan.html0
121ist service uninstall0 17[random filename]2 00 23ISTBar parasite related53http://sarc.com/avcenter/venc/data/adware.istbar.html0
1 7JVM0.120 17[random filename]2 00119Trojan downloaded with possible backdoor functionality.  Found in the Windows system directory with a random file name. 01
1 9kern64dll0 17[random filename]2 00 28Added by the TARNO.J TROJAN!63http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html0
121LoadOrderVerification0 17[random filename]2 00 27Added by the TRON.A TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A0
1 9MicroLoad0 17[random filename]2 00 24Added by the DARBY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html0
121Microsoft Corporation0 17[random filename]2 00 42Added by various VIRUSES, WORMS & TROJANS! 01
120Microsoft Diagnostic0 17[random filename]2 00 27Added by the ACEBOT TROJAN!47http://www3.ca.com/virusinfo/Virus.asp?ID=115320
119Microsoft IT Update0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Microsoft Locals 3320 17[random filename]2 00 26Added by the RBOT-KU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotku.html0
112Microsoft LV0 17[random filename]2 00 35Added by the Troj/Bdoor-BDL trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html0
126Microsoft Security Manager0 17[random filename]2 00108Added by the W32/Rbot-TU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbottu.html0
114Microsoft Tray0 17[random filename]2 00 28Added by the DELF.BZ TROJAN!43http://www.vsantivirus.com/back-delf-bz.htm0
123Microsoft Update Loader0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
135Microsoft UpToDate Driver (32-bits)0 17[random filename]2 00254Added by the W32/Rbot-ZV worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.  It also installs a file call c:\a.bat which is used to stop certain antivirus, antispyware, and firewall applications.55http://www.sophos.com/virusinfo/analyses/w32rbotzv.html0
1 9Microsong0 17[random filename]2 00134Added by the Troj/Ranck-A proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.59http://www.sophos.com/virusinfo/analyses/trojranckbota.html0
112Monitor Test0 17[random filename]2 00134Added by the W32/Sdbot-NC worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html0
1 7MS-HTML0 17[random filename]2 00 31Added by the LATINUS.15 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.150
1 8MSKCES320 17[random filename]2 00 27Added by the CLONER TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html0
1 7msmsgss0 17[random filename]2 00134Added by the Troj/Ranck-S proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancks.html0
1 8Msn Home0 17[random filename]2 00134Added by the Troj/Ranck-W proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckw.html0
1 6mswspl0 17[random filename]2 00 29Added by the SMALL.IQ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ0
1 9nssysconf0 17[random filename]2 00 28Added by the VIVIA.A TROJAN!106http://de0
1 8nsysconf0 17[random filename]2 00 36Added by the Adware.ZioCom.C adware.59http://www.sarc.com/avcenter/venc/data/adware.ziocom.c.html0
1 6NTServ0 17[random filename]2 00134Added by the Troj/Ranck-P proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckp.html0
114NVidia Drivers0 17[random filename]2 00134Added by the Troj/Ranck-R proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckr.html0
1 6PlanCx0 17[random filename]2 00135Added by the Troj/Ranck-CE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckce.html0
1 5qbotd0 17[random filename]2 00 27Added by the BOTTEN TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html0
1 8qffecdas0 17[random filename]2 00135Added by the Troj/Ranck-BF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbf.html0
113RealVNC Setup0 17[random filename]2 00134Added by the Troj/Ranck-V proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckv.html0
113RSPC Driver D0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Sav320 17[random filename]2 00 56Added by the W32/Famus-G WORM! File found in c:\recycled55http://www.sophos.com/virusinfo/analyses/w32famusg.html0
123support-reverse-smileys0 17[random filename]2 00 35Added by the Troj/Litebot-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotd.html0
110svchosts320 17[random filename]2 00134Added by the Troj/Ranck-L proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckl.html0
1 7sws.exe0 17[random filename]2 00 33Haldex type adult content dialler74http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html0
117Symantec Autoscan0 17[random filename]2 00133Added by the  W32/Rbot-AJO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajo.html0
1 7SysData0 17[random filename]2 00135Added by the Troj/Ranck-BA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckba.html0
118System CPL manager0 17[random filename]2 00108Added by the W32/Rbot-SR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsr.html0
113System Update0 17[random filename]2 00 38Added by the KORGO.W or KORGO.X WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
111System-Tray0 17[random filename]2 00 29Added by Backdoor.BladeRunner64http://www.sarc.com/avcenter/venc/data/backdoor.bladerunner.html0
1 7TaskReg0 17[random filename]2 00 24Added by the CBLAD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A0
1 8tkaskqjw0 17[random filename]2 00135Added by the Troj/Ranck-CA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckca.html0
1 5Trayz0 17[random filename]2 00105Added by the Troj/Bdoor-JG backdoor Trojan.br /br /Uses CLSID: b(F5B7D0BE-5f02-4211-96DB-386DFA244900)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorjg.html0
1 6UpdSys0 17[random filename]2 00 23Added by the BJ TROJAN!53http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1000570
1 8vadeinst0 17[random filename]2 00135Added by the Troj/Ranck-CF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckcf.html0
111VCbvnczsxcX0 17[random filename]2 00135Added by the Troj/Ranck-AK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckak.html0
1 9vcxcxvxcX0 17[random filename]2 00135Added by the Troj/Ranck-AQ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaq.html0
114vDGDGvvsa dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AV proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckav.html0
122vDSAGGQEvbA ASDAS dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckat.html0
113Video Process0 17[random filename]2 00 26Added by the RBOT-LM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlm.html0
110vxcxcvfck.0 17[random filename]2 00135Added by the Troj/Ranck-AZ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaz.html0
1 9vXCXssdss0 17[random filename]2 00135Added by the Troj/Ranck-BO proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbo.html0
1 7Wdqvsst0 17[random filename]2 00135Added by the Troj/Ranck-BT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbt.html0
111Web Service0 17[random filename]2 00 40Added by the Trojan.Admincash infection!60http://www.sarc.com/avcenter/venc/data/trojan.admincash.html0
111Win32system0 17[random filename]2 00 24Added by the DDV.B WORM!70http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html0
117Windows Compliant0 17[random filename]2 00 26Added by the RBOT-IR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotir.html0
116Windows ExpIorer0 17[random filename]2 00132Added by the W32/Rbot-AKO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotako.html0
120Windows Media Player0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Windows Media Player Update0 17[random filename]2 00 26Added by the RBOT-ET WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
121Windows Media SP.2.370 17[random filename]2 00 28Added by the LEMIR.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html0
110Windows NT0 17[random filename]2 00134Added by the Troj/Ranck-M proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckm.html0
124Windows Security Service0 17[random filename]2 00132Added by the W32/Rbot-ALV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalv.html0
120Windows Socketheader0 17[random filename]2 00 47Added by the W32/Ixbot-A worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbota.html0
122Windows Update Checker0 17[random filename]2 00 24Adware downloader trojan 01
117Windows Update V60 17[random filename]2 00 26Added by the RBOT-KT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkt.html0
119WindowsRegistration0 17[random filename]2 00 26Added by the RBOT-NO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotno.html0
124WindowsRegKey Autoupdate0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120WindowsRegKey update0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinManage0 17[random filename]2 00135Added by the Troj/Ranck-KH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckh.html0
1 9zonealarm0 17[random filename]2 00132Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running 01
1 9(default)0 21[random filename].exe2 00 27Added by the BLACKMAL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html0
1 5Kadoc0 21[random filename].exe2 00 29Added by the  Staprew TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.html0
119Mickey Mouse Cereal0 21[random filename].exe2 00 28Added by the RANKY.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html0
111RSPC Driver0 21[random filename].exe2 00 26Added by the RBOT-SN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsn.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
1 7W32Load0 21[random filename].scr2 00 25Added by the CASPID WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html0
127AIM Instant Message Cookies0 18[random filenames]2 00134Added by the W32/Rbot-AFV worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafv.html0
121Norton Antivirus 7.0a0 18[random filenames]2 00 39Added by the Troj/Perda-B trojan proxy.56http://www.sophos.com/virusinfo/analyses/trojperdab.html0
117Internet Explorer0 20[random letters].dll2 00115Added by the Troj/Proxma-A proxy and backdoor Trojan.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.57http://www.sophos.com/virusinfo/analyses/trojproxmaa.html0
146Iamnacho On Irc. MusicIrc.com Is a Homosexual!0 13[random name]2 00134Added by the W32/Randex-T worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randext.html0
110Ndpldaemon0 13[random name]2 00 44Added by the W32/RpcSdbot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html0
119Windows ASN Service0 13[random name]2 00134Added by the W32/Agobot-TC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobottc.html0
117Internet Explorer0 17[RANDOM NAME].dll2 00102Added by the Backdoor.Berbew.T backdoor.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.berbew.t.html0
118HDAudio Driver 1.00 17[random name].exe2 00 44Added by the Troj/Teadoor-D backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoord.html0
1 5xserv0 17[random name].exe2 00 34Added by the Troj/Stumpy-A trojan.57http://www.sophos.com/virusinfo/analyses/trojstumpya.html0
1 6center0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor30 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor50 19[random name]32.exe2 00 26Added by the BOFRA.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html0
1 8Reactor60 19[random name]32.exe2 00 26Added by the BOFRA.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html0
1 8Reactor70 19[random name]32.exe2 00 26Added by the BOFRA.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html0
1 8Reactor80 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 8Reactor90 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 5Rhino0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
112MSN 9.0 Plus0 12[random.exe]1 00132Added by the W32/Rbot-ALY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaly.html0
1 6asfqft0  8[random]1 00 12Added by the107Troj/Ranc0
1 2BD0  8[random]1 00241The a href=http://www.sophos.com/virusinfo/analyses/trojagentcm.html"Troj/Agent-CM backdoor TROJAN will first place DC.EXE in the Temporary folder, then modify   HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure automatic startup. 01
114BIOS XP Loader0  8[random]1 00143Added by the W32/Rbot-IC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotic.html0
1 9bluestart0  8[random]1 00 35Added by Troj/Dloader-IR, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderir.html0
111CacheLoader0  8[random]1 00171Troj/Dloader-IX will download the [random] file to the Windows folder, sub-folder "Cache". That done, it moves to "Security iGuard.exe", found in the Program Files folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderix.html0
1 3DI20  8[random]1 00 24Added by Troj/Dloader-IK59http://www.sophos.com/virusinfo/analyses/trojdloaderik.html0
111Disk Keeper0  8[random]1 00 99Added by the a href"http://www.sophos.com/virusinfo/analyses/trojsmallve.html"Troj/Small-VE TROJAN! 01
1 6eProxy0  8[random]1 00 29Added as a new service by the85Troj/Daemoni-AL TROJAN, using a displayname of Microsoft Security Subsystem Provider.0
1 7Expatch0  8[random]1 00 54Added by the Troj/PWSLmir-G TROJAN to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojpwslmirg.html0
113Floppy Master0  8[random]1 00 68Added by the Troj/Zonit-E TROJAN to send spam using other computers.56http://www.sophos.com/virusinfo/analyses/trojzonite.html0
120Generic Host Process0  8[random]1 00147http://www.sophos.com/virusinfo/analyses/trojciadoorh.html"Troj/Ciadoor-H TROJAN adds the file, enabling an attacker remote access to the computer. 01
1 7JVM0.140  8[random]1 00 44Added by the Troj/Teadoor-B backdoor TROJAN!58http://www.sophos.com/virusinfo/analyses/trojteadoorb.html0
1 8LanGuard0  8[random]1 00  1. 01
1 5lk3h10  8[random]1 00 65Added by the Troj/Mosuck-G TROJAN into the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojmosuckg.html0
135Microsoft (C) HTML Application host0  8[random]1 00139Added by the W32/Rbot-YB WORM/IRC backdoor, this file will allow termination of processes by way of a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotyb.html0
117Microsoft DirectX0  8[random]1 00 59A variant of the Rbot WORM/IRC backdoor will add this file.55http://www.sophos.com/virusinfo/analyses/w32rbotdp.html0
113Microsoft IIS0  8[random]1 00 43Added by the WORM variant, W32/Francette-Q.59http://www.sophos.com/virusinfo/analyses/w32francetteq.html0
139Microsoft Internet Acceleration Utility0  8[random]1 00 34Added by the Troj/Agent-BM TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbm.html0
120Microsoft PCHealth320  8[random]1 00 90The Troj/Nice-A TROJAN will log keystrokes using this file, and submit the data via email.55http://www.sophos.com/virusinfo/analyses/trojnicea.html0
1 6minimo0  8[random]1 00141A backdoor Trojan, it can log keypresses, capture screen and webcam images, steal files, provide a remote command shell and download updates. 01
1 3msn0  8[random]1 00 55Added by the Troj/Bancban-BG TROJAN to steal passwords.59http://www.sophos.com/virusinfo/analyses/trojbancbanbg.html0
118NT Virtual Machine0  8[random]1 00110Added by Troj/Agent-BV,  a network WORM with backdoor Trojan functionality found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32scaerbota.html0
110nvviddrv320  8[random]1 00143Added by the W32/Rbot-HT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotht.html0
1 6qgqqft0  8[random]1 00 12Added by the21Troj/Ranck-BX TROJAN!0
1 7reg_run0  8[random]1 00 35Added by the Troj/Banker-BQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbq.html0
121Regisry Configuration0  8[random]1 00143Added by the W32/Rbot-IY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.98http://www.google.com/url?sa=U&start=1&q=http%3A//www.sophos.com/virusinfo/analyses/w32rbotiy.html0
1 6RunWin0  8[random]1 00 36Added by the Troj/Banker-BN  TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbn.html0
115Service Manager0  8[random]1 00 34Added by the Troj/Migmaf-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmigmafg.html0
1 8Services0  8[random]1 00 35Added by the Troj/Agent-BV  Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentbv.html0
1 8sixtysix0  8[random]1 00120Troj/LowZone-R  TROJAN is responsible for a file found in the Windows folder that will reduce IE security zone settings.58http://www.sophos.com/virusinfo/analyses/trojlowzoner.html0
1 3sox0  8[random]1 00 91Added by the Troj/Proxyser-G  to start a SOCKS4 proxy server on a randomly-chosen TCP port.59http://www.sophos.com/virusinfo/analyses/trojproxyserg.html0
1 7sVideo20  8[random]1 00 54Added by Dial/Switch-D , a TROJAN premium-rate dialler57http://www.sophos.com/virusinfo/analyses/dialswitchd.html0
111taskmrg.exe0  8[random]1 00 74Added by Troj/Bancban-BN, a TROJAN that attempts to steal banking details.59http://www.sophos.com/virusinfo/analyses/trojbancbanbn.html0
1 7uFnV32i0  8[random]1 00 45Added by the Adware.Envolo Adware downloader.57http://www.sarc.com/avcenter/venc/data/adware.envolo.html0
1 4upme0  8[random]1 00 12Added by the37W32/Rbot-TH WORM/IRC backdoor trojan!0
114USB controller0  8[random]1 00 39Troj/Miewer-A, a TROJAN, adds the file!57http://www.sophos.com/virusinfo/analyses/trojmiewera.html0
1 4usbn0  8[random]1 00115Added by the Troj/Hogil-B  Trojan.  This infection adds various links to porn sites in your Desktop and Start Menu.56http://www.sophos.com/virusinfo/analyses/trojhogilb.html0
1 9vadseinst0  8[random]1 00 34Added by the Troj/Ranck-CM Trojan!57http://www.sophos.com/virusinfo/analyses/trojranckcm.html0
1 3vb60  8[random]1 00 12Added by the37W32/Rbot-TD WORM/IRC backdoor trojan!0
1 5Verif0  8[random]1 00 12Added by the17W32/Nopir-B WORM!0
1 6WebRun0  8[random]1 00  8Added by12Troj/Bube-K.0
1 8Win32DLL0  8[random]1 00 12Added by the17W32/Woned-A WORM!0
114Window service0  8[random]1 00 12Added by the128W32/Rbot-AC0
117Windows update 320  8[random]1 00 12Added by the38W32/Rbot-ADG WORM/IRC backdoor Trojan!0
1 9winreg_320  8[random]1 00 36Added by the Troj/Bancban-BY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanby.html0
1 9WXcmeinst0  8[random]1 00156Added by Troj/Ranck-CD, a backdoor TROJAN! It will chose a TCP port in the range 10000-49999 to notify a remote web server on that port using a web request.57http://www.sophos.com/virusinfo/analyses/trojranckcd.html0
1 6XpAspy0  8[random]1 00 72Added by Troj/Delf-WH, a TROJAN! It will be found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/trojdelfwh.html0
1 8xpsystem0  8[random]1 00114Added by Troj/Krepper-M,  a TROJAN! It will be found in a subfolder of the Windows system folder named "services".58http://www.sophos.com/virusinfo/analyses/trojkrepperm.html0
1 4xset0  8[random]1 00 12Added by the14Troj/Bdoor-HT.0
1 4mxb20 12[RANDOM].exe1 00 31Added by the W32.Maniccum worm.73http://www.sarc.com/avcenter/venc/data/w32.maniccum.html#technicaldetails0
1 4klop0 11[random]exe1 00 48Added by the Troj/Dloader-WA downloading Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwa.html0
1 7TempCom0 16[randomname].com1 00 24Added by the TRAXG WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html0
130[Ephemeral 2.5] by TreeHugger,0 16[randomname].exe1 00 31Added by the W32/Lemoor-C worm.56http://www.sophos.com/virusinfo/analyses/w32lemoorc.html0
118HDAudio Driver 2.00 18[randomstring].exe1 00 35Added by the Troj/Teadoor-E trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoore.html0
1 7Litebot0 24[Trojan executable name]2 00 35Added by the Troj/Litebot-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebota.html0
1 7CSRSWIN0 17[trojan filename]2 00 32Added by the WINSHELL.50 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html0
1 5CSRSX0 17[trojan filename]2 00 34Added by the WINSHELL.50.B TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 3lar0 17[trojan filename]2 00 27Added by the ROXY.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html0
112Ntech.patchs0 17[trojan filename]2 00 28Added by the LEMIR.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html0
1 7Service0 17[trojan filename]2 00 29Added by the KAITEX.E TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html0
111Disk Master0 13[trojan name]2 00 44Added by the DISTER TROJAN! - a spam relayer76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html0
1 9*WinLogon0 13[trojan path]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 9*WinLogon0 38[trojan path] ren time:[random number]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 7MSSGisg0 14[unidentified]1 00126Added by the Troj/Ranck-BI TROJAN, it will allow an unauthorized attacker to route HTTP traffic through the infected computer.57http://www.sophos.com/virusinfo/analyses/trojranckbi.html0
1 8SySPower0 22[Unknown at this time]2 00 46Added by the Troj/SpyAgen-G keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojspyageng.html0
126Network Devices Controller0 18[unknown filename]2 00 90Added by the Backdoor.Alnica backdoor.  Listens on port 6667 awaiting a remote connection.59http://www.sarc.com/avcenter/venc/data/backdoor.alnica.html0
1 5__ZF50 14[unknown name]2 00 46Added by the W32.Erkez.F@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.f@mm.html#technicaldetails0
142Activating the notepad common used library0  9[unknown]1 00 39Added by W32/Codbot-G, a WORM/backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotg.html0
1 7msnmsgy0  9[unknown]1 00 80Added by the Troj/Banker-EQ password-stealing trojan targetting Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankereq.html0
114Network Client0  9[Unknown]1 00 35Added by the Trojan.Boxed.C Trojan.75http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.c.html0
122Network Client Monitor0  9[unknown]1 00 35Added by the Trojan.Boxed.B Trojan.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.b.html#technicaldetails0
1 7PNP FIX0  9[unknown]1 00132Added by the W32/Rbot-AKQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakq.html0
110Search.vbs0  9[unknown]1 00  8Hijacker 01
110SFTRANSFER0  9[unknown]1 00 50Added by the Backdoor.Brakkeshell backdoor Trojan.81http://www.sarc.com/avcenter/venc/data/backdoor.brakkeshell.html#technicaldetails0
130SSDP Discovery Service Locator0  9[unknown]1 00 43Added by the Troj/Pndoor-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojpndoora.html0
1 9worknote10  9[unknown]1 00 29Added by the W32.Meetot worm.71http://www.sarc.com/avcenter/venc/data/w32.meetot.html#technicaldetails0
4 6VS.VSN0  9[unknown]1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
126Vaganza-XPloit-[User Name]0 15[User Name].exe2 00 32Added by the W32.Gavgent.A worm.74http://www.sarc.com/avcenter/venc/data/w32.gavgent.a.html#technicaldetails0
118Visual Element FX50 20[various file names]2 00 30ClearStream Accelerator adware73http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html0
1 5clock0 19[various filenames]2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
116MicrosoftWindows0 19[various filenames]2 00 46MagicSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PrivateNet0 19[various filenames]2 00 34Premium rate adult content dialler 01
115SystemEmergency0 19[various filenames]2 00 46SmartSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5wingo0 19[various filenames]2 00 27Added by the BAGLE-AU WORM!56http://www.sophos.com/virusinfo/analyses/w32bagleau.html0
115CSRS Windows NT0 15[various names]2 00 43Added by the Backdoor.WinShell.50 backdoor.98http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html#technicaldetails0
1 9SNInstall0 15[various names]2 00 35Added by the Troj/Spyhoax-A trojan.58http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html0
131Vanquish Autoloader v0.1 beta100 15[various names]2 00 39Added by the Hacktool.Vanquish rootkit.78http://securityresponse.symantec.com/avcenter/venc/data/hacktool.vanquish.html0
111Winport.com0  9[various]1 00135Added by the Backdoor.Acropolis backdoor.  The name of the backdoor is Acropolis 1.0. It listens on ports 32791, 45673 for connections.62http://www.sarc.com/avcenter/venc/data/backdoor.acropolis.html0
1 7REGMSYS0 18[variousnames.exe]1 00138Added by the Troj/LowZone-AX Trojan. Some common filenames for this infection are active.exe, mqzx.exe, klanp.exe, urba.exe, and sope.exe.59http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html0
110LiveUpdate0 24[Windows username]05.exe2 00 28Added by the LINEAGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html0
1 9AlevirOld0 15[worm filename]2 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 9BrasilOld0 15[worm filename]2 00 28Added by the OPASERV.P WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P0
1 6G001230 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
126Microsoft Security Panager0 15[worm filename]2 00132Added by the W32/Rbot-ANL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanl.html0
1 9RavTimeXP0 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 8RavTimXP0 15[worm filename]2 00  076http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 4rdvs0 15[worm filename]2 00 27Added by the  ULTIMAX WORM!90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&amp;VSect=T0
1 9ScrSvrOld0 15[worm filename]2 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
111Services0040 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 9SpeedBoss0 15[worm filename]2 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 9Supernova0 15[worm filename]2 00 38Added by the SURNOVA (or SUPOVA) WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
1 7Win2Drv0 15[worm filename]2 00 25Added by the WINTOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html0
1 8Srv32Old0 19[worm filename].PIF2 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
122Microsoft Windows DHCP0  8___r.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
133Microsoft Synchronization Manager0 13___synmgr.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
330Microsoft Broadband Networking0 13_18be6784.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
317AutpPilot Control0 11_294823.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
314active Printer0 13_644366bb.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
111_accwiz.exe0 11_accwiz.exe1 00 52Added by the Troj/Certif-N password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifn.html0
4 5AVPCC0 10_avpcc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5Swf320 11_backup.exe1 00 25Added by the SYMTEN WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html0
115[Various Names]0  9_ctcp.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
123Bron-Spizaetus-5118REPM0 17_default32142.pif1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
110[not used]0 12_huytam_.exe1 00 52Added by the Ssearch.biz and a-search.biz hijackers. 01
110[not used]0 11_Kerne1.exe1 00 82Added by the Troj/Lineage-AN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagean.html0
113MEAOI Service0 10_meaoi.exe1 00227Added by the W32/Tilebot-AM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This infection also creates a Rootkit file in order to hide itself called %System%meaoi.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotam.html0
110_ntrdlhost0 14_ntrdlhost.exe1 00 53A downloader TROJAN, Troj/Dloader-JV, adds this file.59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
117_ntrrescueservice0 10_ntrrs.exe1 00 37Added by the  TROJ/DLOADER-JV TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
138(randomly chosen existing folder name)0 10_setup.exe1 00 27Added by the  W32/Antinny-L57http://www.sophos.com/virusinfo/analyses/w32antinnyl.html0
1 7sqlsrvd0 12_sqlexec.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
121MS SQL Server Moniter0 12_sqlsrvd.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
111_System_Run0 13_svchost_.exe1 00 81Added by the Troj/Lineage-Z password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagez.html0
1 9_tdiserv_0 12_tdicli_.exe1 00 33Added by the  W32.TDISERV.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tdiserv.a.html0
1 8windll320 10_WIN32.EXE1 00 31Added by the  LEGMIR.AQ TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T0
1 9_x-Finder0 13_x-Finder.exe1 00 61Disconnects and redials an ISP modem to an adult content site 01
1 8^`d}qZxu0 12~`d}qzxu3zYF1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
1 9(default)0  6~~.exe1 00 47Added by the Troj/DownLdr-QR Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdownldrqr.html0
1 8Regcheck0 11~CAB001.EXE1 00 48Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A0
3 7ZeroAds0  101 00107ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually36http://zeroads.com/flash/default.asp0
1 9Zonavirus0  101 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 6begins0  50.exe1 00 61Added by the W32/Mytob-HE mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhe.html0
1 5solid0  50.exe1 00 49Added by the WORM_MYTOB.PP worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPP&VSect=T0
411AVGUARD.EXE0 1200000069.EXE125StartUp menu\Current user0111Windows XP/2000/XP Guard Service 6.29.00.03, H+BEDV Datentechnik GmbH. Antivirus Service for Windows XP/2000/NT39http://www.absolutestartup.com/startup/1
3 8000StTHK0 12000StTHK.exe1 00160Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) 01
3 8000StTHK0 12000StTHK.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1170050726-007-i32-10 210050726-007-i32-1.exe1 00 29Added by the  Troj/Bancban-EC59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
3 900THotkey0 1300THotKey.exe1 00 87For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. 01
3 900THotkey0 1300THotkey.exe111HKEY_LM\Run0 50TOSHIBA THotkey 6, 0, 2, 0, TOSHIBA Corp.. THotkey39http://www.absolutestartup.com/startup/1
115vbs_auto_update0 120548656X.vbs1 00 28Added by the   VBS/Gormlez-A57http://www.sophos.com/virusinfo/analyses/vbsgormleza.html0
1 80mcamcap0 120mcamcap.exe1 00 40Added by the Troj/Cosiam-H proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamh.html0
114OpenGL Drivers0 110penGLD.exe1 00 47Added by the W32/Yimp-A Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpa.html0
112Yahoo! Pager0  11111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 1@0  21%1 00 12Added by the21W32/Protorid-AD WORM!0
110Rundll32_80  51.dll1 00 38Added by the Adware.BrowserAid adware.61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 51.bat0  51.exe1 00 36Added by the Troj/Banload-LK Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloadlk.html0
1 51.exe0  51.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
1 8SysStart0  51.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 9WinUpdate0 10100089.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  910010.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9ASDPLUGIN0 12100171be.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 9ASDPLUGIN0 12100176br.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 6load320  91111a.exe1 00 28Added by the DUMARU.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html0
1151111swapmgr.exe0 151111swapmgr.exe1 00 43Added by the Troj/Bdoor-IC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdooric.html0
2 5Watch0 151200UBWATCH.EXE1 00  2?? 01
32112Ghosts Popup-Killer0 1112popup.exe1 00 2112Ghosts Popup-Killer36http://12ghosts.com/ghosts/popup.htm0
120windowsregkey update0 1716winupdate32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113180adsolution0 17180adsolution.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 5180ax0  9180ax.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 8spyclean0 181ClickSpyClean.exe1 00126The application "1 Click Spy Clean" is using a database that was stolen from  SpybotS&D A Rogue anti-spyware program see  note171 Click Spy Clean0
122ni.uwfx5_0001_n57m21120  81D7C.tmp1 00 25This is WinFixer Malware. 01
112HELLBOT TEST0 121hellbot.exe1 00 38Added by the W32/Mytob-BC worm/trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobbc.html0
1 41on10  81on1.exe1 00 21Adult content dialler 01
3 91st Clock0 181stClock.exe -tray225StartUp menu\Current user01111st Clock 3.0, Green Parrots Software. 1st Clock - add date, alarms, atomic time and more to your taskbar clock39http://www.absolutestartup.com/startup/1
1101t34rd.exe0 131t34rd.exe /k215HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
217One Touch Monitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 101tou~2.exe1 00  0 01
215OneTouchMonitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 52.exe0  52.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
11820050726-007-i32-10 2220050726-007-i32-1.exe1 00 57Added by the Troj/Bancban-EC information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
1102006Server0  82006.exe1 00 44Added by the Troj/Feutel-DA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelda.html0
1 3DI20  627.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 82kadiras0 122kadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
3 92wSysTray0 142portalmon.exe1 00 92a target="_blank" href="http://www.2wire.com/home/index.html"2Wire Homeportal user interface 01
0 8gramdate0  92Stop.exe1 00  2?? 01
3 92Tray.exe0  92tray.exe111HKEY_CU\Run0 79ImageConverter Plus 6, 3, 6, 0, fCoder Group International. ImageConverter Plus39http://www.absolutestartup.com/startup/1
115[Various Names]0 10321102.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124windows runtime proccess0 1232RUNdll.exe1 00 28Added by the  SDBOT.QW WORM!83http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW0
1 5winXP0  633.exe1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
115[Various Names]0  934763.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 437210  83721.bat111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Win32 USB2.0 Driver0  7386.exe1 00 27Added by the IRCBOT.D WORM!55http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html0
4 83capplnk0 123capplnk.exe1 00 24US Robotics Modem driver 01
2 83cdminic0 123CDMINIC.EXE1 001033Com DMI (DynamicAccess uD/uesktop uM/uanagement uI/unterface) Agent associated with 3Com network cards 01
2123ComDMIAgent0 123CDMINIC.EXE1 00  0 01
0 83CM Link0 113cmcnkw.exe1 00  2?? 01
4 83c1807pd0 273cmlink.exe 3cpipe-3c1807pd2 00 603Com WinModem driver. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 73Cmlink0 123CmlinkW.exe1 00164For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
1 73D Text0 113D Text.scr2 00 27Added by the  JERMY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html0
3193D!Turbo Experience0 123D!Turbo.exe122StartUp menu\All users0 53MSI3D Application 1, 0, 0, 1, . MSI3D MFC Application39http://www.absolutestartup.com/startup/1
1 83d_sound0 123d_sound.exe1 00115Added by the Troj/Riados-A Trojan that attempts a distributed denial of service (DDoS) attack against www.riaa.com.57http://www.sophos.com/virusinfo/analyses/trojriadosa.html0
3193Deep Control Panel0 123DeepCTL.EXE1 00115From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games34http://www.colorific.com/index.htm0
4103dfx Tools0 113dfxCmn.dll1 00132Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards 01
2173dfx Task Manager0 113dfxMan.exe1 00 87System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start - Programs 01
4123dfxv2ps.dll0 123dfxv2ps.dll1 00116Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards 01
3173DLabsHelperDemon0 123dldemon.exe1 00365Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled 01
3173DLabsHelperDemon0 213dldemon.exe nowakeup2 00  0 01
0303Dlabs Taskbar Display Manager0 103DLman.exe1 00 723DLabs graphics driver related.  System Tray access to display settings? 01
4 93ware 3DM0  73dm.exe1 00 63Monitors status of the disk array on 3ware IDE RAID controllers 01
4113DMouse.EXE0 113DMouse.EXE1 00 33Dritek System Inc. 3D Mouse drive 01
315Primax 3D Mouse0 123dmoused.exe1 00 56Enables the scroll button on the Primax 3-D Scroll mouse 01
3113DNADesktop0 173dnasys.exe -open211HKEY_LM\Run0 613DNA Desktop Controller 1, 0, 0, 1, . 3DNA Desktop Controller39http://www.absolutestartup.com/startup/1
3103qdctl.exe0 103qdctl.exe1 00194Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ 01
3 3pmc0  849XL.exe111HKEY_CU\Run0 34PMClient 3.01.0001, The Edge Tech.39http://www.absolutestartup.com/startup/1
2114cOqtqs.exe0 114cOqtqs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310WheelMouse0 104DMAIN.EXE1 00154Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide 01
1 9Messenger0  7514.exe1 00 37Added by the Trojan.Esteems.D Trojan.94http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.d.html#technicaldetails0
1105-2-46-1120 145-2-46-112.exe1 00 55Adult content pop-up dialler. Removal instructions here292http://groups.google.com/gro0
1 5putil0  85845.exe1 00 84Added by the Backdoor.Zinx backdoor. This backdoor listens on ports 14728 and 24759.77http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.zinx.html0
119Windows USB Service0  7666.exe1 00 12Added by the38W32/Mytob-AW WORM/IRC backdoor trojan!0
1 3pmc0  7764.exe1 00 21Adult content dialler 01
1 57VGAV0  97VGAV.exe1 00 81Part of the Adware.Winpup infection.  File is found in the Windows system folder. 01
115[various names]0  880d0.exe1 00115MediaMotor/Popuppers adware variant. Names spotted include 80d0, SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
11480xFire daemon0 1180xFire.exe1 00111Added by the W32/Tilebot-BK worm and IRC backdoor.  This also infects your computer with the rootkit rdriv.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotbk.html0
1 881pl96k80 1281pl96k8.exe111HKEY_LM\Run0 134, 0, 2, 3, .39http://www.absolutestartup.com/startup/1
1 7TempCom0  98746D.com1 00 43Added by the W32/Traxg-H mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32traxgh.html0
1 8887sfNY40 12887sfNY4.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 17896588AppInit.DLL1 00 94Added by the Troj/LegMir-BI Trojan.  This infection also creates the  %WinDir%896588.dll file.58http://www.sophos.com/virusinfo/analyses/trojlegmirbi.html0
413Initialize8x80 128x8_init.exe1 00 83Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay 01
1 8KAZAACuf0  191 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
2 7Apwheel0  89019.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
4 89xadiras0 129xadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
216DXM6Patch_9811160  1A1 00108Microsoft(R) Windows NT(R) Operating System 4.71.1015.0, Microsoft Corporation. Win32 Cabinet Self-Extractor 01
1 1a0  5a.exe1 00110Commercials file that registers itself in the system registry and redirects IE to a certain commercial website 01
1 7shellos0  8A+++.exe1 00 42Added by the WIN32.VB.AV keylogger TROJAN! 01
1 3a1g0  7a1g.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
1 5load=0  7a1g.exe1 00 25Added by the ATAK.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html0
3 7a&sup2;0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 9a-squared0 11a2guard.exe1 00  0 01
3 9a-squared0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 2a²0 11a2guard.exe1 00  027http://www.emsisoft.com/en/0
3 7ADSL_A20 11A2Installed1 00 78Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. 01
433Aureal A3D Interactive Audio Init0 11A3dInit.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
3 7A4Proxy0 11A4Proxy.exe1 00 87Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites47http://www.findincontext.com/a4proxy/review.htm0
3 9WindowsFZ0 11A5281300.so111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9windowsfz0 11A5281300.so1 00 49Variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
111popuppers650 11a64sddd.exe1 00 24Popuppers adware variant77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
111popuppers650  8a65d.exe1 00162Popuppers delivers popup ads to your computer. The file is found in the Windows folder. It also adds media-motor.net and popuppers.com to your trusted sites list. 01
114windows update0  7aaa.exe1 00 91Added by the Troj/Singu-Y Trojan.  This infection also creates the file c:\windows\aaa.cfg.56http://www.sophos.com/virusinfo/analyses/trojsinguy.html0
2 8AAACLEAN0 12AAACLEAN.INF1 00  2?? 01
1 4Heps0  8aaea.exe1 00 67Unknown malware. Located in %userprofile%\Application Data\aaea.exe 01
3 3AAK0  7aak.exe1 00140Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"30http://www.anti-keylogger.net/0
1 8AANYVKCF0 12aanyvkcf.exe1 00105Added by the Adware.Safesearch.B  Adware. This infection redirects certain pages to ones that it desires.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.b.html0
133Microsoft Synchronization Manager0  9aapie.exe1 00134Added by the W32/Sdbot-OZ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoz.html0
1 4Noha0  8aasd.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Microsoft Update0 10aaupdt.exe1 00 26Added by the RBOT-RQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrq.html0
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe1 00 29ABBYY FineReader OCR software45http://www.abbyy.com/finereader7/?param=286030
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe111HKEY_LM\Run0 65FineReader 7.0.0.620, ABBYY (BIT Software). ABBYY Community Agent39http://www.absolutestartup.com/startup/1
1 4FILE0 11abcdefg.exe1 00 46Added by the W32.Kelvir.DD MSN messenger worm.74http://www.sarc.com/avcenter/venc/data/w32.kelvir.dd.html#technicaldetails0
1 6System0 11abcdefg.exe1 00 31Added by the W32/Harwig-B worm.56http://www.sophos.com/virusinfo/analyses/w32harwigb.html0
1 8BT0000350 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000360 13abcdefg23.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000370 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8abcdefgh0 12abcdefgh.exe1 00 68Malware - detected by  Panda antivirus as the DOWNLOADER.EPJ TROJAN!51http://www.pandasoftware.com/products/titanium2005/0
115[Various Names]0 10ABCXYZ.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 6abiteq0 10abiteq.exe1 00 96Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. 01
115Service Drivers0  7abl.exe1 00133Added by the W32/Sdbot-YX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html0
216Album Fast Start0 10ABMTSR.EXE1 00 50Scanner software, not required for scanner to work 01
1 4ABox0  8ABox.exe1 00 74Added by the Troj/Abox-A Trojan!  The file is found in the Windows folder. 01
112Abrada win320 14abradaload.dll1 00 52Added by the Troj/Dermon-G password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojdermong.html0
3 8ABREGMON0 12ABregmon.exe111HKEY_LM\Run0 54Registry Monitor 1, 0, 0, 1, ArcaBit. Registry Monitor39http://www.absolutestartup.com/startup/1
115[Various Names]0  9abrek.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
118active bit station0  7abs.exe1 00 32Added by the  W32.MYTOB.BZ WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.bz@mm.html0
318PCBackup Scheduler0 15ABScheduler.exe111HKEY_LM\Run0 83Alohabob Job Scheduling Agent 6, 0, 0, 0, Eisenworld. Alohabob Job Scheduling Agent39http://www.absolutestartup.com/startup/1
1 4ABsr0  8absr.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
2 3abu0  7abu.exe111HKEY_LM\Run0 33abu Application 1, 0, 0, 1, . abu39http://www.absolutestartup.com/startup/1
314AbyssWebServer0 11abyssws.exe1 00 16Abyss web server29http://abyss.sourceforge.net/0
3 6CCWC7a0  6ac.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
1 4Osus0  8acao.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
216acbtnmgr_x63.exe0 16AcBtnMgr_X63.exe122StartUp menu\All users0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
326Lexmark X73 Button Manager0 16AcBtnMgr_X73.exe111HKEY_LM\Run0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
412AcBtnMgr_Xxx0 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Manager0 16AcBtnMgr_Xxx.exe1 00  0 01
3 3acc0  7acc.exe1 00102Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"53http://www.voicecallcentral.com/#advanced_call_center0
0 5AOLCC0 11ACCAgnt.exe1 00 74AOL ISP software related, file located in a "AOL Computer Check-Up" folder 01
310Accelerate0 14accelerate.exe1 00170Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection55http://www.webroot.com/wb/products/accelerate/index.php0
310Accelerate0 17accelerate.exe /S2 00 304.0.1, Webroot Software, Inc.. 01
313accessmanager0 13AccessMgr.exe1 00230Part of SmartPipes  SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"40http://www.smartpipes.com/SecureSite.htm0
120Windows Task Manager0 23ACCOUNT_DETAILS.DOC.exe1 00 28Added by the QUATERS.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html0
3 7AcctMgr0 11AcctMgr.exe1 00246Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC44http://www.symantec.com/sabu/sysworks/basic/0
3 7AcctMgr0 20AcctMgr.exe /startup211HKEY_LM\Run0 85Norton Password Manager 2004.1.406, Symantec Corporation. Password Manager Controller39http://www.absolutestartup.com/startup/1
111accwizz.exe0 11accwizz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
111MeuPrograma0 11accwizz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 8accwizzz0 12accwizzz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
112accwizzz.exe0 12accwizzz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 9system xp0 15acdsee demo.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
0 8Ace bows0 12Ace bows.exe2 00  2?? 01
3 8acergoto0 12AcerGoto.exe1 00179Acer Computer "Goto Drive"  Cold Swap Driver -  a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. 01
417AspireTimeMachine0 11acertmb.exe1 00189System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry 01
1 5necix0 13aceyukujy.exe1 00 89Added by W32/Sdbot-UE, a WORM/IRC backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotue.html0
3 8aclntusr0 12AClntUsr.exe1 00 42Altiris  AClient Service Windows Tray Icon42http://www.cdg-group.com/go.exe?prodid=2990
312AmazingClock0 10AClock.exe111HKEY_CU\Run0 65Amazing clock 1.2.beta, Kukushkin A. S.. Amazing clock executable39http://www.absolutestartup.com/startup/1
110AclService0 10AclService1 00 84C:\Windows\System32\aclservice.exe, and C:\Windows\Downloaded Program Files\acl.inf. 01
326Lexmark X73 Button Monitor0 17ACMonitor_X73.exe111HKEY_LM\Run0 46ACMonitor 1, 0, 0, 0, Silitek Corp.. ACMonitor39http://www.absolutestartup.com/startup/1
413ACMonitor_Xxx0 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Monitor0 17ACMonitor_Xxx.exe1 00123Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
310ACMService0 14ACMService.exe1 00109Added by the Spyware.ACM surveillance software.  Uninstall this software if it was not installed by yourself.72http://securityresponse.symantec.com/avcenter/venc/data/spyware.acm.html0
0 9aauclient0 14ACNUpdater.exe1 00 53Appears to be related to software from  Accenture.com56http://www.accenture.com/xd/xd.asp?it=enweb&xd=index.xml0
313Acombo3dmouse0 12Acombo3d.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
1 6Aconti0 10aconti.exe1 00 21Adult content dialler 01
3 8acoustic0 12acoustic.exe1 00112Control panel program for Philips  Acoustic Edge soundcard. Not required unless changed settings aren't retained198http://www.consume0
31042 AC Plug0 20acplug.exe -tray -on225StartUp menu\Current user0 752, 0, 4, 29,  iOpus Software GmbH. 42 Always Connected Plug (AC-Plug)  V2.039http://www.absolutestartup.com/startup/1
114Adobe Reader320 12Acrord32.exe1 00 48Added by the W32/Rbot-BLC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotblc.html0
221Acrobat Assistant 7.00 12Acrotray.exe111HKEY_LM\Run0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2004121400, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
219Assistant d'Acrobat0 12acrotray.exe122StartUp menu\All users0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2003102300, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
317Acrobat Assistant0 12ACROTRAY.EXE1 00190Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation 01
135adobe acrobat distiller application0 12acrotray.exe1 00 34Added by the  W32.RANDEX.DFJ WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.dfj.html0
329Atheros Configuration Service0  7acs.exe1 00 64Possibly part of the Atheros 802.11b/g WiFi connectivity driver. 01
413AolAcsDaemon10  8Acsd.exe1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
118AlfaCleanerService0 12ACServer.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
327autocad startup accelerator0 13acstart16.exe1 00 91Preloads some libraries that are used by  AutoCAD in order to make the software load faster67http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=51272130
327AutoCAD Startup Accelerator0 13acstart16.exe122StartUp menu\All users0 61AutoCAD 16.1.63.0, Autodesk, Inc. AutoCAD Startup Accelerator39http://www.absolutestartup.com/startup/1
1 5acsuc0  9acsuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119DyFuCA Active Alert0 12actalert.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
127microsoft boot system cfg320 12actboost.exe1 00 32Added by the  W32.Bropia.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html0
125Windows boot system cfg320 12actboost.exe1 00 38Added by W32/Forbot-G, a network WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotgl.html0
3 8activity0  9actik.exe1 00 90ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!67http://www.symantec.com/avcenter/venc/data/spyware.activitykey.html0
311ActionAgent0 15actionagent.exe1 00202A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client. 01
115[Various Names]0 13ActionScr.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
120kernel system daemon0 13ACTIVAT0R.exe1 00 28Added by the RANDEX.AW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html0
210Activation0 14Activation.exe1 00 23Part of Microsoft Money 01
216MoneyStartUp10.00 14Activation.exe1 00 53Part of MS Money 2002. Available via Start - Programs 01
312online cdrom0 15Active acid.exe2 00  2?? 01
1 7ATITech0 10Active.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
122MS Decryption Software0 10active.exe1 00 27MediaTickets adware variant51http://www.spywareguide.com/product_show.php?id=8130
1 8ACTIVEDS0 12ACTIVEDS.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
210ActiveEyes0 14ActiveEyes.exe1 00 30ActiveEyes from TFI Technology53http://www.tfi-technology.com/products.htm#ActiveEyes0
310ActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
317HPGamesActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
323hplaptopgamesactivemenu0 14ActiveMenu.exe1 00260Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case 01
310ActivePlus0 14activeplus.exe1 00 68Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)35http://hot.activebuddy.com/catalog/0
313Active shield0 16Activeshield.exe1 00177Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"34http://www.securitystronghold.com/0
1 6Roam040 11ActiveX.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
3 8ActMaker0 12ActMak25.exe1 00196ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer34http://www.789987.com/products.htm0
311ACTNSTA.EXE0 11ACTNSTA.EXE1 00 68Believed to be a system tray utility for an Accton ethernet adapter.40http://www.accton.com/homepage/index.htm0
3 3ACU0  7acu.exe1 00 66ACU 2.4.0.71, Atheros Communications, Inc.. Atheros Client Utility 01
3 3ACU0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 7acu_qsb0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 3ACU0 14ACU.exe -nogui2 00 67ACU 4.1.0.132, Atheros Communications, Inc.. Atheros Client Utility 01
314Ad Blocker Pro0 18Ad Blocker Pro.exe2 00 32Ad Away popup and banner remover 01
310AD2KClient0 14AD2KClient.exe1 00190Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
318Iomega Active Disk0 14AD2KClient.exe111HKEY_LM\Run0 53AD2KClient 1, 0, 0, 2, Iomega Corporation. AD2KClient39http://www.absolutestartup.com/startup/1
214Adaware Bootup0 12ad-aware.exe1 00  040http://www.lavasoft.de/software/adaware/0
1 8Ad-aware0 12Ad-aware.exe1 00162Ad-aware from Lavasoft. Checks your PC for &quot;Spyware&quot; which reports back your internet activities to &quot;base&quot;. Available via Start -&gt; Programs40http://www.lavasoft.de/software/adaware/0
114Adaware lptt010 11adaware.exe1 00224Variant of the  RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the valid Lavasoft Adaware49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Adaware ml097e0 11adaware.exe1 00186Variant of the  RapidBlaster parasite (in a &quot;Aimaol&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin lptt010 11adaware.exe1 00174Variant of the  RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin ml097e0 11adaware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Lavasoft Ad-Aware0 12Ad-Aware.exe1 00 93Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool55http://www.sophos.com/virusinfo/analyses/w32rbotso.html0
2 8Ad-Aware0 15Ad-Aware.exe +c2 00  0 01
111Browser Pal0 10adblck.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
3 9AdBlocker0 13AdBlocker.exe111HKEY_LM\Run0 583B Ad Blocker Pro 1.00, 3B Software Inc. 3B Ad Blocker Pro39http://www.absolutestartup.com/startup/1
124Micro$oft Windowz Update0 13ADBlockXp.exe1 00 49Added by the W32/Sdbot-AJR worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajr.html0
2 6XemiCo0  7ADC.EXE1 00 98XemiComputers a target="_blank" href="http://www.xemico.com/adc/index.html"Active Desktop Calendar 01
323Active Desktop Calendar0  7ADC.exe111HKEY_CU\Run0103Active Desktop Calendar Application 4, 8, 0, 0, XemiComputers ltd.. Active Desktop Calendar Application39http://www.absolutestartup.com/startup/1
1 8AddClass0 12AddClass.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 8AdDelete0 12AdDelete.exe1 00 27Banner advertisment blocker 01
111AdDestroyer0 15AdDestroyer.exe1 00308Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code 01
1 110  9addit.exe1 00130Added by the W32/Sdbot-RI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotri.html0
0 8addproxy0 12addproxy.exe1 00 26Related to Adobe Photoshop 01
2 9audiodeck0  9ADeck.exe1 00127ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items. 01
3 9AudioDeck0 11ADeck.exe 1211HKEY_LM\Run0 64ADeck Application 5, 9, 0, 6, VIA Technologies, Inc.. Audio Deck39http://www.absolutestartup.com/startup/1
113ad-eliminator0 17ad-eliminator.exe1 00 92Spyware remover of dubious repute - see this  list of non-recommended anti parasite software38of dubious repute - see this  <a href=0
3 3ADG0  7ADG.exe1 00 28SoundBlaster Audigy related? 01
2 7ADGJdet0 11ADGJDet.exe1 00 78Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection 01
213Jet Detection0 11ADGJDet.exe1 00  0 01
213Jet Detection0 11ADGJDet.exe111HKEY_LM\Run0 57HdPhDetector Application 1, 0, 2, 0, . Creative JetDetect39http://www.absolutestartup.com/startup/1
4 6Adiras0 10Adiras.exe1 00 22ADSL USB modem related 01
3 8AdKiller0 21AdKiller.exe /StartUp211HKEY_LM\Run0 89AdKiller Daemon 1.00.0015, Infocrackes Software 2000, Inc.. The Best Free PopUp Ad Killer39http://www.absolutestartup.com/startup/1
131Popup and Advertisement Killers0 13adkillers.exe1 00 48Added by the W32/Rbot-DDH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddh.html0
1 7version0 10adl_dh.exe1 00 25DealHelper adware related60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
319NewsStand.Scheduler0 12ADLSched.exe111HKEY_CU\Run0 76ADLSched 2.8.2.0, NewsStand, Inc.. NewsStand Reader Media Download Scheduler39http://www.absolutestartup.com/startup/1
1 7svchost0 11ADMAGIC.EXE1 00124Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.smibag.worm.html0
120Admanager Controller0 12AdManCtl.exe1 00134This is a WindUpdates variant.  You can uninstall it from Add/Remove Programs.  It is found in C:\Program Files\Admanager Controller\. 01
115Admilli Service0 15AdmilliServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
1 6Remote0 15adminClient.exe1 00 79Added by the Backdoor.Gapin backdoor. This infections listens on TCP port 1039.58http://www.sarc.com/avcenter/venc/data/backdoor.gapin.html0
113Administrator0 17Administrator.exe1 00 44Added by the Troj/GrayBrd-B Trojan backdoor.58http://www.sophos.com/virusinfo/analyses/trojgraybrdb.html0
118ADM Library Loader0 12admlib32.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5AWMON0 14Ad-Monitor.exe1 00 21F-Secure_Anti-Spyware38http://www.f-secure.com/products/fsas/0
311admtray.exe0 11admtray.exe1 00 33Related to  Acer Inc. Destop tray23http://global.acer.com/0
310Ad Muncher0 11ADMUNCH.EXE1 00184Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications25http://www.admuncher.com/0
319Go!Zilla Ad Muncher0 15AdMunch.exe /bt211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Adobe Gamma Loader0 22Adobe Gamma Loader.exe2 00231Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine 01
1 5Adobe0  9Adobe.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
4 6dlmMgr0 24AdobeDownloadManager.exe1 00260This is Adobe's download manager that allows for resuming of partially complete downloads from their site.  If you want the program to continue downloading you need to keep this entry.  When it has completed downloading it will remove itself from the registry. 01
416Adobe LM Service0 14Adobelmsvc.exe1 00306This is Adobe's license management service that is used to make sure you are not using a pirated copy of their software.  It does this by examining your hardware on your computer and asking you to reregister if this changes.  This can not be disabled as it will reenable when you use one of their products. 01
1 8adobemgr0 12adobemgr.exe1 00 38Added by the  Trojan.Adclicker TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html0
119adobe photoshop 7.00 18AdobePhotoshop.exe1 00122Added by a variant of the  W32/SDBOT WORM! - NOTE: Do NOT confuse with the  Adobe photo editing software of the same name!43http://vil.nai.com/vil/content/v_100454.htm0
1 6AdobeA0 10adobes.exe1 00 29Added by the FLOOD.BA TROJAN!43http://vil.nai.com/vil/content/v_100373.htm0
2 9updateMgr0 33AdobeUpdateManager.exe AcRdS7_0_0211HKEY_CU\Run0 74Adobe Update Manager 3.0, Adobe Systems Incorporated. Adobe Update Manager39http://www.absolutestartup.com/startup/1
015Ad Online Guide0 17adonlineguide.exe1 00  2?? 01
1 3adp0  7adp.exe1 00 70Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc 01
111ATM Control0  8adpn.exe1 00 24Added by the MMS.A WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&amp;VSect=T0
1 4aapp0  6adprot1 00 24AdBlaster adware variant 01
1 6adprot0 10adprot.exe1 00  0 01
4 8adpu160m0 12adpu160m.sys1 00 65Added by Nero Burning Rom program. Needed to properly burn files. 01
1 7updater0 15adservernow.exe1 00 18AdServerNow adware79http://securityresponse.symantec.com/avcenter/venc/data/adware.adservernow.html0
3 9ADService0 13ADService.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
3 7AdsGone0 11adsgone.exe1 00  0 01
3 7AdsGone0 11Adsgone.exe1 00 24AdsGone - pop-up stopper23http://www.adsgone.com/0
1 7SyncMon0 14adslcomdos.exe1 00 78Added by the a href=http://www.sophos.com/virusinfo/analyses/trojclunkya.html"30Troj/Clunky-A backdoor trojan.0
313ADSLConnector0 23ADSLConnector.exe /auto225StartUp menu\Current user0 70Conector Speed UOL 1, 0, 1, 0, Universo Online S/A. Conector Speed UOL39http://www.absolutestartup.com/startup/1
4 4ADSS0  8ADSS.exe1 00225ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied22http://www.johnru.com/0
1 9adstartup0 13Adstartup.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
116AdStatus Service0 14AdStatServ.exe1 00 22Unknown adware/malware 01
216Subtract the Ads0  9AdSub.exe1 00 62Removes adverts from web pages. Although useful - not required 01
310AdSubtract0  9AdSub.exe1 00 51AdSubtract 3.0 3.0, IinterMute inc.. AdSubtract 3.0 01
310AdSubtract0  9adsub.exe1 00147AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start - Programs26http://www.adsubtract.com/0
110adtech20050 14adtech2005.exe1 00 62Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus. 01
110adtech20060 14adtech2006.exe1 00 53Identified by Kapersky as Trojan-Clicker.Win32.VB.kc. 01
115adtools service0 11AdTools.exe1 00 26Windupdates adware variant27http://www.windupdates.com/0
213ADQuickAccess0 10Adtray.exe1 00112After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 01
110Adult_Chat0 14Adult_Chat.exe1 00 21Adult content dialler 01
111Adult_Chat10 15Adult_Chat1.exe1 00  0 01
1 6AdultX0 10AdultX.exe1 00 34Adult content dialler and hijacker 01
3 9ADUserMon0 13ADUserMon.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
1 7aduxlqj0 11aduxlqj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9[unknown]0  9ADVAP.EXE1 00127Added by the W32/SdBot-W worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotw.html0
1 6Advapi0 10Advapi.exe1 00 30Added by the NETDEVIL.12 WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.120
1 8advapi320 18advapi32.exe -auto211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
220Advanced Tools Check0 10ADVCHK.EXE1 00141Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget 01
2 6ADVCHK0 10ADVCHK.EXE1 00  0 01
220Advanced Tools Check0 10ADVCHK.EXE111HKEY_LM\Run0 97Norton AntiVirus 8.00.61, Symantec Corporation. Norton AntiVirus Advanced Tools Integrity Checker39http://www.absolutestartup.com/startup/1
120advanced tool checks0 11advchks.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8advmon320 12advmon32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
124[random 12 digit number]0 12advpack1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
126advanced protection system0 11advpsys.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3adw0  7adw.exe1 00 74Added by the Troj/AdClick-BK Trojan!  File is found in the Windows folder.59http://www.sophos.com/virusinfo/analyses/trojadclickbk.html0
2 5load=0  9adw30.exe1 00102After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 01
312Adware Agent0 16adware agent.exe2 00 26Adware Agent popup blocker58http://www.topshareware.com/Adware-Agent-download-4866.htm0
311adwarealert0 15AdwareAlert.Exe1 00118Spyware remover  of dubious repute  -  see the  SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites39of dubious repute  -  see the  <a href=0
311AdwareAlert0 21AdwareAlert.Exe -boot211HKEY_LM\Run0 47AdwareAlert 3.06.0002, AdwareAlert. AdwareAlert39http://www.absolutestartup.com/startup/1
112AdwareDelete0 16adwaredelete.exe1 00 61Rogue antispyware application that is installed with malware. 01
334AdwareFilter Background Protection0 16adwarefilter.exe122StartUp menu\All users0 50Adware Filter 2, 3, 8, 0, PCSafe.com. AdwareFilter39http://www.absolutestartup.com/startup/1
210Adware Spy0 13AdwareSpy.exe1 00 86Bogus adware remover, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Adwarz Spy Remover0 10ADWARZ.EXE1 00 49Added by the W32/Spybot-EV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybotev.html0
3 8Ad-watch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
3 5AWMON0 12Ad-Watch.exe1 00  040http://www.lavasoft.de/software/adaware/0
316Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe1 00 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector 01
116Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe111HKEY_LM\Run0 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector39http://www.absolutestartup.com/startup/1
1 4aebq0  8aebq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Aeiwlsta.exe0 12Aeiwlsta.exe1 00 42IBM High Rate Wireless LAN Adapter driver. 01
210SharkEject0 11AEJCT32.exe1 00136Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required 01
2 8AELaunch0 12AELaunch.exe1 00 68Audio Applications Launcher for the Philips  Acoustic Edge soundcard182http://www.consum0
320active email monitor0  9aem25.exe1 00153Active_Email_Monitor checks multiple accounts for email,  serves as a SPAM filter and can also protect you from harmful items that can be sent via email.31http://www.vicman.net/emailmon/0
1 9AERVICESN0 13AERVICESN.exe1 00 32Added by the W32/Randon-AO worm.57http://www.sophos.com/virusinfo/analyses/w32randonao.html0
213aexagentlogon0 20AeXAgentActivate.exe1 00105Altiris Agent transmits information about your machine for the purpose of asset management and deployment22http://www.altiris.com0
123microsoftz turn control0  8aexl.exe1 00 29Added by the  SDBOT.BCO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCO&VSect=P0
3 8NSHelper0 22aexnsinstallhelper.exe1 00 91Altiris Express Notification Server Install helper - monitors integrity of the installation 01
3 9AeXSWDUsr0 13AeXSWDUsr.exe1 00 43Altiris Express NS Client Manager software.23http://www.altiris.com/0
1 5aeydt0  9aeydt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Adobe Filter Platform0 19afilterplatform.exe1 00 26Added by the RBOT-OP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotop.html0
1 6afmymk0 10afmymk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5Agent0  9Agent.exe1 00170Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start - Programs24http://www.cyberlink.com0
2 9LookNMeet0  9Agent.exe1 00 24LooknMeet dating service47http://217.22.55.178/rdl/lnm_v4.3/nl/index.html0
116Backdoor.NuAgent0  9agent.exe1 00 43Added by the Troj/Agent-DP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdp.html0
1 8agentsvr0 12agentsvr.exe1 00239Malware, detected by  Kaspersky antivirus as AdWare.Monker.a - NOTE:  do NOT confuse with the Microsoft Agent Server application of the same name as described  here - the legitimate file will always be located in the WindowsMsagent folder.36http://www.kaspersky.com/personalpro0
110[not used]0 14Agentsvr32.exe1 00104Added by the Troj/Dropper-BA dropper Trojan.br /br /Uses CLSID: bE7CCDB6E-AE6D-11cf-96B8-444553540000/b.59http://www.sophos.com/virusinfo/analyses/trojdropperba.html0
1 9RavUptets0 11agetlke.exe1 00 35Added by the Troj/QQPass-AK Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassak.html0
1 9RavUpteni0 14agetlktsyr.exe1 00 35Added by the Troj/QQPass-CJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpasscj.html0
1 8RavUptkt0 12agetlktz.exe1 00 35Added by the Troj/QQPass-AJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaj.html0
1 7RavUpfs0 12agetltfs.exe1 00 35Added by the Troj/QQPass-AL Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassal.html0
3 8AgfaCLnk0 12AgfaCLnk.exe1 00162For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive 01
1 3agp0  9agp32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
2 6acpart0 12agpart11.exe1 00 34Program for finding trucks on-line 01
219Creative AGP Wizard0 10agpwiz.exe1 00 33Part of Creative's BlasterControl 01
313QuickPassword0 12agquickp.exe1 00 69Smart card-based authentication and digital signature client software 01
313Forget Me Not0 12AGRemind.exe1 00 57Calendar reminder part of American Greetings® CreataCard® 7#FF00000
3 8AGRSMMSG0 12AGRSMMSG.exe111HKEY_LM\Run0109Agere SoftModem Messaging Applet 2.1.25 2.1.25 02/14/2003 11:58:58, Agere Systems. SoftModem Messaging Applet39http://www.absolutestartup.com/startup/1
211AGSatellite0 15AGSatellite.exe1 00107Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start - Programs 01
1 8AGSeyApp0 12AGSeyApp.exe1 00 32Added by the  GoldenEye SPYWARE!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.goldeneye.html0
1 6agypdk0 10agypdk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Aha154x0 11aha154x.sys1 00 51Adaptec SCSI driver installed by Microsoft Windows. 01
3 4ahfp0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
3 7ahfprog0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
115control handler0 11ahjinst.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 5AHNSD0  9AhnSD.exe1 00 89AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis48http://home.ahnlab.com/english/product/01_1.html0
2 5AHNUE0  9AHNUE.exe1 00  2?? 01
1 4ahnx0  8ahnx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AHQInit0 11AHQInit.exe1 00 64AHQInit Application 1, 0, 0, 0, Creative Technology Ltd. AHQInit 01
2 7AHQInit0 11ahqinit.exe1 00147Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required 8#AudioHQ0
2 6AutoEA0 10Ahqrun.exe1 00189For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ 01
2 7AudioHQ0  9AHQTB.EXE1 00 57AudioHQ 1.4.0, Creative Technology Ltd.. Creative AudioHQ 01
2 7AudioHQ0  9Ahqtb.exe1 00133For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -&gt; Programs 01
3 8AudioHQU0 10AHQTBU.EXE111HKEY_LM\Run0 58AudioHQ 1.13.0, Creative Technology Ltd.. Creative AudioHQ39http://www.absolutestartup.com/startup/1
110ahui32.exe0 10ahui32.exe1 00 52Added by the Troj/Certif-M password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifm.html0
1 7aiasxwa0 11aiasxwa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7aic78u20 11aic78u2.sys1 00 58Added by Microsoft for the Adaptec SCSI hardware profiles. 01
4 7aic78xx0 11aic78xx.sys1 00 34Added by Microsoft for SCSI drives 01
4 5load=0 12AICLIENT.EXE1 00141Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system32http://www.tangram.com/index.htm0
338Another Internet Explorer Popup Killer0  9aiepk.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
3 5aiepk0 10aiepk2.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
1 3aIg0  7aIg.exe1 00 33Added by the Troj/Proxy-H trojan.56http://www.sophos.com/virusinfo/analyses/trojproxyh.html0
1 8msvchost0  7aig.exe1 00 35Added by the Troj/Aimbot-BC Trojan.58http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html0
1 5Lsass0  9aight.exe1 00 36Identified as Trojan.Proxy.Agent.FB. 01
1 8aikkcrej0 12aikkcrej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112AIM reminder0 16AIM reminder.exe2 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
2 3AIM0  7aim.exe1 00142AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start - Programs 01
131Advanced Interactive Multimedia0  7aim.exe1 00 44Identified as trojan.downloader.(small).xxx. 01
1 3Aim0  7aim.exe1 00135Added by the W32/Sdbot-BFX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotbfx.html0
115aim quick start0  7Aim.exe1 00 50Added as result of a  W32/Forbot-BB worm infection57http://www.sophos.com/virusinfo/analyses/w32forbotbb.html0
121aol instant messanger0  7aim.exe1 00 26Added by the  W32/Sdbot-YT56http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html0
2 3AIM0 21aim.exe -cnetwait.odl211HKEY_CU\Run0 75AOL Instant Messenger 5.9.3690, America Online, Inc.. AOL Instant Messenger39http://www.absolutestartup.com/startup/1
3 3aim0  8AIM+.exe1 00 81AIM_plus a free add-on to AOL's Instant Messenger for Windows from Big-O Software30http://www.big-o-software.com/0
127AOL Instant Messenger 7.2130 11aim9283.exe1 00133Added by the W32/Sdbot-ZF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html0
113AIM95 Startup0  9aim95.exe1 00 30Added by the  AGOBOT.AEE WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE0
120Configuration Loader0  9aim95.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
113aimaol lptt010 10aimaol.exe1 00176Variant of the  RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113aimaol ml097e0 10aimaol.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 8aimb.exe0  8aimb.exe1 00129Added by the Spyware.IMSurfSentinel surveillance program.  If you did not install this on your machine then you should remove it.66http://www.sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html0
1 6wkssvc0 13AIMClient.exe1 00 50Added by the W32/Tilebot-DP worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdp.html0
2 4Star0  8aime.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
313AgenteADSL_150 27AimExDll.exe AimGestA.dll 8211HKEY_LM\Run0 71Aplicación AimExDLL 1, 5, 2, 2, Telefónica I+D. Aplicación MFC AimExDLL39http://www.absolutestartup.com/startup/1
211AimingClick0 15AimingClick.exe1 00 79AimingClick from AimingTech. Web searching tool. Available via Start - Programs46http://www.aimingtech.com/aimingclick/home.htm0
110Aim Plugin0 13aimplugin.exe1 00 47Added by the W32/Guap-F instant messenger worm.54http://www.sophos.com/virusinfo/analyses/w32guapf.html0
124Aol Configuration Loader0 10aimsng.exe1 00 12Added by the38W32/Sdbot-XE WORM/IRC backdoor trojan!0
212AIMWDInstall0 16AIMWDInstall.exe1 00240Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
1 6aipndj0 10aipndj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422D-Link Air USB Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 72Wireless LAN Monitor 3, 1, 5, 30626, D-Link. D-Link Wireless LAN Monitor 01
1 7aircity0 11aircity.exe1 00 19Unidentified adware 01
1 8ethernet0 10airftp.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
416d-link airplus g0 11AirGCFG.exe1 00 37D-Link Airplus Wireless Router driver 01
416D-Link AirPlus G0 11AirGCFG.exe1 00 72Wireless LAN Monitor 3, 3, 1, 50329, D-Link. D-Link Wireless LAN Monitor 01
338D-Link AirPlus G Configuration Utility0 11AIRPLUS.exe122StartUp menu\All users0 57D-Link AirPlus G 1, 0, 0, 0, D-Link. WLAN Adapter Utility39http://www.absolutestartup.com/startup/1
414D-Link AirPlus0 11AirPlus.exe1 00 20WLAN Adapter Utility 01
321Media Manager Indexer0 11AIRSVCU.EXE1 00284Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see here79http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm0
3 6Ajanda0 10Ajanda.EXE111HKEY_LM\Run0 33Ajandam 2.00.0001, Akýllý Ajanda.39http://www.absolutestartup.com/startup/1
1 7ajjcgym0 11ajjcgym.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Advertising Killer0 11Akiller.exe1 00 24AKiller - pop-up stopper64http://www.buypin.com/menu.php?group=1&page=akiller&lang=english0
3 7AKiller0 11akiller.exe1 00 40BuyPin Advertising Killer - popup killer40http://sourceforge.net/projects/akiller/0
317Ardamax Keylogger0  7akl.exe1 00113Added by the Spyware.Ardakey.B keylogger. This program should be uninstalled if it was not installed by yourself.61http://www.sarc.com/avcenter/venc/data/spyware.ardakey.b.html0
133Microsoft Synchronization Manager0  6al.exe1 00 32Added by the OPTXPRO.132 TROJAN!93http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_OPTXPRO.1320
3 7ala.exe0  7ala.exe1 00117Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer33http://www.softheap.com/lock.html0
1 5alaog0  9alaog.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313Alarm Manager0 13Alarm.app.exe1 00 93Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop 01
312AlarmWatcher0 16AlarmWatcher.exe1 00 88Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. 01
3 9LaunchApp0 11Alaunch.exe1 00 35Acer Launch tool utility on laptops23http://global.acer.com/0
012alcfdmonitor0 12ALCFDRTM.EXE1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
010alcfdrtm160 14ALCFDRTM16.com1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
1 6Alchem0 10Alchem.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 6Alcmtr0 10ALCMTR.EXE1 00109Realtek AC97 Audio - Event Monitor 1.6.0.2, Realtek Semiconductor Corp.. Realtek Azalia Audio - Event Monitor 01
1 6alcmtr0 10ALCMTR.EXE1 00213Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers 01
3 7Alcohol0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
315Alcohol Autorun0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
2 7AlcWzrd0 11ALCWZRD.EXE1 00181RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one 01
2 7AlcWzrd0 11ALCWZRD.EXE111HKEY_LM\Run0 73ALCWZRD 1.1.0.19, RealTek Semicoductor Corp.. RealTek AlcWzrd Application39http://www.absolutestartup.com/startup/1
311AlcxMonitor0 12ALCXMNTR.EXE111HKEY_LM\Run0 93Realtek Audio - Event Monitor 1.5, Realtek Semiconductor Corp.. Realtek Audio - Event Monitor39http://www.absolutestartup.com/startup/1
111AlcxMonitor0 12Alcxmntr.exe1 00208Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers 01
312PC Alert III0  9alert.exe1 00119MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock 01
1 6Alevir0 10Alevir.exe1 00 55Added by the OPASERV.A or OPASERV.F or OPASERV.G WORMS!57http://www.sophos.com/virusinfo/analyses/w32opaserva.html0
2 5Alexa0  9Alexa.exe1 00219Alexa Toolbar &quot;is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing&quot;. Available via Start -&gt; Programs65http://download.alexa.com/alexa65/startpage.html?p=Dest_W_g_40_L10
111AlfaCleaner0 15AlfaCleaner.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
317ALFY Accellerator0 12AlfyAC~1.exe1 00  2?? 01
333Application Layer Gateway Service0  7alg.exe1 00211Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.  This can be disabled if you are not using Internet Connection Sharing or the built-in Windows firewall. 01
110AppGateway0  7alg.exe1 00 48Added by the W32/Rbot-BCB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcb.html0
133Application Layer Gateway Manager0  7alg.exe1 00 50Added by the W32/Tilebot-EU worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteu.html0
139Windows System Service Framework (WSSF)0  7alg.exe1 00152Added by the Troj/Rootkit-AA worm and IRC backdoor. When started, this infection connects to a remote IRC server where it waits for commands to execute.59http://www.sophos.com/virusinfo/analyses/trojrootkitaa.html0
118Networking Service0  8alg2.exe1 00 48Added by the W32/Rbot-BDT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdt.html0
124Microsoft ALG32 Protocol0  9alg32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9SystUphes0 12algesetp.exe1 00 35Added by the Troj/QQPass-AM Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassam.html0
133Application Layer Gateway Service0  8algs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
132Application Layer Gateway System0 10algsys.exe1 00 48Added by the W32/Rbot-DDF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddf.html0
1 4ALGU0  8ALGU.EXE1 00 39Added by the Troj/CWS-I Trojan dropper.54http://www.sophos.com/virusinfo/analyses/trojcwsi.html0
1 7bandook0  7ali.exe1 00 35Added by the  TROJ/EXEMAS-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojexemasb.html0
225Alias SketchBook Snapshot0 12ALIASS~2.EXE1 00 43Screen-capture utility for Alias Sketchbook 01
319SketchBook Snapshot0 19AliasSketchSnap.exe122StartUp menu\All users0 68Alias SketchBook Pro 1.0.3, Alias Systems. Alias SketchBook Snapshot39http://www.absolutestartup.com/startup/1
115[Various Names]0 11AliceSD.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
133Microsoft Synchronization Manager0  9alien.exe1 00133Added by the W32/Sdbot-MV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmv.html0
4 6AliIde0 10aliide.sys1 00 54ALi mini IDE Driver provided by Acer Laboratories Inc. 01
4 9ALiSndMgr0 12ALiSndMg.exe1 00 21ALi AC97 Sound driver 01
1 8BootsCfg0 15All Users.vbs %2 00 47Added by the VBS.Spiltron@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/vbs.spiltron@mm.html#technicaldetails0
2 9allercalc0 13AllerCalc.exe1 00128AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually.38http://www.allersoft.com/allercalc.htm0
3 7allSnap0 11allSnap.exe1 00140allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop48http://members.rogers.com/ivanheckman/index.html0
213AllTracksGone0 17alltracksgone.exe1 00471AllTracksGone lets you clear your tracks.  It deletes files stored on your computer.  For example, the web pages you've visited are stored in your URL History.  Images you've seen on your computer are stored in a cache file.  There are many other files that AllTracksGone can "clean".   From one simple interface, you can have AllTracksGone clear your computer of unnecessary files on a regular basis. Normally located in C:\Program Files\AllTracksGone\alltracksgone.exe.28http://www.alltracksgone.com0
021AOL Instant Messenger0  7AlM.EXE1 00 99That is an L between the A and M, the start up location is wrong for AIM. What does this relate to? 01
319AcerNotebookManager0 13almxptray.exe1 00 82System Tray access on some Acer Notebooks to give faster access to system settings 01
319AcerNotebookManager0 13almxptray.exe111HKEY_LM\Run0 122.0.6, Acer.39http://www.absolutestartup.com/startup/1
3 8Alogserv0 12Alogserv.exe1 00372From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up 01
3 6alpass0 10ALPass.exe1 00 23ALPass password manager44http://www.altools.net/Default.aspx?tabid=620
120alogrithm link queue0  7alq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
4 7Alerter0 10alrsvc.dll1 00125This service is used to notify selected computers and users of alerts from programs.  This service is started by svchost.exe. 01
0 6ALServ0 10ALServ.exe1 00 34Altec Lansing AMS speaker related. 01
3 5AISys0  9alsys.exe1 00128Added by the Spyware.ActivityLog surveillance software.  This program should be uninstalled if it was not installed by yourself.63http://www.sarc.com/avcenter/venc/data/spyware.activitylog.html0
112alexatoolbar0  7alt.exe1 00 51Reported as Hijacker.Delf.eb by ewido anti-malware. 01
314AltoMB_service0 13AltoMBsrv.exe1 00125Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management28http://www.altosoftware.com/0
111altpayments0 15AltPayments.exe1 00 45Reported by  Symantec as Adware.WeirdOnTheWeb81http://securityresponse.symantec.com/avcenter/venc/data/adware.weirdontheweb.html0
120notification utility0 12altpayV2.exe1 00 51Reported by  Ewido_Security_Suite as Adware.WeirWeb24http://www.ewido.net/en/0
216ASUS Live Update0  7ALU.exe1 00 49ALU Application 1, 0, 0, 1, . ALU MFC Application 01
216asus live update0  7ALU.exe1 00 50ASUS Live Update utility - reportedly not required 01
3 8ALUAlert0 13ALUNotify.exe1 00116Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis 01
316AlwaysOnTopMaker0 20AlwaysOnTopMaker.exe1 00120Always On Top Maker - utilty to enable an application to always be displayed &quot;on top&quot; of others on the desktop43http://www.fadsoft.com/AlwaysOnTopMaker.htm0
217Action Manager 320  8AM32.exe1 00 142, 60, 0, 0, . 01
217Action Manager 320  8am32.exe1 00136Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -&gt; Programs 01
310CA-AMAgent0 11amagent.exe1 00355Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting47http://www3.ca.com/Solutions/Product.asp?ID=1940
111AmazingTens0 15AmazingTens.exe1 00 34Premium rate adult content dialler 01
314intelapmclient0 12amclient.exe1 00 45LANDesk  Management_Suite software component.37http://www.landesk.com/Products/LDMS/0
1 4Aaou0  8amee.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
410[not used]0 10aminit.dll1 00 60Used by the Altiris® Application Metering Solution software.52http://www.altiris.com/products/applicationmetering/0
4 4Amon0  8AMON.EXE1 00 45Monitoring part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
4 8Amonitor0  8amon.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
310WheelMouse0 12AMOUMAIN.EXE1 00 99A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features46http://www.a4tech.com/a4techenglish/index.html0
310WheelMouse0 12Amoumain.exe111HKEY_LM\Run0 67A4Tech iWheelWorks Mouse Driver 7.46.0.0, A4Tech Co.,Ltd.. Amoumain39http://www.absolutestartup.com/startup/1
122accessmedia p2p loader0 10amp2pl.exe1 00 51My AccessMedia toolbar related,  stealth installed! 01
4 6amsint0 10amsint.sys1 00 42AMD SCSI/NET Controller Added by Microsoft 01
3 4amsn0  8amsn.exe1 00 41aMSN P2P client - can be started manually55http://amsn.sourceforge.net/modules.php?name=About_Amsn0
3 4AMSN0  8amsn.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
117lnternet Explorer0 12AMSNDMGR.EXE1 00 90Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"84http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html0
113Clock_Manager0 10amsngr.exe1 00 79Added by the A href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html"39Troj/Sdbot-XM WORM/IRC backdoor trojan!0
115winsock2 driver0 11AMSNMGR.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
113WinDynManager0 11amsnmsg.exe1 00121Added by the W32/Sdbot-IA worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotia.html0
111msn service0 13amsnmsgrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 5amuvd0  9amuvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5amxph0  9amxph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4amyi0  8amyi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113Bar Ding lolt0 10Analiz.exe1 00 26Added by the RBOT-RP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrp.html0
212Utopia Angel0  9Angel.exe1 00 37Calculator for the online Utopia game31http://games.swirve.com/utopia/0
1 7ISEXEng0 11angelex.exe1 00173This file is associated with adware. It is known to download and install other spware and adware on to your computer. This service should definitely be stopped and disabled. 01
1 8animalss0 12animalss.exe1 00 49Added by the W32/Agobot-VE worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotve.html0
242Animated Weather Satellite and Radar v2.1a0 38Animated Satellite and Radar v2.1a.exe225StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
1 4Xuab0 11anlmdox.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
013AnnotateCheck0 12AnnCheck.exe1 00 40Genius Wizard Pen Tablet driver related. 01
213Announcements0 12Annclist.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
231Microsoft Announcement Listener0 12Annclist.exe1 00  0 01
2 7Anntext0 11Anntext.exe1 00 39Caere Pagekeeper text annotation server 01
324anonymizer_spywarekiller0 19AnonAntiSpyware.exe1 00 36Anonymizer Spyware Killer; see  here40http://www.anonymizer.com/spywarekiller/0
327Trace ZapperAnonymousServer0 12AnonSurf.exe111HKEY_LM\Run0 88Trace Zapper Anonymous Surfer 3, 0, 0, 2, TraceZapper.com. Trace Zapper Anonymous Surfer39http://www.absolutestartup.com/startup/1
327anonymizer total net shield0 11AnonTns.exe1 00 28Anonymizer  Total_Net_Shield117http://www0
111Will I Ever0 10anqbse.exe1 00 12Added by the38W32/Sdbot-TK WORM/IRC backdoor trojan!0
1 5avqra0 10anqmfn.exe1 00153Added by the Troj/Sdbot-BV backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotbv.html0
2151-Click Answers0 11answers.exe122StartUp menu\All users0 67Answers 1.0 (build 84), GuruNet Corporation. 1-Click Answers Client39http://www.absolutestartup.com/startup/1
1 9HideStyle0 21Ante Browse Trust.exe2 00123IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files 01
1 5virus0  8Anti.exe1 00 35Added by the  WIN32.SEENBOT.O WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=421850
1 9Yahoo20000  8Anti.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9anti_troj0 13anti_troj.exe1 00 36Added by the Troj/BagleDl-AH Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlah.html0
117auto__antiav__key0 14antiav_exe.exe1 00 98Added by the Troj/BagleDl-AA Trojan.  This infection also creates the file %System%antiav_dll.dll.59http://www.sophos.com/virusinfo/analyses/trojbagledlaa.html0
4 9AntiCrash0 13AntiCrash.exe1 00 92Programs that stays resident in memory and attempts to stop your applications from crashing. 01
411!!!AntiHook0 12AntiHook.exe1 00 52Installed by the AntiHook malware protection system.42http://www.infoprocess.com.au/AntiHook.php0
320Anti-keylogger check0 11antikey.exe1 00 79Anti-keylogger - protects against keylogger programs monitoring your keystrokes31http://www.anti-keyloggers.com/0
318Anti-keylogger 6.00 27Anti-keylogger.exe /autorun211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
320AntiWindowsMessenger0 13AntiMsMsg.exe1 00111Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory49http://fileforum.betanews.com/detail/1069500643/10
3 9AntiPopUp0 13AntiPopUp.exe1 00 33AntiPopUp for IE - pop-up stopper38http://www.webknacks.com/antipopup.htm0
112AntiSpam Pro0 15AntiSpamPro.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5ppass0 11Antispy.exe1 00162AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"59http://www.antivirus-program.com/antivirus_program/antispy/0
111microsoft640  9antiv.exe1 00 24Added by the SOBER WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html0
1 3Zi50 20AntiVirus Update.exe2 00 46Added by the W32.Erkez.G@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.g@mm.html#technicaldetails0
320Anti-Spyware Blocker0 14Anti-Virus.exe122StartUp menu\All users0 42AntiVirus 1, 0, 0, 1, AntiVirus. AntiVirus39http://www.absolutestartup.com/startup/1
120anti-spyware blocker0 14Anti-Virus.exe1 00191Anti-Spyware Blocker by  Your-Soft , bogus "Spyware remover" - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "anti-spyware blocker"25http://www.your-soft.com/0
116AntiVirus Update0 13AntiVirus.exe1 00143Added by the W32/Rbot-HY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothy.html0
113AntiVirus.exe0 13AntiVirus.exe1 00143Added by the Troj/Banker-CAA banking Trojan.  If you are infected with this Trojan it is advised that you change your online banking passwords.59http://www.sophos.com/virusinfo/analyses/trojbankercaa.html0
111antivirus320 13antivirus.exe1 00173html" target=_blankSPYBOT.KAI networm worm.  This worm infects other computer through file sharing networks and connects to an IRC server where it waits for remote commands. 01
2 9Eac_rnvdl0 21ANTIVIRUS_INSTALL.EXE1 00  2?? 01
111antivirus320 15antivirus32.exe1 00 39Added by the W32.Opanki.P network worm.73http://www.sarc.com/avcenter/venc/data/w32.opanki.p.html#technicaldetails0
127Windows Anti-Virus Built 320 15AntiVirus32.exe1 00 27Added by the SDBOT-BG WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html0
113antivirusgold0 17AntivirusGold.exe1 00 73Malware masquerading as an antivirus - also installs the  Winnook TROJAN!69http://www.bleepingcomputer.com/startups/intel_system_tool-10422.html0
4 5AnVir0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
418AnVir Task Manager0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
3 8anvshell0 12anvshell.exe1 00194System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel - Display Properties - Advanced as well as the System Tray shortcuts toolbar 01
3 8anvshell0 12anvshell.exe111HKEY_LM\Run0 81ASUS nVidia Series Shell 1.00.00, AsusTeK Computer Inc.. ASUS nVidia Series Shell39http://www.absolutestartup.com/startup/1
113NvCplDaemon320 14anvshell32.exe1 00 31Added by the Troj/VB-XU trojan.54http://www.sophos.com/virusinfo/analyses/trojvbxu.html0
3 6AnyDVD0 10AnyDVD.exe1 00193AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well37http://www.slysoft.com/en/anydvd.html0
1 5aoacn0  9aoacn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4ugon0 12aockstrs.exe1 00  2?? 01
2 4Lcer0  8aoco.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5aogsd0  9aogsd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121AOL Instant Messengar0  7aol.exe1 00 12Added by the39W32/Agobot-FN worm/IRC backdoor trojan.0
214AOL Fast Start0 10AOL.EXE -b2 00154This allows AOL to load in the background when your computer starts.  This make the program launch quicker when you want to use it, but uses up resources. 01
214AOL Fast Start0 10AOL.EXE -b211HKEY_CU\Run0 61America Online 9.02.000, America Online, Inc.. America Online39http://www.absolutestartup.com/startup/1
124Microsoft AOL32 Protocol0  9aol32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413AolAcsDaemon10 11AOLACSD.EXE1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
117AOL 9.0 Optimized0 13AOLCLIENT.EXE1 00 82Added by the Backdoor.Spyboter.A Trojan!  File found in the Windows system folder.66http://www.sarc.com/avcenter/venc/data/pf/backdoor.spyboter.a.html0
2 9AOLDialer0 11AOLDial.exe1 00 69AOL ISP software dialer - can be activated through a desktop shortcut 01
2 9AOLDialer0 11AOLDial.exe111HKEY_LM\Run0 81AOL Connectivity Service 3.0.0.1, America Online. AOL Connectivity Service Dialer39http://www.absolutestartup.com/startup/1
2 6AolFix0 10AolFix.exe1 00211Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL&nbsp; to run correctly. Not seen much any more and should only run once 01
125Aol Instant Messenger Fix0 10aolfix.exe1 00134Added by the W32/Sdbot-ABJ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html0
011HostManager0 18AOLHostManager.exe1 00 41In a Program FilesCommon FilesAOL folder. 01
311HostManager0 18AOLHostManager.exe111HKEY_LM\Run0 75AOL Service Libraries 1.0.0.6, America Online, Inc.. AOLHostManager Service39http://www.absolutestartup.com/startup/1
121aol instant messenger0 10aolmsg.exe1 00 29Added by  W32.Kelvir.AL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.al.html0
113AOL Messenger0 12aolmsngr.exe1 00 27Added by the SDBOT-JF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html0
118aol services hosts0 20aolserviceshosts.exe1 00 40Added by an unidentified WORM or TROJAN! 01
111AolSoftware0 15aolsoftware.exe1 00 50Added by the W32/Tilebot-CL worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcl.html0
322AOL Spyware Protection0 19AOLSP Scheduler.exe2 00 32AOL's spyware protection program 01
322AOL Spyware Protection0 19AOLSP Scheduler.exe211HKEY_LM\Run0 46AOLSP Scheduler 1, 0, 0, 78, . AOLSP Scheduler39http://www.absolutestartup.com/startup/1
119AOLSPYWAREREMOVER320 23AOLSPYWARECLEANER32.EXE1 00 49Added by the W32/Spybot-HJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybothj.html0
228America Online *.* Tray Icon0 11aoltray.exe1 00126Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -&gt; Programs 01
228America Online 9.0 Tray Icon0 18aoltray.exe -check222StartUp menu\All users0 60America Online 9.00.001, America Online, Inc.. AOL Tray Icon39http://www.absolutestartup.com/startup/1
420AOL TopSpeed Monitor0 12aoltsmon.exe1 00183This program is used by AOL's web acceleration technology which supposedly helps to make web browsing faster.  This is most important for those users who still access AOL via dial-up. 01
3 8ccWasher0 13aolwasher.exe1 00200Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL 01
1 6Aornum0 10aornum.exe1 00107Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware79http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf0
1 8aosrfmkr0 12aosrfmkr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AO Tray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
2 6AOTray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
1 8aoyssrll0 12aoyssrll.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ap9h4qmo0 12ap9h4qmo.exe111HKEY_LM\Run0 134, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
4 6Apache0 10apache.exe1 00 93This is the Apache Web Server.  If this is running on your machine, you should know about it.21http://www.apache.org0
322Monitor Apache Servers0 17ApacheMonitor.exe1 00125Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start - Programs 01
4 8apc_tray0 12apc_tray.exe1 00124Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure 01
1 6apd1230 10APD123.exe1 00 47Added by the Troj/Dloadr-JT downloading Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrjt.html0
222adobe photo downloader0 12apdproxy.exe1 00 89From  Adobe_Photoshop_Album not to be terminated unless suspected to be causing problems.21http://www.adobe.com/0
1 5API320  9api32.exe1 00 29Added by the IRCBOT-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojircbotb.html0
1 6APIMon0 11apimonx.exe1 00 40Added by the TIBSER.A downloader TROJAN! 01
110apisvc.exe0 10apisvc.exe1 00 42Added by a variant of the  Lamebot TROJAN!43http://vil.nai.com/vil/content/v_116121.htm0
124Windows API Control Task0 12apitsk32.exe1 00153Added by the W32.Mytob.HI@mm worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.76http://www.sarc.com/avcenter/venc/data/w32.mytob.hi@mm.html#technicaldetails0
3 3apl0  7APL.exe1 00 20Sage_Software's_ACT!51http://itdomino.act.com/act.nsf/docid/20041291011280
0 8Apmsrv9x0 12APMSRV9X.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 9AlpsPoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe111HKEY_LM\Run0 91Alps Pointing-device Driver 6.0.2.180, Alps Electric Co., Ltd.. Alps Pointing-device Driver39http://www.absolutestartup.com/startup/1
1 5Prein0 38APP****.tmp [* = random char or digit]2 00 19Unidentified adware 01
120[executed file name]0  7App.exe1 00 25Added by the WAXPOW WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.waxpow.worm.html0
1 5Prein0  9app4F.tmp111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114ApPache System0 11ApPache.exe1 00 49An RBot WORM/IRC backdoor variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32rbotyp.html0
113micro process0 11appconf.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7appconn0 11appconn.exe1 00 25Added by the CARGAO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html0
115security center0 14AppControl.exe1 00 23Added by the  SDBOT.CFT86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CFT&VSect=T0
311AppExtender0 12AppExtCB.exe1 00100Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received67http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f0
113Configuration0 11apphost.exe1 00 38Added by W32/Sdbot-VP, a network WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html0
1 9appis.exe0  9appis.exe1 00 29Added by the AGENT-BC TROJAN!68http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp0
221Shortcut to AppleDock0 13AppleDock.exe122StartUp menu\All users0 30Y'z Dock 0, 8, 3, 0, Y'z@Home.39http://www.absolutestartup.com/startup/1
138{64ba30a2-811a-4597-b0af-d551128be340}0 11appmagr.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{64ba30a2-811a-4597-b0af-d551128be340}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
115[Various Names]0 19AppMasterCenter.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7AppMgmt0 11appmgmt.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
3 7AppPlus0 11AppPlus.exe1 00249AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"29http://www.appplusonline.com/0
3 9atspooler0 13AppsTraka.exe1 00 88AppsTraka keystroke logger/monitoring program - remove unless you installed it yourself!68http://www.symantec.com/avcenter/venc/data/spyware.desktopscout.html0
1 5appuq0  9appuq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123AutoLoaderAproposClient0 11aprload.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
123Autoloaderaproposclient0 25Apropos_Client_Loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
014ENSApServer2_00 12APSERVER.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 8AEZBProc0 11aptezbp.exe1 00203IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions 01
4 5Apvxd0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8Apvxdwin0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8APVXDWIN0 15APVXDWIN.EXE /s211HKEY_LM\Run0 73Panda Antivirus Aplication 4.12.3, Panda Software International. ApVxdWin39http://www.absolutestartup.com/startup/1
4 7Apwheel0 11Apwheel.exe1 00 32Wheel support for an Alps mouse  01
1 6apycxt0 10apycxt.exe1 00 21Unidentified malware! 01
116aq3helperstartup0 12AQ3HEL~1.EXE1 00 76ScreenScenes "Aquatica Water Worlds"  screensaver.  Comes with  GAIN spyware21Aquatica Water Worlds0
1 7aqadcup0 11aqadcup.exe1 00 22Backdoor.Agent.bg worm71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
111aqadcup.exe0 11aqadcup.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 4aqhm0  8aqhm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7epixowu0 13aqiyutyvo.exe1 00128Added by the W32/Sdbot-UG worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotug.html0
1 6aqkqmd0 10aqkqmd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ubg0  7Aql.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7aqmxhqv0 11aqmxhqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Aqujyjax0 12aqujyjax.exe1 00 12Added by the117W32/Sdbot-0
1 7Archive0 11archive.exe1 00 29Added by the Troj-Dloader-GH.59http://www.sophos.com/virusinfo/analyses/trojdloadergh.html0
323shortcut to email saver0 12archiver.exe125StartUp menu\Current user0 85Outlook Express Email Saver 5.01.0055, MazePath Software. Outlook Express Archive Pro39http://www.absolutestartup.com/startup/1
2 4ares0  8ares.exe1 00246Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
2 4ares0 11Ares.exe -h2 00 50Ares for windows 1.9, Ares Development Group. Ares 01
2 8areslite0 12AresLite.exe1 00259Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
1 3Bmq0  7Ari.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
123Network Control Manager0  9aries.sys1 00 34Added by the Sony/XCP DRM Rootkit.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 7Aritima0 11aritima.exe1 00 25Added by the ARITIM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html0
219Access Ramp Monitor0 11armon32.exe1 00433Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again 01
220AccessRamp Monitor010 12ARMon32a.exe1 00681From a visitor &quot;Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service.&quot; 01
2 9armor2net0 13Armor2net.exe1 00190Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is considered a rogue anti-spyware app, not recommended see  here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Shedule Connection0 11arpo412.exe1 00101Added by the W32/PPdoor-R worm.  This worms spreads via network shares protected with weak passwords.56http://www.sophos.com/virusinfo/analyses/w32ppdoorr.html0
110MS-Connect0  7arr.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 9MS-RunKey0  7arr.exe1 00 27MS-Connect dialler/hijacker 01
124windows security service0  9arrdt.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Win320 11arsetup.exe1 00 36Added by the WIN32.SPAZBOX.A TROJAN! 01
115Windows Monitor0 11arsetup.exe1 00  0 01
3 6ArsSGO0 10ArsSGO.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 6Artera0 12arteraui.exe1 00132Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance27http://www.arteraturbo.com/0
112AdRoarUpdate0 12ARUpdate.exe1 00 21AdRoar adware updater74http://securityresponse.symantec.com/avcenter/venc/data/adware.adroar.html0
215AccessRampLAN010 12ARUpld32.exe1 00683Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 01
1 4arvx0  8arvx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5aryli0  9aryli.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311activespeed0  6AS.exe1 00 41Ascentive  ActiveSpeed Internet Optimizer98http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html0
311ActiveSpeed0  9AS.exe -b2 00 49ActiveSpeed 3.01.0392, Ascentive LLC. ActiveSpeed 01
011gear511.exe0 12AS00_Gear5111 00245Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? 01
4 3asc0  7asc.sys1 00 73AdvanSys SCSI Controller Driver created by Advanced System Products, Inc. 01
4 8asc3350p0 12asc3350p.sys1 00 45Added by Microsoft, AdvanSys SCSI Card Driver 01
4 7asc35500 11asc3550.sys1 00 39SCSI host adapter provided by Microsoft 01
116Microsoft Update0  9ascdl.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
120Configurations Asclt0  9asclt.exe1 00133Added by the W32/Sdbot-MX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmx.html0
1 9REMOVE ME0  9asclt.exe1 00135Added by the W32/Randex-FC worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32randexfc.html0
128Windows Configuration Loader0  9asclt.exe1 00134Added by the W32/Sdbot-OA worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoa.html0
116LoadPowerProfile0 10ASDAPI.EXE1 00130Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cabro.html0
213ASE Scheduler0 17ASE Scheduler.exe2 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
233aluria\&#039;s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
228aluria\'s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
312allseeingeye0  7ase.exe1 00238All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions."34http://www.fortego.com/en/ase.html0
3 8RunAlert0 12AService.exe1 00199a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php"MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you &quot;overclock&quot; your system 01
315Spyware Scanner0 14AseScanner.exe1 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
124(random 12 digit number)0 12asferror.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6msnmsg0  9asgag.exe1 00 57Adware trojan - probably  CoolWebSearch parasite related.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
133Microsoft Synchronization Manager0 10asgard.exe1 00 27Added by the SDBOT.PH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PH0
4 8ashAvast0 12ashAvast.exe1 00 24Part of  Avast antivirus21http://www.avast.com/0
4 6avast!0 11ashDisp.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
4 6avast!0 11ashDisp.exe111HKEY_LM\Run0 59avast! Antivirus 4, 6, 0, 0, . avast! service GUI component39http://www.absolutestartup.com/startup/1
1 5ASHLT0  9Ashlt.exe1 00 35Adware - leads back to an ad server 01
4 8ashMaiSv0 12ashmaisv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
4 6Avast!0 11ashserv.exe1 00 26Avast! anti-virus software35http://www.alwil.com/en/default.asp0
418avast! Web Scanner0 12Ashwebsv.exe1 00 16Avast! antivirus42http://www.avast.com/eng/avast_4_home.html0
122windows task scheduler0 11asijdie.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 5load=0 11asistat.exe1 00 45Status monitor for an NEC SuperScript printer 01
3 3ASK0  7ASK.dll1 00126Added by the Spyware.StealthKeylog surveillance software.  If this program was not installed by yourself you should remove it.65http://www.sarc.com/avcenter/venc/data/spyware.stealthkeylog.html0
1 3asl0  9Aslru.exe1 00 53Added by the Troj/Bancos-CU password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoscu.html0
324Absolute StartUp monitor0  9ASMon.exe1 00 56Absolute Startup - startup monitor from F-Group Software42http://www.fgroupsoft.com/Absolutestartup/0
324Absolute StartUp monitor0  9ASMon.exe111HKEY_LM\Run0 79Absolute Startup Monitor 4, 1, 0, 1, F-Group Software. Absolute StartUp monitor39http://www.absolutestartup.com/startup/1
113ASNFTP daemon0 11AsnFtpd.exe1 00134Added by the W32/Tilebot-AX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotax.html0
211Vortex Tray0 12asp4setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4setp.exe1 00  0 01
2 8asp4tray0 12asp4tray.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4tray.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel 01
110nvsv32.exe0 11asr_fnt.exe1 00 30Added by the  WOOTBOT.GE WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GE&VSect=P0
2 8assdll320 12assdll32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
218ExciteAssistantEXE0 13ASSISTANT.EXE1 00160With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open 01
110[not used]0 12assistse.exe1 00 33Added by the Troj/Bravo-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbravoc.html0
1 8assistse0 12ASSISTSE.EXE1 00 33CnsMin (Chinese_Keywords) related47http://www.pestpatrol.com/PestInfo/C/CnsMin.asp0
1 8assistse0 12assistse.exe111HKEY_LM\Run0 52yahoo AssistSetting 1, 0, 0, 3, yahoo. AssistSetting39http://www.absolutestartup.com/startup/1
110[not used]0 14assistseex.exe1 00 35Added by the Troj/LegMir-BW Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbw.html0
110Associates0 14Associates.exe1 00 85Added by the Troj/Lineage-BT information stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebt.html0
1 3AST0  3AST1 00 48Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS! 01
1 3ast0  7AST.exe1 00 20AutoStarter parasite44http://doxdesk.com/parasite/AutoStartup.html0
1 6AStart0  6AStart1 00 26Added by the VB.AH TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530683220
3 6ASTART0 10astart.exe1 00149ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
316ASUS TweakEnable0 10astart.exe1 00130Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
4 7Avast320 12Astart32.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
2 6asTray0 10Astray.exe1 00113Voyetra Audio Station - part of Voyetra's  Ultimate MP3 &amp; CD Manager. MP3 and digital music jukebox/organizer42http://www.voyetra.com/site/products/ump3/0
2 5Astro0  9Astro.exe1 00 48Checks for updates to Quicken on a system reboot 01
314Quick Controls0 16Astrotoolbar.exe1 00 49Gateway Astro Screen and Sound Controls tray icon 01
1 4asus0  8asus.exe1 00337Added by the W32/Rbot-OC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers. This infections logs your keystrokes to a file in your %System% folder called msreg.dll.55http://www.sophos.com/virusinfo/analyses/w32rbotoc.html0
124Asus Motherboard Utility0  8asus.exe1 00 50Added by the W32/Tilebot-ET worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotet.html0
210ASUS Probe0 12AsusProb.exe1 00100ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area 01
111asvhost.exe0 11asvhost.exe1 00 36Added by the  Troj/Icedoor-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojicedoora.html0
211AutoSpell 50 12ASWATC32.EXE1 00 25AutoSpell - spell checker28http://www.spellchecker.com/0
2 5ASWDP0  9ASWDP.exe1 00141MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market51http://www.stevejacksonre.com/mls_pulse_sign_up.htm0
1 5ASWnk0  9aswnk.exe1 00 21Adult content dialler 01
310ActiveTime0 12AT.exe -m -b211HKEY_CU\Run0 36ActiveTime 4.00.0037, Ascentive LLC.39http://www.absolutestartup.com/startup/1
1 8atapidrv0 12atapidrv.exe1 00122Added by the W32/Spybot-SL worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotsl.html0
1 5ATAPl0  9ATAPl.EXE1 00 23Added by W32/Agobot-RH.57http://www.sophos.com/virusinfo/analyses/w32agobotrh.html0
214Atari Launcher0 14Atari icon.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
324The Easy Bee&#039;s Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
319The Easy Bee's Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
312MicroDialler0 14atdialler1.exe1 00115Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered65https://www.freeserve.com/time/anytimereg/migration/?redirect=int0
1 7igamatu0 11atecaca.exe1 00 28Added by the  IRCBOT.R WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.R&VSect=P0
3 5Athan0  9Athan.exe1 00112Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world61http://www.islamasoft.co.uk/products/athan/athansoftware.html0
212@Hoc Toolbar0  9AtHoc.exe1 00 86One-click activated browsing toolbar used by various web-sites. See here for more info62http://siliconvalley.internet.com/news/article.php/3531_4799510
223Switchboard.com Toolbar0  9AtHoc.exe1 00 75Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com27http://www.switchboard.com/0
3 6AtiCwd0 12Ati2cwad.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12Ati2cwad.exe1 00  0 01
3 8Ati2cwxx0 12Ati2cwxx.exe1 00134For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it  01
3 8atipolab0 12ati2evae.exe1 00 92ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks 01
3 8ATIPOLAB0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
3 7ATIPOLL0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
2 8Ati2mdxx0 12Ati2mdxx.exe1 00 64For ATI video cards. System Tray access to display mode changing 01
313ATIModeChange0 12Ati2mdxx.exe1 00 89System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager 01
313ATIModeChange0 12Ati2mdxx.exe111HKEY_LM\Run0 70ATI 2D Component 4.13.3, ATI Technologies, Inc.. ATI 2D Mode component39http://www.absolutestartup.com/startup/1
3 6AtiPTA0 12Ati2ptxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Ati2ptxx.exe1 00  0 01
3 8atiptaxx0 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings 01
3 8ATISmart0 12ati2s9ag.exe1 00160ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings 9SMARTGART0
4 9ATI Smart0 12ati2sgag.exe1 00273This Windows service is used at system boot up to check for system compatability and stability issues for ATI video cards. Also responsible for setting the AGP settings the video card will use.  Unless this is causing a problem we recommend you leave this set as automatic. 01
116ATI VIDEO REGKEY0 11ati2vid.exe1 00 27Added by the SDBOT.UR WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR0
1 7rxres320 11ati2vid.exe1 00143Added by the W32/Rbot-FL trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotfl.html0
118Motherboard Config0 11Ati2xxx.exe1 00133Added by the W32/Rbot-AIK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaik.html0
112aticpaxx.exe0 12aticpaxx.exe1 00102A WORM/backdoor Trojan, W32/Rbot-XP will add this, and open the PC to attack by way of an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxp.html0
3 6AtiCwd0 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 6AtiCwd0 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
113AtiDisplayDrv0 12atidrvxx.exe1 00 66Added by the W32/Rbot-VZ Worm! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvz.html0
216ATI DeviceDetect0 11ATIDtct.EXE1 00 91Utility meant for future use of the ATI TV WONDER™ USB 2.0 video driver and can be disabled 01
223ATI GART Set-up Utility0 11Atigart.exe1 00169Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed 01
2 6AtiKey0 12AtiKey32.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8atipatxx0 12atipatxx.exe1 00 12Added by the21Troj/Small-ED TROJAN!0
117Ati Control Panel0 12atiphexx.EXE1 00144Added by the W32/Rbot-BR trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbr.html0
1 9aticpanel0 12atiphexx.exe1 00 46Added as result of a  AGOBOT.IL worm infection78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IL0
3 6AtiPTA0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Atiptaxx.exe1 00  0 01
3 8atiptaxx0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 6ATIPTA0 12atiptaxx.exe111HKEY_LM\Run0 85ATI Desktop Component 6.14.10.4029, ATI Technologies, Inc.. ATI Desktop Control Panel39http://www.absolutestartup.com/startup/1
1 8atiptext0 12atiptext.exe1 00 12Added by the39Troj/Cosiam-A, a proxy TROJAN/backdoor.0
0 6AtiKey0 12atiptkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8epovohot0 10atiqik.exe1 00128Added by the W32/Sdbot-UV worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuv.html0
3 8AtiQiPcl0 12AtiQiPcl.exe1 00119Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's 01
1 6System0  9Atira.exe1 00 26Added by the KOTIRA VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.kotira.html0
114ati rage3d pro0 16AtiRage4dPro.exe1 00 33Added by the  W32/AGOBOT-OG WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotog.html0
418ATI Remote Control0  9ATIRW.exe1 00132Driver for the ATI REMOTE WONDER™ RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it44http://www.ati.com/products/home-office.html0
213ATI Scheduler0 12Atisched.exe1 00305Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see 01
213ATI Scheduler0 12ATISched.EXE111HKEY_CU\Run0 64ATI Multimedia Center 9.02, ATI Technologies Inc.. ATI Scheduler39http://www.absolutestartup.com/startup/1
229ATI Task Application (Atikey)0 11Atitask.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8anything0 10ATITAX.exe1 00121Added by the W32/Forbot-DP worm.  This infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotdp.html0
220ATI Task Application0 11Atitkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 7atitray0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
312AtiTrayTools0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
124[random 12 digit number]0 12atitvo32.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 9atiupdate0 14ATIUPDATE5.EXE1 00 30Added by the DEBESKI.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A0
1 8atiupdpl0 12atiupdpl.exe1 00 36Added by the  TROJ_SMALL.AOS TROJAN!107http://ae0
110ATIUpdater0 12atiupdxx.exe1 00125Added by the W32/Rbot-ABX. This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabx.html0
1 8ativopen0 12ativopen.exe1 00 34Premium rate adult content dialler 01
3 6ATIX100 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
3 9Regx10EXE0 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
115[Various Names]0 14atl_helper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110atlcontrol0 15atlcontrole.exe1 00 38Added by the Adware.Atlcontrol adware.61http://www.sarc.com/avcenter/venc/data/adware.atlcontrol.html0
115[Various Names]0 15ATLIEHELPER.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
219microAttuneDownload0 12atmdlusr.exe1 00 64USR (US Robotics) modem auto updater. May be a sub-set of Attune 01
110AveoAttune0 12atmdlusr.exe1 00 48Spyware - part of an automated helpdesk software 01
1 7eventss0 10atmpvc.dll1 00 45Identified as Trojan-Downloader.Win32.Delf.lh 01
321Miramar Systems, Inc.0  9atmsg.exe1 00 34Miramar PC/Mac networking software 01
2 7ATnotes0 11atnotes.exe1 00 99Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start - Programs 01
312Atomic Clock0 11AtomClk.exe111HKEY_LM\Run0 68Atomic Clock 8, 0, 0, 0, Provenio Software Corporation. Atomic Clock39http://www.absolutestartup.com/startup/1
310Atomic.exe0 10Atomic.exe1 00 79Atomic Clock Sync - synchronizes your computer's time with the NIST time server44http://www.worldtimeserver.com/atomic-clock/0
2 7Atomica0 11atomica.exe1 00195Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key23http://www.atomica.com/0
111Atomic-x27C0 15AtomicpartC.exe1 00 33c:\windows\system32\mastoer32.dll 01
310AtomicTime0 14ATOMICTIME.EXE1 00 71AtomicTime - utility that synchronizes your PC clock to an atomic clock30http://schmail.com/atomictime/0
110Atomic-x270 14Atomic-x27.exe1 00 33c:\windows\system32\mastoer32.dll 01
3 6Atrack0 10atrack.exe1 00426New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert 01
3 5Atray0  9Atray.exe1 00106Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons32http://www.divcomsoft.com/atray/0
115Distributed TLS0 11attribu.exe1 00134Added by the W32/Sdbot-OE worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotoe.html0
118AttuneClientEngine0 13attune_ce.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
120AttuneContentUpdater0 13attune_cu.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
115AttuneDiscovery0 13attune_di.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
113AttuneSystray0 13attune_st.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
1 7Attunel0 11Attunel.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
225Atualizador - Puxa Rápido0 12Atualiza.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6aTuner0 10atuner.exe1 00 52aTuner - tweak tool for GeForce based graphics cards41http://www.3dcenter.de/atuner/index_e.php0
117Microsoft Windows0  4atup1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
317Anti-Trojan-Watch0 11ATWatch.exe1 00 35Anti-Trojan Watch - trojan detector 01
3 8AT-Watch0 11ATWatch.exe1 00  0 01
315asustweakenable0 10ATweak.exe1 00 78Asus Tweaking Utility - for fine tuning the settings of your ASUS display card 01
428Aiptek Graphics Tablet (USB)0 11atwtusb.exe1 00 46USB interface for Aiptek Graphics Tablet (USB) 01
4 7atwtusb0 11atwtusb.exe1 00  0 01
1 6au.exe0  6au.exe1 00 27Added by the BEAGLE.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html0
2 8AUXXTRAY0 12au30setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12au30setp.exe1 00  0 01
1 4auaf0  8auaf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8AU Agent0 11AUagent.exe1 00177Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon46http://www.zilab.com/Products/Au/index_2.shtml0
4 7AUCBPNP0 11aucbnpn.exe1 00140Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot140http://www.ad0
1 8Aucompat0 12Aucompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 7audcntr0 11audcntr.exe113Win.ini\[Run]0 131, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
1 7audcntr0 11audcntr.exe1 00 32Added by the  WIN32.GEMA TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=405740
225Telefonverbindungsmonitor0 15audevicemgr.exe122StartUp menu\All users0 93Phone Connection Monitor , Teleca Software Solutions AB. Phone Connection Monitor application39http://www.absolutestartup.com/startup/1
1 9Audiocntl0 13audiocntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 9AudioDeck0 19AudioDeck.exe  -min222StartUp menu\All users0 55AudioDeck???? 1, 0, 0, 1, . AudioDeck Microsoft ???????39http://www.absolutestartup.com/startup/1
1 8audiodrv0 12audiodrv.exe1 00 31Added by the  CRYPTER-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8audioinf0 12audioinf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7Printer0 12auditchk.exe1 00 48Added by the W32/Rbot-BPE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpe.html0
1 8nodriver0 11AUEKXRZ.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 6AUNPS20 10AUNPS2.DLL1 00 38AlwaysUpdatedNews.com parasite related 01
111Auto Update0  7AUP.exe1 00 42Added by an unididentified WORM or TROJAN! 01
110MS Updates0  8aupd.exe1 00 22Spyware web downloader 01
111AutoUpdater0 11aupdate.exe1 00 33Aupdate, Tinybar variant. Spyware44http://www.doxdesk.com/parasite/TinyBar.html0
112Auto Updater0 12aupdater.exe1 00134Added by the Troj/Sdbot-LH worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotlh.html0
410[not used]0 13AUserInit.exe1 00225Added by Curtains for Windows.  Removing this file bWILL/b cause your computer to have problems starting.  You should contact Authentium for the proper removal procedure.  Unknown as to what function it plays in this program.47http://www.authentium.com/products/curtains.htm0
1 9ASDPLUGIN0 11Austria.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 5ausvc0  9ausvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
314curtainssyssvc0 10AuthSL.exe1 00228Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private. 01
316authconsolestart0 13AuthStart.exe1 00  0 01
1 5authz0  9authz.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
127autoloaderenvoloautoupdater0 22auto_update_loader.exe1 00 34Envolo/AproposMedia adware updater65http://www.securemost.com/articles/trou_3_remove_aproposmedia.htm0
316erunt autobackup0 12AUTOBACK.EXE1 00190ERUNT backup utility - when added to the user's startup folder automatically backs up the registry  each time the system boots, resulting in numerous backups that can be restored if desired.50http://www.larshederer.homepage.t-online.de/erunt/0
316ERUNT AutoBackup0 84AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
310AutoBackup0 14AutoBackup.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7Autobar0 11autobar.exe1 00 80Connect buttons on the keyboard for internet direct access, etc. on HP computers 01
310ConfigSafe0 11AUTOCHK.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
3 7autoclk0 11autoclk.exe111HKEY_LM\Run0 57autoclk Application 1, 0, 0, 1, . autoclk MFC Application39http://www.absolutestartup.com/startup/1
1 7autoclk0 11autoclk.exe1 00 28Identified as Troj.AutoClick 01
311AutoConnect0 15AutoConnect.exe111HKEY_CU\Run0 47AutoConnect 1.0.0.0, http://autoconnect.prv.pl.39http://www.absolutestartup.com/startup/1
323XTNDConnect PC - 3CmPlm0 11Autodet.exe1 00 88Component of EasySync Pro. Synchronisation between Palm PDAs&nbsp; and Microsoft Outlook15#EasySync%20Pro0
124[random 12 digit number]0 12autodisc.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
119Windows Data Server0 12autodisc.exe1 00 28Added by the SPYBOT-CB WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcb.html0
138{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}0 14autodisc32.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
2 7regedit0 11autoexe.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7AUTOEXE0 11AUTOEXE.exe1 00 12Added by the143W32/Semapi-A.0
1 6chkdsk0 12autoexec.bat1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
1 3run0 12Autoexec.com1 00 31ml" target=_blankHOLCAS.A WORM! 01
1 5lsass0 12autoexec.exe1 00 49Added by the W32/Sdbot-AFN worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafn.html0
317Extranet AutoDial0 11AutoExt.exe1 00 53Nortel Networks Contivity Extranet Switching Software 01
232Drag&#039;n&#039;Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 74Iomega HotBurn 1.0, Iomega Corporation. Iomega HotBurn Auto Launch Program 01
220dragndrop_autolaunch0 14Autolaunch.exe1 00 39Iomega_HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
221AutoMate Task Service0 12automate.exe1 00129Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start - Programs22http://www.unisyn.com/0
116Microsoft Update0 13automgr32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 9AutoMixer0 11AutoMix.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 9adstartup0 12automove.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
121Win32 Ms Auto Updater0 13AutomsUPD.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9Autopdate0 13Autopdate.exe1 00134Added by the W32/Rbot-AGL worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagl.html0
1 7regrunm0 15autoprotect.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 9MaxtorReg0 11AUTOREG.EXE1 00166Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of37http://www.netsizzle.net/sysagent.asp0
111TANG_INA_MO0 11AutoRun.bat1 00 46Added by the W32.Filukin.A@ mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.filukin.a@mm.html#technicaldetails0
212QBCD autorun0 11autorun.exe1 00 14Quick Books CD 01
1 7windump0 14autosearch.dll1 00 43Added by the Adware.YellowPages search bar.62http://www.sarc.com/avcenter/venc/data/adware.yellowpages.html0
3 9AutoSizer0 13AUTOSIZER.EXE1 00 76AutoSizer - utility that automatically maximizes windows when they're opened36http://www.southbaypc.com/AutoSizer/0
2 9autospell0 12autospel.exe1 00 39AutoSpell - spell checker (version 6.*)28http://www.spellchecker.com/0
221HP JetSpeed Autostart0 13AUTOSTART.EXE1 00 61Autostart executable for the old multiplayer game HP Jetspeed 01
312Tweak-XP Pro0 13autostart.exe111HKEY_CU\Run0 90Tweak-XP Pro 3.00, Totalidea Software, Germany, New Zealand. CPL Launcher for Tweak-XP Pro39http://www.absolutestartup.com/startup/1
210Auto T Bar0 12autotbar.exe1 00140If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled 01
2 8autotbar0 12autotbar.exe1 00  0 01
2 8AutoTKit0 12AUTOTKIT.EXE1 00142On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled 01
1 7autoupd0 11autoupd.exe1 00 84Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name 01
312ATTRedUpdate0 14AutoUpdate.exe1 00242Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates 01
311AutoUpdater0 14AutoUpdate.exe1 00 22PeopleonPage foistware48http://www.pchell.com/support/peopleonpage.shtml0
225Mobilt modem Update Agent0 18autoupdate_srv.exe122StartUp menu\All users0 47Alice Connect 1.40, Alice Systems AB. AUP Agent39http://www.absolutestartup.com/startup/1
112autoupdatev20 16autoupdatev2.exe1 00 44Added by the Troj/Dropper-BM dropper Trojan.59http://www.sophos.com/virusinfo/analyses/trojdropperbm.html0
1 7aux.exe0  7aux.exe1 00 25Added by the ZINS TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.zins.html0
114auxAudioDevice0  9aux32.exe1 00 23Added by the AIZU WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.aizu.html0
1 9Antivirus0  6av.exe1 00 63Added by the SINKIN TROJAN! Resets IE start page to realphx.com74http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html0
122icrosof Avps32 Control0  8av32.pif1 00132Added by the W32/Rbot-AVC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavc.html0
123AVP update interface A60  8avA6.sys1 00 33Added by the Troj/Hanlo-B Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanlob.html0
120sunjavasched updater0  9avamx.exe1 00 32Added by the  W32/RBOT-ABJ WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotabj.html0
1 6MSInfo0 10AVBgle.exe1 00 27Added by the NETSKY.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.o@mm.html0
312AvconsoleEXE0 12Avconsol.exe1 00151From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it 01
442TrustPortAntivirusDriverNotificationHelper0 10avdnax.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
420TrendMicro Antivirus0 12Aveagent.exe1 00 13Virus scanner 01
3 6TeleSA0 10AVerSA.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 4avft0  8avft.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
410AVG7_AMSVR0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
412avgamsvr.exe0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
4 7AVG7_CC0 19avgcc.exe  /STARTUP2 00 68AVG Anti-Virus System 7.1.0.355, GRISOFT, s.r.o.. AVG Control Center 01
4 7AVG7_CC0  9AVGCC.exe1 00119AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates23http://www.grisoft.com/0
4 7AVG7_CC0 18avgcc.exe /STARTUP211HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.318, GRISOFT, s.r.o.. AVG Control Center39http://www.absolutestartup.com/startup/1
4 6AVG_CC0 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7avgcc320 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7AVGCtrl0 11AVGCTRL.EXE1 00144Background task of the a target="_blank" href="http://www.hbedv.com/"AntiVir antivirus program which scans files transparently in the background 01
4 7AVG_EMC0 10AVGEMC.exe1 00  023http://www.grisoft.com/0
4 8AVG7_EMC0 10AVGEMC.exe1 00 79AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses23http://www.grisoft.com/0
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
411avgmsvr.exe0 11avgmsvr.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 7avgctrl0  9AVGNT.EXE1 00  021http://www.hbedv.com/0
4 7avguard0  9AVGNT.EXE1 00 99Background task of the  AntiVir antivirus program which scans files transparently in the background25http://antivir-pe.com/en/0
4 7AVGCtrl0 14AVGNT.EXE /min211HKEY_LM\Run0100AntiVir Guard Control Program 6.30.00.01, H+BEDV Datentechnik GmbH. AntiVir Guard/XP Control Program39http://www.absolutestartup.com/startup/1
414AVG_RegCleaner0 12AVGREGCL.exe1 00111AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems23http://www.grisoft.com/0
412Avgserv9.exe0 12Avgserv9.exe1 00 35AVG antivirus background monitoring23http://www.grisoft.com/0
124Special Firewall Service0 11avguard.exe1 00 27Added by the NETSKY.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.g@mm.html0
419AVG7 Update Service0 12avgupsvc.exe1 00 75Used by the AVG 7 Antivirus program to keep your definitions up to do date. 01
4 8AVG7_Run0  8avgw.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 8AVG7_Run0 17avgw.exe /RUNONCE2 00 57AVG Anti-Virus System 7.1.0.351, GRISOFT, s.r.o.. AVG 7.0 01
1 8avicap320 12avicap32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12avifile5.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6Avimgt0 10Avimgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Avimgt320 12Avimgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
4 6avinit0 12AVINIT9X.EXE1 00 25Command antivirus related47http://www.authentium.com/products/avmatrix.htm0
112VirusCheckII0 11AVIRCHK.EXE1 00 27Added by the DASMIN TROJAN!62http://www.esecurityplanet.com/alerts/article.php/1031_15721610
1 6avirex0 10avirex.exe1 00 47Added by the Troj/Dloader-NR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloadernr.html0
2 6AVKBar0 10AVKBar.exe111HKEY_CU\Run0 431, 0, 0, 5 http://www.gdata.pl, 1, 0, 0, 4.39http://www.absolutestartup.com/startup/1
4 6avkbar0 10AVKBar.exe1 00 30GData  AntiVirusKit Anti-virus45http://www.gdata.de/trade/productview/488/16/0
316AVK Mail Checker0 10AVKPOP.EXE111HKEY_LM\Run0 55AVK 3, 0, 2, 0, G DATA Software AG. AVK POP3/IMAP Proxy39http://www.absolutestartup.com/startup/1
416avk mail checker0 10AVKPop.exe1 00 36eXtendia AVK AntiVirus email checker66http://www.boomerangsoftware.com/Products/AntiVirus/AVKProInfo.htm0
315eScan Scheduler0 11avkserv.exe1 00 25eScan antivirus scheduler45http://www.mspl.net/antivirus/escan/escan.asp0
413eScan Monitor0 13AVKWCTL9X.EXE1 00 15eScan antivirus45http://www.mspl.net/antivirus/escan/escan.asp0
4 8AvMaiSrv0 12Avmaisrv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
311AVMBLUEOBEX0 34AvmObex.exe -pushclient -ftpclient211HKEY_LM\Run0 201.0.8.0, AVM Berlin.39http://www.absolutestartup.com/startup/1
1 3avc0  9avmon.exe1 00 32Added by an unidentified TROJAN! 01
1 4avnt0  8avnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 4TlcR0  7avp.exe1 00  2?? 01
1 6hagent0  7avp.exe1 00 49Added by the "Herman Agent" remote access TROJAN! 01
1 7Desktop0 30avpcc.dll,Restore ControlPanel2 00 46Added by the Troj/StartPa-ES startpage Trojan. 01
4 5avpcc0  9avpcc.exe1 00 25Kaspersky Labs anti-virus25http://www.kaspersky.com/0
1 6avpe320 10avpe32.dll1 00 22Win32/Haxdoor Variant. 01
115TCPIP2 Kernel320 10avpe64.sys1 00 37Added by the Troj/Haxdoor-AP rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorap.html0
116Win32 Usb Driver0  8AvpG.exe1 00 33Added by the  W32/FORBOT-BX WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbx.html0
1 4MyAV0 12avpguard.exe1 00 27Added by the NETSKY.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html0
4 4avpm0  8avpm.exe1 00 19Kaspersky antivirus 01
115[Various Names]0 13avpmondll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313eScan Monitor0 12AVPMWrap.EXE111HKEY_LM\Run0 61eScan for Windows 2.6, MicroWorld Technologies Inc.. AVPMWrap39http://www.absolutestartup.com/startup/1
1 4Avpr0  8avpr.exe1 00 28Added by the MYDOOM.AF WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html0
1 9HtProtect0 13AVprotect.exe1 00 27Added by the NETSKY.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html0
1119xHtProtect0 15AVprotect9x.exe1 00 27Added by the NETSKY.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html0
1 6avpu320 10avpu32.dll1 00 91Added by the Troj/Haxdoor-ED Trojan. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
114TCPIP Kernel320 10avpu32.sys1 00 84Added by the Troj/Haxdoor-ED. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
113TCPIP2 Kernel0 10avpu64.sys1 00 36Added by the Troj/Haxdoor-AM Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooram.html0
122icrosoftf Avpx Control0  8avpx.exe1 00132Added by the W32/Rbot-AYN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotayn.html0
1 6avpx320 10avpx32.dll1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
1 8AVPX TCP0 10AVPX32.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
110AVPX64 TCP0 10AVPX64.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
317vzremotecommander0 12AvRmtCtr.exe1 00169Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. 01
111Wlan Driver0 10avscan.exe1 00 29Added by the WOOTBOT.DH WORM!109http://de0
4 9AVSCHED320 13AVSched32.exe1 00 30AntiVir anti-virus from H+BDEV21http://www.hbedv.com/0
4 9AVSCHED320 18AVSCHED32.EXE /min2 00 57AVSched32 6.32.00.00, H+BEDV Datentechnik GmbH. AVSched32 01
111avserve.exe0 11avserve.exe1 00 25Added by the SASSER WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html0
112avserve2.exe0 12avserve2.exe1 00 40Added by the SASSER.B or SASSER.C WORMS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html0
112avserve3.exe0 12avserve3.exe1 00 27Added by the SASSER.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html0
422McAfeeVirusScanService0 12Avsynmgr.exe1 00196From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application 01
1 9MSMcAfeee0 15Avsynmgr32e.exe1 00 27Added by the FRAMAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html0
1 9MSMcAfeeh0 15Avsynmgr32h.exe1 00 27Added by the FRANGO TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html0
1 9MSMcAfeeS0 15Avsynmgr32S.exe1 00 39Added by the VOLAC or VOLAC.DR TROJANS!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html0
2 6Avtray0 10Avtray.exe1 00 27Command Antivirus tray icon53http://www.command.co.uk/html/products/csav/index.cfm0
1 5Swf320 12AVupdate.exe1 00 25Added by the MERKUR WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.merkur.e@mm.html0
129AVupdate service interface X20 13avupdate2.sys1 00 44Added by the Troj/Hanlo-A downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanloa.html0
410AntiVir XP0  9AVwin.exe1 00 17AntiVir antivirus23http://www.free-av.com/0
3 8AVWLPSTA0 12AVWLPSTA.exe1 00352PRISM Status Tray Applet. This is a Prism wireless network applet designed to scan for wireless access points and connect to them.  It is often furnished with notebook computers featuring built-in wireless networking.  It is a very handy tool, and functionally superior in many ways to XP's equivalent interface, though much less attractive to the eye. 01
3 8AVWUpd320 12AVWUPD32.EXE1 00 48AntiVir updater. Useful, but can be run manually21http://www.hbedv.com/0
4 6avxlni0 11avxinit.exe1 00 53Anti-virus part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
413BullGuardInit0 11AVXINIT.EXE1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
316BullGuard Update0 11avxlive.exe1 00 88Part of  Bullguard antivirus. Leave enabled unless you manually update virus definitions25http://www.bullguard.com/0
4 7Avxlive0 11avxlive.exe1 00 34Bullguard or BitDefender antivirus25http://www.bullguard.com/0
415bitdefenderlive0 11avxlive.exe1 00 50Main program of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
1 4Surs0  8awab.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 6AWatch0 10Awatch.exe1 00119Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products. 01
1 6AWatch0 10Awatch.exe1 00 45ADSLWatch 3.05.09.2001, AVM Berlin. ADSLWatch 01
1 6Awatch0 10Awatch.exe1 00 32Fritz!_DSL ISP software related.73http://www.avm.de/de/Service/AVM_Service_Portale/FRITZCard_DSL/index.php30
1 5aweyj0  9aweyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8awhost320 12awhost32.exe1 00267Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended72http://enterprisesecurity.symantec.com/products/products.cfm?productID=20
115[Various Names]0 11awinrar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6awuoea0 10awuoea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012awusgsta.exe0 12AWUSGSTA.exe1 00 69Reportedly related to a USB Wifi Adapter - is it required at startup? 01
1 5awvvv0  8awvvv.dl1 00 35Added by the Troj/ConHook-H Trojan.58http://www.sophos.com/virusinfo/analyses/trojconhookh.html0
3 9awxdtools0 28awxDTools.dll,awxRegisterDll1 00168AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools. (i.e.: *.cue, *.iso, *.ccd ...)34http://www.hbreitner.de/awxdtools/0
1 7sdktemp0 12axdcfasb.exe1 00 49Added by the W32/Sdbot-AGI worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagi.html0
114MSUpdateDevKit0  8axfd.exe1 00266Added by the W32/Sdbot-ZD.     When started this infection connects to an IRC server where it waits for remote commands, trying to download and run files from the internet, steal CD game keys, participate in denial-of-service (DoS) attacks and delete network shares.56http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html0
1 5axuqe0  9axuqe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8axuygwvh0 12axuygwvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ayclljh0 11ayclljh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ayrigo0 10ayrigo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213Desktop Plant0 12AZARE10S.PLT1 00102Vritual plant from here - this version is an Azalea, there are others so the filename may be different40http://www.desksoft.com/DesktopPlant.htm0
4 7azmodem0  9azexe.exe1 00 24Aztech_Labs modem driver22http://www.aztech.com/0
1 5b.exe0  5b.exe1 00 44Added by the W32/Sdbot-XK WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32sdbotxk.html0
110[not used]0  8b0ff.exe1 00 51Added by the W32/Protorid-AF worm and IRC backdoor.59http://www.sophos.com/virusinfo/analyses/w32protoridaf.html0
114System Service0 11b4db0yz.exe1 00 48Added by the W32/Rbot-CLO worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotclo.html0
3 2b90  6B9.exe1 00304FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. &quot;Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run&quot;84http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b7880
214Babylon Client0 11Babylon.exe1 00214a href=http://www.babylon.com/"  rel="nofollow" target="_blank"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" 01
218Babylon Translator0 11Babylon.exe1 00166&quot;Babylon-Pro is a powerful information tool that instantly provides relevant information, translations &amp; conversions for any word or value you click on&quot;23http://www.babylon.com/0
218Babylon Translator0 11Babylon.exe1 00 56Babylon 4.0.5.13, Babylon Ltd.. Babylon Information Tool 01
214Babylon Client0 22Babylon.exe -AutoStart211HKEY_LM\Run0 63Babylon Client 5.0.0.78, Babylon Ltd.. Babylon Information Tool39http://www.absolutestartup.com/startup/1
1 8Services0 25back32.exe ...service.exe2 00130Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe 01
115[Various Names]0  9backd.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5runbd0 12backdrop.exe1 00 75MyBackDrop - is or bundles a  GoGotools adware variant. See  privacy_policy26http://www.mybackdrop.com/0
019CPQ BackWeb Monitor0 12BackMon2.exe1 00 57Installed by certain Compaq computers. Is this necessary" 01
115[various names]0 12backorif.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
229Timed Backups Manager Startup0 12BACKTIME.EXE1 00 29Backup Plus - backup software26http://www.backupplus.net/0
416Data Deposit Box0 10backup.exe1 00 74Required for the online backup services from the Data Deposit Box service.30http://www.datadepositbox.com/0
114Backup Service0 10backup.svc1 00 19Unidentified adware 01
012BackupNotify0 16backupnotify.exe1 00 27HP Digital Imaging related. 01
312BackupNotify0 16backupnotify.exe111HKEY_CU\Run0 181.0.1268.24163,  .39http://www.absolutestartup.com/startup/1
1 9MSbackups0 11backups.exe1 00 40Added by the Troj/Banload-TL downloader.59http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html0
122system backup services0 13backups32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214Data LifeGuard0 12BACKWE~1.EXE1 00 75Data LifeGuard diagnostic tools for Western Digital's series of hard drives 01
2 9ActivSurf0 16backweb*****.exe1 00105Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates 01
222Kodak Software Updater0 16backweb*****.exe1 00 52Software updater for Kodak Easyshare digital cameras65http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml0
215Updates from HP0 16backweb*****.exe1 00100Automatically detects an internet connection and downloads any available updates - * is random digit 01
2 7BackWeb0 11backweb.exe1 00221Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start - Programs 01
1 9hp center0 18BACKWEB-137903.exe1 00402Based upon HP's own description from here - "With the My abbr title=Hewlett-PackardHP/abbr Center, consumers have access directly from the desktop to Internet sites featuring special offers for abbr title=Hewlett-PackardHP/abbr customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know52http://www.hp.com/hpinfo/newsroom/press/12oct01a.htm0
215Updates from HP0 27BackWeb-137903.exe -startup222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
2 3LDM0 19backweb-8876480.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger0 19backweb-8876480.exe1 00  0 01
2 3LDM0 19BackWeb-8876480.exe111HKEY_CU\Run0 71Logitech Desktop Messenger 1.4.50, Logitech. Logitech Desktop Messenger39http://www.absolutestartup.com/startup/1
2 8Backwork0 12Backwork.exe1 00 24Backwork trojan detector47http://www.framework.nl/backwork/eng/index.html0
3 7BACPI100 12bacpi10a.exe1 00196Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray 01
2 8bacstray0 12BacsTray.exe1 00 76BacsTray Application 6, 13, 0, 0, Broadcom Corporation. BacsTray Application 01
2 8BacsTray0 12BacsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
1 7BADDATE0 11BADDATE.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111badgers.exe0 11badgers.exe1 00 32Added by the W32/Badgrad-B worm.57http://www.sophos.com/virusinfo/analyses/w32badgradb.html0
113badgers_s.exe0 13badgers_s.exe1 00 32Added by the W32/Badgrad-A worm.57http://www.sophos.com/virusinfo/analyses/w32badgrada.html0
225Quicken Scheduled Updates0 10bagent.exe1 00 37Quicken background downloading module 01
128Microsoft Personal Firewalls0  8bakw.exe1 00 26Added by the RBOT-KS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotks.html0
132Windows Service Pack Auto Update0 10ballin.exe1 00 40Added by an unidentified WORM or TROJAN! 01
411HorngTech4D0 11bally4d.exe1 00 25HorngTech 4D mouse driver 01
1 9WIN32SNDS0  8banc.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Spees30 30Banda!, Podre!! and speedy.pif2 00 32Added by the W32/Opaserv-V worm.57http://www.sophos.com/virusinfo/analyses/w32opaservv.html0
221Bandwidth Monitor Pro0 25Bandwidth Monitor Pro.exe2 00113Bandwidth Monitor Pro is a utility that monitors and keeps track of the bandwidth usage of your network adapters.27www.bandwidthmonitorpro.com0
1 9banmanpro0 13banmanpro.exe1 00 36Added by the Troj/Clicker-BL Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickerbl.html0
318Banpopup by Pratik0 12Banpopup.exe1 00 23Banpopup - popup killer36http://www33.brinkster.com/banpopup/0
1 7fuklbar0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 3wow0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 8bargains0 16bargainbuddy.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8Bargains0 12bargains.exe1 00  0 01
1 8bargains0 12bargains.exe1 00  059http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8BullsEye0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
116BullsEye Network0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
115[Various Names]0 10barint.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8BarTheme0 13bartent32.exe1 00133Added by the W32/Agobot-UG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotug.html0
2 9bascstray0 13BascsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
112WinSetBrowse0 19BasicUpdate.dll.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
025POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
325POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
3 5BATCH0  9batch.exe111HKEY_LM\Run0103Batch File Creation Utility 1.01.0002, Chris' Software. Batch File Creation Util. www.chrissoftware.com39http://www.absolutestartup.com/startup/1
2 9BMMMONWND0 32BatInfEx.dll,BMMAutonomicMonitor111HKEY_LM\Run0117Système d'exploitation Microsoft® Windows® 5.1.2600.0, Microsoft Corporation. Exécuter une DLL en tant qu'application39http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12batmeter.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
313Battery Scope0 10batmgr.exe1 00 47Monitors battery levels on a notebook/laptop PC 01
1 6BatSrv0 12batserv2.exe1 00104Added by the WORM_LOCKSKY.T mass-mailing worm.  This infetion also creates the file C:\Windows\SYSC.EXE.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FLOCKSKY%2ET&VSect=T0
315Battery Doubler0 19Battery Doubler.exe2 00159Battery Doubler can double your battery's autonomy with little to no concessions. Install Battery Doubler, unplug AC power and experience total laptop freedom!52http://www.dachshundsoftware.com/bdoubler/index.html0
310BatteryBar0 14batterybar.exe1 00 85BatteryBar - displays battery usage, and the current percentage of battery power left45http://www.nistech.com/BatteryBar/Default.htm0
310Power_Gear0 15BatteryLife.exe1 00 63Power management for all Asus notebook. Useful but not critical 01
310Power_Gear0 17BatteryLife.exe 12 00 62BatteryLife 1043, 3, 6, 15, ASUSTeK Computer Inc.. BatteryLife 01
121Critical Update Check0 13battlenet.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
1 8BatzBack0 12BatzBack.scr1 00 26Added by the BACKZAT WORM!64http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html0
3 5BAUSB0  9BAUSB.exe1 00 34Boston Acoustics Audio, USB driver 01
1 7bawindo0 11bawindo.exe1 00 42Added by the BEAGLE.AR or BEAGLE.AU WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html0
3 7Bayswap0 11bayswap.exe1 00161Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices 01
139Generic Host Process for Win32 Services0  9bazzi.exe1 00197Added by the W32/Ahker-E WORM, from an email attachment. First added to the Startup folder as BADO.EXE and MICHO.EXE, it copies itself to bazzi.exe.  Uses P2P to spread, and modifies the HOST file.55http://www.sophos.com/virusinfo/analyses/w32ahkere.html0
121Microsoft AntiSpyware0  9Bazzi.exe1 00 43Added by the W32/Ahker-J mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32ahkerj.html0
113win32 service0  9bazzi.exe1 00 27Added by the  AHKER.E WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.E&VSect=T0
3 9BBCTicker0 13BBCTicker.exe125StartUp menu\Current user0 38BBC Ticker 1, 0, 1, 7, BBC. BBC Ticker39http://www.absolutestartup.com/startup/1
113d3dupdate.exe0 11bbeagle.exe1 00 27Added by the BEAGLE.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html0
123Bron-Spizaetus-cfgmktoq0 16bbm-qotkmgfc.exe1 00 32Added by the W32/Brontok-M worm.57http://www.sophos.com/virusinfo/analyses/w32brontokm.html0
123Bron-Spizaetus-cfgmmnru0 16bbm-urnmmgfc.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
1 3Boo0  7Bbn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5bbnrk0  9bbnrk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Kernel0  8bboy.exe1 00 25Added by the MUMU.B WORM!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B0
1 9gdagdgajs0  9bbsbw.exe1 00132Added by the W32/Sdbot-QXworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqx.html0
2 9bbSysTray0 13bbSysTray.exe1 00159Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" 01
3 4bbui0  8bbui.exe1 00 86AOL DSL status monitor displaying a red/green icon indicating if you have a connection 01
216Broadband Wizard0  9bbwiz.exe1 00152Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start - Programs31http://www.broadbandwizard.net/0
3 3bca0  7bca.exe1 00 58BeClean Agent - registry, history, temp files, etc cleaner 01
1 150 11BCColor.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
3 8BCDetect0 12bcdetect.exe1 00184Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see 01
1 7bcfjwqw0 11bcfjwqw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 110  9BCHal.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 130 10BCInfo.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMDMMSG0 12bcmdmmsg.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
328broadcom wireless manager ui0 12bcmntray.exe1 00159Related to  Broadcom_Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems.24http://www.broadcom.com/0
1 140  9BCMon.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMSMMSG0 12BCMSMMSG.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
4 8BCMSMMSG0 12BCMSMMSG.exe111HKEY_LM\Run0100BCM Modem Messaging Applet  3.5.25 08/27/2003 20:04:35, Broadcom Corporation. Modem Messaging Applet39http://www.absolutestartup.com/startup/1
3 8bcmwltry0 12bcmwltry.exe1 00 50Broadcom Corporation Wireless Network Tray Applet. 01
2 4BCNT0  8bcnt.exe1 00 40AWS Weatherbug related. What does it do?39http://www.weatherbug.com/aws/index.asp0
1 4BCPC0  8bcpc.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 6bcpc_c0 10bcpc_c.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 2200 10BCPref.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 4Breg0  8bcre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
111LoadDBackUp0 10BcTool.exe1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
3 7BCTweak0 11bctweak.exe1 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
1 6bcuuyw0 10bcuuyw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Bcvsrv320 12bcvsrv32.exe1 00 48Added by the GAOBOT.BQJ or  W32/Agobot-RY worms.75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html0
2 8BCWipeTM0 12bcwipetm.exe1 00186BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed22http://www.jetico.com/0
130Spplication Layer Gateway Serv0  7BDC.exe1 00 45Added by the Troj/GrayBrd-AV backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdav.html0
1 3b3d0 20BDEsecureinstall.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -&gt; Settings -&gt; Control Panel -&gt; Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the &quot;BDE&quot; directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
422BitDefender Live! Init0 10bdinit.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
1 7bdkrhqm0 11bdkrhqm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6BDMCon0 10Bdmcon.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
4 6BDMCon0 10bdmcon.exe111HKEY_LM\Run0 69BitDefender 8 8.1.0.0, SOFTWIN S.R.L.. BitDefender Management Console39http://www.absolutestartup.com/startup/1
411BDNewsAgent0 12bdnagent.exe1 00 31BitDefender antivirus - updater27http://www.bitdefender.com/0
4 7BDOESRV0 11bdoesrv.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
110[not used]0 10Bdsf32.scr1 00 28Added by Backdoor.RemoteSOB.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.remotesob.html0
423BitDefender Scan Server0  8bdss.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
413BDSwitchAgent0 12bdswitch.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
1 8bdvumpdx0 12bdvumpdx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bdwoye0 10bdwoye.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Bunx0 10beagle.exe1 00 53Added by the  W32/Lebreat-E worm and backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/w32lebreate.html0
2 9BearShare0 13bearshare.exe1 00 75BearShare file sharing client. Versions known to include spyware - see here25http://www.bearshare.com/0
2 9BearShare0 20BearShare.exe /pause211HKEY_LM\Run0 44BearShare 4.7.2, Free Peers, Inc.. BearShare39http://www.absolutestartup.com/startup/1
322beatnik internet clock0 11BeatNik.exe1 00140BeatNik_Internet_Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with the atomic clock.23http://www.somedec.com/0
114beegees update0 11beegees.exe1 00 27Added by the  W32/Sdbot-ADK57http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html0
2 4BEEI0  8beei.exe1 00  2?? 01
3 8befaster0 13befaster3.exe1 00 46BeFaster internet connection optimization tool26http://www.ekremdeniz.com/0
2 4BEHL0  8BEHL.exe1 00  2?? 01
2 5BEHLO0  9BEHLO.exe1 00  0 01
2 8BELORVBI0 12BELORVBI.exe1 00  2?? 01
310Belsta.exe0 10Belsta.exe1 00171Configuration tool for Belkin wireless network cards. Required to change the card’s configuration. Is it required for correct operation once the confuiguration is changed? 01
1 4Belt0  8Belt.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
119Benadril Alert Tool0 17benadrilalert.exe1 00102Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril 01
319BackupExecScheduler0  9besch.exe1 00 32Veritas "Back Up My PC" software 01
319BestCrypt Auto Open0 22BestCrypt.exe AutoOpen222StartUp menu\All users0 65BestCrypt Application 7.11, Jetico, Inc.. BestCrypt Control Panel39http://www.absolutestartup.com/startup/1
215BestPopUpKiller0 19BestPopupKiller.exe1 00179Popup killer of dubious repute by SwankSoft.com. For more info about the company, do a search for 'SwankSoft' on this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
215BestPopUpKiller0 28BestPopupKiller.exe /startup211HKEY_CU\Run0 66Best Popup Killer 2005.08.0019, TrustSoft, Inc.. Best Popup Killer39http://www.absolutestartup.com/startup/1
1 5BeSys0  9BEsys.exe1 00 33Added by the Adware.BeSys adware.56http://www.sarc.com/avcenter/venc/data/adware.besys.html0
117[different names]0  8Beta.EXE1 00142Added by the W32/SdBot-FQ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotfq.html0
114WINDOWS SYSTEM0  8beta.exe1 00133Added by the W32/Mytob-BE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobbe.html0
316BullsEye Tracker0 11BeTrack.exe1 00 41Bullseye - intelligent research assistant53http://www.intelliseek.com/prod/bullseye/bullseye.htm0
113System Config0  7BF3.EXE1 00134Added by the W32/Spybot-DT worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32spybotdt.html0
4 5load=0 10Bfrecv.exe1 00 20Bitware modem driver 01
1 7bftehux0 11bftehux.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bfyykaw0 11bfyykaw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6BGInfo0 10Bginfo.exe1 00174BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more55http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml0
1 4bgjx0  8bgjx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
411BGNewsAgent0 12bgnewsag.exe1 00 27BullGuard antivirus updater25http://www.bullguard.com/0
2 7bgsmsnd0 11bgsmsnd.exe1 00 53Printer driver to generate PDF files from any program 01
318BackgroundSwitcher0 12bgswitch.exe1 00329Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here19Desktop Slide Show.0
422Browser Hijack Blaster0 13bhblaster.exe1 00109Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings45http://www.wilderssecurity.com/bhblaster.html0
1 3Bsj0  7Bhe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bhengd0 10bhengd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Eoj0  7Bhi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6BHOCop0 10BHOCop.exe1 00105ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware70http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html0
312BHODemon 2.00 12BHODemon.exe1 00386BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand 01
115[various names]0 11bhoserv.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
116Browser Help Svc0  8BHSV.EXE1 00132Added by the W32/Rbot-AVQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavq.html0
316bi1helperstartup0 12BI1HEL~1.EXE1 00 26Beach_Islands Screensaver.65http://www.screenscenes.com/product.html?screensaver=BeachIslands0
1 4LTM20  9bible.exe1 00 31Added by the LITMUS.203 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2030
110[not used]0 10BIDBFn.exe1 00 30c:\windows\system32\Systen.dll 01
124[random 12 digit number]0 12bidispl2.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 4bies0  8bies.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
133This is a virus, please delete it0 15bigbadvirus.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
2 6BigFix0 22BigFix.exe  /atstartup2 00 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application 01
3 6BigFix0 22BigFix.exe  /atstartup222StartUp menu\All users0 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application39http://www.absolutestartup.com/startup/1
2 6bigfix0 10BIGFIX.EXE1 00352BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog40http://www.bigfix.com/website/index.html0
1 5biknn0  9biknn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Billminder0 22BILLMIND.EXE  -startup2 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12Billmind.exe1 00 90Can be setup in Quicken to remind user of due payments. Available via Start -&gt; Programs 01
210Billminder0 12billmind.exe1 00 66Quicken 98 for Windows 007.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12BILLMIND.EXE1 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
314Billminder.lnk0 21billmind.exe -startup211HKEY_LM\Run0 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder39http://www.absolutestartup.com/startup/1
1 8dashplus0 21bind software bib.exe2 00200IE Toolbar for Lop.com.  If the exe is running in your process list, end it, and delete the directory it is residing in.  This directory is most likely in your user profile application data directory. 01
3 8shareaza0 11bindata.exe1 00 27Shareaza P2P client related24http://www.shareaza.com/0
1 8bingdian0 12Bingdian.vbs1 00 24Added by the BINGD WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bingd@mm.html0
115[Various Names]0 10bingo9.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5BIOS10  9BIOS1.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 4Bios0 10Bios32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
115Terminal Update0 12biosefui.exe1 00 43Added by the Troj/PPdoor-O backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdooro.html0
116BIOS Net Service0 12BIOSserv.exe1 00 48Added by the W32/Rbot-BFL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfl.html0
2 7BIOVCIP0 11BIOVCIP.exe1 00  2?? 01
218title play bash up0 13Bird Live.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Blr0  7Bis.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Microsoft Explorer20 12bitchbot.exe1 00153Added by the Troj/Sdbot-EJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotej.html0
2 8bitcomet0 12BitComet.exe1 00 63BitComet P2P client - can be launched from Start Menu  Programs33http://www.bitcomet.com/index.htm0
2 8BitComet0 12BitComet.exe111HKEY_CU\Run0 64BitComet 0.59., www.BitComet.com. BitComet - a BitTorrent Client39http://www.absolutestartup.com/startup/1
323BitDefender_P2P_Startup0 27BitDefender_P2P_Startup.exe1 00164Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
121bitdefender antivirus0 16BITDEFENDERX.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
128Microsoft Windows DLLHandler0 12bitpaint.exe1 00 28Added by the SDBOT.AHG WORM!108http://uk0
1 7bjnrajk0 11bjnrajk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
217Easy-PrintToolBox0 12BJPSMAIN.EXE1 00 85A utility to launch the applications that are bundled with a Canon bubblejet printer. 01
317Easy-PrintToolBox0 19BJPSMAIN.EXE /logon211HKEY_LM\Run0 45BJPSMAIN.EXE 1, 1, 0, 0, CANON INC.. BJPSMAIN39http://www.absolutestartup.com/startup/1
1 5bkdak0  9bkdak.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8bkncbmvi0 12bkncbmvi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 8BlackICE0 10blackd.exe1 00167Internet Security System's BlackIce Firewall.  Disabling this service will make the firewall not function.  Should be found in C:\Program Files\ISS\BlackICE\blackd.exe49http://blackice.iss.net/product_pc_protection.php0
410LoadBlackD0 10blackd.exe1 00183This is the &quot;intrusion detection system&quot; of the BlackICE PC Protection (was Defender) firewall which loads independently of the &quot;user interface&quot; (BlackICE Utility)49http://blackice.iss.net/product_pc_protection.php0
222BlackICE PC Protection0 12blackice.exe1 00410Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the &quot;Startup&quot; menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD49http://blackice.iss.net/product_pc_protection.php0
216BlackIce Utility0 12blackice.exe1 00  049http://blackice.iss.net/product_pc_protection.php0
3 5blads0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe111HKEY_CU\Run0 76Ad Blocker of Tweak-XP 1.17.0001, Totalidea Software. Ad Blocker of Tweak-XP39http://www.absolutestartup.com/startup/1
2 6Blanch0 10Blanch.exe125StartUp menu\Current user0 59blanch 1, 0, 0, 0, One Guy Coding. Button Launch for Win 3239http://www.absolutestartup.com/startup/1
0 7BuildBU0 11bldbubg.exe1 00  0 01
2 7bldbubg0 11bldbubg.exe1 00 25Found on a Dell machine?? 01
2 7BuildBU0 11bldbubg.exe1 00  0 01
110win32 test0 12bleatest.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
122BLMessagingIntegration0 12blengine.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
1 4Bles0  8bles.exe1 00 32Added by a TROJAN, Troj/Blesh-A.56http://www.sophos.com/virusinfo/analyses/trojblesha.html0
215ESPN BottomLine0  9bline.exe1 00388ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." 01
115[various names]0  9bling.exe1 00 26Added by the RBOT-NI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotni.html0
3 6blinkx0 10blinkx.exe1 00 39Blinkx_Desktop "Smart Folders" software34http://www.blinkx.com/overview.php0
210blinkxgate0 18blinkx.exe -gate30211HKEY_CU\Run0 41Blinkx 3, 0, 3, 0, Blinkx Limited. Blinkx39http://www.absolutestartup.com/startup/1
154t9d0qh$vùõš/²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe0 10blkbos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112blockchecker0 17Block-checker.exe1 00 19BlockChecker adware67http://www.symantec.com/avcenter/venc/data/adware.blockchecker.html0
310Ad Blocker0 11blocker.exe1 00 77Ad Blocker - blocks popups, and also removes banners, image ads and flash ads20http://www.cdkm.com/0
310Ad Blocker0 11blocker.exe111HKEY_LM\Run0 29Ad Blocker 1.2.0.0, cdkm.com.39http://www.absolutestartup.com/startup/1
212BlockTracker0 16BlockTracker.exe1 00 91If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file 01
3 9blsloader0 13blsloader.exe1 00 29BellSouth ISP  Internet_Tools56https://www.fastaccess.com/content/consumer/features.jsp0
2 5spc_w0  9blspc.exe1 00 22NetZero Search related 01
1 4blss0  8blss.exe1 00 27Added by the BLARUL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html0
2 7BLSTAPP0 11blstapp.exe1 00 59Puts access to Creative's BlasterControl in the System Tray 01
3 7BlstApp0 11BLSTAPP.EXE111HKEY_LM\Run0 76BlasterControl 3 3.00.1, Creative Technology Ltd. BlasterControl Application39http://www.absolutestartup.com/startup/1
1 120 12BlstCtrl.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
2 8blubster0 12Blubster.exe1 00 20Related to  Blubster24http://www.blubster.com/0
313AVMBlueClient0 13bluefritz.exe111HKEY_LM\Run0 40avm BlueFRITZ 1, 0, 0, 1, avm. BlueFRITZ39http://www.absolutestartup.com/startup/1
210BlueSoleil0 14BlueSoleil.exe122StartUp menu\All users0 61BlueSoleil 1, 4, 0, 1, IVT Corporation. Bluetooth Application39http://www.absolutestartup.com/startup/1
1 4BMan0  9BMan1.exe1 00 39Abcsearch.com/DealHelper adware variant 01
1 4bmkd0  8bmkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BookmarkCentral0 14BMLauncher.exe1 00123Bookmark Express - &quot;offers a more flexible way to manage Web site bookmarks, regardless of which browser you use&quot;31http://www.bookmarkexpress.com/0
3 7BMMLREF0 11BMMLREF.EXE1 00 40Battery Manager for IBM ThinkPad laptops 01
1 8Casdvqwa0 11bmqnzkg.exe1 00 28Added by the RANDEX.BE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.be.html0
2 5Buzme0  8Bmui.exe1 00199Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem38http://www.buzme.com/buzme/default.asp0
2 8BMupdate0 12BMupdate.exe1 00155Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install 01
1 3BMZ0  7bmz.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 4bnbk0  8bnbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111Failed Test0 10BNDSDX.EXE1 00133Added by the W32/Sdbot-JS worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotjs.html0
1 6Bndt320 10Bndt32.exe1 00 24Added by the LACON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lacon@mm.html0
115[Various Names]0  8bnui.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
316bo1helperstartup0 12BO1HEL~1.EXE1 00115ScreenScenes  Butterfly_Oasis screensaver.  The freeware version comes with  GAIN branded ads (pop-ups and others).67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
316BO1HelperStartUp0 25BO1HEL~1.EXE /partner BO12 00  0 01
316bo1helperstartup0 13Bo1helper.exe1 00240ScreenScenes  Butterfly_Oasis screen saver. The freeware version comes with  GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
4 6BOC4120 10BOC412.exe1 00 54Version 4.12 of NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
1 6RegBar0 16bocaitoolbar.dll1 00 68Added by the Adware.BocaiToolbar search hijacker and popup delivery.63http://www.sarc.com/avcenter/venc/data/adware.bocaitoolbar.html0
416BOCleanautostart0 11Boclean.exe1 00 38NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
322Caddais BackupOnDemand0 10BODMon.exe1 00200Caddais BackupOnDemand - &quot;runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location&quot;43http://www.caddais.com/BackupOnDemand.shtml0
1 8bofratlc0 12bofratlc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 11Bogobot.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313BOINC Manager0 15boincmgr.exe /s225StartUp menu\Current user0 87BOINC Manager 4.25, Space Sciences Laboratory, U.C. Berkeley. BOINC Manager for Windows39http://www.absolutestartup.com/startup/1
1 6bokqrl0 10bokqrl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Rase0  8boln.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 8bombshel0 10BOMB32.EXE1 00163Part of McAfee Nuts &amp; Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems 01
118windowssql service0  9boner.exe1 00 29Added by the  SDBOT.XRM WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XR0
1 3boo0  7boo.exe1 00 77Adware downloader - detected by  Kaspersky antivirus as Trojan.Win32.Favadd.o36http://www.kaspersky.com/personalpro0
321Atalho para boostkit20 13boostkit2.exe125StartUp menu\Current user0 46BoostKit 2.1, Software Benefits Inc.. BoostKit39http://www.absolutestartup.com/startup/1
1 4boot0  8boot.exe1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
119MS-DOS Boot Service0 10Boot32.pif1 00132Added by the W32/Rbot-AMF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamf.html0
1 6KeBoot0 10Boot32.sys1 00153Added by the HaxDoor.B rootkit/backdoor Trojan.  This service is installed as a system driver and is part of the rootkit functionality of this infection.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
1 9ccExecute0 12bootcfg1.exe1 00 31Added by the W32/Nemsi-B virus.55http://www.sophos.com/virusinfo/analyses/w32nemsib.html0
113Internat Conf0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 6sysPnP0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 8bootctrl0 12bootctrl.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 4xbtl0 11bootldr.exe1 00116Added by the Spyware.WSLogger surveillance software.  If you did not install this software it should be uninstalled.60http://www.sarc.com/avcenter/venc/data/spyware.wslogger.html0
110BootLoader0 14BootLoader.exe1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
110BootLoader0 18BootLoader.exe.vbs1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
112Boot Manager0 11bootmng.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110bootpd.exe0 10bootpd.exe1 00200Identified by Kapersky as Trojan.Win32.StartPage.vk.  This infections hijacks popular search engines to another site and hijacks your start page to Premium Search which is a locally stored .html file. 01
114Microsoft Word0 14BootSector.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
421BootSkin Startup Jobs0 12BootSkin.exe1 00106Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens.42http://www.stardock.com/products/bootskin/0
321BootSkin Startup Jobs0 25bootskin.exe /StartupJobs211HKEY_LM\Run0 41BootSkin 1, 0, 6, 0, . Stardock BootSkin!39http://www.absolutestartup.com/startup/1
310BootStatus0 12BOOTST~1.EXE1 00178Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.  Once you exit it, it has no more effect on resources 01
124[random 12 digit number]0 12bootvid4.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8BootWarn0 12BootWarn.exe1 00838From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from “Start \ Programs \ Norton AntiVirus”. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab – it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"60http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm0
3 8BootWarn0 15BootWarn.exe /a211HKEY_LM\Run0 76Norton AntiVirus 11.0.9, Symantec Corporation. Norton AntiVirus Boot Warning39http://www.absolutestartup.com/startup/1
122[random pair of words]0 12bopotsvr.exe1 00 88Added by the Troj/Shed-A.  This infection lowers the security settings on your computer.55http://www.sophos.com/virusinfo/analyses/trojsheda.html0
115[Various Names]0 12borlandg.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 6Boston0 10Boston.exe1 00 49Part of the Boston Acoustics USB speaker systems. 01
133Microsoft Synchronization Manager0  7bot.exe1 00 27Added by the SDBOT.IH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH0
124Microsoft Update Machine0  7bot.exe1 00143Added by the W32/Rbot-EI trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotei.html0
113winsockdriver0  7bot.exe1 00 49Added by the W32/Warpigs-D worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32warpigsd.html0
116Microsoft Update0 10Botnet.exe1 00 28Added by the  RBOT.AFL WORM!107http://de0
120Configuration Loader0  9botss.exe1 00144Added by the W32/Sdbot-XS network worm.  When started this infection connects to a remote IRC server where it waits for commands to be executed.56http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html0
114WINDOWS SYSTEM0 10botzor.exe1 00 50Added by the W32/Zotob-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotoba.html0
118Bouncer RunStartup0 11bouncer.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115[Various Names]0 12BoundRec.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313VolumeCounter0 12BoVolume.exe111HKEY_LM\Run0 131, 0, 0, 0, .39http://www.absolutestartup.com/startup/1
217Windows Protectot0 10boxide.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
117windows protectot0 10boxide.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 3RVP0  7bpc.exe1 00 67Spyware included with the latest version of Grokster. Also see here89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=00
1 8bpcv2_re0 16bpc2_re_inst.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212BigPondCable0 11bpcable.exe1 00 62Telstra Bigpond Cable login software - can be started manually 01
311bpcpost.exe0 11bpcpost.exe1 00204MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
1 5bpcv20  9BPCv2.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
424NetBackup Client Service0 11bpinetd.exe1 00 28The Netbackup backup client.53http://www.veritas.com/Products/www?c=product&refId=20
3 3bpk0  7bpk.exe1 00 131, 4, 7, 0, . 01
3 3BPK0  7bpk.exe1 00189Blazing Tools  Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove36http://www.blazingtools.com/bpk.html0
1 6bpkmxe0 10bpkmxe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
142Major Microsoft Windows Driver Boot loader0  9bpool.exe1 00 12Added by the38W32/Mytob-AL WORM/IRC backdoor trojan!0
115ContinueInstall0 14bpsinstall.exe1 00 19BrowserAid parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
1 3bpt0  7bpt.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
2 6bcpc_c0  9bpt_c.exe115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
1 4Breg0  9bptre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212Backpack UDF0 12bpudfmon.exe1 00175Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
315BigPond Toolbar0 12bpumTray.exe1 00202Telstra BigPond Toolbar - &quot;Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier&quot;42http://www.bigpond.com/helpcentre/toolbar/0
315BigPond Toolbar0 12bpumTray.exe111HKEY_LM\Run0 51BigPond Toolbar Version 1.50, Telstra. Toolbar Icon39http://www.absolutestartup.com/startup/1
1 4bqld0  8bqld.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BurnQuick Queue0 10BQTray.exe1 00179System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
310BQTray.exe0 10BQTray.exe1 00180System Tray access to  BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
1 7bqvtkds0 11bqvtkds.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10br0ken.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114WINDOWS SYSTEM0 11br32srv.exe1 00 48Added by the W32/Mytob-GL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobgl.html0
118Tok-Cirrhatus-19590 12br4941on.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
118Tok-Cirrhatus-27840 12br6591on.exe1 00 32Added by the W32/Brontok-I worm.57http://www.sophos.com/virusinfo/analyses/w32brontoki.html0
1 6Brasil0 10Brasil.exe1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
1 6Brasil0 10BRASIL.PIF1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
111BraveSentry0 15BraveSentry.exe1 00 60Added by the ADW_SPYSHERIFF.B rogue antispyware application.99http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FSPYSHERIFF%2EB&VSect=Td0
216ControlCenter2.00 12brctrcen.exe1 00 70Brother scanner 'Control Center' application - can be started manually 01
216ControlCenter2.00 21brctrcen.exe /autorun2 00 84ControlCenter2.0 2, 0, 8, 0, Brother Industries, Ltd.. ControlCenter2.0 Main Program 01
314Break_Reminder0 18BREAK REMINDER.exe2 00 94Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here34http://www.cheqsoft.com/break.html0
110WinUpdateB0 11breatle.exe1 00 31Added by the W32.Bratle.A worm.73http://www.sarc.com/avcenter/venc/data/w32.bratle.a.html#technicaldetails0
1 4Breg0  8breg.exe1 00101Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\Common Files\Java\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 9whitechix0 11brightx.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
415Brindys BriTray0 11BRITRAY.EXE1 00433Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH &amp; BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons &amp; menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired23http://www.brindys.com/0
313xBrotherMeCom0 11BrMeCom.exe1 00 37Related to Brother MFC-9200c printer. 01
214Status Monitor0 12BrMfcWnd.exe1 00 56Brother scanner status monitor - can be started manually 01
214Status Monitor0 38BrMfcWnd.exe Brother DCP-110C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother FAX-2440C /STARTUP2 00  0 01
214Status Monitor0 38BrMfcWnd.exe Brother MFC-210C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-3240C /STARTUP2 00  0 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-420CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 40BrMfcWnd.exe Brother MFC-5840CN /STARTUP2 00 74Status Monitor 1, 2, 0, 7, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-620CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
3 8brmfrmpa0 12BrmfRmPA.exe1 00105Brother resource manager - needed for a Brother MFC printer/copier/scanner and PC to properly communicate 01
050Brother Popup Suspend service for Resource manager0 12Brmfrmps.exe1 00 80Related to the Brother printer software. Is this necessary to run automatically? 01
115[Various Names]0 11Brong32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Bron-Spizaetus0 12bronstab.exe1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
1 9StartMenu0 10browse.exe1 00 43Added by the Troj/Drowsy-C backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojdrowsyc.html0
1 8browsela0 12browsela.dll1 00 45A variant of the Trojan/Dldr.Delf.aeo Trojan. 01
124[random 12 digit number]0 12browser8.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
111browser aid0 14browseraid.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
316Browser Sentinel0 19BrowserSentinel.exe1 00161Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See here56http://www.unhsolutions.net/Browser-Sentinel/index.shtml0
1 7Browser0 11browsvr.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
2 9setdefprt0 12BrStDvPt.exe1 00 90Used to set a Brother MFC printer/copier/scanner as the default printer after installation 01
2 9SetDefPrt0 12BrStDvPt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412BrSplService0 12brsvc01a.exe1 00150This file is an integral part of the Brother printer driver.  Disabling this service will disable communication between your computer and the printer. 01
112Fuck-The-IRC0  9brttm.exe1 00 76Added by the Troj/Wallop-A TROJAN/backdoor, and found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojwallopa.html0
111BookedSpace0 14bs2.dll,DllRun1 00 41Adware, related to the  Remanent parasite45http://www.doxdesk.com/parasite/Remanent.html0
118Microsoft Services0  9bsc32.exe1 00 29Added by the  BDOOR-AW TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooraw.html0
212B&#039;sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
2 6BsCLiP0 10BSCLIP.exe1 00  0 01
2 7B'sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
1 5sysbo0 11bsdue32.exe1 00134Added by the W32/Sdbot-UR trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotur.html0
3 9BellSouth0 27BsnAppCenter.exe /Scheduler211HKEY_LM\Run0 80Application Center 3, 1, 3049, 0, BellSouth. BellSouth Application Center Module39http://www.absolutestartup.com/startup/1
112Bsoft lppt010  9Bsoft.exe1 00195New variant of the  RapidBlaster parasite (in a &quot;BelmontSoft&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
3 9bs player0 12bsplayer.exe1 00 81BSplayer -  A video player used to play avi, mpg, wmv and other multimedia files.24http://www.bsplayer.org/0
114BS Mediaplayer0 10bsplyr.exe1 00248Added by the W32/Rbot-OU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotou.html0
1 9WindowsFY0  7bsw.exe1 00133Identified as Trojan.Win32.Agent.ct. When run this file extracts a bmp file to the c:\ folder and sets it as your desktop background. 01
0 6BBDial0 16BT Broadband.exe2 00 21Part of BT Broandband 01
1 3vb60  8BT32.EXE1 00 12Added by the19W32/Wurmark-D WORM!0
328Bluetooth Connection Manager0 18BTCM.exe /minimize222StartUp menu\All users0 69Bluetooth Connection Manager 1.2.0, 3Com Corporation. BTCM Executable39http://www.absolutestartup.com/startup/1
218motive smartbridge0 18BTHelpNotifier.exe1 00205System tray icon for the Virtual Assistant from  BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required27http://www.bt.com/index.jsp0
218Motive SmartBridge0 18BTHelpNotifier.exe111HKEY_LM\Run0 94Motive System 5.8.13.asst_classic.smartbridge, Motive Communications, Inc.. Motive SmartBridge39http://www.absolutestartup.com/startup/1
127Microsoft Bluetooth Support0 11bthsupp.exe1 00131Added by the W32/Btbot-A worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32btbota.html0
0 6btinst0 10btinst.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 4btmi0  8btmi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317btmodemprotection0 21BTModemProtection.lnk1 00 55BT Privacy Online modem protection software,  see  here33http://www.btmodemprotection.com/0
310LoadBtnHnd0 10BtnHnd.exe1 00186Fujitsu Lifebook computers have some buttons on the case - they can be programmed to execute specified programs (like hotkeys).  The buttons can also be used as a combination lock input. 01
1 5btqhq0  9btqhq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9msimn.exe0  7btr.exe1 00 43Added by the W32/Bater-A mass mailing worm.55http://www.sophos.com/virusinfo/analyses/w32batera.html0
112f73cdc8ee94e0 12btsendto.exe1 00 46Associated with mysearchnow.com/searchbar.html 01
012btsetbootkey0 16BTSetBootKey.exe1 00 34Related to a USB Bluetooth adaptor 01
3 7BtStart0 11btstart.exe1 00 60Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software41http://www.widcomm.com/Partners/index.asp0
313Button Server0 12bttnserv.exe1 00220Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required 01
3 6bttray0 10bttray.exe1 00347System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device 01
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 91Bluetooth Software 1.4.2 Build 10 1.4.2 Build 10, WIDCOMM, Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 84WIDCOMM Bluetooth Software 1.2.2.4 1.2.2.4, WIDCOMM Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
1 9BTuihgter0 13BTuihgter.exe1 00 36Added by the Troj/Banloa-AAA Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloaaaa.html0
4 8BTUSRBDG0 12BtUsrBdg.exe1 00 60Used with a Mitsumi USB Bluetooth adaptor (and maybe others)33http://www.mitsumi.de/index4.html0
4 9BTUSRBDGF0 12BtUsrBdg.exe1 00 41Used with a Mitsumi USB Bluetooth adaptor33http://www.mitsumi.de/index4.html0
1 3BTV0  7btv.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 4BtvC0 12btvclean.exe1 00 87Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\BTV\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
417Bluetooth Service0 11btwdins.exe1 00 74Bluetooth driver/software used by many vendors and computer manufacturers. 01
1 6btyuyn0 10btyuyn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Buddyizer0 13Buddyizer.exe1 00112Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network 8#AIMster0
125System Buffer Application0 12buffer32.exe1 00 85Added by W32/Sdbot-UD, a WORM/backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotud.html0
318bugwatcher service0 14bugwatcher.exe1 00304Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures26http://www.bugtoaster.com/0
1 4bulk0  8bulk.exe1 00 50Added by the W32/Agobot-ACR worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32agobotacr.html0
414BullguardoptIn0 16bulldownload.exe1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
313BullGuard 5.00 13BullGuard.exe111HKEY_CU\Run0 53BullGuard 5.02 5.0.2.0, BullGuard Software. BullGuard39http://www.absolutestartup.com/startup/1
4 2bg0 13bullguard.exe1 00 95Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster25http://www.bullguard.com/0
1 4rscn0 29bum&lt;random numbers&gt;.exe2 00 36Added by the Troj/DownLdr-LA Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrla.html0
1 9SAHBundle0 10bundle.exe1 00 33ShopAtHomeSelect parasite related 7#FF00000
114VBundleOuterDL0 15BundleOuter.EXE1 00380VirtualBouncer 2.0 - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115System settings0 12burndl32.exe1 00134Added by the W32/Sdbot-ZO worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzo.html0
211Scan Wizard0 10button.exe1 00102Associated with ScanWizard as supplied with Microtek scanners - see also  Scanner Detector or SDetect.19#Scanner%20Detector0
2 9ButtonKey0 13ButtonKey.exe1 00219CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut45http://www.scanace.com/en/product/product.php0
3 9Buzof.exe0  9buzof.exe1 00170Buzof from Basta Computing &quot;enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes&quot;34http://www.basta.com/ProdBuzof.htm0
1 9RNBc Test0 11bvldv32.exe1 00133Added by the W32/Rbot-AJF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajf.html0
1 7SysScan0  7bvt.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 6bwcaur0 10bwcaur.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116XupiterCfgLoader0 15BWCfgLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
3 8LWBMOUSE0 12BWheel35.exe111HKEY_LM\Run0 368.0.0.0, . Mouse Control Application39http://www.absolutestartup.com/startup/1
1 8bwopljka0 12bwopljka.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221BitWare Print Monitor0 12bwprnmon.exe1 00 29FaxServe network fax software54http://www.accpac.com/products/communication/faxserve/0
218Service Connection0 10bwtray.exe1 00 32For Compaq PC's. Part of Backweb 01
1 6bwxddv0 10bwxddv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bxfhmlb0 11bxfhmlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8oeplugin0 14bxOEPlugin.exe1 00177noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text.33http://www.baxbex.com/nohtml.html0
1 7bxproxy0 11bxproxy.exe1 00 42Identified as a variant of DLOADER.Trojan. 01
316Boost XP Service0 13bxservice.exe1 00 48Boost XP from Systweak - WinXP tweaking utility 43http://www.systweak.com/boostxp/boostxp.htm0
316boost xp service0 13bxservice.exe111HKEY_CU\Run0 50BXP Service 1, 2, 7, 2, Systweak. Boost XP Service39http://www.absolutestartup.com/startup/1
1 5bxxs50  9bxxs5.dll1 00 20BookedSpace parasite44http://doxdesk.com/parasite/BookedSpace.html0
1 4bytq0  8bytq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7byxkryf0 11byxkryf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5httpd0  9c_pan.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
138{29F97553-FBD6-33D1-BFC1-47A024D1875C}0  7c2c.dll1 00156Paradox.nfo, file_id.diz.  It also installs these files in the Windows system folder: c2c.dat.br /br /Uses CLSID: b{29F97553-FBD6-33D1-BFC1-47A024D1875C}/b. 01
0 6c32cs20 10c32cs2.exe1 00 91Part of the Cyber Sentinel Internet filtering software. Does anyone know if what this does?46http://www.securitysoft.com/new601/cs_home.htm0
4 7C4EBReg0 14c4ebreg.exe /q211HKEY_LM\Run0 534.82, IBM Global Services. IBM Standard Asset Manager39http://www.absolutestartup.com/startup/1
316Zone Labs Client0  6ca.exe111HKEY_LM\Run0 57EZ Firewall 4.5.554.000, Computer Associates. EZ Firewall39http://www.absolutestartup.com/startup/1
411ez firewall0  6ca.exe1 00 34eTrust  EZ_Armor Internet Security48http://www3.ca.com/Solutions/Product.asp?ID=32430
1 7JVM0.120  8caac.exe1 00 47Identified as Trojan-Downloader.Win32.Agent.jc. 01
121Microsoft Cab Manager0  7cab.exe1 00 77Added by the Troj/Delf-JJ Trojan!  File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
1 6Cabchk0 10Cabchk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Cabchk320 12Cabchk32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
111CABCInstall0 15CABCInstall.exe1 00 30CABC content delivery software45http://www.cabc.com/product/product_main.html0
110[not used]0  9Cable.exe1 00 33Added by the W32/Cablenet-A worm.58http://www.sophos.com/virusinfo/analyses/w32cableneta.html0
2 6delcab0  8cabs</a>1 00  6??font 01
124[random 12 digit number]0 12cabview1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
320Computer Alarm Clock0  7cac.exe111HKEY_LM\Run0 512.0.0.0, Think Art Computing.. Computer Alarm Clock39http://www.absolutestartup.com/startup/1
2 8Cacheman0 12Cacheman.exe1 00103Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up25http://www.outertech.com/0
3 8Cacheman0 12Cacheman.exe111HKEY_CU\Run0 40Cacheman 5, Outer Technologies. Cacheman39http://www.absolutestartup.com/startup/1
410CachemanXP0 14CachemanXP.exe1 00178CachemanXP is a system service designed to improve the performance of your computer by optimizing several caches, auto-recovering RAM and fine tuning a number of system settings.62http://www.outertech.com/index.php?_charisma_page=product&id=70
4 8CacheMgr0 12CacheMgr.exe1 00 30Sophos Antivirus Remote Update35http://www.sophos.com/products/sav/0
210CACStarter0 12cacstart.exe1 00 37Cash A Check - check writing software 01
3 4CADS0  8cads.exe1 00 42Cyber Sentinel internet filtering software46http://www.securitysoft.com/new601/cs_home.htm0
221ABBYY Community Agent0 10CAGENT.EXE1 00243Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the&nbsp;5.0 version of the software 01
2 6CAgent0 10CAgent.exe1 00100Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents27http://www.fine-reader.com/0
213CahootWebcard0 17CahootWebcard.exe1 00291The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details. Run manually when needed 01
1 8cailegus0 12cailegus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Dir10  4caKe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6DlDir10  4caKe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6CALC320 10CALC32.EXE1 00133Added by the W32/Spybot-EC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotec.html0
233Photo Express Calendar Checker SE0 12CalCheck.exe1 00 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker 01
233Photo Express Calendar Checker SE0 12CALCHECK.EXE1 00253If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly 01
232Ulead Photo Express x.0 Calendar0 12calcheck.exe1 00279Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See here for disabling instructions33http://www.ulead.com/pe/runme.htm0
343Ulead Photo Express 4.0 SE Calendar Checker0 12CalCheck.exe122StartUp menu\All users0 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker39http://www.absolutestartup.com/startup/1
222Calendar 200X Reminder0 12calendar.exe1 00 76Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc34http://www.jgraff.addr.com/cal.htm0
323Logo Calibration Loader0 21CalibrationLoader.exe122StartUp menu\All users0122CalibrationLoader 5.1 5, 0, 2, 168, LOGO Kommunikations- und Drucktechnik GmbH & Co. KG. CalibrationLoader 5.1 Application39http://www.absolutestartup.com/startup/1
1 4calk0  8calk.exe1 00 74The Troj/StartPa-FH TROJAN adds this to modify Internet Explorer settings.59http://www.sophos.com/virusinfo/analyses/trojstartpafh.html0
314CAPI - Monitor0 12CALLTRAY.exe122StartUp menu\All users0172ISDN CAPI call monitor                          1.10                            , EllSoft Software Development & Design                                  . CAPI call monitor39http://www.absolutestartup.com/startup/1
221Cal Reminder Shortcut0 10calrem.exe1 00 75Produces a pop-up reminder of events scheduled using the MS Office Calendar 01
2 8CamCheck0 12CamCheck.exe1 00 29NuCam camera software related34http://www.nucam.com.tw/index1.htm0
215Camera Detector0 12CAMDET~*.EXE1 00  073http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
215Camera Detector0 13Camdetect.exe1 00138ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically73http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
3 6cameno0 10Cameno.exe1 00 78Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above32http://www.spadeapps.com/cameno/0
2 7Camfrog0 22Camfrog Video Chat.exe211HKEY_CU\Run0 59Camfrog Launcher 1, 0, 0, 1, Camshare LLC. Camfrog Launcher39http://www.absolutestartup.com/startup/1
1 9L02qRgGtO0 12camiscon.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
220Creative WebCam Tray0 11CamTray.exe1 00 89Creative Cam Detector 3.60, Creative Technology Ltd. Creative Camera Launcher Application 01
220Creative WebCam Tray0 11Camtray.exe1 00 54Creative WebCam tray control - can be started manually 01
220Creative WebCam Tray0 11CAMTRAY.EXE111HKEY_LM\Run0 92Video Blaster WebCam Go 2.1, Creative Technology Ltd. WebCam Go Control launcher application39http://www.absolutestartup.com/startup/1
2 6Canada0 10Canada.exe1 00 53Known to be a dialler - but is it maliscous or clean? 01
1 9ASDPLUGIN0 10canada.exe1 00 21Malware adult dialer. 01
1 8Eac_Cnry0 10canary.exe1 00 28Added by the  CANARY TROJAN!56http://www.sophos.com/virusinfo/analyses/trojcanary.html0
2 6Canary0 14canary-std.exe1 00 68Canary monitoring program. Keylogger, monitors all computer activity 01
111CanerServer0  9caner.exe1 00 45Added by the Troj/Hupigon-ES backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigones.html0
0 6cap3on0 11CAP3ONN.EXE1 00 59Canon driver,  purpose unknown - is it required in startup? 01
220Capture Express 20000 10capexp.exe1 00 40Capture Express - screen capture utility30http://www.captureexpress.com/0
2 6Capfax0 10capfax.exe1 00223a  rel="nofollow" target="_blank" href="http://shop.bvrp.com/english/asp/default.asp?UserPrefLanguage=1&UserPrefCountry=3&UserPrefCurrency=4&UserPrefCurrentCompany=18&UserPrefUseVicom=1&id_product=86"PhoneTools fax software 01
2 6CapFax0 10CapFax.EXE111HKEY_LM\Run0 63Winfax - WinPhone 5.00, BVRP Software. Surveillance Capture Fax39http://www.absolutestartup.com/startup/1
3 6caping0 10CAPing.exe1 00 30Citibank Citianywhere software 01
242Canon PC1200 iC D600 iR1200G Status Window0 12CAPM1LAK.EXE1 00 26Canon P1200 printer status 01
4 5Capon0  9Capon.exe1 00 20Canon printer driver 01
4 5capon0 10Caponn.exe1 00 20Canon printer driver 01
2 4CApp0  8capp.exe111HKEY_LM\Run0 57capp Ó¦ÓóÌÐò 1, 1, 1, 9, . capp Microsoft »ý´¡ÀàÓ¦ÓóÌÐò39http://www.absolutestartup.com/startup/1
011Captainhook0 15CaptainHook.exe1 00 26Part of the Novell Client. 01
1 7capture0 11capture.exe1 00 44Added by the Troj/Theef-B keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefb.html0
310CaptureWiz0 14CaptureWiz.exe125StartUp menu\Current user0 541.0.0.0, PixelMetrics. CaptureWiz Pro application file39http://www.absolutestartup.com/startup/1
310CardMinder0 16CardLauncher.exe111HKEY_LM\Run0 71CardMinderApplication 2, 0, 30, 2, PFU Limited.. CardMinder Application39http://www.absolutestartup.com/startup/1
1 6Care200 10Care20.exe1 00 15TopMoxie adware49http://www.pestpatrol.com/PestInfo/t/topmoxie.asp0
3 8care2gtu0 12Care2GTU.exe1 00289Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it keep it 01
311CARPservice0 12carpserv.exe1 00126Associated with  Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example23http://www.zoltrix.com/0
311CARPService0 12carpserv.exe111HKEY_LM\Run0 62SoftK56 Modem Driver 6.02.05, Conexant Systems, Inc.. carpserv39http://www.absolutestartup.com/startup/1
110CARPserver0 14CARPserver.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
113ConfiggLoader0 11cart322.exe1 00 28Added by the GAOBOT.DJ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html0
1 6cartao0 10cartao.exe1 00 69Added by the  Troj/Banker-AY TROJAN, which will also use cartao2.exe.58http://www.sophos.com/virusinfo/analyses/trojbankeray.html0
1 8cas2stub0 12cas2stub.exe1 00 21CasinoClient Adaware!59http://sarc.com/avcenter/venc/data/adware.casinoclient.html0
3 7CasAgnt0 11CasAgnt.exe1 00 80Program by Extended Systems which allows you to sync your Casio PDA with your PC 01
3 9Casc'ADSL0 12CascADSL.exe111HKEY_LM\Run0141CascADSL 0.99 build 3329 release, El Cascador !!! / Hit Where It Hurts PROD.. Outil ADSL de reconnexion automatique et de statistiques trafic39http://www.absolutestartup.com/startup/1
110CAS Client0 13casclient.exe1 00 33Added by the Adware.CasinoClient.63http://www.sarc.com/avcenter/venc/data/adware.casinoclient.html0
112SettingValue0  8casd.exe1 00132Added by the W32/Sdbot-PGworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpg.html0
110caseyvideo0 14CaseyVideo.exe1 00 27Malware causing p0rn popups 01
110caseyvideo0 29caseyvideo[*].exe [* = digit]2 00  0 01
1 8CashBack0 12cashback.exe1 00109Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch 01
229Cashsurfers Cashbar Navigator0 11Cashbar.Exe1 00159Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" 01
110cashfiesta0 14Cashfiesta.exe1 00 32CASHFIESTA.A pay-per-surf adware86http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_CASHFIESTA.A0
111Caspian-x270 15Caspian-x27.exe1 00 32Added by the W32/Katomik-B worm.57http://www.sophos.com/virusinfo/analyses/w32katomikb.html0
1 9cassandra0 13cassandra.exe1 00 85Melkosoft_Cassandra adware - also detected as a variant of the  WIN32.KREPPER TROJAN!48http://www.doxdesk.com/parasite/SuperSpider.html0
1 9winservit0  9cassl.exe1 00114This is an Rbot variant. This infection connects to an IRC server where it will await commands from a remote user. 01
1 7CasStub0 11casstub.exe1 00 32Added by the Troj/Cass-A trojan.55http://www.sophos.com/virusinfo/analyses/trojcassa.html0
1 9Diskstart0  7cat.exe1 00 18MS-Connect dialler 01
229Quick Heal On-Line Protection0 10CATEYE.EXE111HKEY_LM\Run0 55CATEYE Application 1, 0, 0, 1, . CATEYE MFC Application39http://www.absolutestartup.com/startup/1
429Quick Heal On-Line Protection0 10Cateye.exe1 00 26Quick Heal - virus scanner33http://www.quickheal.com/qh95.htm0
124(random 12 digit number)0 12catsrvps.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
412ComPlusSetup0 12catsrvut.dll1 00 22Part of Microsoft Com+ 01
119Norton Live Updater0 12Cavapsvc.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
4 6cavrid0 10CAVRID.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 6CAVRID0 10CAVRID.exe111HKEY_LM\Run0128Computer Associates Antivirus  Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus Realtime Infection Report39http://www.absolutestartup.com/startup/1
4 4CAVS0  8CAVS.exe1 00 31Cheyenne (now eTrust) antivirus14http://ca.com/0
3 7VetTray0 11CAVTray.exe1 00125Computer Associates Antivirus Version 11.0.8.1, Computer Associates International, Inc.. CA Antivirus System Tray Application 01
4 8caavtray0 11CAVTray.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 8CaAvTray0 11CAVTray.exe111HKEY_LM\Run0125Computer Associates Antivirus Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus System Tray Application39http://www.absolutestartup.com/startup/1
3 6caxchg0 10caxchg.exe1 00 32Used by a USB Flash card reader. 01
1 8CAZNOVAS0 12CAZNOVAS.exe1 00 26Added by the CAZNO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html0
1 9CBACK.EXE0  9CBACK.EXE1 00 44Added by the Troj/Penta-A downloader trojan.56http://www.sophos.com/virusinfo/analyses/trojpentaa.html0
1 3Gvf0  7Cbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6system0  8cber.exe1 00 32Added by an unidentified TROJAN! 01
1 6ICQMsn0  9cbfks.exe1 00135Added by the Troj/Ranck-AH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckah.html0
4 7cbidf2k0 11cbidf2k.sys1 00 66CardBus/PCMCIA IDE Miniport Driver Added by Microsoft Corportation 01
1 4cbjj0  8cbjj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4cbph0  8cbph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211CallBumping0 10cbpopw.exe1 00  2?? 01
138Microsoft System Restore Configuration0  9CBRSS.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 7CBWAttn0 11CBWAttn.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
3 7CBWUser0 11CBWDial.exe1 00 99Associated with  Bitware that integrates fax, voice, pager, and data communications on your desktop53http://www.accpac.com/products/communication/bitware/0
3 7CBWHost0 11CBWHost.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
115SQConfigChecker0  6cc.exe1 00145Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants44http://www.doxdesk.com/parasite/Xupiter.html0
3 5ccApp0  9ccApp.exe111HKEY_LM\Run0 88Client and Host Security Platform 103.0.3.8, Symantec Corporation. Symantec User Session39http://www.absolutestartup.com/startup/1
1 9ccApp.exe0  9ccApp.exe1 00143Added by the W32/Rbot-HJ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothj.html0
119Norton Auto-Protect0  9ccApp.exe1 00170Added by the  W32.Ahker.D  WORM! **Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid  Norton_AV_2003 file with the same filename75http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.d@mm.html0
1 8Symantec0  9ccapp.exe1 00 41Added by the W32/Lebreat-A backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32lebreata.html0
4 5ccApp0  9ccApp.exe1 00  0 01
4 5ccApp0  9ccApp.exe1 00 92Part of  Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this37http://www.symantec.com/nav/nav_9xnt/0
120Antivirus Protection0 10CCapp1.exe1 00 48Added by the W32/Rbot-BMG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbmg.html0
111ServicesLog0 11ccapp32.exe1 00132Added by the W32/Rbot-AMX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamx.html0
129Symantec Configuration Loader0 11ccApp32.exe1 00 38Added by a variant of the GAOBOT WORM!83http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.hllw.gaobot.gen.html0
110HP Desktop0 11ccappms.exe1 00 12Added by the38W32/Sdbot-TG WORM/IRC backdoor trojan!0
1 6ccApps0 10ccApps.exe1 00 33Added by the W32/Kangaroo-B worm.58http://www.sophos.com/virusinfo/analyses/w32kangaroob.html0
1 6SymRun0 10ccApps.exe1 00132Added by the Troj/Kagen-A Trojan. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.56http://www.sophos.com/virusinfo/analyses/trojkagena.html0
112blah service0 12CCAPPS32.EXE1 00 27Added by the  RBOT.TV WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TV&VSect=P0
420CCDoctorLogonTesting0 12ccdoctor.exe1 00369Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product52http://www.rational.com/products/clearcase/index.jsp0
4 7ccenter0 11CCenter.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
4 8CcEvtMgr0 12ccEvtMgr.exe1 00219Part of  Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this37http://www.symantec.com/nav/nav_9xnt/0
116nortonsantivirus0 13ccEvtMngr.exe1 00 29Added by the HZDOOR-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhzdoora.html0
112sunjavasched0 13ccEvtMngr.exe1 00 26Added by the  W32/Sdbot-YP56http://www.sophos.com/virusinfo/analyses/w32sdbotyp.html0
112ccEvtMrg.exe0 12ccEvtMrg.exe1 00 27Added by the  RBOT.GZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T0
1 7ccfrbwl0 11ccfrbwl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ccHelp0 10ccHelp.hta1 00 14Searchq adware54http://sarc.com/avcenter/venc/data/adware.searchq.html0
1 3Kpf0  7Ccl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8ccleaner0 18ccleaner.exe /AUTO211HKEY_CU\Run0 33CCleaner 1.19.0105, CCleaner.com.39http://www.absolutestartup.com/startup/1
214CorrectConnect0 12CConnect.exe1 00 89Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available 01
3 7ccProxy0 11CCPROXY.EXE1 00206Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage 01
436Symantec Password Validation Service0 12ccPwdSvc.exe1 00 84Used by Symantec products 2003/2004 possibly to allow certain users Internet access. 01
4 8CcPxySvc0 12CCPXYSVC.exe1 00145Part of Norton's  AntiVirus 2003,  Internet Security and  Firewall products. E-mail proxy service - required for E-mail scanning and the firewall37http://www.symantec.com/nav/nav_9xnt/0
118real statics agent0 10ccreal.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
4 8ccRegVfy0 12ccRegVfy.exe1 00 89Common Client 1.0.10.006, Symantec Corporation. Common Client Registry Integrity Verifier 01
4 8CcRegVfy0 12ccRegVfy.exe1 00203Part of  Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"37http://www.symantec.com/nav/nav_9xnt/0
4 8ccSetMgr0 12ccSetMgr.exe1 00 48Part of Norton AntiVirus 2004.  What does it do? 01
120Configuration Loader0 10ccSort.exe1 00 28Added by the AGOBOT.SR WORM!84http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR0
126Sygate Personals Firewalls0  9ccsrn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110WINTASKMGR0  9ccsrs.exe1 00 36a Mytob WORM variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32mytobn.html0
112Norton Start0 11ccStart.exe1 00134Added by the W32/Sdbot-OX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotox.html0
110ccsvit.exe0 10ccsvit.exe1 00 36Added by the Troj/StartPa-HP Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpahp.html0
1 8nortonav0 11CCUPD32.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
1 8ccUpdate0 12ccUpdate.exe1 00 28Added by the AGOBOT.YS WORM!99http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T0
113Norton Update0 12ccUpdate.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
313CD Eject Tool0 17CD Eject Tool.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111CashToolbar0 11CD_Load.exe1 00 32CashToolbar Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
1 6Cydoor0 11CD_Load.exe1 00  0 01
1 6CyDoor0 11CD_Load.exe1 00 90Adware. Check here for information about Cy-Door and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112CydoorUpdate0 11CD_Load.exe1 00  030http://www.cexx.org/cydoor.htm0
1 3cd10  7cd1.exe1 00 34Premium rate adult content dialler 01
119Auto CD-ROM Startup0 12cdaccess.exe1 00 12Added by the38W32/Rbot-AAU WORM/IRC backdoor trojan!0
118Microsoft software0 12cdaccess.exe1 00 27Added by the RBOT.ABK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK0
315WildTangent CDA0 33cdaEngine0400.dll",cdaEngineMain"111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
215WildTangent CDA0 17cdaEngine0500.dll111HKEY_LM\Run0 90WildTangent Game Loader 5.0.0.190, WildTangent, Inc.. WildTangent Automatic Update Manager39http://www.absolutestartup.com/startup/1
2 8CDANTSRV0 12CDANTSRV.exe1 00234C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually 01
1 5Cdsys0  8cdcd.sys1 00 34Added by the Troj/Agent-IA Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentia.html0
1 8Cdcompat0 12Cdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7cddrv320 11cddrv32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
312Hot CD Eject0 11cdeject.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Cool Desk0  9cdesk.exe1 00239Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you25http://www.shelltoys.com/0
2 5bjcfd0  7cdf.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
213CDInterceptor0  7cdi.exe1 00 48CD indexer for measuring the speed of CD players 01
112gi17288234470  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi2910297020  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi6811606390  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
110MS-Connect0  7cdm.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
314CD Organizer 40  7cdo.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 9SystemTra0 10CDPlay.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
312XCP CD Proxy0 15CDProxyServ.exe1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
116cdrom controller0 14cdromcntrl.exe1 00 35Added by the  TROJ/BATTRY-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbattrya.html0
1 3cds0  7cds.exe1 00 45Added by the Backdoor.Spymon backdoor Trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.spymon.html#technicaldetails0
310CDSlow 2.10 10cdslow.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
217cd storage master0 14cdstorager.exe1 00131CD_Storage_Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection.26http://www.cdstorager.com/0
224KeyStone Version Control0 15cdtpUpdater.exe111HKEY_LM\Run0 44cdtpUpdater 1.00, KeyStone Learning Systems.39http://www.absolutestartup.com/startup/1
2 6CDTray0 10CDTray.exe1 00 53On HP PCs, this is the small CD icon next to the time 01
1 6Update0 13CDUpdater.exe1 00 45Carpe Diem adult premium rate dialler related 01
3 7cadenza0 10CdzSvc.exe1 00 98Cadenza  mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices67http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html0
3 6CeEKEY0 10CeEKey.exe1 00269It is for Toshiba laptops and enables the use of some of the special Fn keyboard keys, such as speaker on/off, hybernate, powermanagement, etc. If not running, those keys do not function. But the utility may be manually started at any time from Start Menu/Toshiba/E-Key 01
3 6CeEKEY0 10CeEKey.exe111HKEY_LM\Run0 75EKey Application 2, 1, 0, 7, COMPAL ELECTRONIC INC.. TOSHIBA HotKey Utility39http://www.absolutestartup.com/startup/1
2 4Ceic0  8Ceic.exe1 00  2?? 01
1 7ceimwfp0 11ceimwfp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 10Celine.scr1 00 43Added by the Troj/Celine-A backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojcelinea.html0
1 9CEventMgr0  8Cell.exe1 00 45Added by the Troj/Bifrose-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifroseak.html0
314control center0 10Center.exe1 00 26Related to  Asus WLAN Card20http://www.asus.com/0
324ASUS WLAN Control Center0 10Center.exe125StartUp menu\Current user0 91Wireless LAN Card Utilities 1.0.0.0, ASUSTeK COMPUTER INC.. ASUS Control Center Application39http://www.absolutestartup.com/startup/1
3 8CeEPOWER0 12cepmtray.exe1 00249Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times 01
3 8CeEPOWER0 12CePMTray.exe111HKEY_LM\Run0 78CeTray Application 1, 1, 0, 12, COMPAL ELECTRONIC INC.. CeTray MFC Application39http://www.absolutestartup.com/startup/1
126Advanced Internet Protocol0  8cerf.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
313SetecCertUtil0 12Certutil.exe1 00196Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV 01
2 3CFD0  7CFD.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
2 5BJCFD0  7CFD.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
240Corel Colleagues &amp;Contacts Reminders0 10cffrem.exe1 00131Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
236Corel Colleagues &Contacts Reminders0 10cffrem.exe1 00135Corel Colleagues &amp; Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
235Corel Family &amp;Friends reminders0 10CFFREM.EXE1 00108Corel Family & Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
231Corel Family &Friends reminders0 10CFFREM.EXE1 00112Corel Family &amp; Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
1 3cfg0  7cfg.exe1 00 41Added by the W32/Bdoor-ZAR backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32bdoorzar.html0
1 8cfgboost0 11cfgboot.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Microsoft Runtime0 12CfgDll32.exe1 00 28Added by the RANDEX.BD WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html0
4 8cfgintpr0 12cfgintpr.exe1 00 61Configuration Interpreter - part of Tiny Personal Firewall V444http://www.tinysoftware.com/home/tiny2?la=EN0
112cfgmgr51.dll0  8cfgmgr511 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
1 8cfgmgr510 12cfgmgr51.dll1 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
2 8cfgmgr510 19cfgmgr51.dll,DllRun111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113Wins32 Online0 11cfgpwnz.exe1 00 37Added by W32/Rbot-WN, a network WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwn.html0
314Printer Update0 10CFGREG.EXE1 00101Maybe a registration reminder or automatically updates drivers or application software for a printer? 01
310ConfigSafe0 11CFGSAFE.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
2 5load=0 12cfgsys32.exe1 00  2?? 01
2 6cfgwiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
2 9IS CfgWiz0 10cfgwiz.exe1 00 45Norton Internet Security configuration wizard 01
210NAV CfgWiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
224NAV Configuration Wizard0 10cfgwiz.exe1 00  0 01
218Norton SystemWorks0 10cfgwiz.exe1 00117Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it 01
2 9IS CfgWiz0 87cfgwiz.exe "/GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 39CfgWiz.exe "/GUID NAV /CMDLINE "REBOOT"211HKEY_LM\Run0 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
2 9IS CfgWiz0 39cfgwiz.exe "/GUID NIS /CMDLINE "REBOOT"2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz2 00  0 01
318Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz211HKEY_CU\Run0 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
210NAV CfgWiz0 84CfgWiz.exe /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE REBOOT2 00 81Symantec Shared Components 6.0, Symantec Corporation. Symantec Internal Component 01
2 9IS CfgWiz0 86cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 55CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 13Cfgwiz.exe /R2 00 83Norton AntiVirus 9.00.67, Symantec Corporation. Norton AntiVirus Information Wizard 01
120Configuration Wizard0 12Cfgwiz32.exe1 00127Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C0
316TMA distribution0 10cfinst.exe1 00143Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients 01
1 7cflkcsv0 11cflkcsv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9CTMON.EXE0  9cfmon.exe1 00 34Added by the Troj/Clckr-AN Trojan.57http://www.sophos.com/virusinfo/analyses/trojclckran.html0
121Sound Sservice Driver0  9cfmon.exe1 00 26Added by a CodBot variant. 01
0 7cFosDNT0 11cFosDNT.exe1 00 30cFos DSL Modem driver related.31http://www.cfos.de/index2_e.htm0
014cFosInst_Check0 12cfosinst.exe1 00  031http://www.cfos.de/index2_e.htm0
3 9cfosspeed0 13cFosSpeed.exe1 00 13cFos_Software31http://www.cfos.de/index2_e.htm0
435warning: do not remove it! (system)0 10cfpsys.exe1 00 88Folder_Password_Protect A program that lets you set a password on folders of your choice31http://www.protect-folders.com/0
211CFSServ.exe0 11CFSServ.exe1 00109CFSServ.exe is a Toshiba Laptop utility that allows you to easily change computer settings in a quick manner. 01
311CFSServ.exe0 21CFSServ.exe -NoClient211HKEY_LM\Run0 91ConfigFree(TM) 5, 0, 0, 0, TOSHIBA. ConfigFree(TM) Search for Wireless Devices Version 5.0039http://www.absolutestartup.com/startup/1
1 5mscfs0  9cfsys.dll1 00106Added by the Trojan.Ourxin adware Trojan.  This infection will display popups on the compromised computer.74http://www.sarc.com/avcenter/venc/data/trojan.ourxin.html#technicaldetails0
1 6ctfmon0 10cftmon.exe1 00 12Added by the34Troj/Delbot-B TROJAN/IRC backdoor!0
113SFtrb Service0 11cftrb32.exe1 00 26Added by the SOBIG.D WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.d@mm.html0
1 7SysTray0 12cfustums.dll1 00102Added by the Troj/Small-XG dropper Trojan.br /br /Uses CLSID: bd01c70ce-f7f1-4718-89d0-0285a4a8d020/b.57http://www.sophos.com/virusinfo/analyses/trojsmallxg.html0
1 3cfy0  7cfy.exe1 00 43Surfenhance.com  SearchForIt adware variant79http://securityresponse.symantec.com/avcenter/venc/data/adware.searchforit.html0
1 4cgch0  8cgch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cgdsva0 10cgdsva.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119CGI Firewall Script0 12CGIAGENT.EXE1 00107Added by the W32/Bropia-U P2P worm.  This infection also creates the file C:\Windows\System32\fatpammy.exe.56http://www.sophos.com/virusinfo/analyses/w32bropiau.html0
225Norton Crashguard Monitor0 10cgmenu.exe1 00100Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 01
3 8CGServer0 12cgserver.exe1 00270Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs42http://www.eicon.com/worldwide/default.htm0
115Cgtask Services0 10cgtask.exe1 00 27Added by the LALA.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html0
130microsoft windows files loader0 12cgy32win.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6Cgywin0 12cgywin32.exe1 00134Added by the W32/Rbot-AEI  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaei.html0
3 9ChamClock0 13ChamClock.exe1 00 47Chameleon Clock - system tray clock replacement30http://www.softshape.com/cham/0
216ChangeResolution0 20ChangeResolution.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117PSD Tools Channel0 13ChannelUp.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
112COMSurrogate0  8char.exe1 00 34Added by the Troj/Erazer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojerazera.html0
1 7[value]0 13charmapnt.exe1 00 53Added by the Troj/Bancos-DR password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdr.html0
314System startup0 12charmapx.exe1 00 43Only required if using an oriental language 01
126Mapa de caracteres para NT0 13charmmpxp.exe1 00 52Added by the Troj/Bancos-KG Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoskg.html0
011Bingo Charm0 10charms.exe1 00 84Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? 01
2 8Chatango0 12Chatango.exe1 00582Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately24http://www.chatango.com/0
2 8ChatWork0 12chatwork.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 8chcenter0 12chcenter.exe1 00 40HiJaak Professional 5.00, IMSI. chcenter 01
2 8Chcenter0 12chcenter.exe1 00 86IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"49http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
2 8Shcenter0 12chcenter.exe1 00  049http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
1 8chckntfs0 12chckntfs.exe1 00 50Added by the W32/Tilebot-EF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotef.html0
1 8chddrich0 12chddrich.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5che320 11che.ocx.vbs1 00 40Added by the WM97/Adenu-B prepend virus.56http://www.sophos.com/virusinfo/analyses/wm97adenub.html0
1 8GigaByte0 11Cheatle.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
316erecoveryservice0  9check.exe1 00157Acer Notebook related - Acer eRecovery allows the user to restore the operating system or backup the current system profile,  thus ensuring system integrity. 01
111mspaint.exe0 11check32.exe1 00 29Added by the AGENT.AH TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentah.html0
222checkcustomworksupdate0 17CheckCWupdate.exe1 00110Update checker,  part of  CustomWorks - "customize any embroidery designs to design your own unique creations"78http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW0
338WashAndGo - Cleanup of old Backupfiles0 11checker.exe1 00 29WashAndGo - temp file cleaner38http://www.abelssoft.com/washandgo.htm0
338WashAndGo - Cleanup of old Backupfiles0 18checker.exe /check2 00  0 01
310CheckIt 860 13CheckIt86.exe1 00 43Used to launch the CheckIt86 Popup blocker.69http://www.smithmicro.com/default.tpl?group=product_full&sku=C86WINEE0
122Registry Startup Check0 12checkreg.exe1 00 35Added by the Troj/RemLoad-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojremloada.html0
1 8WDNDrive0 11chgsprt.sys1 00 36Added by the Troj/Haxspy-A backdoor.57http://www.sophos.com/virusinfo/analyses/trojhaxspya.html0
138(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)0  9child.dll1 00105Added by the Troj/Small-EX backdoor Trojan.br /br /Uses CLSID: b(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmallex.html0
116OutPost FireWall0  9child.dll1 00105Added by the Troj/Small-ER backdoor Trojan.br /br /Uses CLSID: b(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmaller.html0
1 5eixfi0  9china.bat1 00 25Added by the WCUP.A WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A0
110china11msn0 14CHINA11MSN.EXE1 00 31Added by the  W32.ENVID.O WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.o@mm.html0
2 8ChkAdmin0 12CHKADMIN.EXE1 00 79CHKADMIN Application 5.00 K1, Hewlett-Packard Company. CHKADMIN MFC Application 01
2 8CHKADMIN0 12CHKADMIN.EXE1 00129Compaq Network Management System. When running, it places an icon in the system tray titled &quot;Intelligent Manageability&quot; 01
114AdobeReaderPro0 11chkdisk.exe1 00 48Added by the W32/Rbot-BDV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdv.html0
110Disk check0 13chkdisk32.exe1 00 36Added by the Troj/DownLdr-IM Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrim.html0
142Users service for disk management requests0 12CHKDSK32.EXE1 00 44Added by the Troj/Telemot-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemota.html0
142Disk management service for users requests0 12CHKDSK64.exe1 00 44Added by the Troj/Telemot-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemotb.html0
1 3chk0  8chke.dll1 00 48Added by the Troj/Geoload-A/a downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojgeoloada.html0
122Microsoft DLL Verifier0 11chkfile.exe1 00142Added by the W32/Rbot-AOC worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoc.html0
211PE2CKFNT SE0 11ChkFont.exe1 00  0 01
211Pe2ckfnt SE0 11chkfont.exe1 00165Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu 01
2 7chkhbci0 11chkhbci.exe1 00 47Smart Card reader software for  Omnikey readers23http://www.omnikey.com/0
115LoadPowerScheme0 10chkreg.dll1 00  076http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
113RegistryCheck0 10chkreg.dll1 00 50Added by the Dialer.Ulubione premium adult dialer.76http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
311ChangeLines0 12chngline.exe1 00  2?? 01
310ChoiceMail0 14ChoiceMail.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5Choke0 16Choke.exe -blahh2 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 5Choke0 15Choke.exe-blahh1 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 7chostsv0 11chostsv.exe1 00 30Added by the BANPAES.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html0
138(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)0  7chp.dll1 00109Added by the Troj/Spabot-E spam mailing Trojan.br /br /Uses CLSID: b(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)/b.57http://www.sophos.com/virusinfo/analyses/trojspabote.html0
1 6Zacker0 13Christmas.exe1 00138Added by the W32/Maldal-C mass-mailing worm.  This infection displays a picture of Santa with the words "From the heart, Happy new year!".56http://www.sophos.com/virusinfo/analyses/w32maldalc.html0
315ChronitelInitTV0 12CHTVINIT.EXE1 00  2?? 01
110cihost.exe0 10cihost.exe1 00 26Added by the LINST TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
121Microsoft Data Helper0 10cihost.exe1 00 47Malware, possibly a variant of the LINST TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
1 4ciip0  8ciip.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213CIJxP2PSERVER0 12CIJxP2PS.EXE1 00157Compaq printer utility which is required in order to make the printer work correctly - &quot;x&quot; depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 01
1 6NTdhcp0 10CiKewl.exe1 00 42Added by the Troj/QQRob-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobn.html0
110[not used]0 24cinderawasih-4321427.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
152Software\Microsoft\Windows\CurrentVersion\Runprocess0  9cipsn.exe1 00 86Added by the W32/Forbot-DM worm. This infection spreads using the LSASS vulnerability.57http://www.sophos.com/virusinfo/analyses/w32forbotdm.html0
119autovirusprotection0  9ciscv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214CISrvr Program0 10CISRVR.EXE1 00 40Related to internet setup on Compaq PC's 01
1 5Cissi0  9Cissi.exe1 00 26Added by the CISSI.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html0
315FamilyKeyLogger0  9cisvc.exe1 00147Family Keylogger - is your best choice, if you want to know what other users on your machine are typing. Note! - this is not the cisvc.exe service.42http://www.spyarsenal.com/familykeylogger/0
3 7citiucs0 11CitiUCS.exe1 00 33Citibank  Virtual_Account_Numbers52http://www.citibank.com/us/cards/tour/cb/shp_van.htm0
2 7CitiVAN0 11CitiVAN.exe1 00140Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again24http://www.citibank.com/0
2 7CitiVAN0 28CitiVAN.exe /dontopenmycards2 00100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers 01
3 7CitiVAN0 28CitiVAN.exe /dontopenmycards211HKEY_LM\Run0100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers39http://www.absolutestartup.com/startup/1
122Windows Loader Service0  9civsc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4cixl0  8cixl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4CJET0  8CJet.exe1 00 45Added by the Adware.FFToolBar adware toolbar.60http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html0
1 5cjiss0  9cjiss.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Cjstcom0 11Cjstcom.exe1 00 40Canon printer BJ status language monitor 01
228Canon Printer Monitor BJCxxx0 11Cjstlst.exe1 00 77Trayicon for Canon printer. xxx denotes model. Available via Start - Programs 01
221BJ Status Monitor 5xx0 11CJSTRxx.EXE1 00158Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer - Printers 01
225BJ Printer Status Monitor0 10Cjstsr.exe1 00 31Canon BJ printer status monitor 01
312SymKeepAlive0  7CKA.exe1 00 72Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive44http://www.symantec.com/sabu/sysworks/basic/0
312SymKeepAlive0  7CKA.exe111HKEY_CU\Run0 73Norton SystemWorks 2003.6.57, Symantec Corporation. Connection Keep Alive39http://www.absolutestartup.com/startup/1
1 4ckmv0  8ckmv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8startkey0  9CKOTS.exe1 00 45Added by the Troj/Bifrose-HM backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosehm.html0
1 7ckwvjhv0 11ckwvjhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10clamav.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 7ClamWin0 12ClamTray.exe1 00 17ClamWin antivirus23http://www.clamwin.com/0
4 7ClamWin0 20ClamTray.exe --logon211HKEY_LM\Run0 47ClamWin Antivirus 0.83, alch. ClamWin Antivirus39http://www.absolutestartup.com/startup/1
1 8Registry0 21class0117[random].exe1 00 38Added by the Spyware.Blackbox spyware.60http://www.sarc.com/avcenter/venc/data/spyware.blackbox.html0
1 8clbcatex0 12clbcatix.dll1 00 44Identified as Trojan-Clicker.Win32.Agent.ct. 01
3 8clboot320 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed52http://www.vector-networks.com/pc-duo-remote-control0
322pc-duo system snapshot0 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed53http://www.vector-networks.com/pc-duo-remote-control/0
3 7CLCLSet0  8CLCL.exe1 00 30CLCL clipboard caching utility 01
113clean_service0 17clean_service.cmd1 00 29Added by the  W32.Refaz WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.refaz.html0
312CleanEasyImg0 12cleanall.exe1 00  2?? 01
316CleanDiskAutoRun0 13cleandisk.exe111HKEY_LM\Run0 61HS CleanDisk Pro 4.2.1, Yenicag Bilisim Ltd. HS CleanDisk Pro39http://www.absolutestartup.com/startup/1
311FoxeCleaner0 14Cleaner.exe /i2 00 60Foxie Registry Cleaner 1.0.0.1, Team Foxie. Registry Cleaner 01
312cleanregpath0 12CleanReg.exe1 00 37Apparently Annex A ADSL modem related 01
3 9CleanTemp0 12CLEANT~1.EXE1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9CleanTemp0 13CLEANT~1.EXEB1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9cleantemp0 26CLEANT~1.EXEBCleanTemp.exe1 00  044http://www.html2exe.com/mnu/dl/dl.shtml#free0
212CleanTempDir0 13CleanTemp.bat122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 9CleanTemp0 13CleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
314CleanupProgram0 11cleanup.exe1 00 44In a C:\Sony\sys folder - Sony Vaio related? 01
3 8CleanUp!0 27Cleanup.exe /WindowsRestart215HKEY_CU\RunOnce0112Windows CleanUp! 3.0, Steven R. Gould. Removes temporary files. Frees disk space and helps protect privacy!  :-)39http://www.absolutestartup.com/startup/1
3 7itweaku0  9Clear.exe1 00 19Related to  ItweakU36http://www.tucows.com/preview/1943470
110clfmon.exe0 10clfmon.exe1 00 35Added by the  TROJ/AGENT-BJ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbj.html0
212ati catalyst0  7CLI.exe1 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
3 6ATICCC0 15cli.exe runtime2 00383ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start - Programs - ATI Catalyst Control Center - Advanced - Restart Runtime 01
224ATI CATALYST System Tray0 18CLI.exe SystemTray2 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
324ATI CATALYST System Tray0 18CLI.exe SystemTray222StartUp menu\All users0 50ACE 1.0.1718.38664, ATI Technologies Inc.. CLI.EXE39http://www.absolutestartup.com/startup/1
3 6Vonage0 14click2call.exe1 00 43Vonage Voice over IP Internet phone service31http://www.vonage.com/index.php0
2 7ClickMe0 11ClickMe.exe1 00 22ClickM  "JOKE" program75http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A0
3 8Clickoff0 12Clickoff.exe1 00 54Clickoff automatically dismisses annoying dialog boxes47http://www.johanneshuebner.com/en/clickoff.html0
217Click Radio Tuner0 12clickr~1.exe1 00 70ClickRadio - subscription service playing radio music via the internet35http://www.clickradio.com/home.html0
219Click Tray Calendar0 12ClickT~1.EXE1 00 81ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc55http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html0
316Express ClickYes0 12ClickYes.exe111HKEY_CU\Run0 39Express ClickYes 1.1, ContextMagic.com.39http://www.absolutestartup.com/startup/1
1 8CLICONFG0 12CLICONFG.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
0 9pagmstart0 10client.exe1 00 25Possibly related to this? 7#FF00000
2 9DigiGuide0 10client.exe1 00 43Client 7.0, GipsyMedia Limited. Client code 01
2 9DigiGuide0 10CLIENT.EXE1 00 21TV guide and reminder 01
314Client Default0 10Client.exe1 00176A href="http://www.samurize.com/modules/news/"  rel="nofollow" target="_blank"Samurize is a system monitoring and desktop enhancement engine for Microsoft Windows 2000/XP/2003. 01
1 7piaoyes0 10client.exe1 00 37Added by the Backdoor.Djump backdoor.58http://www.sarc.com/avcenter/venc/data/backdoor.djump.html0
214Client Default0 20Client.exe i=Default225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
2 9DigiGuide0 12client01.exe1 00 21TV guide and reminder 01
1 7WIN32DS0 15clienttimer.exe1 00  056http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 6WIN32i0 15clienttimer.exe1 00 44Added by the Adware.Eziin homepage hijacker.56http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 7win32io0 15clienttimer.exe1 00 22Added by  Eziin adware60http://www.symantec.com/avcenter/venc/data/adware.eziin.html0
2 9clipdiary0 13clipdiary.exe111HKEY_CU\Run0 61ClipDiary Application 1, 0, 0, 1, . ClipDiary MFC Application39http://www.absolutestartup.com/startup/1
3 9clipdiary0 13clipdiary.exe1 00 61ClipDiary Application 1, 1, 0, 0, . ClipDiary MFC Application 01
3 9ClipMate60 12ClipMate.exe1 00168Clipmate is a program that runs in your task bar and captures/saves any data you copy to the clipboard.  You can then retrieve this data at a later date using Clipmate.25http://www.thornsoft.com/0
3 9ClipMate60 12ClipMate.exe111HKEY_CU\Run0 72ClipMate Clipboard Extender 6.5, Thornsoft Development, Inc.. ClipMate 639http://www.absolutestartup.com/startup/1
210ClipMate5x0 12ClipMt5x.exe1 00128Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs44http://www.thornsoft.com/ProductOverview.asp0
2 9Clipmate60 12CLIPMT60.EXE1 00126Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs35http://www.thornsoft.com/new_60.htm0
2 9ClipMate60 12ClipMt63.exe1 00131Clipmate allows you to store clips of text that you can then assign to hotkeys that will paste that information back to a document.25http://www.thornsoft.com/0
210Clipomatic0 14Clipomatic.exe1 00169Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data36http://www.mlin.net/Clipomatic.shtml0
1 7ClipSrv0 12clipserv.exe1 00134Added by the W32/Sdbot-AAV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaav.html0
1 7ClipSrv0 13clipservr.exe1 00133Added by the W32/Sdbot-AFE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html0
216Clipbook Service0 11Clipsrv.exe1 00 86Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks 01
2 7Clipsrv0 11Clipsrv.exe1 00  0 01
111LocalSystem0 13clipsvr16.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
111LocalSystem0 13clipsvr32.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
2 8ClipTrak0 12ClipTrak.exe1 00 29ClipTrak - clipboard extender50http://www.pcmag.com/article2/0,4149,114185,00.asp0
211ClipTrakker0 15ClipTrakker.exe1 00 32Cliptrakker - clipboard extender27http://www.cliptrakker.com/0
211ClipTrakker0 28ClipTrakker.exe /starthidden2 00125ClipTrakker Application 1.2 Release Candidate 1, Silicon Prairie Software (www.ClipTrakker.com). ClipTrakker Main Application 01
318SMS Client Service0 12clisvc95.exe1 00488When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) 01
313CLMFrontPanel0 12clmpanel.exe1 00163System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost 01
1 5clmss0  9clmss.exe1 00134Added by the W32/Tilebot-AO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotao.html0
133Content List Management Subsystem0  9clmss.exe1 00133Added by the W32/Spybot-EL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotel.html0
415[Various Names]0 11cloaker.exe1 00 90Used by HP and Compaq computers to hide the windows of programs passed as arguments to it. 01
315accessoriesplus0 13clockplus.exe1 00110Clock Plus,  part of  Accessories_Plus allows you to select from dozens of alternatives for the Windows clock.20,  part of  <a href=0
3 9ClockWise0 13CLOCKWISE.EXE1 00258ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync36http://www.rjsoftware.com/ClockWise/0
1 4wise0 13clockwise.exe1 00 42Added by the Troj/Lazar-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojlazara.html0
3 5ClocX0  9ClocX.exe1 00 78ClocX is analog clock application for Microsoft Windows 98/ME/NT/2000/XP/2003.19http://clocx.fi.cz/0
3 7CloneCD0 15CloneCDTray.exe1 00149System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions36http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe1 00  036http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe111HKEY_LM\Run0 52CloneCD 4, 1, 0, 0, Elaborate Bytes AG. CloneCD Tray39http://www.absolutestartup.com/startup/1
311CloneCDTray0 18CloneCDTray.exe /s2 00 47CloneCD 5, 0, 0, 0, SlySoft, Inc.. CloneCD Tray 01
320CyberLat Ram Cleaner0 16CLRamCleaner.exe1 00206CyberLat RAM Cleaner is a program that Frees, Optimizes and Defrags your system's wasted memory (RAM). Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.cyberlat.com/ramcleaner/0
320cyberlat ram cleaner0 16CLRamCleaner.exe111HKEY_LM\Run0 72CyberLat Ram Cleaner 2.x 2.01.0010, CyberLat. Increasing your PC's Speed39http://www.absolutestartup.com/startup/1
1 9MSVersion0 14clrschp038.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
114coolwebprogram0 10clrssn.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
112clock Loader0  7cls.exe1 00137Added by the W32/Sdbot-AFT worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaft.html0
116Windows System320 11clsas32.exe1 00132Added by the W32/Rbot-AZO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazo.html0
123Windows System32 Driver0 12clsass32.exe1 00 49Added by the W32/Sdbot-AGG worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagg.html0
1 7cluijpl0 11cluijpl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
423Start RF Wireless Mouse0  8cm20.exe1 00 44Yuanxun Electronics RF wireless mouse driver 01
3 3cma0  7cma.exe1 00 77DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"29http://www.desksitemusic.com/0
3 3cma0  7cma.exe1 00 87DeskSite CMA siftware - &quot;retrieves new content from the DeskSite Data Center&quot;29http://www.desksitemusic.com/0
312Desksite CMA0  7cma.exe1 00  029http://www.desksitemusic.com/0
216CyberMedia Agent0 11CMAGENT.EXE1 00204Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled 01
111MachineTest0 12CMagesta.exe1 00134Added by the W32/Sdbot-NE worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotne.html0
111cesmain.dll0 19cmail.dll, Rundll322 00 52CnsMin &quot;Chinese Keywords&quot; hijacker related42http://217.115.153.73/parasite/CnsMin.html0
218Connection Manager0 12CManager.exe1 00229SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service 01
1 5CMAPP0 15cmappclient.exe1 00 33Added by the Trojan.Cmapp Trojan.73http://www.sarc.com/avcenter/venc/data/trojan.cmapp.html#technicaldetails0
118Dynamic Dns Binary0  9CMD16.EXE1 00113A R-Bot WORM variant functioning as a backdoor Trojan uses this file to terminate processes, among other actions.55http://www.sophos.com/virusinfo/analyses/w32rbotxm.html0
115Ass and titties0  9CMD32.EXE1 00135Added by the Troj/SdBot-GG worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgg.html0
1 3Cmd0  9cmd32.exe1 00 25Added by the TANKED WORM!57http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm0
120Configuration Loader0  9cmd32.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
116ControlPanel&gt;0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cmdcon0 10cmdcon.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
121Windows Smrss Service0 11cmdpipe.exe1 00134Added by the W32/Tilebot-AE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
115cmdprompt32.pif0 15CmdPrompt32.pif1 00 33Added by the  W32.Assiral.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html0
1 6MyLife0 11CmdServ.exe1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
111MsgSvcMgr320 12cmdzxdll.exe1 00133Added by the W32/Rbot-AEK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaek.html0
1 3CME0  7cme.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
315Check Messenger0 12cmesseng.exe1 00 97Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account34http://www.qchex.com/messenger.asp0
3 6CMESys0 10CMESys.exe111HKEY_LM\Run0 55CME 7.1.0.6, GAIN Publishing. CME II Client Application39http://www.absolutestartup.com/startup/1
1 6CMESys0 10CMESys.exe1 00 55CME 7.3.0.0, GAIN Publishing. CME II Client Application 01
1 6CmeSYS0 10CMEsys.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
1 6CmeUPD0 10CMEupd.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
0 8CMGrdian0 12CMGrdian.exe1 00 36One of the McAfee shared components. 01
2 8Guardian0 12CMGrdian.exe1 00211McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic 01
215McAfee Guardian0 12CMGRDIAN.EXE1 00  0 01
215McAfee Guardian0 16CMGrdian.exe /SU211HKEY_LM\Run0 84McAfee Windows Guardian 3.00.1051.0, Network Associates, Inc.. McAfee Guardian Agent39http://www.absolutestartup.com/startup/1
331IBM Wireless LAN Client Manager0  9CMIBM.EXE122StartUp menu\All users0 46cmibm Executable 1, 1, 58, 0, IBM Corporation.39http://www.absolutestartup.com/startup/1
310cmpciaudio0 12CMICNFG3.CPL1 00 63Registers the Control Panel applet for a C-Media PCI sound card 01
3 7ORiNOCO0  9Cmluc.exe1 00 56Client Manager software for an ORiNOCO wireless LAN card31http://www.orinocowireless.com/0
1 5cmman0  9CMMan.exe1 00124Added by the  Trojan.Cmapp TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.cmapp.html0
1 8cmmfuugt0 12cmmfuugt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
136Microsoft Connection Manager Monitor0  9cmmon.pif1 00132Added by the W32/Rbot-AKV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakv.html0
110Cmmon32Sys0 11cmmon32.exe1 00 29Added by the SMALL.CL TROJAN! 01
2 4run=0  9cmmpu.exe1 00212MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) 01
115[Various Names]0 10cmon14.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124(random 12 digit number)0 12cmpbk321.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8CMPDPSRV0 12CMPDPSRV.EXE1 00237Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). &quot;Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more.&quot; Installed with some Compaq and Lexmark printers32http://www.viewahead.com/PDP.htm0
1 5cmrrs0  9cmrrs.exe1 00 36Added by the Troj/Dadobra-FO Trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobrafo.html0
1 5cmrss0  9cmrss.exe1 00 81Added by the A href="http://www.sophos.com/virusinfo/analyses/trojdloadermr.html"23Troj/Dloader-MR TROJAN!0
1 5cmrst0  9cmrst.exe1 00 38Added by the  PWSteal.Bancos.S TROJAN!64http://www.symantec.com/avcenter/venc/data/pwsteal.bancos.s.html0
1 5cmrst0  9cmrst.scr1 00 47Added by the Troj/Dloader-FP TROJAN/downloader!59http://www.sophos.com/virusinfo/analyses/trojdloaderfp.html0
125Microsoft System32 Update0  9cmsrg.exe1 00 26Added by the RBOT-GN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgn.html0
116Microsoft Update0  8cmss.exe1 00132Added by the W32/Rbot-ATQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatq.html0
120Windows CMS Protocol0  8cmss.exe1 00 48Added by the W32/Rbot-BFT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbft.html0
113ATD Direct CD0  9cmssr.exe1 00 46Added by the Troj/Stinx-V IRC backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxv.html0
118Microsofts Updatez0 10cmsssr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8cmsystem0 12CMSystem.exe1 00 24CASClient adware variant109http://re0
1 6cmt1010 10cmt101.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
113Remote Themes0 12cmutfilt.exe1 00  0 01
114Update Browser0 12cmutfilt.exe1 00 59Unknown malware.  Possible trojan downloader and  backdoor. 01
1 8cmwmsnfy0 12cmwmsnfy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5cmx320  9cmx32.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
119Windows System File0  8cmxp.exe1 00 29Added by the SPYBOT.KHO WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kho.html0
1 6CNBABE0 10CNBABE.EXE1 00103Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing 01
1 8cnexazcv0 12cnexazcv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115UpdateComponent0 11CNF UPD.EXE2 00 30Added by the SPYBOT.GEN VIRUS! 01
1 8shambl3r0  7cnf.bat1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
121Configuration Manager0 12CNFGLD32.EXE1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
121Configuration Manager0 11Cnfgldr.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 7Cnfrm320  9cnfrm.exe1 00 27Added by the MIMAIL.D WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html0
1 6Dluxjp0  9cnfrm.exe1 00 28Added by the DLUCA.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html0
1 5Cn3230 11cnfrm33.exe1 00 27Added by the MIMAIL.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html0
115[Various Names]0 11cnftips.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5cnlkg0  9cnlkg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8cnoptoab0 12cnoptoab.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Mspatch890 10cnqmax.exe1 00 27Added by the RANDEX.P WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html0
127Microsoft Intrenet Explorer0  8cnsg.pif1 00133Added by the W32/Rbot-ARO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaro.html0
3 6CnsMin0 19CnsMin.dll,Rundll32111HKEY_LM\Run0 95Microsoft(R) Windows(R) Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
124System Failure Statistic0 10cnstat.exe1 00 26Added by the RBOT-LF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlf.html0
332Connection Watcher - NETanalyser0  9cnwcw.exe122StartUp menu\All users0 46Connection Watcher 2.00.0011, NETanalyser.com.39http://www.absolutestartup.com/startup/1
4 8CnxAdslL0 12CnxAdslL.exe1 00 37DLink, Zoom, or Conexant modem driver 01
213CnxDslTaskBar0 12CnxDslTb.exe1 00 78Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems 01
2 9WooCnxMon0 10CnxMon.exe1 00 69Wanadoo ISP software related - not required - here's how to bypass it54http://www.faqoe.com/index.php?bas=/connexionmanel.htm0
310ledpointer0 11CNYHKey.exe1 00 53Chicony Electronics Multimedia Keyboard Hotkey Driver 01
217Coast to Coast AM0 34Coast to Coast AM Media Center.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
315Cobian Backup 60  9CobBU.exe111HKEY_LM\Run0 57Cobian Backup 6.1, Luis Cobian. Cobian Backup Application39http://www.absolutestartup.com/startup/1
1 9Diskstart0  8Code.exe1 00 21Adult content dialler 01
1 9Hpscanner0 10codeme.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
1 7Myvirus0 10codeme.exe1 00 31Added by the W32/Patco-A  worm.55http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
114System Service0 11coderxt.exe1 00132Added by the W32/Rbot-ALD worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotald.html0
1 4Divx0  9codll.exe1 00109Added by the Troj/Gravebot-A IRC backdoor.  This infection also creates the file C:\Windows\System32\sum.tgz.59http://www.sophos.com/virusinfo/analyses/trojgravebota.html0
120compd service drivrs0  8codq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8DBGA0EEG0 12Cokmgl32.dll1 00 93Added by the W32/Doxpar-F worm.br /br /Uses CLSID: b(48AC6462-563A-5DB4-6C73-5C2257016F8D)/b.56http://www.sophos.com/virusinfo/analyses/w32doxparf.html0
3 8siscolor0  9color.exe1 00206Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board 01
3 8coloreal0 12coloreal.exe1 00 85Makes colours sharper and brighter, but will only work with coloreal capable monitors 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
1 5CLSID0  7com.exe1 00 21Adult content dialler 01
1 4Com+0  8COM+.EXE1 00139Added by the  W32/Randon-O worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randono.html0
3 8ComAgent0 12ComAgent.exe1 00 45ComAgent - MDaemon's instant messaging client59http://www.altn.com/products/default.asp?product_id=MDaemon0
1 9combo.exe0  9combo.exe1 00105Unidentified mass-mailing spam malware.  When run this file, and combop.exe, send spam from your machine. 01
411MaxtorCombo0 15ComboButton.exe1 00140Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) 01
110combop.exe0 10combop.exe1 00104Unidentified mass-mailing spam malware.  When run this file, and combo.exe, send spam from your machine. 01
1 6COMCFG0 10comcfg.exe1 00 30Added by the TOADCOM.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A0
1 6VB_run0 13comctl_32.exe1 00 36Dubious downloader from densmail.com 01
1 8comctl320 12comctl32.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 8comctsvc0 12comctsvc.exe1 00 50Added by the W32/Tilebot-CM worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcm.html0
229NB Common Dialog Enhancements0 12COMDLGEX.EXE1 00106Part of McAfee Nuts &amp; Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs 01
1 6CC2KUI0  9comet.exe1 00192Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure43http://www.accs-net.com/smallfish/comet.htm0
112SSWPlauncher0 27comet.exe /app:SSWPlauncher2 00 28CometCursor by Comet Systems48http://www.doxdesk.com/parasite/CometCursor.html0
1 8mssysint0 10comime.exe1 00 45Added by the Troj/Netsnake-I backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojnetsnakei.html0
2 6COM-IP0  9COMIP.EXE1 00189COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) 01
1 5Timer0  8comm.exe1 00 44Added by the Troj/Bdoor-IP  trojan backdoor.57http://www.sophos.com/virusinfo/analyses/trojbdoorip.html0
0 7Caption0  7Command112Startup item0  0 4Link0
1 7COMMAND0 11command.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
115Command Service0 11command.exe1 00164Identified as Adware.CommAd.A. This adware delivers popups to your computer. This infection also installs the file  asappsrv.dll into the same folder as command.exe 01
1 8Currency0 11Command.exe1 00 38Added by the Backdoor.Goster backdoor.59http://www.sarc.com/avcenter/venc/data/backdoor.goster.html0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110Messenger60 11command.pif1 00 26Added by the INZAE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html0
1 5candy0 13command32.exe1 00 26Added by the RBOT-LV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlv.html0
1 9command320 13command32.exe1 00 35Added by the Troj/LineaDl-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlineadla.html0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
210IomegaWare0 13COMMANDER.EXE1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -&gt; Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
316Browser Launcher0 12Commandr.exe1 00162Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys 01
317zBrowser Launcher0 12Commandr.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
2 7CommCtr0 11commctr.exe1 00169Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!. Available via Start - Programs62http://commcenter.net2phone.com/GLPPublish.asp?idpage=features0
311Comm Driver0 11commh32.exe1 00157G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
115printer spooler0 16commonaccess.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
213AOL Companion0 13companion.exe1 00212Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use 01
213AOL Companion0 16companion.exe /s222StartUp menu\All users0 41AOL Companion 1, 6, 2, 0, . AOL Companion39http://www.absolutestartup.com/startup/1
122Compaq Service Drivers0 10compaq.exe1 00133Added by the W32/Sdbot-AFU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafu.html0
120IPOT Service Drivers0 10compaq.exe1 00 45Added by a variant of the   FUROOTKIT TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1271310
221Compaq Message Server0 14COMPAQ-RBA.EXE1 00718Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start - Programs - Compaq Advisor - Advisor Settings under the "advanced" tab. Not required and can cause problems 01
138(874e009f-7e1e-42b5-86df-b9cde35ad753)0  9comph.dll1 00105Added by the Troj/Bdoor-QG backdoor Trojan.br /br /Uses CLSID: b(874e009f-7e1e-42b5-86df-b9cde35ad753)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorqg.html0
2 7Cleanup0 11compind.bat111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Compliant0 13compliant.exe1 00235Added by the W32/Rbot-LB trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection terminates certain processes and logs keystrokes to a file called syste.txt.55http://www.sophos.com/virusinfo/analyses/w32rbotlb.html0
126Microsoft Com Port Manager0 11COMPORT.EXE1 00152Added by the W32/Sdbot-AT backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotat.html0
122compaq service drivers0  9compq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
125Compaq Service Drivers 320 11compq32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
122compaq service drivers0 10compqs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
123compaqs service drivers0 10compqs.exe1 00  043http://vil.nai.com/vil/content/v_100454.htm0
115Service Drivers0  9Compt.exe1 00 50Added by the W32/Rbot-ZJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzj.html0
119Geography TX 1.0 NT0 14CompuSpeed.vbs1 00195Added by the VBS/Newley-A. The worm attempts to setup an administrator account, and if uninstalled using Add/Remove programs will likely delete SVCHOST.EXE, which usually shuts the computer down.56http://www.sophos.com/virusinfo/analyses/vbsnewleya.html0
1 6comrep0 13comrepl32.exe1 00 48Added by the W32/Rbot-DNH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdnh.html0
2 9COMSMDEXE0 10comsmd.exe1 00 143Com tray icon 01
118Meeting Connection0 12comsutil.exe1 00 12Added by the21Troj/PPdoor-E TROJAN!0
1 5comxt0  9comxt.exe1 00 26Added by the COMXT TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.comxt.html0
114Zekio Startups0 10condll.exe1 00113W32/Agobot-AGD is an IRC backdoor Trojan and network worm.  This file is located in the Windows system directory.58http://www.sophos.com/virusinfo/analyses/w32agobotagd.html0
134Microsoft Firewall Settings Loader0 10conf32.exe1 00121Added by the W32/Sdbot-KM worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkm.html0
312cucore agent0 13ConfAgent.exe1 00 95First Virtual Communications, Inc., Now RADVISION Ltd  Click_to_Meet videoconferencing software48http://www.clicktomeet.com/eng/products/ctm4.htm0
120Configuration Loader0 12confgldr.exe1 00 26Added by the POLYBOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html0
1 6AolCon0 10config.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
214ConfigServices0 10Config.exe1 00 36Part of initial setup on a Compaq PC 01
221Configuration Utility0 10Config.exe1 00  0 01
221Configuration Utility0 10CONFIG.EXE1 00 64Controls linksys wireless connection. Available from the Desktop 01
121Microsoft Config File0 10config.exe1 00 94Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! 01
1 8Explorer0 11config_.com1 00 44Added by the W32/Floppy-D floppy drive worm.56http://www.sophos.com/virusinfo/analyses/w32floppyd.html0
112Config33.exe0 12Config33.exe1 00 28Added by the SDBOT.T TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T0
121Configuration Loading0 13configldr.exe1 00 28Added by the AGOBOT-EC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotec.html0
1 5cmd320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
1 8update320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
111configsetup0 17configsetup32.exe1 00135Added by the W32/Agobot-AFP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.58http://www.sophos.com/virusinfo/analyses/w32agobotafp.html0
321Palm MultiUser Config0 14Configtool.exe1 00 47MultiUser configuration for a Palm PDA device?. 01
1 6cartao0 14conflicted.exe1 00 36Added by the Troj/Dadobra-DV trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobradv.html0
2 7Gearbox0 11confsvr.exe1 00210NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here41http://www.ntlworld.com/help/settings.htm0
2 6Conmgr0 10conmgr.exe1 00 28Starts Winfax pro at startup 01
310ConMgr.exe0 10conmgr.exe1 00172Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut&nbsp; 01
316Sametime Connect0 11Connect.exe1 00 53IBM Lotus Instant Messaging and Conferencing software57http://www.lotus.com/products/product3.nsf/wdocs/homepage0
316Sametime Connect0 11Connect.exe125StartUp menu\Current user0 88Sametime Connect 6, 5, 1, 0, Lotus Development Corporation. Sametime Connect Application39http://www.absolutestartup.com/startup/1
113Connect2Party0 17connect2party.exe1 00 21Adult content dialler 01
115System Services0 14connection.exe1 00 40Added by an unidentified WORM or TROJAN! 01
229SBC Yahoo! Connection Manager0 21ConnectionManager.exe1 00 69SBC Yahoo! Dial 2.0.1.3131, SBC Yahoo!. SBC Yahoo! Connection Manager 01
229sbc yahoo! connection manager0 21ConnectionManager.exe1 00305The cmanager.exe process is used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection. 01
326PCSuiteForNokia3650 Detect0 17ConnMngmntBox.exe122StartUp menu\All users0 62Symbian Connect 1, 0, 0, 1, Symbian Ltd.. ConnMngmntBox Module39http://www.absolutestartup.com/startup/1
1 8conscorr0 12conscorr.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 4Cons0 12consol32.exe1 00 89Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed 01
110icq center0 12consoles.exe1 00 39Added as a result of the  RANDIN VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
1 8systrasx0 12CONSOLES.EXE1 00134Added by the W32/Sdbot-NW worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnw.html0
0 8Contacte0 12contacte.exe1 00 20Some kind of driver? 01
115Windows Control0 11Control.exe1 00218Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs! 01
416SandboxieControl0 11Control.exe1 00 46Installed by the Sandboxie  security software.25http://www.sandboxie.com/0
115[Various Names]0 13control64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
310CookieWall0 10cookie.exe1 00147CookieWall from Analog X. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return59http://www.analogx.com/contents/download/network/cookie.htm0
310CookieWall0 10cookie.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Cookie Cop 20 13CookieCop.exe1 00159Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return50http://www.pcmag.com/article/0,2997,a=20844,00.asp0
3 9CookieJar0 13Cookiejar.exe1 00169Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return43http://www.jasons-toolbox.com/cookiejar.asp0
312CookiePatrol0 16CookiePatrol.exe1 00 71CookiePatrol - PestPatrol's cookie interceptor stopping spyware cookies39http://www.pestpatrol.com/CookiePatrol/0
124Microsoft System Checkup0  8Cool.exe1 00 25Added by the DONK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html0
1 8HELLBOT30 11coolbot.exe1 00 50Added by the W32/Mytob-S WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32mytobs.html0
3 8CoolKill0 12CoolKill.exe1 00 29Coolkill is a process killer.59http://www.prowebsitemanagement.com/cooltools/coolkill.html0
319CoolBeansSystemInfo0 18coolsysteminfo.exe111HKEY_LM\Run0 46Cool System Info 1.0.0.0, Cool Beans Software.39http://www.absolutestartup.com/startup/1
323copernic desktop search0 25CopernicDesktopSearch.exe1 00142Copernic  Desktop_Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures."61http://www.copernic.com/en/products/desktop-search/index.html0
323Copernic Desktop Search0 31CopernicDesktopSearch.exe /tray211HKEY_CU\Run0 98Copernic Desktop Search DESKTOPSEARCH 1.5 ENG, Copernic Technologies Inc.. Copernic Desktop Search39http://www.absolutestartup.com/startup/1
322CopernicPerUserTaskMgr0 26CopernicPerUserTaskMgr.exe1 00 66Automatic tasking feature of Copernic Pro multi-search engine tool 01
121compaq service drivrs0  8copq.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113WinShowUpdate0 50copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll2 00 96Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version44http://www.doxdesk.com/parasite/Winshow.html0
312Copy handler0 16Copy Handler.exe2 00219Copy_Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes. 01
221Copy of StartupFaster0 21Copy of StartupFaster222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
311Resume Copy0 12copyfstq.exe1 00231Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function28http://ranvik.net/totalcopy/0
311Resume copy0 21copyfstq.exe /startup211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122compaqs service driver0 13copypad32.exe1 00 23Added by the  SDBOT.CSO86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T0
0 2cp0 26CopyProtectionNotifier.exe1 00 88Related to  Emuzed Systems and Middleware.  Comes included with Windows XP Media Edition38http://www.emuzed.com/application.html0
310CoreCenter0 12CORECE~1.EXE1 00  0 01
310CoreCenter0 14CoreCenter.exe1 00126MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking 01
117CorelDraw Toolbox0 13CorelDraw.exe1 00107Sdbot WORM/IRC backdoor variant adds this, and will allow for a malicious attacker to exploit the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html0
1 7CoreSrv0 11coresrv.exe1 00 63Some IRC trojans/worms use this - see here for more information29http://lockdowncorp.com/bots/0
3 7CORESYS0 11coresys.exe1 00  2?? 01
111PC-Config320 10corona.exe1 00 28Added by the CORONEX.A WORM!57http://www.sophos.com/virusinfo/analyses/w32coronexa.html0
1 7cleanup0 13corpstats.exe1 00 44Added by the Troj/Ransom-A ransoming Trojan.57http://www.sophos.com/virusinfo/analyses/trojransoma.html0
115[Various Names]0 11corrida.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6cosine0 10cosine.exe1 00 26Added by the RBOT-SW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsw.html0
1 9couponica0 13couponica.exe1 00 17Adware - see here47http://vil.nai.com/vil/content/v_100077.htm#top0
3 7CP32NOT0 11CP32BTN.EXE1 00116For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons 01
313CPA9P2PSERVER0 12CPA9P2PS.exe1 00 42Found on a Compaq Presario but what is it? 01
219Verizon Control Pad0  8cpad.exe1 00100Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience56http://www.verizon.net/pands/dsl/benefits/controlpad.asp0
3 7CPATR100 11CPATR10.EXE1 00148Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast 01
310Cookie Pal0 12CPBrWtch.exe1 00 49Cookie Pal 1.7.0.0, Kookaburra Software. CPBrWtch 01
310Cookie Pal0 12CPBRWTCH.EXE1 00159Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return57http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
3 8CPBrWtch0 12CPBrWtch.exe1 00  057http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
4 7CPD_EXE0  7CPD.EXE1 00 42Firewall bundled with McAfee VirusScan 6.* 01
415McAfee Firewall0  7CPD.EXE1 00 78Firewall bundled with McAfee VirusScan 6.*.&nbsp;Can also be listed as CPD_EXE 01
1 4cpds0  8cpds.exe1 00 33Added by the Troj/Ghudl-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojghudlc.html0
3 8LManager0 12CPLBCL53.EXE1 00150A system tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations. 01
2 8CplBTQ000 12CplBTQ00.EXE1 00117Dritek System Inc. CPATR10 01.17.2003 ( VC60 ) 1.210, Dritek System Inc.. Compal ATR10 Easy Button ( Multi-Language ) 01
2 8cplbtq000 12CplBTQ00.EXE1 00 20Related to  EZbutton43http://castlecops.com/startuplist-8891.html0
2 8cpldbl100 12CPLDBL10.exe1 00 39Related to the  EZbutton quick launcher45http://castlecops.com/s8891-EzButton_EXE.html0
310CPortPatch0 11cppatch.exe1 00107CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? 01
322A1000 Settings Utility0 12cpqa1000.exe1 00164Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features 01
116Compaq Print Fax0 12cpqa1000.exe1 00 51Added by the W32/Sdbot-WL WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwl.html0
4 7CPQAcDc0 11CPQAcDc.exe1 00 53Compaq PowerCon power management software for laptops 01
314Compaq Alerter0 12CPQAlert.exe1 00255Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information48fault, performance, and configuration management0
3 8CPQAlert0 12CPQAlert.exe1 00  070http://www.compaq.com/products/servers/management/cim-description.html0
213CPQBootPerfDB0 17CPQBootPerfDB.EXE1 00 39See the entry for Compaq Message Server 01
4 8CPQCalib0 12CPQCalib.exe1 00 53Compaq PowerCon power management software for laptops 01
2 8CPQDFWAG0 12CpqDfwAg.exe1 00 54For Compaq PC's. Runs Compaq diagnostics on every boot 01
210System DLF0 12cpqdiaga.exe1 00165Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start - Programs 01
210Compaq DMI0 10cpqdmi.exe1 00 50Compaq version of the Desktop Management Interface 01
310CPQEASYACC0 11cpqeadm.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
3 7cpqeaui0 11cpqeaui.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
321CompaqHW Comp Manager0 10cpqhcm.exe1 00 39Running on a Compaq laptop - any ideas? 01
3 6CPQAPP0 11CPQHKey.exe111HKEY_LM\Run0 68Chicony Wireless Driver 2, 2, 0, 0, Chicony. Chicony Wireless Driver39http://www.absolutestartup.com/startup/1
323CPQInet Runtime Service0 11CpqInet.exe1 00143For Compaq PC's. Allows AOL and Compuserve to use the  Easy Access buttons for the internet. Is not required if you don't use the ISP providers75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
211CPQINKAGENT0 12cpqinkag.exe1 00164That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) 01
316Compaq PK Daemon0  9cpqkl.exe1 00 91For Compaq laptops for programming user configurable keys. Not required unless you use them 01
217digital dashboard0 12CPQMLDET.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
3 5cpqns0 12cpqnpcss.exe1 00 58Related to Compaq.Net - not required if you don't use that 01
213CompaqSystray0 11cpqpscp.exe1 00 23Compaq System Tray icon 01
2 6Cpqset0 10cpqset.exe1 00  0 01
2 6Cpqset0 10Cpqset.exe1 00 53Default settings software in Hewlett Packard notebook 01
1 3cpr0  3cpr1 00 28Adroar.com adware downloader 01
125Norton Live Update Server0  9cpsdv.exe1 00 30Added by the AGOBOT.EW TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW0
114system drivers0 10cpsq32.exe1 00 23Added by the  SDBOT.AXH86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXH&VSect=T0
111CPU Watcher0 12cpu.dll,load1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
111CPU Watcher0 16cpu.dll,load</a>1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
3 7CPUcool0 11Cpucool.exe1 00122Program to keep the processor cool when idle in "overclocked" systems. Also available via Start - Settings - Control Panel 01
124CPU microcode correction0 10cpudev.sys1 00 36Added by the Troj/Haxdoor-AO Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorao.html0
122Windows USB 2.0 Driver0 14cpufanctrl.exe1 00122Added by the W32/Rbot-CLP worm and IRC backdoor. This infection also creates the file C:\Windows\SoftWareProtector\424.pr.56http://www.sophos.com/virusinfo/analyses/w32rbotclp.html0
3 7CpuIdle0 11cpuidle.exe111HKEY_LM\Run0 32CpuIdle , Andreas Goetz. CpuIdle39http://www.absolutestartup.com/startup/1
111CPU Manager0 10cpumgr.exe1 00 27Added by the PANDEM.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html0
319IntelProcNumUtility0 13cpunumber.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
1 7Cpusave0 11Cpusave.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Cpusave320 13Cpusave32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
118cpu windows status0 12cpustats.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111My Computer0 10cqcags.exe1 00 12Added by the38W32/Sdbot-TJ WORM/IRC backdoor trojan!0
113cqpmxujjl.exe0 13cqpmxujjl.exe1 00 36Added by the Troj/StartP-BAI Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpbai.html0
216cracked_windows10 20cracked_windows1.exe1 00 28Cracked Windows popup killer71http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html0
1 8lameshit0  9crash.exe1 00 35Added by the Troj/LowZone-H trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzoneh.html0
311$sys$crater0 10crater.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
114CRC Protection0  9crc32.exe1 00 34Added by the Troj/Agent-PO Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentpo.html0
123Crc32stats Dependencies0 14Crc32stats.exe1 00136Added by the W32.Mytob.GT@mm worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gt@mm.html#technicaldetails0
129Client Server Control Process0  9crcss.exe1 00 43Added by the Troj/Agent-HR backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagenthr.html0
1 6PCprot0  9crcss.exe1 00 30Added by an unidentified WORM! 01
121Windows Media Updater0 10crease.exe1 00132Added by the W32/Rbot-ATI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotati.html0
116Create A Monster0 18createAMonster.exe1 00 80Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
2 8CreateCD0 12Createcd.exe1 00 95Adaptec Easy CD Creator system tray application (pre version 5). Available via Start - Programs 01
210CreateCD500 14Createcd50.exe1 00 89Adaptec Easy CD Creator version 5 system tray application. Available via Start - Programs 01
110setFTPBack0 12createsw.exe1 00 30Added by the FTP_BMAIL TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.html0
112Creative.exe0 12Creative.exe1 00 25Added by the PROLIN WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html0
1 8MSUpdate0 18criticalUpdate.exe1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
121Microsoft USB2 Driver0  9crmss.exe1 00108Added by the W32/Rbot-VK worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotvk.html0
3 9crossmenu0  9CrossMenu1 00 69Toshiba CrossMenu Utility - allows the user to create their own menus 01
3 9CrossMenu0 13CrossMenu.exe111HKEY_LM\Run0 45CrossMenu 1, 0, 5, 0, TOSHIBA. CrossMenu Main39http://www.absolutestartup.com/startup/1
1 8crozwzaj0 12crozwzaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3crs0  7crs.exe1 00143Added by the W32/Agobot-TJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottj.html0
121ASP.NET State Service0 10crsass.exe1 00 46Added by the Troj/Banload-M downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojbanloadm.html0
122Windows System Manager0  8CRSL.EXE1 00110Added by the WORM_SDBOT.MG worm.  This infection connects to an IRC server where it waits for remote commands.83http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.MG0
127Print Driver Helper Service0  9crsrr.exe1 00 29Added by the AGENT-BC TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbc.html0
115[various names]0  9crsrs.exe1 00  057http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
110Auto updat0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
126Auto updat and other names0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
134Controlled Resource System Service0  8crss.exe1 00 28Added by the AGOBOT.GH WORM!68http://www.liutilities.com/products/wintaskspro/processlibrary/crss/0
1 4CRSS0  8CRSS.exe1 00 32added by the W32/Agobot-RM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotrm.html0
127Microsoft ActiveX Component0  8crss.exe1 00 45Added by the Troj/Small-CR trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojsmallcr.html0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
120Win32 Network Driver0  8crss.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
125Windows Registry Security0  8crss.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
1102k6 updatz0  9crss3.exe1 00 48Added by the W32/Rbot-CPD worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpd.html0
1 9[unknown]0 10crss32.exe1 00139Added by the  W32/Randon-X worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randonx.html0
1 9crssm.exe0  9crssm.exe1 00133Added by the W32/Rbot-AFH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
122Windows System Manager0  9crssm.exe1 00132Added by the W32/Rbot-AFH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
112CaptionMgr320  9crssr.exe1 00163Added by the Zar.A infection.  It attempts to spread itself through emails sent out with the subject "Tsunami Donation!".  The file is found in the Windows folder.43http://www.f-secure.com/v-descs/zar_a.shtml0
110MS taskbar0  9crssr.exe1 00132Added by the W32/Rbot-AGO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotago.html0
129sp2 firewall/internet updater0 10crssrs.exe1 00 28Added by the  RBOT.BJO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJO&VSect=P0
118CRC Value Verifier0  9crsss.exe1 00 29Added by the  SPYBOT.UK WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.UK&VSect=P0
111MSControl280  9crsss.exe1 00133Added by the W32/Rbot-AQL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaql.html0
115start uploading0  9crsss.exe1 00108Added by the W32/Rbot-SZ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsz.html0
121Windows media service0  9crsss.exe1 00 27Added by the RBOT.ACY WORM!105http://es0
118CRC Value Verifier0 11crsss32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118CRC Value Verifier0 11Crsss64.exe1 00 26Added by the RBOT-NY WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html0
1 8system320 10crsvvc.exe1 00 28Added by the  RBOT.BLY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLY&VSect=P0
127microsoft internet explorer0 11crsys32.exe1 00 27Added by the  RBOT.UZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UZ&VSect=P0
124Microsoft Control Center0  8crtl.exe1 00 20Added by W32/Rbot-VX55http://www.sophos.com/virusinfo/analyses/w32rbotvx.html0
121Windows media service0  9crvss.exe1 00 27Added by the SDBOT.VP WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP0
415Crypkey License0 12crypserv.exe1 00126Used by certain software as copy protection.  This should be left running otherwise the program that utilizes it may not work. 01
1 8cryptdlg0 12cryptdlg.exe1 00 32Added by an unidentified TROJAN! 01
313calendarscope0  6cs.exe1 00 31Calendarscope calendar software29http://www.calendarscope.com/0
326CopernicSummarizerWatchdog0 28CSAgent.exe /thisismandatory211HKEY_CU\Run0 87Copernic Summarizer SUMMARIZER 2.1 ENG, Copernic Technologies Inc.. Copernic Summarizer39http://www.absolutestartup.com/startup/1
118IPv6 Helper Driver0  9csass.exe1 00 28Added by the AGOBOT.TC WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC0
121LanGuard Auto Updater0  9csass.exe1 00144Added by the W32/Rbot-DS trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotds.html0
117WSAConfiguration10  9csass.exe1 00 28Added by the AGOBOT.WH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH0
2 3csc0  7csc.exe1 00  2?? 01
116Critical Service0  9cscrs.exe1 00 48Added by the W32/Rbot-BFY worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfy.html0
111CSCRS Value0  9cscrs.exe1 00  8Added by13W32/Rbot-AAA.0
122Microsoft Data Machine0 12csdata32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111WinMX share0 10CSDVqs.exe1 00128Added by the W32/Sdbot-UU worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuu.html0
123Current Security Config0 11csecure.exe1 00132Added by the W32/Rbot-AMO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamo.html0
326fortis secure layer config0 11cseinst.exe1 00219Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information. 01
312CSINJECT.EXE0 12CSINJECT.EXE1 00211Part of Quarterdeck/Norton CleanSweep. For a full description see here. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."74http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/19990224132957280
2 6NCS_SS0 12Csinsm32.exe1 00 45Same as CleanSweep Smart Sweep-Internet Sweep 01
338CleanSweep Smart Sweep- Internet Sweep0 12Csinsm32.exe1 00 85Automatic logging of installs from Norton CleanSweep - available via Start - Programs 01
3 4MPEO0 12Csinsm32.exe1 00  0 01
337CleanSweep Smart Sweep-Internet Sweep0 12csinsmnt.exe122StartUp menu\All users0 78Norton CleanSweep 9.0, Symantec Corporation. Norton CleanSweep Install Monitor39http://www.absolutestartup.com/startup/1
1 5xware0 11cskware.exe1 00 58Malware downloader from xxsware.com, produces porn popups. 01
1 5cslsb0  9cslsb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115csm Win Updates0  7csm.exe1 00 50Added by the W32/Zotob-B worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotobb.html0
116new csnm manager0  8csmn.exe1 00 29Added by the  SDBOT.BZS WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P0
1 9ConSrvMgr0 11csmrsnv.exe1 00 42Added by the Troj/Stinx-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxj.html0
117cmsssystemprocess0  8csms.exe1 00 29Added by the  AGENT-Y TROJAN!56http://www.sophos.com/virusinfo/analyses/trojagenty.html0
117cmssSystemProcess0  9csmss.exe1 00 29Added by the AGENT-CO TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentco.html0
110spoolsvr320  9csmss.exe1 00 29Added by the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
112WIN95DEFVIEW0  9csmss.exe1 00 35Added by the  TROJ/DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
110spoolsvr320 11csmss32.exe1 00 42Added by a variant of the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
117ControlServiceMgr0  9csmsv.exe1 00 34Added by the Troj/Agent-XC Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentxc.html0
117ManageProtoclCtrl0  9csmsv.exe1 00 42Added by the Troj/Stinx-B backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxb.html0
1 4NDAv0  9CSNSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 4SDAv0  9CSNSS.EXE1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
129Client Server Runtime Service0  7csr.exe1 00 49Added by the W32/Sdbot-AFM worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafm.html0
126ClientServerRuntimeService0  9csrcc.exe1 00 35Added by the Trojan.Sufiage Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.sufiage.c.html#technicaldetails0
115WindowsTaskStat0 10csrcmd.exe1 00111Added by the Troj/Brepbot-B backdoor Trojan. This infection also creates the files Temp466.bat and Temp755.bat.58http://www.sophos.com/virusinfo/analyses/trojbrepbotb.html0
123Windows Custom Services0  9CSRCS.EXE1 00133Added by the W32/Spybot-EI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotei.html0
114TaskControlLog0 12csrdeu32.exe1 00136Added by the BKDR_BREPLIBOT.M worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FBREPLIBOT%2EM&VSect=T0
1 6Remndr0 11CsRemnd.exe1 00 22CasinoOnline foistware 01
112DriverModule0 11csrnvrt.exe1 00125Added by the Troj/Stinx-Q backdoor Trojan.  This infection also creates the files 557.bat and 989.bat in your Temp directory.56http://www.sophos.com/virusinfo/analyses/trojstinxq.html0
1 3csr0  9csrrs.exe1 00 48Added by the W32/Rbot-CKM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotckm.html0
118Service Controller0  9Csrrs.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
124Windows Taskmanager Data0 10csrrss.exe1 00 48Added by the W32/Rbot-BBH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbh.html0
129Client Server Runtime Process0  8csrs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
1 8Com+ Sys0  8csrs.exe1 00 28Added by the FORBOT-BT WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbt.html0
148microsoft client/server runtime server subsystem0  8csrs.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 7NetWork0  8csrs.exe1 00 28Added by the AGOBOT.JJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ0
136windows client/server runtime server0  8csrs.exe1 00 27Added by the  RBOT.KD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KD0
117Windows Time Sync0  8csrs.exe1 00 50Added by the  W32/Tilebot-N backdoor and IRC worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotn.html0
122Windows Update Service0  8csrs.exe1 00 28Added by the AGOBOT-NI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotni.html0
1 4dark0  8csrs.scr1 00 54Added by the Troj/Bancban-GT password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbangt.html0
115System32-Driver0 10csrs32.exe1 00152Added by the W32/Sdbot-CP backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcp.html0
1 5csrsc0  9csrsc.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9csrse.exe0  9csrse.exe1 00 45Added by the Backdoor.Hesive Trojan backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.hesive.html#technicaldetails0
118Microsoft Registry0  9csrse.exe1 00 26Added by the RBOT-PC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpc.html0
114system process0  9CSRSR.exe1 00 33Added by the  W32/AGOBOT-SQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsq.html0
319winupdateprotection0  8csrss.ex1 00 94EmployeeWatch is a commercial spyware program designed to monitor user activity on a computer.82http://securityresponse.symantec.com/avcenter/venc/data/spyware.employeewatch.html0
2 8.svchost0  9CSRSS.EXE111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8atisound0  9csrss.exe1 00462Added by the  WinSpy surveillance software. Uninstall this software unless you put it there yourself - NOTE - this file is placed in a %System%\ComRoot folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.winspy.html0
3 5csrss0  9csrss.exe1 00112Added by the Spyware.Keylog surveillance software.  Uninstall this software if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.beyondkeylog.html0
319WinUpdateProtection0  9csrss.exe1 00212ICE Remote Spy monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder69http://www.kephyr.com/spywarescanner/library/iceremotespy/index.phtml0
1 8.svchost0  9csrss.exe1 00129Added by a new Rbot variant.  This infection when started connects to a remote IRC server where it waits for commands to execute. 01
1 9.TEXTCONV0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8.WMAudio0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
113_systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
114_winsystem.sys0  9CSRSS.EXE1 00 93Added by the W32/Sober-K infection!  File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
121AdRotator.Application0  9csrss.exe1 00167AdRotator adware. Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling79http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx0
111Application0  9csrss.exe1 00 98Added by the W32.Beagle.EG@mm mass-mailing worm.  The emails that are sent are written in Russian.77http://www.sarc.com/avcenter/venc/data/w32.beagle.eg@mm.html#technicaldetails0
121ASP.NET State Service0  9csrss.exe1 00 47Added by the Troj/Dloader-QI downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderqi.html0
1 7BagleAV0  9csrss.exe1 00125Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html0
1 9BuildLabs0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 7ccpApps0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
114ClickTheButton0  9csrss.exe1 00134ClickTheButton Downloader-MY adware. Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
123COM+ System Application0  9csrss.exe1 00 47Added by the W32.Banish.A@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/w32.banish.a@mm.html#technicaldetails0
134Console de Gerenciamento Microsoft0  9csrss.exe1 00 54Added by the Troj/Bancban-ET password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanet.html0
1 5csrss0  9csrss.exe1 00  0 01
1 5CSRSS0  9CSRSS.EXE1 00217Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
111csrsslevel40  9csrss.exe1 00389Unidentified malware - NOTE - this file is placed in a C:\Windows\SystemLevel4 folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
1 8Debugger0  9csrss.exe1 00142Added by the W32.Beagle.EA@mm mass-mailing worm. This infection should not be confused with the legitimate c:\windows\system32\csrss.exe file.77http://www.sarc.com/avcenter/venc/data/w32.beagle.ea@mm.html#technicaldetails0
1 6DIECOX0  9csrss.exe1 00139Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_100826.htm0
111FiendlyType0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
116FirewallActivies0  9csrss.exe1 00 36Added by the  Troj/Banker-AQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeraq.html0
111KernellApps0  9csrss.exe1 00129Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!59http://www.sophos.com/virusinfo/analyses/trojbancbanac.html0
110Key Logger0  9csrss.exe1 00125Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!63http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html0
1 9Krnlcheck0  9csrss.exe1 00 83Added by Backdoor.Botnachala.  This infection also adds entries to your HOSTS file.63http://www.sarc.com/avcenter/venc/data/backdoor.botnachala.html0
120Microsoft SourceSafe0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
123microsoft windows csrss0  9csrss.exe1 00348Added by the  W32/KALEL-A WORM! - NOTE - this file should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!55http://www.sophos.com/virusinfo/analyses/w32kalela.html0
127Microsoft Word Profissional0  9csrss.exe1 00198Added by the Troj/Bancban-DB password-stealing trojan.  This infection targets Brazilian banks, so if you are a user of these banks you should check your passwords and accounts for unusual activity.59http://www.sophos.com/virusinfo/analyses/trojbancbandb.html0
123Norton Protect Activies0  9csrss.exe1 00242Added by the Troj/Banker-CZ Internet banking trojan.  This infection has the ability to steal information and log keystrokes.  if you are infected with this program it is strongly advised that you change any online passwords that you may use.58http://www.sophos.com/virusinfo/analyses/trojbankercz.html0
1 5NTDLM0  9csrss.exe1 00122Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html0
1 4Prog0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
110RegDone Ex0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8RegWrite0  9csrss.exe1 00127Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokacaps.html0
111Run TaskMrg0  9csrss.exe1 00128Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 8rundll320  9csrss.exe1 00124Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 6Runner0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
114SernellApp.pcx0  9csrss.exe1 00 89Added by the Troj/Bancban-BJ  trojan.  Located in  Windows system folder\D5133\csrss.exe.59http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html0
1 9Shockwave0  9csrss.exe1 00122Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sndog@mm.html0
113State Service0  9csrss.exe1 00 36Added by the Troj/Dadobra-CP trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobracp.html0
1 6System0  9csrss.exe1 00 39Added by the  PWSteal.Ldpinch.E TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.ldpinch.e.html0
114System Process0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
112systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
112SYSTEMSars320  9csrss.exe1 00123Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/w32.ahlem.a@mm.html0
1 7TaskMrg0  9csrss.exe1 00 35Added by the Troj/LdPinch-W trojan.58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 6Update0  9csrss.exe1 00  0 01
112windows 20040  9CSRSS.exe1 00 53Added as result of a  Troj/Banker-DY trojan infection58http://www.sophos.com/virusinfo/analyses/trojbankerdy.html0
125Windows Client Service 320  9csrss.exe1 00132Added by the W32/Rbot-ALB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalb.html0
120Windows Explorer SP20  9csrss.exe1 00 73Added by the Troj/Banker-DM password-stealing trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdm.html0
115Windows Spooler0  9csrss.exe1 00234Added by the W32/Tilebot-AL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This should not be confused with the legitimate csrss.exe file found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotal.html0
117Windows Time Sync0  9csrss.exe1 00 49Added by the W32/Tilebot-W worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotw.html0
114Windows Update0  9csrss.exe1 00 35Added by the Troj/Banker-IA Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeria.html0
121Windowsupdate Service0  9csrss.exe1 00102W32/Baba-E WORM creates this file, not to be mistaken for the legitimate Windows file documented here.54http://www.sophos.com/virusinfo/analyses/w32babae.html0
113winsystem.sys0  9CSRSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32soberk.html0
1 8WinXP-980  9CSRSS.exe1 00 83Added by the Troj/Banker-AZ  password-stealing trojan that targets Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankeraz.html0
1 6argq320 12csrss_32.exe1 00 48Added by the W32/Rbot-CPM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpm.html0
1 2270 11csrss32.exe1 00 35Added by the Troj/Slsorve-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorved.html0
126Microsoft CSRSS32 Protocol0 11csrss32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
124Microsoft Update Service0 11csrss32.exe1 00 28Added by the AGOBOT-HC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothc.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
127Microsoft CSRSS386 Protocol0 12csrss386.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
148microsoft client/server runtime server subsystem0 10csrssa.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
129Client Server Runtime Process0 10csrsss.exe1 00 27Added by the SDBOT-LD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotld.html0
112CSRSS Loader0 10csrsss.exe1 00 28Added by the AGOBOT.TX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX0
1 6CSRSSU0 10CSRSSU.EXE1 00169CoolWebSearch parasite related - hijacking to Slawsearch.com. You are advised to ask for help in our HijackThis forum to remove it. Located in the Windows system folder.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Microsoft DLL Verifier0 10csrssv.exe1 00132Added by the W32/Rbot-ATK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatk.html0
1 6csrssw0 10CSRSSW.EXE1 00 32Added by the  TROJ/CWS-F TROJAN!54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
116wsaconfiguration0 11csrsvcs.exe1 00 29Added by the  AGOBOT.VI WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VI&VSect=P0
1 9System1320 10Csrtss.exe1 00197Added by the Troj/LanFilt-I.  This infection connects to an IRC server where it waits for remote commands to execute, it can also log keystrokes, download or upload files and act as a proxy server.58http://www.sophos.com/virusinfo/analyses/trojlanfilti.html0
116ProtocolEventTsk0 10csrwjd.exe1 00 42Added by the Troj/Stinx-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxn.html0
115SystemProcEvent0 10csrwnd.exe1 00 42Added by the Troj/Stinx-O backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxo.html0
311CSS_Central0 12CSS_1631.EXE1 00232CSS Communication Agent (95 Host) from Command Software Systems &quot;CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console.&quot;50http://www.commandcom.com/enterprise/csscntrl.html0
1 5cssrs0  9cssrs.exe1 00 29Added by the  Troj/Bancban-DW59http://www.sophos.com/virusinfo/analyses/trojbancbandw.html0
115Display Drivers0  9cssrs.exe1 00 28Added by the AGOBOT.FX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 5WinFX0  9cssrs.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 7MSN ang0 10cssrss.exe1 00 28Added by the FORBOT-CE WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotce.html0
1 4csss0  8Csss.exe1 00 27Added by the BALICK TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html0
310css server0 13CSSServer.exe1 00107Added by the  ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself.68http://www.symantec.com/avcenter/venc/data/spyware.comspysyssvr.html0
3 5SysW80  8csta.exe1 00 45Clean Space - privacy and perfomance enhancer35http://www.teosoft.com/en/index.htm0
311ChineseStar0  9cstar.exe1 00 33Chinese language support software 01
110nvsv32.exe0  8cstr.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
114WindowsDiskLog0  9cstsm.exe1 00 42Added by the Troj/Stinx-C backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxc.html0
223CleanSweep Useage Watch0 12CSUSEM32.EXE1 00151Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time 01
1 8CSV10P700 13CSv10P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P700 12CSV7P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P260 11CSV7P26.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P910 11CSV7P91.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
110[not used]0  8csvc.com1 00100Added by the Backdoor.Beasty backdoor.br /br /Uses CLSID: b{AP042907-B967-10D8-9CBD-2672810A369E}/b.76http://www.sarc.com/avcenter/venc/data/backdoor.beasty.html#technicaldetails0
3 6csvdea0 10csvdea.exe1 00129Added by the Spyware.SpyArsenalLog surveillance software. This program should be uninstalled if it was not installed by yourself.65http://www.sarc.com/avcenter/venc/data/spyware.spyarsenallog.html0
111netservices0  9csxrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
119System time updator0 12CSysTime.exe1 00 27Added by the RANDEX.S WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.s.html0
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
4 2ct0  6ct.exe1 00112ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it 01
2 8CTAvTray0 12CTAvTray.EXE1 00 69CTAvtray 1, 0, 0, 2, Creative Technology Ltd.. EAX Animation Playback 01
2 8CTAVTray0 12CTAvTray.exe1 00144For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ 01
114ClickTheButton0  7CTB.EXE1 00 35ClickTheButton Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
310CTCMonitor0 14CTCMonitor.exe1 00 54converting directly from MS Office, it is not required 01
223Creative MediaSource Go0 11CTCMSGo.exe1 00 89Creative  MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats40http://www.soundblaster.com/mediasource/0
223Creative MediaSource Go0 16CTCMSGo.exe /SCB211HKEY_CU\Run0 83Creative MediaSource Go! 2.0.0.0, Creative Technology Ltd. Creative MediaSource Go!39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDetect.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
317Creative Detector0 15CTDetect.exe /R211HKEY_CU\Run0 93Creative MediaSource Detector 2.2.0.0, Creative Technology Ltd. Creative MediaSource Detector39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDVDDet.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
3 8CTDVDDet0 12CTDVDDet.EXE111HKEY_LM\Run0 51CTDVDDET 1.0.2.0, Creative Technology Ltd. CTDVDDET39http://www.absolutestartup.com/startup/1
2 9CTStartup0 12CTEaxSpl.exe1 00 90Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard 01
2 9CTStartup0 17CTEaxSpl.EXE /run2 00 61CTEaxSpl 1, 1, 0, 1, Creative Technology Ltd.. Startup Splash 01
3 9CTStartup0 17CTEaxSpl.EXE /run211HKEY_LM\Run0 61CTEaxSpl 1, 1, 0, 4, Creative Technology Ltd.. Startup Splash39http://www.absolutestartup.com/startup/1
114ctflog manager0 10ctflog.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
110CTFM0N.exe0 10CTFM0N.exe1 00 49Added by the Trojan.StartPage.P browser hijacker.79http://www.sarc.com/avcenter/venc/data/trojan.startpage.p.html#technicaldetails0
3 6ctfmon0 10ctfmon.exe1 00329CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2825990
310ctfmon.exe0 10ctfmon.exe111HKEY_CU\Run0 85Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. CTF Loader39http://www.absolutestartup.com/startup/1
1 6CTFMon0 10ctfmon.exe1 00  0 01
1 6ctfmon0 10ctfmon.exe1 00153Added by the Troj/SDBot-06 backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbot06.html0
110ctfmon.exe0 10ctfmon.exe1 00 59Added by the PWSteal.Raidys password-stealing trojan horse.75http://www.sarc.com/avcenter/venc/data/pwsteal.raidys.html#technicaldetails0
1 9ctfmon16c0 13ctfmon16c.exe1 00 43Added by the W32/Sharp-C mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32sharpc.html0
110Ctfmon.exe0 12ctfmon32.exe1 00 60CoolWebSearch parasite related - hijacking to Slawsearch.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8ctfmon320 12CTFMON32.EXE1 00 73CoolWebSearch parasite related - also detected as the  TROJ/CWS-E TROJAN!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8CTFMONSS0 12CTFMONSS.EXE1 00137Added by the Troj/CWS-F hijacker.  This infection will also install a Browser Helper Object with the filename WTLBASS32.DLL or SEHLP.DLL.54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
1 3MSN0 12ctfmoons.exe1 00 28Added by the SPYBOT.HI WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SPYBOT.HI0
120Win Updator Services0 10ctfnom.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 5cthbp0  9cthbp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cthelp0 10cthelp.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 8CTHELPER0 12CTHELPER.EXE1 00737CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it 01
311WINDVDpatch0 12CTHELPER.EXE1 00  0 01
3 8CTHelper0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 2, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
311WINDVDPatch0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 0, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
1 8CTHelper0 12cthelper.exe1 00 69Added by a WORM, W32/Rbot-XB, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxb.html0
1 6CTin100 10CTin10.exe1 00 29Added by the BANCOS.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html0
217Creative Launcher0 14CTLauncher.exe1 00155For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start - Programs 01
2 7TaskBar0 11CTLTask.exe1 00242Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article41http://support.microsoft.com/?kbid=3219690
2 8TaskTray0 11CTLTray.exe1 00 73Creative TaskTray 1.00.00.24, Creative Technology Ltd.. Creative TaskTray 01
2 8Tasktray0 11CTLTray.exe1 00327Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon.  Also allows you to launch the Taskbar via right-click - Show Taskbar. The tasktray can be accessed via Start - Programs - Creative - Sound Blaster Audigy - Taskbar 01
313CreativeMixer0 11CTMIX32.EXE1 00207Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon 01
310cmsettings0  8ctmn.exe1 00 30Part of NetNanny  Chat_Monitor51http://www.pcmag.com/article2/0,1759,1265307,00.asp0
314NOMAD Detector0 11ctmnrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
3 7ctnmrun0 11ctnmrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
314nomad detector0 11ctnmrun.exe1 00  0 01
314NOMAD Detector0 11CTNMRun.exe111HKEY_CU\Run0 65NOMAD Detector 3.15.3.0, Creative Technology Ltd.. NOMAD Detector39http://www.absolutestartup.com/startup/1
220CreativeDiscNotifier0 12CTNOTIFY.EXE1 00145For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start - Settings - Control Panel 01
213Disc Detector0 12CtNotify.exe1 00 64For Creative sound cards. Detects when you insert a CD, DVD, etc 01
115[Various Names]0 12CToolBar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 8CTPDPSRV0 12CTPDPSRV.EXE1 00 65Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). 01
310pdp Server0 13ctpdpsrvr.exe1 00173Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network 01
2 8CTRegRun0 12CTRegRun.exe1 00 98For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative 01
2 8CTRegRun0 12CTRegRun.EXE111HKEY_LM\Run0102Creative On-line Registration System 1.0.0.1, Creative Technology Ltd . Registration Scheduler Program39http://www.absolutestartup.com/startup/1
3 7CtrlVol0 11CtrlVol.exe1 00 48Acer's on screen volume control using the Fn key 01
211Speed racer0 11CTSRReg.exe1 00 34Software for a Creative sound card 01
113Event Locator0  8ctst.exe1 00 45Added as a service by the W32/Forbot-DJ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdj.html0
119CT Control Settings0 11CTSVCCD.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
233Creative Service for CDROM Access0 12Ctsvccda.exe1 00204Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start - Programs 01
3 8CTsysVol0 12CTSYSVOL.exe1 00 35Creative sound card volume controls 01
3 8CTSysVol0 12CTSysVol.exe1 00 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe 01
3 8CTSysVol0 15CTSysVol.exe /r211HKEY_LM\Run0 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe39http://www.absolutestartup.com/startup/1
2 8cttdpsrv0 12cttdpsrv.exe1 00  2?? 01
1 8CTUpdate0 12ctupdclt.exe1 00 12Added by the105W32/Rbot-0
410cuagentExe0 11Cuagent.exe1 00 25Command Antivirus related53http://www.command.co.uk/html/products/csav/index.cfm0
1 5cufya0  9cufya.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8culaavbq0 12culaavbq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3cuo0  7cuo.exe1 00 28Added by the BUGBEAR.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A0
2 8CursorXP0 12CursorXP.exe1 00 56CursorXP from Stardock - tool for creating mouse cursors42http://www.stardock.com/products/cursorxp/0
2 8CursorXP0 15CursorXP.exe -s2 00  0 01
432Client Update Service for Novell0 10cusrvc.exe1 00156Part of the Novell Client for Windows and is used to keep the client up to date.  It has a service name of cusrvc and is found in the Windows system folder. 01
2 6CuteMX0 10CuteMX.EXE1 00 20File sharing utility 01
312CuteReminder0 16CuteReminder.exe111HKEY_CU\Run0 54CuteReminder 2.0.0.0, CuteReminder Labs.. CuteReminder39http://www.absolutestartup.com/startup/1
1 6cuwqpj0 10cuwqpj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6XPSoft0 11CVDAsDW.exe1 00 27Added by the SDBOT-SY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html0
1 4cvhv0  8cvhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113cvmonitor.exe0 13cvmonitor.exe1 00 27Added by the SDBOT.BV WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV0
4 5CVPND0  9cvpnd.exe1 00 84Sub-system used by Cisco VPN client for making a connection to a remote IPSec server 01
122Windows media services0 10cvrsss.exe1 00 26Added by the RBOT-MW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmw.html0
114Startup Update0 11Cvshost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
111MSN Manager0  8cvss.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Bron-Spizaetus0  7CVT.exe1 00 48Added by the W32.Rontokbro@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.rontokbro@mm.html#technicaldetails0
110SystemGent0  7CVT.exe1 00 32Added by the W32/Brontok-H worm.57http://www.sophos.com/virusinfo/analyses/w32brontokh.html0
3 6CWatch0  6cw.exe1 00 32ChatWatch - chat monitoring tool53http://www.zemericks.com/products/chatwatch/index.asp0
3 2cw0  7cw4.exe1 00  9See  Here70http://www.zemericks.com/news/newsletters/february_2005_newsletter.asp0
324client access api daemon0 12cwbappcd.exe1 00 36IBM iSeries Client Access, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 12cwbckver.exe1 00323Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to.&nbsp;Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbckver0 12cwbckver.exe1 00318Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 18cwbckver.exe LOGIN211HKEY_LM\Run0102IBM(R) AS/400(R) Client Access Express for Windows(R) V5R1M0, IBM Corporation. Service Level Detection39http://www.absolutestartup.com/startup/1
225Client Access Help Update0 12cwbinhlp.exe1 00271Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbinhlp0 12cwbinhlp.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
221Client Access Service0 12cwbsvstr.exe1 00 76IBM(R) iSeries (TM) Access for Windows V5R3M0, IBM Corporation. cwbsvstr.exe 01
221Client Access Service0 12CwbSvStr.Exe1 00405Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbsvstr0 12cwbsvstr.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
321client access taskbar0 12cwbuitsk.exe1 00 44IBM iSeries Client Access taskbar, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
029Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
0 8cwbwlwiz0 12cwbwlwiz.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
329Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
312Cwcdschk.exe0 12Cwcdschk.exe1 00 21IBM Thinkpad related? 01
3 8cwcptray0 12cwcptray.exe1 00 57Related to ContentWatch Parental Control Internet Filter.28http://www.contentwatch.com/0
324Crystal 3D Audio Control0 12CWD3DSND.EXE1 00 30Crystal 3D Audio sound driver. 01
213Coolwallpaper0 12cwm_tray.exe1 00103Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers45http://coolwallpaper.com/download/index2.html0
321CoolWallpaperSoftware0 12cwm_tray.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321Command WorkStation 40  9CWS 4.exe222StartUp menu\All users0 76CWS 4 Application 4.1, Electronics for Imaging, Inc. . CWS 4 MFC Application39http://www.absolutestartup.com/startup/1
212bOò
ùð\×y-¯Ì0 10cwueem.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8cwupdate0 12cwupdate.exe1 00115ContentProtect, from A href="http://www.contentwatch.com/products/contentprotect.php"ContentWatch - internet filter 01
1 6zstart0 12cxdxregt.exe1 00 27ZenoSearch adware component54http://vil.mcafeesecurity.com/vil/content/v_133714.htm0
110Zstart.lnk0 12cxdxregt.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 7KV_HOST0  8cxjx.exe1 00 72Added by the Troj/LegMir-BB Trojan with password-stealing functionality.58http://www.sophos.com/virusinfo/analyses/trojlegmirbb.html0
117*microsoft update0  8cxma.exe1 00 35Added by the  W32.HLLW.STMU TROJAN!70http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml0
1 5cxorj0  9cxorj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123autoloaderaproposclient0 17cxtpls_loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
1 4cxuh0  8cxuh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3C2K0  9CYB2K.EXE1 00176CYBERsitter 2000 or 2001 -  anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser 01
2 5Cyber0 12cyberchk.exe1 00 59you to clean your drive after "x" amount of time has passed 01
1 9CyberWolf0 13CyberWolf.exe1 00 41Added by the  KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 4cyef0  8cyef.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Dos Prompt Loader0 10cygwin.exe1 00 79Added by W32/Sdbot-VV, A WORM/backdoor, and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html0
2 8CyphTray0 12CyphTray.exe1 00 30Cypherus - encryption software24http://www.cypherus.com/0
114WindowsSysBoot0  9cytob.exe1 00134Added by the W32/Tilebot-AY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotay.html0
1 5cyvud0  9cyvud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4run=0 11cyxid98.exe1 00 20Unidentified malware 01
1 9ASDPLUGIN0  9czech.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 7drocher0  5d.exe1 00 21Adult content dialler 01
1 6System0  5d.exe1 00148Added by the W32.Mytob.KU@mm worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ku@mm.html#technicaldetails0
113[random name]0 12d?xplore.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
212D066UUtility0 12D066UUTY.EXE1 00104TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software 01
1 7systemr0 11d11host.exe1 00 43Added by the Troj/VB-GX downloading trojan.54http://www.sophos.com/virusinfo/analyses/trojvbgx.html0
3 2D40  6D4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
310Dimension40  6d4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
1 7WinMine0  9D4NG3.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
211DACONFIGEXE0 12daconfig.exe1 00 523Com NIC Diagnostics. Available via Start - Programs 01
4 6DadApp0 10dadapp.exe1 00253DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked - direct from Dell 01
234Corel Desktop Application Director0  8dadx.exe1 00153The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start - Programs 01
317DAEMON Tools-10330 22daemon.exe  -lang 10332 00 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager 01
3 6Daemon0 10Daemon.exe1 00 83Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive36http://www.daemon-tools.net/main.htm0
317DAEMON Tools-10330 10Daemon.exe1 00  036http://www.daemon-tools.net/main.htm0
313TrackpointSrv0 10daemon.exe1 00116Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
1 6Daemon0 24daemon.exe c daemon2.exe2 00107The WORM W32/Esalone-A will add the file,  corrupt WINZIP and WINRAR archives, and also create other files.57http://www.sophos.com/virusinfo/analyses/w32esalonea.html0
317DAEMON Tools-10330 21daemon.exe -lang 1033211HKEY_LM\Run0 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager39http://www.absolutestartup.com/startup/1
2 6Daemon0 12DAEMON32.EXE1 00146Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start - Programs 01
112Micro Update0 10DAILIN.EXE1 00143Added by the W32/Rbot-ER trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboter.html0
410[not used]0 10DAinit.dll1 00 54Used by Desktop Authority desktop management software.53http://www.scriptlogic.com/products/desktopauthority/0
112daiXPdXm.exe0 12daiXPdXm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Dell Alert0  9DAMon.exe1 00 75Dell Alert utility, that's supposed to make interaction with Support easier 01
2 3Dap0  7DAP.exe1 00 70Download Accelerator Plus from SpeedBit - download manager/accelerator34http://www.speedbit.com/DAPDL.asp?0
229Download Accelerator Plus 5.00  7DAP.exe1 00192Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is &quot;adware&quot; based24http://www.speedbit.com/0
219DownloadAccelerator0  7DAP.EXE1 00182Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is "adware" based 01
319DownloadAccelerator0 16DAP.EXE /STARTUP211HKEY_LM\Run0 79Download Accelerator Plus  7, 4, 0, 1, Speedbit Ltd.. Download Accelerator Plus39http://www.absolutestartup.com/startup/1
119DownloadAccelerator0 16DAP.EXE /STARTUP2 00 78Download Accelerator Plus 7, 4, 0, 2, Speedbit Ltd.. Download Accelerator Plus 01
1 5load=0 10dapdll.exe1 00 25Added by the ATAK.E WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html0
318Codename Dashboard0 13dashboard.exe1 00266Codename: Dashboard - &quot;an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time&quot;46http://www.downlinx.com/proghtml/415/41557.htm0
0 6dashie0 18dashIE.exe systray2 00 67Could be related to &quot;Dash Power Shopping&quot; tool bar in IE? 01
438Compuware Distributed Analyzer Service0 11DASVCNT.exe1 00 49Added as part of the Compuware DevPartner Studio.55http://www.compuware.com/products/devpartner/studio.htm0
3 9DataLayer0 13DataLayer.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
3 9DataLayer0 13DataLayer.exe1 00 67Nokia PC Suite 6, 0, Nokia Mobile Phones Ltd.. DataLayer 2.0 Module 01
112Data Layer 20 13datalayer.exe1 00 48Added by the W32/Rbot-BNF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbnf.html0
324Optus Cable Data Monitor0 15datamonitor.exe1 00 96Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" 01
119Driver Data Monitor0 11datasys.exe1 00 48Added by the W32/Rbot-BBN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbn.html0
1 8Datcheck0 12datcheck.exe1 00 29Added by the KEYPANIC TROJAN!63http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html0
1 8BootsCfg0 14Date.POP.vbs %2 00 31Added by the  VBS.KUULLIO WORM!62http://www.symantec.com/avcenter/venc/data/vbs.kuullio@mm.html0
113DateMakerIntl0 17DateMakerIntl.exe1 00 34Premium rate adult content dialler 01
112Date Manager0 15datemanager.exe1 00 87Date Manager - calender program. Spyware/adware based provided by The Gator Corporation28http://www.date-manager.com/0
217Desktop Architect0 10DATRAY.EXE1 00 94Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc55http://download.com.com/3000-2326-5630015.html?tag=list0
217Desktop Architect0 13datray.exe -S2 00 64Desktop Architect 2, 1, 1, 0, Ken Foster. Desktop Architect Tray 01
1 5daudi0  9daudi.exe1 00 29Malware,  as yet unidentified 01
1 8DAupdate0 12DAupdate.exe1 00 17NavEnhance adware 01
118Perfomance Monitor0 12davcsync.exe1 00 30Added by the W32/Lamud-A worm.55http://www.sophos.com/virusinfo/analyses/w32lamuda.html0
011DAW9532.exe0 11DAW9532.EXE1 00111Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. 01
213Daily Planner0 11dayplan.exe1 00141Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them36http://www.kmcsonline.com/index.html0
3 8DayToday0 12DAYTODAY.EXE1 00 71DayToday from RoboMagic Software Corp. Displays the date on the taskbar43http://www.locutuscodeware.com/daytoday.htm0
1 4wizz0 11dazzler.exe1 00 59Reported by Kaspersky Anti-Virus as Win32.Dialer.is TROJAN! 01
126Win Validation Application0 13DBExecCom.exe1 00 32Added by the W32/VBSilly-A worm.57http://www.sophos.com/virusinfo/analyses/w32vbsillya.html0
1 8debugger0  9dbg32.exe1 00 28Added by  W32/Mytob-FW WORM!56http://www.sophos.com/virusinfo/analyses/w32mytobfw.html0
123microsoft debug service0 10dbgbgr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft System Checkup0 12dbnetlib.exe1 00 25Added by the DONK.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html0
2 6dbserv0 10dbserv.exe1 00 83Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled 01
321Gravis Appawareloader0 12dbserver.exe1 00155Looks like it's associated with  Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them22http://www.gravis.com/0
2 6dbtmon0 10dbtmon.exe1 00145Dell button monitor for 9XX series printer most commonly associated with 922. Can safely be turned off does not hamper printer operations. Can be 01
314Dialer Control0  6dc.exe1 00 68Dialer-Control. Detects and protects from premium rate p0rn diallers29http://www.dialer-control.de/0
1 2BD0  6dc.exe1 00 35Added by the Troj/Rasdoor-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojrasdoorb.html0
115[Various Names]0 12DCC_send.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110dcomdriver0 11DCCOM32.EXE1 00 48Added by the W32/Nymph.gen@MM mass-mailing worm.42http://vil.nai.com/vil/content/v_99180.htm0
320DAZEL Delivery Agent0 12DcDaemon.exe1 00 62Control and send documents, etc, to any destination - see here58http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=8880
111DCE Manager0 10dcemgr.exe1 00 26Added by the TUMAG TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html0
1 7AdPopup0 11dcf5678.exe1 00 34Added by the Troj/Agent-FZ Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfz.html0
3 7DCfssvc0 11dcfssvc.exe1 00302Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example 01
3 7dcfssve0 11dcfssvc.exe1 00304Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example 01
118DcomHelper Service0 11dcmhelp.exe1 00 49Added by the W32/Sdbot-AJA worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaja.html0
138(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)0 11dcom_16.dll1 00106Added by the Troj/Agent-BIW backdoor Trojan.br /br /Uses CLSID: b(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)/b.58http://www.sophos.com/virusinfo/analyses/trojagentbiw.html0
111dcomcfg.exe0 11dcomcfg.exe1 00 44Added by the Troj/Zlob-IK downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobik.html0
110[not used]0 12dcompcss.exe1 00 35Added by the Troj/PPdoor-AQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdooraq.html0
114WINDOWS SYSTEM0 12dcomuser.exe1 00132Added by the W32/Mytob-BJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbj.html0
1 6System0  9dcomx.exe1 00 28Added by the CIREBOT TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html0
1 6dcrgmj0 10dcrgmj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118Monitor SynManager0 10dcvwed.exe1 00134Added by the W32/Sdbot-NL worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnl.html0
1 8dcznetv20 12dcznetv2.exe1 00133Added by the W32/Tilebot-O worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboto.html0
117Microsoft Winsock0 12dczwin32.exe1 00 48Added by the W32/Rbot-BFW worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfw.html0
116Microsoft Config0 11dczznet.exe1 00231Added by the W32/Rbot-ARL worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.  This infection will also install the rootkit rdriv.sys in the Windows System folder.56http://www.sophos.com/virusinfo/analyses/w32rbotarl.html0
313Dialer Detect0  6dd.exe1 00147DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it43http://www.dialerdetect.nl/english/main.htm0
1 8D System0  6dd.exe1 00 48Added by the W32/Mytob-FN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfn.html0
213DDCActiveMenu0 17DDCActiveMenu.exe1 00235Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
213DDCActiveMenu0 23DDCActiveMenu.exe -boot2 00 80WildTangent DDCActiveMenu Module , WildTangent. WildTangent DDCActiveMenu Module 01
312DD2KPECLIENT0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
310DD2SERVICE0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
2 4DDCM0 10DDCMan.exe1 00435Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case" target="_blank"privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
2 6DDCMan0 10DDCMan.exe1 00  038http://www.wildtangent.com/default.asp0
2 4DDCM0 22DDCMan.exe -Background2 00 70WildTangent Channel Manager , WildTangent. WildTangent Channel Manager 01
115Windows Service0  8dddd.exe1 00101Identified by Kaspersky Labs as PornWare.Dialer.Salc, also known to come with the Bube family trojans64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=415180
1 7ddeproc0 11ddeproc.exe1 00 83Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here37http://www.eacceleration.com/privacy/0
1 6DDEsvr0 10ddesvr.exe1 00133Added by the W32/Agobot-QI worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotqi.html0
114Winsvr manager0 10DDEsvr.exe1 00 67Added by the W32/Tirbot-B WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32tirbotb.html0
1 7DirectX0 12ddhelp32.exe1 00 81Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
1 8DDialler0 12DDialler.exe1 00 21Adult content dialler 01
311CCD Manager0  7DDS.EXE1 00 63Project Labs Century CD manager for their CD/DVD storage device27http://www.centurycdna.com/0
223DynDNS-Updater Traytool0 11ddutray.exe1 00102DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually38http://www.dyndns.org/services/dyndns/0
1 7de32gen0 11de32gen.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
2 7DeadAIM0 29DeadAIM.ocm,ExportedCheckODLs111HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113virtual cdrom0 10deamon.exe1 00 27Added by the  RBOT.VP WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VP&VSect=P0
1 6debugg0 10debugg.dll1 00 47Added by the HaxDoor.B rootkit/backdoor Trojan.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
112DebugMonitor0 16debugmonitor.exe1 00 71A MyDoom WORM variant adds this file, exploiting P2P and email clients.57http://www.sophos.com/virusinfo/analyses/w32mydoombh.html0
1 5Debug0 12DebugW32.exe1 00122Added by the GUBED TROJAN Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 4run=0  9dec25.exe1 00 25Added by the ATAK.F WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html0
1 9what ever0  9decom.exe1 00108Added by the W32/Rbot-SC worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsc.html0
1 3Gmh0  7Dee.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7deeenes0 11DeeEnEs.exe1 00 70DeeEnEs - automatically  updates a dynamic IP address when it changes.48http://www.palacio-cristal.com/products/DeeEnEs/0
312NAV DefAlert0 12DefAlert.exe1 00162Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis 01
115[Various Names]0 12defect08.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
113BODefenderDrv0 15DefenderDrv.sys1 00 45Added by the Troj/GrayBrd-BF backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbf.html0
124Automatic Defrag Manager0 10defrag.exe1 00132Added by the W32/Rbot-AKE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotake.html0
118windows dll loader0 15defragfat32.exe1 00 32Added by the  W32/SDBOT-SS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotss.html0
118Windows DLL Loader0 18defragfat32abc.exe1 00108Added by the W32/Rbot-RG worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrg.html0
118Windows DLL Loader0 17defragfat32pi.exe1 00 26Added by the RBOT-QQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqq.html0
118Windows DLL Loader0 16defragfat32z.exe1 00 28Added by the LINKBOT.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.a.html0
118Windows DLL Loader0 15DEFRAGFAT34.EXE1 00 44Added by the W32/Poebot-B WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotb.html0
118Windows DLL Loader0 15defragfat39.exe1 00 27Added by the POEBOT-C WORM!56http://www.sophos.com/virusinfo/analyses/w32poebotc.html0
118Windows DLL Loader0 14defragfatx.exe1 00134Added by the W32/Poebot-F trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32poebotf.html0
118Windows DLL Loader0 14defragfatz.exe1 00 28Added by the LINKBOT.H WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html0
118Windows DLL Loader0 15defragfatz.exe.1 00 12Added by the31W32/Poebot-D WORM/IRC backdoor!0
113defragm_check0 14defragment.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7WebScan0 14DEFSCANGUI.EXE1 00150Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware in itself - see their privacy statement here25http://www.stop-sign.com/0
3 8defwatch0 12defwatch.exe1 00191Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis 01
3 9slow play0 13DEFY DASH.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112spywareguard0 17deinst_qfe001.exe1 00126Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application as described  here45http://castlecops.com/s3481-SpywareGuard.html0
125windows internet protocol0 17deinst_qfe001.exe1 00 45Added by a variant of the Win32.Small TROJAN! 01
122windows update checker0 17deinst_qfe002.exe1 00  0 01
3 5Delay0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
3 8Delayrun0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
211DELDIR0.EXE0 11DELDIR0.EXE115HKEY_LM\RunOnce0 58one-dev DelDir 1, 0, 0, 1, Network Associates Inc.. DelDir39http://www.absolutestartup.com/startup/1
321GhostSurfDelSatellite0 19DeleteSatellite.exe1 00 35SpyCatcher spyware remover related.58http://www.tenebril.com/products/ghostsurf/spycatcher.html0
2 7Execute0 14delfolders.exe1 00  2?? 01
3 7DellDMI0 11delldmi.exe1 00379Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? 7#FF00000
3 8DELLMMKB0 12DELLMMKB.EXE1 00 93Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys 01
3 9DellTouch0 12DELLMMKB.EXE1 00  0 01
2 6DellSC0 10dellsc.exe1 00 80Dell Solution Center - web-based troubleshooting tools and educational offerings 01
132windows service pack auto update0 10del-me.exe1 00 49Adware,  also detected as the Lowzones.BH TROJAN! 01
1 7delmsbb0 11delmsbb.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 7delsaap0 11delsaap.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
0 8delstart0 12delstart.exe1 00 83Reportedly part of BT ISP software - what does it do and is it required in startup? 01
0 6DelTmp0 11DelTemp.exe1 00142Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? 01
2 8DeltTray0 11deltray.exe1 00195System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -&gt; Programs or Start -&gt; Settings -&gt; Control Panel51http://www.midiman.net/products/m-audio/delta44.php0
0 6delcab0 20deltreew.exe C:\cabs2 00  6??font 01
111demm386.exe0 11DEMM386.EXE1 00143Added by the W32/Rbot-EO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteo.html0
0 5demon0  9demon.exe1 00 45Part of the French Wanadoo ADSL extense pack. 01
1 8Especial0 10Deneca.bat1 00 44Added by the WM97/Acened-A word macro virus.57http://www.sophos.com/virusinfo/analyses/wm97aceneda.html0
113WINDOWS DENEM0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
114WINDOWS DENEME0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
115[various names]0 10dePloy.exe1 00 90TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
1 6Desire0 11desires.exe1 00 21Adult content dialler 01
325HydarVisionDesktopManager0 10desk95.exe1 00253ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs39http://support.microsoft.com/?id=8109370
325HydraVisionDesktopManager0 10desk98.exe1 00167ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup 01
114DeskAd Service0 14DeskAdServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
2 9DeskColor0 13DESKCOLOR.EXE1 00 65Provides transparent icon text backgrounds and coloured icon text 01
2 8Deskflag0 12Deskflag.exe1 00 43DeskFlag - animated USA flag on the desktop24http://www.deskflag.com/0
3 8DeskHide0 12deskhide.exe125StartUp menu\Current user0 27DeskHide 1.00, wh0t access.39http://www.absolutestartup.com/startup/1
118DeskMateAutoUpdate0 22DeskMateAutoUpdate.exe1 00 88DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related53http://www.pestpatrol.com/PestInfo/b/bargainbuddy.asp0
21000dsksvr000 13desksaver.exe1 00 35Related to  Advanced_Desktop_Shield40http://www.softstack.com/deskshield.html0
216DiscoverDeskshop0 12Deskshop.exe1 00 62Discover Deskshop - single use &quot;virtual&quot; credit card43http://www.dealchecker.com/doc.cfm?OID=10910
222AquaSoft PhotoKalender0 62DESKTO~1.EXE -p|Photokalender.ads -t|3 Monate unregelmäßig.pwt211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7desktop0 11desktop.exe1 00 27Added by the SDBOT.MD WORM!46http://www.f-secure.com/v-descs/sdbot_md.shtml0
114Desktop Search0 11desktop.exe1 00 33iSearch "Desktop Search" hijacker 01
311desktop.ini0 11desktop.ini125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
411lto manager0 21DesktopLtoManager.exe1 00 84Related to  Global_Positioning_System (GPS) found on HP iPAQ hw6500 unit and others.28http://www.globallocate.com/0
210desktopmgr0 14desktopmgr.exe1 00132Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the &quot;Blackberry&quot;39http://www.rim.net/products/index.shtml0
223Copernic Desktop Search0 17DesktopSearch.exe1 00140Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"61http://www.copernic.com/en/products/desktop-search/index.html0
016desk-top-service0 20desk-top-service.exe1 00  2?? 01
322Motorola Desktop Suite0 16DesktopSuite.exe122StartUp menu\All users0 88Symbian Connect QI 1, 0, 0, 1, Symbian Ltd.. Symbian Connect QI Reference User Interface39http://www.absolutestartup.com/startup/1
2 3DW40 18DesktopWeather.exe1 00 46The Weather Channel's desktop weather program. 01
3 3DW40 18DesktopWeather.exe111HKEY_CU\Run0 49Desktop Weather 4 4.24.0.0, TWCi. DesktopWeather439http://www.absolutestartup.com/startup/1
3 8DesktopX0 12DESKTOPX.EXE1 00 96A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking 01
2 6deskup0 10deskup.exe1 00 42Adds Iomega Zip drive icons to the desktop 01
2 6Deskup0 20deskup.exe /IMGSTART211HKEY_LM\Run0 45Iomega refresh 4, 0, 1, 0, Iomega. deskup.exe39http://www.absolutestartup.com/startup/1
115[Various Names]0 11Dest068.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9destroy110 13destroy11.exe1 00 44Added by the Troj/Delf-KO keylogging trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
110destroyb110 14destroyb11.exe1 00 26Added by the  Troj/Delf-KO56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
2 8Detector0 12Detector.exe1 00 36Test Application 1, 0, 0, 1, . Image 01
2 8Detector0 12detector.exe1 00263USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software 01
214MGA_CD_Install0  7Deutsch1 00  0 01
129Microsoft Windows Workstation0 11devcode.exe1 00 48Added by the W32/Rbot-AWL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotawl.html0
129Microsoft Windows Workstation0 13devcode32.exe1 00 48Added by the W32/Rbot-BBT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbt.html0
111Dev Gnu Cpp0 10devcpp.exe1 00108Added by the W32/Rbot-RU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotru.html0
315Device Detector0 13DevDetect.exe1 00 78Watches for external digital imaging products being connected from ACD Systems43http://www.acdsystems.com/English/index.htm0
315Device Detector0 22DevDetect.exe -autorun2 00  0 01
315Camera Detector0 22DevDetect.exe -autorun211HKEY_LM\Run0 62Device Detector 1, 3, 2, 1, ACD Systems, Ltd.. Device Detector39http://www.absolutestartup.com/startup/1
217Device Detector 20 12DevDtct2.exe1 00294Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources. 01
217Digital Dashboard0 11devgulp.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
1 5Cmpnt0 12Devices2.exe1 00 43Added by the Troj/Tompai-D backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojtompaid.html0
128Configuration Loader Service0 10devl32.exe1 00 31Added by the W32/Sdbot-XY worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxy.html0
116Windows Archiver0 10devldr.exe1 00 46Added by the W32/Prex-J worm and IRC backdoor.54http://www.sophos.com/virusinfo/analyses/w32prexj.html0
3 8devldr160 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
312devldr16.exe0 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
111Divx4 codec0 12devldr32.exe1 00 96Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file76http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F4120
0 6Devlog0 10devlog.exe1 00115Apparently mainboard/chipset related, by a French company called AS Media -  what exactly is it, and is it required 01
111Dev Manager0 12devspecs.exe1 00107An Rbot variant.  This infection connects to an IRC server where it will await commands from a remote user. 01
1 5xdxqa0  8dewa.exe1 00 12Added by the140W32/Sdbot-YB.0
110autorepair0  8dexs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
120Configuration Loader0  8dezi.exe1 00134Added by the W32/Sdbot-OB worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotob.html0
132Managing FAT and NTFS partitions0 13dfrgfat16.exe1 00 48Added by the W32/Codbot-N worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotn.html0
134Defragmentation Management Handler0 13dfrgfat32.exe1 00 41Added by the W32/Codbot-AB backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32codbotab.html0
111wininet.dll0 11dfrgsrv.exe1 00 46Added by the Troj/DwnLdr-FS downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdwnldrfs.html0
123Distributed File System0  9Dfsvc.exe1 00 38Added by the MYFIP.A or MYFIP.K WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.a.html0
316Hermes Messenger0 12DGDRHE~1.EXE1 00 65A LAN messenger alternative to WinPopUp - Digital Dreams Software27http://www.dgdr.com/hermes/0
3 4DGJM0  8DGJM.exe1 00  2?? 01
130Microsoft Security Pansasagers0 13dgkztsqgn.exe1 00 48Added by the W32/Rbot-BBJ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbj.html0
1 8dgtstart0 12dgtstart.exe1 00 21DigitalNames.g adware62http://www.viruslist.com/en/viruses/encyclopedia?virusid=808850
2 6dguard0 10dguard.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
1 5dgzqn0  9dgzqn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115DealHelperBrwsr0 11dhbrwsr.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
3 7FatPipe0  4DHCP1 00115Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
131Symantec Client Security Loader0  8DHCP.DLL1 00116Added by the Troj/DllLoad-B trojan dll loader. DHCP.DLL is a file that tells the service what malicious DLL to load.58http://www.sophos.com/virusinfo/analyses/trojdllloadb.html0
1 8WinSec320  8dhcp.sys1 00 44Added by the Troj/Rawdoor-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojrawdoora.html0
121Microsoft STS Service0 10DHCP32.exe1 00136Added by the W32/Sdbot-UK worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuk.html0
4 8dhcpagnt0 12dhcpagnt.exe1 00 79Intel DSL modem driver - leave enabled or you'll have to re-install the drivers 01
111DHCP Client0 14dhcpclient.exe1 00133Added by the W32/Codbot-AG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32codbotag.html0
1 6dhixmg0 10dhixmg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6DHNUXB0 10DHNUXB.exe1 00  2?? 01
1 6atomix0  7dho.exe1 00 43Added by the W32.Hotmatom MSN Hotmail worm.73http://www.sarc.com/avcenter/venc/data/w32.hotmatom.html#technicaldetails0
116DealHelperUpdate0 10DHUpdt.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
1 5file10 13Dia Claro.htm2 00 29Added by the  Troj/Dloader-OR59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
310DiagAP81690 14DiagAP8169 /hw211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9(default)0 11diagcfg.exe1 00 36Added by the Backdoor.GWGirl trojan.59http://www.sarc.com/avcenter/venc/data/backdoor.gwgirl.html0
2 7diagent0 11diagent.exe1 00127System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -&gt; Programs 01
2 7DIAGENT0 19DIAGENT.EXE startup211HKEY_LM\Run0 87Creative Diagnostics Agent 1.00.10, Creative Technology Ltd. Creative Diagnostics Agent39http://www.absolutestartup.com/startup/1
110Diagnostic0 14diagnostic.exe1 00 42Added by the Troj/Alpha-C backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojalphac.html0
1 9installer0  8dial.exe1 00 75Malware - detected by  Kaspersky antivirus as trojan-dropper.win32.agent.mm36http://www.kaspersky.com/personalpro0
110User23.exe0  8DIAL.exe1 00 56This is a trojan trying to disguise itself as User32.dll 01
1 6regrun0 10dialer.exe1 00 97Adware downloader - also detected as a variant of the  TROJ_LOWZONES.BW or  TROJ_AGENT.RD TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW0
316antidialer.co.uk0 18Dialer_Watcher.exe1 00 85Dialer_Watcher is an application that allows you to detect  Dialers on your computer.24http://antidialer.co.uk/0
115[Various Names]0 13dialer423.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6itunes0  9dials.exe1 00109Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus. Note: A Url is not available at this time. 01
122windows dialup service0 10dialup.exe1 00 30Added by the  AGOBOT.AAH WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAH&VSect=P0
011diamondview0 15Diamondview.exe1 00115Manulife Financial Insurance program. Note: This file is legitimate. It is not known if it needs to run at startup. 01
1 5Livre0 10Dibane.bat1 00 26Added by the BANEDI VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html0
1 9rundll***0 23die.exe [path] mdll.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.bat2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.exe2 00  076http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 22die.exe [path] ttg.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
3 5DietK0  9DietK.exe1 00156DietK - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"21http://www.dietk.com/0
3 8DigiCell0 12DigiCell.exe1 00420MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" 01
3 7digisrv0 11DigiSrv.exe1 00 49Related to camera software from  Digital_Dreams._44http://www.digitaldreamco.com/en/index.shtml0
112DigitalNames0 21DigitalNamesStart.exe1 00 28DigitalNames spyware variant81http://securityresponse.symantec.com/avcenter/venc/data/spyware.digitalnames.html0
1 5DigiD0 16DigitalSound.exe1 00 17Adware downloader 01
211DIGServices0 15DIGServices.exe1 00 58Created by Disney but licensed to ESPN for watching videos 01
2 9DIGStream0 13digstream.exe1 00222DIGStream Cache Manager - part of ESPN Motion and  Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically39http://espn.go.com/motion/download.html0
1 8Gtfgxojw0 11Dihpcyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113iConfigLoader0 11DIIhost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
136Microsoft Internal AntiVirus Systems0 11dIlhost.exe1 00133Added by the W32/Rbot-AEV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaev.html0
3 9Dimension0 13Dimension.exe1 00220Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol 01
1 5Dino30  9dino3.exe1 00138Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result 01
1 5dinst0  9dinst.exe1 00 98GrandStreet parasite variant - detected by Kaspersky antivirus as Trojan-Downloader.Win32.Intexp.d48http://www.doxdesk.com/parasite/GrandStreet.html0
1 7Printer0 10dipset.exe1 00 38Added by a variant of the FBSR TROJAN!46http://vil.nai.com/vil/content/Print119618.htm0
112direct3d.exe0 12direct3d.exe1 00 52Added by the Troj/Certif-F password-stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojcertiff.html0
111Windows SP40 12directCC.exe1 00121Added by the W32/Rbot-ACX worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacx.html0
216Adaptec DirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
215AdaptecDirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
2 8DirectCD0 12DirectCD.exe1 00  0 01
121Printer direct access0 13directout.sys1 00 36Added by the TSPY_GOLDUN.EG rootkit.97http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FGOLDUN%2EEG&VSect=Td0
1 8directpt0 12directpt.dll1 00 44Added by the Troj/Haxdoor-AX rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorax.html0
111directs.exe0 11directs.exe1 00 64Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html0
1 8directut0 12directut.dll1 00 35Added by the Troj/Goldun-BX Trojan.58http://www.sophos.com/virusinfo/analyses/trojgoldunbx.html0
310DIRECTVDSL0 14Directvdsl.exe1 00 66Starts DirectTV DSL modem at boot up. Can also be started manually 01
1 7DirectX0 11DirectX.exe1 00 37Added by the BLAXE or  LOGPOLE WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.blaxe.html0
1 7directx0 11Directx.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
115DirectX Service0 11directx.exe1 00 49Added by the Troj/Crybot-B worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/trojcrybotb.html0
1 7directx0 13directx32.exe1 00 29Added by the  AGOBOT.CG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CG0
110directx 320 13directx32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
116WindowsXP Module0 13DirectX3D.exe1 00 42Malware, reportedly a keylogger - see here51http://www.anti-spy.info/process/directx3d.exe.html0
1 9DirectX640 14DirectXset.exe1 00 28Added by the BROWNEY.A WORM!43http://vil.nai.com/vil/content/v_100098.htm0
3 6Dirkey0 10Dirkey.exe1 00287Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders&nbsp;31http://www.protonfx.com/dirkey/0
1 4rn4d0 10dirote.exe1 00 34Added by the BKDR_MAROON.A TROJAN!107http://nl0
2 8discoveg0 12discoveg.exe1 00  2?? 01
312Disk_Monitor0 16Disk_Monitor.exe1 00225Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader 01
126Windows (random character)0 13diskcheck.exe1 00 28Added by the SINGU.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.singu.b.html0
1 7diskinf0 11diskinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
311DISKMON.EXE0 11DISKMON.EXE1 00280DiskMon is a small (55k zip file) that monitors hard disk activity.  It's most useful because it puts a little light on your system tray that tells you when your hard disk is reading or writing, saving you having to bend down to look at the light on the front of your system unit. 01
1 7diskchk0 13diskmon32.exe1 00 48Added by the W32/Rbot-BBI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbi.html0
2 7Disknag0 11disknag.exe1 00 65Dell program that reminds you to make your&nbsp; backup diskettes 01
310DiskPiePro0 17DiskPiePro.exe /m211HKEY_CU\Run0 54DiskPiePro 1.0.0.0, Ziff Davis Media, Inc. DiskPie Pro39http://www.absolutestartup.com/startup/1
115[Various Names]0 12diskserv.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Disk Manager0 11diskver.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
129i am not ranky. i am etunnel!0 10disney.exe1 00 40Added by an unidentified WORM or TROJAN! 01
414APC UPS Status0 11Display.exe1 00 43APC PowerChute Personal Edition status icon67http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=0
3 6disspy0 10disspy.exe1 00 45Disspy spyware detection and removal software44http://www.h-desk.com/new/Features.13.0.html0
224Distiller Assistant 3.010 12DISTASST.EXE1 00 90From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start - Programs 01
3 3Dit0  7Dit.exe1 00  0 01
3 3Dit0  7dit.exe1 00127Drive Icon and Label Utility - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found 01
210DiTask.exe0 10DiTask.exe1 00195Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -&gt; Programs42http://www.eicon.com/worldwide/default.htm0
311Divamon.exe0 11Divamon.exe1 00 57Associated with an Eicon Networks Diva ISDN or ADSL modem42http://www.eicon.com/worldwide/default.htm0
112DivX Updater0  8DivX.Exe1 00 43Added by the NALDEM TROJAN or MASTAK VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html0
1 4divx0 11divxenc.exe1 00 29Added to the  Spbot.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.spbot.b.html0
1 7mdetect0 15divxencoder.exe1 00 46Added by the Troj/Sqdload-A downloader trojan.58http://www.sophos.com/virusinfo/analyses/trojsqdloada.html0
111DivX Player0 14DivXPlayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
0 8djsnetcn0 12DJSNetCN.exe1 00 72Symantec Licensing Detect Internet Connection,  part of Norton antivirus 01
3 8DJSNetCN0 12DJSNETCN.exe119HKEY_LM\RunServices0 79Symantec Shared Components 5.0, Symantec Corporation. Symantec Shared Component39http://www.absolutestartup.com/startup/1
114djtopr1150.exe0 14djtopr1150.exe1 00 50Unknown malware. Located in %temp%\djtopr1150.exe" 01
1 7djvvjvy0 11djvvjvy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7dKernel0 11dkernel.exe1 00 30Added by the W32/Decoy-A worm.55http://www.sophos.com/virusinfo/analyses/w32decoya.html0
216DiskeeperSystray0 10DkIcon.exe1 00 60DisKeeper defragmentation software - can be started manually42http://www.executive.com/defrag/defrag.asp0
1 4dkjb0  8dkjb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 9DkService0 13DkService.exe1 00200From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. 01
1 6DKTime0 10dktime.exe1 00 26Added by the LUNII TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html0
113Dkware lptt010 10dkware.exe1 00180Variant of the  RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Dkware ml097e0 10dkware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
138(D1589445-4C2D-4827-6486-8C9674D8B206)0 11dkxcj32.dll1 00100Added by the W32/Korgo-Z network worm.br /br /Uses CLSID: b(D1589445-4C2D-4827-6486-8C9674D8B206)/b.55http://www.sophos.com/virusinfo/analyses/w32korgoz.html0
1 7dkzzixm0 11dkzzixm.exe1 00  2?? 01
2 7DlaTray0 11Dlatray.exe1 00404System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
2 6HP_dla0 11dlatray.exe1 00106On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD 01
221Dell AIO Printer A***0 12dlbabmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
0 8dlbcserv0 12dlbcserv.exe1 00 31Related to a Dell Photo Printer 01
021dell aio printer a9600 12dlb