213ATI Launchpad0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
223iDuba Personal FireWall0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 3LDM0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
215Power2GoExpress0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
213RemoteControl0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
222Start WingMan Profiler0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5Steam0  0011HKEY_CU\Run0 25From Valve, for net games39http://www.absolutestartup.com/startup/1
212WebCamRT.exe0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5ccApp0  0011HKEY_LM\Run0  2??39http://www.absolutestartup.com/startup/1
2 3ISC0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
210ISC_UpDate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
213New Autostart0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214QD FastAndSafe0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214WMC_AutoUpdate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
212yahoo! &maps0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 8PowerBar0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310RecordNow!0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
316Sonic RecordNow!0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310SpySweeper0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 5Steam0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
316TransparentIcons0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 9TransTask0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8Tweak-XP0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8farstone0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 9pdfSaver30  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
312PestPatrolCL0  0011HKEY_LM\Run0 90PestPatrol 4.4.4, Computer Associates International, Inc.. PestPatrol command line scanner39http://www.absolutestartup.com/startup/1
312screen miner0  0011HKEY_LM\Run0 70Screen Miner, screen capture tool, capture full screen, capture window39http://www.absolutestartup.com/startup/1
3 8SiS Tray0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 6UC_SMB0  0011HKEY_LM\Run0 81Name:, UC_SMB. Filename:, ucstart.exe. Description:, Part of IBM Update connector50www.bleepingcomputer.com/startups/UC_SMB-5915.html0
3 8Driver320  0019HKEY_LM\RunServices0101This entry has information about the driver32.exe file and whether or not it should be allowed to run57www.bleepingcomputer.com/ startups/driver32.exe-9053.html0
113MISAggregator0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
119windows auto update0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
126Shortcut to LAFNSlipstream0  0025StartUp menu\Current user0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
312$sys$cor.sys0 12$sys$cor.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
328Plug and Play Device Manager0 18$sys$DRMServer.exe1 00376Added by the Sony/XCP DRM security software. This service is part of the digital rights management system utilized on certain Sony CDs.  If you remove this service, you may no longer be able to play certain CDs from Sony on your computer.br /br /If you have this service, then there is a good chance you also have the Sony XPC DRM rootkit.  Use the removal instructions below.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 8$sys$drv0 12$sys$drv.exe1 00249Added by the Backdoor.Ryknos Trojan backdoor that attempts to utilize the SecurityRisk.First4DRM security risk to hide itself on the compromised computer.  It also adds a registry key at HKEY_CURRENT_USERWkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj76http://www.sarc.com/avcenter/venc/data/backdoor.ryknos.html#technicaldetails0
110$sys$crash0 18$sys$sonyTimer.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 17$sys$sos$sys$.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 20$sys$WeLoveMcCOL.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
1 8$sys$cmp0 11$sys$xp.exe1 00156Added by the Troj/Stinx-F backdoor Trojan.  Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.56http://www.sophos.com/virusinfo/analyses/trojstinxf.html0
213%cmpmixtitle%0 11%cmpmixstr%1 00 48Possibly related to C-Media Mixer Control panel? 01
1 5Ctykd0 27%Malware path and filename%2 00 35Added by the TSPY_SMALL.SN spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FSMALL%2ESN&VSect=Td0
1 7PAV.EXE0  8%Number%1 00 67Added by the  KITRO.D (or ARGEN.A) WORM! %Number% can be any number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
214DumpFaultCheck0  8%system%1 00197Added by the W32/Scanbot-A worm and IRC backdoor.  Though this infection adds these entries, they have no effect on your computer other than open the %System% folder.  You can remove these entries.57http://www.sophos.com/virusinfo/analyses/w32scanbota.html0
129SystemWideHook for Windows NT0 14%WinHook32.exe1 00 28Added by the MYDOOM.AC WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html0
1 6alkasr0 41ÎäÒíÑ.exe1 00 28Added by the BALKART TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html0
1 9(default)0 25¡¡NOTEPAD.EXE1 00 42Added by the Troj/Vaq-A Trojan downloader.54http://www.sophos.com/virusinfo/analyses/trojvaqa.html0
116Web Event Logger0 31<8 random characters>.dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79FEACFF-FFCE-815E-A900-316290B5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
1 7newname0 30<application executable>2 00 36Added by the Troj/Drsmartl-S Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html0
1 7Proc1120 37<File name of the dropped file>2 00 31Added by the WORM_IXBOT.A worm.88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIXBOT%2EA&VSect=T0
111DllLoader320 20<filename>.exe1 00 43Added by the Troj/Bdoor-QD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorqd.html0
111GlobalSCAPE0 20<filename>.exe1 00132Added by the W32/Rbot-AYM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaym.html0
1 9DTInstall0 21<filename.>.dll1 00 35Added by the Troj/Small-ALM Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallalm.html0
115Hutley-Spieluhr0 20<filename.exe>1 00 43Added by the Troj/Shpiel-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojshpiela.html0
1 6NAVNet0 26<Name of Executable>2 00 75Added by the Troj/Small-FR Trojan.  The filenames and locations are random.57http://www.sophos.com/virusinfo/analyses/trojsmallfr.html0
1 6winabc0 24<ORIGFILENAME>.DLL1 00 82Added by the Troj/Lineage-PN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagepn.html0
113Virus Cleaner0 32<original Trojan filename>2 00 33Added by the Troj/Delta-E Trojan.56http://www.sophos.com/virusinfo/analyses/trojdeltae.html0
1 9NTupdater0 37<path to a renamed Mirc client>2 00 44Added by the Troj/Digarix-D backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojdigarixd.html0
1 4Safe0 26<path to Trojan EXE>2 00 97Added by the Troj/Banker-DT password stealing Trojan aimed primarily at users of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdt.html0
111WheelsMouse0 22<path to Trojan>2 00 48Added by the Troj/SocksPr-D proxy server Trojan.58http://www.sophos.com/virusinfo/analyses/trojsocksprd.html0
1 8Win_BooT0 22<Path to Trojan>2 00 53Added by the Troj/Banker-GI password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergi.html0
1 8WinShell0 20<path to worm>2 00 52Added by the W32/Fanbot-B mass-mailing and P2P worm.56http://www.sophos.com/virusinfo/analyses/w32fanbotb.html0
1 9Devicewin0 41<pathname of the Trojan executable>2 00 36Added by the Troj/Banker-AEV Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankeraev.html0
112kernel32.dll0 41<pathname of the Trojan executable>2 00 33Added by the Troj/Zlob-AP Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobap.html0
118Microsoft Redirect0 41<pathname of the Trojan executable>2 00 52Added by the Troj/Banker-FW Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerfw.html0
1 8msresear0 41<pathname of the Trojan executable>2 00 34Added by the Troj/Weasyw-B Trojan.57http://www.sophos.com/virusinfo/analyses/trojweasywb.html0
1 9Rapdyleys0 41<pathname of the Trojan executable>2 00 35Added by the Troj/QQPass-AD Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassad.html0
1 7MSPRO320 39<pathname of the worm executable>2 00 31Added by the W32/Hiberi-B worm.56http://www.sophos.com/virusinfo/analyses/w32hiberib.html0
113Winsocket log0 29<random characters>.exe2 00 50Added by the Troj/Sdbot-AKF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotakf.html0
112SysTray.Exys0 42<random filename with DLL extension>2 00 97Added by the Troj/Slogger-D Trojan.br /br /Uses CLSID: b{7368D5FC-6F5C-4f5b-B964-E67214F67852}/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerd.html0
1 6DER0050 23<random filename>2 00 43Added by the Troj/Hackvan-B Trojan rootkit.58http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 7Idoneus0 23<random filename>2 00 31Added by the MSIL.Idonut virus.72http://www.sarc.com/avcenter/venc/data/msil.idonut.html#technicaldetails0
118Msn Update SUPPORT0 23<random filename>2 00 48Added by the W32/Rbot-BPS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbps.html0
114Service Screan0 23<random filename>2 00132Added by the W32/Rbot-BAC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbac.html0
1 8Telnet240 23<random filename>2 00133Added by the W32/Rbot-ARD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotard.html0
113Win Prosess0r0 23<random filename>2 00 48Added by the W32/Rbot-BIT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbit.html0
1 6XRW0050 23<random filename>2 00  058http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 8DBGA0EEG0 27<random filename>.dll2 00119Added by the W32/Doxpar-D password-stealing network worm.br /br /Uses CLSID: b{6C7F7D05-2430-7FA8-28C5-2F9036BF28AF}/b.56http://www.sophos.com/virusinfo/analyses/w32doxpard.html0
1 7eTunnel0 27<random filename>.exe2 00 43Added by the Troj/Meteor-E backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmeteore.html0
124Windows Firewall Monitor0 27<random filename>.exe2 00 40Added by the Troj/Proxy-AX proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyax.html0
1 6wuauon0 27<random filename>.exe2 00 43Added by the Troj/Bdoor-MC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormc.html0
1 4st3i0 27<random filename.dll>2 00 33Added by the Troj/Hasum-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojhasuma.html0
1 6angnan0 27<random filename.exe>2 00 31Added by the W32/Bobax-DB worm.56http://www.sophos.com/virusinfo/analyses/w32bobaxdb.html0
122eMCryT Sh3ars Panagers0 27<random filename.exe>2 00132Added by the W32/Rbot-AWI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawi.html0
128MICROSFT RAMA UPDATE SUPPORT0 27<random filename.exe>2 00132Added by the W32/Rbot-ASM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
120Microsoft Anti-Virus0 27<Random Filename.exe>2 00 49Added by the W32/Kassbot-O worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32kassboto.html0
1 7Proc9920 27<random filename.exe>2 00 47Added by the W32/Ixbot-C worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbotc.html0
112Google Earth0 23<random name>.pif2 00132Added by the W32/Rbot-AXK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html0
112SysTray.Exiv0 18<random>.dll1 00106Added by the Troj/Slogger-F backdoor Trojan.br /br /Uses CLSID: b(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerf.html0
113System32Check0 18<random>.exe1 00 57Added by the Troj/Chast-A backdoor and keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojchasta.html0
1 6VSSTAT0 18<random>.exe1 00 47Added by the W32/Gobot-N worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32gobotn.html0
116Web Event Logger0 18<random>.exe1 00102Added by the Backdoor.Berbew.D backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.d.html#technicaldetails0
111nethost.exe0 26<randomfilename>.exe1 00 42Added by the Troj/Perda-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaj.html0
126Windows Overlay Components0 26<randomfilename>.exe1 00 34Added by the Troj/Agent-JK Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentjk.html0
113Apoint System0 25<Trojan Executable>2 00 35Added by the Troj/Banker-WK Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerwk.html0
1 4cppc0 25<Trojan executable>2 00 80Added by the Troj/VB-NV Trojan.  This trojan pretends to be a Half-Life 2 crack.54http://www.sophos.com/virusinfo/analyses/trojvbnv.html0
1 8FindHack0 25<Trojan executable>2 00 34Added by the W32/Kelvir-BA Trojan.57http://www.sophos.com/virusinfo/analyses/w32kelvirba.html0
1 6HATAPE0 25<Trojan executable>2 00 35Added by the Troj/Banker-QF Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerqf.html0
1 8msapps320 25<Trojan executable>2 00 35Added by the Troj/Banker-IS Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeris.html0
113office_update0 25<Trojan executable>2 00 36Added by the Troj/Dloader-ZB Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html0
114PHIME2OO2ASyst0 25<Trojan executable>2 00120Added by the Troj/DBdoor-B backdoor Trojan.  This filename for this trojan can be change to one specified by the hacker.57http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html0
112SmartTesting0 25<Trojan executable>2 00 45Added by the Troj/Ranck-DO http proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdo.html0
1 7taskbar0 25<Trojan executable>2 00 42Added by the Troj/Perda-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdai.html0
1 7zzzsoft0 25<Trojan executable>2 00 34Added by the Troj/QQRob-AD Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqrobad.html0
1 9aaprotect0 23<Trojan Filename>2 00 36Added by the Troj/Bancban-MJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanmj.html0
1 4Tspy0 23<Trojan Filename>2 00 43Added by the Troj/TSpy-B keylogging Trojan.55http://www.sophos.com/virusinfo/analyses/trojtspyb.html0
1 7MSSever0 27<Trojan Filename.exe>2 00 50Added by the Troj/PWS-CW password-stealing Trojan.55http://www.sophos.com/virusinfo/analyses/trojpwscw.html0
1 7Myfault0 18<Trojan.exe>1 00 34Added by the Troj/Ranck-DJ Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdj.html0
014CQSCP2P SERVER0 15<unknown>1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
0 8CQSCP2PS0 15<unknown>1 00  0 01
0 8V128IITV0 15<unknown>1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
228AccuWeather.com® Desktop0 15<unknown>1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0 15<unknown>1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0 15<unknown>1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0 15<unknown>1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0 15<unknown>1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0 15<unknown>1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0 15<unknown>1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0 15<unknown>1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0 15<unknown>1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0 15<unknown>1 00 26Related to an Iomega drive 01
2 5TGCMG0 15<unknown>1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0 15<unknown>1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0 15<unknown>1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
3 9EDRestore0 15<unknown>1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0 15<unknown>1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
323SMS Win9x Message Agent0 15<unknown>1 00 63This program assigns a user to a Systems Management Server site 01
111Bonzi Buddy0 15<unknown>1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0 15<unknown>1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
117Content connector0 29<various filenames.exe>2 00 34Added by the Troj/Dialer-Y dialer.57http://www.sophos.com/virusinfo/analyses/trojdialery.html0
125Microsoft Moniter Control0 21<worm filename>2 00 48Added by the W32/Rbot-BAX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbax.html0
110[not used]0 27øb.Ýoç1 00138Added by the Backdoor.Beasty.D backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{54AD0222-BB51-31EF-BBFA-06AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.d.html0
114vbs.ipnuker@mm0 29(original worm file name).vbs2 00 23Added by the  VBS.Nukip70http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7windowz0 29(original worm file name).vbs2 00  070http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7bcnswsx0 14(path to file)2 00 47Added as result of a  Ranck-AJ trojan infection57http://www.sophos.com/virusinfo/analyses/trojranckaj.html0
1 4ibin0 35(Pathname of the Trojan executable)2 00 26Added by the  Troj/Perda-C56http://www.sophos.com/virusinfo/analyses/trojperdac.html0
118virus removal tool0 35(pathname of the Trojan executable)2 00 27Added by the  Troj/Tometa-B57http://www.sophos.com/virusinfo/analyses/trojtometab.html0
1 5clock0 20(various file names)2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
1 9romahere20 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
1 9romahere30 34************.exe [* = random char]2 00  044http://doxdesk.com/parasite/SuperSpider.html0
115Control handler0 33***********.exe [* = random char]2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Network Security Guard0 32**********.exe [* = random char]2 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125WindowsRegKey upd4te2d4te0 31*********.exe [* = random char]2 00 26Added by the RBOT.XQ WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ0
1 4sr640 13********. exe2 00 27Adware, as yet unidentified 01
1 8rate.exe0 30********.exe [* = random char]2 00 19Unidentified adware 01
116ms window update0 33******.exe (* = random character)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 8Narrator0 28******.exe [* = random char]2 00 30Transponder/VX2 related adware 01
1 3web0 28******.exe [* = random char]2 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
111pnpsvc_lock0 29******.exe [* = random digit]2 00 16Browser hijacker 01
1150utlook express0 33*****.exe (where * = random char)2 00 31Added by the  W32/RBOT-CC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
122outlook express config0 33*****.exe (where * = random char)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113cyberfree.exe0 26****.dat [* = random char]2 00 19Unidentified adware 01
127Microsofts Security Manager0 29****.exe [**** = random char]2 00 28Added by the RBOT-WH TROJAN!55http://www.sophos.com/virusinfo/analyses/w32rbotwh.html0
118microsoft software0 31****.exe E255 [* = random char]2 00 40Added by an unidentified WORM or TROJAN! 01
118Win32SystemMonitor0 25***.exe [* = random char]2 00 16Browser hijacker 01
1 7Nero.ma0 29***.exe [*** = 2 to 3 digits]2 00 28Added by the JONBARR.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html0
224Description of Shortcuts0  5*.exe1 00227* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) 01
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
1 5ccapp0  4.EXE1 00 31Added by the  W32/RBOT-LJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
111Gray_Pigeon0  4.exe1 00111Added by the Troj/GrayBrd-EH backdoor Trojan.  This infection also creates the file c:\windows\temp\8e4ds4.dll.59http://www.sophos.com/virusinfo/analyses/trojgraybrdeh.html0
1 9supernova0  4.exe1 00 91Added as a result of the SURNOVA (or SUPOVA) VIRUS! <filename>.exe is the chosen name78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
111Search Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 23//find.naupoint.com</a>1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
011com servoce0  2/a1 00  0 01
211com servoce0  2/a1 00  044http://www.esafe.com/esafe/default.asp?cf=tl0
110search.vbs0  2/a1 00  8Hijacker 01
4 6vs.vsn0  2/a1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
1 8WinTools0  5/boot115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
324EPSON Stylus Photo RX5000 22/M Stylus Photo RX500"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
114WinMsgServices0  5?.exe1 00169Added by the  Troj/Kelebek-G.  This file is added to the Windows system folder.  The name of the filename is the ASCII character 255 which corresponds to an empty space.58http://www.sophos.com/virusinfo/analyses/trojkelebekg.html0
013Coupon Offers0  2??1 00  2?? 01
0 6Devlog0  2??1 00  2?? 01
0 6Dosbat0  2??1 00  0 01
0 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
0 5Vinny0  2??1 00  2?? 01
010Web Search0  2??1 00  0 01
011WRECK GUARD0  2??1 00  2?? 01
224AccuWeather.com® Desktop0  2??1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0  2??1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0  2??1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0  2??1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0  2??1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0  2??1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0  2??1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0  2??1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0  2??1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0  2??1 00 26Related to an Iomega drive 01
2 5TGCMG0  2??1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0  2??1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0  2??1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
311AAAKeyboard0  2??1 00  0 01
3 7Avxnews0  2??1 00  2?? 01
314CQSCP2P SERVER0  2??1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
3 6Devlog0  2??1 00  2?? 01
3 6Dosbat0  2??1 00  0 01
3 9EDRestore0  2??1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0  2??1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
3 7mfgboot0  2??1 00  2?? 01
3 6Qdsafe0  2??1 00  2?? 01
3 8ScanFile0  2??1 00  0 01
323SMS Win9x Message Agent0  2??1 00 63This program assigns a user to a Systems Management Server site 01
3 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
3 5Vinny0  2??1 00  2?? 01
310Web Search0  2??1 00  0 01
311WRECK GUARD0  2??1 00  2?? 01
111Bonzi Buddy0  2??1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0  2??1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
113[random name]0 12??anregw.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??chost.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
2 5Vgwxi0 12??erinit.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 12??erinit.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??ool32.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??oolsv.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 3Fek0 11??oolsv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  9??rss.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??rvices.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??xplore.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 7Seibctd0 12??xplore.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 11?hkntfs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
114?ekio Startups0 12?nksvc32.exe1 00167Added by the W32/Agobot-OV WORM/IRC backdoor. ? is a random character. It will kill processes, record keystrokes, allowing unauthorised access to enable other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
113[random name]0 10?ttrib.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116@liberamovilespt0 16@liberamovilespt1 00 46Added by the Dialer.UDIS premium adult dialer.72http://securityresponse.symantec.com/avcenter/venc/data/dialer.udis.html0
1 8@tour_ww0 15@tour_ww[1].exe1 00 21Adult content dialler 01
131Windows System Security Monitor0 22[4 random letters].exe2 00 32Added by the W32.Pinkton.A worm.74http://www.sarc.com/avcenter/venc/data/w32.pinkton.a.html#technicaldetails0
1 4Nvid0 22[8 random charachters]2 00 19Unidentified adware 01
116Web Event Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.B backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.b.html#technicaldetails0
115WebEvent Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79ECA078-17FF-726B-E811-213280E5C831}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
123anti-virus product sync0 47[AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe2 00 32Added by the  W32.Kedebe.D(AT)mm76http://securityresponse.symantec.com/avcenter/venc/data/w32.kedebe.d@mm.html0
137Remote Procedure Call (RPC) Activator0 19[Currently unknown]2 00 43Added by the Troj/Fiserv-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfiserva.html0
1 7NSystem0 17[downloaded file]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7hxadsec0 17[executable name]2 00 36Added by the Troj/AdClick-AP trojan.59http://www.sophos.com/virusinfo/analyses/trojadclickap.html0
1 6fsdsft0 11[file name]2 00 40Added by the Backdoor.Ranky.S  Backdoor!77http://www.sarc.com/avcenter/venc/data/backdoor.ranky.s.html#technicaldetails0
113winupdatefiv_0 11[file name]2 00 37Added by the W32/Combra-C email worm.56http://www.sophos.com/virusinfo/analyses/w32combrac.html0
1 6SYDNEY0 11[file path]2 00 24Added by the SYNEY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html0
1 7Systray0 14[filename.exe]1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
113Configuration0 10[filename]1 00 27Added by the SDBOT-ML WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotml.html0
114JavaUpdate0.070 10[filename]1 00 28Added by the JUPDATE TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html0
115LoadWindowsFile0 10[filename]1 00 65Added by the DELF.B TROJAN! where [filename] is the infected file76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html0
115Locator Service0 10[filename]1 00 30Added by the AGOBOT-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotky.html0
117LowVersionSupport0 10[filename]1 00 28Added by the LASTRAS TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html0
1 6Mantis0 10[filename]1 00 27Added by the MANTIBE VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html0
112MatrixScreen0 10[filename]1 00 33Added by the MATRIXSCREEN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html0
129Microsoft Java Windows Update0 10[filename]1 00 26Added by the RBOT-DZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdz.html0
1 5Myapp0 10[filename]1 00 26Added by the FATEE.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html0
1 7NavScan0 10[filename]1 00 27Added by the OBSORB TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 3OLE0 10[filename]1 00 39Added by the STAWIN or TARNO.D TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html0
1 5putil0 10[filename]1 00 28Added by the LDPINCH TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html0
1 7Scanreg0 10[filename]1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 6User320 10[filename]1 00 29Added by the NETTRASH TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html0
110UserSystem0 10[filename]1 00 49CoolWebSearch SmartSearch variant - also see here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111VideoDriver0 10[filename]1 00 30Added by the GSPOT20.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A0
114Windows Update0 10[filename]1 00 82Added by the  NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites73http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html0
1 9GustavVED0 14[filename].exe1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
112Service Host0 14[filename].exe1 00 27Added by the TORVEL.B WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html0
113System Update0 14[filename].exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
116Windows Explorer0 14[filename].exe1 00144Added by the SDBOT TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 5cAgOu0 14[filename].hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
1 6ZaCker0 14[filename].PIF1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 8AddClass0 19[Installation_Path]1 00 32Added by the STARTPAGE.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html0
1 8Internal0 18[month number]</a>2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
1 9enbrowser0 14[name of file]2 00 22WINBO adware component60http://www.symantec.com/avcenter/venc/data/adware.winbo.html0
1 2c70 14[name of worm]2 00 35Added by the  W32.MEDIAKILL.A WORM!66http://www.symantec.com/avcenter/venc/data/w32.mediakill.a@mm.html0
1 6Update0 20[original file path]2 00 26Added by the LYNDEGG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html0
1 7TSystem0 19[original filename]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7File0_00 16[path of Trojan]2 00 47Added by the Troj/Dloader-OR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
137Anti-Virus Update Scheduler V1.39.12R0 14[path to .exe]2 00 12Added by the27Troj/Fireby-A proxy TROJAN!0
1 7Caesvrn0 14[path to .exe]2 00142Added by the Troj/Ranck-CQ.  This infection sits on a randomly selected TCP port between 1025 and 9997, awaiting contact by a remote attacker.57http://www.sophos.com/virusinfo/analyses/trojranckcq.html0
1 5ccApp0 14[path to .exe]2 00 50Added by the W32/Rbot-LJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
112Client Agent0 14[path to .exe]2 00 12Added by the110Troj/PPdoo0
113DllExecutable0 14[path to .exe]2 00 12Added by the15W32/VB-SP WORM!0
1 9fasdqwdwq0 14[path to .exe]2 00 12Added by the101Troj/Ranc0
1 5imgit0 14[path to .exe]2 00 36Added by the  Troj/Banker-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankercg.html0
1 8loader320 14[path to .exe]2 00 42Added by Troj/Domcom-D downloading TROJAN.57http://www.sophos.com/virusinfo/analyses/trojdomcomd.html0
1 9msproject0 14[path to .exe]2 00 12Added by the21Troj/Sdbot-TF TROJAN!0
110OpenMstart0 14[path to .exe]2 00 34Added by the Dial/Switch-E DIALER.57http://www.sophos.com/virusinfo/analyses/dialswitche.html0
1 8PornoTop0 14[path to .exe]2 00  8Added by60Troj/Delf-RX, and will be found in the Program Files folder.0
119Srv32 spool service0 14[path to .exe]2 00  8Added by16Troj/Dloader-LB.0
118SunJavaUpdateSched0 14[path to .exe]2 00 36Added by the  Troj/Banker-AU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerau.html0
1 4GDAX0 18[path to backdoor]2 00 28Added by the RANKY.K TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html0
114winupdateconn_0 13[path to exe]2 00 31Added by the W32/Combra-A WORM.56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
111WinUpgrader0 13[path to EXE]2 00 20Added by the trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdz.html0
2 7Printer0 14[path to file]2 00 29Added by the LOWTAPER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html0
1 9_Hazafibb0 14[path to file]2 00 25Added by the ZAFI.B WORM!86http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B0
1132thousandbuck0 14[path to file]2 00 28Added by the RANKY.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html0
1 8Band-Aid0 14[path to file]2 00 28Added by the RANKY.O TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html0
110dm_service0 14[path to file]2 00 34Added by the  MITGLIEDER.P TROJAN!67http://www.symantec.com/avcenter/venc/data/trojan.mitglieder.p.html0
1 7DSAcass0 14[path to file]2 00 28Added by the RANKY.M TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html0
113Login Service0 14[path to file]2 00 27Added by the MIGMAF TROJAN!52https://www.europe.f-secure.com/v-descs/migmaf.shtml0
1 6MsgApi0 14[path to file]2 00 29Added by the DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
1 7MSSGisg0 14[path to file]2 00 28Added by the RANKY.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html0
1 7REEGRUN0 14[path to file]2 00 30Added by the SECDROP.AI TROJAN79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI0
112ShellCommand0 14[path to file]2 00 29Added by the REMCON-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremcona.html0
1 6sysser0 14[path to file]2 00 25Added by the RAHACK WORM!58http://www.symantec.com/avcenter/venc/data/w32.rahack.html0
1 7Taskmgo0 14[path to file]2 00 30Added by the BANCBAN-T TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancbant.html0
1 9tjstartup0 14[path to file]2 00 29Added by the TJSERV.C TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html0
123Windows Taskbar Manager0 14[path to file]2 00 30Added by the PROTORIDE.B WORM!63http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html0
110winupdate_0 14[path to file]2 00 32Added by the  W32.COMDOR.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.comdor.a@mm.html0
113winupdateconn0 14[path to file]2 00 32Added by the  W32/COMBRA-A WORM!56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
1 9WinXP fix0 14[path to file]2 00 28Added by the RANKY.P TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html0
1 5lsass0 19[path to lsass.exe]2 00127Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 7ansjava0 26[path to mirc application]2 00 50Added by the W32/Randon-AN worm and IRC backdoor..57http://www.sophos.com/virusinfo/analyses/w32randonan.html0
1 4smss0 18[path to smss.exe]2 00126Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
3 5PPSVC0 26[path to Spyware.PCPolice]2 00116Added by the PC Police surveillance program. This program should be uninstalled if it was not installed by yourself.60http://www.sarc.com/avcenter/venc/data/spyware.pcpolice.html0
136357aa41a-b7a8-4632-a27d-5b980b25cf430 21[path to svchost.exe]2 00 30Added by the  SMALL-AQ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaq.html0
111winlogon32_0 18[PATH TO THE WORM]2 00 36Added by the W32.Mailbancos@mm worm.78http://www.sarc.com/avcenter/venc/data/w32.mailbancos@mm.html#technicaldetails0
1 45p4m0 16[path to Trojan]2 00 35Added by the Troj/Litebot-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotc.html0
117Connectivity Tool0 16[path to trojan]2 00 48Added by the Troj/Litebot-E IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebote.html0
1 5CTime0 16[path to trojan]2 00 28Added by the HTTPDOS TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html0
113Floppy Master0 16[path to trojan]2 00 31C:\WINDOWS\helloworld.exebr //b 01
1 6Irwftp0 16[path to trojan]2 00 30Added by the BANCOS.CR TROJAN!108http://uk0
1 7mdetect0 16[path to trojan]2 00 27Added by the SPABOT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html0
1 5msbsc0 16[path to trojan]2 00 72Added by the Troj/Banker-DF password-stealing trojan of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdf.html0
1 9Mspatch690 16[path to trojan]2 00 26Added by the MPROX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html0
1 5mssvc0 16[path to trojan]2 00 24Added by the PSK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html0
123Network Host Controller0 16[path to trojan]2 00 28Added by the WHISPER TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html0
110NTP Server0 16[path to trojan]2 00 28Added by the RANKY.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html0
1 5rngmf0 16[path to trojan]2 00 28Added by the RANKY.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html0
1 8Services0 16[path to trojan]2 00 33Added by the  METEORSHELL TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html0
1 5Spool0 16[path to trojan]2 00 28Added by the RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 7svchost0 16[path to trojan]2 00126Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html0
1 9ValidData0 16[path to trojan]2 00 28Added by the RANKY.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html0
1 7windows0 16[path to trojan]2 00 27Added by the AIMWIN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html0
111Windows NNT0 16[path to trojan]2 00 28Added by the RANKY.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html0
112WindowsSetup0 16[path to trojan]2 00 26Added by the EZBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html0
111WindUpdates0 16[path to trojan]2 00 29Added by the AGENT.BF TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF0
1 6WINSYS0 16[path to trojan]2 00 29Added by the GOLDPLAY TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html0
1 6winzip0 16[path to trojan]2 00 42Added by the BANCOS.G or BANCOS.K TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html0
1 4x3yy0 16[path to trojan]2 00 28Added by the TANNICK TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.tannick.html0
1 8yyyyyyyy0 16[path to trojan]2 00 30Added by the MUMUBOY.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html0
1 5Zen.A0 16[path to trojan]2 00 29Added by the ZOOMEN-A TROJAN!57http://www.sophos.com/virusinfo/analyses/perlzoomena.html0
130[Ephemeral 2.x] by TreeHugger,0 14[path to worm]2 00 55Added by the LEMOOR.A WORM! where "x" represents 3 or 473http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html0
113ACCDEFRAGINFO0 14[path to worm]2 00 26Added by the DARBY-O WORM!55http://www.sophos.com/virusinfo/analyses/w32darbyo.html0
1 3AHU0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 7Cekirge0 14[path to worm]2 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
119DLL Service Manager0 14[path to worm]2 00 29Added by the RPCBOT.F TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html0
1 8Explorer0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
110ICQ Center0 14[path to worm]2 00 25Added by the RANDIN WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
117InterceptedSystem0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 6Msgmgr0 14[path to worm]2 00 27Added by the BABYBEAR WORM!63http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html0
115NAV Live Update0 14[path to worm]2 00102Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec66http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html0
1 6Nocana0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
1 8rundll320 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 8rundll640 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
115svcwinprocess320 14[path to worm]2 00 26Added by the UPERING WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html0
1 6Systry0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 7Systryt0 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 9WinKernel0 14[path to worm]2 00105Added by the a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.htmlPLEA VIRUS!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href=0
111Winres32vis0 14[path to worm]2 00 26Added by the THRAX.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A0
112ControlPanel0 50[path] cmd32.exe internat.dll, LoadKeyboardProfile2 00 21Awmcash.biz foistware 01
113print sharing0 39[path] hidden32.exe [path] explorer.exe2 00 89Added by the ZCREW.B TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html0
254[System Mechanic Professional Update [Incinerator.dll]0 26[path] Incinerator.dll</a>2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
3 9BelNotify0 39[path] NPBelv32.dll, RunDll32_BelNotify2 00320BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service34http://www.belarc.com/BelTech.html0
114DATABASE MySql0 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
116NBT System alias0 35[path] repcale.exe [path] beird.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
119System Restore Data0 35[path] repcale.exe [path] beird.exe2 00 28Added by the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
1 9boarddata0 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
113element furth0 35[path] repcale.exe [path] palsp.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112installs sp20 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112PrinterSpool0 35[path] RESTORE.EXE [path] SPOOL.EXE2 00 30Added by the ALADINZ.K TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html0
110Protection0 40[path] runtask.exe [path] protection.exe2 00 44Added by a variant of the AGENT.3.AU TROJAN! 01
1 7svchost0 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
1 7MEDIA320 28[pathname of the executable]2 00 35Added by the Troj/PurScan-Z trojan.58http://www.sophos.com/virusinfo/analyses/trojpurscanz.html0
112Root_Machine0 35[pathname of the Trojan executable]2 00 87Added by the Troj/Bancban-DP password-stealing trojan for customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandp.html0
1 7spoolax0 35[pathname of the Trojan executable]2 00 33Added by the Troj/Perda-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdad.html0
1 6stdlib0 35[pathname of the Trojan executable]2 00 51Added by the Troj/Perda-E password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdae.html0
124Windows Standard Securty0 26[random 3 letter filename]2 00 31Added by the W32/Rbot-ALF worm.56http://www.sophos.com/virusinfo/analyses/w32rbotalf.html0
1 6KavSvc0 24[random 6 char filename]2 00 81Qoologic downloader trojan variant using random file names (examples: nzkklz.exe) 01
121Startup Configuration0 26[random 6 letter filename]2 00145Added by the W32/Rbot-ARV worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarv.html0
112SysTray.Excn0 24[random 8 character dll)2 00 97Added by the Troj/Cozdoor-C Trojan.br /br /Uses CLSID: b{1722ECFF-4356-4f5b-B534-E67294FE75E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoorc.html0
112SysTray.Exsh0 24[random 8 character dll]2 00105Added by the Troj/Cozdoor-D bacdoor Trojan.br /br /Uses CLSID: b{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoord.html0
1 6Legacy0 19[RANDOM CHARACTERS]2 00 46Added by the Backdoor.Eparssa backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.eparssa.html#technicaldetails0
1 9WinNetDDE0 23[random characters].exe2 00 24_blankNETDEPIX.B TROJAN! 01
114Internet Agent0 14[random CLSID]2 00 12Added by the116Troj/PPdoo0
1 9*ms setup0 18[random file name]2 00 52Virtumondo adware,  also known as the  VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
113agent browser0 18[random file name]2 00 42Added by the PPdoor.M-bdr backdoor TROJAN! 01
128microsoft security gmanagers0 18[random file name]2 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
127microsoft security panagers0 18[random file name]2 00  043http://vil.nai.com/vil/content/v_100454.htm0
115voltage manager0 18[random file name]2 00 32Added by the  W32.DREFFORT WORM!60http://www.symantec.com/avcenter/venc/data/w32.dreffort.html0
1 9NetDDEipx0 22[Random file name].exe2 00 36Added by the Trojan.Netdepix Trojan.93http://securityresponse.symantec.com/avcenter/venc/data/trojan.netdepix.html#technicaldetails0
113AOL Messenger0 17[random filename]2 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7ara-key0 17[random filename]2 00 26Added by the ANTINNY WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html0
120Avril Lavigne - Muse0 17[random filename]2 00 26Added by the AVRIL-A WORM!55http://www.sophos.com/virusinfo/analyses/w32avrila.html0
1 9bbdjmrxcX0 17[random filename]2 00135Added by the Troj/Ranck-AX proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckax.html0
111bdffefqes320 17[random filename]2 00134Added by the Troj/Ranck-Z proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckz.html0
1 7Bmsnwss0 17[random filename]2 00135Added by the Troj/Ranck-BK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbk.html0
1 5Bnexe0 17[random filename]2 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 5ccApp0 17[random filename]2 00 91Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 7ctfmonn0 17[random filename]2 00134Added by the Troj/Ranck-O proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancko.html0
1 7Danton*0 17[random filename]2 00 51Added by the DANTON TROJAN! where * = random number76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html0
1 7dfasack0 17[random filename]2 00135Added by the Troj/Ranck-BE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbe.html0
1 4down0 17[random filename]2 00 52OADER.BG" target=_blankDLOADER.BG trojan downloader! 01
118educational writer0 17[random filename]2 00 26Added by the RBOT-LZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlz.html0
1 7ffeqOME0 17[random filename]2 00135Added by the Troj/Ranck-AR proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckar.html0
1 6fqxsbk0 17[random filename]2 00135Added by the Troj/Ranck-BS proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbs.html0
116halloween stream0 17[random filename]2 00135Added by the Troj/Ranck-AY proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckay.html0
110hpsysconf10 17[random filename]2 00 41Added by a variant of the VIVIA.A TROJAN!106http://de0
118ICQ Lite Messenger0 17[random filename]2 00231Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory 01
115IO System Debug0 17[random filename]2 00 21Added by Backdoor.Bla63http://www.sarc.com/avcenter/venc/data/backdoor.bla.trojan.html0
121ist service uninstall0 17[random filename]2 00 23ISTBar parasite related53http://sarc.com/avcenter/venc/data/adware.istbar.html0
1 7JVM0.120 17[random filename]2 00119Trojan downloaded with possible backdoor functionality.  Found in the Windows system directory with a random file name. 01
1 9kern64dll0 17[random filename]2 00 28Added by the TARNO.J TROJAN!63http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html0
121LoadOrderVerification0 17[random filename]2 00 27Added by the TRON.A TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A0
1 9MicroLoad0 17[random filename]2 00 24Added by the DARBY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html0
121Microsoft Corporation0 17[random filename]2 00 42Added by various VIRUSES, WORMS & TROJANS! 01
120Microsoft Diagnostic0 17[random filename]2 00 27Added by the ACEBOT TROJAN!47http://www3.ca.com/virusinfo/Virus.asp?ID=115320
119Microsoft IT Update0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Microsoft Locals 3320 17[random filename]2 00 26Added by the RBOT-KU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotku.html0
112Microsoft LV0 17[random filename]2 00 35Added by the Troj/Bdoor-BDL trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html0
126Microsoft Security Manager0 17[random filename]2 00108Added by the W32/Rbot-TU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbottu.html0
114Microsoft Tray0 17[random filename]2 00 28Added by the DELF.BZ TROJAN!43http://www.vsantivirus.com/back-delf-bz.htm0
123Microsoft Update Loader0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
135Microsoft UpToDate Driver (32-bits)0 17[random filename]2 00254Added by the W32/Rbot-ZV worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.  It also installs a file call c:\a.bat which is used to stop certain antivirus, antispyware, and firewall applications.55http://www.sophos.com/virusinfo/analyses/w32rbotzv.html0
1 9Microsong0 17[random filename]2 00134Added by the Troj/Ranck-A proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.59http://www.sophos.com/virusinfo/analyses/trojranckbota.html0
112Monitor Test0 17[random filename]2 00134Added by the W32/Sdbot-NC worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html0
1 7MS-HTML0 17[random filename]2 00 31Added by the LATINUS.15 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.150
1 8MSKCES320 17[random filename]2 00 27Added by the CLONER TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html0
1 7msmsgss0 17[random filename]2 00134Added by the Troj/Ranck-S proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancks.html0
1 8Msn Home0 17[random filename]2 00134Added by the Troj/Ranck-W proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckw.html0
1 6mswspl0 17[random filename]2 00 29Added by the SMALL.IQ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ0
1 9nssysconf0 17[random filename]2 00 28Added by the VIVIA.A TROJAN!106http://de0
1 8nsysconf0 17[random filename]2 00 36Added by the Adware.ZioCom.C adware.59http://www.sarc.com/avcenter/venc/data/adware.ziocom.c.html0
1 6NTServ0 17[random filename]2 00134Added by the Troj/Ranck-P proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckp.html0
114NVidia Drivers0 17[random filename]2 00134Added by the Troj/Ranck-R proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckr.html0
1 6PlanCx0 17[random filename]2 00135Added by the Troj/Ranck-CE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckce.html0
1 5qbotd0 17[random filename]2 00 27Added by the BOTTEN TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html0
1 8qffecdas0 17[random filename]2 00135Added by the Troj/Ranck-BF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbf.html0
113RealVNC Setup0 17[random filename]2 00134Added by the Troj/Ranck-V proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckv.html0
113RSPC Driver D0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Sav320 17[random filename]2 00 56Added by the W32/Famus-G WORM! File found in c:\recycled55http://www.sophos.com/virusinfo/analyses/w32famusg.html0
123support-reverse-smileys0 17[random filename]2 00 35Added by the Troj/Litebot-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotd.html0
110svchosts320 17[random filename]2 00134Added by the Troj/Ranck-L proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckl.html0
1 7sws.exe0 17[random filename]2 00 33Haldex type adult content dialler74http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html0
117Symantec Autoscan0 17[random filename]2 00133Added by the  W32/Rbot-AJO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajo.html0
1 7SysData0 17[random filename]2 00135Added by the Troj/Ranck-BA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckba.html0
118System CPL manager0 17[random filename]2 00108Added by the W32/Rbot-SR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsr.html0
113System Update0 17[random filename]2 00 38Added by the KORGO.W or KORGO.X WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
111System-Tray0 17[random filename]2 00 29Added by Backdoor.BladeRunner64http://www.sarc.com/avcenter/venc/data/backdoor.bladerunner.html0
1 7TaskReg0 17[random filename]2 00 24Added by the CBLAD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A0
1 8tkaskqjw0 17[random filename]2 00135Added by the Troj/Ranck-CA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckca.html0
1 5Trayz0 17[random filename]2 00105Added by the Troj/Bdoor-JG backdoor Trojan.br /br /Uses CLSID: b(F5B7D0BE-5f02-4211-96DB-386DFA244900)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorjg.html0
1 6UpdSys0 17[random filename]2 00 23Added by the BJ TROJAN!53http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1000570
1 8vadeinst0 17[random filename]2 00135Added by the Troj/Ranck-CF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckcf.html0
111VCbvnczsxcX0 17[random filename]2 00135Added by the Troj/Ranck-AK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckak.html0
1 9vcxcxvxcX0 17[random filename]2 00135Added by the Troj/Ranck-AQ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaq.html0
114vDGDGvvsa dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AV proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckav.html0
122vDSAGGQEvbA ASDAS dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckat.html0
113Video Process0 17[random filename]2 00 26Added by the RBOT-LM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlm.html0
110vxcxcvfck.0 17[random filename]2 00135Added by the Troj/Ranck-AZ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaz.html0
1 9vXCXssdss0 17[random filename]2 00135Added by the Troj/Ranck-BO proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbo.html0
1 7Wdqvsst0 17[random filename]2 00135Added by the Troj/Ranck-BT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbt.html0
111Web Service0 17[random filename]2 00 40Added by the Trojan.Admincash infection!60http://www.sarc.com/avcenter/venc/data/trojan.admincash.html0
111Win32system0 17[random filename]2 00 24Added by the DDV.B WORM!70http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html0
117Windows Compliant0 17[random filename]2 00 26Added by the RBOT-IR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotir.html0
116Windows ExpIorer0 17[random filename]2 00132Added by the W32/Rbot-AKO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotako.html0
120Windows Media Player0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Windows Media Player Update0 17[random filename]2 00 26Added by the RBOT-ET WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
121Windows Media SP.2.370 17[random filename]2 00 28Added by the LEMIR.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html0
110Windows NT0 17[random filename]2 00134Added by the Troj/Ranck-M proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckm.html0
124Windows Security Service0 17[random filename]2 00132Added by the W32/Rbot-ALV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalv.html0
120Windows Socketheader0 17[random filename]2 00 47Added by the W32/Ixbot-A worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbota.html0
122Windows Update Checker0 17[random filename]2 00 24Adware downloader trojan 01
117Windows Update V60 17[random filename]2 00 26Added by the RBOT-KT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkt.html0
119WindowsRegistration0 17[random filename]2 00 26Added by the RBOT-NO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotno.html0
124WindowsRegKey Autoupdate0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120WindowsRegKey update0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinManage0 17[random filename]2 00135Added by the Troj/Ranck-KH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckh.html0
1 9zonealarm0 17[random filename]2 00132Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running 01
1 9(default)0 21[random filename].exe2 00 27Added by the BLACKMAL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html0
1 5Kadoc0 21[random filename].exe2 00 29Added by the  Staprew TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.html0
119Mickey Mouse Cereal0 21[random filename].exe2 00 28Added by the RANKY.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html0
111RSPC Driver0 21[random filename].exe2 00 26Added by the RBOT-SN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsn.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
1 7W32Load0 21[random filename].scr2 00 25Added by the CASPID WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html0
127AIM Instant Message Cookies0 18[random filenames]2 00134Added by the W32/Rbot-AFV worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafv.html0
121Norton Antivirus 7.0a0 18[random filenames]2 00 39Added by the Troj/Perda-B trojan proxy.56http://www.sophos.com/virusinfo/analyses/trojperdab.html0
117Internet Explorer0 20[random letters].dll2 00115Added by the Troj/Proxma-A proxy and backdoor Trojan.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.57http://www.sophos.com/virusinfo/analyses/trojproxmaa.html0
146Iamnacho On Irc. MusicIrc.com Is a Homosexual!0 13[random name]2 00134Added by the W32/Randex-T worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randext.html0
110Ndpldaemon0 13[random name]2 00 44Added by the W32/RpcSdbot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html0
119Windows ASN Service0 13[random name]2 00134Added by the W32/Agobot-TC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobottc.html0
117Internet Explorer0 17[RANDOM NAME].dll2 00102Added by the Backdoor.Berbew.T backdoor.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.berbew.t.html0
118HDAudio Driver 1.00 17[random name].exe2 00 44Added by the Troj/Teadoor-D backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoord.html0
1 5xserv0 17[random name].exe2 00 34Added by the Troj/Stumpy-A trojan.57http://www.sophos.com/virusinfo/analyses/trojstumpya.html0
1 6center0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor30 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor50 19[random name]32.exe2 00 26Added by the BOFRA.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html0
1 8Reactor60 19[random name]32.exe2 00 26Added by the BOFRA.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html0
1 8Reactor70 19[random name]32.exe2 00 26Added by the BOFRA.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html0
1 8Reactor80 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 8Reactor90 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 5Rhino0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
112MSN 9.0 Plus0 12[random.exe]1 00132Added by the W32/Rbot-ALY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaly.html0
1 6asfqft0  8[random]1 00 12Added by the107Troj/Ranc0
1 2BD0  8[random]1 00241The a href=http://www.sophos.com/virusinfo/analyses/trojagentcm.html"Troj/Agent-CM backdoor TROJAN will first place DC.EXE in the Temporary folder, then modify   HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure automatic startup. 01
114BIOS XP Loader0  8[random]1 00143Added by the W32/Rbot-IC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotic.html0
1 9bluestart0  8[random]1 00 35Added by Troj/Dloader-IR, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderir.html0
111CacheLoader0  8[random]1 00171Troj/Dloader-IX will download the [random] file to the Windows folder, sub-folder "Cache". That done, it moves to "Security iGuard.exe", found in the Program Files folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderix.html0
1 3DI20  8[random]1 00 24Added by Troj/Dloader-IK59http://www.sophos.com/virusinfo/analyses/trojdloaderik.html0
111Disk Keeper0  8[random]1 00 99Added by the a href"http://www.sophos.com/virusinfo/analyses/trojsmallve.html"Troj/Small-VE TROJAN! 01
1 6eProxy0  8[random]1 00 29Added as a new service by the85Troj/Daemoni-AL TROJAN, using a displayname of Microsoft Security Subsystem Provider.0
1 7Expatch0  8[random]1 00 54Added by the Troj/PWSLmir-G TROJAN to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojpwslmirg.html0
113Floppy Master0  8[random]1 00 68Added by the Troj/Zonit-E TROJAN to send spam using other computers.56http://www.sophos.com/virusinfo/analyses/trojzonite.html0
120Generic Host Process0  8[random]1 00147http://www.sophos.com/virusinfo/analyses/trojciadoorh.html"Troj/Ciadoor-H TROJAN adds the file, enabling an attacker remote access to the computer. 01
1 7JVM0.140  8[random]1 00 44Added by the Troj/Teadoor-B backdoor TROJAN!58http://www.sophos.com/virusinfo/analyses/trojteadoorb.html0
1 8LanGuard0  8[random]1 00  1. 01
1 5lk3h10  8[random]1 00 65Added by the Troj/Mosuck-G TROJAN into the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojmosuckg.html0
135Microsoft (C) HTML Application host0  8[random]1 00139Added by the W32/Rbot-YB WORM/IRC backdoor, this file will allow termination of processes by way of a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotyb.html0
117Microsoft DirectX0  8[random]1 00 59A variant of the Rbot WORM/IRC backdoor will add this file.55http://www.sophos.com/virusinfo/analyses/w32rbotdp.html0
113Microsoft IIS0  8[random]1 00 43Added by the WORM variant, W32/Francette-Q.59http://www.sophos.com/virusinfo/analyses/w32francetteq.html0
139Microsoft Internet Acceleration Utility0  8[random]1 00 34Added by the Troj/Agent-BM TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbm.html0
120Microsoft PCHealth320  8[random]1 00 90The Troj/Nice-A TROJAN will log keystrokes using this file, and submit the data via email.55http://www.sophos.com/virusinfo/analyses/trojnicea.html0
1 6minimo0  8[random]1 00141A backdoor Trojan, it can log keypresses, capture screen and webcam images, steal files, provide a remote command shell and download updates. 01
1 3msn0  8[random]1 00 55Added by the Troj/Bancban-BG TROJAN to steal passwords.59http://www.sophos.com/virusinfo/analyses/trojbancbanbg.html0
118NT Virtual Machine0  8[random]1 00110Added by Troj/Agent-BV,  a network WORM with backdoor Trojan functionality found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32scaerbota.html0
110nvviddrv320  8[random]1 00143Added by the W32/Rbot-HT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotht.html0
1 6qgqqft0  8[random]1 00 12Added by the21Troj/Ranck-BX TROJAN!0
1 7reg_run0  8[random]1 00 35Added by the Troj/Banker-BQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbq.html0
121Regisry Configuration0  8[random]1 00143Added by the W32/Rbot-IY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.98http://www.google.com/url?sa=U&start=1&q=http%3A//www.sophos.com/virusinfo/analyses/w32rbotiy.html0
1 6RunWin0  8[random]1 00 36Added by the Troj/Banker-BN  TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbn.html0
115Service Manager0  8[random]1 00 34Added by the Troj/Migmaf-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmigmafg.html0
1 8Services0  8[random]1 00 35Added by the Troj/Agent-BV  Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentbv.html0
1 8sixtysix0  8[random]1 00120Troj/LowZone-R  TROJAN is responsible for a file found in the Windows folder that will reduce IE security zone settings.58http://www.sophos.com/virusinfo/analyses/trojlowzoner.html0
1 3sox0  8[random]1 00 91Added by the Troj/Proxyser-G  to start a SOCKS4 proxy server on a randomly-chosen TCP port.59http://www.sophos.com/virusinfo/analyses/trojproxyserg.html0
1 7sVideo20  8[random]1 00 54Added by Dial/Switch-D , a TROJAN premium-rate dialler57http://www.sophos.com/virusinfo/analyses/dialswitchd.html0
111taskmrg.exe0  8[random]1 00 74Added by Troj/Bancban-BN, a TROJAN that attempts to steal banking details.59http://www.sophos.com/virusinfo/analyses/trojbancbanbn.html0
1 7uFnV32i0  8[random]1 00 45Added by the Adware.Envolo Adware downloader.57http://www.sarc.com/avcenter/venc/data/adware.envolo.html0
1 4upme0  8[random]1 00 12Added by the37W32/Rbot-TH WORM/IRC backdoor trojan!0
114USB controller0  8[random]1 00 39Troj/Miewer-A, a TROJAN, adds the file!57http://www.sophos.com/virusinfo/analyses/trojmiewera.html0
1 4usbn0  8[random]1 00115Added by the Troj/Hogil-B  Trojan.  This infection adds various links to porn sites in your Desktop and Start Menu.56http://www.sophos.com/virusinfo/analyses/trojhogilb.html0
1 9vadseinst0  8[random]1 00 34Added by the Troj/Ranck-CM Trojan!57http://www.sophos.com/virusinfo/analyses/trojranckcm.html0
1 3vb60  8[random]1 00 12Added by the37W32/Rbot-TD WORM/IRC backdoor trojan!0
1 5Verif0  8[random]1 00 12Added by the17W32/Nopir-B WORM!0
1 6WebRun0  8[random]1 00  8Added by12Troj/Bube-K.0
1 8Win32DLL0  8[random]1 00 12Added by the17W32/Woned-A WORM!0
114Window service0  8[random]1 00 12Added by the128W32/Rbot-AC0
117Windows update 320  8[random]1 00 12Added by the38W32/Rbot-ADG WORM/IRC backdoor Trojan!0
1 9winreg_320  8[random]1 00 36Added by the Troj/Bancban-BY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanby.html0
1 9WXcmeinst0  8[random]1 00156Added by Troj/Ranck-CD, a backdoor TROJAN! It will chose a TCP port in the range 10000-49999 to notify a remote web server on that port using a web request.57http://www.sophos.com/virusinfo/analyses/trojranckcd.html0
1 6XpAspy0  8[random]1 00 72Added by Troj/Delf-WH, a TROJAN! It will be found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/trojdelfwh.html0
1 8xpsystem0  8[random]1 00114Added by Troj/Krepper-M,  a TROJAN! It will be found in a subfolder of the Windows system folder named "services".58http://www.sophos.com/virusinfo/analyses/trojkrepperm.html0
1 4xset0  8[random]1 00 12Added by the14Troj/Bdoor-HT.0
1 4mxb20 12[RANDOM].exe1 00 31Added by the W32.Maniccum worm.73http://www.sarc.com/avcenter/venc/data/w32.maniccum.html#technicaldetails0
1 4klop0 11[random]exe1 00 48Added by the Troj/Dloader-WA downloading Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwa.html0
1 7TempCom0 16[randomname].com1 00 24Added by the TRAXG WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html0
130[Ephemeral 2.5] by TreeHugger,0 16[randomname].exe1 00 31Added by the W32/Lemoor-C worm.56http://www.sophos.com/virusinfo/analyses/w32lemoorc.html0
118HDAudio Driver 2.00 18[randomstring].exe1 00 35Added by the Troj/Teadoor-E trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoore.html0
1 7Litebot0 24[Trojan executable name]2 00 35Added by the Troj/Litebot-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebota.html0
1 7CSRSWIN0 17[trojan filename]2 00 32Added by the WINSHELL.50 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html0
1 5CSRSX0 17[trojan filename]2 00 34Added by the WINSHELL.50.B TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 3lar0 17[trojan filename]2 00 27Added by the ROXY.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html0
112Ntech.patchs0 17[trojan filename]2 00 28Added by the LEMIR.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html0
1 7Service0 17[trojan filename]2 00 29Added by the KAITEX.E TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html0
111Disk Master0 13[trojan name]2 00 44Added by the DISTER TROJAN! - a spam relayer76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html0
1 9*WinLogon0 13[trojan path]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 9*WinLogon0 38[trojan path] ren time:[random number]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 7MSSGisg0 14[unidentified]1 00126Added by the Troj/Ranck-BI TROJAN, it will allow an unauthorized attacker to route HTTP traffic through the infected computer.57http://www.sophos.com/virusinfo/analyses/trojranckbi.html0
1 8SySPower0 22[Unknown at this time]2 00 46Added by the Troj/SpyAgen-G keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojspyageng.html0
126Network Devices Controller0 18[unknown filename]2 00 90Added by the Backdoor.Alnica backdoor.  Listens on port 6667 awaiting a remote connection.59http://www.sarc.com/avcenter/venc/data/backdoor.alnica.html0
1 5__ZF50 14[unknown name]2 00 46Added by the W32.Erkez.F@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.f@mm.html#technicaldetails0
142Activating the notepad common used library0  9[unknown]1 00 39Added by W32/Codbot-G, a WORM/backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotg.html0
1 7msnmsgy0  9[unknown]1 00 80Added by the Troj/Banker-EQ password-stealing trojan targetting Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankereq.html0
114Network Client0  9[Unknown]1 00 35Added by the Trojan.Boxed.C Trojan.75http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.c.html0
122Network Client Monitor0  9[unknown]1 00 35Added by the Trojan.Boxed.B Trojan.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.b.html#technicaldetails0
1 7PNP FIX0  9[unknown]1 00132Added by the W32/Rbot-AKQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakq.html0
110Search.vbs0  9[unknown]1 00  8Hijacker 01
110SFTRANSFER0  9[unknown]1 00 50Added by the Backdoor.Brakkeshell backdoor Trojan.81http://www.sarc.com/avcenter/venc/data/backdoor.brakkeshell.html#technicaldetails0
130SSDP Discovery Service Locator0  9[unknown]1 00 43Added by the Troj/Pndoor-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojpndoora.html0
1 9worknote10  9[unknown]1 00 29Added by the W32.Meetot worm.71http://www.sarc.com/avcenter/venc/data/w32.meetot.html#technicaldetails0
4 6VS.VSN0  9[unknown]1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
126Vaganza-XPloit-[User Name]0 15[User Name].exe2 00 32Added by the W32.Gavgent.A worm.74http://www.sarc.com/avcenter/venc/data/w32.gavgent.a.html#technicaldetails0
118Visual Element FX50 20[various file names]2 00 30ClearStream Accelerator adware73http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html0
1 5clock0 19[various filenames]2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
116MicrosoftWindows0 19[various filenames]2 00 46MagicSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PrivateNet0 19[various filenames]2 00 34Premium rate adult content dialler 01
115SystemEmergency0 19[various filenames]2 00 46SmartSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5wingo0 19[various filenames]2 00 27Added by the BAGLE-AU WORM!56http://www.sophos.com/virusinfo/analyses/w32bagleau.html0
115CSRS Windows NT0 15[various names]2 00 43Added by the Backdoor.WinShell.50 backdoor.98http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html#technicaldetails0
1 9SNInstall0 15[various names]2 00 35Added by the Troj/Spyhoax-A trojan.58http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html0
131Vanquish Autoloader v0.1 beta100 15[various names]2 00 39Added by the Hacktool.Vanquish rootkit.78http://securityresponse.symantec.com/avcenter/venc/data/hacktool.vanquish.html0
111Winport.com0  9[various]1 00135Added by the Backdoor.Acropolis backdoor.  The name of the backdoor is Acropolis 1.0. It listens on ports 32791, 45673 for connections.62http://www.sarc.com/avcenter/venc/data/backdoor.acropolis.html0
1 7REGMSYS0 18[variousnames.exe]1 00138Added by the Troj/LowZone-AX Trojan. Some common filenames for this infection are active.exe, mqzx.exe, klanp.exe, urba.exe, and sope.exe.59http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html0
110LiveUpdate0 24[Windows username]05.exe2 00 28Added by the LINEAGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html0
1 9AlevirOld0 15[worm filename]2 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 9BrasilOld0 15[worm filename]2 00 28Added by the OPASERV.P WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P0
1 6G001230 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
126Microsoft Security Panager0 15[worm filename]2 00132Added by the W32/Rbot-ANL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanl.html0
1 9RavTimeXP0 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 8RavTimXP0 15[worm filename]2 00  076http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 4rdvs0 15[worm filename]2 00 27Added by the  ULTIMAX WORM!90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&amp;VSect=T0
1 9ScrSvrOld0 15[worm filename]2 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
111Services0040 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 9SpeedBoss0 15[worm filename]2 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 9Supernova0 15[worm filename]2 00 38Added by the SURNOVA (or SUPOVA) WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
1 7Win2Drv0 15[worm filename]2 00 25Added by the WINTOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html0
1 8Srv32Old0 19[worm filename].PIF2 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
122Microsoft Windows DHCP0  8___r.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
133Microsoft Synchronization Manager0 13___synmgr.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
330Microsoft Broadband Networking0 13_18be6784.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
317AutpPilot Control0 11_294823.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
314active Printer0 13_644366bb.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
111_accwiz.exe0 11_accwiz.exe1 00 52Added by the Troj/Certif-N password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifn.html0
4 5AVPCC0 10_avpcc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5Swf320 11_backup.exe1 00 25Added by the SYMTEN WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html0
115[Various Names]0  9_ctcp.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
123Bron-Spizaetus-5118REPM0 17_default32142.pif1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
110[not used]0 12_huytam_.exe1 00 52Added by the Ssearch.biz and a-search.biz hijackers. 01
110[not used]0 11_Kerne1.exe1 00 82Added by the Troj/Lineage-AN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagean.html0
113MEAOI Service0 10_meaoi.exe1 00227Added by the W32/Tilebot-AM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This infection also creates a Rootkit file in order to hide itself called %System%meaoi.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotam.html0
110_ntrdlhost0 14_ntrdlhost.exe1 00 53A downloader TROJAN, Troj/Dloader-JV, adds this file.59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
117_ntrrescueservice0 10_ntrrs.exe1 00 37Added by the  TROJ/DLOADER-JV TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
138(randomly chosen existing folder name)0 10_setup.exe1 00 27Added by the  W32/Antinny-L57http://www.sophos.com/virusinfo/analyses/w32antinnyl.html0
1 7sqlsrvd0 12_sqlexec.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
121MS SQL Server Moniter0 12_sqlsrvd.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
111_System_Run0 13_svchost_.exe1 00 81Added by the Troj/Lineage-Z password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagez.html0
1 9_tdiserv_0 12_tdicli_.exe1 00 33Added by the  W32.TDISERV.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tdiserv.a.html0
1 8windll320 10_WIN32.EXE1 00 31Added by the  LEGMIR.AQ TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T0
1 9_x-Finder0 13_x-Finder.exe1 00 61Disconnects and redials an ISP modem to an adult content site 01
1 8^`d}qZxu0 12~`d}qzxu3zYF1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
1 9(default)0  6~~.exe1 00 47Added by the Troj/DownLdr-QR Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdownldrqr.html0
1 8Regcheck0 11~CAB001.EXE1 00 48Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A0
3 7ZeroAds0  101 00107ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually36http://zeroads.com/flash/default.asp0
1 9Zonavirus0  101 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 6begins0  50.exe1 00 61Added by the W32/Mytob-HE mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhe.html0
1 5solid0  50.exe1 00 49Added by the WORM_MYTOB.PP worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPP&VSect=T0
411AVGUARD.EXE0 1200000069.EXE125StartUp menu\Current user0111Windows XP/2000/XP Guard Service 6.29.00.03, H+BEDV Datentechnik GmbH. Antivirus Service for Windows XP/2000/NT39http://www.absolutestartup.com/startup/1
3 8000StTHK0 12000StTHK.exe1 00160Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) 01
3 8000StTHK0 12000StTHK.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1170050726-007-i32-10 210050726-007-i32-1.exe1 00 29Added by the  Troj/Bancban-EC59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
3 900THotkey0 1300THotKey.exe1 00 87For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. 01
3 900THotkey0 1300THotkey.exe111HKEY_LM\Run0 50TOSHIBA THotkey 6, 0, 2, 0, TOSHIBA Corp.. THotkey39http://www.absolutestartup.com/startup/1
115vbs_auto_update0 120548656X.vbs1 00 28Added by the   VBS/Gormlez-A57http://www.sophos.com/virusinfo/analyses/vbsgormleza.html0
1 80mcamcap0 120mcamcap.exe1 00 40Added by the Troj/Cosiam-H proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamh.html0
114OpenGL Drivers0 110penGLD.exe1 00 47Added by the W32/Yimp-A Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpa.html0
112Yahoo! Pager0  11111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 1@0  21%1 00 12Added by the21W32/Protorid-AD WORM!0
110Rundll32_80  51.dll1 00 38Added by the Adware.BrowserAid adware.61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 51.bat0  51.exe1 00 36Added by the Troj/Banload-LK Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloadlk.html0
1 51.exe0  51.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
1 8SysStart0  51.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 9WinUpdate0 10100089.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  910010.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9ASDPLUGIN0 12100171be.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 9ASDPLUGIN0 12100176br.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 6load320  91111a.exe1 00 28Added by the DUMARU.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html0
1151111swapmgr.exe0 151111swapmgr.exe1 00 43Added by the Troj/Bdoor-IC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdooric.html0
2 5Watch0 151200UBWATCH.EXE1 00  2?? 01
32112Ghosts Popup-Killer0 1112popup.exe1 00 2112Ghosts Popup-Killer36http://12ghosts.com/ghosts/popup.htm0
120windowsregkey update0 1716winupdate32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113180adsolution0 17180adsolution.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 5180ax0  9180ax.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 8spyclean0 181ClickSpyClean.exe1 00126The application "1 Click Spy Clean" is using a database that was stolen from  SpybotS&D A Rogue anti-spyware program see  note171 Click Spy Clean0
122ni.uwfx5_0001_n57m21120  81D7C.tmp1 00 25This is WinFixer Malware. 01
112HELLBOT TEST0 121hellbot.exe1 00 38Added by the W32/Mytob-BC worm/trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobbc.html0
1 41on10  81on1.exe1 00 21Adult content dialler 01
3 91st Clock0 181stClock.exe -tray225StartUp menu\Current user01111st Clock 3.0, Green Parrots Software. 1st Clock - add date, alarms, atomic time and more to your taskbar clock39http://www.absolutestartup.com/startup/1
1101t34rd.exe0 131t34rd.exe /k215HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
217One Touch Monitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 101tou~2.exe1 00  0 01
215OneTouchMonitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 52.exe0  52.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
11820050726-007-i32-10 2220050726-007-i32-1.exe1 00 57Added by the Troj/Bancban-EC information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
1102006Server0  82006.exe1 00 44Added by the Troj/Feutel-DA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelda.html0
1 3DI20  627.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 82kadiras0 122kadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
3 92wSysTray0 142portalmon.exe1 00 92a target="_blank" href="http://www.2wire.com/home/index.html"2Wire Homeportal user interface 01
0 8gramdate0  92Stop.exe1 00  2?? 01
3 92Tray.exe0  92tray.exe111HKEY_CU\Run0 79ImageConverter Plus 6, 3, 6, 0, fCoder Group International. ImageConverter Plus39http://www.absolutestartup.com/startup/1
115[Various Names]0 10321102.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124windows runtime proccess0 1232RUNdll.exe1 00 28Added by the  SDBOT.QW WORM!83http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW0
1 5winXP0  633.exe1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
115[Various Names]0  934763.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 437210  83721.bat111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Win32 USB2.0 Driver0  7386.exe1 00 27Added by the IRCBOT.D WORM!55http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html0
4 83capplnk0 123capplnk.exe1 00 24US Robotics Modem driver 01
2 83cdminic0 123CDMINIC.EXE1 001033Com DMI (DynamicAccess uD/uesktop uM/uanagement uI/unterface) Agent associated with 3Com network cards 01
2123ComDMIAgent0 123CDMINIC.EXE1 00  0 01
0 83CM Link0 113cmcnkw.exe1 00  2?? 01
4 83c1807pd0 273cmlink.exe 3cpipe-3c1807pd2 00 603Com WinModem driver. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 73Cmlink0 123CmlinkW.exe1 00164For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
1 73D Text0 113D Text.scr2 00 27Added by the  JERMY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html0
3193D!Turbo Experience0 123D!Turbo.exe122StartUp menu\All users0 53MSI3D Application 1, 0, 0, 1, . MSI3D MFC Application39http://www.absolutestartup.com/startup/1
1 83d_sound0 123d_sound.exe1 00115Added by the Troj/Riados-A Trojan that attempts a distributed denial of service (DDoS) attack against www.riaa.com.57http://www.sophos.com/virusinfo/analyses/trojriadosa.html0
3193Deep Control Panel0 123DeepCTL.EXE1 00115From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games34http://www.colorific.com/index.htm0
4103dfx Tools0 113dfxCmn.dll1 00132Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards 01
2173dfx Task Manager0 113dfxMan.exe1 00 87System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start - Programs 01
4123dfxv2ps.dll0 123dfxv2ps.dll1 00116Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards 01
3173DLabsHelperDemon0 123dldemon.exe1 00365Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled 01
3173DLabsHelperDemon0 213dldemon.exe nowakeup2 00  0 01
0303Dlabs Taskbar Display Manager0 103DLman.exe1 00 723DLabs graphics driver related.  System Tray access to display settings? 01
4 93ware 3DM0  73dm.exe1 00 63Monitors status of the disk array on 3ware IDE RAID controllers 01
4113DMouse.EXE0 113DMouse.EXE1 00 33Dritek System Inc. 3D Mouse drive 01
315Primax 3D Mouse0 123dmoused.exe1 00 56Enables the scroll button on the Primax 3-D Scroll mouse 01
3113DNADesktop0 173dnasys.exe -open211HKEY_LM\Run0 613DNA Desktop Controller 1, 0, 0, 1, . 3DNA Desktop Controller39http://www.absolutestartup.com/startup/1
3103qdctl.exe0 103qdctl.exe1 00194Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ 01
3 3pmc0  849XL.exe111HKEY_CU\Run0 34PMClient 3.01.0001, The Edge Tech.39http://www.absolutestartup.com/startup/1
2114cOqtqs.exe0 114cOqtqs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310WheelMouse0 104DMAIN.EXE1 00154Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide 01
1 9Messenger0  7514.exe1 00 37Added by the Trojan.Esteems.D Trojan.94http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.d.html#technicaldetails0
1105-2-46-1120 145-2-46-112.exe1 00 55Adult content pop-up dialler. Removal instructions here292http://groups.google.com/gro0
1 5putil0  85845.exe1 00 84Added by the Backdoor.Zinx backdoor. This backdoor listens on ports 14728 and 24759.77http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.zinx.html0
119Windows USB Service0  7666.exe1 00 12Added by the38W32/Mytob-AW WORM/IRC backdoor trojan!0
1 3pmc0  7764.exe1 00 21Adult content dialler 01
1 57VGAV0  97VGAV.exe1 00 81Part of the Adware.Winpup infection.  File is found in the Windows system folder. 01
115[various names]0  880d0.exe1 00115MediaMotor/Popuppers adware variant. Names spotted include 80d0, SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
11480xFire daemon0 1180xFire.exe1 00111Added by the W32/Tilebot-BK worm and IRC backdoor.  This also infects your computer with the rootkit rdriv.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotbk.html0
1 881pl96k80 1281pl96k8.exe111HKEY_LM\Run0 134, 0, 2, 3, .39http://www.absolutestartup.com/startup/1
1 7TempCom0  98746D.com1 00 43Added by the W32/Traxg-H mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32traxgh.html0
1 8887sfNY40 12887sfNY4.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 17896588AppInit.DLL1 00 94Added by the Troj/LegMir-BI Trojan.  This infection also creates the  %WinDir%896588.dll file.58http://www.sophos.com/virusinfo/analyses/trojlegmirbi.html0
413Initialize8x80 128x8_init.exe1 00 83Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay 01
1 8KAZAACuf0  191 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
2 7Apwheel0  89019.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
4 89xadiras0 129xadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
216DXM6Patch_9811160  1A1 00108Microsoft(R) Windows NT(R) Operating System 4.71.1015.0, Microsoft Corporation. Win32 Cabinet Self-Extractor 01
1 1a0  5a.exe1 00110Commercials file that registers itself in the system registry and redirects IE to a certain commercial website 01
1 7shellos0  8A+++.exe1 00 42Added by the WIN32.VB.AV keylogger TROJAN! 01
1 3a1g0  7a1g.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
1 5load=0  7a1g.exe1 00 25Added by the ATAK.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html0
3 7a&sup2;0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 9a-squared0 11a2guard.exe1 00  0 01
3 9a-squared0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 2a˛0 11a2guard.exe1 00  027http://www.emsisoft.com/en/0
3 7ADSL_A20 11A2Installed1 00 78Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. 01
433Aureal A3D Interactive Audio Init0 11A3dInit.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
3 7A4Proxy0 11A4Proxy.exe1 00 87Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites47http://www.findincontext.com/a4proxy/review.htm0
3 9WindowsFZ0 11A5281300.so111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9windowsfz0 11A5281300.so1 00 49Variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
111popuppers650 11a64sddd.exe1 00 24Popuppers adware variant77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
111popuppers650  8a65d.exe1 00162Popuppers delivers popup ads to your computer. The file is found in the Windows folder. It also adds media-motor.net and popuppers.com to your trusted sites list. 01
114windows update0  7aaa.exe1 00 91Added by the Troj/Singu-Y Trojan.  This infection also creates the file c:\windows\aaa.cfg.56http://www.sophos.com/virusinfo/analyses/trojsinguy.html0
2 8AAACLEAN0 12AAACLEAN.INF1 00  2?? 01
1 4Heps0  8aaea.exe1 00 67Unknown malware. Located in %userprofile%\Application Data\aaea.exe 01
3 3AAK0  7aak.exe1 00140Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"30http://www.anti-keylogger.net/0
1 8AANYVKCF0 12aanyvkcf.exe1 00105Added by the Adware.Safesearch.B  Adware. This infection redirects certain pages to ones that it desires.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.b.html0
133Microsoft Synchronization Manager0  9aapie.exe1 00134Added by the W32/Sdbot-OZ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoz.html0
1 4Noha0  8aasd.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Microsoft Update0 10aaupdt.exe1 00 26Added by the RBOT-RQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrq.html0
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe1 00 29ABBYY FineReader OCR software45http://www.abbyy.com/finereader7/?param=286030
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe111HKEY_LM\Run0 65FineReader 7.0.0.620, ABBYY (BIT Software). ABBYY Community Agent39http://www.absolutestartup.com/startup/1
1 4FILE0 11abcdefg.exe1 00 46Added by the W32.Kelvir.DD MSN messenger worm.74http://www.sarc.com/avcenter/venc/data/w32.kelvir.dd.html#technicaldetails0
1 6System0 11abcdefg.exe1 00 31Added by the W32/Harwig-B worm.56http://www.sophos.com/virusinfo/analyses/w32harwigb.html0
1 8BT0000350 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000360 13abcdefg23.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000370 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8abcdefgh0 12abcdefgh.exe1 00 68Malware - detected by  Panda antivirus as the DOWNLOADER.EPJ TROJAN!51http://www.pandasoftware.com/products/titanium2005/0
115[Various Names]0 10ABCXYZ.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 6abiteq0 10abiteq.exe1 00 96Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. 01
115Service Drivers0  7abl.exe1 00133Added by the W32/Sdbot-YX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html0
216Album Fast Start0 10ABMTSR.EXE1 00 50Scanner software, not required for scanner to work 01
1 4ABox0  8ABox.exe1 00 74Added by the Troj/Abox-A Trojan!  The file is found in the Windows folder. 01
112Abrada win320 14abradaload.dll1 00 52Added by the Troj/Dermon-G password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojdermong.html0
3 8ABREGMON0 12ABregmon.exe111HKEY_LM\Run0 54Registry Monitor 1, 0, 0, 1, ArcaBit. Registry Monitor39http://www.absolutestartup.com/startup/1
115[Various Names]0  9abrek.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
118active bit station0  7abs.exe1 00 32Added by the  W32.MYTOB.BZ WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.bz@mm.html0
318PCBackup Scheduler0 15ABScheduler.exe111HKEY_LM\Run0 83Alohabob Job Scheduling Agent 6, 0, 0, 0, Eisenworld. Alohabob Job Scheduling Agent39http://www.absolutestartup.com/startup/1
1 4ABsr0  8absr.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
2 3abu0  7abu.exe111HKEY_LM\Run0 33abu Application 1, 0, 0, 1, . abu39http://www.absolutestartup.com/startup/1
314AbyssWebServer0 11abyssws.exe1 00 16Abyss web server29http://abyss.sourceforge.net/0
3 6CCWC7a0  6ac.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
1 4Osus0  8acao.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
216acbtnmgr_x63.exe0 16AcBtnMgr_X63.exe122StartUp menu\All users0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
326Lexmark X73 Button Manager0 16AcBtnMgr_X73.exe111HKEY_LM\Run0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
412AcBtnMgr_Xxx0 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Manager0 16AcBtnMgr_Xxx.exe1 00  0 01
3 3acc0  7acc.exe1 00102Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"53http://www.voicecallcentral.com/#advanced_call_center0
0 5AOLCC0 11ACCAgnt.exe1 00 74AOL ISP software related, file located in a "AOL Computer Check-Up" folder 01
310Accelerate0 14accelerate.exe1 00170Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection55http://www.webroot.com/wb/products/accelerate/index.php0
310Accelerate0 17accelerate.exe /S2 00 304.0.1, Webroot Software, Inc.. 01
313accessmanager0 13AccessMgr.exe1 00230Part of SmartPipes  SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"40http://www.smartpipes.com/SecureSite.htm0
120Windows Task Manager0 23ACCOUNT_DETAILS.DOC.exe1 00 28Added by the QUATERS.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html0
3 7AcctMgr0 11AcctMgr.exe1 00246Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC44http://www.symantec.com/sabu/sysworks/basic/0
3 7AcctMgr0 20AcctMgr.exe /startup211HKEY_LM\Run0 85Norton Password Manager 2004.1.406, Symantec Corporation. Password Manager Controller39http://www.absolutestartup.com/startup/1
111accwizz.exe0 11accwizz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
111MeuPrograma0 11accwizz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 8accwizzz0 12accwizzz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
112accwizzz.exe0 12accwizzz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 9system xp0 15acdsee demo.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
0 8Ace bows0 12Ace bows.exe2 00  2?? 01
3 8acergoto0 12AcerGoto.exe1 00179Acer Computer "Goto Drive"  Cold Swap Driver -  a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. 01
417AspireTimeMachine0 11acertmb.exe1 00189System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry 01
1 5necix0 13aceyukujy.exe1 00 89Added by W32/Sdbot-UE, a WORM/IRC backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotue.html0
3 8aclntusr0 12AClntUsr.exe1 00 42Altiris  AClient Service Windows Tray Icon42http://www.cdg-group.com/go.exe?prodid=2990
312AmazingClock0 10AClock.exe111HKEY_CU\Run0 65Amazing clock 1.2.beta, Kukushkin A. S.. Amazing clock executable39http://www.absolutestartup.com/startup/1
110AclService0 10AclService1 00 84C:\Windows\System32\aclservice.exe, and C:\Windows\Downloaded Program Files\acl.inf. 01
326Lexmark X73 Button Monitor0 17ACMonitor_X73.exe111HKEY_LM\Run0 46ACMonitor 1, 0, 0, 0, Silitek Corp.. ACMonitor39http://www.absolutestartup.com/startup/1
413ACMonitor_Xxx0 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Monitor0 17ACMonitor_Xxx.exe1 00123Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
310ACMService0 14ACMService.exe1 00109Added by the Spyware.ACM surveillance software.  Uninstall this software if it was not installed by yourself.72http://securityresponse.symantec.com/avcenter/venc/data/spyware.acm.html0
0 9aauclient0 14ACNUpdater.exe1 00 53Appears to be related to software from  Accenture.com56http://www.accenture.com/xd/xd.asp?it=enweb&xd=index.xml0
313Acombo3dmouse0 12Acombo3d.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
1 6Aconti0 10aconti.exe1 00 21Adult content dialler 01
3 8acoustic0 12acoustic.exe1 00112Control panel program for Philips  Acoustic Edge soundcard. Not required unless changed settings aren't retained198http://www.consume0
31042 AC Plug0 20acplug.exe -tray -on225StartUp menu\Current user0 752, 0, 4, 29,  iOpus Software GmbH. 42 Always Connected Plug (AC-Plug)  V2.039http://www.absolutestartup.com/startup/1
114Adobe Reader320 12Acrord32.exe1 00 48Added by the W32/Rbot-BLC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotblc.html0
221Acrobat Assistant 7.00 12Acrotray.exe111HKEY_LM\Run0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2004121400, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
219Assistant d'Acrobat0 12acrotray.exe122StartUp menu\All users0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2003102300, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
317Acrobat Assistant0 12ACROTRAY.EXE1 00190Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation 01
135adobe acrobat distiller application0 12acrotray.exe1 00 34Added by the  W32.RANDEX.DFJ WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.dfj.html0
329Atheros Configuration Service0  7acs.exe1 00 64Possibly part of the Atheros 802.11b/g WiFi connectivity driver. 01
413AolAcsDaemon10  8Acsd.exe1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
118AlfaCleanerService0 12ACServer.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
327autocad startup accelerator0 13acstart16.exe1 00 91Preloads some libraries that are used by  AutoCAD in order to make the software load faster67http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=51272130
327AutoCAD Startup Accelerator0 13acstart16.exe122StartUp menu\All users0 61AutoCAD 16.1.63.0, Autodesk, Inc. AutoCAD Startup Accelerator39http://www.absolutestartup.com/startup/1
1 5acsuc0  9acsuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119DyFuCA Active Alert0 12actalert.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
127microsoft boot system cfg320 12actboost.exe1 00 32Added by the  W32.Bropia.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html0
125Windows boot system cfg320 12actboost.exe1 00 38Added by W32/Forbot-G, a network WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotgl.html0
3 8activity0  9actik.exe1 00 90ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!67http://www.symantec.com/avcenter/venc/data/spyware.activitykey.html0
311ActionAgent0 15actionagent.exe1 00202A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client. 01
115[Various Names]0 13ActionScr.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
120kernel system daemon0 13ACTIVAT0R.exe1 00 28Added by the RANDEX.AW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html0
210Activation0 14Activation.exe1 00 23Part of Microsoft Money 01
216MoneyStartUp10.00 14Activation.exe1 00 53Part of MS Money 2002. Available via Start - Programs 01
312online cdrom0 15Active acid.exe2 00  2?? 01
1 7ATITech0 10Active.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
122MS Decryption Software0 10active.exe1 00 27MediaTickets adware variant51http://www.spywareguide.com/product_show.php?id=8130
1 8ACTIVEDS0 12ACTIVEDS.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
210ActiveEyes0 14ActiveEyes.exe1 00 30ActiveEyes from TFI Technology53http://www.tfi-technology.com/products.htm#ActiveEyes0
310ActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
317HPGamesActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
323hplaptopgamesactivemenu0 14ActiveMenu.exe1 00260Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case 01
310ActivePlus0 14activeplus.exe1 00 68Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)35http://hot.activebuddy.com/catalog/0
313Active shield0 16Activeshield.exe1 00177Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"34http://www.securitystronghold.com/0
1 6Roam040 11ActiveX.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
3 8ActMaker0 12ActMak25.exe1 00196ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer34http://www.789987.com/products.htm0
311ACTNSTA.EXE0 11ACTNSTA.EXE1 00 68Believed to be a system tray utility for an Accton ethernet adapter.40http://www.accton.com/homepage/index.htm0
3 3ACU0  7acu.exe1 00 66ACU 2.4.0.71, Atheros Communications, Inc.. Atheros Client Utility 01
3